Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add basic auth to the generic webhook API. #5311

Merged
merged 3 commits into from Feb 19, 2019
Merged

Conversation

@ericholscher
Copy link
Member

@ericholscher ericholscher commented Feb 19, 2019

Fix a bug we've had where:

  • The WebhookView is doing Basic Auth on the user, and then setting it properly on the request
  • The APIWebhookView then is doing Session Auth, and doing CSRF checks on it, because that requst has a valid user

A fix is to remove all the auth methods from the "parent" view,
which this PR does.

Copy link
Contributor

@davidfischer davidfischer left a comment

I think this is a decent workaround to the problem.

Overall, I do believe that a view calling other views is an anti-pattern. We should probably separate the logic out of the view (into non-view functions and classes) and have different views call these broken out bits.

@ericholscher
Copy link
Member Author

@ericholscher ericholscher commented Feb 19, 2019

Yea, it feels like other bugs are lurking in this approach, given that we're 2x processing the request, but this at least fixes the current situation.

@ericholscher ericholscher merged commit 716f005 into master Feb 19, 2019
1 check passed
@delete-merged-branch delete-merged-branch bot deleted the basic-auth-webhook-api branch Feb 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

2 participants