closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10185 Commits
2 Branches
178 MiB
Branch: for-closed-social
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'for-closed-social'
${ noResults }
gitea/integrations/api_helper_for_declarative_...

351 lines
11 KiB
Raw Permalink Normal View History

Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
Improve git test (#7086) * Ensure that the lfs files are created with a different prefix * Reduce the replication in git_test.go
5 years ago
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
Improve git test (#7086) * Ensure that the lfs files are created with a different prefix * Reduce the replication in git_test.go
5 years ago
Move sdk structs to modules/structs (#6905) * move sdk structs to moduels/structs * fix tests * fix fmt * fix swagger * fix vendor
5 years ago
Use gitea forked macaron (#7933) Signed-off-by: Tamal Saha <tamal@appscode.com>
4 years ago
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
Fix #732: Add LFS objects to base repository on merging (#7082) On merge we walk the merge history and ensure that all lfs objects pointed to in the history are added to the base repository. This switches from relying on having git-lfs installed on the server, (and in fact .gitattributes being correctly installed.)
4 years ago
Fix ssh deploy and user key constraints (#1357) (#5939) 1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
5 years ago
Improve git test (#7086) * Ensure that the lfs files are created with a different prefix * Reduce the replication in git_test.go
5 years ago
Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631) This PR fixes #7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however. ## Features - [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.) - [x] Verify commits signed with the default gpg as valid - [x] Signer, Committer and Author can all be different - [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon. - [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available - Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg - [x] Try to match the default key with a user on gitea - this is done at verification time - [x] Make things configurable? - app.ini configuration done - [x] when checking commits are signed need to check if they're actually verifiable too - [x] Add documentation I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
4 years ago
Correctly set the organization num repos (#11339) * Correctly set the organization num repos Correctly set the organization num repos to the number of accessible repos for the user Fix #11194 Signed-off-by: Andrew Thornton <art27@cantab.net> * as per @lunny Signed-off-by: Andrew Thornton <art27@cantab.net> * attempt to fix mssql Signed-off-by: Andrew Thornton <art27@cantab.net> * Update models/user.go * Explicit columns Signed-off-by: Andrew Thornton <art27@cantab.net> * Add test and fix 0 counted orgs Signed-off-by: Andrew Thornton <art27@cantab.net> * remove orgname from api Signed-off-by: Andrew Thornton <art27@cantab.net>
4 years ago
 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package integrations
  6. 

  7. import (
  8. 	"encoding/json"
  9. 	"fmt"
  10. 	"io/ioutil"
  11. 	"net/http"
  12. 	"testing"
  13. 

  14. 	"code.gitea.io/gitea/models"
  15. 	"code.gitea.io/gitea/modules/auth"
  16. 	api "code.gitea.io/gitea/modules/structs"
  17. 

  18. 	"github.com/stretchr/testify/assert"
  19. )
  20. 

  21. type APITestContext struct {
  22. 	Reponame     string
  23. 	Session      *TestSession
  24. 	Token        string
  25. 	Username     string
  26. 	ExpectedCode int
  27. }
  28. 

  29. func NewAPITestContext(t *testing.T, username, reponame string) APITestContext {
  30. 	session := loginUser(t, username)
  31. 	token := getTokenForLoggedInUser(t, session)
  32. 	return APITestContext{
  33. 		Session:  session,
  34. 		Token:    token,
  35. 		Username: username,
  36. 		Reponame: reponame,
  37. 	}
  38. }
  39. 

  40. func (ctx APITestContext) GitPath() string {
  41. 	return fmt.Sprintf("%s/%s.git", ctx.Username, ctx.Reponame)
  42. }
  43. 

  44. func doAPICreateRepository(ctx APITestContext, empty bool, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
  45. 	return func(t *testing.T) {
  46. 		createRepoOption := &api.CreateRepoOption{
  47. 			AutoInit:    !empty,
  48. 			Description: "Temporary repo",
  49. 			Name:        ctx.Reponame,
  50. 			Private:     true,
  51. 			Gitignores:  "",
  52. 			License:     "WTFPL",
  53. 			Readme:      "Default",
  54. 		}
  55. 		req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+ctx.Token, createRepoOption)
  56. 		if ctx.ExpectedCode != 0 {
  57. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  58. 			return
  59. 		}
  60. 		resp := ctx.Session.MakeRequest(t, req, http.StatusCreated)
  61. 

