mirror of
https://github.com/outline/outline.git
synced 2026-06-13 11:25:03 +03:00
Tom Moor
a1b9f900c7
* perf: Avoid correlated subquery in Slack hooks user lookup Query UserAuthentication directly by indexed providerId and load the associated User and Team, instead of driving from User.findOne with a required hasMany include — which Sequelize translates into a correlated subquery that scans the users table. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * fix: Scope Slack fallback user lookup to matching AuthenticationProvider The fallback in findUserForRequest matched any UserAuthentication with the same providerId, which is only unique per (providerId, userId). A colliding external user id from another workspace or provider could resolve a user from the wrong team. Constrain via the AuthenticationProvider join (name = "slack", providerId = serviceTeamId). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * test --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>