paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 13:33:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

webhooks: Only enable webhook logging if it is a webhook.

Browse Source 
allow_webhook_access may be true if the request allows webhook
requests, regardless of if it only used for a webhook integration.

Only actually log to the verbose webhook logger if it is explicitly a
webhook endpoint, as judged by `webhook_client_name`.  This prevents
requests for `POST /api/v1/messages` from being logged to the webhook
logger if they mistakenly contain a `payload` argument.
This commit is contained in:
Alex Vandiver
2020-09-21 15:46:02 -07:00
committed by Tim Abbott
parent 77d1a4a5c0
commit 1a763696f7
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
zerver/decorator.py
View File

@@ -550,8 +550,8 @@ def authenticated_rest_api_view(
target_view_func = view_func
return target_view_func(request, profile, *args, **kwargs)
except Exception as err:
if allow_webhook_access:
if isinstance(err, UnsupportedWebhookEventType) and webhook_client_name is not None:
if webhook_client_name is not None:
if isinstance(err, UnsupportedWebhookEventType):
err.webhook_name = webhook_client_name
request_body = request.POST.get('payload')
if request_body is not None: