Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(Telegram Trigger Node): Fix header secret check #12018

Merged
merged 1 commit into from
Dec 3, 2024
Merged

fix(Telegram Trigger Node): Fix header secret check #12018

merged 1 commit into from
Dec 3, 2024

Conversation

tomi
Copy link
Collaborator

@tomi tomi commented Dec 3, 2024

Summary

crypto.timingSafeEqual throws if the given buffers are not of equal byte length. We don't want to throw but instead reject the webhook request.

Related Linear tickets, Github issues, and Community forum posts

https://community.n8n.io/t/n8n-1-68-1-69-docker-telegram-webhook-input-buffers-issue/62491/3

https://linear.app/n8n/issue/NODE-2114/telegram-trigger-node-checking-x-telegram-bot-api-secret-token

Review / Merge checklist

  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with release/backport (if the PR is an urgent fix that needs to be backported)

@tomi
fix(Telegram Trigger Node): Fix header secret check
7f3f1fc 
`crypto.timingSafeEqual` throws if the given buffers are not of equal byte length. We
don't want to throw but instead reject the webhook request.
Joffcom
Joffcom approved these changes Dec 3, 2024
View reviewed changes
Copy link
Member

@Joffcom Joffcom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense, Thanks for fixing it.

@Joffcom Joffcom added the tests-needed This PR needs additional tests label Dec 3, 2024
@cypress Cypress
Copy link

cypress bot commented Dec 3, 2024

n8n    Run #8193

Run Properties:  status check passed Passed #8193  •  git commit 7f3f1fce9c: 🌳 🖥️ browsers:node18.12.0-chrome107 🤖 tomi 🗃️ e2e/*
Project n8n
Branch Review node-2114-telegram-trigger-node-checking-x-telegram-bot-api-secret
Run status status check passed Passed #8193
Run duration 04m 35s
Commit git commit 7f3f1fce9c: 🌳 🖥️ browsers:node18.12.0-chrome107 🤖 tomi 🗃️ e2e/*
Committer Tomi Turtiainen
View all properties for this run ↗︎
Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 1
Tests that did not run due to a developer annotating a test with .skip  Pending 0
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 478
View all changes introduced in this branch ↗︎

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 3, 2024

✅ All Cypress E2E specs passed

@n8n-assistant n8n-assistant bot added n8n team Authored by the n8n team node/improvement New feature or request labels Dec 3, 2024
@codecov Codecov
Copy link

codecov bot commented Dec 3, 2024

Codecov Report

Attention: Patch coverage is 0% with 1 line in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
.../nodes-base/nodes/Telegram/TelegramTrigger.node.ts 0.00% 1 Missing ⚠️

📢 Thoughts on this report? Let us know!

@tomi tomi merged commit f16de4d into master Dec 3, 2024
37 checks passed
@tomi tomi deleted the node-2114-telegram-trigger-node-checking-x-telegram-bot-api-secret branch December 3, 2024 10:29
@github-actions github-actions bot mentioned this pull request Dec 4, 2024
Merged
@janober
Copy link
Member

janober commented Dec 4, 2024

Got released with [email protected]

riascho pushed a commit that referenced this pull request Jan 14, 2025
@tomi @riascho
fix(Telegram Trigger Node): Fix header secret check (#12018)
b666acd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Joffcom Joffcom Joffcom approved these changes

Assignees
No one assigned
Labels
n8n team Authored by the n8n team node/improvement New feature or request Released tests-needed This PR needs additional tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tomi @janober @Joffcom