Fix empty agent token (#1890)

Using an empty token for an agent was returning the first agent from the
database as the orm is not adding where clauses for empty strings of a
model when querying.

# Huge thanks for reporting and explaining the issue ❤️ 

- Dominik Heidler
- Timo Tomasini
This commit is contained in:
Anbraten 2023-06-28 01:22:19 +02:00 committed by GitHub
parent 456725dde7
commit b57b6f27f6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 62 additions and 0 deletions

View file

@ -15,6 +15,8 @@
package datastore package datastore
import ( import (
"errors"
"github.com/woodpecker-ci/woodpecker/server/model" "github.com/woodpecker-ci/woodpecker/server/model"
) )
@ -29,6 +31,10 @@ func (s storage) AgentFind(id int64) (*model.Agent, error) {
} }
func (s storage) AgentFindByToken(token string) (*model.Agent, error) { func (s storage) AgentFindByToken(token string) (*model.Agent, error) {
// Searching with an empty token would result in an empty where clause and therefore returning first item
if token == "" {
return nil, errors.New("Please provide a token")
}
agent := &model.Agent{ agent := &model.Agent{
Token: token, Token: token,
} }

View file

@ -0,0 +1,56 @@
// Copyright 2023 Woodpecker Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package datastore
import (
"testing"
"github.com/woodpecker-ci/woodpecker/server/model"
)
func TestAgentFindByToken(t *testing.T) {
store, closer := newTestStore(t, new(model.Agent))
defer closer()
agent := &model.Agent{
ID: int64(1),
Name: "test",
Token: "secret-token",
}
if err := store.AgentCreate(agent); err != nil {
t.Errorf("Unexpected error: insert agent: %s", err)
return
}
_agent, err := store.AgentFindByToken(agent.Token)
if err != nil {
t.Error(err)
return
}
if got, want := _agent.ID, int64(1); got != want {
t.Errorf("Want config id %d, got %d", want, got)
}
_agent, err = store.AgentFindByToken("")
if err == nil || err.Error() != "Please provide a token" {
t.Errorf("Expected to get an error for an empty token, but got %s", err)
return
}
if _agent != nil {
t.Errorf("Expected to not find an agent")
return
}
}