Bug: ZOHO_CLIENT_ID missing from credential check in forwardToZoho #57
Labels
No Label
P0 Critical
P1 High
P2 Medium
P3 Low
accessibility
backend
bug
content
data-integrity
enhancement
frontend
infra
integration
owner
owner-input
performance
performance
phase-7
phase-8
security
seo
ui
ux
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: null/Queue-North-Website#57
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Problem
In
server/index.js, the guard condition for skipping Zoho forwarding (around line ~293) only checksZOHO_CLIENT_SECRETandZOHO_REFRESH_TOKEN:But
ZOHO_CLIENT_IDdefaults to empty string''(falsy in a boolean context but NOT caught by the check). If someone enables Zoho and providesZOHO_CLIENT_SECRETandZOHO_REFRESH_TOKENbut forgetsZOHO_CLIENT_ID, the code will proceed to callgetZohoAccessToken()with an empty client_id, which will fail silently.Fix
Add
ZOHO_CLIENT_IDto the guard:Also consider normalizing the defaults: all three should default to
nullor all to empty string, not a mix.Severity
Low — Zoho is currently disabled. But this will bite when it's enabled.