This is an automated email from the ASF dual-hosted git repository.
kentontaylor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git
The following commit(s) were added to refs/heads/master by this push:
new 3cb7c66d6 [#8454] prevent anonymous github project imports
3cb7c66d6 is described below
commit 3cb7c66d6b6f53b30d2edf95759b901d57e6de2d
Author: Guillermo Cruz <[email protected]>
AuthorDate: Mon Aug 22 13:11:54 2022 -0600
[#8454] prevent anonymous github project imports
---
ForgeImporters/forgeimporters/github/__init__.py | 3 +++
.../forgeimporters/tests/github/functional/test_github.py | 6 ++++++
2 files changed, 9 insertions(+)
diff --git a/ForgeImporters/forgeimporters/github/__init__.py
b/ForgeImporters/forgeimporters/github/__init__.py
index d0a4d26b2..34dab0a3f 100644
--- a/ForgeImporters/forgeimporters/github/__init__.py
+++ b/ForgeImporters/forgeimporters/github/__init__.py
@@ -226,6 +226,9 @@ class GitHubOAuthMixin:
'''
def oauth_begin(self, scope=None): # type: (list[str]) -> None
+ if c.user.is_anonymous():
+ log.info("User needs authorization before importing a project")
+ return None
client_id = config.get('github_importer.client_id')
secret = config.get('github_importer.client_secret')
if not client_id or not secret:
diff --git
a/ForgeImporters/forgeimporters/tests/github/functional/test_github.py
b/ForgeImporters/forgeimporters/tests/github/functional/test_github.py
index 0068e6e29..57cb9b228 100644
--- a/ForgeImporters/forgeimporters/tests/github/functional/test_github.py
+++ b/ForgeImporters/forgeimporters/tests/github/functional/test_github.py
@@ -92,3 +92,9 @@ class TestGitHubOAuth(TestController):
auth=requests.auth.HTTPBasicAuth('client_id', 'secret'),
json={'access_token':
'abc'},
timeout=10)
+
+
+ def test_project_import_login_required(self):
+ r = self.app.get('/p/import_project/github/',
extra_environ=dict(username='*anonymous'))
+ assert_equal(None, r.location)
+ r.mustcontain('Login Required')
