Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(expo): Ensure authToken is not written to application package #3630

Merged
merged 5 commits into from
Feb 26, 2024
Merged

fix(expo): Ensure authToken is not written to application package #3630

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f73ec21
fix(expo): Ensure authToken is not written to application package
krystofwoldrich Feb 26, 2024
c7a9e74
add changelog
krystofwoldrich Feb 26, 2024
952b8b8
Update CHANGELOG.md
krystofwoldrich Feb 26, 2024
e64c5a6
Update CHANGELOG.md
krystofwoldrich Feb 26, 2024
74a9010
Merge branch 'main' into kw-expo-remove-auth-token-from-app-package
krystofwoldrich Feb 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@
### Fixes

- Option `enabled: false` ensures no events are sent ([#3606](https://github.com/getsentry/sentry-react-native/pull/3606))
- Remove Expo Plugin `authToken` option from application bundle ([#3630](https://github.com/getsentry/sentry-react-native/pull/3630))
- Expo Configuration is saved in plain text and is not secure.
Please, rotate your token if you published an app with
the auth token in the plugin config. Use `SENTRY_AUTH_TOKEN` env.
Read more in the [docs](https://docs.sentry.io/platforms/react-native/manual-setup/expo/).
krystofwoldrich marked this conversation as resolved.
Show resolved Hide resolved

### Dependencies

Expand Down
17 changes: 10 additions & 7 deletions plugin/src/withSentry.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,12 @@ interface PluginProps {

const withSentryPlugin: ConfigPlugin<PluginProps | void> = (config, props) => {
const sentryProperties = getSentryProperties(props);

if (props && props.authToken) {
// If not removed, the plugin config with the authToken will be written to the application package
delete props.authToken;
}

let cfg = config;
if (sentryProperties !== null) {
try {
Expand All @@ -33,12 +39,14 @@ const withSentryPlugin: ConfigPlugin<PluginProps | void> = (config, props) => {
);
}
}

return cfg;
};

const missingAuthTokenMessage = '# auth.token is configured through SENTRY_AUTH_TOKEN environment variable';
const missingProjectMessage = '# no project found, falling back to SENTRY_PROJECT environment variable';
const missingOrgMessage = '# no org found, falling back to SENTRY_ORG environment variable';
const existingAuthTokenMessage = `# DO NOT COMMIT the auth token, use SENTRY_AUTH_TOKEN instead, see https://docs.sentry.io/platforms/react-native/manual-setup/`;
const missingAuthTokenMessage = `# Using SENTRY_AUTH_TOKEN environment variable`;

export function getSentryProperties(props: PluginProps | void): string | null {
const { organization, project, authToken, url = 'https://sentry.io/' } = props ?? {};
Expand All @@ -56,12 +64,7 @@ export function getSentryProperties(props: PluginProps | void): string | null {
return `defaults.url=${url}
${organization ? `defaults.org=${organization}` : missingOrgMessage}
${project ? `defaults.project=${project}` : missingProjectMessage}
${
authToken
? `# Configure this value through \`SENTRY_AUTH_TOKEN\` environment variable instead. See: https://docs.sentry.io/platforms/react-native/manual-setup/\nauth.token=${authToken}`
: missingAuthTokenMessage
}
`;
${authToken ? `${existingAuthTokenMessage}\nauth.token=${authToken}` : missingAuthTokenMessage}`;
}

// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
Expand Down
Loading