Skip to content

Warn that a webhook's token will be cleared when its URL changes

What does this MR do and why?

Add an alert that's shown when a webhook's URL has been edited to warn the user that the token will be cleared when the change is saved. If the token's value is also updated then both changes will be saved, so include that in the alert.

This is expected behavior since Webhook secret tokens can be leaked by maintain... (#382260 - closed), but it's confusing when it happens.

Changelog: changed

Screenshots or screen recordings

Scenario Before After
change only the URL
old token is cleared
Screen_Recording_2023-12-14_at_19.02.01 Screen_Recording_2023-12-14_at_18.57.01
change both URL and token
new token is saved
Screen_Recording_2023-12-14_at_19.02.48 Screen_Recording_2023-12-14_at_19.09.45

How to set up and validate locally

  1. git checkout master
  2. navigate to a project
  3. in the sidebar, select Settings => Webhooks
  4. add a webhook with a URL and a token
  5. edit the webhook's URL and save the change
  6. the token is cleared without any warning, which will likely break whatever the webhook was doing 😠
  7. git checkout mfluharty-warn-about-webhook-token-reset-when-url-changes
  8. edit the webhook's URL - a warning should be shown 🎉

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Miranda Fluharty

Merge request reports

Loading