  62. 		var repository api.Repository
  63. 		DecodeJSON(t, resp, &repository)
  64. 		if len(callback) > 0 {
  65. 			callback[0](t, repository)
  66. 		}
  67. 	}
  68. }
  69. 

  70. func doAPIAddCollaborator(ctx APITestContext, username string, mode models.AccessMode) func(*testing.T) {
  71. 	return func(t *testing.T) {
  72. 		permission := "read"
  73. 

  74. 		if mode == models.AccessModeAdmin {
  75. 			permission = "admin"
  76. 		} else if mode > models.AccessModeRead {
  77. 			permission = "write"
  78. 		}
  79. 		addCollaboratorOption := &api.AddCollaboratorOption{
  80. 			Permission: &permission,
  81. 		}
  82. 		req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/%s/collaborators/%s?token=%s", ctx.Username, ctx.Reponame, username, ctx.Token), addCollaboratorOption)
  83. 		if ctx.ExpectedCode != 0 {
  84. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  85. 			return
  86. 		}
  87. 		ctx.Session.MakeRequest(t, req, http.StatusNoContent)
  88. 	}
  89. }
  90. 

  91. func doAPIForkRepository(ctx APITestContext, username string, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
  92. 	return func(t *testing.T) {
  93. 		createForkOption := &api.CreateForkOption{}
  94. 		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/forks?token=%s", username, ctx.Reponame, ctx.Token), createForkOption)
  95. 		if ctx.ExpectedCode != 0 {
  96. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  97. 			return
  98. 		}
  99. 		resp := ctx.Session.MakeRequest(t, req, http.StatusAccepted)
  100. 		var repository api.Repository
  101. 		DecodeJSON(t, resp, &repository)
  102. 		if len(callback) > 0 {
  103. 			callback[0](t, repository)
  104. 		}
  105. 	}
  106. }
  107. 

  108. func doAPIGetRepository(ctx APITestContext, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
  109. 	return func(t *testing.T) {
  110. 		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
  111. 

  112. 		req := NewRequest(t, "GET", urlStr)
  113. 		if ctx.ExpectedCode != 0 {
  114. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  115. 			return
  116. 		}
  117. 		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
  118. 

  119. 		var repository api.Repository
  120. 		DecodeJSON(t, resp, &repository)
  121. 		if len(callback) > 0 {
  122. 			callback[0](t, repository)
  123. 		}
  124. 	}
  125. }
  126. 

  127. func doAPIDeleteRepository(ctx APITestContext) func(*testing.T) {
  128. 	return func(t *testing.T) {
  129. 		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
  130. 

  131. 		req := NewRequest(t, "DELETE", urlStr)
  132. 		if ctx.ExpectedCode != 0 {
  133. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  134. 			return
  135. 		}
  136. 		ctx.Session.MakeRequest(t, req, http.StatusNoContent)
  137. 	}
  138. }
  139. 

  140. func doAPICreateUserKey(ctx APITestContext, keyname, keyFile string, callback ...func(*testing.T, api.PublicKey)) func(*testing.T) {
  141. 	return func(t *testing.T) {
  142. 		urlStr := fmt.Sprintf("/api/v1/user/keys?token=%s", ctx.Token)
  143. 

  144. 		dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
  145. 		assert.NoError(t, err)
  146. 		req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateKeyOption{
  147. 			Title: keyname,
  148. 			Key:   string(dataPubKey),
  149. 		})
  150. 		if ctx.ExpectedCode != 0 {
  151. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  152. 			return
  153. 		}
  154. 		resp := ctx.Session.MakeRequest(t, req, http.StatusCreated)
  155. 		var publicKey api.PublicKey
  156. 		DecodeJSON(t, resp, &publicKey)
  157. 		if len(callback) > 0 {
  158. 			callback[0](t, publicKey)
  159. 		}
  160. 	}
  161. }
  162. 

  163. func doAPIDeleteUserKey(ctx APITestContext, keyID int64) func(*testing.T) {
  164. 	return func(t *testing.T) {
  165. 		urlStr := fmt.Sprintf("/api/v1/user/keys/%d?token=%s", keyID, ctx.Token)
  166. 

