vikarti.anatra/Skyvern
1
0
Fork 0
mirror of https://github.com/Skyvern-AI/skyvern.git synced 2025-09-14 09:19:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

validate credential IDs before workflow execution (#2737)

Browse source
This commit is contained in:
Prakash Maheshwaran 2025-06-18 00:33:16 -04:00 committed by GitHub
parent 70f5106ea2
commit 14bc711240
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 18 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
skyvern/exceptions.py
View file

@ -163,6 +163,14 @@ class MissingValueForParameter(SkyvernHTTPException):
) )
class InvalidCredentialId(SkyvernHTTPException):
def __init__(self, credential_id: str) -> None:
super().__init__(
f"Invalid credential ID: {credential_id}. Failed to resolve to a valid credential.",
status_code=status.HTTP_400_BAD_REQUEST,
)
class WorkflowParameterNotFound(SkyvernHTTPException): class WorkflowParameterNotFound(SkyvernHTTPException):
def __init__(self, workflow_parameter_id: str) -> None: def __init__(self, workflow_parameter_id: str) -> None:
super().__init__( super().__init__(

10
skyvern/forge/sdk/workflow/service.py
View file

@ -11,6 +11,7 @@ from skyvern.config import settings
from skyvern.constants import GET_DOWNLOADED_FILES_TIMEOUT, SAVE_DOWNLOADED_FILES_TIMEOUT from skyvern.constants import GET_DOWNLOADED_FILES_TIMEOUT, SAVE_DOWNLOADED_FILES_TIMEOUT
from skyvern.exceptions import ( from skyvern.exceptions import (
FailedToSendWebhook, FailedToSendWebhook,
InvalidCredentialId,
MissingValueForParameter, MissingValueForParameter,
SkyvernException, SkyvernException,
WorkflowNotFound, WorkflowNotFound,
@ -118,6 +119,11 @@ class WorkflowService:
results.extend(WorkflowService._collect_extracted_information(item)) results.extend(WorkflowService._collect_extracted_information(item))
return results return results
async def _validate_credential_id(self, credential_id: str, organization: Organization) -> None:
credential = await app.DATABASE.get_credential(credential_id, organization_id=organization.organization_id)
if credential is None:
raise InvalidCredentialId(credential_id)
async def setup_workflow_run( async def setup_workflow_run(
self, self,
request_id: str | None, request_id: str | None,
@ -189,12 +195,16 @@ class WorkflowService:
for workflow_parameter in all_workflow_parameters: for workflow_parameter in all_workflow_parameters:
if workflow_request.data and workflow_parameter.key in workflow_request.data: if workflow_request.data and workflow_parameter.key in workflow_request.data:
request_body_value = workflow_request.data[workflow_parameter.key] request_body_value = workflow_request.data[workflow_parameter.key]
if workflow_parameter.workflow_parameter_type == WorkflowParameterType.CREDENTIAL_ID:
await self._validate_credential_id(str(request_body_value), organization)
await self.create_workflow_run_parameter( await self.create_workflow_run_parameter(
workflow_run_id=workflow_run.workflow_run_id, workflow_run_id=workflow_run.workflow_run_id,
workflow_parameter=workflow_parameter, workflow_parameter=workflow_parameter,
value=request_body_value, value=request_body_value,
) )
elif workflow_parameter.default_value is not None: elif workflow_parameter.default_value is not None:
if workflow_parameter.workflow_parameter_type == WorkflowParameterType.CREDENTIAL_ID:
await self._validate_credential_id(str(workflow_parameter.default_value), organization)
await self.create_workflow_run_parameter( await self.create_workflow_run_parameter(
workflow_run_id=workflow_run.workflow_run_id, workflow_run_id=workflow_run.workflow_run_id,
workflow_parameter=workflow_parameter, workflow_parameter=workflow_parameter,