diff --git a/data/model/legacy.py b/data/model/legacy.py index 6466e4171..1be64f72c 100644 --- a/data/model/legacy.py +++ b/data/model/legacy.py @@ -18,7 +18,7 @@ from data.database import (User, Repository, Image, AccessToken, Role, Repositor from peewee import JOIN_LEFT_OUTER, fn from util.validation import (validate_username, validate_email, validate_password, INVALID_PASSWORD_MESSAGE) -from util.names import format_robot_username +from util.names import format_robot_username, parse_robot_username from util.backoff import exponential_backoff @@ -878,8 +878,17 @@ def change_username(user, new_username): if not username_valid: raise InvalidUsernameException('Invalid username %s: %s' % (new_username, username_issue)) - user.username = new_username - user.save() + with config.app_config['DB_TRANSACTION_FACTORY'](db): + # Rename the robots + for robot in list_entity_robots(user.username): + _, robot_shortname = parse_robot_username(robot.username) + new_robot_name = format_robot_username(new_username, robot_shortname) + robot.username = new_robot_name + robot.save() + + # Rename the user + user.username = new_username + user.save() def change_invoice_email(user, invoice_email): @@ -1955,7 +1964,7 @@ def create_build_trigger(repo, service_name, auth_token, user, pull_robot=None): return trigger -def get_build_trigger(namespace_name, repository_name, trigger_uuid): +def get_build_trigger(trigger_uuid): try: return (RepositoryBuildTrigger .select(RepositoryBuildTrigger, BuildTriggerService, Repository, Namespace) @@ -1965,9 +1974,7 @@ def get_build_trigger(namespace_name, repository_name, trigger_uuid): .join(Namespace, on=(Repository.namespace_user == Namespace.id)) .switch(RepositoryBuildTrigger) .join(User) - .where(RepositoryBuildTrigger.uuid == trigger_uuid, - Namespace.username == namespace_name, - Repository.name == repository_name) + .where(RepositoryBuildTrigger.uuid == trigger_uuid) .get()) except RepositoryBuildTrigger.DoesNotExist: msg = 'No build trigger with uuid: %s' % trigger_uuid diff --git a/endpoints/webhooks.py b/endpoints/webhooks.py index 0d9fcd227..20eb3689b 100644 --- a/endpoints/webhooks.py +++ b/endpoints/webhooks.py @@ -67,20 +67,22 @@ def stripe_webhook(): return make_response('Okay') -@webhooks.route('/push//trigger/', - methods=['POST']) +@webhooks.route('/push//trigger/', methods=['POST']) @process_auth -@parse_repository_name -def build_trigger_webhook(namespace, repository, trigger_uuid): - logger.debug('Webhook received for %s/%s with uuid %s', namespace, - repository, trigger_uuid) +def build_trigger_webhook(_, trigger_uuid): + logger.debug('Webhook received with uuid %s', trigger_uuid) + + try: + trigger = model.get_build_trigger(trigger_uuid) + except model.InvalidBuildTriggerException: + # It is ok to return 404 here, since letting an attacker know that a trigger UUID is valid + # doesn't leak anything + abort(404) + + namespace = trigger.repository.namespace_user.username + repository = trigger.repository.name permission = ModifyRepositoryPermission(namespace, repository) if permission.can(): - try: - trigger = model.get_build_trigger(namespace, repository, trigger_uuid) - except model.InvalidBuildTriggerException: - abort(404) - handler = BuildTrigger.get_trigger_for_service(trigger.service.name) logger.debug('Passing webhook request to handler %s', handler)