Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Don't allow redactions to occur in production #17

Merged
merged 3 commits into from
May 6, 2022
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions lib/redaction.rb
Original file line number Diff line number Diff line change
@@ -16,6 +16,14 @@ module Types
autoload :Redactable, "redaction/redactable"
autoload :Redactor, "redaction/redactor"

class ProductionEnvironmentError < StandardError
DEFAULT_MESSAGE = "Data cannot be redacted in production!"

def initialize(message = DEFAULT_MESSAGE)
super
end
end

def self.find(redactor_type)
if redactor_type.respond_to?(:call)
redactor_type
2 changes: 2 additions & 0 deletions lib/redaction/redactable.rb
Original file line number Diff line number Diff line change
@@ -10,6 +10,8 @@ module Redactable
end

def redact!
raise ProductionEnvironmentError if Rails.env.production?

@_redacting = true
redacted_attributes.each_pair do |redactor_type, attributes|
redactor = Redaction.find(redactor_type)
2 changes: 2 additions & 0 deletions lib/redaction/redactor.rb
Original file line number Diff line number Diff line change
@@ -9,6 +9,8 @@ def initialize(models: nil)
end

def redact!
raise ProductionEnvironmentError if Rails.env.production?

models_to_redact.each do |model|
next if model.redacted_attributes.empty?

43 changes: 43 additions & 0 deletions test/redaction_test.rb
Original file line number Diff line number Diff line change
@@ -202,4 +202,47 @@ class RedactionTest < ActiveSupport::TestCase
assert_not_equal "(111) 111-1111", account.phone_number
assert_match(/\d?.?\(?\d{3}\)?\s?.?\d{3}.?\d{4}/, account.phone_number)
end

test "it raises an error if redaction is attempted in production" do
Rails.stub(:env, "production".inquiry) do
assert_raises(Redaction::ProductionEnvironmentError) do
Redaction.redact!
end
end
end

test "it raises an error if redaction is attempted on a model in production" do
post = posts(:one)

Rails.stub(:env, "production".inquiry) do
assert_raises(Redaction::ProductionEnvironmentError) do
post.redact!
end

assert_equal post.body, post.reload.body
end
end

test "it aborts the rake task if it is attempted in production" do
Rails.application.load_tasks

Rails.stub(:env, "production".inquiry) do
assert_raises(SystemExit) do
Rake::Task["redaction:redact"].execute
end
end
end

test "it doesn't redact data if in production" do
Rails.stub(:env, "production".inquiry) do
post = posts(:one)

begin
Redaction.redact!
rescue Redaction::ProductionEnvironmentError
end

assert_equal post.body, post.reload.body
end
end
end
1 change: 1 addition & 0 deletions test/test_helper.rb
Original file line number Diff line number Diff line change
@@ -4,6 +4,7 @@
require_relative "../test/dummy/config/environment"
ActiveRecord::Migrator.migrations_paths = [File.expand_path("../test/dummy/db/migrate", __dir__)]
require "rails/test_help"
require "minitest/mock"

# Load fixtures from the engine
if ActiveSupport::TestCase.respond_to?(:fixture_path=)