mirror of
https://github.com/GSA/notifications-api.git
synced 2025-12-24 09:21:39 -05:00
43bcb56ff4
On a regular Notify service anyone with permission can create an API key. If this service then is given permission to send emergency alerts it will have an API key which can create emergency alerts. This feels dangerous. Secondly, if a service which legitimately has an API key for sending alerts in training mode is changed to live mode you now have an API key which people will think isn’t going to create a real alert but actually will. This feels really dangerous. Neither of these scenarios are things we should be doing, but having them possible still makes me feel uncomfortable. This commit revokes all API keys for a service when its broadcast settings change, same way we remove all permissions for its users.