From 1ac5018312c8e11185170be12dc5d87c3ff8c276 Mon Sep 17 00:00:00 2001 From: ShahzaibAwan Date: Fri, 16 Dec 2022 01:26:51 +0500 Subject: [PATCH 1/7] Add reason for manual cancel in build cancellation --- lib/travis/api/app/endpoint/builds.rb | 2 +- lib/travis/api/v3/queries/build.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/travis/api/app/endpoint/builds.rb b/lib/travis/api/app/endpoint/builds.rb index 6f573d5a2e..ea6708fb81 100644 --- a/lib/travis/api/app/endpoint/builds.rb +++ b/lib/travis/api/app/endpoint/builds.rb @@ -42,7 +42,7 @@ class Builds < Endpoint status 422 respond_with json else - payload = { id: params[:id], user_id: current_user.id, source: 'api' } + payload = { id: params[:id], user_id: current_user.id, source: 'api', reason: 'Build Cancelled manually by User' } service.push("build:cancel", payload) diff --git a/lib/travis/api/v3/queries/build.rb b/lib/travis/api/v3/queries/build.rb index 372a927ac4..a6c56250a2 100644 --- a/lib/travis/api/v3/queries/build.rb +++ b/lib/travis/api/v3/queries/build.rb @@ -15,7 +15,7 @@ def find def cancel(user, build_id) raise BuildNotCancelable if %w(passed failed canceled errored).include? find.state - payload = { id: build_id, user_id: user.id, source: 'api' } + payload = { id: build_id, user_id: user.id, source: 'api', reason: 'Build Cancelled manually by User' } service = Travis::Enqueue::Services::CancelModel.new(user, { build_id: build_id }) service.push("build:cancel", payload) payload From d5e701e9177dc3ba34d532c35e93f0de92d8b55c Mon Sep 17 00:00:00 2001 From: ShahzaibAwan Date: Fri, 16 Dec 2022 17:19:08 +0500 Subject: [PATCH 2/7] Add login of user who cancelled the build --- lib/travis/api/app/endpoint/builds.rb | 2 +- lib/travis/api/v3/queries/build.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/travis/api/app/endpoint/builds.rb b/lib/travis/api/app/endpoint/builds.rb index ea6708fb81..2bce8a9bc3 100644 --- a/lib/travis/api/app/endpoint/builds.rb +++ b/lib/travis/api/app/endpoint/builds.rb @@ -42,7 +42,7 @@ class Builds < Endpoint status 422 respond_with json else - payload = { id: params[:id], user_id: current_user.id, source: 'api', reason: 'Build Cancelled manually by User' } + payload = { id: params[:id], user_id: current_user.id, source: 'api', reason: "Build Cancelled manually by User with id: #{current_user.login}" } service.push("build:cancel", payload) diff --git a/lib/travis/api/v3/queries/build.rb b/lib/travis/api/v3/queries/build.rb index a6c56250a2..77f40e026a 100644 --- a/lib/travis/api/v3/queries/build.rb +++ b/lib/travis/api/v3/queries/build.rb @@ -15,7 +15,7 @@ def find def cancel(user, build_id) raise BuildNotCancelable if %w(passed failed canceled errored).include? find.state - payload = { id: build_id, user_id: user.id, source: 'api', reason: 'Build Cancelled manually by User' } + payload = { id: build_id, user_id: user.id, source: 'api', reason: "Build Cancelled manually by User with id: #{current_user.login}" } service = Travis::Enqueue::Services::CancelModel.new(user, { build_id: build_id }) service.push("build:cancel", payload) payload From e31efbff06a579c75ce89347d0f8752b515f976d Mon Sep 17 00:00:00 2001 From: ShahzaibAwan Date: Fri, 16 Dec 2022 17:24:26 +0500 Subject: [PATCH 3/7] Use user instead of current user --- lib/travis/api/v3/queries/build.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/travis/api/v3/queries/build.rb b/lib/travis/api/v3/queries/build.rb index 77f40e026a..9e2cb70774 100644 --- a/lib/travis/api/v3/queries/build.rb +++ b/lib/travis/api/v3/queries/build.rb @@ -15,7 +15,7 @@ def find def cancel(user, build_id) raise BuildNotCancelable if %w(passed failed canceled errored).include? find.state - payload = { id: build_id, user_id: user.id, source: 'api', reason: "Build Cancelled manually by User with id: #{current_user.login}" } + payload = { id: build_id, user_id: user.id, source: 'api', reason: "Build Cancelled manually by User with id: #{user.login}" } service = Travis::Enqueue::Services::CancelModel.new(user, { build_id: build_id }) service.push("build:cancel", payload) payload From 196ea04252940abcd853c7a8c6ea7cb63401b720 Mon Sep 17 00:00:00 2001 From: Stanislav Kolotinskiy Date: Wed, 14 Dec 2022 18:59:19 +0200 Subject: [PATCH 4/7] Use RSS token for builds atom feed re #BSFY-206 --- lib/travis/api/app/access_token.rb | 17 +++++----- lib/travis/api/app/endpoint/authorization.rb | 6 +++- lib/travis/api/app/endpoint/repos.rb | 2 ++ lib/travis/model/token.rb | 2 ++ lib/travis/model/user.rb | 7 ++-- spec/lib/model/user_spec.rb | 9 +++++ spec/unit/access_token_spec.rb | 11 ++++++ spec/unit/endpoint/repos_spec.rb | 35 ++++++++++++++++++++ 8 files changed, 77 insertions(+), 12 deletions(-) diff --git a/lib/travis/api/app/access_token.rb b/lib/travis/api/app/access_token.rb index 47246f4ec0..5020fac15e 100644 --- a/lib/travis/api/app/access_token.rb +++ b/lib/travis/api/app/access_token.rb @@ -4,7 +4,7 @@ class Travis::Api::App class AccessToken DEFAULT_SCOPES = [:public, :private] - attr_reader :token, :scopes, :user_id, :app_id, :expires_in, :extra + attr_reader :token, :travis_token, :scopes, :user_id, :app_id, :expires_in, :extra def self.create(options = {}) new(options).tap(&:save) @@ -12,7 +12,7 @@ def self.create(options = {}) def self.for_travis_token(travis_token, options = {}) travis_token = Token.find_by_token(travis_token) unless travis_token.respond_to? :user - new(scope: :travis_token, app_id: 1, user: travis_token.user).tap(&:save) if travis_token + new(scope: :travis_token, app_id: 1, user: travis_token.user, travis_token: travis_token).tap(&:save) if travis_token end def self.find_by_token(token) @@ -32,12 +32,13 @@ def initialize(options = {}) raise ArgumentError, 'expires_in must be of integer type' end - @app_id = Integer(options[:app_id]) - @scopes = Array(options[:scopes] || options[:scope] || DEFAULT_SCOPES).map(&:to_sym) - @user = options[:user] - @user_id = Integer(options[:user_id] || @user.id) - @token = options[:token] || reuse_token || SecureRandom.urlsafe_base64(16) - @extra = options[:extra] + @app_id = Integer(options[:app_id]) + @scopes = Array(options[:scopes] || options[:scope] || DEFAULT_SCOPES).map(&:to_sym) + @user = options[:user] + @user_id = Integer(options[:user_id] || @user.id) + @token = options[:token] || reuse_token || SecureRandom.urlsafe_base64(16) + @travis_token = options[:travis_token] + @extra = options[:extra] end def save diff --git a/lib/travis/api/app/endpoint/authorization.rb b/lib/travis/api/app/endpoint/authorization.rb index a070431837..4de952692b 100644 --- a/lib/travis/api/app/endpoint/authorization.rb +++ b/lib/travis/api/app/endpoint/authorization.rb @@ -153,7 +153,11 @@ def update_first_login(user) def serialize_user(user) rendered = Travis::Api::Serialize.data(user, version: :v2) - rendered['user'].merge('token' => user.tokens.first.try(:token).to_s) + token = user.tokens.asset.first.try(:token).to_s + rendered['user'].merge( + 'token' => token, + 'rss_token' => user.tokens.rss.first.try(:token) || token, + ) end def oauth_endpoint diff --git a/lib/travis/api/app/endpoint/repos.rb b/lib/travis/api/app/endpoint/repos.rb index 7ad7aab50d..f241d2578e 100644 --- a/lib/travis/api/app/endpoint/repos.rb +++ b/lib/travis/api/app/endpoint/repos.rb @@ -22,6 +22,8 @@ class RepoStatus < Endpoint end get '/:owner_name/:name/builds', scope: [:public, :travis_token] do + halt 401 if scope == :travis_token && access_token.travis_token && !access_token.travis_token.rss? && access_token.user.tokens.rss.exists? + respond_with service(:find_builds, params), responder: :atom, responders: :atom end diff --git a/lib/travis/model/token.rb b/lib/travis/model/token.rb index 93f45ec9dd..1c9669cb62 100644 --- a/lib/travis/model/token.rb +++ b/lib/travis/model/token.rb @@ -7,6 +7,8 @@ # one) that they need use on their service hooks. This gives us some security # that people cannot throw random repositories at Travis CI. class Token < Travis::Model + enum purpose: [ :asset, :rss ] + belongs_to :user validates :token, :presence => true diff --git a/lib/travis/model/user.rb b/lib/travis/model/user.rb index c878857f08..ffa9499d50 100644 --- a/lib/travis/model/user.rb +++ b/lib/travis/model/user.rb @@ -15,7 +15,7 @@ class User < Travis::Model has_one :owner_group, as: :owner before_create :set_as_recent - after_create :create_a_token + after_create :create_the_tokens before_save :track_previous_changes serialize :github_scopes @@ -163,8 +163,9 @@ def inspect github_oauth_token ? super.gsub(github_oauth_token, '[REDACTED]') : super end - def create_a_token - self.tokens.create! + def create_the_tokens + self.tokens.asset.create! unless self.tokens.asset.exists? + self.tokens.rss.create! end def github? diff --git a/spec/lib/model/user_spec.rb b/spec/lib/model/user_spec.rb index ab5ad84984..6a4928d03b 100644 --- a/spec/lib/model/user_spec.rb +++ b/spec/lib/model/user_spec.rb @@ -182,4 +182,13 @@ def user(payload) end end end + + describe 'tokens' do + let(:user) { FactoryBot.create(:user) } + + it 'creates two tokens on creation' do + expect(user.tokens.asset.count).to eq(1) + expect(user.tokens.rss.count).to eq(1) + end + end end diff --git a/spec/unit/access_token_spec.rb b/spec/unit/access_token_spec.rb index 96c8216b06..0b9fb031a4 100644 --- a/spec/unit/access_token_spec.rb +++ b/spec/unit/access_token_spec.rb @@ -44,4 +44,15 @@ token = described_class.find_by_token(token.token) expect(token.extra).to eq({ 'required_params' => { 'job_id' => '1' } }) end + + it 'allows to save travis token' do + attrs = { + app_id: 1, + user_id: 3, + travis_token: Token.new + } + + token = described_class.new(attrs).tap(&:save) + expect(token.travis_token).to eq(attrs[:travis_token]) + end end diff --git a/spec/unit/endpoint/repos_spec.rb b/spec/unit/endpoint/repos_spec.rb index 92ba6f90f5..ea756c4340 100644 --- a/spec/unit/endpoint/repos_spec.rb +++ b/spec/unit/endpoint/repos_spec.rb @@ -48,4 +48,39 @@ end end end + + describe 'builds endpoint' do + let(:user) { FactoryBot.create(:user) } + let(:repo) { FactoryBot.create(:repository, private: false, owner_name: 'user', name: 'repo') } + + before { user.permissions.create(repository_id: repo.id, push: false) } + + context 'when user is authorizing with token' do + context 'and token is not a RSS one' do + let(:token) { user.tokens.asset.first } + + context 'and user has a RSS token' do + it 'responds with 401' do + expect(get("/repo_status/#{repo.owner_name}/#{repo.name}/builds.atom?token=#{token.token}", {}, {}).status).to eq(401) + end + end + + context 'and user does not have a RSS token' do + before { user.tokens.rss.delete_all } + + it 'responds with 200' do + expect(get("/repo_status/#{repo.owner_name}/#{repo.name}/builds.atom?token=#{token.token}", {}, {}).status).to eq(200) + end + end + end + + context 'and token is a RSS one' do + let(:token) { user.tokens.rss.first } + + it 'responds with 200' do + expect(get("/repo_status/#{repo.owner_name}/#{repo.name}/builds.atom?token=#{token.token}", {}, {}).status).to eq(200) + end + end + end + end end From b3ae04d36f6fae77972f767caf6065475aef7eed Mon Sep 17 00:00:00 2001 From: ShahzaibAwan Date: Mon, 2 Jan 2023 14:46:14 +0500 Subject: [PATCH 5/7] Change reason for cancellation --- lib/travis/api/app/endpoint/builds.rb | 2 +- lib/travis/api/v3/queries/build.