From b58341a68b3c9786c9627d3315542b09dc125c7d Mon Sep 17 00:00:00 2001 From: moritzraho Date: Mon, 9 Feb 2026 14:41:48 +0100 Subject: [PATCH] fix: hide new include-ims-annotation secrets --- lib/common-templates/utils.js | 8 +++++++- lib/common-templates/utils.test.js | 7 +++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/common-templates/utils.js b/lib/common-templates/utils.js index a5c8829..bc8fd34 100644 --- a/lib/common-templates/utils.js +++ b/lib/common-templates/utils.js @@ -24,12 +24,18 @@ governing permissions and limitations under the License. * */ function stringParameters (params) { + // hide credentials from the include-ims-credentials annotation + let imsCredentials = params.__ims_oauth_s2s || {} + if (imsCredentials.client_secret) { + imsCredentials = { ...imsCredentials, client_secret: '' } + } // hide authorization token without overriding params let headers = params.__ow_headers || {} if (headers.authorization) { headers = { ...headers, authorization: '' } } - return JSON.stringify({ ...params, __ow_headers: headers }) + + return JSON.stringify({ ...params, __ow_headers: headers, __ims_oauth_s2s: imsCredentials }) } /** diff --git a/lib/common-templates/utils.test.js b/lib/common-templates/utils.test.js index 23da5a9..c89fd55 100644 --- a/lib/common-templates/utils.test.js +++ b/lib/common-templates/utils.test.js @@ -60,6 +60,13 @@ describe('stringParameters', () => { expect(utils.stringParameters(params)).toEqual(expect.stringContaining('"authorization":""')) expect(utils.stringParameters(params)).not.toEqual(expect.stringContaining('secret')) }) + test('with ims credentials', () => { + const params = { + a: 1, b: 2, __ims_oauth_s2s: { client_id: 'fake-client-id', client_secret: 'secret', org_id: 'fake@AdobeOrg' } + } + expect(utils.stringParameters(params)).toEqual(expect.stringContaining('"client_secret":""')) + expect(utils.stringParameters(params)).not.toEqual(expect.stringContaining('secret')) + }) }) describe('checkMissingRequestInputs', () => {