[4.2.x] Correct missing password hash removal

Auth has removal was broken in a number of cases for all 4.2 versions:
- All queries that returned the object text for a mntner when
  all hash names (MD5-PW etc.) in the text were lower or mixed case
- Queries for the auth attribute in GraphQL queries
- Queries for the objectText for journal entries in GraphQL queries

Further details in 4.2.3 release notes.

Note that this commit only has the fix and tests or coverage may
fail without the subsequent update to the tests.

(cherry picked from commit 4073564c874dcc40c85828386635a10539e4b883)

irrd/server/graphql/resolvers.py

@@ -187,6 +187,8 @@ def resolve_rpsl_object_journal(rpsl_object, info: GraphQLResolveInfo):
  response['operation'] = response['operation'].name
  if response['origin']:
  response['origin'] = response['origin'].name
+ if response['objectText']:
+ response['objectText'] = remove_auth_hashes(response['objectText'])
  yield response
 
 
@@ -221,7 +223,7 @@ def _rpsl_db_query_to_graphql_out(query: RPSLDatabaseQuery, info: GraphQLResolve
  object_type = resolve_rpsl_object_type(row)
  for key, value in row.get('parsed_data', dict()).items():
  if key == 'auth':
- value = remove_auth_hashes(value)
+ value = [remove_auth_hashes(v) for v in value]
  graphql_type = schema.graphql_types[object_type][key]
  if graphql_type == 'String' and isinstance(value, list):
  value = '\n'.join(value)

irrd/utils/text.py

@@ -12,7 +12,8 @@ def remove_auth_hashes(input: Optional[str]):
  if not input:
  return input
  # If there are no hashes, skip the RE for performance.
- if not any([pw_hash in input for pw_hash in PASSWORD_HASHERS.keys()]):
+ input_lower = input.lower()
+ if not any([pw_hash.lower() in input_lower for pw_hash in PASSWORD_HASHERS.keys()]):
  return input
  return re_remove_passwords.sub(r'\1 %s # Filtered for security' % PASSWORD_HASH_DUMMY_VALUE, input)