Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

webhooks: Rename is_webhook to allow_webhook_access. 

This argument does not define if an endpoint "is a webhook"; it is set
for "/api/v1/messages", which is not really a webhook, but allows
access from webhooks.
This commit is contained in:
Alex Vandiver 2020-09-21 15:38:29 -07:00 committed by Tim Abbott
parent b515c2bcbf
commit d24869e484
3 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
zerver/decorator.py
View File

@ -188,7 +188,7 @@ class InvalidZulipServerKeyError(InvalidZulipServerError):
return "Zulip server auth failure: key does not match role {role}"
def validate_api_key(request: HttpRequest, role: Optional[str],
api_key: str, is_webhook: bool=False,
api_key: str, allow_webhook_access: bool=False,
client_name: Optional[str]=None) -> Union[UserProfile, "RemoteZulipServer"]:
# Remove whitespace to protect users from trivial errors.
api_key = api_key.strip()
@ -213,7 +213,7 @@ def validate_api_key(request: HttpRequest, role: Optional[str],
return remote_server
user_profile = access_user_by_api_key(request, api_key, email=role)
if user_profile.is_incoming_webhook and not is_webhook:
if user_profile.is_incoming_webhook and not allow_webhook_access:
raise JsonableError(_("This API is not available to incoming webhook bots."))
request.user = user_profile
@ -285,7 +285,7 @@ def webhook_view(
@wraps(view_func)
def _wrapped_func_arguments(request: HttpRequest, api_key: str=REQ(),
*args: object, **kwargs: object) -> HttpResponse:
user_profile = validate_api_key(request, None, api_key, is_webhook=True,
user_profile = validate_api_key(request, None, api_key, allow_webhook_access=True,
client_name=full_webhook_client_name(webhook_client_name))
if settings.RATE_LIMITING:
@ -510,7 +510,7 @@ def authenticated_uploads_api_view(
def authenticated_rest_api_view(
*,
webhook_client_name: Optional[str] = None,
is_webhook: bool = False,
allow_webhook_access: bool = False,
skip_rate_limiting: bool = False,
) -> Callable[[Callable[..., HttpResponse]], Callable[..., HttpResponse]]:
def _wrapped_view_func(view_func: Callable[..., HttpResponse]) -> Callable[..., HttpResponse]:
@ -535,7 +535,7 @@ def authenticated_rest_api_view(
try:
# profile is a Union[UserProfile, RemoteZulipServer]
profile = validate_api_key(request, role, api_key,
is_webhook=is_webhook or webhook_client_name is not None,
allow_webhook_access=allow_webhook_access or webhook_client_name is not None,
client_name=full_webhook_client_name(webhook_client_name))
except JsonableError as e:
return json_unauthorized(e.msg)
@ -547,7 +547,7 @@ def authenticated_rest_api_view(
target_view_func = view_func
return target_view_func(request, profile, *args, **kwargs)
except Exception as err:
if is_webhook or webhook_client_name is not None:
if allow_webhook_access or webhook_client_name is not None:
if isinstance(err, UnsupportedWebhookEventType) and webhook_client_name is not None:
err.webhook_name = webhook_client_name
request_body = request.POST.get('payload')

2
zerver/lib/rest.py
View File

@ -138,7 +138,7 @@ def rest_dispatch(request: HttpRequest, **kwargs: Any) -> HttpResponse:
# Wrap function with decorator to authenticate the user before
# proceeding
target_function = authenticated_rest_api_view(
is_webhook='allow_incoming_webhooks' in view_flags,
allow_webhook_access='allow_incoming_webhooks' in view_flags,
)(target_function)
elif request.path.startswith("/json") and 'allow_anonymous_user_web' in view_flags:
# For endpoints that support anonymous web access, we do that.

2
zerver/tests/test_decorators.py
View File

@ -1314,7 +1314,7 @@ class TestValidateApiKey(ZulipTestCase):
api_key = get_api_key(self.webhook_bot)
profile = validate_api_key(HostRequestMock(host="zulip.testserver"),
self.webhook_bot.email, api_key,
is_webhook=True)
allow_webhook_access=True)
self.assertEqual(profile.id, self.webhook_bot.id)
def test_validate_api_key_if_email_is_case_insensitive(self) -> None: