requireAuthenticatedAdmin returns SupportAgent (#7838)

isoos · web-flow · commit ff9f6f036332 · 2024-06-28T14:27:35.000+02:00
diff --git a/app/lib/account/backend.dart b/app/lib/account/backend.dart
@@ -84,7 +84,7 @@ Future<AuthenticatedUser> requireAuthenticatedWebUser() async {
 /// the given [permission].
 ///
 /// Throws [AuthorizationException] if it doesn't have the permission.
-Future<AuthenticatedGcpServiceAccount> requireAuthenticatedAdmin(
+Future<SupportAgent> requireAuthenticatedAdmin(
     AdminPermission permission) async {
   final agent = await _requireAuthenticatedAgent();
   if (agent is AuthenticatedGcpServiceAccount) {
@@ -96,7 +96,7 @@ Future<AuthenticatedGcpServiceAccount> requireAuthenticatedAdmin(
           'Authenticated user (${agent.displayId}) is trying to access unauthorized admin APIs.');
       throw AuthorizationException.userIsNotAdminForPubSite();
     }
-    return agent;
+    return SupportAgent();
   } else {
     throw AuthenticationException.tokenInvalid('not a GCP service account');
   }
diff --git a/app/lib/account/consent_backend.dart b/app/lib/account/consent_backend.dart
@@ -106,7 +106,6 @@ class ConsentBackend {
   /// - if it was sent recently, do nothing.
   Future<api.InviteStatus> _invite({
     required AuthenticatedAgent activeAgent,
-    required User activeUser,
     required String email,
     required String kind,
     required List<String> args,
@@ -129,7 +128,7 @@ class ConsentBackend {
           await _delete(old, (a) => a.onExpire(old));
         } else if (old.shouldNotify()) {
           // non-expired entries just re-send the notification
-          return await _sendNotification(activeUser.email!, old);
+          return await _sendNotification(activeAgent.displayId, old);
         } else {
           return api.InviteStatus(
               emailSent: false, nextNotification: old.nextNotification);
@@ -146,20 +145,18 @@ class ConsentBackend {
         consent,
         auditLogRecord,
       ]);
-      return await _sendNotification(activeUser.email!, consent);
+      return await _sendNotification(activeAgent.displayId, consent);
     });
   }
 
   /// Invites a new uploader to the package.
   Future<api.InviteStatus> invitePackageUploader({
     required AuthenticatedAgent agent,
-    required User activeUser,
     required String packageName,
     required String uploaderEmail,
   }) async {
     return await _invite(
       activeAgent: agent,
-      activeUser: activeUser,
       email: uploaderEmail,
       kind: ConsentKind.packageUploader,
       args: [packageName],
@@ -180,7 +177,6 @@ class ConsentBackend {
     final user = authenticatedUser.user;
     return await _invite(
       activeAgent: authenticatedUser,
-      activeUser: user,
       email: contactEmail,
       kind: ConsentKind.publisherContact,
       args: [publisherId, contactEmail],
@@ -192,13 +188,11 @@ class ConsentBackend {
   /// Invites a new member for the publisher.
   Future<api.InviteStatus> invitePublisherMember({
     required AuthenticatedAgent authenticatedAgent,
-    required User activeUser,
     required String publisherId,
     required String invitedUserEmail,
   }) async {
     return await _invite(
       activeAgent: authenticatedAgent,
-      activeUser: activeUser,
       email: invitedUserEmail,
       kind: ConsentKind.publisherMember,
       args: [publisherId],
diff --git a/app/lib/admin/backend.dart b/app/lib/admin/backend.dart
@@ -14,7 +14,6 @@ import 'package:convert/convert.dart';
 import 'package:gcloud/service_scope.dart' as ss;
 import 'package:logging/logging.dart';
 import 'package:pool/pool.dart';
-import 'package:pub_dev/account/agent.dart';
 import 'package:pub_semver/pub_semver.dart';
 
