Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request] casdoor的webhook功能更新用户信息优化 #6689

Open
chung1912 opened this issue Mar 4, 2025 · 1 comment
Open

[Request] casdoor的webhook功能更新用户信息优化 #6689

chung1912 opened this issue Mar 4, 2025 · 1 comment
Labels
🌠 Feature Request New feature or request | 特性与建议

Comments

@chung1912
Copy link
Contributor

chung1912 commented Mar 4, 2025
edited
Loading

🥰 需求描述

目前casdoor对1.855.0进行了优化,webhook允许对扩展字段进行定义。

Image

casdoor的webhook工作方式如下:
1、如果未打开扩展字段,那么webhook向lobechat服务器发送用户的全量信息(包裹在请求体的object字段中),包括accessKey和accessSecret等敏感信息,存在安全隐患

2、如果打开扩展字段,并且指定扩展字段的选项,则webhook只会发送扩展字段的内容,避免发送用户全量信息

目前lobechat是通过关闭扩展字段,提取object中需要的字段来进行用户信息更新,此种方式存在安全风险,强烈建议适配新版casdoor(版本号1.855.0),采用扩展字段指定的方式使用webhook,不要使用object!

🧐 解决方案

强烈建议适配新版casdoor(版本号1.855.0),采用扩展字段指定的方式使用webhook,不要使用object提取

📝 补充信息

No response
@chung1912 chung1912 added the 🌠 Feature Request New feature or request | 特性与建议 label Mar 4, 2025
@lobehubbot
Copy link
Member

👀 @chung1912

Thank you for raising an issue. We will investigate into the matter and get back to you as soon as possible.
Please make sure you have given us as much context as possible.
非常感谢您提交 issue。我们会尽快调查此事,并尽快回复您。 请确保您已经提供了尽可能多的背景信息。

@chung1912 chung1912 changed the title [Request] casdoor的webhook功能适配优化 [Request] casdoor的webhook功能更新用户信息优化 Mar 4, 2025
@chung1912 chung1912 mentioned this issue Mar 4, 2025
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🌠 Feature Request New feature or request | 特性与建议
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chung1912 @lobehubbot