diff --git a/crates/crates_io_database/src/models/krate.rs b/crates/crates_io_database/src/models/krate.rs index 2799f1df6b7..7b84462aa74 100644 --- a/crates/crates_io_database/src/models/krate.rs +++ b/crates/crates_io_database/src/models/krate.rs @@ -12,6 +12,7 @@ use diesel::sql_types::{Bool, Integer, Text}; use diesel_async::scoped_futures::ScopedFutureExt; use diesel_async::{AsyncConnection, AsyncPgConnection, RunQueryDsl}; use secrecy::SecretString; +use serde::Serialize; use thiserror::Error; use tracing::instrument; @@ -35,7 +36,9 @@ pub struct CrateName { pub name: String, } -#[derive(Debug, Clone, Queryable, Identifiable, AsChangeset, QueryableByName, Selectable)] +#[derive( + Debug, Clone, Queryable, Identifiable, AsChangeset, QueryableByName, Selectable, Serialize, +)] #[diesel(table_name = crates, check_for_backend(diesel::pg::Pg))] pub struct Crate { pub id: i32, diff --git a/crates/crates_io_database/src/models/trustpub/github_config.rs b/crates/crates_io_database/src/models/trustpub/github_config.rs index c6291daca20..969d43b8271 100644 --- a/crates/crates_io_database/src/models/trustpub/github_config.rs +++ b/crates/crates_io_database/src/models/trustpub/github_config.rs @@ -2,8 +2,9 @@ use crate::schema::trustpub_configs_github; use chrono::{DateTime, Utc}; use diesel::prelude::*; use diesel_async::{AsyncPgConnection, RunQueryDsl}; +use serde::Serialize; -#[derive(Debug, Identifiable, Queryable, Selectable)] +#[derive(Debug, Identifiable, Queryable, Selectable, Serialize)] #[diesel(table_name = trustpub_configs_github, check_for_backend(diesel::pg::Pg))] pub struct GitHubConfig { pub id: i32, diff --git a/crates/crates_io_database/src/models/user.rs b/crates/crates_io_database/src/models/user.rs index 9d060361ca5..f4b232abb6f 100644 --- a/crates/crates_io_database/src/models/user.rs +++ b/crates/crates_io_database/src/models/user.rs @@ -6,16 +6,18 @@ use diesel::sql_types::Integer; use diesel::upsert::excluded; use diesel_async::{AsyncPgConnection, RunQueryDsl}; use secrecy::SecretString; +use serde::Serialize; use crate::models::{Crate, CrateOwner, Email, Owner, OwnerKind}; use crate::schema::{crate_owners, emails, users}; use crates_io_diesel_helpers::lower; /// The model representing a row in the `users` database table. -#[derive(Clone, Debug, Queryable, Identifiable, Selectable)] +#[derive(Clone, Debug, Queryable, Identifiable, Selectable, Serialize)] pub struct User { pub id: i32, #[diesel(deserialize_as = String)] + #[serde(skip)] pub gh_access_token: SecretString, pub gh_login: String, pub name: Option, diff --git a/src/controllers/trustpub/github_configs/create/mod.rs b/src/controllers/trustpub/github_configs/create/mod.rs index 599357aa103..230b9d2bdcb 100644 --- a/src/controllers/trustpub/github_configs/create/mod.rs +++ b/src/controllers/trustpub/github_configs/create/mod.rs @@ -108,15 +108,7 @@ pub async fn create_trustpub_github_config( .collect::>(); for (recipient, email_address) in &recipients { - let context = context! { - recipient => recipient, - user => auth_user.gh_login, - krate => krate.name, - repository_owner => saved_config.repository_owner, - repository_name => saved_config.repository_name, - workflow_filename => saved_config.workflow_filename, - environment => saved_config.environment - }; + let context = context! { recipient, auth_user, krate, saved_config }; if let Err(err) = send_notification_email(&state, email_address, context).await { warn!("Failed to send trusted publishing notification to {email_address}: {err}"); diff --git a/src/controllers/trustpub/github_configs/create/snapshots/crates_io__controllers__trustpub__github_configs__create__tests__happy_path-3.snap b/src/controllers/trustpub/github_configs/create/snapshots/crates_io__controllers__trustpub__github_configs__create__tests__happy_path-3.snap index fa30fc4759b..9dabb8521ee 100644 --- a/src/controllers/trustpub/github_configs/create/snapshots/crates_io__controllers__trustpub__github_configs__create__tests__happy_path-3.snap +++ b/src/controllers/trustpub/github_configs/create/snapshots/crates_io__controllers__trustpub__github_configs__create__tests__happy_path-3.snap @@ -11,7 +11,7 @@ Content-Transfer-Encoding: quoted-printable Hello foo! -crates.io user foo added a new "Trusted Publishing" configuration for GitHub Actions to a crate that you manage ("foo"). Trusted publishers act as trusted users and can publish new versions of the crate automatically. +You added a new "Trusted Publishing" configuration for GitHub Actions to your crate "foo". Trusted publishers act as trusted users and can publish new versions of the crate automatically. Trusted Publishing configuration: diff --git a/src/controllers/trustpub/github_configs/delete/mod.rs b/src/controllers/trustpub/github_configs/delete/mod.rs index 31d97b78605..06663c6da7f 100644 --- a/src/controllers/trustpub/github_configs/delete/mod.rs +++ b/src/controllers/trustpub/github_configs/delete/mod.rs @@ -4,8 +4,8 @@ use crate::email::EmailMessage; use crate::util::errors::{AppResult, bad_request, not_found}; use anyhow::Context; use axum::extract::Path; -use crates_io_database::models::OwnerKind; use crates_io_database::models::trustpub::GitHubConfig; +use crates_io_database::models::{Crate, OwnerKind}; use crates_io_database::schema::{crate_owners, crates, emails, trustpub_configs_github, users}; use diesel::prelude::*; use diesel_async::RunQueryDsl; @@ -39,12 +39,12 @@ pub async fn delete_trustpub_github_config( let auth_user = auth.user(); // Check that a trusted publishing config with the given ID exists, - // and fetch the corresponding crate ID and name. - let (config, crate_name) = trustpub_configs_github::table + // and fetch the corresponding crate. + let (config, krate) = trustpub_configs_github::table .inner_join(crates::table) .filter(trustpub_configs_github::id.eq(id)) - .select((GitHubConfig::as_select(), crates::name)) - .first::<(GitHubConfig, String)>(&mut conn) + .select((GitHubConfig::as_select(), Crate::as_select())) + .first::<(GitHubConfig, Crate)>(&mut conn) .await .optional()? .ok_or_else(not_found)?; @@ -79,15 +79,7 @@ pub async fn delete_trustpub_github_config( .collect::>(); for (recipient, email_address) in &recipients { - let context = context! { - recipient => recipient, - user => auth_user.gh_login, - krate => crate_name, - repository_owner => config.repository_owner, - repository_name => config.repository_name, - workflow_filename => config.workflow_filename, - environment => config.environment - }; + let context = context! { recipient, auth_user, krate, config }; if let Err(err) = send_notification_email(&state, email_address, context).await { warn!("Failed to send trusted publishing notification to {email_address}: {err}"); diff --git a/src/controllers/trustpub/github_configs/delete/snapshots/crates_io__controllers__trustpub__github_configs__delete__tests__happy_path-2.snap b/src/controllers/trustpub/github_configs/delete/snapshots/crates_io__controllers__trustpub__github_configs__delete__tests__happy_path-2.snap index 22ebee4aecd..e636cb04d2d 100644 --- a/src/controllers/trustpub/github_configs/delete/snapshots/crates_io__controllers__trustpub__github_configs__delete__tests__happy_path-2.snap +++ b/src/controllers/trustpub/github_configs/delete/snapshots/crates_io__controllers__trustpub__github_configs__delete__tests__happy_path-2.snap @@ -11,7 +11,7 @@ Content-Transfer-Encoding: quoted-printable Hello foo! -crates.io user foo removed a "Trusted Publishing" configuration for GitHub Actions from a crate that you manage ("foo"). +You removed a "Trusted Publishing" configuration for GitHub Actions from your crate "foo". Trusted Publishing configuration: diff --git a/src/email/templates/config_created/body.txt.j2 b/src/email/templates/config_created/body.txt.j2 index 372a71affdc..43a45f50afc 100644 --- a/src/email/templates/config_created/body.txt.j2 +++ b/src/email/templates/config_created/body.txt.j2 @@ -3,14 +3,18 @@ {% block content %} Hello {{ recipient }}! -crates.io user {{ user }} added a new "Trusted Publishing" configuration for GitHub Actions to a crate that you manage ("{{ krate }}"). Trusted publishers act as trusted users and can publish new versions of the crate automatically. +{% if recipient == auth_user.gh_login -%} +You added a new "Trusted Publishing" configuration for GitHub