Merge pull request #1207 from Fryguy/fix_filter_params

Fix issues after core changes for partial match passwords

Author: kbrock

lib/api.rb

@@ -11,7 +11,8 @@ module Api
   UnsupportedMediaTypeError = Class.new(ApiError)
 
   def self.encrypted_attribute?(attr)
-    Environment.encrypted_attributes.include?(attr.to_s) || attr.to_s.include?('password')
+    !Environment.encrypted_attributes_whitelist.include?(attr.to_s) &&
+      Environment.encrypted_attributes.any? { |a| attr.to_s.include?(a.to_s) }
   end
 
   def self.time_attribute?(attr)

lib/api/environment.rb

@@ -14,6 +14,13 @@ def self.encrypted_attributes
                                 ::Vmdb::Settings::PASSWORD_FIELDS.map(&:to_s)
     end
 
+    def self.encrypted_attributes_whitelist
+      @encrypted_attributes_whitelist ||= Set.new(%w[
+        auth_token
+        verify_ssl
+      ])
+    end
+
     def self.time_attributes
       @time_attributes ||= ApiConfig.collections.each.with_object(Set.new(%w(expires_on))) do |(_, cspec), result|
         next if cspec[:klass].blank?

spec/requests/regions_spec.rb

@@ -128,13 +128,13 @@
     context "/api/regions/:id?expand=settings" do
       it "expands the settings subcollection" do
         api_basic_authorize(action_identifier(:regions, :read, :resource_actions, :get), :ops_settings)
-        allow(Vmdb::Settings).to receive(:for_resource).and_return('authentications' => { 'bind_pwd' => 'bad_val'})
+        stub_settings_merge(:authentication => {:bind_pwd => 'passw0rd'})
         allow(User).to receive(:current_user).and_return(@user)
         allow(@user).to receive(:super_admin_user?).and_return(true)
 
         get(api_region_url(nil, region), :params => {:expand => 'settings'})
 
-        expect(response.parsed_body).to include('settings' => {'authentications' => {}})
+        expect(response.parsed_body).to_not have_key_path("settings", "authentication", "bind_pwd")
         expect(response).to have_http_status(:ok)
       end