[feat] Hide Codecov tokens from non admins if YAML setting is enabled (#923)

Author: rohitvinnakota-codecov

codecov/settings_base.py

@@ -356,6 +356,9 @@
     "setup", "upload_throttling_enabled", default=True
 )
 
+HIDE_ALL_CODECOV_TOKENS = get_config("setup", "hide_all_codecov_tokens", default=False)
+
+
 SENTRY_JWT_SHARED_SECRET = get_config(
     "sentry", "jwt_shared_secret", default=None
 ) or get_config("setup", "sentry", "jwt_shared_secret", default=None)

graphql_api/tests/test_owner.py

@@ -27,6 +27,7 @@
     UnauthorizedGuestAccess,
 )
 from codecov_auth.models import GithubAppInstallation, OwnerProfile
+from graphql_api.types.repository.repository import TOKEN_UNAVAILABLE
 from plan.constants import PlanName, TrialStatus
 from reports.tests.factories import CommitReportFactory, UploadFactory
 
@@ -426,6 +427,28 @@ def test_get_org_upload_token(self, mocker):
         data = self.gql_request(query, owner=self.owner)
         assert data["owner"]["orgUploadToken"] == "upload_token"
 
+    @override_settings(HIDE_ALL_CODECOV_TOKENS=True)
+    def test_get_org_upload_token_hide_tokens_setting_owner_not_admin(self):
+        random_owner = OwnerFactory()
+        query = """{
+            owner(username: "%s") {
+               orgUploadToken
+            }
+        }
+        """ % (self.owner.username)
+        random_owner.organizations = [self.owner.ownerid]
+        random_owner.save()
+        data = self.gql_request(query, owner=random_owner)
+        assert data["owner"]["orgUploadToken"] == TOKEN_UNAVAILABLE
+
+    @patch("codecov_auth.commands.owner.owner.OwnerCommands.get_org_upload_token")
+    @override_settings(HIDE_ALL_CODECOV_TOKENS=True)
+    def test_get_org_upload_token_hide_tokens_setting_owner_is_admin(self, mocker):
+        mocker.return_value = "upload_token"
+        query = query_repositories % (self.owner.username, "", "")
+        data = self.gql_request(query, owner=self.owner)
+        assert data["owner"]["orgUploadToken"] == "upload_token"
+
     # Applies for old users that didn't get their owner profiles created w/ their owner
     def test_when_owner_profile_doesnt_exist(self):
         owner = OwnerFactory(username="no-profile-user")

graphql_api/tests/test_repository.py

@@ -11,6 +11,7 @@
     RepositoryTokenFactory,
 )
 
+from graphql_api.types.repository.repository import TOKEN_UNAVAILABLE
 from services.profiling import CriticalFile
 
 from .helper import GraphQLTestHelper
@@ -73,6 +74,11 @@
 """
 
 
+def mock_get_config_global_upload_tokens(*args):
+    if args == ("setup", "hide_all_codecov_tokens"):
+        return True
+
+
 class TestFetchRepository(GraphQLTestHelper, TransactionTestCase):
     def fetch_repository(self, name, fields=None):
         data = self.gql_request(
@@ -683,6 +689,68 @@ def test_fetch_is_github_rate_limited_not_on_gh_service(self):
 
