From 6adf56bb13227afac2c37871b3443fb5354d132c Mon Sep 17 00:00:00 2001 From: James Moger Date: Thu, 2 Aug 2012 00:27:02 -0400 Subject: Per-repository authorization control: AUTHENTICATED and NAMED (issue 117) --- tests/com/gitblit/tests/GitServletTest.java | 60 +++++++++++++++++++++++++++++ tests/com/gitblit/tests/RpcTests.java | 3 ++ 2 files changed, 63 insertions(+) (limited to 'tests') diff --git a/tests/com/gitblit/tests/GitServletTest.java b/tests/com/gitblit/tests/GitServletTest.java index 848a1d05..bdbb2a5a 100644 --- a/tests/com/gitblit/tests/GitServletTest.java +++ b/tests/com/gitblit/tests/GitServletTest.java @@ -21,8 +21,10 @@ import org.junit.BeforeClass; import org.junit.Test; import com.gitblit.Constants.AccessRestrictionType; +import com.gitblit.Constants.AuthorizationControl; import com.gitblit.GitBlit; import com.gitblit.models.RepositoryModel; +import com.gitblit.models.UserModel; public class GitServletTest { @@ -108,6 +110,64 @@ public class GitServletTest { assertFalse("Bogus login cloned a repository?!", cloned); } + + @Test + public void testUnauthorizedLoginClone() throws Exception { + // restrict repository access + RepositoryModel model = GitBlit.self().getRepositoryModel("ticgit.git"); + model.accessRestriction = AccessRestrictionType.CLONE; + model.authorizationControl = AuthorizationControl.NAMED; + UserModel user = new UserModel("james"); + user.password = "james"; + GitBlit.self().updateUserModel(user.username, user, true); + GitBlit.self().updateRepositoryModel(model.name, model, false); + + FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE); + + // delete any existing working folder + boolean cloned = false; + try { + CloneCommand clone = Git.cloneRepository(); + clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url)); + clone.setDirectory(ticgit2Folder); + clone.setBare(false); + clone.setCloneAllBranches(true); + clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(user.username, user.password)); + close(clone.call()); + cloned = true; + } catch (Exception e) { + // swallow the exception which we expect + } + + assertFalse("Unauthorized login cloned a repository?!", cloned); + + FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE); + + // switch to authenticated + model.authorizationControl = AuthorizationControl.AUTHENTICATED; + GitBlit.self().updateRepositoryModel(model.name, model, false); + + // try clone again + cloned = false; + CloneCommand clone = Git.cloneRepository(); + clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url)); + clone.setDirectory(ticgit2Folder); + clone.setBare(false); + clone.setCloneAllBranches(true); + clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(user.username, user.password)); + close(clone.call()); + cloned = true; + + assertTrue("Authenticated login could not clone!", cloned); + + FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE); + + // restore anonymous repository access + model.accessRestriction = AccessRestrictionType.NONE; + model.authorizationControl = AuthorizationControl.NAMED; + GitBlit.self().updateRepositoryModel(model.name, model, false); + GitBlit.self().deleteUser(user.username); + } @Test public void testAnonymousPush() throws Exception { diff --git a/tests/com/gitblit/tests/RpcTests.java b/tests/com/gitblit/tests/RpcTests.java index f85dd79a..1080849c 100644 --- a/tests/com/gitblit/tests/RpcTests.java +++ b/tests/com/gitblit/tests/RpcTests.java @@ -33,6 +33,7 @@ import org.junit.BeforeClass; import org.junit.Test; import com.gitblit.Constants.AccessRestrictionType; +import com.gitblit.Constants.AuthorizationControl; import com.gitblit.GitBlitException.UnauthorizedException; import com.gitblit.Keys; import com.gitblit.RpcServlet; @@ -164,6 +165,7 @@ public class RpcTests { model.description = "created by RpcUtils"; model.owner = "garbage"; model.accessRestriction = AccessRestrictionType.VIEW; + model.authorizationControl = AuthorizationControl.AUTHENTICATED; // create assertTrue("Failed to create repository!", @@ -172,6 +174,7 @@ public class RpcTests { RepositoryModel retrievedRepository = findRepository(model.name); assertNotNull("Failed to find " + model.name, retrievedRepository); assertEquals(AccessRestrictionType.VIEW, retrievedRepository.accessRestriction); + assertEquals(AuthorizationControl.AUTHENTICATED, retrievedRepository.authorizationControl); // rename and change access restriciton String originalName = model.name; -- cgit v1.2.3