Skip to content

Validate repo scope for POST requests

Carla Drago requested to merge 434442-validate-repo-scope into master

What does this MR do and why?

This change adds a check for the repo scope when importing to ensure API requests are properly validated.

A follow-up to !141510 (merged)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. check out this branch and restart the gdk
  2. in a terminal window tail the importer log tail -f log/importer.log
  3. log in to GitHub and ensure you have a project created there
  4. create a new token that only has a delete:packages scope.
  5. make an api request using the new token:
curl --location 'http://gdk.test:3000/api/v4/import/github' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer [YOUR GDK TOKEN]' \
--data '{
    "personal_access_token": "[YOUR NEW GITHUB DELETE:PACKAGES TOKEN]",
    "repo_id": "[ID OF YOUR GITHUB PROJECT]",
    "target_namespace": "root",
    "new_name": "repo-205",
    "optional_stages": {
      "attachments_import": false,
      "collaborators_import": false
    }
}'
  1. observe the error response: {"errors":"Your GitHub access token does not have the correct scope to import."}%
  2. observe the Importer log display an error message:
"feature_category":"importers",
"import_type":"github",
"severity":"ERROR",
"time":"2024-01-15T11:16:18.611Z",
"correlation_id":"XXXXXXXX",
"meta.caller_id":"POST /api/:version/import/github",
"meta.remote_ip":"172.16.123.1",
"meta.feature_category":"importers",
"meta.user":"root",
"meta.user_id":1,
"meta.client_id":"user/1",
"message":"Error while attempting to import from GitHub",
"error":"Invalid Scope"}

Related to #434442 (closed)

Edited by Carla Drago

Merge request reports