def add_account(self, github_app: InstallationEvent) -> bool:
        """
        Add account to whitelist.
        Status is set to 'waiting' or to 'approved_automatically'
        if the account is a packager in Fedora.

        :param github_app: github app installation info
        :return: was the account (auto/already)-whitelisted?
        """
        if github_app.account_login in self.db:
            # TODO: if the sender added (not created) our App to more repos,
            #  then we should update the DB here
            return True

        # Do the DB insertion as a first thing to avoid issue#42
        github_app.status = WhitelistStatus.waiting
        self.db[github_app.account_login] = github_app.get_dict()

        # we want to verify if user who installed the application (sender_login) signed FPCA
        # https://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement
        if self._signed_fpca(github_app.sender_login):
            github_app.status = WhitelistStatus.approved_automatically
            self.db[github_app.account_login] = github_app.get_dict()
            return True
        else:
            return False
Beispiel #2
0
 def add_account(self, github_app: InstallationEvent) -> bool:
     """
     Add account to whitelist, if automatic verification of user
     (check if user is packager in fedora) fails, account is still inserted in whitelist
      with status : `waiting`.
      Then a scripts in files/scripts have to be executed for manual approval
     :param github_app: github app installation info
     :return: was the account auto-whitelisted?
     """
     account = self.get_account(github_app.account_login)
     if account:
         # the account is already in DB
         return True
     # we want to verify if user who installed the application is packager
     if Whitelist._is_packager(github_app.sender_login):
         github_app.status = WhitelistStatus.approved_automatically
         self.db[github_app.account_login] = github_app.get_dict()
         logger.info(f"Account {github_app.account_login} whitelisted!")
         return True
     else:
         logger.error(
             "Failed to verify that user is Fedora packager. "
             "This could be caused by different github username than FAS username "
             "or that user is not a packager.")
         github_app.status = WhitelistStatus.waiting
         self.db[github_app.account_login] = github_app.get_dict()
         logger.info(f"Account {github_app.account_login} inserted "
                     f"to whitelist with status: waiting for approval")
         return False
Beispiel #3
0
def installation_events():
    return [
        InstallationEvent(
            installation_id=3767734,
            account_login="******",
            account_id=5409,
            account_url="https://api.github.com/users/teg",
            account_type="User",
            created_at="2020-03-31T10:06:38Z",
            repositories=[],
            sender_id=5409,
            sender_login="******",
        ),
        InstallationEvent(
            installation_id=6813698,
            account_login="******",
            account_id=11048203,
            account_url="https://api.github.com/users/Pac23",
            account_type="User",
            created_at="2020-03-31T10:06:38Z",
            repositories=["Pac23/awesome-piracy"],
            sender_id=11048203,
            sender_login="******",
        ),
    ]
Beispiel #4
0
    def add_account(self, github_app: InstallationEvent) -> bool:
        """
        Add account to whitelist, if automatic verification of user
        (check if user is packager in fedora) fails, account is still inserted in whitelist
         with status : `waiting`.
         Then a scripts in files/scripts have to be executed for manual approval
        :param github_app: github app installation info
        :return: was the account (auto/already)-whitelisted?
        """
        if github_app.account_login in self.db:
            # TODO: if the sender added (not created) our App to more repos,
            #  then we should update the DB here
            return True

        # Do the DB insertion as a first thing to avoid issue#42
        github_app.status = WhitelistStatus.waiting
        self.db[github_app.account_login] = github_app.get_dict()

        # we want to verify if user who installed the application (sender_login) is packager
        if self._is_packager(github_app.sender_login):
            github_app.status = WhitelistStatus.approved_automatically
            self.db[github_app.account_login] = github_app.get_dict()
            logger.info(
                f"{github_app.account_type} {github_app.account_login} whitelisted!"
            )
            return True
        else:
            logger.info(
                "Failed to verify that user is Fedora packager. "
                "This could be caused by different github username than FAS username "
                "or that user is not a packager."
                f"{github_app.account_type} {github_app.account_login} inserted "
                "to whitelist with status: waiting for approval")
            return False
Beispiel #5
0
    def parse_installation_event(event) -> Optional[InstallationEvent]:
        """ Look into the provided event and see Github App installation details. """
        # Check if installation key in JSON isn't enough, we have to check the account as well
        if not nested_get(event, "installation", "account"):
            return None

