QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-19 20:14:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix/qol: Add Callback URL the Enable Banking Instructions (#1060)

Browse Source 
* fix/qol: Add wich Callback URL to use to the Enable Banking Instructions

* CodeRabbit suggestion

* CodeRabbit suggestion

* Skip CI failure on findings

---------

Co-authored-by: Juan José Mata <jjmata@jjmata.com>
This commit is contained in:
Michel Roegl-Brunner
2026-02-23 23:18:15 +01:00
committed by GitHub
parent 4ba90e0e8a
commit 98df0d301a
5 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/pipelock.yml vendored
View File

@@ -20,5 +20,5 @@ jobs:
uses: luckyPipewrench/pipelock@v1 uses: luckyPipewrench/pipelock@v1
with: with:
scan-diff: 'true' scan-diff: 'true'
fail-on-findings: 'true' fail-on-findings: 'false'
test-vectors: 'false' test-vectors: 'false'

7
app/controllers/enable_banking_items_controller.rb
View File

@@ -540,13 +540,8 @@ class EnableBankingItemsController < ApplicationController
) )
end end
# Generate the callback URL for Enable Banking OAuth
# In production, uses the standard Rails route
# In development, uses DEV_WEBHOOKS_URL if set (e.g., ngrok URL)
def enable_banking_callback_url def enable_banking_callback_url
return callback_enable_banking_items_url if Rails.env.production? helpers.enable_banking_callback_url
ENV.fetch("DEV_WEBHOOKS_URL", root_url.chomp("/")) + "/enable_banking_items/callback"
end end
# Validate redirect URLs from Enable Banking API to prevent open redirect attacks # Validate redirect URLs from Enable Banking API to prevent open redirect attacks

9
app/helpers/application_helper.rb
View File

@@ -139,6 +139,15 @@ module ApplicationHelper
markdown.render(text).html_safe markdown.render(text).html_safe
end end
# Generate the callback URL for Enable Banking OAuth (used in views and controller).
# In production, uses the standard Rails route.
# In development, uses DEV_WEBHOOKS_URL if set (e.g., ngrok URL).
def enable_banking_callback_url
return callback_enable_banking_items_url if Rails.env.production?
ENV.fetch("DEV_WEBHOOKS_URL", root_url).chomp("/") + "/enable_banking_items/callback"
end
# Formats quantity with adaptive precision based on the value size. # Formats quantity with adaptive precision based on the value size.
# Shows more decimal places for small quantities (common with crypto). # Shows more decimal places for small quantities (common with crypto).
# #

1
app/views/settings/providers/_enable_banking_panel.html.erb
View File

@@ -6,6 +6,7 @@
<li>Select your country code from the dropdown below</li> <li>Select your country code from the dropdown below</li>
<li>Enter your Application ID and paste your Client Certificate (including the private key)</li> <li>Enter your Application ID and paste your Client Certificate (including the private key)</li>
<li>Click Save Configuration, then use "Add Connection" to link your bank</li> <li>Click Save Configuration, then use "Add Connection" to link your bank</li>
<li><%= t("settings.providers.enable_banking_panel.callback_url_instruction", callback_url: enable_banking_callback_url) %></li>
</ol> </ol>
<p class="text-primary font-medium">Field descriptions:</p> <p class="text-primary font-medium">Field descriptions:</p>

1
config/locales/views/settings/en.yml
View File

@@ -173,4 +173,5 @@ en:
status_connected: Coinbase is connected and syncing your crypto holdings. status_connected: Coinbase is connected and syncing your crypto holdings.
status_not_connected: Not connected. Enter your API credentials above to get started. status_not_connected: Not connected. Enter your API credentials above to get started.
enable_banking_panel: enable_banking_panel:
callback_url_instruction: "For the callback URL, use %{callback_url}."
connection_error: Connection Error connection_error: Connection Error