         assert data["me"]["owner"]["repository"]["isGithubRateLimited"] == False
 
+    @override_settings(HIDE_ALL_CODECOV_TOKENS=True)
+    def test_repo_upload_token_not_available_config_setting_owner_not_admin(self):
+        owner = OwnerFactory(service="gitlab")
+
+        repo = RepositoryFactory(
+            author=owner,
+            author__service="gitlab",
+            service_id=12345,
+            active=True,
+        )
+        new_owner = OwnerFactory(service="gitlab", organizations=[owner.ownerid])
+        new_owner.permission = [repo.repoid]
+        new_owner.save()
+        owner.admins = []
+
+        query = """
+            query {
+                owner(username: "%s") {
+                    repository(name: "%s") {
+                                    ... on Repository {
+                            uploadToken
+                            }
+                    }
+                }
+            }
+        """ % (
+            owner.username,
+            repo.name,
+        )
+
+        data = self.gql_request(
+            query,
+            owner=new_owner,
+            variables={"name": repo.name},
+            provider="gitlab",
+        )
+
+        assert data["owner"]["repository"]["uploadToken"] == TOKEN_UNAVAILABLE
+
+    @override_settings(HIDE_ALL_CODECOV_TOKENS=True)
+    def test_repo_upload_token_not_available_config_setting_owner_is_admin(self):
+        owner = OwnerFactory(service="gitlab")
+        repo = RepositoryFactory(
+            author=owner,
+            author__service="gitlab",
+            service_id=12345,
+            active=True,
+        )
+        owner.admins = [owner.ownerid]
+
+        data = self.gql_request(
+            query_repository
+            % """
+                uploadToken
+            """,
+            owner=owner,
+            variables={"name": repo.name},
+            provider="gitlab",
+        )
+
+        assert data["me"]["owner"]["repository"]["uploadToken"] != TOKEN_UNAVAILABLE
+
     @patch("shared.rate_limits.determine_entity_redis_key")
     @patch("shared.rate_limits.determine_if_entity_is_rate_limited")
     @patch("logging.Logger.warning")

graphql_api/types/owner/owner.py

@@ -6,6 +6,7 @@
 import stripe
 import yaml
 from ariadne import ObjectType
+from django.conf import settings
 from graphql import GraphQLResolveInfo
 
 import services.activation as activation
@@ -37,6 +38,7 @@
 )
 from graphql_api.types.enums import OrderingDirection, RepositoryOrdering
 from graphql_api.types.errors.errors import NotFoundError, OwnerNotActivatedError
+from graphql_api.types.repository.repository import TOKEN_UNAVAILABLE
 from plan.constants import FREE_PLAN_REPRESENTATIONS, PlanData, PlanName
 from plan.service import PlanService
 from services.billing import BillingService
@@ -205,7 +207,13 @@ def resolve_hash_ownerid(owner: Owner, info: GraphQLResolveInfo) -> str:
 def resolve_org_upload_token(
     owner: Owner, info: GraphQLResolveInfo, **kwargs: Any
 ) -> str:
+    should_hide_tokens = settings.HIDE_ALL_CODECOV_TOKENS
+    current_owner = info.context["request"].current_owner
     command = info.context["executor"].get_command("owner")
+    is_owner_admin = current_owner.is_admin(owner)
+    if should_hide_tokens and not is_owner_admin:
+        return TOKEN_UNAVAILABLE
+
     return command.get_org_upload_token(owner)
 
 

graphql_api/types/repository/repository.py

@@ -5,6 +5,7 @@
 import shared.rate_limits as rate_limits
 import yaml
 from ariadne import ObjectType, UnionType
+from django.conf import settings
 from graphql.type.definition import GraphQLResolveInfo
 
 from codecov.db import sync_to_async
@@ -24,6 +25,8 @@
 from services.profiling import CriticalFile, ProfilingSummary
 from services.redis_configuration import get_redis_connection
 
+TOKEN_UNAVAILABLE = "Token Unavailable. Please contact your admin."
+
 log = logging.getLogger(__name__)
 
 repository_bindable = ObjectType("Repository")
@@ -68,6 +71,13 @@ def resolve_commit(repository: Repository, info: GraphQLResolveInfo, id):
 
 @repository_bindable.field("uploadToken")
 def resolve_upload_token(repository: Repository, info: GraphQLResolveInfo):
+    should_hide_tokens = settings.HIDE_ALL_CODECOV_TOKENS
+
+    current_owner = info.context["request"].current_owner
+    is_current_user_admin = current_owner.is_admin(repository.author)
+
+    if should_hide_tokens and not is_current_user_admin:
+        return TOKEN_UNAVAILABLE
     command = info.context["executor"].get_command("repository")
     return command.get_upload_token(repository)
 

requirements.txt

@@ -177,6 +177,7 @@ freezegun==1.1.0
     # via -r requirements.in
 google-api-core[grpc]==2.11.1
     # via
+    #   google-api-core
     #   google-cloud-core
     #   google-cloud-pubsub
     #   google-cloud-storage
@@ -408,7 +409,9 @@ requests==2.32.3
     #   shared
     #   stripe
 rfc3986[idna2008]==1.4.0
-    # via httpx
+    # via
+    #   httpx
+    #   rfc3986
 rsa==4.7.2
     # via google-auth
 s3transfer==0.5.0