Fix access token being exposed after APIToken edit

Rename 'new tag' event to contain 'GitHub release'
Fix 404 on GituHub log in
2020-01-25 18:26:55 +00:00 · 2020-01-25 17:25:05 +00:00 · 2020-01-25 17:23:14 +00:00
2 changed files with 7 additions and 7 deletions
--- a/app/blueprints/api/tokens.py
+++ b/app/blueprints/api/tokens.py
@@ -80,14 +80,13 @@ def create_edit_token(username, id=None):
 			token.owner = user
 			token.access_token = randomString(32)

+			# Store token so it can be shown in the edit page
+			session["token_" + str(token.id)] = token.access_token
+
 		form.populate_obj(token)
 		db.session.add(token)
-
 		db.session.commit() # save

-		# Store token so it can be shown in the edit page
-		session["token_" + str(token.id)] = token.access_token
-
 		return redirect(url_for("api.create_edit_token", username=username, id=token.id))

 	return render_template("api/create_edit_token.html", user=user, form=form, token=token, access_token=access_token)
--- a/app/blueprints/github/init.py
+++ b/app/blueprints/github/init.py
@@ -33,7 +33,7 @@ from wtforms import SelectField, SubmitField

@bp.route("/github/start/")
 def start():
-	return github.authorize("", redirect_uri=url_for("github.callback"))
+	return github.authorize("", redirect_uri=abs_url_for("github.callback"))

@bp.route("/github/callback/")
@github.authorized_handler
@@ -141,7 +141,7 @@ def webhook():


 class SetupWebhookForm(FlaskForm):
-	event   = SelectField("Event Type", choices=[('create', 'New tag'), ('push', 'Push')])
+	event   = SelectField("Event Type", choices=[('create', 'New tag or GitHub release'), ('push', 'Push')])
 	submit  = SubmitField("Save")


@@ -185,7 +185,7 @@ def setup_webhook():
 	form = SetupWebhookForm(formdata=request.form)
 	if request.method == "POST" and form.validate():
 		token = APIToken()
-		token.name = "Github Webhook for " + package.title
+		token.name = "GitHub Webhook for " + package.title
 		token.owner = current_user
 		token.access_token = randomString(32)
 		token.package = package
@@ -196,6 +196,7 @@ def setup_webhook():

 		if handleMakeWebhook(gh_user, gh_repo, package, \
 				current_user.github_access_token, event, token):
+			flash("Successfully created webhook", "success")
 			return redirect(package.getDetailsURL())
 		else:
 			return redirect(url_for("github.setup_webhook", pid=package.id))
Author	SHA1	Message	Date
rubenwardy	36615ef656	Fix access token being exposed after APIToken edit	2020-01-25 18:26:55 +00:00
rubenwardy	53a5dffb26	Rename 'new tag' event to contain 'GitHub release'	2020-01-25 17:25:05 +00:00
rubenwardy	74f3a77a84	Fix 404 on GituHub log in	2020-01-25 17:23:14 +00:00