Verified Commit 1e015029 authored by Sebastian Schüpbach's avatar Sebastian Schüpbach
Browse files

return error message on missing or invalid gitlab secure token

parent ac72c822
Pipeline #34256 passed with stages
in 1 minute and 25 seconds
......@@ -49,11 +49,13 @@ class AutoDeploy(Resource):
headers = flaskRequest.headers
secure_token = getenv('SECURE_TOKEN')
if secure_token and not headers.get('X-Gitlab-Token'):
app.logger.info('Request does not have an X-Gitlab-Token in headers')
return '{}', 403
if secure_token and headers.get('X-Gitlab-Token').rstrip() is not secure_token.rstrip():
app.logger.warning('Request does not have a valid X-Gitlab-Token in headers')
return '{}', 403
msg = 'Request does not have an X-Gitlab-Token in headers'
app.logger.info(msg)
return msg, 403
if secure_token and headers.get('X-Gitlab-Token').rstrip() != secure_token.rstrip():
msg = 'Request does not have a valid X-Gitlab-Token in headers'
app.logger.warning(msg)
return msg, 403
body = json.loads(flaskRequest.data.decode('utf-8'))
tag = ''
branch = ''
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment