From 2c7f0e673e2d10f47db1a68e3e6036cf5ddfc10d Mon Sep 17 00:00:00 2001 From: Vallari Agrawal Date: Mon, 7 Oct 2024 19:14:31 +0530 Subject: [PATCH] Handle missing token in isAdmin() func Signed-off-by: Vallari Agrawal --- src/teuthology_api/services/helpers.py | 6 ++++++ src/teuthology_api/services/kill.py | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/teuthology_api/services/helpers.py b/src/teuthology_api/services/helpers.py index c4bcd33..6e4ebeb 100644 --- a/src/teuthology_api/services/helpers.py +++ b/src/teuthology_api/services/helpers.py @@ -107,6 +107,12 @@ async def isAdmin(username, token): if not (GH_ORG_TEAM_URL and ADMIN_TEAM): log.error("GH_ORG_TEAM_URL or ADMIN_TEAM is not set in .env") return False + if not (token and username): + raise HTTPException( + status_code=401, + detail="You are probably not logged in (username or token missing)", + headers={"WWW-Authenticate": "Bearer"}, + ) TEAM_MEMBER_URL = f"{GH_ORG_TEAM_URL}/{ADMIN_TEAM}/memberships/{username}" async with httpx.AsyncClient() as client: headers = { diff --git a/src/teuthology_api/services/kill.py b/src/teuthology_api/services/kill.py index 6477901..5252ac0 100644 --- a/src/teuthology_api/services/kill.py +++ b/src/teuthology_api/services/kill.py @@ -38,7 +38,7 @@ async def run(args, send_logs: bool, token: dict, request: Request): if (run_owner.lower() != username.lower()) and ( run_owner.lower() != f"scheduled_{username.lower()}@teuthology" ): - isUserAdmin = await isAdmin(username, token["access_token"]) + isUserAdmin = await isAdmin(username, token.get("access_token")) if not isUserAdmin: log.error( "%s doesn't have permission to kill a job scheduled by: %s",