David Taylor
68b4fe4cf8
SECURITY: Expand and improve SSRF Protections ( #18815 )
...
See https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr
Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
2022-11-01 16:33:17 +00:00
Jeff Wong
75e159f0ed
FEATURE: add support for like webhooks ( #12917 )
...
* FEATURE: add support for like webhooks
Add support for like webhooks. Webhook events only send on user membership
in the defined webhook group filters.
This also fixes group webhook events, as before this was never used, and
the logic was not correct.
2021-04-30 17:08:38 -07:00
David Taylor
5a4d3e7576
FIX: Ensure UserField changes are reflected instantly in webhooks ( #12291 )
...
The Guardian object memoizes a list of allowed user fields. Normally this is fine because Guardian objects only persist for a single request. However, the WebHook class was memoizing a guardian at the class level. This meant that an app restart was required for changes to be reflected. Plus, the Guardian was being shared across all sites in a multisite instance.
Initializing a guardian is cheap, so we can manage without memoization here.
2021-03-04 21:41:57 +00:00
Roman Rizzi
3259ea60a6
DEV: Remove code deprecated by the new Reviewable API ( #8023 )
...
* Remove flag hooks and endpoints
* Remove #reject_bulk for users
* Remove code for quued_posts_controller
2019-08-26 10:33:26 -03:00
Robin Ward
ecebff5060
Only show deprecation warning if the webhook is active
2019-06-10 16:23:12 -04:00
Sam Saffron
30990006a9
DEV: enable frozen string literal on all files
...
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.
Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Robin Ward
b58867b6e9
FEATURE: New 'Reviewable' model to make reviewable items generic
...
Includes support for flags, reviewable users and queued posts, with REST API
backwards compatibility.
Co-Authored-By: romanrizzi <romanalejandro@gmail.com>
Co-Authored-By: jjaffeux <j.jaffeux@gmail.com>
2019-03-28 12:45:10 -04:00
Maja Komel
34730a0b16
UX: show if webhook is disabled ( #7217 )
...
+ show in staff logs when webhook is created/updated/destroyed
2019-03-21 16:13:09 +01:00
Vinoth Kannan
167d85c21f
FIX: post & topic destroyed hooks not triggering with tag filter
2019-03-06 22:52:54 +05:30
Robin Ward
95f263995d
FIX: Previous annotations were broken
2019-01-11 14:30:19 -05:00
Robin Ward
a3839495e0
Update annotations
2019-01-11 12:19:43 -05:00
Vinoth Kannan
57ba4b7cb2
DEV: remove unnecessary safe nav operators ( #6730 )
2018-12-05 20:07:18 +05:30
Vinoth Kannan
fb78414229
Add missing safe navigation operator
2018-12-05 16:23:43 +05:30
Vinoth Kannan
d33d031742
FEATURE: Filter topic and post web hook events by tags ( #6726 )
...
* FEATURE: Filter topic and post web hook events by tags
* Add a spec test with unmatched tags
2018-12-05 14:44:06 +05:30
Vinoth Kannan
8430ea927e
FIX: Generate webhook payloads before destroy events ( #6325 )
2018-10-05 16:53:59 +08:00
Guo Xiang Tan
ad5082d969
Make rubocop happy again.
2018-06-07 13:28:18 +08:00
Guo Xiang Tan
b3860c82da
FIX: Don't enqueue web hooks inside a deferred queue.
...
* The deferred queue is meant for short lived jobs
and does not guarantee execution. We need to ensure
that web hooks are always run.
2018-05-24 15:03:17 +08:00
Guo Xiang Tan
8a1aab4e8a
PERF: Select distinct active web hooks at the db level.
2018-05-24 14:56:40 +08:00
Guo Xiang Tan
ae3a7ca08d
Fix unexpected return error.
2018-05-21 22:28:44 +08:00
Guo Xiang Tan
bf84037f79
FIX: Payload for webhooks should be current as of the time the event was triggered.
...
https://meta.discourse.org/t/group-category-tag-user-deleted-webhooks-not-firing/87752
2018-05-21 17:29:58 +08:00
Guo Xiang Tan
226ace1643
Update annotations.
2018-02-20 14:28:58 +08:00
Guo Xiang Tan
9644569a28
FIX: Wildcard webhooks could send duplicated events.
2018-01-03 17:00:44 +08:00
Arpit Jalan
3c56c9b637
FIX: strip webhook payload_url
2017-12-11 13:48:11 +05:30
Arpit Jalan
daeb7694bc
update annotations
2017-12-05 21:03:20 +05:30
Sam
c68999e128
annotate models
...
WARNING annotators out there, be to run bin/annotate on RAILS_ENV=test on a clean db
2017-08-16 10:38:11 -04:00
Guo Xiang Tan
5012d46cbd
Add rubocop to our build. ( #5004 )
2017-07-28 10:20:09 +09:00
Guo Xiang Tan
66a7b0c30b
FIX: Add web hook `DiscourseEvent`s in initializer.
2017-04-12 11:55:49 +08:00
Guo Xiang Tan
bf78c228f4
FIX: User created web hook being enqueued before record has been saved.
...
* Improve web hook tests as well.
2017-03-16 14:44:09 +08:00
Erick Guan
cfbfea0596
FEATURE: Allow easier customization to the web hook event serialization.
2017-03-16 10:09:05 +08:00
Guo Xiang Tan
69330f8bc2
Add user_updated event to webhooks.
2016-12-13 11:26:26 +08:00
Guo Xiang Tan
e51574bea0
FIX: No need to fetch the model.
2016-12-02 17:17:03 +08:00
Erick Guan
8c8549b27b
FIX: missing post and topic edited webhooks
2016-11-30 20:49:45 +01:00
Arpit Jalan
e03c1e4cdf
annotate models
2016-10-31 15:02:11 +05:30
Erick Guan
c463cf63d4
FEATURE: Webhook for user creation and approval
2016-09-19 10:12:55 +08:00
Erick Guan
7423140825
FIX: show event name in webhook headers
2016-09-12 17:48:54 +08:00
Erick Guan
9ce61b4586
FEATURE: Webhooks.
2016-09-05 18:44:00 +08:00