lib/recurly.rb in recurly-2.9.2 vs lib/recurly.rb in recurly-2.9.3
- old
+ new
@@ -84,19 +84,37 @@
def js
JS
end
# Assigns a logger to log requests/responses and more.
+ # The logger can only be set if the environment variable
+ # `RECURLY_INSECURE_DEBUG` equals `true`.
#
# @return [Logger, nil]
# @example
# require 'logger'
# Recurly.logger = Logger.new STDOUT
# @example Rails applications automatically log to the Rails log:
# Recurly.logger = Rails.logger
# @example Turn off logging entirely:
# Recurly.logger = nil # Or Recurly.logger = Logger.new nil
attr_accessor :logger
+
+ def logger=(logger)
+ if ENV['RECURLY_INSECURE_DEBUG'].to_s.downcase == 'true'
+ @logger = logger
+ puts <<-MSG
+ [WARNING] Recurly logger enabled. The logger has the potential to leak
+ PII and should never be used in production environments.
+ MSG
+ else
+ puts <<-MSG
+ [WARNING] Recurly logger has been disabled. If you wish to use it,
+ only do so in a non-production environment and make sure
+ the `RECURLY_INSECURE_DEBUG` environment variable is set to `true`.
+ MSG
+ end
+ end
# Convenience logging method includes a Logger#progname dynamically.
# @return [true, nil]
def log level, message
logger.send(level, name) { message }