Skip to content

Commit

Permalink
fix: add validation and proper decoding on send email hook (#1520)
Browse files Browse the repository at this point in the history
## What kind of change does this PR introduce?

bug discovered while testing
  • Loading branch information
J0 authored Apr 9, 2024
1 parent 3036fbb commit e19e762
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
8 changes: 7 additions & 1 deletion internal/conf/configuration.go
Original file line number Diff line number Diff line change
Expand Up @@ -473,7 +473,7 @@ type ExtensibilityPointConfiguration struct {
Enabled bool `json:"enabled"`
HookName string `json:"hook_name"`
// We use | as a separator for keys and : as a separator for keys within a keypair. For instance: v1,whsec_test|v1a,whpk_myother:v1a,whsk_testkey|v1,whsec_secret3
HTTPHookSecrets []string `json:"secrets" envconfig:"secrets"`
HTTPHookSecrets HTTPHookSecrets `json:"secrets" envconfig:"secrets"`
}

func (h *HookConfiguration) Validate() error {
Expand All @@ -482,6 +482,7 @@ func (h *HookConfiguration) Validate() error {
h.PasswordVerificationAttempt,
h.CustomAccessToken,
h.SendSMS,
h.SendEmail,
}
for _, point := range points {
if err := point.ValidateExtensibilityPoint(); err != nil {
Expand Down Expand Up @@ -588,6 +589,11 @@ func LoadGlobal(filename string) (*GlobalConfiguration, error) {
return nil, err
}
}
if config.Hook.SendEmail.Enabled {
if err := config.Hook.SendEmail.PopulateExtensibilityPoint(); err != nil {
return nil, err
}
}

if config.Hook.MFAVerificationAttempt.Enabled {
if err := config.Hook.MFAVerificationAttempt.PopulateExtensibilityPoint(); err != nil {
Expand Down
1 change: 1 addition & 0 deletions internal/conf/configuration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ func TestGlobal(t *testing.T) {
os.Setenv("GOTRUE_JWT_SECRET", "secret")
os.Setenv("API_EXTERNAL_URL", "http://localhost:9999")
os.Setenv("GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_URI", "pg-functions://postgres/auth/count_failed_attempts")
os.Setenv("GOTRUE_HOOK_SEND_SMS_SECRETS", "v1,whsec_aWxpa2VzdXBhYmFzZXZlcnltdWNoYW5kaWhvcGV5b3Vkb3Rvbw==")
gc, err := LoadGlobal("")
require.NoError(t, err)
require.NotNil(t, gc)
Expand Down

0 comments on commit e19e762

Please sign in to comment.