Skip to content

Fix/integration token visibility#832

Merged
ignatiusm merged 14 commits into
devfrom
fix/integration-token-visibility
May 5, 2026
Merged

Fix/integration token visibility#832
ignatiusm merged 14 commits into
devfrom
fix/integration-token-visibility

Conversation

@ignatiusm

Copy link
Copy Markdown
Contributor

This PR:

  • Obscures token information from all studies endpoints
  • Removed url and token information from participant-facing studies endpoints
  • Obscures token information from AuditLog records
  • Amends types to support above actions
  • Removes unnecessary logger calls from studies endpoints
  • Adds backend tests for studies endpoint and audit log
  • Adds cypress tests for Audit log UI to verify info is obscured
  • Changes Study Management advanced options UI to reflect that token can be set, but not accessed once set.
  • Adds cypress test for new study management UI

@ignatiusm ignatiusm requested a review from plouka13 May 1, 2026 02:09

@plouka13 plouka13 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking great @ignatiusm!

Would be cool to see participant portal tests ensuring the redcapURL and redcapToken aren't in the in the payload from that end (just to cover 5.1.1 of the Sekuro report). Although I'm super happy with the backend test as well.

Comment thread application/backend/src/middlewares/AuditLog.ts
Comment thread application/backend/src/middlewares/AuditLog.ts
Comment thread application/backend/src/controllers/StudiesController.ts Outdated
Comment thread application/backend/src/controllers/StudiesController.test.ts
@ignatiusm

ignatiusm commented May 4, 2026

Copy link
Copy Markdown
Contributor Author

Would be cool to see participant portal tests ensuring the redcapURL and redcapToken aren't in the in the payload > from that end (just to cover 5.1.1 of the Sekuro report). Although I'm super happy with the backend test as well.

Added a participant portal test for sensitive info in: 17cecba

@plouka13 plouka13 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Thanks @ignatiusm!

@ignatiusm ignatiusm merged commit 8174a35 into dev May 5, 2026
6 checks passed
@ignatiusm ignatiusm deleted the fix/integration-token-visibility branch May 5, 2026 01:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants