Security issue #228
Comments
|
Hello, @joaopedre ! Thank you for reaching me out. |
|
I've used filestack-rails 5.2.2 and did not set the version in the configuration file. |
|
@joaopedre
Let me know, because I can't reproduce it. |
|
Rails.application.config.filestack_rails.api_key = ENV['FILESTACK_API_KEY']
Rails.application.config.filestack_rails.client_name =
ENV['FILESTACK_CLIENT_NAME']
if Rails.env.production?
Rails.application.config.filestack_rails.app_secret =
ENV['FILESTACK_API_SECRET']
Rails.application.config.filestack_rails.security = {'call' => %w[pick
read store convert remove]}
end
sets like this
…On Wed, Mar 25, 2020 at 5:16 AM Gabi Fijalkowska ***@***.***> wrote:
@joaopedre <https://github.com/joaopedre>
Please confirm if your application.rb has provided security as following
Hash
config.filestack_rails.api_key = 'APIKEY'
config.filestack_rails.app_secret = 'APP_SECRET'
config.filestack_rails.security = {"call"=>["pick", "read", "store",
"convert", "remove"]}
or
config.filestack_rails.security = {call: %w[pick read store convert
remove]}
Let me know, because I can't reproduce it.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#228 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAW6RS3SVXSG35MA32BKJGDRJEPJFANCNFSM4LQSZ6HQ>
.
|
|
@joaopedre I've setup my |
|
@joaopedre You can also contact our support ([email protected]) and share your APIKEY and attach this issue. Then, we can check your application, and secret and security options. |
|
@joaopedre @gabifiolek I downgraded to 4.0.1 and it works well (tested in Rails 5.2 and 6.0.2) |
|
4.0.4 is the latest one that works. From then on, security is a simple ruby hash. |
|
Okay, I got it. |
|
I'm also having the same issue. After taking a look at the code it's obvious why the problem is happening, but I dont know why the code was changed. If you take a look at
If you take a look at
config.filestack_rails.security = {'call' => %w[pick store read convert] }Here's the commit with the breaking change: as you can see, @joaopedre left a comment there as well. This just seems broken, or the README is wrong. |
|
Okay I've come to the conclusion that I don't think it was clear what the OP was trying to achieve in the first place (call
What was missing from the OP is why they were trying to call def security
security_options = ::Rails.application.config.filestack_rails.security
app_secret = ::Rails.application.config.filestack_rails.app_secret
return nil unless security_options
FilestackSecurity.new(app_secret, options: security_options)
endUsing this method and calling |
|
This command doesn't work. |
|
@taylorthurlow Thank you for letting me know, I'll take a look on that as soon as possible. |
|
Thanks
…On Tue, Apr 21, 2020 at 10:29 PM Gabi Fijalkowska ***@***.***> wrote:
@taylorthurlow <https://github.com/taylorthurlow> Thank you for letting
me know, I'll take a look on that as soon as possible.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#228 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAW6RSZM6GG4NXE6VOKZHNTRNWUVRANCNFSM4LQSZ6HQ>
.
|
|
@joaopedre Many months ago I changed it because some of our clients requested to generate security per request. The security stopped working for him just in 1 hour after deployment. Policy and signature key pair was generated once, in initializers in Rails application. When the server started, it did not change in next requests. That's why this change broke your code, because I moved the security generation to application_helper. |
Hi @gabifiolek , Please check the security option.
The error occurs when using the filestack_field tag with security option.
Of course I've already set in the application.rb file
app_secretandsecurityoptions.Just got this error
undefined method `policy' for {"call"=>["pick", "read", "store", "convert", "remove"]}:HashPlease check for this issue.
The text was updated successfully, but these errors were encountered: