Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add initial support for Workflow connectors #275

Merged
merged 2 commits into from
Jul 25, 2024
Merged

Add initial support for Workflow connectors #275

merged 2 commits into from
Jul 25, 2024

Conversation

atc0005
Copy link
Owner

@atc0005 atc0005 commented Jul 24, 2024
edited
Loading

Changes

  • lower AdaptiveCardMaxVersion from 1.5 to 1.4
    • this almost seems like a bug on Teams' end as this limitation is not communicated (from what I could tell) via https://adaptivecards.io/designer/
    • using a value of 1.4 appears to work equally well for O365 and Workflow connectors
  • treat a 202 response code as sufficient response verification
  • add logic.azure.com to valid URL patterns for default validation
    • refactored in a later commit to match either of logic.azure.com or *.azure-api.net as observed in the wild
  • debugging / troubleshooting - log status code and response string for O365 connector responses - log validation pattern match

References

@atc0005
Add initial support for Workflow connectors
245024b 
- lower `AdaptiveCardMaxVersion` from `1.5` to `1.4`
  - this almost seems like a bug on Teams' end as this limitation is
    not communicated (from what I could tell) via
    https://adaptivecards.io/designer/
  - using a value of `1.4` appears to work equally well for O365 and
    Workflow connectors
- treat a 202 response code as sufficient response verification
  - instead of expecting a `1` in the response body as previously
    confirmed
  - see also #59
- add `logic.azure.com` to valid URL patterns for default validation
- debugging / troubleshooting
    - log status code and response string for O365 connector responses
    - log validation pattern match

refs GH-262
@atc0005 atc0005 added enhancement New feature or request logging card format/adaptivecard Adaptive Card support labels Jul 24, 2024
@atc0005 atc0005 added this to the v2.11.0 milestone Jul 24, 2024
@atc0005 atc0005 self-assigned this Jul 24, 2024
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 24, 2024
View reviewed changes
send.go Fixed Show fixed Hide fixed
send.go Fixed Show fixed Hide fixed
send.go Fixed Show fixed Hide fixed
@atc0005 atc0005 mentioned this pull request Jul 24, 2024
Closed
@atc0005
Copy link
Owner Author

atc0005 commented Jul 24, 2024
edited
Loading

The issues raised by CodeQL are not really "security" issues per se (we're just trying to object to potentially invalid webhook URLs, not prevent usage), but are probably still worth addressing.

atc0005 added a commit that referenced this pull request Jul 24, 2024
@atc0005
Refactor regex for default Workflow URLs
efa7c68 
Switch from static base pattern of `logic.azure.com` to a regex
OR pattern to permit either of `logic.azure.com` or
`*.azure-api.net` as has been observed in the wild.

This also has the side effect of resolving potential CodeQL
alerts raised in PR GH-275.

refs GH-262
@atc0005 atc0005 mentioned this pull request Jul 24, 2024
Merged
atc0005 added a commit that referenced this pull request Jul 24, 2024
@atc0005
Refactor regex for default Workflow URLs (redux)
7a1c0df 
THIS is the regex pattern intended for GH-277.

Previous commit message:

Switch from static base pattern of `logic.azure.com` to a regex
OR pattern to permit either of `logic.azure.com` or
`*.azure-api.net` as has been observed in the wild.

This also has the side effect of resolving potential
CodeQL alerts raised in PR GH-275.

refs GH-262
@atc0005 atc0005 mentioned this pull request Jul 24, 2024
Merged
@atc0005
Refactor regex for default Workflow URLs
7cdd311 
Switch from static base pattern of `logic.azure.com` to a regex
OR pattern to permit either of `logic.azure.com` or
`*.azure-api.net` as has been observed in the wild.

This also has the side effect of resolving potential CodeQL
alerts raised in PR GH-275.

refs GH-262
@atc0005
Copy link
Owner Author

atc0005 commented Jul 25, 2024

The issues raised by CodeQL are not really "security" issues per se (we're just trying to object to potentially invalid webhook URLs, not prevent usage), but are probably still worth addressing.

Fixed by 7cdd311.

@atc0005 atc0005 merged commit 673653b into master Jul 25, 2024
30 of 31 checks passed
@atc0005 atc0005 deleted the i262-add-support-for-workflow-connectors branch July 25, 2024 10:59
@atc0005 atc0005 mentioned this pull request Aug 5, 2024
Closed
@nikoksr nikoksr mentioned this pull request Aug 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@atc0005 atc0005

Labels
card format/adaptivecard Adaptive Card support enhancement New feature or request logging
Projects
None yet
Milestone
v2.11.0
Development

Successfully merging this pull request may close these issues.

O365 connectors within Teams will be deprecated
1 participant
@atc0005