From a297d86928ada7b82557c2b0a54a60aa692868aa Mon Sep 17 00:00:00 2001 From: Istvan Soos Date: Fri, 28 Jun 2024 11:27:12 +0200 Subject: [PATCH] requireAuthenticatedAdmin returns SupportAgent --- app/lib/account/backend.dart | 4 ++-- app/lib/account/consent_backend.dart | 10 ++-------- app/lib/admin/backend.dart | 13 +++++-------- app/lib/admin/tools/publisher_member.dart | 4 +--- app/lib/package/backend.dart | 1 - app/lib/publisher/backend.dart | 1 - 6 files changed, 10 insertions(+), 23 deletions(-) diff --git a/app/lib/account/backend.dart b/app/lib/account/backend.dart index 40d169352b..20199d4ab4 100644 --- a/app/lib/account/backend.dart +++ b/app/lib/account/backend.dart @@ -84,7 +84,7 @@ Future requireAuthenticatedWebUser() async { /// the given [permission]. /// /// Throws [AuthorizationException] if it doesn't have the permission. -Future requireAuthenticatedAdmin( +Future requireAuthenticatedAdmin( AdminPermission permission) async { final agent = await _requireAuthenticatedAgent(); if (agent is AuthenticatedGcpServiceAccount) { @@ -96,7 +96,7 @@ Future requireAuthenticatedAdmin( 'Authenticated user (${agent.displayId}) is trying to access unauthorized admin APIs.'); throw AuthorizationException.userIsNotAdminForPubSite(); } - return agent; + return SupportAgent(); } else { throw AuthenticationException.tokenInvalid('not a GCP service account'); } diff --git a/app/lib/account/consent_backend.dart b/app/lib/account/consent_backend.dart index 76d6e7f134..51d7ea630b 100644 --- a/app/lib/account/consent_backend.dart +++ b/app/lib/account/consent_backend.dart @@ -106,7 +106,6 @@ class ConsentBackend { /// - if it was sent recently, do nothing. Future _invite({ required AuthenticatedAgent activeAgent, - required User activeUser, required String email, required String kind, required List args, @@ -129,7 +128,7 @@ class ConsentBackend { await _delete(old, (a) => a.onExpire(old)); } else if (old.shouldNotify()) { // non-expired entries just re-send the notification - return await _sendNotification(activeUser.email!, old); + return await _sendNotification(activeAgent.displayId, old); } else { return api.InviteStatus( emailSent: false, nextNotification: old.nextNotification); @@ -146,20 +145,18 @@ class ConsentBackend { consent, auditLogRecord, ]); - return await _sendNotification(activeUser.email!, consent); + return await _sendNotification(activeAgent.displayId, consent); }); } /// Invites a new uploader to the package. Future invitePackageUploader({ required AuthenticatedAgent agent, - required User activeUser, required String packageName, required String uploaderEmail, }) async { return await _invite( activeAgent: agent, - activeUser: activeUser, email: uploaderEmail, kind: ConsentKind.packageUploader, args: [packageName], @@ -180,7 +177,6 @@ class ConsentBackend { final user = authenticatedUser.user; return await _invite( activeAgent: authenticatedUser, - activeUser: user, email: contactEmail, kind: ConsentKind.publisherContact, args: [publisherId, contactEmail], @@ -192,13 +188,11 @@ class ConsentBackend { /// Invites a new member for the publisher. Future invitePublisherMember({ required AuthenticatedAgent authenticatedAgent, - required User activeUser, required String publisherId, required String invitedUserEmail, }) async { return await _invite( activeAgent: authenticatedAgent, - activeUser: activeUser, email: invitedUserEmail, kind: ConsentKind.publisherMember, args: [publisherId], diff --git a/app/lib/admin/backend.dart b/app/lib/admin/backend.dart index b4279915cf..da17dd57d3 100644 --- a/app/lib/admin/backend.dart +++ b/app/lib/admin/backend.dart @@ -14,7 +14,6 @@ import 'package:convert/convert.dart'; import 