Webhooks security fix
James Peret
共有 2 个文件被更改,包括 2 次插入 和 2 次删除
+ 1
- 1
app/models/agents/mixpanel_agent.rb
@@ -48,7 +48,7 @@ module Agents |
||
| 48 | 48 |
MD |
| 49 | 49 |
|
| 50 | 50 |
def working? |
| 51 |
- event_created_within?(interpolated['expected_update_period_in_days']) && !recent_error_logs? |
|
| 51 |
+ event_created_within?(options['expected_update_period_in_days']) && !recent_error_logs? |
|
| 52 | 52 |
end |
| 53 | 53 |
|
| 54 | 54 |
def validate_options |
+ 1
- 1
app/models/agents/webhook_agent.rb
@@ -48,7 +48,7 @@ module Agents |
||
| 48 | 48 |
def receive_web_request(params, method, format) |
| 49 | 49 |
# check the secret |
| 50 | 50 |
secret = params.delete('secret')
|
| 51 |
- return ["Not Authorized", 401] unless secret == interpolated['secret'] |
|
| 51 |
+ return ["Not Authorized", 401] unless secret == options['secret'] |
|
| 52 | 52 |
|
| 53 | 53 |
# check the verbs |
| 54 | 54 |
verbs = (interpolated['verbs'] || 'post').split(/,/).map { |x| x.strip.downcase }.select { |x| x.present? }
|