Rename robots when we rename a user. Do not use the namespace from the path to check permissions from the incoming webhooks since the namespace may have changed and we cannot recreate them in remote services easily.

data/model/legacy.py

@@ -18,7 +18,7 @@ from data.database import (User, Repository, Image, AccessToken, Role, Repositor
 from peewee import JOIN_LEFT_OUTER, fn
 from util.validation import (validate_username, validate_email, validate_password,
                              INVALID_PASSWORD_MESSAGE)
-from util.names import format_robot_username
+from util.names import format_robot_username, parse_robot_username
 from util.backoff import exponential_backoff
 
 
@@ -878,8 +878,17 @@ def change_username(user, new_username):
   if not username_valid:
     raise InvalidUsernameException('Invalid username %s: %s' % (new_username, username_issue))
 
-  user.username = new_username
+  with config.app_config['DB_TRANSACTION_FACTORY'](db):
-  user.save()
+    # Rename the robots
+    for robot in list_entity_robots(user.username):
+      _, robot_shortname = parse_robot_username(robot.username)
+      new_robot_name = format_robot_username(new_username, robot_shortname)
+      robot.username = new_robot_name
+      robot.save()
+
+    # Rename the user
+    user.username = new_username
+    user.save()
 
 
 def change_invoice_email(user, invoice_email):
@@ -1955,7 +1964,7 @@ def create_build_trigger(repo, service_name, auth_token, user, pull_robot=None):
   return trigger
 
 
-def get_build_trigger(namespace_name, repository_name, trigger_uuid):
+def get_build_trigger(trigger_uuid):
   try:
     return (RepositoryBuildTrigger
             .select(RepositoryBuildTrigger, BuildTriggerService, Repository, Namespace)
@@ -1965,9 +1974,7 @@ def get_build_trigger(namespace_name, repository_name, trigger_uuid):
             .join(Namespace, on=(Repository.namespace_user == Namespace.id))
             .switch(RepositoryBuildTrigger)
             .join(User)
-            .where(RepositoryBuildTrigger.uuid == trigger_uuid,
+            .where(RepositoryBuildTrigger.uuid == trigger_uuid)
-                   Namespace.username == namespace_name,
-                   Repository.name == repository_name)
             .get())
   except RepositoryBuildTrigger.DoesNotExist:
     msg = 'No build trigger with uuid: %s' % trigger_uuid

endpoints/webhooks.py

@@ -67,20 +67,22 @@ def stripe_webhook():
   return make_response('Okay')
 
 
-@webhooks.route('/push/<path:repository>/trigger/<trigger_uuid>',
+@webhooks.route('/push/<path:repository>/trigger/<trigger_uuid>', methods=['POST'])
-                methods=['POST'])
 @process_auth
-@parse_repository_name
+def build_trigger_webhook(_, trigger_uuid):
-def build_trigger_webhook(namespace, repository, trigger_uuid):
+  logger.debug('Webhook received with uuid %s', trigger_uuid)
-  logger.debug('Webhook received for %s/%s with uuid %s', namespace,
+  
-               repository, trigger_uuid)
+  try:
+    trigger = model.get_build_trigger(trigger_uuid)
+  except model.InvalidBuildTriggerException:
+    # It is ok to return 404 here, since letting an attacker know that a trigger UUID is valid
+    # doesn't leak anything
+    abort(404)
+
+  namespace = trigger.repository.namespace_user.username
+  repository = trigger.repository.name
   permission = ModifyRepositoryPermission(namespace, repository)
   if permission.can():
-    try:
-      trigger = model.get_build_trigger(namespace, repository, trigger_uuid)
-    except model.InvalidBuildTriggerException:
-      abort(404)
-
     handler = BuildTrigger.get_trigger_for_service(trigger.service.name)
 
     logger.debug('Passing webhook request to handler %s', handler)