Merge pull request #55 from rust-lang/github-ids

pietroalbini · web-flow · commit 406c7a56d0b1 · 2019-07-14T15:16:05.000+02:00
Authenticate with user IDs instead of usernames with the Team API
diff --git a/homu/auth.py b/homu/auth.py
@@ -10,19 +10,19 @@ def fetch_rust_team(repo_label, level):
     try:
         resp = requests.get(url)
         resp.raise_for_status()
-        return resp.json()["github_users"]
+        return resp.json()["github_ids"]
     except requests.exceptions.RequestException as e:
         print("error while fetching " + url + ": " + str(e))
         return []
 
 
-def verify_level(username, repo_label, repo_cfg, state, toml_keys,
+def verify_level(username, user_id, repo_label, repo_cfg, state, toml_keys,
                  rust_team_level):
     authorized = False
     if repo_cfg.get('auth_collaborators', False):
         authorized = state.get_repo().is_collaborator(username)
     if repo_cfg.get('rust_team', False):
-        authorized = username in fetch_rust_team(repo_label, rust_team_level)
+        authorized = user_id in fetch_rust_team(repo_label, rust_team_level)
     if not authorized:
         authorized = username.lower() == state.delegate.lower()
     for toml_key in toml_keys:
@@ -31,7 +31,8 @@ def verify_level(username, repo_label, repo_cfg, state, toml_keys,
     return authorized
 
 
-def verify(username, repo_label, repo_cfg, state, auth, realtime, my_username):
+def verify(username, user_id, repo_label, repo_cfg, state, auth, realtime,
+           my_username):
     # The import is inside the function to prevent circular imports: main.py
     # requires auth.py and auth.py requires main.py
     from .main import AuthState
@@ -48,12 +49,13 @@ def verify(username, repo_label, repo_cfg, state, auth, realtime, my_username):
     authorized = False
     if auth == AuthState.REVIEWER:
         authorized = verify_level(
-            username, repo_label, repo_cfg, state, ['reviewers'], 'review',
+            username, user_id, repo_label, repo_cfg, state, ['reviewers'],
+            'review',
         )
     elif auth == AuthState.TRY:
         authorized = verify_level(
-            username, repo_label, repo_cfg, state, ['reviewers', 'try_users'],
-            'try',
+            username, user_id, repo_label, repo_cfg, state,
+            ['reviewers', 'try_users'], 'try',
         )
 
     if authorized:
diff --git a/homu/main.py b/homu/main.py
@@ -450,14 +450,16 @@ class LabelEvent(Enum):
 PORTAL_TURRET_IMAGE = "https://cloud.githubusercontent.com/assets/1617736/22222924/c07b2a1c-e16d-11e6-91b3-ac659550585c.png"  # noqa
 
 
-def parse_commands(body, username, repo_label, repo_cfg, state, my_username,
-                   db, states, *, realtime=False, sha='', command_src=''):
+def parse_commands(body, username, user_id, repo_label, repo_cfg, state,
+                   my_username, db, states, *, realtime=False, sha='',
+                   command_src=''):
     global global_cfg
     state_changed = False
 
     _reviewer_auth_verified = functools.partial(
         verify_auth,
         username,
+        user_id,
         repo_label,
         repo_cfg,
         state,
@@ -468,6 +470,7 @@ def parse_commands(body, username, repo_label, repo_cfg, state, my_username,
     _try_auth_verified = functools.partial(
         verify_auth,
         username,
+        user_id,
         repo_label,
         repo_cfg,
         state,
@@ -584,8 +587,9 @@ def parse_commands(body, username, repo_label, repo_cfg, state, my_username,
             # comment on the pull request if the user is not authorized), we
             # need to do the author check BEFORE the verify_auth check.
             if state.author != username:
-                if not verify_auth(username, repo_label, repo_cfg, state,
-                                   AuthState.REVIEWER, realtime, my_username):
+                if not verify_auth(username, user_id, repo_label, repo_cfg,
+                                   state, AuthState.REVIEWER, realtime,
+                                   my_username):
                     continue
 
             state.approved_by = ''
@@ -594,7 +598,7 @@ def parse_commands(body, username, repo_label, repo_cfg, state, my_username,
                 state.change_labels(LabelEvent.REJECTED)
 
         elif command.action == 'prioritize':
-            if not verify_auth(username, repo_label, repo_cfg, state,
+            if not verify_auth(username, user_id, repo_label, repo_cfg, state,
                                AuthState.TRY, realtime, my_username):
                 continue
 
@@ -611,7 +615,7 @@ def parse_commands(body, username, repo_label, repo_cfg, state, my_username,
             state.save()
 
         elif command.action == 'delegate':
-            if not verify_auth(username, repo_label, repo_cfg, state,
+            if not verify_auth(username, user_id, repo_label, repo_cfg, state,
                                AuthState.REVIEWER, realtime, my_username):
                 continue
 
@@ -1520,6 +1524,7 @@ def synchronize(repo_label, repo_cfg, logger, gh, states, repos, db, mergeable_q
                 parse_commands(
                     comment.body,
                     comment.user.login,
+                    comment.user.id,
                     repo_label,
                     repo_cfg,
                     state,
@@ -1536,6 +1541,7 @@ def synchronize(repo_label, repo_cfg, logger, gh, states, repos, db, mergeable_q
             parse_commands(
                 comment.body,
                 comment.user.login,
+                comment.user.id,
                 repo_label,
                 repo_cfg,
                 state,
diff --git a/homu/server.py b/homu/server.py
@@ -378,6 +378,7 @@ def github():
             pull_num = info['pull_request']['number']
             body = info['comment']['body']
             username = info['sender']['login']
+            user_id = info['sender']['id']
 
             state = g.states[repo_label].get(pull_num)
             if state:
@@ -387,6 +388,7 @@ def github():
                 if parse_commands(
                     body,
                     username,
+                    user_id,
                     repo_label,
                     repo_cfg,
                     state,
@@ -435,6 +437,7 @@ def github():
                     found = parse_commands(
                         c.body,
                         c.user.login,
+                        c.user.id,
                         repo_label,
                         repo_cfg,
                         state,
@@ -546,6 +549,7 @@ def fail(err):
     elif event_type == 'issue_comment':
         body = info['comment']['body']
         username = info['comment']['user']['login']
+        user_id = info['comment']['user']['id']
         pull_num = info['issue']['number']
 
         state = g.states[repo_label].get(pull_num)
@@ -557,6 +561,7 @@ def fail(err):
             if parse_commands(
                 body,
                 username,
+                user_id,
                 repo_label,
                 repo_cfg,
                 state,
