python-zulip-api/zulip_botserver/zulip_botserver
Robert Hönig f4e0808a87 botserver: Validate token before accepting message.
Previously, the botserver would accept any message sent
to it. This was a security hazard, since an attacker could
impersonate arbitrary users with arbitrary messages. We only
want the Zulip instance where a bot is registered to be able
to send out messages for that bot. To do this, this commits
adds a check for the security token associated with each
outgoing webhook bot. For each bot, its token is stored in
the botserverrc file. The server sends the token along with
each message.
2018-05-30 09:37:33 -04:00
..
__init__.py flask_server: Move the server to its own package. 2017-07-18 01:31:54 -02:30
input_parameters.py Consistently use Botserver instead of botserver or bot server. 2018-05-29 10:58:37 +02:00
server.py botserver: Validate token before accepting message. 2018-05-30 09:37:33 -04:00