From 13417cf9c6eec555b51da49742e47939d2f5715b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 19 Oct 2012 22:47:33 -0400
Subject: [PATCH] Exclude submodules from zip downloads (issue 151)

---
 tests/com/gitblit/tests/GitServletTest.java |  171 ++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 files changed, 145 insertions(+), 26 deletions(-)

diff --git a/tests/com/gitblit/tests/GitServletTest.java b/tests/com/gitblit/tests/GitServletTest.java
index 09e0e5a..4342386 100644
--- a/tests/com/gitblit/tests/GitServletTest.java
+++ b/tests/com/gitblit/tests/GitServletTest.java
@@ -67,15 +67,19 @@
 	
 	public static void deleteWorkingFolders() throws Exception {
 		if (ticgitFolder.exists()) {
+			GitBlitSuite.close(ticgitFolder);
 			FileUtils.delete(ticgitFolder, FileUtils.RECURSIVE);
 		}
 		if (ticgit2Folder.exists()) {
+			GitBlitSuite.close(ticgit2Folder);
 			FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE);
 		}
 		if (jgitFolder.exists()) {
+			GitBlitSuite.close(jgitFolder);
 			FileUtils.delete(jgitFolder, FileUtils.RECURSIVE);
 		}
 		if (jgit2Folder.exists()) {
+			GitBlitSuite.close(jgit2Folder);
 			FileUtils.delete(jgit2Folder, FileUtils.RECURSIVE);
 		}
 	}
@@ -88,7 +92,7 @@
 		clone.setBare(false);
 		clone.setCloneAllBranches(true);
 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));
-		close(clone.call());		
+		GitBlitSuite.close(clone.call());		
 		assertTrue(true);
 	}
 
@@ -108,7 +112,7 @@
 			clone.setBare(false);
 			clone.setCloneAllBranches(true);
 			clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider("bogus", "bogus"));
-			close(clone.call());
+			GitBlitSuite.close(clone.call());
 			cloned = true;
 		} catch (Exception e) {
 			// swallow the exception which we expect
@@ -143,7 +147,7 @@
 			clone.setBare(false);
 			clone.setCloneAllBranches(true);
 			clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(user.username, user.password));
-			close(clone.call());
+			GitBlitSuite.close(clone.call());
 			cloned = true;
 		} catch (Exception e) {
 			// swallow the exception which we expect
@@ -165,7 +169,7 @@
 		clone.setBare(false);
 		clone.setCloneAllBranches(true);
 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(user.username, user.password));
-		close(clone.call());
+		GitBlitSuite.close(clone.call());
 		cloned = true;
 
 		assertTrue("Authenticated login could not clone!", cloned);
@@ -190,7 +194,7 @@
 		git.add().addFilepattern(file.getName()).call();
 		git.commit().setMessage("test commit").call();
 		git.push().setPushAll().call();
-		close(git);
+		GitBlitSuite.close(git);
 	}
 
 	@Test
@@ -201,7 +205,7 @@
 		clone.setBare(false);
 		clone.setCloneAllBranches(true);
 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));
-		close(clone.call());
+		GitBlitSuite.close(clone.call());
 		assertTrue(true);
 
 		Git git = Git.open(jgitFolder);
@@ -213,7 +217,7 @@
 		git.add().addFilepattern(file.getName()).call();
 		git.commit().setMessage("test commit").call();
 		git.push().setPushAll().call();
-		close(git);
+		GitBlitSuite.close(git);
 	}
 	
 	@Test
@@ -224,7 +228,7 @@
 		clone.setBare(false);
 		clone.setCloneAllBranches(true);
 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));
-		close(clone.call());
+		GitBlitSuite.close(clone.call());
 		assertTrue(true);
 
