nodejs/hookshot
nodejs/hookshot
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-hookshot.git synced 2025-03-10 21:19:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add a little bit of validation to the provisionConnection command

Browse Source
This commit is contained in:
Will Hunt 2021-12-01 12:11:32 +00:00
parent 1ded0ad5e8
commit fb6fdd548d
1 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/Connections/JiraProject.ts
View File

@ -66,10 +66,28 @@ export class JiraProjectConnection extends CommandConnection implements IConnect
static async provisionConnection(roomId: string, userId: string, data: Record<string, unknown>, as: Appservice,
commentProcessor: CommentProcessor, messageClient: MessageSenderClient, tokenStore: UserTokenStore): Promise<JiraProjectConnection> {
const validateData = validateJiraConnectionState(data);
const eventId = await as.botIntent.underlyingClient.sendStateEvent(roomId, JiraProjectConnection.CanonicalEventType, validateData.url, data);
log.info(`Created connection via provisionConnection for ${roomId} (${eventId})`);
return new JiraProjectConnection(roomId, as, data, validateData.url, commentProcessor, messageClient, tokenStore);
const validData = validateJiraConnectionState(data);
const jiraClient = await tokenStore.getJiraForUser(userId);
if (!jiraClient) {
throw new ApiError("User is not authenticated with JIRA", ErrCode.ForbiddenUser);
}
const jiraResourceClient = await jiraClient.getClientForUrl(new URL(validData.url));
if (!jiraResourceClient) {
throw new ApiError("User is not authenticated with this JIRA instance", ErrCode.ForbiddenUser);
}
const connection = new JiraProjectConnection(roomId, as, data, validData.url, commentProcessor, messageClient, tokenStore);
if (!connection.projectKey) {
throw Error('Expected projectKey to be defined');
}
try {
// Just need to check that the user can access this.
await jiraResourceClient.getProject(connection.projectKey);
const eventId = await as.botIntent.underlyingClient.sendStateEvent(roomId, JiraProjectConnection.CanonicalEventType, validData.url, data);
log.info(`Created connection via provisionConnection for ${roomId} (${eventId})`);
return connection;
} catch (ex) {
throw new ApiError("User cannot open this project", ErrCode.ForbiddenUser);
}
}
public get connectionId() {