        action = event.get("action")  # created or deleted
        installation_id = event["installation"]["id"]

        logger.info(
            f"Github App installation event. Action: {action}, "
            f"id: {installation_id}, account: {event['installation']['account']}, "
            f"sender: {event['sender']}")

        account_login = event["installation"]["account"]["login"]
        account_id = event["installation"]["account"]["id"]
        account_url = event["installation"]["account"]["url"]
        account_type = event["installation"]["account"][
            "type"]  # User or Organization
        created_at = event["installation"]["created_at"]

        sender_id = event["sender"]["id"]
        sender_login = event["sender"]["login"]

        return InstallationEvent(
            installation_id,
            account_login,
            account_id,
            account_url,
            account_type,
            created_at,
            sender_id,
            sender_login,
        )
Beispiel #6
0
 def deserialize(self, inp: Dict):
     """ reverse operation as serialize """
     event_data = inp["event_data"]
     del event_data["trigger"]
     event_data["status"] = WhitelistStatus(event_data["status"])
     inp["event_data"] = InstallationEvent(**event_data)
     inp["identifier"] = event_data["installation_id"]
     super().deserialize(inp)
Beispiel #7
0
def run_installation_handler(event: dict, package_config: dict, job_config: dict):
    handler = GithubAppInstallationHandler(
        package_config=None,
        job_config=None,
        data=None,
        installation_event=InstallationEvent.from_event_dict(event),
    )
    return get_handlers_task_results(handler.run_job(), event)
Beispiel #8
0
def test_serialize_installs():
    ev = InstallationEvent(1, "hubert", 2, "https://", "yes", 123, 234,
                           "konrad", WhitelistStatus.waiting)
    i = Installation.create(1, ev, save=False)
    s = i.serialize()
    assert s["identifier"] == 1
    assert s["event_data"]

    i2 = Installation()
    i2.deserialize(s)

    assert i2.event_data
    assert i2.identifier == 1
    def parse_installation_event(event) -> Optional[InstallationEvent]:
        """ Look into the provided event and see Github App installation details. """
        # Check if installation key in JSON isn't enough, we have to check the account as well
        if not nested_get(event, "installation", "account"):
            return None

        action = event["action"]
        if action not in {"created", "added"}:
            # We're currently not interested in removed/deleted/updated event.
            return None
        installation_id = event["installation"]["id"]
        # if action == 'created' then repos are in repositories
        # if action == 'added' then repos are in repositories_added
        repositories = event.get("repositories") or event.get(
            "repositories_added", [])
        repo_names = [repo["full_name"] for repo in repositories]

        logger.info(
            f"Github App installation {action!r} event. id: {installation_id}")
        logger.debug(f"account: {event['installation']['account']}, "
                     f"repositories: {repo_names}, sender: {event['sender']}")

        # namespace (user/organization) into which the app has been installed
        account_login = event["installation"]["account"]["login"]
        account_id = event["installation"]["account"]["id"]
        account_url = event["installation"]["account"]["url"]
        account_type = event["installation"]["account"][
            "type"]  # User or Organization
        created_at = event["installation"]["created_at"]

        # user who installed the app into 'account'
        sender_id = event["sender"]["id"]
        sender_login = event["sender"]["login"]

        return InstallationEvent(
            installation_id,
            account_login,
            account_id,
            account_url,
            account_type,
            created_at,
            repo_names,
            sender_id,
            sender_login,
        )
Beispiel #10
0
    def add_account(self, event: InstallationEvent) -> bool:
        """
        Add account to whitelist.
        Status is set to 'waiting' or to 'approved_automatically'
        if the account is a packager in Fedora.
        :param event: Github app installation info
        :return: was the account (auto/already)-whitelisted?
        """
        if self.is_approved(event.account_login):
            return True

        WhitelistModel.add_account(event.account_login, WhitelistStatus.waiting.value)

        if self._signed_fpca(event.sender_login):
            event.status = WhitelistStatus.approved_automatically
            WhitelistModel.add_account(event.account_login, event.status.value)
            return True

        return False