From 0087c1ef9d843ff70d07daf42ee7ee0cb236127c Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Sat, 11 Apr 2020 15:24:44 +0100 Subject: [PATCH] Allow unlimited API tokens in GitHub webhooks --- app/blueprints/github/__init__.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/app/blueprints/github/__init__.py b/app/blueprints/github/__init__.py index b61baac..a07920c 100644 --- a/app/blueprints/github/__init__.py +++ b/app/blueprints/github/__init__.py @@ -20,7 +20,7 @@ bp = Blueprint("github", __name__) from flask import redirect, url_for, request, flash, abort, render_template, jsonify, current_app from flask_user import current_user, login_required -from sqlalchemy import func +from sqlalchemy import func, or_, and_ from flask_github import GitHub from app import github, csrf from app.models import db, User, APIToken, Package, Permission @@ -95,7 +95,10 @@ def webhook(): return error(400, "Could not find package, did you set the VCS repo in CDB correctly?") # Get all tokens for package - possible_tokens = APIToken.query.filter_by(package=package).all() + tokens_query = APIToken.query.filter(or_(APIToken.package==package, + and_(APIToken.package==None, APIToken.owner==package.author))) + + possible_tokens = tokens_query.all() actual_token = None # @@ -118,7 +121,7 @@ def webhook(): break if actual_token is None: - return error(403, "Invalid authentication, couldn't validate API token. Make sure to limit token to a package") + return error(403, "Invalid authentication, couldn't validate API token") if not package.checkPerm(actual_token.owner, Permission.APPROVE_RELEASE): return error(403, "Only trusted members can use webhooks")