feat: Add additional checks for endpoints
3 unresolved threads
3 unresolved threads
Resolves #20 (closed)
Merge request reports
Activity
Filter activity
requested review from @malowe
89 137 */ 90 private DrupalUserInfo getTokenUser() { 91 DrupalUserInfo tokenUser = (DrupalUserInfo) request.getAttribute(OAuthFilter.TOKEN_USER); 92 if (tokenUser == null) { 93 throw new FinalForbiddenException("No user associated with this token"); 138 private void validateSigningRequest(AgreementSigningRequest request) { 139 if (!StringUtils.isNumeric(request.getVersion()) || Double.parseDouble(request.getVersion()) != docVersion) { 140 throw new BadRequestException("The version of the agreement is missing or invalid"); 141 } 142 143 if (StringUtils.isBlank(request.getGithubHandle())) { 144 throw new BadRequestException("The github_handle is missing or invalid"); 145 } 146 147 // Ensure GH handle from current user same as in request body. 148 if (!StringUtils.equalsIgnoreCase(getTokenUser().getGithubHandle(), request.getGithubHandle())) { As per the access function: https://gitlab.eclipse.org/eclipsefdn/it/websites/drupal/eclipse_api/-/blob/7.x-1.x/resources/publisher_agreements/openvsx.inc#L30
Only an owner can create or fetch his own agreement
156 .setComments("Generated by api.eclipse.org/openvsx/publisher_agreement") 119 157 .build(); 120 158 } 159 160 /** 161 * Encodes the given document into a Json String. 162 * 163 * @param document the desired document to encode 164 * @return A json String containing the document data 165 */ 166 private String encodeDocumentBody(DocumentBody document) { 167 try { 168 return objectMapper.writeValueAsString(document); 169 } catch (Exception e) { 170 LOGGER.error("Error while encoding document body", e); 171 return ""; changed this line in version 9 of the diff
5 * available under the terms of the Eclipse Public License 2.0 6 * which is available at https://www.eclipse.org/legal/epl-2.0/ 7 * 8 * Author: Zachary Sabourin <zachary.sabourin@eclipse-foundation.org> 9 * 10 * SPDX-License-Identifier: EPL-2.0 11 **********************************************************************/ 12 package org.eclipsefoundation.openvsx.services; 13 14 import java.util.Optional; 15 16 import org.eclipsefoundation.foundationdb.client.model.PeopleDocumentData; 17 import org.eclipsefoundation.foundationdb.client.model.SysModLogData; 18 import org.eclipsefoundation.openvsx.api.models.EfUser; 19 import org.eclipsefoundation.openvsx.api.models.ModLogHeaders; 20 mentioned in commit 1d3d35bb
Please register or sign in to reply