- Issue created by @vbouchet
- Merge request !203408213: Implement validateForm to validate the token before saving. → (Merged) created by vbouchet
- Status changed to Needs review
about 1 year ago 3:51pm 12 December 2023 - 🇫🇷France vbouchet
I suspect it works ok in 99% of the cases but I am wondering in case we use $config['cloudflare_stream.settings']['api_token'] = 'xxxxxxx' in a secrets.settings.php (to avoid exposing this in config), it may make impossible to submit the form. I should probably give a check at other modules exposing form for settings that we tend to exclude from config for security reason.
- Status changed to Needs work
about 1 year ago 4:02pm 12 December 2023 - 🇧🇪Belgium tim-diels Belgium 🇧🇪
I can confirm that the code you provided is correct for the form. But very good thinking about overwriting the config from settings. We indeed need to make sure that everything still works then also.
- Status changed to Needs review
about 1 year ago 1:07pm 13 December 2023 - 🇫🇷France vbouchet
I think the current approach is OK with overwriting the config from settings. There is no difference with other modules which the config may be managed via settings.
On my local I have remove the token from the config (using drush cset), I added a fake token via $config['cloudflare_stream.settings']['api_token'] = 'dummy'; in the settings file. The API calls are failing as expected. I then changed it to a real token and the API calls are working as expected.
- Status changed to Needs work
about 1 year ago 2:34pm 13 December 2023 - 🇧🇪Belgium tim-diels Belgium 🇧🇪
I follow your advice and I'm happy you have tested this. I did this myself also and everything worked ok.
There are 2 CS issues that needs resolving before I can merge this. For the rest it looks good. -
tim-diels →
committed 27078c82 on 3.0.x authored by
vbouchet →
Issue #3408213 by vbouchet, tim-diels: Validate the token in settings...
-
tim-diels →
committed 27078c82 on 3.0.x authored by
vbouchet →
- Status changed to Fixed
about 1 year ago 3:26pm 13 December 2023 - 🇧🇪Belgium tim-diels Belgium 🇧🇪
Hi vbouchet, thanks again for the really nice addition to this module.
I've removed the TypedConfigManagerInterface for now as this is not yet required and PHPSTAN would point this out as a warning.
I would rather have this added as a separate issue to easier explain why this is added.For the record and anyone looking for the info => https://www.drupal.org/node/3404140 →
- 🇧🇪Belgium tim-diels Belgium 🇧🇪
Follow up in 📌 Add TypedConfigManagerInterface to the settings form Active
Automatically closed - issue fixed for 2 weeks with no activity.