Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't show secrets for SignedGlobalID#inspect #160

Merged
merged 1 commit into from
Jun 30, 2023

Commits on Jun 20, 2023

  1. Don't show secrets for SignedGlobalID#inspect

    If anyone calls `to_sgid` on a model in the console it will
    show the secret of the encryptor.
    
    By overriding the `inspect` method to only show the class name we can
    avoid accidentally outputting sensitive information.
    
    Before:
    
    ```ruby
    SignedGlobalID.create(Person.new(5)).inspect
    "#<SignedGlobalID:0x0000000104888038 ... @secret=\"muchSECRETsoHIDDEN\ ... >"
    ```
    
    After:
    
    ```ruby
    SignedGlobalID.create(Person.new(5)).inspect
    "#<SignedGlobalID:0x0000000104888038>"
    ```
    p8 committed Jun 20, 2023
    Configuration menu
    Copy the full SHA
    e17c3f1 View commit details
    Browse the repository at this point in the history