Verified Commit bc72f1f7 authored by Huste, Tobias (FWCC) - 111645's avatar Huste, Tobias (FWCC) - 111645
Browse files

delete webhooks when account is disconnected

parent df1e9fb7
Pipeline #8791 passed with stage
in 4 minutes and 39 seconds
......@@ -29,8 +29,11 @@ from invenio_oauth2server.models import Token as ProviderToken
from invenio_oauthclient.models import RemoteToken
from invenio_oauthclient.utils import oauth_link_external_id, \
oauth_unlink_external_id
from sqlalchemy.orm.exc import NoResultFound
from .api import GitLabAPI
from .models import Project
from .tasks import disconnect_gitlab
REMOTE_APP = dict(
title='GitLab',
......@@ -111,9 +114,26 @@ def disconnect_handler(remote):
webhook_token_id = extra_data.get('tokens', {}).get('webhook')
ProviderToken.query.filter_by(id=webhook_token_id).delete()
# TODO: disable GitLab webhooks here.
# Disable GitLab webhooks from Invenio side.
db_projects = Project.query.filter_by(user_id=user_id).all()
projects_with_hooks = [(p.gitlab_id, p.hook)
for p in db_projects if p.hook]
for project in db_projects:
try:
Project.disable(
user_id=user_id,
gitlab_id=project.gitlab_id,
name=project.name,
)
except NoResultFound:
# If no project exists, just skip it, no action required
pass
db.session.commit()
# Send the celery task for remote webhook removal
disconnect_gitlab.delay(token.access_token, projects_with_hooks)
# Delete the RemoteAccount (along with the associated RemoteToken)
token.remote_account.delete()
return redirect(url_for('invenio_oauthclient_settings.index'))
return redirect(url_for('invenio_oauthclient_settings.index'))
......@@ -74,3 +74,26 @@ def process_release(tag, project_id, verify_sender=False):
u'Error while processing {release}'.format(release=release.model))
finally:
db.session.commit()
@shared_task(max_retries=6, default_retry_delay=10 * 60, rate_limit='100/m')
def disconnect_gitlab(access_token, project_webhooks):
"""Uninstall webhooks."""
import gitlab
try:
gl = gitlab.Gitlab(current_app.config['GITLAB_BASE_URL'],
oauth_token=access_token)
for project_id, project_hook in project_webhooks:
project = gl.projects.get(project_id)
# Check, if hook is already installed.
hook = project.hooks.get(project_hook)
if hook and hook.delete():
info_msg = u'Deleted hook {hook} from {project}'.format(
hook=hook.id, project=project.full_name)
current_app.logger.info(info_msg)
# FIXME: Oauth token revocation is currently not possible via
# GitLab's API. We can just drop the token from our DB, as already
# done before this task. Relevant issue on GitLab:
# https://gitlab.com/gitlab-org/gitlab-ce/issues/48503
except Exception as exc:
disconnect_gitlab.retry(exc=exc)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment