Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(mgmt_api): remove possibility to set clientid in /publish API #9667

Merged
merged 3 commits into from
Jan 10, 2023
Merged

fix(mgmt_api): remove possibility to set clientid in /publish API #9667

merged 3 commits into from
Jan 10, 2023

Conversation

olcai
Copy link
Contributor

@olcai olcai commented Jan 3, 2023
edited
Loading

To avoid security confusion, we remove the possibility to specify the client ID in the request body for /publish and /publish/bulk.

Fixes EMQX-8385.

PR Checklist

Please convert it to a draft if any of the following conditions are not met. Reviewers may skip over until all the items are checked:

  • Added tests for the changes
  • Changed lines covered in coverage report
  • Change log has been added to changes/ dir
  • For internal contributor: there is a jira ticket to track this change
  • If there should be document changes, a PR to emqx-docs.git is sent, or a jira ticket is created to follow up
  • Schema changes are backward compatible

olcai
olcai commented Jan 3, 2023
View reviewed changes
changes/v5.0.14-zh.md Outdated Show resolved Hide resolved
thalesmg
thalesmg previously approved these changes Jan 3, 2023
View reviewed changes
qzhuyan
qzhuyan previously approved these changes Jan 4, 2023
View reviewed changes
@olcai olcai dismissed stale reviews from qzhuyan and thalesmg via dfbbe36 January 4, 2023 09:49
@olcai olcai force-pushed the remove-clientid-in-publish-request-body branch from 57632e8 to dfbbe36 Compare January 4, 2023 09:49
thalesmg
thalesmg previously approved these changes Jan 4, 2023
View reviewed changes
@olcai olcai marked this pull request as ready for review January 4, 2023 12:35
@olcai olcai requested review from a team, lafirest and sstrigler as code owners January 4, 2023 12:35
qzhuyan
qzhuyan reviewed Jan 4, 2023
View reviewed changes
changes/v5.0.14-zh.md Outdated Show resolved Hide resolved
@olcai olcai force-pushed the remove-clientid-in-publish-request-body branch from dfbbe36 to 7bcd351 Compare January 4, 2023 13:37
thalesmg
thalesmg previously approved these changes Jan 4, 2023
View reviewed changes
lafirest
lafirest previously approved these changes Jan 4, 2023
View reviewed changes
@olcai
fix(mgmt_api): remove possibility to set clientid in /publish API
3319a8d 
To avoid security confusion, we remove the possibility to specify the
client ID in the request body for /publish and /publish/bulk.
@olcai
chore: update changes
19033c8
@olcai olcai dismissed stale reviews from lafirest and thalesmg via 19033c8 January 9, 2023 08:39
@olcai olcai force-pushed the remove-clientid-in-publish-request-body branch from 7bcd351 to 19033c8 Compare January 9, 2023 08:39
qzhuyan
qzhuyan previously approved these changes Jan 10, 2023
View reviewed changes
ieQu1
ieQu1 previously approved these changes Jan 10, 2023
View reviewed changes
sstrigler
sstrigler previously approved these changes Jan 10, 2023
View reviewed changes
@olcai olcai dismissed stale reviews from sstrigler and ieQu1 via fb97096 January 10, 2023 15:49
@zmstone zmstone merged commit 6bbb5ed into emqx:master Jan 10, 2023
@olcai olcai deleted the remove-clientid-in-publish-request-body branch January 11, 2023 07:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmstone zmstone zmstone approved these changes

@sstrigler sstrigler sstrigler left review comments

@qzhuyan qzhuyan qzhuyan left review comments

@thalesmg thalesmg thalesmg left review comments

@lafirest lafirest lafirest left review comments

@ieQu1 ieQu1 ieQu1 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@olcai @sstrigler @zmstone @qzhuyan @thalesmg @lafirest @ieQu1