Fix email sign up

Fix access token not being shown after creation
Fixes #190
2020-04-11 17:56:35 +01:00 · 2020-04-11 17:45:25 +01:00 · 2020-04-11 15:24:44 +01:00 · 2020-04-11 14:51:10 +01:00
3 changed files with 15 additions and 10 deletions
--- a/app/blueprints/api/tokens.py
+++ b/app/blueprints/api/tokens.py
@@ -69,7 +69,7 @@ def create_edit_token(username, id=None):
 		elif token.owner != user:
 			abort(403)

-		access_token = session.pop("token_" + str(id), None)
+		access_token = session.pop("token_" + str(token.id), None)

 	form = CreateAPIToken(formdata=request.form, obj=token)
 	form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
@@ -80,13 +80,14 @@ def create_edit_token(username, id=None):
 			token.owner = user
 			token.access_token = randomString(32)

-			# Store token so it can be shown in the edit page
-			session["token_" + str(token.id)] = token.access_token
-
 		form.populate_obj(token)
 		db.session.add(token)
 		db.session.commit() # save

+		if is_new:
+			# Store token so it can be shown in the edit page
+			session["token_" + str(token.id)] = token.access_token
+
 		return redirect(url_for("api.create_edit_token", username=username, id=token.id))

 	return render_template("api/create_edit_token.html", user=user, form=form, token=token, access_token=access_token)
@@ -102,8 +103,6 @@ def reset_token(username, id):
 	if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
 		abort(403)

-	is_new = id is None
-
 	token = APIToken.query.get(id)
 	if token is None:
 		abort(404)
--- a/app/blueprints/github/init.py
+++ b/app/blueprints/github/init.py
@@ -20,7 +20,7 @@ bp = Blueprint("github", __name__)

 from flask import redirect, url_for, request, flash, abort, render_template, jsonify, current_app
 from flask_user import current_user, login_required
-from sqlalchemy import func
+from sqlalchemy import func, or_, and_
 from flask_github import GitHub
 from app import github, csrf
 from app.models import db, User, APIToken, Package, Permission
@@ -92,10 +92,13 @@ def webhook():
 	github_url = "github.com/" + json["repository"]["full_name"]
 	package = Package.query.filter(Package.repo.like("%{}%".format(github_url))).first()
 	if package is None:
-		return error(400, "Unknown package")
+		return error(400, "Could not find package, did you set the VCS repo in CDB correctly?")

 	# Get all tokens for package
-	possible_tokens = APIToken.query.filter_by(package=package).all()
+	tokens_query = APIToken.query.filter(or_(APIToken.package==package,
+			and_(APIToken.package==None, APIToken.owner==package.author)))
+
+	possible_tokens = tokens_query.all()
 	actual_token = None

 	#
@@ -118,7 +121,7 @@ def webhook():
 			break

 	if actual_token is None:
-		return error(403, "Invalid authentication")
+		return error(403, "Invalid authentication, couldn't validate API token")

 	if not package.checkPerm(actual_token.owner, Permission.APPROVE_RELEASE):
 		return error(403, "Only trusted members can use webhooks")
--- a/app/models.py
+++ b/app/models.py
@@ -214,6 +214,9 @@ class User(db.Model, UserMixin):
 			.filter(Thread.created_at > hour_ago).count() < 2

 	def __eq__(self, other):
+		if other is None:
+			return False
+
 		if not self.is_authenticated or not other.is_authenticated:
 			return False
Author	SHA1	Message	Date
rubenwardy	9cc3eba009	Fix email sign up	2020-04-11 17:56:35 +01:00
rubenwardy	54a636d79e	Fix access token not being shown after creation Fixes #190	2020-04-11 17:45:25 +01:00
rubenwardy	0087c1ef9d	Allow unlimited API tokens in GitHub webhooks	2020-04-11 15:24:44 +01:00
rubenwardy	39881e0d04	Improve error messages	2020-04-11 14:51:10 +01:00