mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-26 20:34:04 +01:00
Check the token's owner and repository when registering a runner (#30406)
Fix #30378 (cherry picked from commit 0fe9f93eb4c94d55e43b18b9c3cc6d513a34c0b5) Conflicts: - models/organization/org.go - services/repository/delete.go - services/user/delete.go In all three cases, conflicts were resolved by manually adding the lines added by the Gitea patch, keeping the Forgejo code surrounding them.
This commit is contained in:
parent
7d0ea92da4
commit
463ea8fdd2
4 changed files with 19 additions and 0 deletions
|
@ -9,6 +9,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
actions_model "code.gitea.io/gitea/models/actions"
|
||||||
"code.gitea.io/gitea/models/db"
|
"code.gitea.io/gitea/models/db"
|
||||||
"code.gitea.io/gitea/models/perm"
|
"code.gitea.io/gitea/models/perm"
|
||||||
repo_model "code.gitea.io/gitea/models/repo"
|
repo_model "code.gitea.io/gitea/models/repo"
|
||||||
|
@ -401,6 +402,8 @@ func DeleteOrganization(ctx context.Context, org *Organization) error {
|
||||||
&TeamUnit{OrgID: org.ID},
|
&TeamUnit{OrgID: org.ID},
|
||||||
&TeamInvite{OrgID: org.ID},
|
&TeamInvite{OrgID: org.ID},
|
||||||
&secret_model.Secret{OwnerID: org.ID},
|
&secret_model.Secret{OwnerID: org.ID},
|
||||||
|
&actions_model.ActionRunner{OwnerID: org.ID},
|
||||||
|
&actions_model.ActionRunnerToken{OwnerID: org.ID},
|
||||||
); err != nil {
|
); err != nil {
|
||||||
return fmt.Errorf("DeleteBeans: %w", err)
|
return fmt.Errorf("DeleteBeans: %w", err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,6 +9,8 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
actions_model "code.gitea.io/gitea/models/actions"
|
actions_model "code.gitea.io/gitea/models/actions"
|
||||||
|
repo_model "code.gitea.io/gitea/models/repo"
|
||||||
|
user_model "code.gitea.io/gitea/models/user"
|
||||||
"code.gitea.io/gitea/modules/actions"
|
"code.gitea.io/gitea/modules/actions"
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/util"
|
"code.gitea.io/gitea/modules/util"
|
||||||
|
@ -54,6 +56,18 @@ func (s *Service) Register(
|
||||||
return nil, errors.New("runner registration token has been invalidated, please use the latest one")
|
return nil, errors.New("runner registration token has been invalidated, please use the latest one")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if runnerToken.OwnerID > 0 {
|
||||||
|
if _, err := user_model.GetUserByID(ctx, runnerToken.OwnerID); err != nil {
|
||||||
|
return nil, errors.New("owner of the token not found")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if runnerToken.RepoID > 0 {
|
||||||
|
if _, err := repo_model.GetRepositoryByID(ctx, runnerToken.RepoID); err != nil {
|
||||||
|
return nil, errors.New("repository of the token not found")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
labels := req.Msg.Labels
|
labels := req.Msg.Labels
|
||||||
// TODO: agent_labels should be removed from pb after Gitea 1.20 released.
|
// TODO: agent_labels should be removed from pb after Gitea 1.20 released.
|
||||||
// Old version runner's agent_labels slice is not empty and labels slice is empty.
|
// Old version runner's agent_labels slice is not empty and labels slice is empty.
|
||||||
|
|
|
@ -163,6 +163,7 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID
|
||||||
&actions_model.ActionSchedule{RepoID: repoID},
|
&actions_model.ActionSchedule{RepoID: repoID},
|
||||||
&actions_model.ActionArtifact{RepoID: repoID},
|
&actions_model.ActionArtifact{RepoID: repoID},
|
||||||
&repo_model.RepoArchiveDownloadCount{RepoID: repoID},
|
&repo_model.RepoArchiveDownloadCount{RepoID: repoID},
|
||||||
|
&actions_model.ActionRunnerToken{RepoID: repoID},
|
||||||
); err != nil {
|
); err != nil {
|
||||||
return fmt.Errorf("deleteBeans: %w", err)
|
return fmt.Errorf("deleteBeans: %w", err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -95,6 +95,7 @@ func deleteUser(ctx context.Context, u *user_model.User, purge bool) (err error)
|
||||||
&actions_model.ActionRunner{OwnerID: u.ID},
|
&actions_model.ActionRunner{OwnerID: u.ID},
|
||||||
&user_model.BlockedUser{BlockID: u.ID},
|
&user_model.BlockedUser{BlockID: u.ID},
|
||||||
&user_model.BlockedUser{UserID: u.ID},
|
&user_model.BlockedUser{UserID: u.ID},
|
||||||
|
&actions_model.ActionRunnerToken{OwnerID: u.ID},
|
||||||
); err != nil {
|
); err != nil {
|
||||||
return fmt.Errorf("deleteBeans: %w", err)
|
return fmt.Errorf("deleteBeans: %w", err)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue