Add 'access_key' to obfuscated body key defaults

Add `composer testbench:reset` command

Author: onlime

CHANGELOG.md

@@ -1,6 +1,11 @@
 # CHANGELOG
 
-## [v1.2.x (Unreleased)](https://github.com/onlime/laravel-http-client-global-logger/compare/v1.2.4...main)
+## [v1.2.x (Unreleased)](https://github.com/onlime/laravel-http-client-global-logger/compare/v1.2.5...main)
+
+## [v1.2.5 (2025-06-29)](https://github.com/onlime/laravel-http-client-global-logger/compare/v1.2.4...v1.2.5)
+
+- Add `access_key` to the `HTTP_CLIENT_GLOBAL_LOGGER_OBFUSCATE_BODY_KEYS` defaults, with additional Uri obfuscation testing.
+- Added `composer testbench:reset` script to reset the Orchestra Testbench environment, which caches the config.
 
 ## [v1.2.4 (2025-06-16)](https://github.com/onlime/laravel-http-client-global-logger/compare/v1.2.3...v1.2.4)
 

composer.json

@@ -56,7 +56,9 @@
         }
     },
     "scripts": {
-        "test": "vendor/bin/pest",
+        "testbench:reset": "echo RESETTING TESTBENCH; rm -rf vendor/orchestra/testbench-core/laravel-foo",
+        "test": "pest",
+        "pretest": "@testbench:reset",
         "test-coverage": "vendor/bin/pest --coverage",
         "format": "vendor/bin/pint"
     },

config/http-client-global-logger.php

@@ -104,7 +104,7 @@
         )),
         'body_keys' => explode(',', env(
             'HTTP_CLIENT_GLOBAL_LOGGER_OBFUSCATE_BODY_KEYS',
-            'pass,password,token,apikey,access_token,refresh_token,id_token,client_secret'
+            'pass,password,token,apikey,access_token,access_key,refresh_token,id_token,client_secret'
         )),
     ],
 

tests/HttpClientLoggerTest.php

@@ -189,6 +189,43 @@ function setupLogger(): MockInterface
     ],
 ]);
 
+it('obfuscates request uri via body obfuscation', function (string $uri, string $expected) {
+    $logger = setupLogger();
+
+    $logger->shouldReceive('info')->withArgs(function ($message) use ($expected) {
+        expect($message)->toContain('REQUEST: GET '.$expected);
+        return true;
+    })->once();
+
+    $logger->shouldReceive('info')->withArgs(function ($message) {
+        expect($message)->toContain('RESPONSE: HTTP/1.1 200 OK');
+        return true;
+    })->once();
+
+    Http::fake([
+        '*' => Http::response('', 200, [
+            'Content-Type' => 'application/json',
+        ]),
+    ])->get($uri);
+})->with([
+    'no-query-params' => [
+        'https://example.com',
+        'https://example.com',
+    ],
+    'sensitive-query-param' => [
+        'https://example.com?access_key=1234',
+        'https://example.com?access_key=**********',
+    ],
+    'other-query-param' => [
+        'https://example.com?foo=bar&baz=qux',
+        'https://example.com?foo=bar&baz=qux',
+    ],
+    'mixed-query-params' => [
+        'https://example.com?token=xyz&foo=bar&access_key=1234',
+        'https://example.com?token=**********&foo=bar&access_key=**********',
+    ],
+]);
+
 it('obfuscates response body', function (string $body, string $expected) {
     $logger = setupLogger();