YunoHost/yunorunner
1
0
Fork 0
mirror of https://github.com/YunoHost/yunorunner.git synced 2024-09-03 20:05:52 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #13 from YunoHost/fix-check-if-user-is-member-of-the-YunoHost-Apps

Browse source 
fix check if user is member of the YunoHost-Apps
This commit is contained in:
Kayou 2021-01-22 10:40:54 +01:00 committed by GitHub
commit e3d2dc3046
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
run.py
View file

@ -1030,9 +1030,17 @@ async def github(request):
# Nothing to do but success anyway (204 = No content) # Nothing to do but success anyway (204 = No content)
abort(204, "Nothing to do") abort(204, "Nothing to do")
# We only accept this from people which are member/owner of the org/repo # We only accept this from people which are member of the org
# https://docs.github.com/en/free-pro-team@latest/graphql/reference/enums#commentauthorassociation # https://docs.github.com/en/rest/reference/orgs#check-organization-membership-for-a-user
if hook_infos["comment"]["author_association"] not in ["MEMBER", "OWNER", "COLLABORATOR", "CONTRIBUTOR"]: # We need a token an we can't rely on "author_association" because sometimes, users are members in Private,
# which is not represented in the original webhook
async def is_user_in_organization(user):
token = open("./github_bot_token").read().strip()
async with aiohttp.ClientSession(headers={"Authorization": f"token {token}", "Accept": "application/vnd.github.v3+json"}) as session:
await resp = session.get(f"https://api.github.com/orgs/YunoHost-Apps/members/{user}")
return resp.status == 204
if not await is_user_in_organization(hook_infos["comment"]["user"]["login"]):
# Unauthorized # Unauthorized
abort(403, "Unauthorized") abort(403, "Unauthorized")