fix(dashboard_metadata): mask poc_email and data_value for DashboardMetadata (#7130)

2025-11-02 12:06:56 +08:00 · 2025-02-06 19:17:02 +05:30
parent e17ffd1257
commit 9b1b245564
5 changed files with 31 additions and 20 deletions
--- a/crates/router/src/core/user/dashboard_metadata.rs
+++ b/crates/router/src/core/user/dashboard_metadata.rs
@ -1,12 +1,16 @@
+use std::str::FromStr;
+
 use api_models::user::dashboard_metadata::{self as api, GetMultipleMetaDataPayload};
 #[cfg(feature = "email")]
 use common_enums::EntityType;
+use common_utils::pii;
 use diesel_models::{
    enums::DashboardMetadata as DBEnum, user::dashboard_metadata::DashboardMetadata,
 };
 use error_stack::{report, ResultExt};
 #[cfg(feature = "email")]
 use masking::ExposeInterface;
+use masking::PeekInterface;
 #[cfg(feature = "email")]
 use router_env::logger;

@ -447,6 +451,11 @@ async fn insert_metadata(
            metadata
        }
        types::MetaData::ProdIntent(data) => {
+            if let Some(poc_email) = &data.poc_email {
+                let inner_poc_email = poc_email.peek().as_str();
+                pii::Email::from_str(inner_poc_email)
+                    .change_context(UserErrors::EmailParsingError)?;
+            }
            let mut metadata = utils::insert_user_scoped_metadata_to_db(
                state,
                user.user_id.clone(),
--- a/crates/router/src/services/email/types.rs
+++ b/crates/router/src/services/email/types.rs
@ -454,7 +454,7 @@ impl BizEmailProd {
            settings: state.conf.clone(),
            subject: consts::user::EMAIL_SUBJECT_NEW_PROD_INTENT,
            user_name: data.poc_name.unwrap_or_default().into(),
-            poc_email: data.poc_email.unwrap_or_default().into(),
+            poc_email: data.poc_email.unwrap_or_default(),
            legal_business_name: data.legal_business_name.unwrap_or_default(),
            business_location: data
                .business_location
--- a/crates/router/src/utils/user/dashboard_metadata.rs
+++ b/crates/router/src/utils/user/dashboard_metadata.rs
@ -10,7 +10,7 @@ use diesel_models::{
    user::dashboard_metadata::{DashboardMetadata, DashboardMetadataNew, DashboardMetadataUpdate},
 };
 use error_stack::{report, ResultExt};
-use masking::Secret;
+use masking::{ExposeInterface, PeekInterface, Secret};
 use router_env::logger;

 use crate::{
@ -37,7 +37,7 @@ pub async fn insert_merchant_scoped_metadata_to_db(
            merchant_id,
            org_id,
            data_key: metadata_key,
-            data_value,
+            data_value: Secret::from(data_value),
            created_by: user_id.clone(),
            created_at: now,
            last_modified_by: user_id,
@ -70,7 +70,7 @@ pub async fn insert_user_scoped_metadata_to_db(
            merchant_id,
            org_id,
            data_key: metadata_key,
-            data_value,
+            data_value: Secret::from(data_value),
            created_by: user_id.clone(),
            created_at: now,
            last_modified_by: user_id,
@ -143,7 +143,7 @@ pub async fn update_merchant_scoped_metadata(
            metadata_key,
            DashboardMetadataUpdate::UpdateData {
                data_key: metadata_key,
-                data_value,
+                data_value: Secret::from(data_value),
                last_modified_by: user_id,
            },
        )
@ -171,7 +171,7 @@ pub async fn update_user_scoped_metadata(
            metadata_key,
            DashboardMetadataUpdate::UpdateData {
                data_key: metadata_key,
-                data_value,
+                data_value: Secret::from(data_value),
                last_modified_by: user_id,
            },
        )
@ -183,7 +183,7 @@ pub fn deserialize_to_response<T>(data: Option<&DashboardMetadata>) -> UserResul
 where
    T: serde::de::DeserializeOwned,
 {
-    data.map(|metadata| serde_json::from_value(metadata.data_value.clone()))
+    data.map(|metadata| serde_json::from_value(metadata.data_value.clone().expose()))
        .transpose()
        .change_context(UserErrors::InternalServerError)
        .attach_printable("Error Serializing Metadata from DB")
@ -278,17 +278,18 @@ pub fn parse_string_to_enums(query: String) -> UserResult<GetMultipleMetaDataPay
    })
 }

-fn not_contains_string(value: &Option<String>, value_to_be_checked: &str) -> bool {
-    value
-        .as_ref()
-        .is_some_and(|mail| !mail.contains(value_to_be_checked))
+fn not_contains_string(value: Option<&str>, value_to_be_checked: &str) -> bool {
+    value.is_some_and(|mail| !mail.contains(value_to_be_checked))
 }

 pub fn is_prod_email_required(data: &ProdIntent, user_email: String) -> bool {
-    let poc_email_check = not_contains_string(&data.poc_email, "juspay");
-    let business_website_check = not_contains_string(&data.business_website, "juspay")
-        && not_contains_string(&data.business_website, "hyperswitch");
-    let user_email_check = not_contains_string(&Some(user_email), "juspay");
+    let poc_email_check = not_contains_string(
+        data.poc_email.as_ref().map(|email| email.peek().as_str()),
+        "juspay",
+    );
+    let business_website_check = not_contains_string(data.business_website.as_deref(), "juspay")
+        && not_contains_string(data.business_website.as_deref(), "hyperswitch");
+    let user_email_check = not_contains_string(Some(&user_email), "juspay");

    if (poc_email_check && business_website_check && user_email_check).not() {
        logger::info!(prod_intent_email = poc_email_check);