githubFork/gitblit.git - Solinfo Gitblit

			@@ -1,5 +1,6 @@
			package com.gitblit.tests;

			import static org.junit.Assert.assertEquals;
			import static org.junit.Assert.assertFalse;
			import static org.junit.Assert.assertTrue;

			@@ -32,6 +33,7 @@
			import com.gitblit.Constants.AccessRestrictionType;
			import com.gitblit.Constants.AuthorizationControl;
			import com.gitblit.GitBlit;
			import com.gitblit.Keys;
			import com.gitblit.models.RepositoryModel;
			import com.gitblit.models.UserModel;
			import com.gitblit.utils.JGitUtils;
			@@ -246,6 +248,112 @@
			assertTrue(e.getCause().getMessage().contains("git-receive-pack not permitted"));
			}
			GitBlitSuite.close(git);
			}

			@Test
			public void testCommitterVerification() throws Exception {
			UserModel user = new UserModel("james");
			user.password = "james";

			// account only uses account name to verify
			testCommitterVerification(user, user.username, null, true);
			// committer email address is ignored because account does not specify email
			testCommitterVerification(user, user.username, "something", true);
			// completely different committer
			testCommitterVerification(user, "joe", null, false);

			// test display name verification
			user.displayName = "James Moger";
			testCommitterVerification(user, user.displayName, null, true);
			testCommitterVerification(user, user.displayName, "something", true);
			testCommitterVerification(user, "joe", null, false);

			// test email address verification
			user.emailAddress = "something";
			testCommitterVerification(user, user.displayName, null, false);
			testCommitterVerification(user, user.displayName, "somethingelse", false);
			testCommitterVerification(user, user.displayName, user.emailAddress, true);

			// use same email address but with different committer
			testCommitterVerification(user, "joe", "somethingelse", false);
			}

			private void testCommitterVerification(UserModel user, String displayName, String emailAddress, boolean expectedSuccess) throws Exception {

			if (GitBlit.self().getUserModel(user.username) != null) {
			GitBlit.self().deleteUser(user.username);
			}

			CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);

			// fork from original to a temporary bare repo
			File verification = new File(GitBlitSuite.REPOSITORIES, "refchecks/verify-committer.git");
			if (verification.exists()) {
			FileUtils.delete(verification, FileUtils.RECURSIVE);
			}
			CloneCommand clone = Git.cloneRepository();
			clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url));
			clone.setDirectory(verification);
			clone.setBare(true);
			clone.setCloneAllBranches(true);
			clone.setCredentialsProvider(cp);
			GitBlitSuite.close(clone.call());

			// require push permissions and committer verification
			RepositoryModel model = GitBlit.self().getRepositoryModel("refchecks/verify-committer.git");
			model.authorizationControl = AuthorizationControl.NAMED;
			model.accessRestriction = AccessRestrictionType.PUSH;
			model.verifyCommitter = true;

			// grant user push permission
			user.setRepositoryPermission(model.name, AccessPermission.PUSH);

			GitBlit.self().updateUserModel(user.username, user, true);
			GitBlit.self().updateRepositoryModel(model.name, model, false);

			// clone temp bare repo to working copy
			File local = new File(GitBlitSuite.REPOSITORIES, "refchecks/verify-wc");
			if (local.exists()) {
			FileUtils.delete(local, FileUtils.RECURSIVE);
			}
			clone = Git.cloneRepository();
			clone.setURI(MessageFormat.format("{0}/git/{1}", url, model.name));
			clone.setDirectory(local);
			clone.setBare(false);
			clone.setCloneAllBranches(true);
			clone.setCredentialsProvider(cp);
			GitBlitSuite.close(clone.call());

			Git git = Git.open(local);

			// force an identity which may or may not match the account's identity
			git.getRepository().getConfig().setString("user", null, "name", displayName);
			git.getRepository().getConfig().setString("user", null, "email", emailAddress);
			git.getRepository().getConfig().save();

			// commit a file and push it
			File file = new File(local, "PUSHCHK");
			OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);
			BufferedWriter w = new BufferedWriter(os);
			w.write("// " + new Date().toString() + "\n");
			w.close();
			git.add().addFilepattern(file.getName()).call();
			git.commit().setMessage("push test").call();
			Iterable<PushResult> results = git.push().setCredentialsProvider(cp).setRemote("origin").call();

			for (PushResult result : results) {
			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");
			Status status = ref.getStatus();
			if (expectedSuccess) {
			assertTrue("Verification failed! User was NOT able to push commit! " + status.name(), Status.OK.equals(status));
			} else {
			assertTrue("Verification failed! User was able to push commit! " + status.name(), Status.REJECTED_OTHER_REASON.equals(status));
			}
			}

			GitBlitSuite.close(git);
			// close serving repository
			GitBlitSuite.close(verification);
			}

			@Test
			@@ -471,4 +579,112 @@

			GitBlit.self().deleteUser(user.username);
			}

			@Test
			public void testCreateOnPush() throws Exception {
			testCreateOnPush(false, false);
			testCreateOnPush(true, false);
			testCreateOnPush(false, true);
			}

			private void testCreateOnPush(boolean canCreate, boolean canAdmin) throws Exception {

			UserModel user = new UserModel("sampleuser");
			user.password = user.username;

			if (GitBlit.self().getUserModel(user.username) != null) {
			GitBlit.self().deleteUser(user.username);
			}

			user.canCreate = canCreate;
			user.canAdmin = canAdmin;

			GitBlit.self().updateUserModel(user.username, user, true);

			CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);

			// fork from original to a temporary bare repo
			File tmpFolder = File.createTempFile("gitblit", "").getParentFile();
			File createCheck = new File(tmpFolder, "ticgit.git");
			if (createCheck.exists()) {
			FileUtils.delete(createCheck, FileUtils.RECURSIVE);
			}

			File personalRepo = new File(GitBlitSuite.REPOSITORIES, MessageFormat.format("~{0}/ticgit.git", user.username));
			GitBlitSuite.close(personalRepo);
			if (personalRepo.exists()) {
			FileUtils.delete(personalRepo, FileUtils.RECURSIVE);
			}

			File projectRepo = new File(GitBlitSuite.REPOSITORIES, "project/ticgit.git");
			GitBlitSuite.close(projectRepo);
			if (projectRepo.exists()) {
			FileUtils.delete(projectRepo, FileUtils.RECURSIVE);
			}

			CloneCommand clone = Git.cloneRepository();
			clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url));
			clone.setDirectory(createCheck);
			clone.setBare(true);
			clone.setCloneAllBranches(true);
			clone.setCredentialsProvider(cp);
			Git git = clone.call();

			GitBlitSuite.close(personalRepo);

			// add a personal repository remote and a project remote
			git.getRepository().getConfig().setString("remote", "user", "url", MessageFormat.format("{0}/git/~{1}/ticgit.git", url, user.username));
			git.getRepository().getConfig().setString("remote", "project", "url", MessageFormat.format("{0}/git/project/ticgit.git", url));
			git.getRepository().getConfig().save();

			// push to non-existent user repository
			try {
			Iterable<PushResult> results = git.push().setRemote("user").setPushAll().setCredentialsProvider(cp).call();

			for (PushResult result : results) {
			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");
			Status status = ref.getStatus();
			assertTrue("User failed to create repository?! " + status.name(), Status.OK.equals(status));
			}

			assertTrue("User canAdmin:" + user.canAdmin + " canCreate:" + user.canCreate, user.canAdmin \|\| user.canCreate);

			// confirm default personal repository permissions
			RepositoryModel model = GitBlit.self().getRepositoryModel(MessageFormat.format("~{0}/ticgit.git", user.username));
			assertEquals("Unexpected owner", user.username, model.owner);
			assertEquals("Unexpected authorization control", AuthorizationControl.NAMED, model.authorizationControl);
			assertEquals("Unexpected access restriction", AccessRestrictionType.VIEW, model.accessRestriction);

			} catch (GitAPIException e) {
			assertTrue(e.getMessage(), e.getMessage().contains("git-receive-pack not found"));
			assertFalse("User canAdmin:" + user.canAdmin + " canCreate:" + user.canCreate, user.canAdmin \|\| user.canCreate);
			}

			// push to non-existent project repository
			try {
			Iterable<PushResult> results = git.push().setRemote("project").setPushAll().setCredentialsProvider(cp).call();
			GitBlitSuite.close(git);

			for (PushResult result : results) {
			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");
			Status status = ref.getStatus();
			assertTrue("User failed to create repository?! " + status.name(), Status.OK.equals(status));
			}

			assertTrue("User canAdmin:" + user.canAdmin, user.canAdmin);

			// confirm default project repository permissions
			RepositoryModel model = GitBlit.self().getRepositoryModel("project/ticgit.git");
			assertEquals("Unexpected owner", user.username, model.owner);
			assertEquals("Unexpected authorization control", AuthorizationControl.fromName(GitBlit.getString(Keys.git.defaultAuthorizationControl, "NAMED")), model.authorizationControl);
			assertEquals("Unexpected access restriction", AccessRestrictionType.fromName(GitBlit.getString(Keys.git.defaultAccessRestriction, "NONE")), model.accessRestriction);

			} catch (GitAPIException e) {
			assertTrue(e.getMessage(), e.getMessage().contains("git-receive-pack not found"));
			assertFalse("User canAdmin:" + user.canAdmin, user.canAdmin);
			}

			GitBlitSuite.close(git);
			GitBlit.self().deleteUser(user.username);
			}
			}