Remove access_token from item payload (#966)

* sw - remove access_token from item payload * sw - update api stubs to validate with header access token instead of payload * sw - file should no longer include access_token
rollbar · Jun 9, 2020 · 41a2008 · 41a2008
1 parent fde3c08
commit 41a2008
Show file tree

Hide file tree

Showing 6 changed files with 11 additions and 12 deletions.
diff --git a/lib/rollbar/item.rb b/lib/rollbar/item.rb
@@ -65,7 +65,6 @@ def payload
  def build
  data = build_data
  self.payload = {
- 'access_token' => configuration.access_token,
  'data' => data
  }
 

diff --git a/lib/rollbar/notifier.rb b/lib/rollbar/notifier.rb
@@ -290,7 +290,6 @@ def send_failsafe(message, exception, uuid = nil, host = nil)
  }
 
  failsafe_payload = {
- 'access_token' => configuration.access_token,
  'data' => failsafe_data
  }
 

diff --git a/spec/rollbar/item_spec.rb b/spec/rollbar/item_spec.rb
@@ -53,7 +53,7 @@
  end
 
  it 'should have the correct root-level keys' do
- payload.keys.should match_array(['access_token', 'data'])
+ payload.keys.should match_array(['data'])
  end
 
  it 'should have the correct data keys' do
@@ -566,7 +566,6 @@
  context 'with mutation in payload' do
  let(:new_payload) do
  {
- 'access_token' => configuration.access_token,
  'data' => {
  }
  }

diff --git a/spec/rollbar_spec.rb b/spec/rollbar_spec.rb
@@ -1268,7 +1268,6 @@ def backtrace
  Rollbar.error(exception)
 
  File.exist?(filepath).should eq(true)
- File.read(filepath).should include test_access_token
  File.delete(filepath)
 
  Rollbar.configure do |config|
@@ -1293,7 +1292,6 @@ def backtrace
  Rollbar.error(exception)
 
  File.exist?(filepath).should eq(true)
- File.read(filepath).should include test_access_token
  File.delete(filepath)
 
  Rollbar.configure do |config|

diff --git a/spec/support/deploy_api/report.rb b/spec/support/deploy_api/report.rb
@@ -5,8 +5,12 @@ module DeployAPI
  class Report < ::RollbarAPI
  protected
 
- def valid_data?(json, request)
- !!json['environment'] && !!json['revision'] && super(json, request)
+ def authorized?(json, _request)
+ json['access_token'] != UNAUTHORIZED_ACCESS_TOKEN
+ end
+
+ def valid_data?(json, _request)
+ !!json['environment'] && !!json['revision'] && !!json['access_token']
  end
 
  def success_body(_json, _request)

diff --git a/spec/support/rollbar_api.rb b/spec/support/rollbar_api.rb
@@ -16,8 +16,8 @@ def call(env)
 
  protected
 
- def authorized?(json, _request)
- json['access_token'] != UNAUTHORIZED_ACCESS_TOKEN
+ def authorized?(_json, request)
+ request.env['HTTP_X_ROLLBAR_ACCESS_TOKEN'] != UNAUTHORIZED_ACCESS_TOKEN
  end
 
  def response_headers
@@ -26,8 +26,8 @@ def response_headers
  }
  end
 
- def valid_data?(json, _request)
- !!json['access_token']
+ def valid_data?(_json, request)
+ !!request.env['HTTP_X_ROLLBAR_ACCESS_TOKEN']
  end
 
  def unauthorized