xiaxinhang/pr-agent
1
0
Fork 0
mirror of https://github.com/qodo-ai/pr-agent.git synced 2025-07-05 21:30:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

AzureDevops webhook: allow disabling BasicAuth

Browse Source 
Azure webhooks do not allow BasicAuth without HTTPS
This commit is contained in:
Thomas De Keulenaer
2025-05-09 13:13:29 +02:00
parent 954d61e5dc
commit db0c213d72
1 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pr_agent/servers/azuredevops_server_webhook.py
View File

@ -28,12 +28,12 @@ from pr_agent.git_providers.utils import apply_repo_settings
from pr_agent.log import LoggingFormat, get_logger, setup_logger from pr_agent.log import LoggingFormat, get_logger, setup_logger
setup_logger(fmt=LoggingFormat.JSON, level=get_settings().get("CONFIG.LOG_LEVEL", "DEBUG")) setup_logger(fmt=LoggingFormat.JSON, level=get_settings().get("CONFIG.LOG_LEVEL", "DEBUG"))
security = HTTPBasic() security = HTTPBasic(auto_error=False)
router = APIRouter() router = APIRouter()
available_commands_rgx = re.compile(r"^\/(" + "|".join(command2class.keys()) + r")\s*") available_commands_rgx = re.compile(r"^\/(" + "|".join(command2class.keys()) + r")\s*")
azure_devops_server = get_settings().get("azure_devops_server") azure_devops_server = get_settings().get("azure_devops_server")
WEBHOOK_USERNAME = azure_devops_server.get("webhook_username") WEBHOOK_USERNAME = azure_devops_server.get("webhook_username", None)
WEBHOOK_PASSWORD = azure_devops_server.get("webhook_password") WEBHOOK_PASSWORD = azure_devops_server.get("webhook_password", None)
async def handle_request_comment(url: str, body: str, thread_id: int, comment_id: int, log_context: dict): async def handle_request_comment(url: str, body: str, thread_id: int, comment_id: int, log_context: dict):
log_context["action"] = body log_context["action"] = body
@ -78,6 +78,9 @@ def handle_line_comment(body: str, thread_id: int, provider: AzureDevopsProvider
# currently only basic auth is supported with azure webhooks # currently only basic auth is supported with azure webhooks
# for this reason, https must be enabled to ensure the credentials are not sent in clear text # for this reason, https must be enabled to ensure the credentials are not sent in clear text
def authorize(credentials: HTTPBasicCredentials = Depends(security)): def authorize(credentials: HTTPBasicCredentials = Depends(security)):
if WEBHOOK_USERNAME is None or WEBHOOK_PASSWORD is None:
return
is_user_ok = secrets.compare_digest(credentials.username, WEBHOOK_USERNAME) is_user_ok = secrets.compare_digest(credentials.username, WEBHOOK_USERNAME)
is_pass_ok = secrets.compare_digest(credentials.password, WEBHOOK_PASSWORD) is_pass_ok = secrets.compare_digest(credentials.password, WEBHOOK_PASSWORD)
if not (is_user_ok and is_pass_ok): if not (is_user_ok and is_pass_ok):