contentdb/app/blueprints/vcs/github.py

# ContentDB
# Copyright (C) 2018-24 rubenwardy
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

import datetime
import hmac

import requests
from flask import abort, Response
from flask import redirect, url_for, request, flash, jsonify, current_app
from flask_babel import gettext
from flask_login import current_user

from app import github, csrf
from app.blueprints.api.support import error, api_create_vcs_release
from app.logic.users import create_user
from app.models import db, User, APIToken, AuditSeverity
from app.utils import abs_url_for, add_audit_log, login_user_set_active, is_safe_url

from . import bp
from .common import get_packages_for_vcs_and_token


@bp.route("/github/start/")
def github_start():
	next = request.args.get("next")
	if next and not is_safe_url(next):
		abort(400)

	return github.authorize("", redirect_uri=abs_url_for("vcs.github_callback", next=next))


@bp.route("/github/view/")
def github_view_permissions():
	url = "https://github.com/settings/connections/applications/" + \
			current_app.config["GITHUB_CLIENT_ID"]
	return redirect(url)


@bp.route("/github/callback/")
@github.authorized_handler
def github_callback(oauth_token):
	if oauth_token is None:
		flash(gettext("Authorization failed [err=gh-oauth-login-failed]"), "danger")
		return redirect(url_for("users.login"))

	next = request.args.get("next")
	if next and not is_safe_url(next):
		abort(400)

	redirect_to = next
	if redirect_to is None:
		redirect_to = url_for("homepage.home")

	# Get GitGub username
	url = "https://api.github.com/user"
	r = requests.get(url, headers={"Authorization": "token " + oauth_token})
	json = r.json()
	user_id = json["id"]
	github_username = json["login"]
	if type(user_id) is not int:
		abort(400)

	# Get user by GitHub user ID
	user_by_github = User.query.filter(User.github_user_id == user_id).one_or_none()

	# If logged in, connect
	if current_user and current_user.is_authenticated:
		if user_by_github is None:
			current_user.github_username = github_username
			current_user.github_user_id = user_id
			db.session.commit()
			flash(gettext("Linked GitHub to account"), "success")
			return redirect(redirect_to)
		elif user_by_github == current_user:
			return redirect(redirect_to)
		else:
			flash(gettext("GitHub account is already associated with another user: %(username)s",
					username=user_by_github.username), "danger")
			return redirect(redirect_to)

	# Log in to existing account
	elif user_by_github:
		ret = login_user_set_active(user_by_github, next, remember=True)
		if ret is None:
			flash(gettext("Authorization failed [err=gh-login-failed]"), "danger")
			return redirect(url_for("users.login"))

		add_audit_log(AuditSeverity.USER, user_by_github, "Logged in using GitHub OAuth",
				url_for("users.profile", username=user_by_github.username))
		db.session.commit()
		return ret

	# Sign up
	else:
		user = create_user(github_username, github_username, None, "GitHub")
		if isinstance(user, Response):
			return user
		elif user is None:
			return redirect(url_for("users.login"))

		user.github_username = github_username
		user.github_user_id = user_id

		add_audit_log(AuditSeverity.USER, user, "Registered with GitHub, display name=" + user.display_name,
				url_for("users.profile", username=user.username))

		db.session.commit()

		ret = login_user_set_active(user, next, remember=True)
		if ret is None:
			flash(gettext("Authorization failed [err=gh-login-failed]"), "danger")
			return redirect(url_for("users.login"))

		return ret


def _find_api_token(header_signature: str) -> APIToken:
	sha_name, signature = header_signature.split('=')
	if sha_name != 'sha1':
		error(403, "Expected SHA1 payload signature")

	for token in APIToken.query.all():
		mac = hmac.new(token.access_token.encode("utf-8"), msg=request.data, digestmod='sha1')

		if hmac.compare_digest(str(mac.hexdigest()), signature):
			return token

	error(401, "Invalid authentication, couldn't validate API token")


@bp.route("/github/webhook/", methods=["POST"])
@csrf.exempt
def github_webhook():
	json = request.json

	header_signature = request.headers.get('X-Hub-Signature')
	if header_signature is None:
		return error(403, "Expected payload signature")

	token = _find_api_token(header_signature)
	packages = get_packages_for_vcs_and_token(token, "github.com/" + json["repository"]["full_name"])

	for package in packages:
		#
		# Check event
		#
		event = request.headers.get("X-GitHub-Event")
		if event == "push":
			ref = json["after"]
			title = datetime.datetime.utcnow().strftime("%Y-%m-%d") + " " + ref[:5]
			branch = json["ref"].replace("refs/heads/", "")
			if package.update_config and package.update_config.ref:
				if branch != package.update_config.ref:
					continue
			elif branch not in ["master", "main"]:
				continue

		elif event == "create":
			ref_type = json.get("ref_type")
			if ref_type != "tag":
				return jsonify({
					"success": False,
					"message": "Webhook ignored, as it's a non-tag create event. ref_type='{}'.".format(ref_type)
				})

			ref = json["ref"]
			title = ref

		elif event == "ping":
			return jsonify({"success": True, "message": "Ping successful"})

		else:
			return error(400, "Unsupported event: '{}'. Only 'push', 'create:tag', and 'ping' are supported."
					.format(event or "null"))

