Add authorization header in webhooks stored in secrets table (#941)

Summary: Adding authorization header support for webhooks. Issue: https://github.com/gristlabs/grist-core/issues/827 --------- Co-authored-by: Florent <florent.git@zeteo.me>
2026-03-02 04:09:24 +00:00 · 2024-07-04 14:17:10 +02:00
parent 2750ed6bd9
commit 0bfdaa9c02
9 changed files with 91 additions and 21 deletions
--- a/test/nbrowser/WebhookPage.ts
+++ b/test/nbrowser/WebhookPage.ts
@@ -52,10 +52,11 @@ describe('WebhookPage', function () {
      'Name',
      'Memo',
      'Event Types',
-      'URL',
      'Table',
-      'Ready Column',
      'Filter for changes in these columns (semicolon-separated ids)',
+      'Ready Column',
+      'URL',
+      'Header Authorization',
      'Webhook Id',
      'Enabled',
      'Status',
@@ -81,7 +82,7 @@ describe('WebhookPage', function () {
    await gu.waitToPass(async () => {
      assert.equal(await getField(1, 'Webhook Id'), id);
    });
-    // Now other fields like name, memo and watchColIds are persisted.
+    // Now other fields like name, memo, watchColIds, and Header Auth are persisted.
    await setField(1, 'Name', 'Test Webhook');
    await setField(1, 'Memo', 'Test Memo');
    await setField(1, 'Filter for changes in these columns (semicolon-separated ids)', 'A; B');
@@ -115,6 +116,27 @@ describe('WebhookPage', function () {
    assert.lengthOf((await docApi.getRows('Table2')).A, 0);
  });

+  it('can create webhook with persistant header authorization', async function () {
+    // The webhook won't work because the header auth doesn't match the api key of the current test user.
+    await openWebhookPage();
+    await setField(1, 'Event Types', 'add\nupdate\n');
+    await setField(1, 'URL', `http://${host}/api/docs/${doc.id}/tables/Table2/records?flat=1`);
+    await setField(1, 'Table', 'Table1');
+    await gu.waitForServer();
+    await driver.navigate().refresh();
+    await waitForWebhookPage();
+    await setField(1, 'Header Authorization', 'Bearer 1234');
+    await gu.waitForServer();
+    await driver.navigate().refresh();
+    await waitForWebhookPage();
+    await gu.waitToPass(async () => {
+      assert.equal(await getField(1, 'Header Authorization'), 'Bearer 1234');
+    });
+    await gu.getDetailCell({col:'Header Authorization', rowNum: 1}).click();
+    await gu.enterCell(Key.DELETE, Key.ENTER);
+    await gu.waitForServer();
+  });
+
  it('can create two webhooks', async function () {
    await openWebhookPage();
    await setField(1, 'Event Types', 'add\nupdate\n');
--- a/test/server/lib/DocApi.ts
+++ b/test/server/lib/DocApi.ts
@@ -4625,6 +4625,7 @@ function testDocApi() {
            id: first.webhookId,
            fields: {
              url: `${serving.url}/200`,
+              authorization: '',
              unsubscribeKey: first.unsubscribeKey,
              eventTypes: ['add', 'update'],
              enabled: true,
@@ -4643,6 +4644,7 @@ function testDocApi() {
            id: second.webhookId,
            fields: {
              url: `${serving.url}/404`,
+              authorization: '',
              unsubscribeKey: second.unsubscribeKey,
              eventTypes: ['add', 'update'],
              enabled: true,
@@ -5010,6 +5012,7 @@ function testDocApi() {

            const expectedFields = {
              url: `${serving.url}/foo`,
+              authorization: '',
              eventTypes: ['add'],
              isReadyColumn: 'B',
              tableId: 'Table1',
@@ -5079,6 +5082,8 @@ function testDocApi() {

          await check({isReadyColumn: null}, 200);
          await check({isReadyColumn: "bar"}, 404, `Column not found "bar"`);
+
+          await check({authorization: 'Bearer fake-token'}, 200);
        });

      });