Warn that a webhook's token will be cleared when its URL changes
What does this MR do and why?
Add an alert that's shown when a webhook's URL has been edited to warn the user that the token will be cleared when the change is saved. If the token's value is also updated then both changes will be saved, so include that in the alert.
This is expected behavior since Webhook secret tokens can be leaked by maintain... (#382260 - closed), but it's confusing when it happens.
Changelog: changed
Screenshots or screen recordings
Scenario | Before | After |
---|---|---|
change only the URL old token is cleared |
Screen_Recording_2023-12-14_at_19.02.01 | Screen_Recording_2023-12-14_at_18.57.01 |
change both URL and token new token is saved |
Screen_Recording_2023-12-14_at_19.02.48 | Screen_Recording_2023-12-14_at_19.09.45 |
How to set up and validate locally
git checkout master
- navigate to a project
- in the sidebar, select
Settings
=>Webhooks
- add a webhook with a URL and a token
- edit the webhook's URL and save the change
- the token is cleared without any warning, which will likely break whatever the webhook was doing
😠 git checkout mfluharty-warn-about-webhook-token-reset-when-url-changes
- edit the webhook's URL - a warning should be shown
🎉
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Miranda Fluharty