Merge pull request #198 from vania-pooh/master

Removing credentials from /quota data (fixes #193)
aerokube · May 9, 2018 · 1e94fba · 1e94fba
2 parents 32ddcee + ac826b3
commit 1e94fba
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 4 deletions.
diff --git a/proxy.go b/proxy.go
@@ -440,7 +440,20 @@ func quotaInfo(w http.ResponseWriter, r *http.Request) {
 	log.Printf("[%d] [-] [QUOTA_INFO_REQUESTED] [%s] [%s] [-] [-] [-] [-] [-]\n", id, user, remote)
 	browsers := quota[user]
 	w.Header().Set("Content-Type", "application/json")
-	// NOTE: intentionally not removing username \ password fields from returned XML to not complicate things (can be done later if needed)
+	for i := 0; i < len(browsers.Browsers); i++ {
+		browser := &browsers.Browsers[i]
+		for j := 0; j < len(browser.Versions); j++ {
+			version := &browser.Versions[j]
+			for k := 0; k < len(version.Regions); k++ {
+				region := &version.Regions[k]
+				for l := 0; l < len(region.Hosts); l++ {
+					host := &region.Hosts[l]
+					host.Username = ""
+					host.Password = ""
+				}
+			}
+		}
+	}
 	json.NewEncoder(w).Encode(browsers.Browsers)
 }
 

diff --git a/proxy_test.go b/proxy_test.go
@@ -172,7 +172,6 @@ func TestGetQuotaInfoUnauthorized(t *testing.T) {
 func TestGetQuotaInfo(t *testing.T) {
 	test.Lock()
 	defer test.Unlock()
-
 	browsers := Browsers{Browsers: []Browser{
 		{Name: "browser", DefaultVersion: "1.0", Versions: []Version{
 			{Number: "1.0", Regions: []Region{
@@ -190,7 +189,16 @@ func TestGetQuotaInfo(t *testing.T) {
 	var fetchedBrowsers []Browser
 	err = json.NewDecoder(rsp.Body).Decode(&fetchedBrowsers)
 	AssertThat(t, err, Is{nil})
-	AssertThat(t, fetchedBrowsers, EqualTo{browsers.Browsers})
+
+	browsersWithoutCredentials := []Browser{
+		{Name: "browser", DefaultVersion: "1.0", Versions: []Version{
+			{Number: "1.0", Regions: []Region{
+				{Hosts: Hosts{
+					Host{Name: "example.com", Port: 4444, Count: 1, Username: "", Password: ""},
+				}},
+			}},
+		}}}
+	AssertThat(t, fetchedBrowsers, EqualTo{browsersWithoutCredentials})
 }
 
 func TestProxyScreenVNCProtocol(t *testing.T) {
@@ -1453,4 +1461,4 @@ func TestFileExists(t *testing.T) {
 	f, err := ioutil.TempFile(tmpDir, "testfile")
 	AssertThat(t, err, Is{nil})
 	AssertThat(t, fileExists(f.Name()), Is{true})
-}
+}