		#
		# Perform release
		#
		if package.releases.filter_by(commit_hash=ref).count() > 0:
			return

		return api_create_vcs_release(token, package, title, title, None, ref, reason="Webhook")

	return jsonify({
		"success": False,
		"message": "No release made. Either the release already exists or the event was filtered based on the branch"
	})
Replace "Content DB" with "ContentDB" 2020-07-12 17:34:25 +02:00			`# ContentDB`
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`# Copyright (C) 2018-24 rubenwardy`
Add license to all JS/py files 2018-05-17 16:18:20 +02:00			`#`
			`# This program is free software: you can redistribute it and/or modify`
Update copyrights 2021-01-30 17:59:42 +01:00			`# it under the terms of the GNU Affero General Public License as published by`
Add license to all JS/py files 2018-05-17 16:18:20 +02:00			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
Update copyrights 2021-01-30 17:59:42 +01:00			`# GNU Affero General Public License for more details.`
Add license to all JS/py files 2018-05-17 16:18:20 +02:00			`#`
Update copyrights 2021-01-30 17:59:42 +01:00			`# You should have received a copy of the GNU Affero General Public License`
Add license to all JS/py files 2018-05-17 16:18:20 +02:00			`# along with this program. If not, see <https://www.gnu.org/licenses/>.`

Use date as release title in webhook 2024-03-06 00:59:30 +01:00			`import datetime`
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`import hmac`
Use date as release title in webhook 2024-03-06 00:59:30 +01:00
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`import requests`
			`from flask import abort, Response`
Remove webhook creation wizard 2021-01-26 17:22:13 +01:00			`from flask import redirect, url_for, request, flash, jsonify, current_app`
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`from flask_babel import gettext`
Remove webhook creation wizard 2021-01-26 17:22:13 +01:00			`from flask_login import current_user`
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00
Add Github webhook support 2020-01-24 22:39:35 +01:00			`from app import github, csrf`
Add support for zip uploads in the API Fixes #261 2021-02-02 01:07:41 +01:00			`from app.blueprints.api.support import error, api_create_vcs_release`
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`from app.logic.users import create_user`
			`from app.models import db, User, APIToken, AuditSeverity`
			`from app.utils import abs_url_for, add_audit_log, login_user_set_active, is_safe_url`
Add Github login 2018-03-18 19:05:53 +01:00
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`from . import bp`
			`from .common import get_packages_for_vcs_and_token`
Clean up user registration code 2024-06-02 22:17:15 +02:00
Respect `next` when logging in using GitHub 2023-10-31 19:45:24 +01:00
Split up users blueprint 2020-01-24 19:15:09 +01:00			`@bp.route("/github/start/")`
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`def github_start():`
Respect `next` when logging in using GitHub 2023-10-31 19:45:24 +01:00			`next = request.args.get("next")`
			`if next and not is_safe_url(next):`
			`abort(400)`

Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`return github.authorize("", redirect_uri=abs_url_for("vcs.github_callback", next=next))`
Respect `next` when logging in using GitHub 2023-10-31 19:45:24 +01:00
Add Github login 2018-03-18 19:05:53 +01:00
Add links to GitHub oauth connection settings 2020-01-30 22:39:51 +01:00			`@bp.route("/github/view/")`
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`def github_view_permissions():`
Add links to GitHub oauth connection settings 2020-01-30 22:39:51 +01:00			`url = "https://github.com/settings/connections/applications/" + \`
			`current_app.config["GITHUB_CLIENT_ID"]`
			`return redirect(url)`

Fix issues based on linter 2023-06-18 23:21:37 +02:00
Add Github webhook support 2020-01-24 22:39:35 +01:00			`@bp.route("/github/callback/")`
Add Github login 2018-03-18 19:05:53 +01:00			`@github.authorized_handler`
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`def github_callback(oauth_token):`
Add Github login 2018-03-18 19:05:53 +01:00			`if oauth_token is None:`
Allow translating flash messages 2022-01-07 22:46:16 +01:00			`flash(gettext("Authorization failed [err=gh-oauth-login-failed]"), "danger")`
Remove flask_user and use flask_login directly, with partial feature support 2020-12-04 23:05:10 +01:00			`return redirect(url_for("users.login"))`
Add Github login 2018-03-18 19:05:53 +01:00
Respect `next` when logging in using GitHub 2023-10-31 19:45:24 +01:00			`next = request.args.get("next")`
			`if next and not is_safe_url(next):`
			`abort(400)`

