mirror of https://github.com/agola-io/agola
Merge pull request #525 from sgotti/gateway_unify_improve_handling_of_authenticated_user
gateway: unify/improve handling of authenticated user
This commit is contained in:
commit
da97477779
|
@ -342,7 +342,7 @@ type OrgInvitationResponse struct {
|
|||
|
||||
func (h *ActionHandler) GetOrgInvitations(ctx context.Context, orgRef string, limit int) ([]*cstypes.OrgInvitation, error) {
|
||||
if !common.IsUserLogged(ctx) {
|
||||
return nil, errors.Errorf("user not logged in")
|
||||
return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
|
||||
}
|
||||
|
||||
org, _, err := h.configstoreClient.GetOrg(ctx, orgRef)
|
||||
|
@ -373,7 +373,7 @@ type CreateOrgInvitationRequest struct {
|
|||
|
||||
func (h *ActionHandler) CreateOrgInvitation(ctx context.Context, req *CreateOrgInvitationRequest) (*OrgInvitationResponse, error) {
|
||||
if !common.IsUserLogged(ctx) {
|
||||
return nil, errors.Errorf("user not logged in")
|
||||
return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
|
||||
}
|
||||
|
||||
if h.organizationMemberAddingMode != OrganizationMemberAddingModeInvitation {
|
||||
|
@ -484,9 +484,8 @@ func (h *ActionHandler) OrgInvitationAction(ctx context.Context, req *OrgInvitat
|
|||
}
|
||||
|
||||
func (h *ActionHandler) DeleteOrgInvitation(ctx context.Context, orgRef string, userRef string) error {
|
||||
userID := common.CurrentUserID(ctx)
|
||||
if userID == "" {
|
||||
return errors.Errorf("user not authenticated")
|
||||
if !common.IsUserLogged(ctx) {
|
||||
return util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
|
||||
}
|
||||
|
||||
orgInvitation, _, err := h.configstoreClient.GetOrgInvitation(ctx, orgRef, userRef)
|
||||
|
|
|
@ -64,6 +64,9 @@ type CreateProjectRequest struct {
|
|||
}
|
||||
|
||||
func (h *ActionHandler) CreateProject(ctx context.Context, req *CreateProjectRequest) (*csapitypes.Project, error) {
|
||||
if !common.IsUserLogged(ctx) {
|
||||
return nil, util.NewAPIError(util.ErrBadRequest, util.WithAPIErrorMsg("user not authenticated"))
|
||||
}
|
||||
curUserID := common.CurrentUserID(ctx)
|
||||
|
||||
user, _, err := h.configstoreClient.GetUser(ctx, curUserID)
|
||||
|
|
|
@ -330,6 +330,11 @@ type RunTaskActionsRequest struct {
|
|||
}
|
||||
|
||||
func (h *ActionHandler) RunTaskAction(ctx context.Context, req *RunTaskActionsRequest) error {
|
||||
if !common.IsUserLogged(ctx) {
|
||||
return util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
|
||||
}
|
||||
curUserID := common.CurrentUserID(ctx)
|
||||
|
||||
canDoRunAction, groupID, err := h.CanAuthUserDoRunActions(ctx, req.GroupType, req.Ref, actionTypeTaskAction)
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "failed to determine permissions")
|
||||
|
@ -347,11 +352,6 @@ func (h *ActionHandler) RunTaskAction(ctx context.Context, req *RunTaskActionsRe
|
|||
|
||||
runID := runResp.Run.ID
|
||||
|
||||
curUserID := common.CurrentUserID(ctx)
|
||||
if curUserID == "" {
|
||||
return util.NewAPIError(util.ErrBadRequest, util.WithAPIErrorMsg("no logged in user"))
|
||||
}
|
||||
|
||||
switch req.ActionType {
|
||||
case RunTaskActionTypeApprove:
|
||||
rt, ok := runResp.Run.Tasks[req.TaskID]
|
||||
|
|
|
@ -59,7 +59,6 @@ func (h *ActionHandler) GetCurrentUser(ctx context.Context) (*PrivateUserRespons
|
|||
if !common.IsUserLogged(ctx) {
|
||||
return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
|
||||
}
|
||||
|
||||
userID := common.CurrentUserID(ctx)
|
||||
|
||||
user, _, err := h.configstoreClient.GetUser(ctx, userID)
|
||||
|
@ -82,7 +81,7 @@ func (h *ActionHandler) GetCurrentUser(ctx context.Context) (*PrivateUserRespons
|
|||
|
||||
func (h *ActionHandler) GetUser(ctx context.Context, userRef string) (*cstypes.User, error) {
|
||||
if !common.IsUserLoggedOrAdmin(ctx) {
|
||||
return nil, errors.Errorf("user not logged in")
|
||||
return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
|
||||
}
|
||||
|
||||
user, _, err := h.configstoreClient.GetUser(ctx, userRef)
|
||||
|
@ -257,6 +256,10 @@ type CreateUserTokenRequest struct {
|
|||
}
|
||||
|
||||
func (h *ActionHandler) CreateUserToken(ctx context.Context, req *CreateUserTokenRequest) (string, error) {
|
||||
if !common.IsUserLoggedOrAdmin(ctx) {
|
||||
return "", util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
|
||||
}
|
||||
|
||||
isAdmin := common.IsUserAdmin(ctx)
|
||||
userID := common.CurrentUserID(ctx)
|
||||
|
||||
|
@ -738,10 +741,13 @@ func (h *ActionHandler) HandleRemoteSourceAuth(ctx context.Context, remoteSource
|
|||
return nil, APIErrorFromRemoteError(err, util.WithAPIErrorMsg("failed to get user %q", req.UserRef))
|
||||
}
|
||||
|
||||
curUserID := common.CurrentUserID(ctx)
|
||||
|
||||
// user must be already logged in the create a linked account and can create a
|
||||
// linked account only on itself.
