Validate the token in settings form

Created on 12 December 2023, about 1 year ago
Updated 13 December 2023, about 1 year ago

In 3.0.x, the authentication method for the API I have change to use Bearer token (see #3273756).

It seems to be working as expected. However, I feel it would be great to validate the filled token before saving the settings.

Feature request
Status

Fixed

Version

3.0

Component

Code

Created by

🇫🇷France vbouchet

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @vbouchet
  • Status changed to Needs review about 1 year ago
  • 🇫🇷France vbouchet

    I suspect it works ok in 99% of the cases but I am wondering in case we use $config['cloudflare_stream.settings']['api_token'] = 'xxxxxxx' in a secrets.settings.php (to avoid exposing this in config), it may make impossible to submit the form. I should probably give a check at other modules exposing form for settings that we tend to exclude from config for security reason.

  • Status changed to Needs work about 1 year ago
  • 🇧🇪Belgium tim-diels Belgium 🇧🇪

    I can confirm that the code you provided is correct for the form. But very good thinking about overwriting the config from settings. We indeed need to make sure that everything still works then also.

  • Status changed to Needs review about 1 year ago
  • 🇫🇷France vbouchet

    I think the current approach is OK with overwriting the config from settings. There is no difference with other modules which the config may be managed via settings.

    On my local I have remove the token from the config (using drush cset), I added a fake token via $config['cloudflare_stream.settings']['api_token'] = 'dummy'; in the settings file. The API calls are failing as expected. I then changed it to a real token and the API calls are working as expected.

  • Status changed to Needs work about 1 year ago
  • 🇧🇪Belgium tim-diels Belgium 🇧🇪

    I follow your advice and I'm happy you have tested this. I did this myself also and everything worked ok.
    There are 2 CS issues that needs resolving before I can merge this. For the rest it looks good.

  • Status changed to Fixed about 1 year ago
  • 🇧🇪Belgium tim-diels Belgium 🇧🇪

    Hi vbouchet, thanks again for the really nice addition to this module.
    I've removed the TypedConfigManagerInterface for now as this is not yet required and PHPSTAN would point this out as a warning.
    I would rather have this added as a separate issue to easier explain why this is added.

    For the record and anyone looking for the info => https://www.drupal.org/node/3404140

  • Automatically closed - issue fixed for 2 weeks with no activity.

Production build 0.71.5 2024