From a255cfd22a33648dc9b84dac67c2a648dfa9b748 Mon Sep 17 00:00:00 2001 From: Abhijeet Kasurde Date: Tue, 9 May 2017 18:22:13 +0530 Subject: [PATCH] Check login_token for user before any operations (#23600) Fix adds extra check if user is authorized or not while using login_token. Fixes https://github.com/ansible/ansible/issues/23033 Signed-off-by: Abhijeet Kasurde --- lib/ansible/modules/source_control/gitlab_group.py | 11 ++++++++++- lib/ansible/modules/source_control/gitlab_project.py | 8 ++++++++ lib/ansible/modules/source_control/gitlab_user.py | 8 ++++++++ 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/lib/ansible/modules/source_control/gitlab_group.py b/lib/ansible/modules/source_control/gitlab_group.py index a9eb46785f1..26f9c9abb4e 100644 --- a/lib/ansible/modules/source_control/gitlab_group.py +++ b/lib/ansible/modules/source_control/gitlab_group.py @@ -165,7 +165,8 @@ def main(): ) if not HAS_GITLAB_PACKAGE: - module.fail_json(msg="Missing requried gitlab module (check docs or install with: pip install pyapi-gitlab") + module.fail_json(msg="Missing required gitlab module (check docs or " + "install with: pip install pyapi-gitlab") server_url = module.params['server_url'] verify_ssl = module.params['validate_certs'] @@ -200,6 +201,14 @@ def main(): e = get_exception() module.fail_json(msg="Failed to connect to Gitlab server: %s " % e) + # Check if user is authorized or not before proceeding to any operations + # if not, exit from here + auth_msg = git.currentuser().get('message', None) + if auth_msg is not None and auth_msg == '401 Unauthorized': + module.fail_json(msg='User unauthorized', + details="User is not allowed to access Gitlab server " + "using login_token. Please check login_token") + # Validate if group exists and take action based on "state" group = GitLabGroup(module, git) group_name = group_name.lower() diff --git a/lib/ansible/modules/source_control/gitlab_project.py b/lib/ansible/modules/source_control/gitlab_project.py index 636e497ee8c..34f558f9b33 100644 --- a/lib/ansible/modules/source_control/gitlab_project.py +++ b/lib/ansible/modules/source_control/gitlab_project.py @@ -375,6 +375,14 @@ def main(): e = get_exception() module.fail_json(msg="Failed to connect to Gitlab server: %s " % e) + # Check if user is authorized or not before proceeding to any operations + # if not, exit from here + auth_msg = git.currentuser().get('message', None) + if auth_msg is not None and auth_msg == '401 Unauthorized': + module.fail_json(msg='User unauthorized', + details="User is not allowed to access Gitlab server " + "using login_token. Please check login_token") + # Validate if project exists and take action based on "state" project = GitLabProject(module, git) project_exists = project.existsProject(group_name, project_name) diff --git a/lib/ansible/modules/source_control/gitlab_user.py b/lib/ansible/modules/source_control/gitlab_user.py index 7133ecb3dd4..09682626c23 100644 --- a/lib/ansible/modules/source_control/gitlab_user.py +++ b/lib/ansible/modules/source_control/gitlab_user.py @@ -340,6 +340,14 @@ def main(): e = get_exception() module.fail_json(msg="Failed to connect to Gitlab server: %s " % e) + # Check if user is authorized or not before proceeding to any operations + # if not, exit from here + auth_msg = git.currentuser().get('message', None) + if auth_msg is not None and auth_msg == '401 Unauthorized': + module.fail_json(msg='User unauthorized', + details="User is not allowed to access Gitlab server " + "using login_token. Please check login_token") + # Validate if group exists and take action based on "state" user = GitLabUser(module, git)