forked from lix-project/hydra
web: require permissions for /api/push
This commit is contained in:
parent
fd7fd0ad65
commit
e5a8ee5c17
GPG key ID:
6FB80DCD84DA0F1C
|
|
@ -242,23 +242,35 @@ sub push : Chained('api') PathPart('push') Args(0) {
|
||||||
$c->{stash}->{json}->{jobsetsTriggered} = [];
|
$c->{stash}->{json}->{jobsetsTriggered} = [];
|
||||||
|
|
||||||
my $force = exists $c->request->query_params->{force};
|
my $force = exists $c->request->query_params->{force};
|
||||||
my @jobsets = split /,/, ($c->request->query_params->{jobsets} // "");
|
my @jobsetNames = split /,/, ($c->request->query_params->{jobsets} // "");
|
||||||
foreach my $s (@jobsets) {
|
my @jobsets;
|
||||||
|
|
||||||
|
foreach my $s (@jobsetNames) {
|
||||||
my ($p, $j) = parseJobsetName($s);
|
my ($p, $j) = parseJobsetName($s);
|
||||||
my $jobset = $c->model('DB::Jobsets')->find($p, $j);
|
my $jobset = $c->model('DB::Jobsets')->find($p, $j);
|
||||||
next unless defined $jobset && ($force || ($jobset->project->enabled && $jobset->enabled));
|
push @jobsets, $jobset if defined $jobset;
|
||||||
triggerJobset($self, $c, $jobset, $force);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
my @repos = split /,/, ($c->request->query_params->{repos} // "");
|
my @repos = split /,/, ($c->request->query_params->{repos} // "");
|
||||||
foreach my $r (@repos) {
|
foreach my $r (@repos) {
|
||||||
triggerJobset($self, $c, $_, $force) foreach $c->model('DB::Jobsets')->search(
|
foreach ($c->model('DB::Jobsets')->search(
|
||||||
{ 'project.enabled' => 1, 'me.enabled' => 1 },
|
{ 'project.enabled' => 1, 'me.enabled' => 1 },
|
||||||
{
|
{
|
||||||
join => 'project',
|
join => 'project',
|
||||||
where => \ [ 'exists (select 1 from JobsetInputAlts where project = me.project and jobset = me.name and value = ?)', [ 'value', $r ] ],
|
where => \ [ 'exists (select 1 from JobsetInputAlts where project = me.project and jobset = me.name and value = ?)', [ 'value', $r ] ],
|
||||||
order_by => 'me.id DESC'
|
order_by => 'me.id DESC'
|
||||||
});
|
})) {
|
||||||
|
push @jobsets, $_;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach my $jobset (@jobsets) {
|
||||||
|
requireRestartPrivileges($c, $jobset->project);
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach my $jobset (@jobsets) {
|
||||||
|
next unless defined $jobset && ($force || ($jobset->project->enabled && $jobset->enabled));
|
||||||
|
triggerJobset($self, $c, $jobset, $force);
|
||||||
}
|
}
|
||||||
|
|
||||||
$self->status_ok(
|
$self->status_ok(
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,17 @@ my $queuedBuilds = $ctx->makeAndEvaluateJobset(
|
||||||
build => 0
|
build => 0
|
||||||
);
|
);
|
||||||
|
|
||||||
|
# Login and save cookie for future requests
|
||||||
|
my $req = request(POST '/login',
|
||||||
|
Referer => 'http://localhost/',
|
||||||
|
Content => {
|
||||||
|
username => 'root',
|
||||||
|
password => 'rootPassword'
|
||||||
|
}
|
||||||
|
);
|
||||||
|
is($req->code, 302, "Logging in gets a 302");
|
||||||
|
my $cookie = $req->header("set-cookie");
|
||||||
|
|
||||||
subtest "/api/queue" => sub {
|
subtest "/api/queue" => sub {
|
||||||
my $response = request(GET '/api/queue?nr=1');
|
my $response = request(GET '/api/queue?nr=1');
|
||||||
ok($response->is_success, "The API enpdoint showing the queue returns 200.");
|
ok($response->is_success, "The API enpdoint showing the queue returns 200.");
|
||||||
|
|
@ -102,7 +113,7 @@ subtest "/api/nrbuilds" => sub {
|
||||||
};
|
};
|
||||||
|
|
||||||
subtest "/api/push" => sub {
|
subtest "/api/push" => sub {
|
||||||
subtest "with a specific jobset" => sub {
|
subtest "without authentication" => sub {
|
||||||
my $build = $finishedBuilds->{"one_job"};
|
my $build = $finishedBuilds->{"one_job"};
|
||||||
my $jobset = $build->jobset;
|
my $jobset = $build->jobset;
|
||||||
my $projectName = $jobset->project->name;
|
my $projectName = $jobset->project->name;
|
||||||
|
|
@ -110,6 +121,18 @@ subtest "/api/push" => sub {
|
||||||
is($jobset->forceeval, undef, "The existing jobset is not set to be forced to eval");
|
is($jobset->forceeval, undef, "The existing jobset is not set to be forced to eval");
|
||||||
|
|
||||||
my $response = request(GET "/api/push?jobsets=$projectName:$jobsetName&force=1");
|
my $response = request(GET "/api/push?jobsets=$projectName:$jobsetName&force=1");
|
||||||
|
is($response->code, 403, "The API enpdoint for triggering jobsets requires authentication.");
|
||||||
|
};
|
||||||
|
|
||||||
|
subtest "with a specific jobset" => sub {
|
||||||
|
my $build = $finishedBuilds->{"one_job"};
|
||||||
|
my $jobset = $build->jobset;
|
||||||
|
my $projectName = $jobset->project->name;
|
||||||
|
my $jobsetName = $jobset->name;
|
||||||
|
is($jobset->forceeval, undef, "The existing jobset is not set to be forced to eval");
|
||||||
|
|
||||||
|
my $response = request(GET "/api/push?jobsets=$projectName:$jobsetName&force=1",
|
||||||
|
Cookie => $cookie);
|
||||||
ok($response->is_success, "The API enpdoint for triggering jobsets returns 200.");
|
ok($response->is_success, "The API enpdoint for triggering jobsets returns 200.");
|
||||||
|
|
||||||
my $data = is_json($response);
|
my $data = is_json($response);
|
||||||
|
|
@ -128,7 +151,8 @@ subtest "/api/push" => sub {
|
||||||
|
|
||||||
print STDERR $repo;
|
print STDERR $repo;
|
||||||
|
|
||||||
my $response = request(GET "/api/push?repos=$repo&force=1");
|
my $response = request(GET "/api/push?repos=$repo&force=1",
|
||||||
|
Cookie => $cookie);
|
||||||
ok($response->is_success, "The API enpdoint for triggering jobsets returns 200.");
|
ok($response->is_success, "The API enpdoint for triggering jobsets returns 200.");
|
||||||
|
|
||||||
my $data = is_json($response);
|
my $data = is_json($response);
|
||||||
|
|
|
||||||
|
|
@ -11,20 +11,14 @@ my $ctx = test_context();
|
||||||
|
|
||||||
Catalyst::Test->import('Hydra');
|
Catalyst::Test->import('Hydra');
|
||||||
|
|
||||||
my $user = $ctx->db()->resultset('Users')->create({
|
$ctx->db(); # Ensure DB initialization.
|
||||||
username => 'alice',
|
|
||||||
emailaddress => 'root@invalid.org',
|
|
||||||
password => '!'
|
|
||||||
});
|
|
||||||
$user->setPassword('foobar');
|
|
||||||
$user->userroles->update_or_create({ role => 'admin' });
|
|
||||||
|
|
||||||
# Login and save cookie for future requests
|
# Login and save cookie for future requests
|
||||||
my $req = request(POST '/login',
|
my $req = request(POST '/login',
|
||||||
Referer => 'http://localhost/',
|
Referer => 'http://localhost/',
|
||||||
Content => {
|
Content => {
|
||||||
username => 'alice',
|
username => 'root',
|
||||||
password => 'foobar'
|
password => 'rootPassword'
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
is($req->code, 302, "Logging in gets a 302");
|
is($req->code, 302, "Logging in gets a 302");
|
||||||
|
|
|
||||||
|
|
@ -115,11 +115,13 @@ sub db {
|
||||||
$self->{_db} = Hydra::Model::DB->new();
|
$self->{_db} = Hydra::Model::DB->new();
|
||||||
|
|
||||||
if (!(defined $setup && $setup == 0)) {
|
if (!(defined $setup && $setup == 0)) {
|
||||||
$self->{_db}->resultset('Users')->create({
|
my $user = $self->{_db}->resultset('Users')->create({
|
||||||
username => "root",
|
username => "root",
|
||||||
emailaddress => 'root@invalid.org',
|
emailaddress => 'root@invalid.org',
|
||||||
password => ''
|
password => '!'
|
||||||
});
|
});
|
||||||
|
$user->setPassword('rootPassword');
|
||||||
|
$user->userroles->update_or_create({ role => 'admin' });
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue