Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
9cc3eba009 | ||
|
|
54a636d79e | ||
|
|
0087c1ef9d | ||
|
|
39881e0d04 |
@@ -69,7 +69,7 @@ def create_edit_token(username, id=None):
|
|||||||
elif token.owner != user:
|
elif token.owner != user:
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
access_token = session.pop("token_" + str(id), None)
|
access_token = session.pop("token_" + str(token.id), None)
|
||||||
|
|
||||||
form = CreateAPIToken(formdata=request.form, obj=token)
|
form = CreateAPIToken(formdata=request.form, obj=token)
|
||||||
form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
|
form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
|
||||||
@@ -80,13 +80,14 @@ def create_edit_token(username, id=None):
|
|||||||
token.owner = user
|
token.owner = user
|
||||||
token.access_token = randomString(32)
|
token.access_token = randomString(32)
|
||||||
|
|
||||||
# Store token so it can be shown in the edit page
|
|
||||||
session["token_" + str(token.id)] = token.access_token
|
|
||||||
|
|
||||||
form.populate_obj(token)
|
form.populate_obj(token)
|
||||||
db.session.add(token)
|
db.session.add(token)
|
||||||
db.session.commit() # save
|
db.session.commit() # save
|
||||||
|
|
||||||
|
if is_new:
|
||||||
|
# Store token so it can be shown in the edit page
|
||||||
|
session["token_" + str(token.id)] = token.access_token
|
||||||
|
|
||||||
return redirect(url_for("api.create_edit_token", username=username, id=token.id))
|
return redirect(url_for("api.create_edit_token", username=username, id=token.id))
|
||||||
|
|
||||||
return render_template("api/create_edit_token.html", user=user, form=form, token=token, access_token=access_token)
|
return render_template("api/create_edit_token.html", user=user, form=form, token=token, access_token=access_token)
|
||||||
@@ -102,8 +103,6 @@ def reset_token(username, id):
|
|||||||
if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
|
if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
|
||||||
abort(403)
|
abort(403)
|
||||||
|
|
||||||
is_new = id is None
|
|
||||||
|
|
||||||
token = APIToken.query.get(id)
|
token = APIToken.query.get(id)
|
||||||
if token is None:
|
if token is None:
|
||||||
abort(404)
|
abort(404)
|
||||||
|
|||||||
@@ -20,7 +20,7 @@ bp = Blueprint("github", __name__)
|
|||||||
|
|
||||||
from flask import redirect, url_for, request, flash, abort, render_template, jsonify, current_app
|
from flask import redirect, url_for, request, flash, abort, render_template, jsonify, current_app
|
||||||
from flask_user import current_user, login_required
|
from flask_user import current_user, login_required
|
||||||
from sqlalchemy import func
|
from sqlalchemy import func, or_, and_
|
||||||
from flask_github import GitHub
|
from flask_github import GitHub
|
||||||
from app import github, csrf
|
from app import github, csrf
|
||||||
from app.models import db, User, APIToken, Package, Permission
|
from app.models import db, User, APIToken, Package, Permission
|
||||||
@@ -92,10 +92,13 @@ def webhook():
|
|||||||
github_url = "github.com/" + json["repository"]["full_name"]
|
github_url = "github.com/" + json["repository"]["full_name"]
|
||||||
package = Package.query.filter(Package.repo.like("%{}%".format(github_url))).first()
|
package = Package.query.filter(Package.repo.like("%{}%".format(github_url))).first()
|
||||||
if package is None:
|
if package is None:
|
||||||
return error(400, "Unknown package")
|
return error(400, "Could not find package, did you set the VCS repo in CDB correctly?")
|
||||||
|
|
||||||
# Get all tokens for package
|
# Get all tokens for package
|
||||||
possible_tokens = APIToken.query.filter_by(package=package).all()
|
tokens_query = APIToken.query.filter(or_(APIToken.package==package,
|
||||||
|
and_(APIToken.package==None, APIToken.owner==package.author)))
|
||||||
|
|
||||||
|
possible_tokens = tokens_query.all()
|
||||||
actual_token = None
|
actual_token = None
|
||||||
|
|
||||||
#
|
#
|
||||||
@@ -118,7 +121,7 @@ def webhook():
|
|||||||
break
|
break
|
||||||
|
|
||||||
if actual_token is None:
|
if actual_token is None:
|
||||||
return error(403, "Invalid authentication")
|
return error(403, "Invalid authentication, couldn't validate API token")
|
||||||
|
|
||||||
if not package.checkPerm(actual_token.owner, Permission.APPROVE_RELEASE):
|
if not package.checkPerm(actual_token.owner, Permission.APPROVE_RELEASE):
|
||||||
return error(403, "Only trusted members can use webhooks")
|
return error(403, "Only trusted members can use webhooks")
|
||||||
|
|||||||
@@ -214,6 +214,9 @@ class User(db.Model, UserMixin):
|
|||||||
.filter(Thread.created_at > hour_ago).count() < 2
|
.filter(Thread.created_at > hour_ago).count() < 2
|
||||||
|
|
||||||
def __eq__(self, other):
|
def __eq__(self, other):
|
||||||
|
if other is None:
|
||||||
|
return False
|
||||||
|
|
||||||
if not self.is_authenticated or not other.is_authenticated:
|
if not self.is_authenticated or not other.is_authenticated:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user