Disabled changing webhook's integration_id through PUT API

refs #12033 - Allowing to change parent integration opens up possible security holes and has no clear usecase at the moment. After a webhook record is created it should not be possible to change parent integration. - Had do partially duplicate JSON schema definition from webhooks definition as there is no proper composition technique available in current version of JSON Schema.
2025-01-06 22:40:14 -05:00 · 2020-09-24 16:24:02 +12:00 · 2020-09-24 16:24:02 +12:00 · 43153ba31e
commit 43153ba31e
parent af516e130c
2 changed files with 60 additions and 2 deletions
--- a/core/server/api/canary/utils/validators/input/schemas/webhooks-edit.json
+++ b/core/server/api/canary/utils/validators/input/schemas/webhooks-edit.json
@ -10,7 +10,64 @@
            "type": "array",
            "minItems": 1,
            "maxItems": 1,
-            "items": {"$ref": "webhooks#/definitions/webhook"}
+            "items": {
                "type": "object",
                "additionalProperties": false,
                "properties": {
                    "event": {
                        "type": "string",
                        "maxLength": 50,
                        "isLowercase": true
                    },
                    "target_url": {
                        "type": "string",
                        "format": "uri-reference",
                        "maxLength": 2000
                    },
                    "name": {
                        "type": ["string", "null"],
                        "maxLength": 191
                    },
                    "secret": {
                        "type": ["string", "null"],
                        "maxLength": 191
                    },
                    "api_version": {
                        "type": ["string", "null"],
                        "maxLength": 50
                    },
                    "integration_id": {
                        "strip": true
                    },
                    "id": {
                        "strip": true
                    },
                    "status": {
                        "strip": true
                    },
                    "last_triggered_at": {
                        "strip": true
                    },
                    "last_triggered_status": {
                        "strip": true
                    },
                    "last_triggered_error": {
                        "strip": true
                    },
                    "created_at": {
                        "strip": true
                    },
                    "created_by": {
                        "strip": true
                    },
                    "updated_at": {
                        "strip": true
                    },
                    "updated_by": {
                        "strip": true
                    }
                }
            }
        }
    },
    "required": ["webhooks"]
--- a/test/api-acceptance/admin/webhooks_spec.js
+++ b/test/api-acceptance/admin/webhooks_spec.js
@ -99,7 +99,8 @@ describe('Webhooks API', function () {
                        webhooks: [{
                            name: 'Edit Test',
                            event: 'subscriber.added',
-                            target_url: 'https://example.com/new-subscriber'
+                            target_url: 'https://example.com/new-subscriber',
                            integration_id: 'ignore_me'
                        }]
                    })
                    .expect(200)