-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MM-51253][MM-51275]: Added check for full name and refactored error logs. #148
Conversation
… to "Close" on filter popover. (#17) (#21) * [MI-2504][webapp]: Changed Hide to Close on filter popover * [MI-2504][server]: Generated manifest files * [MI-2504][server]: Updated version in manifest Co-authored-by: Abhishek Verma <[email protected]> Co-authored-by: Abhishek Verma <[email protected]>
…API and fixed Boards update subscription. (#22) * [MI-2505][server]: Added logic to protect subscriptions notification webhook API and fixed Boards update subscription. * [MI-2505][MI-2518] Fix failing testcases * [MI-2505]:Added webhook secret encoding and review fixes * [MI-2505]:Added webhook secret encryption * [MI-2505]: Fixed CI * [MI-2505]: Reverted change of auth scopes * [MI-2505]: Fixed CI * [MI-2505][MI-2603] Fixed testcases * [MI-2505]: Used constant for path * [MI-2505]: Refinded message * [MI-2505]: Minor review fixes * [MI-2505][MI-2603] Review fix Co-authored-by: Abhishek Verma <[email protected]> Co-authored-by: raghavaggarwal2308 <[email protected]>
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## master #148 +/- ##
==========================================
+ Coverage 65.65% 65.82% +0.17%
==========================================
Files 15 15
Lines 3313 3315 +2
==========================================
+ Hits 2175 2182 +7
+ Misses 1013 1009 -4
+ Partials 125 124 -1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
@@ -126,9 +126,6 @@ func (p *Plugin) GenerateOAuthToken(code, state string) error { | |||
mattermostUserID := strings.Split(state, "_")[1] | |||
|
|||
if err := p.Store.VerifyOAuthState(mattermostUserID, state); err != nil { | |||
if _, DMErr := p.DM(mattermostUserID, constants.GenericErrorMessage, false); DMErr != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we also make sure every endpoint intended to be used by a MM user is checked for authentication?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, we have a check for authentication on all the plugin APIs where we are checking for MM user-id in the header.
Also, OAuthComplete
API is used as a redirection URL by the Azure DevOps oAuth app which sends the state
query param that we are validating here as authentication.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also,
OAuthComplete
API is used as a redirection URL by the Azure DevOps oAuth app which sends thestate
query param that we are validating here as authentication.
The redirect is in the browser only though. Any request hitting MM in the process will be authenticated with a MM user token (and we should verify its presence). The Azure server never sends a request to the MM server in this process.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should also check that the authenticated user's id matches the user id on line 126
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Made the changes
See [MM-51253] and [MM-51275]