Add security settings for Helper Script API methods #13922

thingalon · 2019-11-01T00:04:48Z

Related to: #13830
This commit was generated from D34445-code.

Changes proposed in this Pull Request:

Adds new rewind-auth token type.

Is this a new feature or does it add/remove features to an existing part of Jetpack?

Part of this complete breakfast: pa0RFL-ra-p2

jetpackbot · 2019-11-01T00:06:53Z

	Warnings
⚠️	"Testing instructions" are missing for this PR. Please add some
⚠️	"Proposed changelog entry" is missing for this PR. Please include any meaningful changes

This is an automated check which relies on PULL_REQUEST_TEMPLATE. We encourage you to follow that template as it helps Jetpack maintainers do their job. If you think 'Testing instructions' or 'Proposed changelog entry' are not needed for your PR - please explain why you think so. Thanks for cooperation 🤖

Generated by 🚫 dangerJS against 6be1d61

dereksmart · 2019-11-01T00:16:34Z

Looks like there's a couple failing tests https://travis-ci.org/Automattic/jetpack/jobs/605787160#L1765

1) WP_Test_Jetpack_Json_Api_Endpoints::test_get_term_feed_url_pretty_permalinks
Undefined index: require_rewind_auth
/tmp/wordpress-latest/src/wp-content/plugins/jetpack/class.json-api-endpoints.php:202
/tmp/wordpress-latest/src/wp-content/plugins/jetpack/json-endpoints/class.wpcom-json-api-taxonomy-endpoint.php:24
/tmp/wordpress-latest/src/wp-content/plugins/jetpack/tests/php/json-api/test-class.json-api-jetpack-endpoints.php:45
/tmp/wordpress-latest/src/wp-content/plugins/jetpack/tests/php/json-api/test-class.json-api-jetpack-endpoints.php:62
2) WP_Test_Jetpack_Json_Api_Endpoints::test_get_term_feed_url_ugly_permalinks
Undefined index: require_rewind_auth
/tmp/wordpress-latest/src/wp-content/plugins/jetpack/class.json-api-endpoints.php:202
/tmp/wordpress-latest/src/wp-content/plugins/jetpack/json-endpoints/class.wpcom-json-api-taxonomy-endpoint.php:24
/tmp/wordpress-latest/src/wp-content/plugins/jetpack/tests/php/json-api/test-class.json-api-jetpack-endpoints.php:45
/tmp/wordpress-latest/src/wp-content/plugins/jetpack/tests/php/json-api/test-class.json-api-jetpack-endpoints.php:92

- Project: https://[private link] - P2 post about this prototype: https://[private link] - Related Jetpack PR: #13830 - Related Rewind PR: https://github.com/Automattic/jetpack-backups/pull/975 This adds two new API endpoints for calling out to a Jetpack site, to install or delete a Helper Script. It also locks these new API endpoints down to require access through a Rewind API token, ensuring this is not called from any other source. This commit was generated from D34445-code.

seear · 2019-11-01T16:44:43Z

Tests now passing.

kraftbj · 2019-11-01T20:22:08Z

branch-7.9 via 32b1823

…13922) * Add endpoints for Jetpack Backup Helper Script methods - Project: https://[private link] - P2 post about this prototype: https://[private link] - Related Jetpack PR: #13830 - Related Rewind PR: Automattic/jetpack-backups#975 This adds two new API endpoints for calling out to a Jetpack site, to install or delete a Helper Script. It also locks these new API endpoints down to require access through a Rewind API token, ensuring this is not called from any other source. This commit was generated from D34445-code. * Make the require_rewind_auth parameter optional

thingalon requested a review from a team November 1, 2019 00:04

matticbot added the Touches WP.com Files label Nov 1, 2019

thingalon added [Status] Needs Review To request a review from fellow Jetpack developers. Label will be renamed soon. [Type] Dotcom Merge labels Nov 1, 2019

dereksmart removed Touches WP.com Files [Status] Needs Review To request a review from fellow Jetpack developers. Label will be renamed soon. labels Nov 1, 2019

matticbot added the Touches WP.com Files label Nov 1, 2019

dereksmart added the [Status] Needs Author Reply We would need you to make some changes or provide some more details about your PR. Thank you! label Nov 1, 2019

seear closed this Nov 1, 2019

seear reopened this Nov 1, 2019

seear added [Status] Needs Review To request a review from fellow Jetpack developers. Label will be renamed soon. and removed [Status] Needs Author Reply We would need you to make some changes or provide some more details about your PR. Thank you! labels Nov 1, 2019

seear added this to the 7.9 milestone Nov 1, 2019

seear added the [Status] Needs Cherry-Pick label Nov 1, 2019

Mark George and others added 2 commits November 1, 2019 14:54

Make the require_rewind_auth parameter optional

6be1d61

seear force-pushed the fusion-sync/thingalon/D34445-code-1572564566 branch from 54c8c61 to 6be1d61 Compare November 1, 2019 14:54

kraftbj approved these changes Nov 1, 2019

View reviewed changes

kraftbj merged commit c067656 into master Nov 1, 2019

kraftbj deleted the fusion-sync/thingalon/D34445-code-1572564566 branch November 1, 2019 20:21

matticbot added [Status] Needs Changelog and removed [Status] Needs Review To request a review from fellow Jetpack developers. Label will be renamed soon. labels Nov 1, 2019

kraftbj removed the [Status] Needs Cherry-Pick label Nov 1, 2019

jeherve removed the [Status] Needs Changelog label Nov 4, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add security settings for Helper Script API methods #13922

Add security settings for Helper Script API methods #13922

thingalon commented Nov 1, 2019

jetpackbot commented Nov 1, 2019 •

edited

Loading

dereksmart commented Nov 1, 2019

seear commented Nov 1, 2019

kraftbj commented Nov 1, 2019

Add security settings for Helper Script API methods #13922

Add security settings for Helper Script API methods #13922

Conversation

thingalon commented Nov 1, 2019

Changes proposed in this Pull Request:

Is this a new feature or does it add/remove features to an existing part of Jetpack?

jetpackbot commented Nov 1, 2019 • edited Loading

dereksmart commented Nov 1, 2019

seear commented Nov 1, 2019

kraftbj commented Nov 1, 2019

jetpackbot commented Nov 1, 2019 •

edited

Loading