From 72cb19b84e87e63770391a37ea3872f963574869 Mon Sep 17 00:00:00 2001 From: James Moger Date: Sun, 21 Oct 2012 22:04:35 -0400 Subject: [PATCH] Implemented optional create-on-push If this feature is enabled then permitted users can automatically create a repository when pushing to one that does not yet exist. Permitted users are administrators and any user with the CREATE role. If the pushing account is an administrator, the created repository may be located in any folder/project space. This reposiory will inherit the server's default access restriction and authorization control. The repository owner will be the pushing account. If the pushing account is a regular user with the CREATE role, the repository can only be located in the account's personal folder (~username/myrepo.git). This repository will be VIEW restricted and accessible by NAMED users. The repository owner will be the pushing account. --- distrib/gitblit.properties | 14 +++ docs/01_features.mkd | 1 + docs/04_releases.mkd | 2 + docs/05_roadmap.mkd | 4 - src/com/gitblit/AccessRestrictionFilter.java | 49 +++++++-- src/com/gitblit/DownloadZipFilter.java | 10 ++ src/com/gitblit/GitFilter.java | 57 ++++++++++ src/com/gitblit/PagesFilter.java | 10 ++ src/com/gitblit/models/UserModel.java | 22 ++++ tests/com/gitblit/tests/GitServletTest.java | 106 +++++++++++++++++++ 10 files changed, 265 insertions(+), 10 deletions(-) diff --git a/distrib/gitblit.properties b/distrib/gitblit.properties index fe7692be..89a7c2f3 100644 --- a/distrib/gitblit.properties +++ b/distrib/gitblit.properties @@ -76,6 +76,20 @@ git.enableGitServlet = true # SINCE 0.9.0 git.onlyAccessBareRepositories = false +# Allow an authenticated user to create a destination repository on a push if +# the repository does not already exist. +# +# Administrator accounts can create a repository in any project. +# These repositories are created with the default access restriction and authorization +# control values. The pushing account is set as the owner. +# +# Non-administrator accounts with the CREATE role may create personal repositories. +# These repositories are created as VIEW restricted for NAMED users. +# The pushing account is set as the owner. +# +# SINCE 1.2.0 +git.allowCreateOnPush = true + # The default access restriction for new repositories. # Valid values are NONE, PUSH, CLONE, VIEW # NONE = anonymous view, clone, & push diff --git a/docs/01_features.mkd b/docs/01_features.mkd index e1c0afa4..e9e7726c 100644 --- a/docs/01_features.mkd +++ b/docs/01_features.mkd @@ -16,6 +16,7 @@ - **RW+** (clone and push with ref creation, deletion, rewind) - Optional feature to allow users to create personal repositories - Optional feature to fork a repository to a personal repository +- Optional feature to create a repository on push - Ability to federate with one or more other Gitblit instances - RSS/JSON RPC interface - Java/Swing Gitblit Manager tool diff --git a/docs/04_releases.mkd b/docs/04_releases.mkd index 0cf060e4..1ac7de3a 100644 --- a/docs/04_releases.mkd +++ b/docs/04_releases.mkd @@ -39,6 +39,8 @@ This allows you to specify a permission like `RW:mygroup/[A-Za-z0-9-~_\\./]+` to Personal repositories can be created by accounts with the *create* permission and are stored in *git.repositoriesFolder/~username*. Each user with personal repositories will have a user page, something like the GitHub profile page. Personal repositories have all the same features as common repositories, except personal repositories can be renamed by their owner. - Added support for server-side forking of a repository to a personal repository (issue 137) In order to fork a repository, the user account must have the *fork* permission **and** the repository must *allow forks*. The clone inherits the access list of its origin. i.e. if Team A has clone access to the origin repository, then by default Team A also has clone access to the fork. This is to facilitate collaboration. The fork owner may change access to the fork and add/remove users/teams, etc as required however it should be noted that all personal forks will be enumerated in the fork network regardless of access view restrictions. If you really must have an invisible fork, the clone it locally, create a new repository for your invisible fork, and push it back to Gitblit. +- Added optional *create-on-push* support + **New:** *git.allowCreateOnPush=true* - Added simple project pages. A project is a subfolder off the *git.repositoriesFolder*. - Added support for X-Forwarded-Context for Apache subdomain proxy configurations (issue 135) - Delete branch feature (issue 