From 900392797317a45cf1da8efefaee6e7f22ceb685 Mon Sep 17 00:00:00 2001
From: bryan <bryan.maass@gmail.com>
Date: Mon, 1 Jul 2024 12:18:11 -0600
Subject: [PATCH] Adds a property to a defsetting (#44990)
* mark a defsetting as being :sensitive?
* add test
---
src/metabase/public_settings/premium_features.clj | 1 +
test/metabase/api/session_test.clj | 12 ++++++++++++
2 files changed, 13 insertions(+)
diff --git a/src/metabase/public_settings/premium_features.clj b/src/metabase/public_settings/premium_features.clj
index 647db27d352..1d47dd0f6c3 100644
--- a/src/metabase/public_settings/premium_features.clj
+++ b/src/metabase/public_settings/premium_features.clj
@@ -262,6 +262,7 @@
(defsetting premium-embedding-token ; TODO - rename this to premium-features-token?
(deferred-tru "Token for premium features. Go to the MetaStore to get yours!")
:audit :never
+ :sensitive? true
:setter
(fn [new-value]
;; validate the new value if we're not unsetting it
diff --git a/test/metabase/api/session_test.clj b/test/metabase/api/session_test.clj
index af87bf6ff91..2bf18a01715 100644
--- a/test/metabase/api/session_test.clj
+++ b/test/metabase/api/session_test.clj
@@ -469,6 +469,18 @@
(-> (mt/client :get 200 "session/properties" {:request-options {:headers {"x-metabase-locale" "es"}}})
:engines :h2 :details-fields first :display-name)))))))
+(deftest properties-skip-sensitive-test
+ (reset-throttlers!)
+ (testing "GET /session/properties"
+ (testing "don't return the token for admins"
+ (is (= nil
+ (-> (mt/client :get 200 "session/properties" (mt/user->credentials :crowberto))
+ keys #{:premium-embedding-token}))))
+ (testing "don't return the token for non-admins"
+ (is (= nil
+ (-> (mt/client :get 200 "session/properties" (mt/user->credentials :rasta))
+ keys #{:premium-embedding-token}))))))
+
;;; ------------------------------------------- TESTS FOR GOOGLE SIGN-IN ---------------------------------------------
(deftest google-auth-test
--
GitLab