Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[MM-51404]: Added logic to generate unique webhook secret for subscriptions #152

Merged
merged 15 commits into from
Apr 4, 2023
Merged

[MM-51404]: Added logic to generate unique webhook secret for subscriptions #152

merged 15 commits into from
Apr 4, 2023

Conversation

avas27JTG
Copy link
Contributor

Added logic to generate unique webhook secret for subscriptions

avas27JTG and others added 14 commits January 4, 2023 16:08
@avas27JTG
[MI-2504][server+webapp]: Generated manifest files and Changed "Hide"…
71f3356 
… to "Close" on filter popover. (#17) (#21)

* [MI-2504][webapp]: Changed Hide to Close on filter popover

* [MI-2504][server]: Generated manifest files

* [MI-2504][server]: Updated version in manifest

Co-authored-by: Abhishek Verma <abhishek.verma@brightscout.com>

Co-authored-by: Abhishek Verma <abhishek.verma@brightscout.com>
@avas27JTG @raghavaggarwal2308
[MI-2505]: Added logic to protect subscriptions notification webhook …
9c9c68c 
…API and fixed Boards update subscription. (#22)

* [MI-2505][server]: Added logic to protect subscriptions notification webhook API and fixed Boards update subscription.

* [MI-2505][MI-2518] Fix failing testcases

* [MI-2505]:Added webhook secret encoding and review fixes

* [MI-2505]:Added webhook secret encryption

* [MI-2505]: Fixed CI

* [MI-2505]: Reverted change of auth scopes

* [MI-2505]: Fixed CI

* [MI-2505][MI-2603] Fixed testcases

* [MI-2505]: Used constant for path

* [MI-2505]: Refinded message

* [MI-2505]: Minor review fixes

* [MI-2505][MI-2603] Review fix

Co-authored-by: Abhishek Verma <abhishek.verma@brightscout.com>
Co-authored-by: raghavaggarwal2308 <raghav.aggarwal@brightscout.com>
@avas27JTG
Merge branch 'master' of github.com:mattermost/mattermost-plugin-azur…
b230b45 
…e-devops
@avas27JTG
Merge branch 'master' of github.com:Brightscout/mattermost-plugin-azu…
00a26b3 
…re-devops
@avas27JTG
[Fix]: Updated plugin version in manifest file
1495a4b
@avas27JTG
[MI-2877]: Fix for unbounded read in Azure DevOps API client (#40)
31deb8e 
* [MI-2877]: Fix for unbounded read in Azure DevOps API client

* [MI-2877]: Review fixes

---------

Co-authored-by: Abhishek Verma <abhishek.verma@brightscout.com>
@avas27JTG
Merge branch 'master' of github.com:mattermost/mattermost-plugin-azur…
171d06f 
…e-devops
@avas27JTG
Merge branch 'master' of github.com:Brightscout/mattermost-plugin-azu…
99e7913 
…re-devops
@avas27JTG
Merge branch 'master' of github.com:mattermost/mattermost-plugin-azur…
f0359e9 
…e-devops
@avas27JTG
[MM-51404]: Added logic to generate unique webhook secret for subscri…
4b640ac 
…ptions
@avas27JTG
[MM-51404]: Fixed linting
65fe63d
@avas27JTG
[MM-51404]: Minor refactoring
5cfa72a
@avas27JTG
[MM-51404]: Minor refactoring
c10fd6e
@avas27JTG
[MM-51404]: Minor refactoring
d7124f7
@avas27JTG avas27JTG requested a review from m1lt0n April 3, 2023 12:55
@m1lt0n m1lt0n requested review from mickmister and hanzei April 3, 2023 12:55
@avas27JTG avas27JTG removed the request for review from hanzei April 3, 2023 12:55
@codecov-commenter
Copy link

codecov-commenter commented Apr 3, 2023
edited
Loading

Codecov Report

Patch coverage: 26.41% and project coverage change: -0.45 ⚠️

Comparison is base (4f8e0b0) 65.20% compared to head (11e325e) 64.75%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #152      +/-   ##
==========================================
- Coverage   65.20%   64.75%   -0.45%     
==========================================
  Files          15       15              
  Lines        3411     3439      +28     
==========================================
+ Hits         2224     2227       +3     
- Misses       1040     1065      +25     
  Partials      147      147
Impacted Files Coverage Δ
server/config/config.go 100.00% <ø> (ø)
server/plugin/utils.go 63.83% <0.00%> (-1.92%) ⬇️
server/store/subscriptions.go 77.16% <0.00%> (-9.65%) ⬇️
server/plugin/api.go 63.94% <66.66%> (+0.37%) ⬆️
server/plugin/client.go 65.08% <100.00%> (+0.08%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@avas27JTG avas27JTG requested a review from jupenur April 3, 2023 13:36
@m1lt0n m1lt0n requested review from esarafianou and removed request for jupenur April 3, 2023 15:10
mickmister
mickmister approved these changes Apr 3, 2023
View reviewed changes
Copy link
Contributor

@mickmister mickmister left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just have a few non-blocking comments. LGTM 👍

server/store/subscriptions.go Outdated
Comment on lines 217 to 224
func (s *Store) GetSubscriptionChannelID(subscriptionID string) (*SubscriptionWebhookSecretAndChannelMap, error) {
var storedWebhookSecret SubscriptionWebhookSecretAndChannelMap
if err := s.LoadJSON(subscriptionID, &storedWebhookSecret); err != nil {
return nil, err
}

return &storedWebhookSecret, nil
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems off that the method GetSubscriptionChannelID is returning something called a webhook secret. The returned value is not a string either, which it seems like secret would be a string

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

server/store/subscriptions.go

func (s *Store) StoreSubscriptionChannelID(subscriptionID, webhookSecret, channelID string) error {
if err := s.StoreJSON(subscriptionID, SubscriptionWebhookSecretAndChannelMap{
webhookSecret: channelID,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This reads a little weird, because it's not obvious that StoreSubscriptionChannelID is literally a map, and not a struct with a field named webhookSecret

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

esarafianou
esarafianou approved these changes Apr 4, 2023
View reviewed changes
Copy link

@esarafianou esarafianou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@hanzei hanzei added the 4: Reviews Complete All reviewers have approved the pull request label Apr 4, 2023
@hanzei hanzei merged commit 788729d into master Apr 4, 2023
@hanzei hanzei deleted the MI-2942 branch April 4, 2023 12:13
@m1lt0n m1lt0n added this to the v2.2.2 milestone Apr 5, 2023
@avas27JTG avas27JTG mentioned this pull request Apr 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@esarafianou esarafianou esarafianou approved these changes

@mickmister mickmister mickmister approved these changes

@m1lt0n m1lt0n m1lt0n approved these changes

Assignees
No one assigned
Labels
4: Reviews Complete All reviewers have approved the pull request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@avas27JTG @codecov-commenter @m1lt0n @mickmister @esarafianou @hanzei