python-zulip-api

xenofem/python-zulip-api

Fork 0

Commit graph

Author	SHA1	Message	Date
Robert Hönig	f4e0808a87	botserver: Validate token before accepting message. Previously, the botserver would accept any message sent to it. This was a security hazard, since an attacker could impersonate arbitrary users with arbitrary messages. We only want the Zulip instance where a bot is registered to be able to send out messages for that bot. To do this, this commits adds a check for the security token associated with each outgoing webhook bot. For each bot, its token is stored in the botserverrc file. The server sends the token along with each message.	2018-05-30 09:37:33 -04:00
dkvasov	fe801d08eb	zulip_botserver: Add test for config parsing.	2018-05-17 09:42:52 -07:00

Author

SHA1

Message

Date

Robert Hönig

f4e0808a87

botserver: Validate token before accepting message.

Previously, the botserver would accept any message sent
to it. This was a security hazard, since an attacker could
impersonate arbitrary users with arbitrary messages. We only
want the Zulip instance where a bot is registered to be able
to send out messages for that bot. To do this, this commits
adds a check for the security token associated with each
outgoing webhook bot. For each bot, its token is stored in
the botserverrc file. The server sends the token along with
each message.

2018-05-30 09:37:33 -04:00

dkvasov

fe801d08eb

zulip_botserver: Add test for config parsing.

2018-05-17 09:42:52 -07:00

2 commits