121, Github/ajermakovics) diff --git a/docs/05_roadmap.mkd b/docs/05_roadmap.mkd index 562cc7e7..14ad8c19 100644 --- a/docs/05_roadmap.mkd +++ b/docs/05_roadmap.mkd @@ -13,10 +13,6 @@ This list is volatile. ### TODO (medium priority) * Gitblit: editable settings page in GO/WAR -* Gitblit: investigate create-repository-on-push. - * Maybe a new user role to allow this? - * Maybe a server setting to disable this completely? - * Pusher/Creator becomes repository owner and can then manipulate access lists, etc? * Gitblit: Clone Repository feature (issue 5) * optional scheduled pulls * optional automatic push to origin/remotes? diff --git a/src/com/gitblit/AccessRestrictionFilter.java b/src/com/gitblit/AccessRestrictionFilter.java index 3a104813..78d33d21 100644 --- a/src/com/gitblit/AccessRestrictionFilter.java +++ b/src/com/gitblit/AccessRestrictionFilter.java @@ -61,6 +61,13 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter { */ protected abstract String getUrlRequestAction(String url); + /** + * Determine if a non-existing repository can be created using this filter. + * + * @return true if the filter allows repository creation + */ + protected abstract boolean isCreationAllowed(); + /** * Determine if the action may be executed on the repository. * @@ -90,6 +97,18 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter { */ protected abstract boolean canAccess(RepositoryModel repository, UserModel user, String action); + /** + * Allows a filter to create a repository, if one does not exist. + * + * @param user + * @param repository + * @param action + * @return the repository model, if it is created, null otherwise + */ + protected RepositoryModel createRepository(UserModel user, String repository, String action) { + return null; + } + /** * doFilter does the actual work of preprocessing the request to ensure that * the user may proceed. @@ -111,14 +130,33 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter { String fullSuffix = fullUrl.substring(repository.length()); String urlRequestType = getUrlRequestAction(fullSuffix); + UserModel user = getUser(httpRequest); + // Load the repository model RepositoryModel model = GitBlit.self().getRepositoryModel(repository); if (model == null) { - // repository not found. send 404. - logger.info(MessageFormat.format("ARF: {0} ({1})", fullUrl, - HttpServletResponse.SC_NOT_FOUND)); - httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND); - return; + if (isCreationAllowed()) { + if (user == null) { + // challenge client to provide credentials for creation. send 401. + if (GitBlit.isDebugMode()) { + logger.info(MessageFormat.format("ARF: CREATE CHALLENGE {0}", fullUrl)); + } + httpResponse.setHeader("WWW-Authenticate", CHALLENGE); + httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); + return; + } else { + // see if we can create a repository for this request + model = createRepository(user, repository, urlRequestType); + } + } + + if (model == null) { + // repository not found. send 404. + logger.info(MessageFormat.format("ARF: {0} ({1})", fullUrl, + HttpServletResponse.SC_NOT_FOUND)); + httpResponse.sendError(HttpServletResponse.SC_NOT_FOUND); + return; + } } // Confirm that the action may be executed on the repository @@ -139,7 +177,6 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter { // Gitblit must conditionally authenticate users per-repository so just // enabling http.receivepack is insufficient. AuthenticatedRequest authenticatedRequest = new AuthenticatedRequest(httpRequest); - UserModel user = getUser(httpRequest); if (user != null) { authenticatedRequest.setUser(user); } diff --git a/src/com/gitblit/DownloadZipFilter.java b/src/com/gitblit/DownloadZipFilter.java index 225e5e11..90a76493 100644 --- a/src/com/gitblit/DownloadZipFilter.java +++ b/src/com/gitblit/DownloadZipFilter.java @@ -56,6 +56,16 @@ public class DownloadZipFilter extends AccessRestrictionFilter { return "DOWNLOAD"; } + /** + * Determine if a non-existing repository can be created using this filter. + * + * @return true if the filter allows repository creation + */ + @Override + protected boolean isCreationAllowed() { + return false; + } + /** * Determine if the action may be executed on the repository. * diff --git a/src/com/gitblit/GitFilter.java b/src/com/gitblit/GitFilter.java index cfe4fe3f..c09b0d20 100644 --- a/src/com/gitblit/GitFilter.java +++ b/src/com/gitblit/GitFilter.java @@ -18,6 +18,7 @@ package com.gitblit; import java.text.MessageFormat; import com.gitblit.Constants.AccessRestrictionType; +import com.gitblit.Constants.AuthorizationControl; import com.gitblit.models.RepositoryModel; import com.gitblit.models.UserModel; import com.gitblit.utils.StringUtils; @@ -92,6 +93,16 @@ public class GitFilter extends AccessRestrictionFilter { return null; } + /** + * Determine if a non-existing repository can be created using this filter. + * + * @return true if the server allows repository creation on-push + */ + @Override + protected boolean isCreationAllowed() { + return GitBlit.getBoolean(Keys.git.allowCreateOnPush, true); + } + /** * Determine if the repository can receive pushes. * @@ -170,4 +181,50 @@ public class GitFilter extends AccessRestrictionFilter { } return true; } + + /** + * An authenticated user with the CREATE role can create a repository on + * push. + * + * @param user + * @param repository + * @param action + * @return the repository model, if it is created, null otherwise + */ + @Override + protected RepositoryModel createRepository(UserModel user, String repository, String action) { + boolean isPush = !StringUtils.isEmpty(action) && gitReceivePack.equals(action); + if (isPush) { + if (user.canCreateOnPush(repository)) { + // user is pushing to a new repository + RepositoryModel model = new RepositoryModel(); + model.name = repository; + model.owner = user.username; + model.projectPath = StringUtils.getFirstPathElement(repository); + if (model.isUsersPersonalRepository(user.username)) { + // personal repository, default to private for user + model.authorizationControl = AuthorizationControl.NAMED; + model.accessRestriction = AccessRestrictionType.VIEW; + } else { + // common repository, user default server settings + model.authorizationControl = AuthorizationControl.fromName(GitBlit.getString(Keys.git.defaultAuthorizationControl, "")); + model.accessRestriction = AccessRestrictionType.fromName(GitBlit.getString(Keys.git.defaultAccessRestriction, "")); + } + + // create the repository + try { + GitBlit.self().updateRepositoryModel(repository, model, true); + logger.info(MessageFormat.format("{0} created {1} ON-PUSH", user.username, repository)); + return GitBlit.self().getRepositoryModel(repository); + } catch (GitBlitException e) { + logger.error(MessageFormat.format("{0} failed to create repository {1} ON-PUSH!", user.username, repository), e); + } + } else { + logger.warn(MessageFormat.format("{0} is not permitted to create repository {1} ON-PUSH!", user.username, repository)); + } + } + + // repository could not be created or action was not a push + return null; + } } diff --git a/src/com/gitblit/PagesFilter.java b/src/com/gitblit/PagesFilter.java index 11cdfa56..f88624e1 100644 --- a/src/com/gitblit/PagesFilter.java +++ b/src/com/gitblit/PagesFilter.java @@ -76,6 +76,16 @@ public class PagesFilter extends AccessRestrictionFilter { return "VIEW"; } + /** + * Determine if a non-existing repository can be created using this filter. + * + * @return true if the filter allows repository creation + */ + @Override + protected boolean isCreationAllowed() { + return false; + } + /** * Determine if the action may be executed on the repository. * diff --git a/src/com/gitblit/models/UserModel.java b/src/com/gitblit/models/UserModel.java index fc9cbfba..7995f7e4 100644 --- a/src/com/gitblit/models/UserModel.java +++ b/src/com/gitblit/models/UserModel.java @@ -364,6 +364,28 @@ public class UserModel implements Principal, Serializable, Comparable } return false; } + + /** + * Returns true if the user is allowed to create the specified repository + * on-push if the repository does not already exist. + * + * @param repository + * @return true if the user can create the repository + */ + public boolean canCreateOnPush(String repository) { + if (canAdmin()) { + // admins can create any repository + return true; + } + if (canCreate) { + String projectPath = StringUtils.getFirstPathElement(repository); + if (!StringUtils.isEmpty(projectPath) && projectPath.equalsIgnoreCase("~" + username)) { + // personal repository + return true; + } + } + return false; + } public boolean isTeamMember(String teamname) { for (TeamModel team : teams) { diff --git a/tests/com/gitblit/tests/GitServletTest.java b/tests/com/gitblit/tests/GitServletTest.java index 4342386e..17d462ac 100644 --- a/tests/com/gitblit/tests/GitServletTest.java +++ b/tests/com/gitblit/tests/GitServletTest.java @@ -1,5 +1,6 @@ package com.gitblit.tests; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; @@ -32,6 +33,7 @@ import com.gitblit.Constants.AccessPermission; import com.gitblit.Constants.AccessRestrictionType; import com.gitblit.Constants.AuthorizationControl; import com.gitblit.GitBlit; +import com.gitblit.Keys; import