Hide tower tokens from request object

Signed-off-by: Paolo Di Tommaso <[email protected]>

wave-api/src/main/java/io/seqera/wave/api/ObjectUtils.java

@@ -50,4 +50,14 @@ public static String toString(List list) {
             return "(empty)";
         return String.join(",",list);
     }
+
+    static String redact(Object value) {
+        if( value==null )
+            return "(null)";
+        if( isEmpty(value.toString()) )
+            return ("(empty)");
+        final String str = value.toString();
+        return str.length()>=5 ? str.substring(0,3) + "****" : "****";
+    }
+
 }

wave-api/src/main/java/io/seqera/wave/api/SubmitContainerTokenRequest.java

@@ -321,8 +321,8 @@ public boolean formatSingularity() {
     @Override
     public String toString() {
         return "SubmitContainerTokenRequest{" +
-                "towerAccessToken='" + towerAccessToken + '\'' +
-                ", towerRefreshToken='" + towerRefreshToken + '\'' +
+                "towerAccessToken='" + ObjectUtils.redact(towerAccessToken) + '\'' +
+                ", towerRefreshToken='" + ObjectUtils.redact(towerRefreshToken) + '\'' +
                 ", towerEndpoint='" + towerEndpoint + '\'' +
                 ", towerWorkspaceId=" + towerWorkspaceId +
                 ", containerImage='" + containerImage + '\'' +

wave-api/src/test/groovy/io/seqera/wave/api/ObjectUtilsTest.groovy

@@ -92,4 +92,20 @@ class ObjectUtilsTest extends Specification {
         ['1']           | '1'
         ['1','2','3']   | '1,2,3'
     }
+
+    @Unroll
+    def 'should strip secret' () {
+        expect:
+        ObjectUtils.redact(SECRET) == EXPECTED
+
+        where:
+        SECRET          | EXPECTED
+        'hi'            | '****'
+        'Hello'         | 'Hel****'
+        'World'         | 'Wor****'
+        '12345678'      | '123****'
+        'hola'          | '****'
+        null            | '(null)'
+        ''              | '(empty)'
+    }
 }