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/travis/api/app/endpoint/builds.rb b/lib/travis/api/app/endpoint/builds.rb index 2bce8a9bc3..33e3d62b08 100644 --- a/lib/travis/api/app/endpoint/builds.rb +++ b/lib/travis/api/app/endpoint/builds.rb @@ -42,7 +42,7 @@ class Builds < Endpoint status 422 respond_with json else - payload = { id: params[:id], user_id: current_user.id, source: 'api', reason: "Build Cancelled manually by User with id: #{current_user.login}" } + payload = { id: params[:id], user_id: current_user.id, source: 'api', reason: "Build Cancelled manually by User: #{current_user.login}" } service.push("build:cancel", payload) diff --git a/lib/travis/api/v3/queries/build.rb b/lib/travis/api/v3/queries/build.rb index 9e2cb70774..750cdb5e0b 100644 --- a/lib/travis/api/v3/queries/build.rb +++ b/lib/travis/api/v3/queries/build.rb @@ -15,7 +15,7 @@ def find def cancel(user, build_id) raise BuildNotCancelable if %w(passed failed canceled errored).include? find.state - payload = { id: build_id, user_id: user.id, source: 'api', reason: "Build Cancelled manually by User with id: #{user.login}" } + payload = { id: build_id, user_id: user.id, source: 'api', reason: "Build Cancelled manually by User: #{user.login}" } service = Travis::Enqueue::Services::CancelModel.new(user, { build_id: build_id }) service.push("build:cancel", payload) payload From 0e93a720a94c7772b62db5e8ff734425866dd5de Mon Sep 17 00:00:00 2001 From: Murtaza Khan <104836571+murtaza-swati@users.noreply.github.com> Date: Mon, 30 Jan 2023 11:33:12 +0500 Subject: [PATCH 6/7] Revert "Add reason for manual cancel in build cancellation" --- lib/travis/api/app/endpoint/builds.rb | 2 +- lib/travis/api/v3/queries/build.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/travis/api/app/endpoint/builds.rb b/lib/travis/api/app/endpoint/builds.rb index 33e3d62b08..6f573d5a2e 100644 --- a/lib/travis/api/app/endpoint/builds.rb +++ b/lib/travis/api/app/endpoint/builds.rb @@ -42,7 +42,7 @@ class Builds < Endpoint status 422 respond_with json else - payload = { id: params[:id], user_id: current_user.id, source: 'api', reason: "Build Cancelled manually by User: #{current_user.login}" } + payload = { id: params[:id], user_id: current_user.id, source: 'api' } service.push("build:cancel", payload) diff --git a/lib/travis/api/v3/queries/build.rb b/lib/travis/api/v3/queries/build.rb index 750cdb5e0b..372a927ac4 100644 --- a/lib/travis/api/v3/queries/build.rb +++ b/lib/travis/api/v3/queries/build.rb @@ -15,7 +15,7 @@ def find def cancel(user, build_id) raise BuildNotCancelable if %w(passed failed canceled errored).include? find.state - payload = { id: build_id, user_id: user.id, source: 'api', reason: "Build Cancelled manually by User: #{user.login}" } + payload = { id: build_id, user_id: user.id, source: 'api' } service = Travis::Enqueue::Services::CancelModel.new(user, { build_id: build_id }) service.push("build:cancel", payload) payload From fb172bdc028dccc5daa2b8cc6da21d30f23086a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 Mar 2023 05:41:01 +0000 Subject: [PATCH 7/7] Bump rack from 2.2.3 to 2.2.6.4 Bumps [rack](https://github.com/rack/rack) from 2.2.3 to 2.2.6.4. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](https://github.com/rack/rack/compare/2.2.3...v2.2.6.4) --- updated-dependencies: - dependency-name: rack dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2d07ff3358..1539a70fac 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -309,7 +309,7 @@ GEM multi_json (~> 1.0) pusher-signature (~> 0.1.8) pusher-signature (0.1.8) - rack (2.2.3) + rack (2.2.6.4) rack-attack (5.4.2) rack (>= 1.0, < 3) rack-contrib (2.2.0)