Add param for logging sensitive auth headers in CDAHttpException class. (#294)

Author: rafalniski

src/main/java/com/contentful/java/cda/CDAClient.java

@@ -73,6 +73,8 @@ public class CDAClient {
 
   final boolean preview;
 
+  final boolean logSensitiveData;
+
   CDAClient(Builder builder) {
     this(new Cache(),
         Platform.get().callbackExecutor(),
@@ -89,6 +91,7 @@ public class CDAClient {
     this.environmentId = builder.environment;
     this.token = builder.token;
     this.preview = builder.preview;
+    this.logSensitiveData = builder.logSensitiveData;
   }
 
   private void validate(Builder builder) {
@@ -306,6 +309,10 @@ public SyncQuery sync(SyncType type) {
     return sync(null, null, type);
   }
 
+
+  public boolean shouldLogSensitiveData() {
+    return logSensitiveData;
+  }
   /**
    * Returns a {@link SyncQuery} for synchronization with the provided {@code syncToken} via
    * the Sync API.
@@ -532,6 +539,8 @@ public static class Builder {
     Converter.Factory converterFactory;
 
     boolean preview;
+
+    private boolean logSensitiveData = true;
     Tls12Implementation tls12Implementation = useRecommendation;
 
     Section application;
@@ -564,6 +573,18 @@ public Builder setEnvironment(String environment) {
       return this;
     }
 
+    /**
+     * Sets the logSensitiveData value for logging
+     * the authorization headers in the CDAHttpException.
+     *
+     * @param logSensitiveData boolean value to be set.
+     * @return this builder for chaining.
+     */
+    public Builder setLogSensitiveData(boolean logSensitiveData) {
+      this.logSensitiveData = logSensitiveData;
+      return this;
+    }
+
     /**
      * Sets the space access token.
      *
@@ -758,7 +779,7 @@ public OkHttpClient.Builder defaultCallFactoryBuilder() {
           .addInterceptor(new AuthorizationHeaderInterceptor(token))
           .addInterceptor(new UserAgentHeaderInterceptor(createUserAgent()))
           .addInterceptor(new ContentfulUserAgentHeaderInterceptor(sections))
-          .addInterceptor(new ErrorInterceptor());
+          .addInterceptor(new ErrorInterceptor(logSensitiveData));
 
       setLogger(okBuilder);
       useTls12IfWanted(okBuilder);

src/main/java/com/contentful/java/cda/CDAHttpException.java

@@ -22,6 +22,8 @@ public class CDAHttpException extends RuntimeException {
   private final String responseBody;
   private final String stringRepresentation;
 
+  private final boolean logSensitiveData;
+
   /**
    * Construct an error response.
    * <p>
@@ -32,12 +34,13 @@ public class CDAHttpException extends RuntimeException {
    * @param request  the request issuing the error.
    * @param response the response from the server to this faulty request.
    */
-  public CDAHttpException(Request request, Response response) {
+  public CDAHttpException(Request request, Response response, boolean logSensitiveData) {
     super(response.message());
     this.request = request;
     this.response = response;
     this.responseBody = readResponseBody(response);
     this.stringRepresentation = createString();
+    this.logSensitiveData = logSensitiveData;
   }
 
   private String readResponseBody(Response response) {
@@ -133,6 +136,10 @@ public int rateLimitReset() {
   }
 
   private String headersToString(Headers headers) {
+    if (!logSensitiveData) {
+      return "<headers omitted>";
+    }
+
     final StringBuilder builder = new StringBuilder();
 
     String divider = "";

src/main/java/com/contentful/java/cda/interceptor/ErrorInterceptor.java

@@ -12,6 +12,12 @@
  * This interceptor will only be used for throwing an exception, once the server returns an error.
  */
 public class ErrorInterceptor implements Interceptor {
+  private final boolean logSensitiveData;
+
+  public ErrorInterceptor(boolean logSensitiveData) {
+    this.logSensitiveData = logSensitiveData;
+  }
+
 
   /**
    * Intercepts chain to check for unsuccessful requests.
@@ -25,7 +31,7 @@ public class ErrorInterceptor implements Interceptor {
     final Response response = chain.proceed(request);
 
     if (!response.isSuccessful()) {
-      throw new CDAHttpException(request, response);
+      throw new CDAHttpException(request, response, logSensitiveData);
     }
 
     return response;