osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.
451cd4ec3f
osr-discourse-src/spec
History
Osama Sayegh 70fa67a9e1
FIX: Don't leak unhashed user API keys to redis (#14682) 
User API keys (not the same thing as admin API keys) are currently
leaked to redis when rate limits are applied to them since redis is the
backend for rate limits in Discourse and the API keys are included in
the redis keys that are used to track usage of user API keys in the last
24 hours.

This commit stops the leak by using a SHA-256 representation of the user
API key instead of the key itself to form the redis key.

We don't need to manually delete the existing redis keys that contain
unhashed user API keys because they're not long-lived and will be
automatically deleted within 48 hours after this commit is deployed to
your Discourse instance.
2021-10-21 19:43:26 +03:00
..
components FIX: Don't leak unhashed user API keys to redis (#14682) 2021-10-21 19:43:26 +03:00
fabricators DEV: Ignore reminder_type for bookmarks (#14349) 2021-09-16 09:56:54 +10:00
fixtures FIX: Parse address lists in embedded emails (#14514) 2021-10-06 15:07:29 +03:00
helpers FIX: Offer site_logo_dark_url as an option for dark mode themes (#14361) 2021-09-16 17:47:51 -04:00
import_export FEATURE: Rake task to export groups (#9450) 2020-04-17 14:59:54 -07:00
initializers FEATURE: A low priority filter for the review queue. (#12822) 2021-04-23 15:34:24 -03:00
integration SECURITY: Escape watched word in error message (#14434) 2021-09-24 11:55:15 +03:00
integrity DEV: Fix a flaky Onceoff spec (#13314) 2021-06-07 20:38:31 +02:00
jobs FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
lib FIX: BackupRestore::DatabaseRestorer failures with Ruby 3 2021-10-12 17:25:51 -04:00
mailers FIX: Do not show recipient user in email participants list (#14642) 2021-10-19 15:26:22 +10:00
models FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
multisite FIX: Use random file name for temporary uploads (#14250) 2021-09-06 10:21:20 +10:00
requests DEV: Update AWS API stub following gem version bump (#14673) 2021-10-20 23:04:08 +01:00
script/import_scripts DEV: If disabled do not change setting after import (#12142) 2021-02-19 09:33:35 -07:00
serializers FIX: update translation key to match flag reason. (#14573) 2021-10-11 10:24:41 -03:00
services FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
support FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
tasks FIX: remove migrate_from_s3 task that silently corrupts data (#11703) 2021-01-17 22:33:29 +01:00
views/omniauth_callbacks FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
rails_helper.rb FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
swagger_helper.rb DEV: Refactor the api docs for the user endpoint (#14377) 2021-09-20 10:04:57 -06:00