Merge pull request #201 from getsentry/respect-send-pii

Add PII info only if option is enabled

Author: Jean85

Makefile

@@ -9,13 +9,18 @@ update-submodules:
 	git submodule update
 
 cs:
-	vendor/bin/php-cs-fixer fix --config-file=.php_cs --verbose --diff
+	vendor/bin/php-cs-fixer fix --verbose
 
 cs-dry-run:
-	vendor/bin/php-cs-fixer fix --config-file=.php_cs --verbose --diff --dry-run
+	vendor/bin/php-cs-fixer fix --verbose --dry-run
+
+phpstan:
+	vendor/bin/phpstan analyze
 
 test:
 	vendor/bin/phpunit
 
+pre-commit-check: cs phpstan test
+
 setup-git:
 	git config branch.autosetuprebase always

src/EventListener/RequestListener.php

@@ -54,6 +54,11 @@ public function onKernelRequest(GetResponseEvent $event): void
             return;
         }
 
+        $currentClient = Hub::getCurrent()->getClient();
+        if (null === $currentClient || ! $currentClient->getOptions()->shouldSendDefaultPii()) {
+            return;
+        }
+
         $token = null;
 
         if ($this->tokenStorage instanceof TokenStorageInterface) {

test/EventListener/RequestListenerTest.php

@@ -4,6 +4,8 @@
 
 use PHPUnit\Framework\TestCase;
 use Prophecy\Argument;
+use Sentry\ClientInterface;
+use Sentry\Options;
 use Sentry\SentryBundle\EventListener\RequestListener;
 use Sentry\State\Hub;
 use Sentry\State\HubInterface;
@@ -21,13 +23,24 @@ class RequestListenerTest extends TestCase
 {
     private $currentScope;
     private $currentHub;
+    private $options;
 
     protected function setUp()
     {
         parent::setUp();
 
         $this->currentScope = $scope = new Scope();
         $this->currentHub = $this->prophesize(HubInterface::class);
+
+        $client = $this->prophesize(ClientInterface::class);
+        $this->options = new Options();
+
+        $this->currentHub->getClient()
+            ->willReturn($client->reveal());
+        $client->getOptions()
+            ->willReturn($this->options);
+        $this->options->setSendDefaultPii(true);
+
         $this->currentHub->configureScope(Argument::type('callable'))
             ->shouldBeCalled()
             ->will(function ($arguments) use ($scope): void {
@@ -96,6 +109,56 @@ public function userDataProvider(): \Generator
         yield [new ToStringUser('john-doe')];
     }
 
+    public function testOnKernelRequestUserDataIsNotSetIfSendPiiIsDisabled(): void
+    {
+        $tokenStorage = $this->prophesize(TokenStorageInterface::class);
+        $authorizationChecker = $this->prophesize(AuthorizationCheckerInterface::class);
+        $event = $this->prophesize(GetResponseEvent::class);
+
+        $event->isMasterRequest()
+            ->willReturn(true);
+
+        $this->options->setSendDefaultPii(false);
+
+        $this->currentHub->configureScope(Argument::type('callable'))
+            ->shouldNotBeCalled();
+
+        $listener = new RequestListener(
+            $this->currentHub->reveal(),
+            $tokenStorage->reveal(),
+            $authorizationChecker->reveal()
+        );
+
+        $listener->onKernelRequest($event->reveal());
+
+        $this->assertEquals([], $this->currentScope->getUser());
+    }
+
+    public function testOnKernelRequestUserDataIsNotSetIfNoClientIsPresent(): void
+    {
+        $tokenStorage = $this->prophesize(TokenStorageInterface::class);
+        $authorizationChecker = $this->prophesize(AuthorizationCheckerInterface::class);
+        $event = $this->prophesize(GetResponseEvent::class);
+
+        $event->isMasterRequest()
+            ->willReturn(true);
+
+        $this->currentHub->getClient()
+            ->willReturn(null);
+        $this->currentHub->configureScope(Argument::type('callable'))
+            ->shouldNotBeCalled();
+
+        $listener = new RequestListener(
+            $this->currentHub->reveal(),
+            $tokenStorage->reveal(),
+            $authorizationChecker->reveal()
+        );
+
+        $listener->onKernelRequest($event->reveal());
+
+        $this->assertEquals([], $this->currentScope->getUser());
+    }
+
     public function testOnKernelRequestUsernameIsNotSetIfTokenStorageIsAbsent(): void
     {
         $authorizationChecker = $this->prophesize(AuthorizationCheckerInterface::class);