Merge pull request #4733 from manyfold3d/cults3d-credentials

Don't expose Cults3D auth credentials in error messages

Author: Floppy

app/deserializers/integrations/cults3d/base_deserializer.rb

@@ -31,8 +31,11 @@ def canonicalize(uri)
   class << self
     def client
       @@client ||= Graphlient::Client.new(
-        "https://#{SiteSettings.cults3d_api_username}:#{SiteSettings.cults3d_api_key}@cults3d.com/graphql",
-        schema_path: "#{File.dirname(__FILE__)}/cults3d.json"
+        "https://cults3d.com/graphql",
+        schema_path: "#{File.dirname(__FILE__)}/cults3d.json",
+        headers: {
+          "Authorization" => "Basic #{Base64.strict_encode64("#{SiteSettings.cults3d_api_username}:#{SiteSettings.cults3d_api_key}").chomp}"
+        }
       )
     end
   end

spec/support/vcr.rb

@@ -25,6 +25,6 @@
     )
     VCR.configure { |c| c.filter_sensitive_data("<CULTS3D_API_KEY>") { SiteSettings.cults3d_api_key } }
     VCR.configure { |c| c.filter_sensitive_data("<CULTS3D_API_USERNAME>") { SiteSettings.cults3d_api_username } }
-    VCR.configure { |c| c.filter_sensitive_data("<CULTS3D_BASIC_AUTH>") { Base64.encode64("#{SiteSettings.cults3d_api_username}:#{SiteSettings.cults3d_api_key}").chomp } }
+    VCR.configure { |c| c.filter_sensitive_data("<CULTS3D_BASIC_AUTH>") { Base64.strict_encode64("#{SiteSettings.cults3d_api_username}:#{SiteSettings.cults3d_api_key}").chomp } }
   end
 end