cal.com icon indicating copy to clipboard operation
cal.com copied to clipboard

Published 20 hours ago verified publisher icon calcom

Prevent saving error responses from Zoom to user credentials

Open joeauyeung opened this issue 1 year ago • 1 comments

What does this PR do?

The purpose of this PR is to prevent error responses from Zoom to be saved under a user's credentials. This would wipe out the refresh token which prevents a user from ever getting a valid token again.

In the future, I want to do an audit of our all our apps to make sure this isn't happening.

Fixes # (issue)

Environment: Staging(main branch) / Production

Type of change

  • [x] Bug fix (non-breaking change which fixes an issue)

How should this be tested?

  • Add Zoom to the account
  • In the DB, find the zoom credential and delete a few characters from the refresh token and change the expiration date
  • Try and create an event with Zoom as the location, you should receive an error but the credential's should still exist

joeauyeung avatar Aug 08 '22 14:08 joeauyeung

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
cal ❌ Failed (Inspect) Sep 7, 2022 at 6:10PM (UTC)
cal-com ❌ Failed (Inspect) Sep 7, 2022 at 6:10PM (UTC)
nightly-cal ❌ Failed (Inspect) Sep 7, 2022 at 6:10PM (UTC)
1 Ignored Deployment
Name Status Preview Updated
swagger ⬜️ Ignored (Inspect) Sep 7, 2022 at 6:10PM (UTC)

vercel[bot] avatar Aug 08 '22 14:08 vercel[bot]

@joeauyeung @zomars should we get this merged?

zlwaterfield avatar Sep 01 '22 19:09 zlwaterfield

@zlwaterfield @joeauyeung there's a type error to be fixed first: image

zomars avatar Sep 01 '22 19:09 zomars

@joeauyeung can you fix that type error?

zlwaterfield avatar Sep 02 '22 23:09 zlwaterfield

Removed the union and added a fallback mechanism to remove malformed credentials. These shouldn't live in our DB.

zomars avatar Sep 07 '22 18:09 zomars