mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-03-11 02:12:21 -05:00
Fixed integration_id assignment for webhook when creating through API key auth
refs173e3292fa- The bug was initially introduced in referenced commit. When request is done with `api_key` context, there should always be an `integration` object associated with it -71c17539d8/core/server/services/permissions/parse-context.js (L36). An `id` from `context.integration` not `context.api_key` has to be assigned to newly created webhook! - The webhooks API is about to be declared stable in upcoming release, so no migration will be done
This commit is contained in:
Nazar Gargol
parent
71c17539d8
commit
60ae9e82f9
8 changed files with 16 additions and 16 deletions
|
|
@ -5,8 +5,8 @@ module.exports = {
|
|||
add(apiConfig, frame) {
|
||||
debug('add');
|
||||
|
||||
if (_.get(frame, 'options.context.api_key.id')) {
|
||||
frame.data.webhooks[0].integration_id = frame.options.context.api_key.id;
|
||||
if (_.get(frame, 'options.context.integration.id')) {
|
||||
frame.data.webhooks[0].integration_id = frame.options.context.integration.id;
|
||||
}
|
||||
}
|
||||
};
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ const jsonSchema = require('../utils/json-schema');
|
|||
|
||||
module.exports = {
|
||||
add(apiConfig, frame) {
|
||||
if (!_.get(frame, 'options.context.api_key.id') && !_.get(frame.data, 'webhooks[0].integration_id')) {
|
||||
if (!_.get(frame, 'options.context.integration.id') && !_.get(frame.data, 'webhooks[0].integration_id')) {
|
||||
return Promise.reject(new errors.ValidationError({
|
||||
message: i18n.t('notices.data.validation.index.schemaValidationFailed', {
|
||||
key: 'integration_id'
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ module.exports = {
|
|||
edit: {
|
||||
permissions: {
|
||||
before: (frame) => {
|
||||
if (frame.options.context && frame.options.context.api_key && frame.options.context.api_key.id) {
|
||||
if (frame.options.context && frame.options.context.integration && frame.options.context.integration.id) {
|
||||
return models.Webhook.findOne({id: frame.options.id})
|
||||
.then((webhook) => {
|
||||
if (!webhook) {
|
||||
|
|
@ -42,7 +42,7 @@ module.exports = {
|
|||
});
|
||||
}
|
||||
|
||||
if (webhook.get('integration_id') !== frame.options.context.api_key.id) {
|
||||
if (webhook.get('integration_id') !== frame.options.context.integration.id) {
|
||||
throw new errors.NoPermissionError({
|
||||
message: i18n.t('errors.api.webhooks.noPermissionToEdit.message', {
|
||||
method: 'edit'
|
||||
|
|
@ -100,7 +100,7 @@ module.exports = {
|
|||
},
|
||||
permissions: {
|
||||
before: (frame) => {
|
||||
if (frame.options.context && frame.options.context.api_key && frame.options.context.api_key.id) {
|
||||
if (frame.options.context && frame.options.context.integration && frame.options.context.integration.id) {
|
||||
return models.Webhook.findOne({id: frame.options.id})
|
||||
.then((webhook) => {
|
||||
if (!webhook) {
|
||||
|
|
@ -111,7 +111,7 @@ module.exports = {
|
|||
});
|
||||
}
|
||||
|
||||
if (webhook.get('integration_id') !== frame.options.context.api_key.id) {
|
||||
if (webhook.get('integration_id') !== frame.options.context.integration.id) {
|
||||
throw new errors.NoPermissionError({
|
||||
message: i18n.t('errors.api.webhooks.noPermissionToEdit.message', {
|
||||
method: 'destroy'
|
||||
|
|
|
|||
|
|
@ -5,8 +5,8 @@ module.exports = {
|
|||
add(apiConfig, frame) {
|
||||
debug('add');
|
||||
|
||||
if (_.get(frame, 'options.context.api_key.id')) {
|
||||
frame.data.webhooks[0].integration_id = frame.options.context.api_key.id;
|
||||
if (_.get(frame, 'options.context.integration.id')) {
|
||||