 import '../account/backend.dart';
@@ -598,7 +597,7 @@ class AdminBackend {
   Future<api.PackageUploaders> handleAddPackageUploader(
       String packageName, String email) async {
     checkPackageVersionParams(packageName);
-    final authenticatedUser =
+    final authenticatedAgent =
         await requireAuthenticatedAdmin(AdminPermission.managePackageOwnership);
     final package = await packageBackend.lookupPackage(packageName);
     if (package == null) {
@@ -609,10 +608,8 @@ class AdminBackend {
     InvalidInputException.check(
         isValidEmail(uploaderEmail), 'Not a valid email: `$uploaderEmail`.');
 
-    final user = await accountBackend.userForServiceAccount(authenticatedUser);
     await consentBackend.invitePackageUploader(
-      agent: SupportAgent(),
-      activeUser: user,
+      agent: authenticatedAgent,
       packageName: packageName,
       uploaderEmail: uploaderEmail,
     );
@@ -625,7 +622,7 @@ class AdminBackend {
   Future<api.PackageUploaders> handleRemovePackageUploader(
       String packageName, String email) async {
     checkPackageVersionParams(packageName);
-    final authenticatedUser =
+    final authenticatedAgent =
         await requireAuthenticatedAdmin(AdminPermission.managePackageOwnership);
     final package = await packageBackend.lookupPackage(packageName);
     if (package == null) {
@@ -650,7 +647,7 @@ class AdminBackend {
         if (r) {
           removed = true;
           tx.insert(await AuditLogRecord.uploaderRemoved(
-            agent: authenticatedUser,
+            agent: authenticatedAgent,
             package: packageName,
             uploaderUser: uploaderUser,
           ));
@@ -660,7 +657,7 @@ class AdminBackend {
         if (p.uploaders!.isEmpty) {
           p.isDiscontinued = true;
           tx.insert(await AuditLogRecord.packageOptionsUpdated(
-            agent: authenticatedUser,
+            agent: authenticatedAgent,
             package: packageName,
             publisherId: p.publisherId,
             options: ['discontinued'],
diff --git a/app/lib/admin/tools/publisher_member.dart b/app/lib/admin/tools/publisher_member.dart
@@ -5,7 +5,6 @@
 import 'dart:async';
 
 import 'package:_pub_shared/data/publisher_api.dart';
-import 'package:pub_dev/account/agent.dart';
 import 'package:pub_dev/account/backend.dart';
 import 'package:pub_dev/account/consent_backend.dart';
 import 'package:pub_dev/publisher/backend.dart';
@@ -36,8 +35,7 @@ Future<String> executePublisherInviteMember(List<String> args) async {
   await publisherBackend.verifyPublisherMemberInvite(
       publisherId, InviteMemberRequest(email: invitedEmail));
   await consentBackend.invitePublisherMember(
-    authenticatedAgent: SupportAgent(),
-    activeUser: await accountBackend.userForServiceAccount(authenticatedAgent),
+    authenticatedAgent: authenticatedAgent,
     publisherId: publisherId,
     invitedUserEmail: invitedEmail,
   );
diff --git a/app/lib/package/backend.dart b/app/lib/package/backend.dart
@@ -1486,7 +1486,6 @@ class PackageBackend {
 
     final status = await consentBackend.invitePackageUploader(
       agent: authenticatedUser,
-      activeUser: user,
       packageName: packageName,
       uploaderEmail: uploaderEmail,
     );
diff --git a/app/lib/publisher/backend.dart b/app/lib/publisher/backend.dart
@@ -394,7 +394,6 @@ class PublisherBackend {
     await verifyPublisherMemberInvite(publisherId, invite);
     return await consentBackend.invitePublisherMember(
       authenticatedAgent: authenticatedAgent,
-      activeUser: authenticatedAgent.user,
       publisherId: publisherId,
       invitedUserEmail: invite.email,
     );