 		Git git = Git.open(jgit2Folder);
@@ -241,7 +245,113 @@
 		} catch (Exception e) {
 			assertTrue(e.getCause().getMessage().contains("git-receive-pack not permitted"));
 		}
-		close(git);
+		GitBlitSuite.close(git);
+	}
+
+	@Test
+	public void testCommitterVerification() throws Exception {
+		UserModel user = new UserModel("james");
+		user.password = "james";
+
+		// account only uses account name to verify
+		testCommitterVerification(user, user.username, null, true);
+		// committer email address is ignored because account does not specify email
+		testCommitterVerification(user, user.username, "something", true);
+		// completely different committer
+		testCommitterVerification(user, "joe", null, false);
+
+		// test display name verification
+		user.displayName = "James Moger";
+		testCommitterVerification(user, user.displayName, null, true);
+		testCommitterVerification(user, user.displayName, "something", true);
+		testCommitterVerification(user, "joe", null, false);
+		
+		// test email address verification
+		user.emailAddress = "something";
+		testCommitterVerification(user, user.displayName, null, false);
+		testCommitterVerification(user, user.displayName, "somethingelse", false);
+		testCommitterVerification(user, user.displayName, user.emailAddress, true);
+		
+		// use same email address but with different committer
+		testCommitterVerification(user, "joe", "somethingelse", false);
+	}
+	
+	private void testCommitterVerification(UserModel user, String displayName, String emailAddress, boolean expectedSuccess) throws Exception {
+		
+		if (GitBlit.self().getUserModel(user.username) != null) {
+			GitBlit.self().deleteUser(user.username);
+		}
+		
+		CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);
+		
+		// fork from original to a temporary bare repo
+		File verification = new File(GitBlitSuite.REPOSITORIES, "refchecks/verify-committer.git");
+		if (verification.exists()) {
+			FileUtils.delete(verification, FileUtils.RECURSIVE);
+		}
+		CloneCommand clone = Git.cloneRepository();
+		clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url));
+		clone.setDirectory(verification);
+		clone.setBare(true);
+		clone.setCloneAllBranches(true);
+		clone.setCredentialsProvider(cp);
+		GitBlitSuite.close(clone.call());
+		
+		// require push permissions and committer verification
+		RepositoryModel model = GitBlit.self().getRepositoryModel("refchecks/verify-committer.git");
+		model.authorizationControl = AuthorizationControl.NAMED;
+		model.accessRestriction = AccessRestrictionType.PUSH;
+		model.verifyCommitter = true;
+		
+		// grant user push permission
+		user.setRepositoryPermission(model.name, AccessPermission.PUSH);
+		
+		GitBlit.self().updateUserModel(user.username, user, true);
+		GitBlit.self().updateRepositoryModel(model.name, model, false);
+
+		// clone temp bare repo to working copy
+		File local = new File(GitBlitSuite.REPOSITORIES, "refchecks/verify-wc");
+		if (local.exists()) {
+			FileUtils.delete(local, FileUtils.RECURSIVE);
+		}
+		clone = Git.cloneRepository();
+		clone.setURI(MessageFormat.format("{0}/git/{1}", url, model.name));
+		clone.setDirectory(local);
+		clone.setBare(false);
+		clone.setCloneAllBranches(true);
+		clone.setCredentialsProvider(cp);
+		GitBlitSuite.close(clone.call());
+		
+		Git git = Git.open(local);
+		
+		// force an identity which may or may not match the account's identity
+		git.getRepository().getConfig().setString("user", null, "name", displayName);
+		git.getRepository().getConfig().setString("user", null, "email", emailAddress);
+		git.getRepository().getConfig().save();
+		
+		// commit a file and push it
+		File file = new File(local, "PUSHCHK");
+		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);
+		BufferedWriter w = new BufferedWriter(os);
+		w.write("// " + new Date().toString() + "\n");
+		w.close();
+		git.add().addFilepattern(file.getName()).call();
+		git.commit().setMessage("push test").call();
+		Iterable<PushResult> results = git.push().setCredentialsProvider(cp).setRemote("origin").call();
+		
+		for (PushResult result : results) {
+			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");
+			Status status = ref.getStatus();
+			if (expectedSuccess) {
+				assertTrue("Verification failed! User was NOT able to push commit! " + status.name(), Status.OK.equals(status));
+			} else {
+				assertTrue("Verification failed! User was able to push commit! " + status.name(), Status.REJECTED_OTHER_REASON.equals(status));
+			}
+		}
+		
+		GitBlitSuite.close(git);
+		// close serving repository
+		GitBlitSuite.close(verification);
 	}
 
 	@Test
@@ -296,7 +406,7 @@
 		clone.setBare(true);
 		clone.setCloneAllBranches(true);
 		clone.setCredentialsProvider(cp);
-		close(clone.call());
+		GitBlitSuite.close(clone.call());
 
 		// elevate repository to clone permission
 		RepositoryModel model = GitBlit.self().getRepositoryModel("refchecks/ticgit.git");
@@ -331,13 +441,16 @@
 		clone.setCredentialsProvider(cp);
 		
 		try {
-			close(clone.call());
+			GitBlitSuite.close(clone.call());
 		} catch (GitAPIException e) {
 			if (permission.atLeast(AccessPermission.CLONE)) {
 				throw e;
 			} else {
+				// close serving repository
+				GitBlitSuite.close(refChecks);
+				
 				// user does not have clone permission
-				assertTrue(e.getMessage(), e.getMessage().contains("not permitted"));				
+				assertTrue(e.getMessage(), e.getMessage().contains("not permitted"));	
 				return;
 			}
 		}
@@ -359,9 +472,12 @@
 			if (permission.atLeast(AccessPermission.PUSH)) {
 				throw e;
 			} else {
+				// close serving repository
+				GitBlitSuite.close(refChecks);
+				
 				// user does not have push permission
 				assertTrue(e.getMessage(), e.getMessage().contains("not permitted"));
-				close(git);
+				GitBlitSuite.close(git);
 				return;
 			}
 		}
@@ -372,8 +488,11 @@
 			if (permission.atLeast(AccessPermission.PUSH)) {
 				assertTrue("User failed to push commit?! " + status.name(), Status.OK.equals(status));
 			} else {
+				// close serving repository
+				GitBlitSuite.close(refChecks);
+
 				assertTrue("User was able to push commit! " + status.name(), Status.REJECTED_OTHER_REASON.equals(status));
-				close(git);
+				GitBlitSuite.close(git);
 				// skip delete test
 				return;
 			}
@@ -389,8 +508,11 @@
 			if (Status.OK.equals(expectedCreate)) {
 				assertTrue("User failed to push creation?! " + status.name(), status.equals(expectedCreate));
 			} else {
+				// close serving repository
+				GitBlitSuite.close(refChecks);
+
 				assertTrue("User was able to push ref creation! " + status.name(), status.equals(expectedCreate));
-				close(git);
+				GitBlitSuite.close(git);
 				// skip delete test
 				return;
 			}
@@ -408,8 +530,11 @@
 			if (Status.OK.equals(expectedDelete)) {
 				assertTrue("User failed to push ref deletion?! " + status.name(), status.equals(Status.OK));
 			} else {
+				// close serving repository
+				GitBlitSuite.close(refChecks);
+
 				assertTrue("User was able to push ref deletion?! " + status.name(), status.equals(expectedDelete));
-				close(git);
+				GitBlitSuite.close(git);
 				// skip rewind test
 				return;
 			}
@@ -445,17 +570,11 @@
 				assertTrue("User was able to rewind master?! " + status.name(), status.equals(expectedRewind));
 			}
 		}
-		close(git);
+		GitBlitSuite.close(git);
 		
-		GitBlit.self().deleteUser(user.username);
-	}
+		// close serving repository
+		GitBlitSuite.close(refChecks);
 
-	
-	private void close(Git git) {
-		// really close the repository
-		// decrement the use counter to 0
-		for (int i = 0; i < 2; i++) {
-			git.getRepository().close();
-		}
+		GitBlit.self().deleteUser(user.username);
 	}
 }

--
Gitblit v1.9.1