Commit e0ec12fb authored by Martin Lowe's avatar Martin Lowe 🇨🇦 Committed by Martin Lowe
Browse files

Add reverse case for github noreply email addresses

parent ed361791
......@@ -27,6 +27,7 @@ import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.binary.StringUtils;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.rest.client.inject.RestClient;
import org.eclipsefoundation.git.eca.api.AccountsAPI;
......@@ -502,22 +503,31 @@ public class ValidationResource {
LOGGER.debug("Checking user with mail {} for no-reply", user.getMail());
boolean isNoReply = patterns.stream().anyMatch(pattern -> pattern.matcher(user.getMail().trim()).find());
if (isNoReply) {
String[] nameParts = user.getMail().split("[\\+@]");
// check if the userName part is not null/empty in the email address
if (nameParts[0] != null && nameParts[0].trim().length() > 0) {
// grab the portion before the first + symbol, which tends to indicate a user account
String uname = nameParts[0].trim();
LOGGER.debug("User with mail {} detected as noreply account, checking services for username match on '{}'",
user.getMail(), uname);
// check github for no-reply (only allowed noreply currently)
if (user.getMail().endsWith("noreply.github.com")) {
try {
// check for Github no reply + return as its the last shot
return accounts.getUserByGithubUname("Bearer " + oauth.getToken(), uname);
} catch(WebApplicationException e) {
LOGGER.warn("No match for '{}' in Github", uname);
// get the username/ID string before the first @ symbol.
String noReplyUser = user.getMail().substring(0, user.getMail().indexOf("@", 0));
// for each username part broken up by a +, check the second string (contains user)
String[] nameParts = noReplyUser.split("[\\+]");
String namePart;
if (nameParts.length > 1 && nameParts[1] != null) {
namePart = nameParts[1];
} else {
namePart = nameParts[0];
}
// grab the portion before the first + symbol, which tends to indicate a user account
String uname = namePart.trim();
LOGGER.debug("User with mail {} detected as noreply account, checking services for username match on '{}'",
user.getMail(), uname);
// check github for no-reply (only allowed noreply currently)
if (user.getMail().endsWith("noreply.github.com")) {
try {
// check for Github no reply, return if set
EclipseUser eclipseUser = accounts.getUserByGithubUname("Bearer " + oauth.getToken(), uname);
if (eclipseUser != null) {
return eclipseUser;
}
} catch(WebApplicationException e) {
LOGGER.warn("No match for '{}' in Github", uname);
}
}
}
......
......@@ -1015,10 +1015,38 @@ class ValidationResourceTest {
given().body(vr).contentType(ContentType.JSON).when().post("/eca").then().statusCode(403);
}
@Test
void validateGithubNoReply_legacy() throws URISyntaxException {
GitUser g1 = new GitUser();
g1.setName("grunter");
g1.setMail("grunter@users.noreply.github.com");
List<Commit> commits = new ArrayList<>();
// create sample commits
Commit c1 = new Commit();
c1.setAuthor(g1);
c1.setCommitter(g1);
c1.setHash("123456789abcdefghijklmnop");
c1.setSubject("All of the things");
c1.setParents(Arrays.asList("46bb69bf6aa4ed26b2bf8c322ae05bef0bcc5c10"));
commits.add(c1);
ValidationRequest vr = new ValidationRequest();
vr.setProvider(ProviderType.GERRIT);
vr.setRepoUrl(new URI("/gitroot/sample/gerrit.other-project"));
vr.setCommits(commits);
vr.setStrictMode(true);
// test output w/ assertions
// Should be valid as grunter used a no-reply Github account and has a matching GH handle
given().body(vr).contentType(ContentType.JSON).when().post("/eca").then().statusCode(200);
}
@Test
void validateGithubNoReply_success() throws URISyntaxException {
// sometimes the user ID and user name are reversed
GitUser g1 = new GitUser();
g1.setName("grunter");
g1.setMail("grunter+123456789@users.noreply.github.com");
g1.setMail("123456789+grunter@users.noreply.github.com");
List<Commit> commits = new ArrayList<>();
// create sample commits
......@@ -1040,10 +1068,37 @@ class ValidationResourceTest {
given().body(vr).contentType(ContentType.JSON).when().post("/eca").then().statusCode(200);
}
@Test
void validateGithubNoReply_nomatch() throws URISyntaxException {
GitUser g1 = new GitUser();
g1.setName("some_guy");
g1.setMail("some_guy+123456789@users.noreply.github.com");
g1.setMail("123456789+some_guy@users.noreply.github.com");
List<Commit> commits = new ArrayList<>();
// create sample commits
Commit c1 = new Commit();
c1.setAuthor(g1);
c1.setCommitter(g1);
c1.setHash("123456789abcdefghijklmnop");
c1.setSubject("All of the things");
c1.setParents(Arrays.asList("46bb69bf6aa4ed26b2bf8c322ae05bef0bcc5c10"));
commits.add(c1);
ValidationRequest vr = new ValidationRequest();
vr.setProvider(ProviderType.GERRIT);
vr.setRepoUrl(new URI("/gitroot/sample/gerrit.other-project"));
vr.setCommits(commits);
vr.setStrictMode(true);
// test output w/ assertions
// Should be invalid as no user exists with "Github" handle that matches some_guy
given().body(vr).contentType(ContentType.JSON).when().post("/eca").then().statusCode(403);
}
@Test
void validateGithubNoReply_nomatch_legacy() throws URISyntaxException {
GitUser g1 = new GitUser();
g1.setName("some_guy");
g1.setMail("some_guy@users.noreply.github.com");
List<Commit> commits = new ArrayList<>();
// create sample commits
......@@ -1069,7 +1124,7 @@ class ValidationResourceTest {
void validateAllowListAuthor_success() throws URISyntaxException {
GitUser g1 = new GitUser();
g1.setName("grunter");
g1.setMail("grunter+123456789@users.noreply.github.com");
g1.setMail("grunter@users.noreply.github.com");
GitUser g2 = new GitUser();
g2.setName("grunter");
g2.setMail("noreply@github.com");
......@@ -1098,7 +1153,7 @@ class ValidationResourceTest {
void validateAllowListCommitter_success() throws URISyntaxException {
GitUser g1 = new GitUser();
g1.setName("grunter");
g1.setMail("grunter+123456789@users.noreply.github.com");
g1.setMail("grunter@users.noreply.github.com");
GitUser g2 = new GitUser();
g2.setName("grunter");
g2.setMail("noreply@github.com");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment