Skip to content

Secure recruitCRM API responses #5453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kkartunov opened this issue Mar 31, 2021 · 5 comments
Closed

Secure recruitCRM API responses #5453

kkartunov opened this issue Mar 31, 2021 · 5 comments
Assignees
@kkartunov
Labels
Gig Work P3 Normal (resolved within 7 days) QA Pass in PROD Passed verification on Production
Milestone
v1.8.5

Comments

@kkartunov
Copy link
Collaborator

kkartunov commented Mar 31, 2021
edited
Loading

APIs should show only limited set of fields/values due to security reasons.
List of fields per API point bellow:

id
slug
country
locality
city
name,
custom_fields,
enable_job_application_form,
created_on,
updated_on
min_annual_salary
salary_type
max_annual_salary
job_description_text

id
slug
first_name
last_name
email
contact_number
skill
resume
locality
salary_expectation
custom_fields

Aditionally QA need to validate all gigs related ops are not broken. Means:

  • listing, applying and etc
@kkartunov kkartunov self-assigned this Mar 31, 2021
@kkartunov kkartunov added this to the v1.8.5 milestone Mar 31, 2021
@kkartunov kkartunov added the P3 Normal (resolved within 7 days) label Mar 31, 2021
kkartunov added a commit that referenced this issue Apr 5, 2021
@kkartunov
Implement #5453
66cb418
@sandhiyakavi
Copy link
Collaborator

@kkartunov When I tried to Refer the Gig, I am getting error message "Failed to get your referralId."

Account used: tester1234

image

Other than the above, the fields for the api responses are correct

recruitcrm_1

recruitcrm_2

recruitcrm_3

recruitcrm_4

@kkartunov
Copy link
Collaborator Author

@sandhiyakavi this appears to be env issue. Test env does not have all keys needed.
Screenshot from 2021-04-06 09-13-47

Let's test this on dev to make sure it works. It is deploying currently. Please test in ~15min...

@sandhiyakavi
Copy link
Collaborator

Verified on Dev Env.

  1. Able to refer persons in Dev Env without any error.

refer_person_devenv

  1. The fields for the api responses are correct
    https://www.topcoder-dev.com/api/recruit/jobs?job_status=1

recruitcrm_api_1

https://www.topcoder-dev.com/api/recruit/jobs/25953109
recruitcrm_api_2

https://www.topcoder-dev.com/api/recruit/jobs/search?job_status=1
recruitcrm_api_3

https://www.topcoder-dev.com/api/recruit/candidates/[email protected]
recruitcrm_api_4

  1. All gig related ops Gig listing , Gig details, Applying to Gig( both new and old member), all URLs are working fine.

@luizrrodrigues luizrrodrigues modified the milestones: v1.8.6, v1.8.5 Apr 8, 2021
@kkartunov kkartunov mentioned this issue Apr 8, 2021
Merged
@SathyaJayabal
Copy link
Collaborator

verified on staging
Screenshot 2021-04-09 at 11 48 01 AM
Screenshot 2021-04-09 at 11 49 02 AM
Screenshot 2021-04-09 at 11 49 40 AM
Screenshot 2021-04-09 at 11 50 43 AM

@sandhiyakavi
Copy link
Collaborator

Verified on Prod Env.

image
image
image
image

@sandhiyakavi sandhiyakavi added QA Pass in PROD Passed verification on Production and removed QA Pass in Staging labels Apr 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kkartunov kkartunov

Labels
Gig Work P3 Normal (resolved within 7 days) QA Pass in PROD Passed verification on Production
Projects
None yet
Milestone
v1.8.5
Development

No branches or pull requests
4 participants
@kkartunov @luizrrodrigues @sandhiyakavi @SathyaJayabal