Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugin unique url with different private tokens & improve privacy #3033

Merged
merged 5 commits into from
Jan 21, 2021
Merged

Plugin unique url with different private tokens & improve privacy #3033

merged 5 commits into from
Jan 21, 2021

Conversation

mariusandra
Copy link
Collaborator

Changes

  • Makes it so that the same gitlab repository with different private tokens in the URL is counted as the same repository (so can't install same thing twice with different keys)
  • Removes the private_token from the plugin serializer --> can't leak potential secrets to posthog users in the API response

Checklist

  • All querysets/queries filter by Organization, by Team, and by User
  • Django backend tests
  • Jest frontend tests
  • Cypress end-to-end tests

@timgl timgl temporarily deployed to posthog-plugin-token-pr-zxktme January 21, 2021 11:51 Inactive
@mariusandra mariusandra temporarily deployed to posthog-plugin-token-pr-zxktme January 21, 2021 13:05 Inactive
@mariusandra
Copy link
Collaborator Author

Managed to break some things with the last fixes, but looks good now. Ready to be reviewed!

Twixes
Twixes approved these changes Jan 21, 2021
View reviewed changes
Copy link
Collaborator

@Twixes Twixes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks solid

@Twixes Twixes merged commit fed2ea3 into master Jan 21, 2021
@Twixes Twixes deleted the plugin-token-privacy branch January 21, 2021 13:39
EDsCODE added a commit that referenced this pull request Jan 21, 2021
@EDsCODE
Merge branch 'master' into static-cohort-on-person-modal
991a3c2 
* master:
  Add handing off event ingestion to plugin server (#2898)
  Plugin unique url with different private tokens & improve privacy (#3033)
  Delete omni_person.proto (#3014)
  Don't install unused pandas and numpy (#3034)
  2248 remove pandas numpy (#2997)
  Exclude health from ip block (#3027)
  Allow filtering by unseen recordings (#3000)
  Don't include materialized columns in kafka table (#3026)
  Standardize created at and by table columns (#2961)
  Add user param for clickhouse if provided (#3025)
  Setup logging to system.text_log in dev environment (#3024)
  feat: set event root logger severity using the DJANGO_LOG_LEVEL env variable (#3016)
  feat: allow setting Sentry environment by using the SENTRY_ENVIRONMENT env variable (#3015)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Twixes Twixes Twixes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mariusandra @Twixes @timgl