'package:gcloud/service_scope.dart' as ss; import 'package:logging/logging.dart'; import 'package:pool/pool.dart'; -import 'package:pub_dev/account/agent.dart'; import 'package:pub_semver/pub_semver.dart'; import '../account/backend.dart'; @@ -598,7 +597,7 @@ class AdminBackend { Future handleAddPackageUploader( String packageName, String email) async { checkPackageVersionParams(packageName); - final authenticatedUser = + final authenticatedAgent = await requireAuthenticatedAdmin(AdminPermission.managePackageOwnership); final package = await packageBackend.lookupPackage(packageName); if (package == null) { @@ -609,10 +608,8 @@ class AdminBackend { InvalidInputException.check( isValidEmail(uploaderEmail), 'Not a valid email: `$uploaderEmail`.'); - final user = await accountBackend.userForServiceAccount(authenticatedUser); await consentBackend.invitePackageUploader( - agent: SupportAgent(), - activeUser: user, + agent: authenticatedAgent, packageName: packageName, uploaderEmail: uploaderEmail, ); @@ -625,7 +622,7 @@ class AdminBackend { Future handleRemovePackageUploader( String packageName, String email) async { checkPackageVersionParams(packageName); - final authenticatedUser = + final authenticatedAgent = await requireAuthenticatedAdmin(AdminPermission.managePackageOwnership); final package = await packageBackend.lookupPackage(packageName); if (package == null) { @@ -650,7 +647,7 @@ class AdminBackend { if (r) { removed = true; tx.insert(await AuditLogRecord.uploaderRemoved( - agent: authenticatedUser, + agent: authenticatedAgent, package: packageName, uploaderUser: uploaderUser, )); @@ -660,7 +657,7 @@ class AdminBackend { if (p.uploaders!.isEmpty) { p.isDiscontinued = true; tx.insert(await AuditLogRecord.packageOptionsUpdated( - agent: authenticatedUser, + agent: authenticatedAgent, package: packageName, publisherId: p.publisherId, options: ['discontinued'], diff --git a/app/lib/admin/tools/publisher_member.dart b/app/lib/admin/tools/publisher_member.dart index 7a2f4639e6..76b69736c7 100644 --- a/app/lib/admin/tools/publisher_member.dart +++ b/app/lib/admin/tools/publisher_member.dart @@ -5,7 +5,6 @@ import 'dart:async'; import 'package:_pub_shared/data/publisher_api.dart'; -import 'package:pub_dev/account/agent.dart'; import 'package:pub_dev/account/backend.dart'; import 'package:pub_dev/account/consent_backend.dart'; import 'package:pub_dev/publisher/backend.dart'; @@ -36,8 +35,7 @@ Future executePublisherInviteMember(List args) async { await publisherBackend.verifyPublisherMemberInvite( publisherId, InviteMemberRequest(email: invitedEmail)); await consentBackend.invitePublisherMember( - authenticatedAgent: SupportAgent(), - activeUser: await accountBackend.userForServiceAccount(authenticatedAgent), + authenticatedAgent: authenticatedAgent, publisherId: publisherId, invitedUserEmail: invitedEmail, ); diff --git a/app/lib/package/backend.dart b/app/lib/package/backend.dart index 75f76c04e5..e8aa1a4e0a 100644 --- a/app/lib/package/backend.dart +++ b/app/lib/package/backend.dart @@ -1486,7 +1486,6 @@ class PackageBackend { final status = await consentBackend.invitePackageUploader( agent: authenticatedUser, - activeUser: user, packageName: packageName, uploaderEmail: uploaderEmail, ); diff --git a/app/lib/publisher/backend.dart b/app/lib/publisher/backend.dart index bf063ff14b..7761e6267e 100644 --- a/app/lib/publisher/backend.dart +++ b/app/lib/publisher/backend.dart @@ -394,7 +394,6 @@ class PublisherBackend { await verifyPublisherMemberInvite(publisherId, invite); return await consentBackend.invitePublisherMember( authenticatedAgent: authenticatedAgent, - activeUser: authenticatedAgent.user, publisherId: publisherId, invitedUserEmail: invite.email, );