Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Webhook Request to Woodpecker CI with wrong mail address in pusher #28532

Open
philipkozeny opened this issue Dec 19, 2023 · 6 comments
Open

Webhook Request to Woodpecker CI with wrong mail address in pusher #28532

philipkozeny opened this issue Dec 19, 2023 · 6 comments
Labels
type/bug

Comments

@philipkozeny
Copy link

Description

I am running Gitea and Woodpecker CI. For some releases now there might be a bug in the mail address of the commit author / pusher, that gets sent to Woodpecker via the web hook.

Here is an example of the Content Request:

{
  "ref": "refs/heads/main",
  "before": "a930081ca449a21d4416bdeb345bc4d3181b916e",
  "after": "3d6d4085e41d1a044a67c15ddb99a7ea4746ded7",
  "compare_url": "xxxx/compare/a930081ca449a21d4416bdeb345bc4d3181b916e...3d6d4085e41d1a044a67c15ddb99a7ea4746ded7",
  "commits": [
    {
      "id": "3d6d4085e41d1a044a67c15ddb99a7ea4746ded7",
      "message": "Update .woodpecker.yml\n",
      "url": "xxxx/commit/3d6d4085e41d1a044a67c15ddb99a7ea4746ded7",
      "author": {
        "name": "Philip Kozeny",
        "email": "philip.kozeny@mydomain.com",
        "username": "philip.kozeny"
      },
      "committer": {
        "name": "Philip Kozeny",
        "email": "philip.kozeny@mydomain.com",
        "username": "philip.kozeny"
      },
      "verification": null,
      "timestamp": "2023-12-19T10:32:26Z",
      "added": [],
      "removed": [],
      "modified": [
        ".woodpecker.yml"
      ]
    }
  ],
  "total_commits": 1,
  "head_commit": {
    "id": "3d6d4085e41d1a044a67c15ddb99a7ea4746ded7",
    "message": "Update .woodpecker.yml\n",
    "url": "xxx/commit/3d6d4085e41d1a044a67c15ddb99a7ea4746ded7",
    "author": {
      "name": "Philip Kozeny",
      "email": "philip.kozeny@mydomain.com",
      "username": "philip.kozeny"
    },
    "committer": {
      "name": "Philip Kozeny",
      "email": "philip.kozeny@mydomain.com",
      "username": "philip.kozeny"
    },
    "verification": null,
    "timestamp": "2023-12-19T10:32:26Z",
    "added": [],
    "removed": [],
    "modified": [
      ".woodpecker.yml"
    ]
  },
...
  "pusher": {
    "id": 1,
    "login": "philip.kozeny",
    "login_name": "",
    "full_name": "Philip Kozeny",
    "email": "philip.kozeny@anotherdomain.com",
    ...
  },
  "sender": {
    "id": 1,
    "login": "philip.kozeny",
    "login_name": "",
    "full_name": "Philip Kozeny",
    "email": "philip.kozeny@anotherdomain.com",
    ...
    "username": "philip.kozeny"
  }
}

As you can see in "pusher" the email is suddenly refilled with another domain. Here is also the issue I have created on Woodpeckers side: woodpecker-ci/woodpecker#2971

Gitea Version

1.21.2

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Self hosted binary with systemd on an arch linux machine

Database

SQLite
@wxiaoguang
Copy link
Contributor

IIRC:

  • commiter email: the email in your git commit
  • pusher email: the user email of the Gitea user

@philipkozeny
Copy link
Author

IIRC:

  • commiter email: the email in your git commit
  • pusher email: the user email of the Gitea user

The @anotherdomain.com emails appears nowhere though, when I go to my profile -> account -> manage email addresses I only see mydomain.com

@wxiaoguang
Copy link
Contributor

wxiaoguang commented Dec 19, 2023
edited
Loading

What is "anotherdomain". Maybe you have set to "hide email", or some code hides the email intentionally? then you see a fake email address?

For example, this one? Fix API leaking Usermail if not logged in #25097

@wxiaoguang wxiaoguang mentioned this issue Dec 19, 2023
Open
5 tasks
@philipkozeny
Copy link
Author

What is "anotherdomain". Maybe you have set to "hide email", or some code hides the email intentionally? then you see a fake email address?

For example, this one? Fix API leaking Usermail if not logged in #25097

let's say mydomain.com -> gmail.com and anotherdomain.com would be "mail.gmail.com"

When I run a request for my user via the API /api/v1/user I get the correct mail address. Also via /api/user/emails I get the one correct mail address. The anotherdomain.com is setup in the app.ini in [service] as NO_REPLY_ADDRESS. Hide Email address is deactivated in the settings though. Do I miss something else?

[service]
...
DEFAULT_KEEP_EMAIL_PRIVATE = false
NO_REPLY_ADDRESS = anotherdomain.com

My user has keep_email_private set to 0 in the users table.

As soon as I remove NO_REPLY_ADDRESS from the settings, my mail gets changed to philip.kozeny@noreply.mygiteadomain.com

@wxiaoguang
Copy link
Contributor

So the pusher email you saw is a fake email. According to "Show real mail in Webhooks #27943", that behavior seems to be still related to "Fix API leaking Usermail if not logged in #25097". So it might be a regression.

@philipkozeny
Copy link
Author

So the pusher email you saw is a fake email. According to "Show real mail in Webhooks #27943", that behavior seems to be still related to "Fix API leaking Usermail if not logged in #25097". So it might be a regression.

Thanks for the info! My workaround for now is to set NO_REPLY_ADDRESS to a valid domain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wxiaoguang @philipkozeny