Download the PHP package allejo/php-vcr-sanitizer without Composer
On this page you can find all versions of the php package allejo/php-vcr-sanitizer. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download allejo/php-vcr-sanitizer
More information about allejo/php-vcr-sanitizer
Files in allejo/php-vcr-sanitizer
Package php-vcr-sanitizer
Short Description Bring privacy to php-vcr by excluding API keys, passwords, and credentials from your recordings
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package php-vcr-sanitizer
php-vcr-sanitizer
php-vcr is a tool for recording and replaying outgoing requests, however it has had "Privacy aware" marked as "soon" for quite some time now. Whenever I test my APIs, there will often be some sensitive information such as keys or passwords in the recordings. Up until now, I've had a separate script to always remove sensitive data before getting checked into version control.
I got tired of having to always sanitize the data, so this is a quick and dirty solution until php-vcr officially supports "private" recordings.
Table of Contents
- Installation
- Usage
- Configuration
- Sanitizing Requests
- Sanitizing Responses
- Disabling the Sanitizer
- How Sanitizing Works
- Hostnames
- Headers
- URL Parameters
- Body Content
- Post Field Content
- License
Installation
Install the package through Composer.
Usage
After your VCR instance has been turned on, call VCRCleaner::enable() and pass whatever URL parameters or headers you don't want to be recorded in your fixtures.
Configuration
This library allows your sanitize both the Request and Response sections of your recordings so only non-sensitive data is written to your cassettes. You define the behavior for this sanitizer via an array with configuration options explained below.
Sanitizing Requests
request.ignoreHostname- When set to true, the hostname in URLs inside of the Request will be replaced with[]in theurlfield and theHostin the headers will be set to null.request.ignoreQueryFields- Define which GET parameters in your URL to completely strip out of your recordings.request.ignoreHeaders- Define the headers in your recording that will automatically be set to null in your recordings. Using an asterisk (i.e.*) in the array can be used to strip all headers from the request.request.bodyScrubbers- An array of callbacks that will have the request body available as a string. Each callback must return the modified body. The callbacks are called consecutively in the order they appear in this array and the value from one callback propagates to the next.request.postFieldScrubbers- An array of callbacks that will have the request post fields available as an array. Each callback must return the modified post fields array. The callbacks are called consecutively in the order they appear in this array and the value from one callback propagates to the next.
Sanitizing Responses
The php-vcr library does not officially support modifying its responses so this library uses reflection to modify the contents of responses. While this feature is officially supported by this project, bear with us if this feature were to break due to the php-vcr changing its internals.
response.ignoreHeaders- The same asrequest.ignoreHeadersbut for your response body instead.response.bodyScrubbers- The same asrequest.bodyScrubbersbut for your response body instead.
Disabling the Sanitizer
Why is there no VCRCleaner::disable()? There's no simple and non-hackish way to restore the VCR to its original state. It's probably easier to just configure your VCR differently for a certain batch of unit tests anyways.
How Sanitizing Works
When VCR is looking for recordings to playback, VCRCleaner uses modified "matchers" to check everything except for the fields you've marked as sensitive.
Hostnames
If the hostname of the URL endpoint you're hitting is sensitive and shouldn't be recorded, you can have the sanitizer ignore hostnames and they'll be replaced in the url field with a [] instead and the host header will be set to null.
Headers
Let's say you set the X-Api-Key header to SuperToast. In your recording, the header you specified will be saved as null.
URL Parameters
Notice how apiKey=yourSecretApiKey is stripped away in your recording. During your VCR playback, it'll look for matching requests without the apiKey parameter.
Body Content
Unlike ignoring headers or URL parameters, scrubbing information from both request and response bodies makes use of an array of callbacks. The result of each function is passed on to the next function.
Notice how password=hunter2 has been stripped away from the request body. The callbacks take the body as a string parameter, the modified result has to be returned.
Post Field Content
When making POST requests, your VCR will sometimes record the data inside of a post_fields parameter rather than the body; e.g. when CURLOPT_POSTFIELDS is used in cURL and you do not set CURLOPT_POST to true. In those cases, this option can be used to sanitize sensitive content. Note that unlike the body field, post_fields is an array:
License
MIT
All versions of php-vcr-sanitizer with dependencies
php-vcr/php-vcr Version ^1.4
symfony/event-dispatcher Version ^4.0|^5.0|^6.0