Allow unlimited API tokens in GitHub webhooks

2024-11-10 01:23:48 +01:00 · 2020-04-11 15:24:44 +01:00 · 2020-04-11 15:24:44 +01:00 · 0087c1ef9d
commit 0087c1ef9d
parent 39881e0d04
1 changed files with 6 additions and 3 deletions
--- a/app/blueprints/github/init.py
+++ b/app/blueprints/github/init.py
@ -20,7 +20,7 @@ bp = Blueprint("github", __name__)

 from flask import redirect, url_for, request, flash, abort, render_template, jsonify, current_app
 from flask_user import current_user, login_required
-from sqlalchemy import func
+from sqlalchemy import func, or_, and_
 from flask_github import GitHub
 from app import github, csrf
 from app.models import db, User, APIToken, Package, Permission
@ -95,7 +95,10 @@ def webhook():
 		return error(400, "Could not find package, did you set the VCS repo in CDB correctly?")

 	# Get all tokens for package
-	possible_tokens = APIToken.query.filter_by(package=package).all()
+	tokens_query = APIToken.query.filter(or_(APIToken.package==package,
+			and_(APIToken.package==None, APIToken.owner==package.author)))
+
+	possible_tokens = tokens_query.all()
 	actual_token = None

 	#
@ -118,7 +121,7 @@ def webhook():
 			break

 	if actual_token is None:
-		return error(403, "Invalid authentication, couldn't validate API token. Make sure to limit token to a package")
+		return error(403, "Invalid authentication, couldn't validate API token")

 	if not package.checkPerm(actual_token.owner, Permission.APPROVE_RELEASE):
 		return error(403, "Only trusted members can use webhooks")