frame.data.webhooks[0].integration_id = frame.options.context.integration.id;
|
||||
}
|
||||
}
|
||||
};
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ module.exports = {
|
|||
edit: {
|
||||
permissions: {
|
||||
before: (frame) => {
|
||||
if (frame.options.context && frame.options.context.api_key && frame.options.context.api_key.id) {
|
||||
if (frame.options.context && frame.options.context.integration && frame.options.context.integration.id) {
|
||||
return models.Webhook.findOne({id: frame.options.id})
|
||||
.then((webhook) => {
|
||||
if (!webhook) {
|
||||
|
|
@ -52,7 +52,7 @@ module.exports = {
|
|||
});
|
||||
}
|
||||
|
||||
if (webhook.get('integration_id') !== frame.options.context.api_key.id) {
|
||||
if (webhook.get('integration_id') !== frame.options.context.integration.id) {
|
||||
throw new errors.NoPermissionError({
|
||||
message: i18n.t('errors.api.webhooks.noPermissionToEdit.message', {
|
||||
method: 'edit'
|
||||
|
|
@ -110,7 +110,7 @@ module.exports = {
|
|||
},
|
||||
permissions: {
|
||||
before: (frame) => {
|
||||
if (frame.options.context && frame.options.context.api_key && frame.options.context.api_key.id) {
|
||||
if (frame.options.context && frame.options.context.integration && frame.options.context.integration.id) {
|
||||
return models.Webhook.findOne({id: frame.options.id})
|
||||
.then((webhook) => {
|
||||
if (!webhook) {
|
||||
|
|
@ -121,7 +121,7 @@ module.exports = {
|
|||
});
|
||||
}
|
||||
|
||||
if (webhook.get('integration_id') !== frame.options.context.api_key.id) {
|
||||
if (webhook.get('integration_id') !== frame.options.context.integration.id) {
|
||||
throw new errors.NoPermissionError({
|
||||
message: i18n.t('errors.api.webhooks.noPermissionToEdit.message', {
|
||||
method: 'destroy'
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ describe('Webhooks API (canary)', function () {
|
|||
|
||||
jsonResponse.webhooks[0].event.should.eql('test.create');
|
||||
jsonResponse.webhooks[0].target_url.should.eql('http://example.com/webhooks/test/extra/canary');
|
||||
jsonResponse.webhooks[0].integration_id.should.eql(testUtils.DataGenerator.Content.api_keys[0].id);
|
||||
jsonResponse.webhooks[0].integration_id.should.eql(testUtils.DataGenerator.Content.api_keys[0].integration_id);
|
||||
jsonResponse.webhooks[0].name.should.eql('test');
|
||||
jsonResponse.webhooks[0].secret.should.eql('thisissecret');
|
||||
jsonResponse.webhooks[0].api_version.should.eql('v3');
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ describe('Webhooks API (v2)', function () {
|
|||
|
||||
jsonResponse.webhooks[0].event.should.eql('test.create');
|
||||
jsonResponse.webhooks[0].target_url.should.eql('http://example.com/webhooks/test/extra/v2');
|
||||
jsonResponse.webhooks[0].integration_id.should.eql(testUtils.DataGenerator.Content.api_keys[0].id);
|
||||
jsonResponse.webhooks[0].integration_id.should.eql(testUtils.DataGenerator.Content.api_keys[0].integration_id);
|
||||
|
||||
localUtils.API.checkResponse(jsonResponse.webhooks[0], 'webhook');
|
||||
});
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ describe('Webhooks API (v3)', function () {
|
|||
|
||||
jsonResponse.webhooks[0].event.should.eql('test.create');
|
||||
jsonResponse.webhooks[0].target_url.should.eql('http://example.com/webhooks/test/extra/v3');
|
||||
jsonResponse.webhooks[0].integration_id.should.eql(testUtils.DataGenerator.Content.api_keys[0].id);
|
||||
jsonResponse.webhooks[0].integration_id.should.eql(testUtils.DataGenerator.Content.api_keys[0].integration_id);
|
||||
|
||||
localUtils.API.checkResponse(jsonResponse.webhooks[0], 'webhook');
|
||||
});
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue