Not using unique identifier when receiving Gcal notification #105
Comments
|
Hey @ondrejmoris, thanks for taking to time to document this. I think you're right about the resource id not being a sufficiently safe method to associate a calendar with a user. In fact, I think I went down the path of handling for this error with the If you or anyone else is concerned about the scenario you described, more code would have to be added to address it safely. |
tyler-dane
added
wontfix
tyler-dane
changed the title
tyler-dane
changed the title
tyler-dane
changed the title
tyler-dane
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, i checked your codebase and i probably found an issue. I am not sure about that, so i'm gonna mark this as question.
When you receive notification from google (web_hook) you recognize a user and a calendar by resource id but i think you need to recognize by resource id and channel id.
What would happen if two users had connected same google calendars but with different event permissions? I think resourced id would be same. I think resource id is specific only for calendars not for google account and calendar.
The text was updated successfully, but these errors were encountered: