Inicio Explorar Axuda
Iniciar sesión
akillibulut
/
porter
réplica de https://github.com/porter-dev/porter
2
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

fix panic when webhook token not found and user id doesn't exist

Alexander Belanger %!s(int64=4) %!d(string=hai) anos
pai
0eccbb87da
achega
92c878c876
Modificáronse 2 ficheiros con 31 adicións e 3 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 10 0
      server/api/release_handler.go
  2. 21 3
      server/middleware/auth.go

+ 10 - 0
server/api/release_handler.go
Ver ficheiro 

@@ -777,6 +777,8 @@ func (app *App) HandleGetReleaseToken(w http.ResponseWriter, r *http.Request) {
 
 			Code:   ErrReleaseReadData,
 
 			Errors: []string{"release not found"},
 
 		}, w)
 
+
 
+		return
 
 	}
 
 
 	release, err := app.Repo.Release.ReadRelease(uint(clusterID), name, namespace)
 
@@ -786,6 +788,8 @@ func (app *App) HandleGetReleaseToken(w http.ResponseWriter, r *http.Request) {
 
 			Code:   ErrReleaseReadData,
 
 			Errors: []string{"release not found"},
 
 		}, w)
 
+
 
+		return
 
 	}
 
 
 	releaseExt := release.Externalize()
 
@@ -807,6 +811,8 @@ func (app *App) HandleCreateWebhookToken(w http.ResponseWriter, r *http.Request)
 
 			Code:   ErrReleaseReadData,
 
 			Errors: []string{"release not found"},
 
 		}, w)
 
+
 
+		return
 
 	}
 
 
 	// read the release from the target cluster
 
@@ -1056,6 +1062,8 @@ func (app *App) HandleUpgradeRelease(w http.ResponseWriter, r *http.Request) {
 
 				Code:   ErrReleaseReadData,
 
 				Errors: []string{"release not found"},
 
 			}, w)
 
+
 
+			return
 
 		}
 
 
 		release, err := app.Repo.Release.ReadRelease(uint(clusterID), name, rel.Namespace)
 
@@ -1458,6 +1466,8 @@ func (app *App) HandleRollbackRelease(w http.ResponseWriter, r *http.Request) {
 
 				Code:   ErrReleaseReadData,
 
 				Errors: []string{"release not found"},
 
 			}, w)
 
+
 
+			return
 
 		}
 
 
 		release, err := app.Repo.Release.ReadRelease(uint(clusterID), name, rel.Namespace)

+ 21 - 3
server/middleware/auth.go
Ver ficheiro 

@@ -210,7 +210,13 @@ func (auth *Auth) DoesUserHaveProjectAccess(
 
 			}
 
 
 			sessionUserID, ok := session.Values["user_id"]
 
-			userID = sessionUserID.(uint)
 
+
 
+			if !ok {
 
+				http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 
+				return
 
+			}
 
+
 
+			userID, ok = sessionUserID.(uint)
 
 
 			if !ok {
 
 				http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 
@@ -440,7 +446,13 @@ func (auth *Auth) DoesUserHaveGitInstallationAccess(
 
 			}
 
 
 			sessionUserID, ok := session.Values["user_id"]
 
-			userID = sessionUserID.(uint)
 
+
 
+			if !ok {
 
+				http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 
+				return
 
+			}
 
+
 
+			userID, ok = sessionUserID.(uint)
 
 
 			if !ok {
 
 				http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 
@@ -741,7 +753,13 @@ func (auth *Auth) DoesUserHaveDOIntegrationAccess(
 
 func (auth *Auth) doesSessionMatchID(r *http.Request, id uint) bool {
 
 	session, _ := auth.store.Get(r, auth.cookieName)
 
 
-	if sessID, ok := session.Values["user_id"].(uint); !ok || sessID != id {
 
+	userID, ok := session.Values["user_id"]
 
+
 
+	if !ok {
 
+		return false
 
+	}
 
+
 
+	if sessID, ok := userID.(uint); !ok || sessID != id {
 
 		return false
 
 	}