fix: Add Flagsmith signature header when testing webhook. #3666
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
|
@shubham-padia is attempting to deploy a commit to the Flagsmith Team on Vercel. A member of the Team first needs to authorize it. |
github-actions
bot
added
front-end
shubham-padia
force-pushed
the
fix/webhook-secret-signature-frontend
branch
from
a52cb1e to
446e372
Compare
shubham-padia
changed the title
| const [error, setError] = useState<string | null>(null) | ||
| const [loading, setLoading] = useState(false) | ||
| const [success, setSuccess] = useState(false) | ||
| const [sign, setSign] = useState('') | ||
| getSignature(json, secret, setSign) |
There was a problem hiding this comment.
I think rather than re-evaluating this each render we may as well just do this on submit
There was a problem hiding this comment.
Agreed! Fixed at https://github.com/Flagsmith/flagsmith/compare/446e37228ee813f6f6503e5d2b950850f3b593a6..39cc696750aa1916fe6376fc6babbae6676cac0b along with a bit of refactoring
| const submit = () => { | ||
| setError(null) | ||
| setLoading(true) | ||
| setSuccess(false) | ||
| data | ||
| .post(webhook, JSON.parse(json), null) | ||
| .post(webhook, JSON.parse(json), headers) |
There was a problem hiding this comment.
RE above comment, this could be something more like
getSignature().then((sign)=>{
const headers = {
'X-Flagsmith-Signature': sign,
}
return data.post(...)
}).then
There was a problem hiding this comment.
Thanks for the review! Fixed at https://github.com/Flagsmith/flagsmith/compare/446e37228ee813f6f6503e5d2b950850f3b593a6..39cc696750aa1916fe6376fc6babbae6676cac0b along with a bit of refactoring
shubham-padia
force-pushed
the
fix/webhook-secret-signature-frontend
branch
from
446e372 to
39cc696
Compare
kyle-ssg
requested review from
a team and
novakzaballa
and removed request for
a team
|
Uffizzi Preview |
|
Bump for review |
shubham-padia
force-pushed
the
fix/webhook-secret-signature-frontend
branch
2 times, most recently
from
5c6bef7 to
50c30ea
Compare
|
@shubham-padia @khvn26 looks like we've got CI failures here now, can we fix? |
shubham-padia
force-pushed
the
fix/webhook-secret-signature-frontend
branch
from
2409a43 to
f9d6237
Compare
shubham-padia
force-pushed
the
fix/webhook-secret-signature-frontend
branch
from
f9d6237 to
c731532
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3666 +/- ##
==========================================
+ Coverage 95.89% 95.90% +0.01%
==========================================
Files 1101 1102 +1
Lines 34568 34703 +135
==========================================
+ Hits 33149 33283 +134
- Misses 1419 1420 +1 ☔ View full report in Codecov by Sentry. |
Fixes Flagsmith#2786. We are trying to create the same signature as the webhook in the python code. This commit assumes that the python code will use the same approach to create signature for long term.
shubham-padia
force-pushed
the
fix/webhook-secret-signature-frontend
branch
from
c731532 to
c2c7c73
Compare
@kyle-ssg fixed! |
|
Just checking if there are any blockers to getting this merged :) ! |
| } | ||
|
|
||
| const signPayload = async (body: string, secret: string): Promise<string> => { | ||
| if(!secret) { |
There was a problem hiding this comment.
Just a note, added this as it was rejecting attempting to sign with an empty secret. Instead it just resolves with '' in this case.
Fixes #2786.
Thanks for submitting a PR! Please check the boxes below:
pre-committo check lintingdocs/if required so people know about the feature!No need to add info to the docs
Changes
We are trying to create the same signature as the webhook in the python code. This commit assumes that the python code will use the same approach to create signature for long term.
We are relying on notes here to make sure that both frontend and backend are implementing the same signature function, which is not the perfect approach. An alternative would be a backend endpoint to test the webhook so that the implementation always remains the same, but not sure if its overkill at this point or not. Note to maintainers: Please let me know what you think about both the approaches and what makes sense in this case since you might know best how the users might use this feature and how often the sign function might change.
I'm also modifying the string on the frontend to be the exact same as the json.dumps output on the python side, so that the sign value is the same on both side.
How did you test this code?
test123and a dead example URL and noted down the header value:X-Flagsmith-Signature: 1907ef6a4c7a3e0010504757728d8dbbf3980247e3e2c5835757b80e9fd1f085test_unit_webhooks.pyby modifying the code to use the same example as frontend just to make sure there is no different when using the replit, but didn't commit the code since the current test is sufficient enough.I have not tested this on a real webhook, just a dead link, let me know if I need to test it on a real webhook, would be nice if there's an existing test endpoint for that.
I have not added any tests on the frontend side, since I could only find e2e tests, please let me know if tests needed to be added on frontend for this change.
NOTE: I found a lot of unrelated errors to my changes when running
npm run lint:fix, I commited the changes related to my PR and ignored the rest, let me know what was the ideal approach here, same with pre-commit