vodorod/Dorod-Sky
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

validate task_id, workflow_id, workflow_run_id for send_totp_code endpoint before llm prompt to parse totp prompt to fail early (#4004)

Browse Source
This commit is contained in:
Shuchang Zheng
2025-11-16 07:10:49 -08:00
committed by GitHub
parent e62d3a1b5e
commit bd1fb9549c
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
skyvern/forge/sdk/routes/credentials.py
View File

@@ -94,6 +94,19 @@ async def send_totp_code(
workflow_id=data.workflow_id,
workflow_run_id=data.workflow_run_id,
)
# validate task_id, workflow_id, workflow_run_id are valid ids in db if provided
if data.task_id:
task = await app.DATABASE.get_task(data.task_id, curr_org.organization_id)
if not task:
raise HTTPException(status_code=400, detail=f"Invalid task id: {data.task_id}")
if data.workflow_id:
workflow = await app.DATABASE.get_workflow(data.workflow_id, curr_org.organization_id)
if not workflow:
raise HTTPException(status_code=400, detail=f"Invalid workflow id: {data.workflow_id}")
if data.workflow_run_id:
workflow_run = await app.DATABASE.get_workflow_run(data.workflow_run_id, curr_org.organization_id)
if not workflow_run:
raise HTTPException(status_code=400, detail=f"Invalid workflow run id: {data.workflow_run_id}")
content = data.content.strip()
otp_value: OTPValue | None = OTPValue(value=content, type=OTPType.TOTP)
# We assume the user is sending the code directly when the length of code is less than or equal to 10