  167. 		req := NewRequest(t, "DELETE", urlStr)
  168. 		if ctx.ExpectedCode != 0 {
  169. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  170. 			return
  171. 		}
  172. 		ctx.Session.MakeRequest(t, req, http.StatusNoContent)
  173. 	}
  174. }
  175. 

  176. func doAPICreateDeployKey(ctx APITestContext, keyname, keyFile string, readOnly bool) func(*testing.T) {
  177. 	return func(t *testing.T) {
  178. 		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
  179. 

  180. 		dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
  181. 		assert.NoError(t, err)
  182. 		req := NewRequestWithJSON(t, "POST", urlStr, api.CreateKeyOption{
  183. 			Title:    keyname,
  184. 			Key:      string(dataPubKey),
  185. 			ReadOnly: readOnly,
  186. 		})
  187. 

  188. 		if ctx.ExpectedCode != 0 {
  189. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  190. 			return
  191. 		}
  192. 		ctx.Session.MakeRequest(t, req, http.StatusCreated)
  193. 	}
  194. }
  195. 

  196. func doAPICreatePullRequest(ctx APITestContext, owner, repo, baseBranch, headBranch string) func(*testing.T) (api.PullRequest, error) {
  197. 	return func(t *testing.T) (api.PullRequest, error) {
  198. 		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/pulls?token=%s",
  199. 			owner, repo, ctx.Token)
  200. 		req := NewRequestWithJSON(t, http.MethodPost, urlStr, &api.CreatePullRequestOption{
  201. 			Head:  headBranch,
  202. 			Base:  baseBranch,
  203. 			Title: fmt.Sprintf("create a pr from %s to %s", headBranch, baseBranch),
  204. 		})
  205. 

  206. 		expected := 201
  207. 		if ctx.ExpectedCode != 0 {
  208. 			expected = ctx.ExpectedCode
  209. 		}
  210. 		resp := ctx.Session.MakeRequest(t, req, expected)
  211. 		decoder := json.NewDecoder(resp.Body)
  212. 		pr := api.PullRequest{}
  213. 		err := decoder.Decode(&pr)
  214. 		return pr, err
  215. 	}
  216. }
  217. 

  218. func doAPIMergePullRequest(ctx APITestContext, owner, repo string, index int64) func(*testing.T) {
  219. 	return func(t *testing.T) {
  220. 		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d/merge?token=%s",
  221. 			owner, repo, index, ctx.Token)
  222. 		req := NewRequestWithJSON(t, http.MethodPost, urlStr, &auth.MergePullRequestForm{
  223. 			MergeMessageField: "doAPIMergePullRequest Merge",
  224. 			Do:                string(models.MergeStyleMerge),
  225. 		})
  226. 

  227. 		if ctx.ExpectedCode != 0 {
  228. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  229. 			return
  230. 		}
  231. 		ctx.Session.MakeRequest(t, req, 200)
  232. 	}
  233. }
  234. 

  235. func doAPIGetBranch(ctx APITestContext, branch string, callback ...func(*testing.T, api.Branch)) func(*testing.T) {
  236. 	return func(t *testing.T) {
  237. 		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/branches/%s?token=%s", ctx.Username, ctx.Reponame, branch, ctx.Token)
  238. 		if ctx.ExpectedCode != 0 {
  239. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  240. 			return
  241. 		}
  242. 		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
  243. 

  244. 		var branch api.Branch
  245. 		DecodeJSON(t, resp, &branch)
  246. 		if len(callback) > 0 {
  247. 			callback[0](t, branch)
  248. 		}
  249. 	}
  250. }
  251. 

  252. func doAPICreateFile(ctx APITestContext, treepath string, options *api.CreateFileOptions, callback ...func(*testing.T, api.FileResponse)) func(*testing.T) {
  253. 	return func(t *testing.T) {
  254. 		url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", ctx.Username, ctx.Reponame, treepath, ctx.Token)
  255. 		req := NewRequestWithJSON(t, "POST", url, &options)
  256. 		if ctx.ExpectedCode != 0 {
  257. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  258. 			return
  259. 		}
  260. 		resp := ctx.Session.MakeRequest(t, req, http.StatusCreated)
  261. 

