Page MenuHomePhabricator

[keyserver] Create an endpoint returning primary invite links
ClosedPublic

Authored by tomek on May 5 2023, 8:34 AM.
Tags
None
Referenced Files
F3396339: D7726.id26508.diff
Sun, Dec 1, 11:52 AM
Unknown Object (File)
Tue, Nov 26, 3:40 PM
Unknown Object (File)
Mon, Nov 25, 8:13 PM
Unknown Object (File)
Mon, Nov 25, 7:50 PM
Unknown Object (File)
Sat, Nov 23, 9:10 PM
Unknown Object (File)
Sat, Nov 23, 4:24 PM
Unknown Object (File)
Mon, Nov 18, 2:08 PM
Unknown Object (File)
Oct 28 2024, 8:48 AM
Subscribers

Details

Summary

This endpoint will be used to display exiting link. In near future we will need an endpoint that returns all the links - it will reuse most of the logic from this endpoint.

Test Plan

Call the endpoint and check if all the primary links were returned.

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

Harbormaster returned this revision to the author for changes because remote builds failed.May 5 2023, 8:51 AM
Harbormaster failed remote builds in B19070: Diff 26118!

Fix flow issue - move endpoint update from the next diff

tomek requested review of this revision.May 8 2023, 3:28 AM
kamil requested changes to this revision.May 9 2023, 1:24 AM

I think this is a bit vulnerable, we fetch all the links to the client - which means if the user is not part of a given community can get possession of the invite link and join the community when I think only members of the community should invite others. Fetching invite links to communities in which the user is a part will help.

Not a huge deal but I think worth improving.

This revision now requires changes to proceed.May 9 2023, 1:24 AM

Return only the invitations where a user is a member. Tested this by creating a new
community with a primary link - the endpoint doesn't return its link.

In D7726#229991, @kamil wrote:

I think this is a bit vulnerable, we fetch all the links to the client - which means if the user is not part of a given community can get possession of the invite link and join the community when I think only members of the community should invite others. Fetching invite links to communities in which the user is a part will help.

Not a huge deal but I think worth improving.

That's a valid point! Update the diff.

This revision is now accepted and ready to land.May 10 2023, 9:12 AM