Possible valid API keys in test code

AccordGroup / MandrillSwiftMailerBundle

A Symfony bundle that provides a Swiftmailer transport service for Mandrill

GNU General Public License v2.0

20 stars 15 forks source link

Possible valid API keys in test code #11

Closed terrorbox closed 9 years ago

terrorbox commented 9 years ago

Even test API keys can be used to log in to a Mandrill account, which would grant someone full access to your account (including creating other live API keys, sending mail, changing login credentials, etc.). Recommend editing the values in the following files if the key in use is active (even if it's a test key):

Tests/Resources/config/bundle.yml line 2
Tests/BundleTest.php line 18

Kyoushu commented 9 years ago

Thanks for the heads up, I wasn't aware that test keys could make actual live changes. I've revoked the key

I'll update the unit tests to use the key from an environment variable when I have a chance.

Kyoushu commented 9 years ago

I've created a new key and updated unit tests to use the env var MANDRILL_TEST_API_KEY. Travis-CI has been updated accordingly.