Skip to content

Commit

Permalink
Merge pull request #10394 from snipe/fixes/add_stricter_validation_fo…
Browse files Browse the repository at this point in the history 
…r_slack_hooks

Adds stricter validation for slack hooks
  • Loading branch information
@snipe
snipe committed Dec 6, 2021
2 parents cae62fd + ebdbc20 commit 4612b9e
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 34 deletions.
43 changes: 25 additions & 18 deletions app/Http/Controllers/Api/SettingsController.php
View file
Expand Up @@ -162,27 +162,34 @@ public function ldaptestlogin(Request $request, LdapAd $ldap)

public function slacktest(Request $request)
{
$slack = new Client([
'base_url' => e($request->input('slack_endpoint')),
'defaults' => [
'exceptions' => false,
],
]);

$payload = json_encode(
[
'channel' => e($request->input('slack_channel')),
'text' => trans('general.slack_test_msg'),
'username' => e($request->input('slack_botname')),
'icon_emoji' => ':heart:',

// Only attempt the slack request if the validation passes
if ($request->validate([
'slack_endpoint' => 'url|required_with:slack_channel|starts_with:https://hooks.slack.com|nullable',
'slack_channel' => 'required_with:slack_endpoint|starts_with:#|nullable',
])) {
$slack = new Client([
'base_url' => e($request->input('slack_endpoint')),
'defaults' => [
'exceptions' => false,
],
]);

try {
$slack->post($request->input('slack_endpoint'), ['body' => $payload]);
$payload = json_encode(
[
'channel' => e($request->input('slack_channel')),
'text' => trans('general.slack_test_msg'),
'username' => e($request->input('slack_botname')),
'icon_emoji' => ':heart:',
]);

return response()->json(['message' => 'Success'], 200);
} catch (\Exception $e) {
return response()->json(['message' => 'Oops! Please check the channel name and webhook endpoint URL. Slack responded with: '.$e->getMessage()], 400);
try {
$slack->post($request->input('slack_endpoint'), ['body' => $payload]);

return response()->json(['message' => 'Success'], 200);
} catch (\Exception $e) {
return response()->json(['message' => 'Oops! Please check the channel name and webhook endpoint URL. Slack responded with: '.$e->getMessage()], 400);
}
}

return response()->json(['message' => 'Something went wrong :( '], 400);
Expand Down
10 changes: 0 additions & 10 deletions app/Http/Controllers/SettingsController.php
View file
Expand Up @@ -665,16 +665,6 @@ public function postSlack(Request $request)
return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
}

$validatedData = $request->validate([
'slack_channel' => 'regex:/(?<!\w)#\w+/|required_with:slack_endpoint|nullable',
]);

if ($validatedData) {
$setting->slack_endpoint = $request->input('slack_endpoint');
$setting->slack_channel = $request->input('slack_channel');
$setting->slack_botname = $request->input('slack_botname');
}

if ($setting->save()) {
return redirect()->route('settings.index')
->with('success', trans('admin/settings/message.update.success'));
Expand Down
4 changes: 2 additions & 2 deletions app/Models/Setting.php
View file
Expand Up @@ -54,9 +54,9 @@ class Setting extends Model
'admin_cc_email' => 'email|nullable',
'default_currency' => 'required',
'locale' => 'required',
'slack_endpoint' => 'url|required_with:slack_channel|nullable',
'slack_endpoint' => 'url|required_with:slack_channel|nullable|starts_with:https://hooks.slack.com',
'labels_per_page' => 'numeric',
'slack_channel' => 'regex:/^[\#\@]?\w+/|required_with:slack_endpoint|nullable',
'slack_channel' => 'required_with:slack_endpoint|starts_with:#|nullable',
'slack_botname' => 'string|nullable',
'labels_width' => 'numeric',
'labels_height' => 'numeric',
Expand Down
1 change: 1 addition & 0 deletions resources/lang/en/validation.php
View file
Expand Up @@ -64,6 +64,7 @@
'string' => 'The :attribute must be at least :min characters.',
'array' => 'The :attribute must have at least :min items.',
],
'starts_with' => 'The :attribute must start with one of the following: :values.',
'not_in' => 'The selected :attribute is invalid.',
'numeric' => 'The :attribute must be a number.',
'present' => 'The :attribute field must be present.',
Expand Down
16 changes: 12 additions & 4 deletions resources/views/settings/slack.blade.php
View file
Expand Up @@ -194,32 +194,40 @@
if (data.responseJSON) {
var errors = data.responseJSON.message;
var errors = data.responseJSON.errors;
var error_msg = data.responseJSON.message;
} else {
var errors;
var error_msg = 'Something went wrong.';
}
var error_text = '';
$('#save_slack').attr("disabled", true);
$("#slacktesticon").html('');
$("#slackteststatus").addClass('text-danger');
$("#slacktesticon").html('<i class="fas fa-exclamation-triangle text-danger"></i>');
$("#slacktesticon").html('<i class="fas fa-exclamation-triangle text-danger"></i><span class="text-danger">' + error_msg+ '</span>');
if (data.status == 500) {
$('#slackteststatus').html('500 Server Error');
} else if (data.status == 400) {
} else if ((data.status == 400) || (data.status == 422)) {
console.log('Type of errors is '+ typeof errors);
console.log('Data status was 400 or 422');
if (typeof errors != 'string') {
console.log(errors.length);
for (i = 0; i < errors.length; i++) {
for (i in errors) {
if (errors[i]) {
error_text += '<li>Error: ' + errors[i];
}
}
} else {
error_text = errors;
}
Expand Down

0 comments on commit 4612b9e

Please sign in to comment.