com.gitblit.models.RepositoryModel; import com.gitblit.models.UserModel; import com.gitblit.utils.JGitUtils; @@ -577,4 +579,108 @@ public class GitServletTest { GitBlit.self().deleteUser(user.username); } + + @Test + public void testCreateOnPush() throws Exception { + testCreateOnPush(false, false); + testCreateOnPush(true, false); + testCreateOnPush(false, true); + } + + private void testCreateOnPush(boolean canCreate, boolean canAdmin) throws Exception { + + UserModel user = new UserModel("sampleuser"); + user.password = user.username; + + if (GitBlit.self().getUserModel(user.username) != null) { + GitBlit.self().deleteUser(user.username); + } + + user.canCreate = canCreate; + user.canAdmin = canAdmin; + + GitBlit.self().updateUserModel(user.username, user, true); + + CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password); + + // fork from original to a temporary bare repo + File tmpFolder = File.createTempFile("gitblit", "").getParentFile(); + File createCheck = new File(tmpFolder, "ticgit.git"); + if (createCheck.exists()) { + FileUtils.delete(createCheck, FileUtils.RECURSIVE); + } + + File personalRepo = new File(GitBlitSuite.REPOSITORIES, MessageFormat.format("~{0}/ticgit.git", user.username)); + if (personalRepo.exists()) { + FileUtils.delete(personalRepo, FileUtils.RECURSIVE); + } + + File projectRepo = new File(GitBlitSuite.REPOSITORIES, "project/ticgit.git"); + if (projectRepo.exists()) { + FileUtils.delete(projectRepo, FileUtils.RECURSIVE); + } + + CloneCommand clone = Git.cloneRepository(); + clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url)); + clone.setDirectory(createCheck); + clone.setBare(true); + clone.setCloneAllBranches(true); + clone.setCredentialsProvider(cp); + Git git = clone.call(); + + // add a personal repository remote and a project remote + git.getRepository().getConfig().setString("remote", "user", "url", MessageFormat.format("{0}/git/~{1}/ticgit.git", url, user.username)); + git.getRepository().getConfig().setString("remote", "project", "url", MessageFormat.format("{0}/git/project/ticgit.git", url)); + git.getRepository().getConfig().save(); + + // push to non-existent user repository + try { + Iterable results = git.push().setRemote("user").setPushAll().setCredentialsProvider(cp).call(); + + for (PushResult result : results) { + RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master"); + Status status = ref.getStatus(); + assertTrue("User failed to create repository?! " + status.name(), Status.OK.equals(status)); + } + + assertTrue("User canAdmin:" + user.canAdmin + " canCreate:" + user.canCreate, user.canAdmin || user.canCreate); + + // confirm default personal repository permissions + RepositoryModel model = GitBlit.self().getRepositoryModel(MessageFormat.format("~{0}/ticgit.git", user.username)); + assertEquals("Unexpected owner", user.username, model.owner); + assertEquals("Unexpected authorization control", AuthorizationControl.NAMED, model.authorizationControl); + assertEquals("Unexpected access restriction", AccessRestrictionType.VIEW, model.accessRestriction); + + } catch (GitAPIException e) { + assertTrue(e.getMessage(), e.getMessage().contains("git-receive-pack not found")); + assertFalse("User canAdmin:" + user.canAdmin + " canCreate:" + user.canCreate, user.canAdmin || user.canCreate); + } + + // push to non-existent project repository + try { + Iterable results = git.push().setRemote("project").setPushAll().setCredentialsProvider(cp).call(); + GitBlitSuite.close(git); + + for (PushResult result : results) { + RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master"); + Status status = ref.getStatus(); + assertTrue("User failed to create repository?! " + status.name(), Status.OK.equals(status)); + } + + assertTrue("User canAdmin:" + user.canAdmin, user.canAdmin); + + // confirm default project repository permissions + RepositoryModel model = GitBlit.self().getRepositoryModel("project/ticgit.git"); + assertEquals("Unexpected owner", user.username, model.owner); + assertEquals("Unexpected authorization control", AuthorizationControl.fromName(GitBlit.getString(Keys.git.defaultAuthorizationControl, "NAMED")), model.authorizationControl); + assertEquals("Unexpected access restriction", AccessRestrictionType.fromName(GitBlit.getString(Keys.git.defaultAccessRestriction, "NONE")), model.accessRestriction); + + } catch (GitAPIException e) { + assertTrue(e.getMessage(), e.getMessage().contains("git-receive-pack not found")); + assertFalse("User canAdmin:" + user.canAdmin, user.canAdmin); + } + + GitBlitSuite.close(git); + GitBlit.self().deleteUser(user.username); + } } -- 2.39.5