|
||||
if !common.IsUserLogged(ctx) {
|
||||
return nil, util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
|
||||
}
|
||||
curUserID := common.CurrentUserID(ctx)
|
||||
|
||||
if user.ID != curUserID {
|
||||
return nil, util.NewAPIError(util.ErrBadRequest, util.WithAPIErrorMsg("logged in user cannot create linked account for another user"))
|
||||
}
|
||||
|
@ -1003,7 +1009,7 @@ func (h *ActionHandler) DeleteUser(ctx context.Context, userRef string) error {
|
|||
|
||||
func (h *ActionHandler) DeleteUserLA(ctx context.Context, userRef, laID string) error {
|
||||
if !common.IsUserLoggedOrAdmin(ctx) {
|
||||
return errors.Errorf("user not logged in")
|
||||
return util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
|
||||
}
|
||||
|
||||
isAdmin := common.IsUserAdmin(ctx)
|
||||
|
@ -1027,7 +1033,7 @@ func (h *ActionHandler) DeleteUserLA(ctx context.Context, userRef, laID string)
|
|||
|
||||
func (h *ActionHandler) DeleteUserToken(ctx context.Context, userRef, tokenName string) error {
|
||||
if !common.IsUserLoggedOrAdmin(ctx) {
|
||||
return errors.Errorf("user not logged in")
|
||||
return util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
|
||||
}
|
||||
|
||||
isAdmin := common.IsUserAdmin(ctx)
|
||||
|
@ -1063,6 +1069,11 @@ type UserCreateRunRequest struct {
|
|||
}
|
||||
|
||||
func (h *ActionHandler) UserCreateRun(ctx context.Context, req *UserCreateRunRequest) error {
|
||||
if !common.IsUserLogged(ctx) {
|
||||
return util.NewAPIError(util.ErrForbidden, util.WithAPIErrorMsg("user not authenticated"))
|
||||
}
|
||||
curUserID := common.CurrentUserID(ctx)
|
||||
|
||||
prRefRegexes := []*regexp.Regexp{}
|
||||
for _, res := range req.PullRequestRefRegexes {
|
||||
re, err := regexp.Compile(res)
|
||||
|
@ -1072,8 +1083,6 @@ func (h *ActionHandler) UserCreateRun(ctx context.Context, req *UserCreateRunReq
|
|||
prRefRegexes = append(prRefRegexes, re)
|
||||
}
|
||||
|
||||
curUserID := common.CurrentUserID(ctx)
|
||||
|
||||
user, _, err := h.configstoreClient.GetUser(ctx, curUserID)
|
||||
if err != nil {
|
||||
return APIErrorFromRemoteError(err, util.WithAPIErrorMsg("failed to get user %q", curUserID))
|
||||
|
|
|
@ -227,7 +227,7 @@ func TestCookieAuth(t *testing.T) {
|
|||
}, nil)
|
||||
testutil.NilError(t, err)
|
||||
|
||||
// Test auth passing recevied login response cookies
|
||||
// Test auth passing received login response cookies
|
||||
authCookieName := common.AuthCookieName(false)
|
||||
secondaryAuthCookieName := common.SecondaryAuthCookieName()
|
||||
cookies := resp.Cookies()
|
||||
|
|
Loading…
Reference in New Issue