Validate repo scope for POST requests
What does this MR do and why?
This change adds a check for the repo scope when importing to ensure API requests are properly validated.
A follow-up to !141510 (merged)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- check out this branch and restart the gdk
- in a terminal window tail the importer log
tail -f log/importer.log
- log in to GitHub and ensure you have a project created there
- create a new token that only has a
delete:packages
scope. - make an api request using the new token:
curl --location 'http://gdk.test:3000/api/v4/import/github' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer [YOUR GDK TOKEN]' \
--data '{
"personal_access_token": "[YOUR NEW GITHUB DELETE:PACKAGES TOKEN]",
"repo_id": "[ID OF YOUR GITHUB PROJECT]",
"target_namespace": "root",
"new_name": "repo-205",
"optional_stages": {
"attachments_import": false,
"collaborators_import": false
}
}'
- observe the error response:
{"errors":"Your GitHub access token does not have the correct scope to import."}%
- observe the Importer log display an error message:
"feature_category":"importers",
"import_type":"github",
"severity":"ERROR",
"time":"2024-01-15T11:16:18.611Z",
"correlation_id":"XXXXXXXX",
"meta.caller_id":"POST /api/:version/import/github",
"meta.remote_ip":"172.16.123.1",
"meta.feature_category":"importers",
"meta.user":"root",
"meta.user_id":1,
"meta.client_id":"user/1",
"message":"Error while attempting to import from GitHub",
"error":"Invalid Scope"}
Related to #434442 (closed)
Edited by Carla Drago