			`redirect_to = next`
			`if redirect_to is None:`
			`redirect_to = url_for("homepage.home")`

Fix typos and grammar issues 2023-06-18 23:07:46 +02:00			`# Get GitGub username`
Add Github login 2018-03-18 19:05:53 +01:00			`url = "https://api.github.com/user"`
			`r = requests.get(url, headers={"Authorization": "token " + oauth_token})`
Use GitHub user ids instead of usernames for authentication Otherwise, renaming a GitHub account could allow someone else to gain access to a CDB account. 2024-03-30 17:52:17 +01:00			`json = r.json()`
			`user_id = json["id"]`
Allow signing up using GitHub 2024-06-02 13:46:56 +02:00			`github_username = json["login"]`
Check that GitHub doesn't pass a null user id 2024-03-30 18:06:32 +01:00			`if type(user_id) is not int:`
			`abort(400)`
Add Github login 2018-03-18 19:05:53 +01:00
Use GitHub user ids instead of usernames for authentication Otherwise, renaming a GitHub account could allow someone else to gain access to a CDB account. 2024-03-30 17:52:17 +01:00			`# Get user by GitHub user ID`
Allow signing up using GitHub 2024-06-02 13:46:56 +02:00			`user_by_github = User.query.filter(User.github_user_id == user_id).one_or_none()`
Add Github login 2018-03-18 19:05:53 +01:00
			`# If logged in, connect`
			`if current_user and current_user.is_authenticated:`
Allow signing up using GitHub 2024-06-02 13:46:56 +02:00			`if user_by_github is None:`
			`current_user.github_username = github_username`
Use GitHub user ids instead of usernames for authentication Otherwise, renaming a GitHub account could allow someone else to gain access to a CDB account. 2024-03-30 17:52:17 +01:00			`current_user.github_user_id = user_id`
Add Github login 2018-03-18 19:05:53 +01:00			`db.session.commit()`
Fix inconsistent capitalisation of GitHub and Javascript Fixes #353 2022-01-20 02:28:50 +01:00			`flash(gettext("Linked GitHub to account"), "success")`
Respect `next` when logging in using GitHub 2023-10-31 19:45:24 +01:00			`return redirect(redirect_to)`
Allow signing up using GitHub 2024-06-02 13:46:56 +02:00			`elif user_by_github == current_user:`
Use GitHub user ids instead of usernames for authentication Otherwise, renaming a GitHub account could allow someone else to gain access to a CDB account. 2024-03-30 17:52:17 +01:00			`return redirect(redirect_to)`
Add Github login 2018-03-18 19:05:53 +01:00			`else:`
Add username to already linked error message This doesn't introduce user enumeration as GitHub username associations were already public 2024-04-08 00:17:34 +02:00			`flash(gettext("GitHub account is already associated with another user: %(username)s",`
Allow signing up using GitHub 2024-06-02 13:46:56 +02:00			`username=user_by_github.username), "danger")`
Respect `next` when logging in using GitHub 2023-10-31 19:45:24 +01:00			`return redirect(redirect_to)`
Add Github login 2018-03-18 19:05:53 +01:00
Allow signing up using GitHub 2024-06-02 13:46:56 +02:00			`# Log in to existing account`
			`elif user_by_github:`
			`ret = login_user_set_active(user_by_github, next, remember=True)`
			`if ret is None:`
			`flash(gettext("Authorization failed [err=gh-login-failed]"), "danger")`
			`return redirect(url_for("users.login"))`

			`add_audit_log(AuditSeverity.USER, user_by_github, "Logged in using GitHub OAuth",`
			`url_for("users.profile", username=user_by_github.username))`
			`db.session.commit()`
			`return ret`

			`# Sign up`
Add Github login 2018-03-18 19:05:53 +01:00			`else:`
Clean up user registration code 2024-06-02 22:17:15 +02:00			`user = create_user(github_username, github_username, None, "GitHub")`
			`if isinstance(user, Response):`
			`return user`
			`elif user is None:`
Allow signing up using GitHub 2024-06-02 13:46:56 +02:00			`return redirect(url_for("users.login"))`

Fix GitHub link not saved on GitHub-based registration 2024-06-04 21:29:46 +02:00			`user.github_username = github_username`
			`user.github_user_id = user_id`

Allow signing up using GitHub 2024-06-02 13:46:56 +02:00			`add_audit_log(AuditSeverity.USER, user, "Registered with GitHub, display name=" + user.display_name,`
			`url_for("users.profile", username=user.username))`
Add logging of log ins 2020-12-09 21:38:36 +01:00
Allow signing up using GitHub 2024-06-02 13:46:56 +02:00			`db.session.commit()`

			`ret = login_user_set_active(user, next, remember=True)`
Add post_login function, go to notifications page 2021-07-20 00:04:40 +02:00			`if ret is None:`
Allow translating flash messages 2022-01-07 22:46:16 +01:00			`flash(gettext("Authorization failed [err=gh-login-failed]"), "danger")`
Remove flask_user and use flask_login directly, with partial feature support 2020-12-04 23:05:10 +01:00			`return redirect(url_for("users.login"))`
Add Github webhook support 2020-01-24 22:39:35 +01:00
Add post_login function, go to notifications page 2021-07-20 00:04:40 +02:00			`return ret`

Add Github webhook support 2020-01-24 22:39:35 +01:00
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`def _find_api_token(header_signature: str) -> APIToken:`
			`sha_name, signature = header_signature.split('=')`
			`if sha_name != 'sha1':`
			`error(403, "Expected SHA1 payload signature")`

			`for token in APIToken.query.all():`
			`mac = hmac.new(token.access_token.encode("utf-8"), msg=request.data, digestmod='sha1')`
Add Github webhook support 2020-01-24 22:39:35 +01:00
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`if hmac.compare_digest(str(mac.hexdigest()), signature):`
			`return token`
Add Github webhook support 2020-01-24 22:39:35 +01:00
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`error(401, "Invalid authentication, couldn't validate API token")`
Allow unlimited API tokens in GitHub webhooks 2020-04-11 16:24:44 +02:00
Add Github webhook support 2020-01-24 22:39:35 +01:00
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`@bp.route("/github/webhook/", methods=["POST"])`
			`@csrf.exempt`
			`def github_webhook():`
			`json = request.json`
Add Github webhook support 2020-01-24 22:39:35 +01:00
			`header_signature = request.headers.get('X-Hub-Signature')`
			`if header_signature is None:`
			`return error(403, "Expected payload signature")`

Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`token = _find_api_token(header_signature)`
			`packages = get_packages_for_vcs_and_token(token, "github.com/" + json["repository"]["full_name"])`

			`for package in packages:`
			`#`
			`# Check event`
			`#`
			`event = request.headers.get("X-GitHub-Event")`
			`if event == "push":`
			`ref = json["after"]`
			`title = datetime.datetime.utcnow().strftime("%Y-%m-%d") + " " + ref[:5]`
			`branch = json["ref"].replace("refs/heads/", "")`
Allow filtering VCS webhooks based on branch name Fixes #258 2024-06-22 13:13:49 +02:00			`if package.update_config and package.update_config.ref:`
			`if branch != package.update_config.ref:`
			`continue`
			`elif branch not in ["master", "main"]:`
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`continue`

			`elif event == "create":`
			`ref_type = json.get("ref_type")`
			`if ref_type != "tag":`
			`return jsonify({`
Improve webhook error on create events 2021-12-12 18:20:23 +01:00			`"success": False,`
			`"message": "Webhook ignored, as it's a non-tag create event. ref_type='{}'.".format(ref_type)`
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`})`
Improve webhook error on create events 2021-12-12 18:20:23 +01:00
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`ref = json["ref"]`
			`title = ref`
Improve webhook error on create events 2021-12-12 18:20:23 +01:00
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`elif event == "ping":`
			`return jsonify({"success": True, "message": "Ping successful"})`
Improve webhook error on create events 2021-12-12 18:20:23 +01:00
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`else:`
			`return error(400, "Unsupported event: '{}'. Only 'push', 'create:tag', and 'ping' are supported."`
			`.format(event or "null"))`
Add Github webhook support 2020-01-24 22:39:35 +01:00
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`#`
			`# Perform release`
			`#`
			`if package.releases.filter_by(commit_hash=ref).count() > 0:`
			`return`
Add Github webhook support 2020-01-24 22:39:35 +01:00
Add release notes and long titles to releases Fixes #492 and fixes #480 2024-06-22 16:18:58 +02:00			`return api_create_vcs_release(token, package, title, title, None, ref, reason="Webhook")`
Prevent duplicate commit releases from webhooks 2021-02-04 20:54:26 +01:00
Fix VCS webhooks assuming repo URLs are unique Fixes #264 2024-06-22 12:42:51 +02:00			`return jsonify({`
			`"success": False,`
			`"message": "No release made. Either the release already exists or the event was filtered based on the branch"`
			`})`