Actions to your crate "{{ krate.name }}". Trusted publishers act as trusted users and can publish new versions of the crate automatically. +{%- else -%} +crates.io user {{ auth_user.gh_login }} added a new "Trusted Publishing" configuration for GitHub Actions to a crate that you manage ("{{ krate.name }}"). Trusted publishers act as trusted users and can publish new versions of the crate automatically. +{%- endif %} Trusted Publishing configuration: -- Repository owner: {{ repository_owner }} -- Repository name: {{ repository_name }} -- Workflow filename: {{ workflow_filename }} -- Environment: {{ environment or "(not set)" }} +- Repository owner: {{ saved_config.repository_owner }} +- Repository name: {{ saved_config.repository_name }} +- Workflow filename: {{ saved_config.workflow_filename }} +- Environment: {{ saved_config.environment or "(not set)" }} If you did not make this change and you think it was made maliciously, you can remove the configuration from the crate via the "Settings" tab on the crate's page. diff --git a/src/email/templates/config_created/subject.txt.j2 b/src/email/templates/config_created/subject.txt.j2 index 981251d5e66..15fe0abf4b4 100644 --- a/src/email/templates/config_created/subject.txt.j2 +++ b/src/email/templates/config_created/subject.txt.j2 @@ -1 +1 @@ -crates.io: Trusted Publishing configuration added to {{ krate }} +crates.io: Trusted Publishing configuration added to {{ krate.name }} diff --git a/src/email/templates/config_deleted/body.txt.j2 b/src/email/templates/config_deleted/body.txt.j2 index 4857d0e9e39..0622f957fdc 100644 --- a/src/email/templates/config_deleted/body.txt.j2 +++ b/src/email/templates/config_deleted/body.txt.j2 @@ -3,14 +3,18 @@ {% block content %} Hello {{ recipient }}! -crates.io user {{ user }} removed a "Trusted Publishing" configuration for GitHub Actions from a crate that you manage ("{{ krate }}"). +{% if recipient == auth_user.gh_login -%} +You removed a "Trusted Publishing" configuration for GitHub Actions from your crate "{{ krate.name }}". +{%- else -%} +crates.io user {{ auth_user.gh_login }} removed a "Trusted Publishing" configuration for GitHub Actions from a crate that you manage ("{{ krate.name }}"). +{%- endif %} Trusted Publishing configuration: -- Repository owner: {{ repository_owner }} -- Repository name: {{ repository_name }} -- Workflow filename: {{ workflow_filename }} -- Environment: {{ environment or "(not set)" }} +- Repository owner: {{ config.repository_owner }} +- Repository name: {{ config.repository_name }} +- Workflow filename: {{ config.workflow_filename }} +- Environment: {{ config.environment or "(not set)" }} If you did not make this change and you think it was made maliciously, you can email help@crates.io for assistance. {% endblock %} diff --git a/src/email/templates/config_deleted/subject.txt.j2 b/src/email/templates/config_deleted/subject.txt.j2 index d7c001b956e..fd27f9b3f51 100644 --- a/src/email/templates/config_deleted/subject.txt.j2 +++ b/src/email/templates/config_deleted/subject.txt.j2 @@ -1 +1 @@ -crates.io: Trusted Publishing configuration removed from {{ krate }} +crates.io: Trusted Publishing configuration removed from {{ krate.name }} diff --git a/src/tests/krate/publish/snapshots/crates_io__tests__krate__publish__trustpub__full_flow-11.snap b/src/tests/krate/publish/snapshots/crates_io__tests__krate__publish__trustpub__full_flow-11.snap index 5367f67f985..1c770530bd8 100644 --- a/src/tests/krate/publish/snapshots/crates_io__tests__krate__publish__trustpub__full_flow-11.snap +++ b/src/tests/krate/publish/snapshots/crates_io__tests__krate__publish__trustpub__full_flow-11.snap @@ -28,7 +28,7 @@ Content-Transfer-Encoding: quoted-printable Hello foo! -crates.io user foo added a new "Trusted Publishing" configuration for GitHub Actions to a crate that you manage ("foo"). Trusted publishers act as trusted users and can publish new versions of the crate automatically. +You added a new "Trusted Publishing" configuration for GitHub Actions to your crate "foo". Trusted publishers act as trusted users and can publish new versions of the crate automatically. Trusted Publishing configuration: