centralcloud/oncall-engine
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix authorization header masked (#2541)

Browse source 
# What this PR does
Fix authorization header was being masked in the requests instead of
only in logs

## Which issue(s) this PR fixes

## Checklist

- [ ] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] `CHANGELOG.md` updated (or `pr:no changelog` PR label added if not
required)
This commit is contained in:
Michael Derynck 2023-07-14 16:52:41 -06:00 committed by GitHub
parent 767c5352fa
commit a40e38300e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -11,6 +11,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Add `page_size`, `current_page_number`, and `total_pages` attributes to paginated API responses by @joeyorlando ([#2471](https://github.com/grafana/oncall/pull/2471)) - Add `page_size`, `current_page_number`, and `total_pages` attributes to paginated API responses by @joeyorlando ([#2471](https://github.com/grafana/oncall/pull/2471))
### Fixed
- New webhooks incorrectly masking authorization header by @mderynck ([#2541](https://github.com/grafana/oncall/pull/2541))
## v1.3.11 (2023-07-13) ## v1.3.11 (2023-07-13)
### Added ### Added

11
engine/apps/webhooks/tasks/trigger_webhook.py
View file

@ -96,9 +96,10 @@ def _build_payload(webhook, alert_group, user):
def mask_authorization_header(headers): def mask_authorization_header(headers):
if "Authorization" in headers: masked_headers = headers.copy()
headers["Authorization"] = WEBHOOK_FIELD_PLACEHOLDER if "Authorization" in masked_headers:
return headers masked_headers["Authorization"] = WEBHOOK_FIELD_PLACEHOLDER
return masked_headers
def make_request(webhook, alert_group, data): def make_request(webhook, alert_group, data):
@ -123,8 +124,8 @@ def make_request(webhook, alert_group, data):
if triggered: if triggered:
status["url"] = webhook.build_url(data) status["url"] = webhook.build_url(data)
request_kwargs = webhook.build_request_kwargs(data, raise_data_errors=True) request_kwargs = webhook.build_request_kwargs(data, raise_data_errors=True)
headers = mask_authorization_header(request_kwargs.get("headers", {})) display_headers = mask_authorization_header(request_kwargs.get("headers", {}))
status["request_headers"] = json.dumps(headers) status["request_headers"] = json.dumps(display_headers)
if "json" in request_kwargs: if "json" in request_kwargs:
status["request_data"] = json.dumps(request_kwargs["json"]) status["request_data"] = json.dumps(request_kwargs["json"])
else: else: