Not able to mask the payload and header with secret() method for REST and setCookie so that they are displayed in Allure report

[AugustineAutoGit]

What are you trying to achieve?

Need to mask the payload and Headers in REST and setCookie that may contain sensitive information

What do you get instead?

Not able to mask the payload and header with secret() method. Hence the value is shown in Allure report.

[AugustineAutoGit]

@kobenguyent could you please have a look?

[kobenguyent]

hey @AugustineAutoGit per my knowledge, that thing shall be resolved by allure plugin quickly. Not sure if this shall be handled by codeceptjs, as those test files are generated by allure plugin.

[AugustineAutoGit]

hi @kobenguyent
But those steps are generated by CodeceptJS, like Allure plugin receives them from CodeceptJS only right?
if the secret() method masking was working fine, then Allure will not get unmasked values.
Also while in running with '--verbose', secret method is not masking as value are seen in logs as well.
In the below screenshot I masked the payload, like 'I.sendPostRequest('/api/users.json', secret({ "email": "user@user.com" }));', but it's still visible

[kobenguyent]

I could be wrong, but I think that, the proper way is that codeceptjs exposes the Step info as it is, the logs, plugins, etc shall mask the sensitive data as they desire. what do you think @DavertMik @AugustineAutoGit ?

[AugustineAutoGit]

I could be wrong, but I think that, the proper way is that codeceptjs exposes the Step info as it is, the logs, plugins, etc shall mask the sensitive data as they desire. what do you think @DavertMik @AugustineAutoGit ?

@kobenguyent
yes, but issue I am facing is the masking is not happening for REST

[AugustineAutoGit]

@kobenguyent meanwhile do you have any boilerplate example repository which have used CodeceptJS with Feature files(Gherkin) and Playwright along with Allure report: allure-codeceptjs not the legacy: @codeceptjs/allure-legacy

[gkushang]

+100 to this request. The output library prints the Tokens when I.sendGetRequest or similar function is called with --verbose or --debug flag. Even with secret function, it's printed

[AugustineAutoGit]

+100 to this request. The output library prints the Tokens when I.sendGetRequest or similar function is called with --verbose or --debug flag. Even with secret function, it's printed

@gkushang
do you have any boilerplate example repository which have used CodeceptJS with Feature files(Gherkin) and Playwright along with Allure report: allure-codeceptjs not the legacy: @codeceptjs/allure-legacy
?

[kobenguyent]

Closing as Allure team addressed this already. See allure-framework/allure-js#1208