zoom: Avoid sending Zoom API secret to other admin clients.

Fixing this involves fixing the backend to handle unchanged field submissions of the Zoom credentials without trying to re-validate the credentials (for performance) as well as to fetch the already-sent secret.
2025-11-03 05:23:35 +00:00 · 2019-02-28 15:12:40 -08:00
parent 0a0ac24d62
commit 1ce0e8256b
6 changed files with 50 additions and 4 deletions
--- a/zerver/lib/actions.py
+++ b/zerver/lib/actions.py
@@ -558,6 +558,10 @@ def do_set_realm_property(realm: Realm, name: str, value: Any) -> None:

    setattr(realm, name, value)
    realm.save(update_fields=[name])
+
+    if name == 'zoom_api_secret':
+        # Send '' as the value through the API for the API secret
+        value = ''
    event = dict(
        type='realm',
        op='update',