fix(SUPPORT-30038): clone deep the request object

commercetools · Dec 20, 2024 · e230029 · e230029
1 parent 82397e8
commit e230029
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 1 deletion.
diff --git a/package.json b/package.json
@@ -44,6 +44,7 @@
     "jest-junit": "16.0.0",
     "jest-watch-typeahead": "2.2.2",
     "lint-staged": "13.3.0",
+    "lodash.clonedeep": "^4.5.0",
     "node-polyfill-webpack-plugin": "^4.0.0",
     "path-browserify": "^1.0.1",
     "prettier": "3.3.3",

diff --git a/packages/platform-sdk/test/integration-tests/sdk-v3/middlewares.test.ts b/packages/platform-sdk/test/integration-tests/sdk-v3/middlewares.test.ts
@@ -187,6 +187,61 @@ describe('Concurrent Modification Middleware', () => {
       .execute()
       .catch((e) => e)
   })
+
+  // https://commercetools.atlassian.net/browse/SUPPORT-30038
+  it('should retry with correct bearer token when maskSensitiveHeaderData is true', async () => {
+    async function concurrentModificationHandlerFn(
+      version: number,
+      request: MiddlewareRequest,
+      response
+    ) {
+      expect(request.headers.Authorization).toMatch(/^Bearer (?!\*+$)([^\s]+)$/)
+
+      // update version
+      request.body = {
+        ...(request.body as object),
+        version,
+      }
+
+      return JSON.stringify(request.body)
+    }
+
+    const ctpClientV3 = new ClientBuilderV3()
+      .withHttpMiddleware({
+        ...httpMiddlewareOptionsV3,
+        maskSensitiveHeaderData: true,
+      })
+      .withConcurrentModificationMiddleware({ concurrentModificationHandlerFn })
+      .withClientCredentialsFlow(authMiddlewareOptions)
+      .build()
+
+    const apiRootV3 = createApiBuilderFromCtpClient(ctpClientV3).withProjectKey(
+      {
+        projectKey,
+      }
+    )
+
+    try {
+      await apiRootV3
+        .products()
+        .withId({ ID: product.id })
+        .post({
+          body: {
+            version: +product.version + 1,
+            actions: [
+              {
+                action: 'changeName',
+                name: { en: 'test-name' + new Date().getTime() },
+              },
+            ],
+          },
+        })
+        .execute()
+    } catch (e) {
+      console.error(e)
+      throw e
+    }
+  })
 })
 
 describe('Http clients and http client options', () => {

diff --git a/packages/sdk-client-v3/src/utils/maskAuthData.ts b/packages/sdk-client-v3/src/utils/maskAuthData.ts
@@ -1,7 +1,8 @@
 import { MiddlewareRequest } from '../types/types'
+import cloneDeep from 'lodash.clonedeep'
 
 export default function maskAuthData(request: MiddlewareRequest) {
-  const _request = Object.assign({}, request)
+  const _request = cloneDeep(request)
   if (_request?.headers) {
     if (_request.headers.Authorization) {
       _request.headers['Authorization'] = 'Bearer ********'

diff --git a/yarn.lock b/yarn.lock
@@ -6027,6 +6027,11 @@ lodash.camelcase@^4.3.0:
   resolved "https://registry.yarnpkg.com/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz#b28aa6288a2b9fc651035c7711f65ab6190331a6"
   integrity sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA==
 
+lodash.clonedeep@^4.5.0:
+  version "4.5.0"
+  resolved "https://registry.yarnpkg.com/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz#e23f3f9c4f8fbdde872529c1071857a086e5ccef"
+  integrity sha512-H5ZhCF25riFd9uB5UCkVKo61m3S/xZk1x4wA6yp/L3RFP6Z/eHH1ymQcGLo7J3GMPfm0V/7m1tryHuGVxpqEBQ==
+
 lodash.debounce@^4.0.8:
   version "4.0.8"
   resolved "https://registry.yarnpkg.com/lodash.debounce/-/lodash.debounce-4.0.8.tgz#82d79bff30a67c4005ffd5e2515300ad9ca4d7af"