Review

chutney-testing · Apr 2, 2024 · 4a5087f · 4a5087f
1 parent 9535b88
commit 4a5087f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 55 deletions.
diff --git a/chutney/server/src/main/java/com/chutneytesting/security/AuditHandler.java b/chutney/server/src/main/java/com/chutneytesting/security/AuditHandler.java
@@ -19,16 +19,12 @@
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Map;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;
-import org.springframework.web.servlet.HandlerMapping;
 
 @Component
 public class AuditHandler implements HandlerInterceptor {
@@ -39,45 +35,9 @@ public boolean preHandle(HttpServletRequest request, HttpServletResponse respons
         if (!"GET".equals(request.getMethod())) {
             Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
             if (authentication != null) {
-                logger.info("[" + authentication.getName() + "] [" + request.getMethod() + "] [" + request.getRequestURI() + "] " + listParameters(request) + listPathVariable(request));
+                logger.info("[{}] [{}] [{}]", authentication.getName(), request.getMethod(), request.getRequestURI());
             }
         }
-
         return HandlerInterceptor.super.preHandle(request, response, handler);
     }
-
-    private String listParameters(HttpServletRequest request) {
-        Enumeration<String> parameterNames = request.getParameterNames();
-        Map<String, String> parameterMap = new HashMap<>();
-        while (parameterNames.hasMoreElements()) {
-            String parameterName = parameterNames.nextElement();
-            parameterMap.put(parameterName, request.getParameter(parameterName));
-        }
-        return joinEntries(parameterMap);
-    }
-
-
-    private String listPathVariable(HttpServletRequest request) {
-        @SuppressWarnings("unchecked")
-        Map<String, String> pathVariables = (Map<String, String>) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
-        return joinEntries(pathVariables);
-    }
-
-
-    private String joinEntries(Map<String, String> entries) {
-        StringBuilder sb = new StringBuilder();
-        if (entries != null) {
-            for (Map.Entry<String, String> entry : entries.entrySet()) {
-                String value = cleanPassword(entry);
-                sb.append("[").append(entry.getKey()).append(" = ").append(value).append("] ");
-            }
-        }
-        return sb.toString();
-    }
-
-    private String cleanPassword(Map.Entry<String, String> entry) {
-        return entry.getKey().toLowerCase()
-            .matches("(.*(password|pass|pwd).*)") ? "***" : entry.getValue();
-    }
-
 }
diff --git a/chutney/server/src/test/java/com/chutneytesting/security/AuditHandlerTest.java b/chutney/server/src/test/java/com/chutneytesting/security/AuditHandlerTest.java
@@ -25,22 +25,19 @@
 import ch.qos.logback.classic.Level;
 import ch.qos.logback.classic.Logger;
 import ch.qos.logback.classic.LoggerContext;
-import java.util.Map;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mockito;
 import org.slf4j.LoggerFactory;
-import org.slf4j.MDC;
 import org.springframework.boot.test.system.CapturedOutput;
 import org.springframework.boot.test.system.OutputCaptureExtension;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.servlet.HandlerMapping;
 
 @ExtendWith(OutputCaptureExtension.class)
 public class AuditHandlerTest {
@@ -65,12 +62,8 @@ public void setUp() {
     }
 
     @Test
-    public void should_log_post_with_parameters_and_attributes(CapturedOutput output) throws Exception {
-        MockHttpServletRequest request = new MockHttpServletRequest("POST", "/test/endpoint");
-        request.setParameter("param1", "value1");
-        request.setParameter("passwordKey", "value2");
-        request.setAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE,
-            Map.of("attribute3", "value3", "keyPwd", "value4"));
+    public void should_log_post(CapturedOutput output) throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest("POST", "/test/endpoint/42/entity");
 
         MockHttpServletResponse response = new MockHttpServletResponse();
         AuditHandler handler = new AuditHandler();
@@ -80,11 +73,7 @@ public void should_log_post_with_parameters_and_attributes(CapturedOutput output
         boolean preHandled = handler.preHandle(request, response, null);
 
         assertTrue(preHandled);
-        assertThat(output.getAll()).contains("[user authentified] [POST] [/test/endpoint]");
-        assertThat(output.getAll()).contains("[param1 = value1]");
-        assertThat(output.getAll()).contains("[passwordKey = ***]");
-        assertThat(output.getAll()).contains("[attribute3 = value3]");
-        assertThat(output.getAll()).contains("[keyPwd = ***]");
+        assertThat(output.getAll()).contains("[user authentified] [POST] [/test/endpoint/42/entity]");
     }
 
     @Test