Check login_token for user before any operations (#23600)

Fix adds extra check if user is authorized or not while using login_token. Fixes https://github.com/ansible/ansible/issues/23033 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
2017-05-09 18:22:13 +05:30 · 2017-05-09 18:22:13 +05:30 · a255cfd22a
commit a255cfd22a
parent e99815e9f5
3 changed files with 26 additions and 1 deletions
--- a/lib/ansible/modules/source_control/gitlab_group.py
+++ b/lib/ansible/modules/source_control/gitlab_group.py
@ -165,7 +165,8 @@ def main():
    )

    if not HAS_GITLAB_PACKAGE:
-        module.fail_json(msg="Missing requried gitlab module (check docs or install with: pip install pyapi-gitlab")
+        module.fail_json(msg="Missing required gitlab module (check docs or "
+                             "install with: pip install pyapi-gitlab")

    server_url = module.params['server_url']
    verify_ssl = module.params['validate_certs']
@ -200,6 +201,14 @@ def main():
        e = get_exception()
        module.fail_json(msg="Failed to connect to Gitlab server: %s " % e)

+    # Check if user is authorized or not before proceeding to any operations
+    # if not, exit from here
+    auth_msg = git.currentuser().get('message', None)
+    if auth_msg is not None and auth_msg == '401 Unauthorized':
+        module.fail_json(msg='User unauthorized',
+                         details="User is not allowed to access Gitlab server "
+                                 "using login_token. Please check login_token")
+
    # Validate if group exists and take action based on "state"
    group = GitLabGroup(module, git)
    group_name = group_name.lower()
--- a/lib/ansible/modules/source_control/gitlab_project.py
+++ b/lib/ansible/modules/source_control/gitlab_project.py
@ -375,6 +375,14 @@ def main():
        e = get_exception()
        module.fail_json(msg="Failed to connect to Gitlab server: %s " % e)

+    # Check if user is authorized or not before proceeding to any operations
+    # if not, exit from here
+    auth_msg = git.currentuser().get('message', None)
+    if auth_msg is not None and auth_msg == '401 Unauthorized':
+        module.fail_json(msg='User unauthorized',
+                         details="User is not allowed to access Gitlab server "
+                                 "using login_token. Please check login_token")
+
    # Validate if project exists and take action based on "state"
    project = GitLabProject(module, git)
    project_exists = project.existsProject(group_name, project_name)
--- a/lib/ansible/modules/source_control/gitlab_user.py
+++ b/lib/ansible/modules/source_control/gitlab_user.py
@ -340,6 +340,14 @@ def main():
        e = get_exception()
        module.fail_json(msg="Failed to connect to Gitlab server: %s " % e)

+    # Check if user is authorized or not before proceeding to any operations
+    # if not, exit from here
+    auth_msg = git.currentuser().get('message', None)
+    if auth_msg is not None and auth_msg == '401 Unauthorized':
+        module.fail_json(msg='User unauthorized',
+                         details="User is not allowed to access Gitlab server "
+                                 "using login_token. Please check login_token")
+
    # Validate if group exists and take action based on "state"
    user = GitLabUser(module, git)