  262. 		var contents api.FileResponse
  263. 		DecodeJSON(t, resp, &contents)
  264. 		if len(callback) > 0 {
  265. 			callback[0](t, contents)
  266. 		}
  267. 	}
  268. }
  269. 

  270. func doAPICreateOrganization(ctx APITestContext, options *api.CreateOrgOption, callback ...func(*testing.T, api.Organization)) func(t *testing.T) {
  271. 	return func(t *testing.T) {
  272. 		url := fmt.Sprintf("/api/v1/orgs?token=%s", ctx.Token)
  273. 

  274. 		req := NewRequestWithJSON(t, "POST", url, &options)
  275. 		if ctx.ExpectedCode != 0 {
  276. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  277. 			return
  278. 		}
  279. 		resp := ctx.Session.MakeRequest(t, req, http.StatusCreated)
  280. 

  281. 		var contents api.Organization
  282. 		DecodeJSON(t, resp, &contents)
  283. 		if len(callback) > 0 {
  284. 			callback[0](t, contents)
  285. 		}
  286. 	}
  287. }
  288. 

  289. func doAPICreateOrganizationRepository(ctx APITestContext, orgName string, options *api.CreateRepoOption, callback ...func(*testing.T, api.Repository)) func(t *testing.T) {
  290. 	return func(t *testing.T) {
  291. 		url := fmt.Sprintf("/api/v1/orgs/%s/repos?token=%s", orgName, ctx.Token)
  292. 

  293. 		req := NewRequestWithJSON(t, "POST", url, &options)
  294. 		if ctx.ExpectedCode != 0 {
  295. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  296. 			return
  297. 		}
  298. 		resp := ctx.Session.MakeRequest(t, req, http.StatusCreated)
  299. 

  300. 		var contents api.Repository
  301. 		DecodeJSON(t, resp, &contents)
  302. 		if len(callback) > 0 {
  303. 			callback[0](t, contents)
  304. 		}
  305. 	}
  306. }
  307. 

  308. func doAPICreateOrganizationTeam(ctx APITestContext, orgName string, options *api.CreateTeamOption, callback ...func(*testing.T, api.Team)) func(t *testing.T) {
  309. 	return func(t *testing.T) {
  310. 		url := fmt.Sprintf("/api/v1/orgs/%s/teams?token=%s", orgName, ctx.Token)
  311. 

  312. 		req := NewRequestWithJSON(t, "POST", url, &options)
  313. 		if ctx.ExpectedCode != 0 {
  314. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  315. 			return
  316. 		}
  317. 		resp := ctx.Session.MakeRequest(t, req, http.StatusCreated)
  318. 

  319. 		var contents api.Team
  320. 		DecodeJSON(t, resp, &contents)
  321. 		if len(callback) > 0 {
  322. 			callback[0](t, contents)
  323. 		}
  324. 	}
  325. }
  326. 

  327. func doAPIAddUserToOrganizationTeam(ctx APITestContext, teamID int64, username string) func(t *testing.T) {
  328. 	return func(t *testing.T) {
  329. 		url := fmt.Sprintf("/api/v1/teams/%d/members/%s?token=%s", teamID, username, ctx.Token)
  330. 

  331. 		req := NewRequest(t, "PUT", url)
  332. 		if ctx.ExpectedCode != 0 {
  333. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  334. 			return
  335. 		}
  336. 		ctx.Session.MakeRequest(t, req, http.StatusNoContent)
  337. 	}
  338. }
  339. 

  340. func doAPIAddRepoToOrganizationTeam(ctx APITestContext, teamID int64, orgName, repoName string) func(t *testing.T) {
  341. 	return func(t *testing.T) {
  342. 		url := fmt.Sprintf("/api/v1/teams/%d/repos/%s/%s?token=%s", teamID, orgName, repoName, ctx.Token)
  343. 

  344. 		req := NewRequest(t, "PUT", url)
  345. 		if ctx.ExpectedCode != 0 {
  346. 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
  347. 			return
  348. 		}
  349. 		ctx.Session.MakeRequest(t, req, http.StatusNoContent)
  350. 	}
  351. }