ghost

Infrastructure/ghost

Fork 0

mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-06 22:40:14 -05:00

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Nazar Gargol	1b449f4f53	🐛 Fixed 500 error in webhooks API when modifying non-existing webhooks closes #12064 - Handled permission check bug by returning 404, same way it is returned in other permissions related places when handling non-existing resource. Example - `60907a7ae4/core/server/models/relations/authors.js (L355-L358)`	2020-08-03 23:08:47 +12:00
Nazar Gargol	a520cdad0b	Added JSON Schema validations to Webhooks Admin API v3 closes #12033 - Added webhooks schemas and definitions. - Added validation checking if integration_id is present when using session auth. This is needed to prevent orphan webhooks. - Integrated webhook schemas into frame's validation layer. - Added isLowerCase ajv keyword support. This is needed to be able to do isLowerCase validation using JSON Schema for webhooks.	2020-07-17 17:37:14 +12:00
Nazar Gargol	173e3292fa	Fixed integration_id handling in Webhooks Admin API no issue - Changes introduced to both API v3 and v2 - Makes sure to use the same integration_id as authenticated integration for the webhook's data. - Makde it is impossible to create orphaned webhooks using token authentication - Allowed only parent integration to edit it's children webhooks. Throwing permission error otherwise	2020-07-08 16:54:31 +12:00

Nazar Gargol

1b449f4f53

🐛 Fixed 500 error in webhooks API when modifying non-existing webhooks

closes #12064

- Handled permission check bug by returning 404, same way it is returned in other permissions related places when handling non-existing resource. Example - 60907a7ae4/core/server/models/relations/authors.js (L355-L358)

2020-08-03 23:08:47 +12:00

Nazar Gargol

a520cdad0b

Added JSON Schema validations to Webhooks Admin API v3

closes #12033

- Added webhooks schemas and definitions.
- Added validation checking if integration_id is present when using session auth. This is needed to prevent orphan webhooks.
- Integrated webhook schemas into frame's validation layer.
- Added isLowerCase ajv keyword support. This is needed to be able to do isLowerCase validation using JSON Schema for webhooks.

2020-07-17 17:37:14 +12:00

Nazar Gargol

173e3292fa

Fixed integration_id handling in Webhooks Admin API

no issue

- Changes introduced to both API v3 and v2
- Makes sure to use the same integration_id as authenticated integration for the webhook's data.
-  Makde it is impossible to create orphaned webhooks using token authentication
- Allowed only parent integration to edit it's children webhooks. Throwing permission error otherwise

2020-07-08 16:54:31 +12:00

3 commits