def add_account(self, github_app: InstallationEvent) -> bool:
"""
Add account to whitelist.
Status is set to 'waiting' or to 'approved_automatically'
if the account is a packager in Fedora.
:param github_app: github app installation info
:return: was the account (auto/already)-whitelisted?
"""
if github_app.account_login in self.db:
# TODO: if the sender added (not created) our App to more repos,
# then we should update the DB here
return True
# Do the DB insertion as a first thing to avoid issue#42
github_app.status = WhitelistStatus.waiting
self.db[github_app.account_login] = github_app.get_dict()
# we want to verify if user who installed the application (sender_login) signed FPCA
# https://fedoraproject.org/wiki/Legal:Fedora_Project_Contributor_Agreement
if self._signed_fpca(github_app.sender_login):
github_app.status = WhitelistStatus.approved_automatically
self.db[github_app.account_login] = github_app.get_dict()
return True
else:
return False
def add_account(self, github_app: InstallationEvent) -> bool:
"""
Add account to whitelist, if automatic verification of user
(check if user is packager in fedora) fails, account is still inserted in whitelist
with status : `waiting`.
Then a scripts in files/scripts have to be executed for manual approval
:param github_app: github app installation info
:return: was the account auto-whitelisted?
"""
account = self.get_account(github_app.account_login)
if account:
# the account is already in DB
return True
# we want to verify if user who installed the application is packager
if Whitelist._is_packager(github_app.sender_login):
github_app.status = WhitelistStatus.approved_automatically
self.db[github_app.account_login] = github_app.get_dict()
logger.info(f"Account {github_app.account_login} whitelisted!")
return True
else:
logger.error(
"Failed to verify that user is Fedora packager. "
"This could be caused by different github username than FAS username "
"or that user is not a packager.")
github_app.status = WhitelistStatus.waiting
self.db[github_app.account_login] = github_app.get_dict()
logger.info(f"Account {github_app.account_login} inserted "
f"to whitelist with status: waiting for approval")
return False
def installation_events():
return [
InstallationEvent(
installation_id=3767734,
account_login="******",
account_id=5409,
account_url="https://api.github.com/users/teg",
account_type="User",
created_at="2020-03-31T10:06:38Z",
repositories=[],
sender_id=5409,
sender_login="******",
),
InstallationEvent(
installation_id=6813698,
account_login="******",
account_id=11048203,
account_url="https://api.github.com/users/Pac23",
account_type="User",
created_at="2020-03-31T10:06:38Z",
repositories=["Pac23/awesome-piracy"],
sender_id=11048203,
sender_login="******",
),
]
def add_account(self, github_app: InstallationEvent) -> bool:
"""
Add account to whitelist, if automatic verification of user
(check if user is packager in fedora) fails, account is still inserted in whitelist
with status : `waiting`.
Then a scripts in files/scripts have to be executed for manual approval
:param github_app: github app installation info
:return: was the account (auto/already)-whitelisted?
"""
if github_app.account_login in self.db:
# TODO: if the sender added (not created) our App to more repos,
# then we should update the DB here
return True
# Do the DB insertion as a first thing to avoid issue#42
github_app.status = WhitelistStatus.waiting
self.db[github_app.account_login] = github_app.get_dict()
# we want to verify if user who installed the application (sender_login) is packager
if self._is_packager(github_app.sender_login):
github_app.status = WhitelistStatus.approved_automatically
self.db[github_app.account_login] = github_app.get_dict()
logger.info(
f"{github_app.account_type} {github_app.account_login} whitelisted!"
)
return True
else:
logger.info(
"Failed to verify that user is Fedora packager. "
"This could be caused by different github username than FAS username "
"or that user is not a packager."
f"{github_app.account_type} {github_app.account_login} inserted "
"to whitelist with status: waiting for approval")
return False
def parse_installation_event(event) -> Optional[InstallationEvent]:
""" Look into the provided event and see Github App installation details. """
# Check if installation key in JSON isn't enough, we have to check the account as well
if not nested_get(event, "installation", "account"):
return None
action = event.get("action") # created or deleted
installation_id = event["installation"]["id"]
logger.info(
f"Github App installation event. Action: {action}, "
f"id: {installation_id}, account: {event['installation']['account']}, "
f"sender: {event['sender']}")
account_login = event["installation"]["account"]["login"]
account_id = event["installation"]["account"]["id"]
account_url = event["installation"]["account"]["url"]
account_type = event["installation"]["account"][
"type"] # User or Organization
created_at = event["installation"]["created_at"]
sender_id = event["sender"]["id"]
sender_login = event["sender"]["login"]
return InstallationEvent(
installation_id,
account_login,
account_id,
account_url,
account_type,
created_at,
sender_id,
sender_login,
)
def deserialize(self, inp: Dict):
""" reverse operation as serialize """
event_data = inp["event_data"]
del event_data["trigger"]
event_data["status"] = WhitelistStatus(event_data["status"])
inp["event_data"] = InstallationEvent(**event_data)
inp["identifier"] = event_data["installation_id"]
super().deserialize(inp)
def run_installation_handler(event: dict, package_config: dict, job_config: dict):
handler = GithubAppInstallationHandler(
package_config=None,
job_config=None,
data=None,
installation_event=InstallationEvent.from_event_dict(event),
)
return get_handlers_task_results(handler.run_job(), event)
def test_serialize_installs():
ev = InstallationEvent(1, "hubert", 2, "https://", "yes", 123, 234,
"konrad", WhitelistStatus.waiting)
i = Installation.create(1, ev, save=False)
s = i.serialize()
assert s["identifier"] == 1
assert s["event_data"]
i2 = Installation()
i2.deserialize(s)
assert i2.event_data
assert i2.identifier == 1
def parse_installation_event(event) -> Optional[InstallationEvent]:
""" Look into the provided event and see Github App installation details. """
# Check if installation key in JSON isn't enough, we have to check the account as well
if not nested_get(event, "installation", "account"):
return None
action = event["action"]
if action not in {"created", "added"}:
# We're currently not interested in removed/deleted/updated event.
return None
installation_id = event["installation"]["id"]
# if action == 'created' then repos are in repositories
# if action == 'added' then repos are in repositories_added
repositories = event.get("repositories") or event.get(
"repositories_added", [])
repo_names = [repo["full_name"] for repo in repositories]
logger.info(
f"Github App installation {action!r} event. id: {installation_id}")
logger.debug(f"account: {event['installation']['account']}, "
f"repositories: {repo_names}, sender: {event['sender']}")
# namespace (user/organization) into which the app has been installed
account_login = event["installation"]["account"]["login"]
account_id = event["installation"]["account"]["id"]
account_url = event["installation"]["account"]["url"]
account_type = event["installation"]["account"][
"type"] # User or Organization
created_at = event["installation"]["created_at"]
# user who installed the app into 'account'
sender_id = event["sender"]["id"]
sender_login = event["sender"]["login"]
return InstallationEvent(
installation_id,
account_login,
account_id,
account_url,
account_type,
created_at,
repo_names,
sender_id,
sender_login,
)
def add_account(self, event: InstallationEvent) -> bool:
"""
Add account to whitelist.
Status is set to 'waiting' or to 'approved_automatically'
if the account is a packager in Fedora.
:param event: Github app installation info
:return: was the account (auto/already)-whitelisted?
"""
if self.is_approved(event.account_login):
return True
WhitelistModel.add_account(event.account_login, WhitelistStatus.waiting.value)
if self._signed_fpca(event.sender_login):
event.status = WhitelistStatus.approved_automatically
WhitelistModel.add_account(event.account_login, event.status.value)
return True
return False