diff options
| author | Giteabot <teabot@gitea.io> | 2024-09-02 18:28:00 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-02 18:28:00 +0800 |
| commit | 6f5748c50752e4b1f99d532a34a57bd773e466b8 (patch) | |
| tree | 0604a3d28d03223f834b422e7b2e3d79f433a562 /tests | |
| parent | cc1520221a9689b4725b0e8668ce58f95e787130 (diff) | |
| download | gitea-6f5748c50752e4b1f99d532a34a57bd773e466b8.tar.gz gitea-6f5748c50752e4b1f99d532a34a57bd773e466b8.zip | |
Prevent update pull refs manually and will not affect other refs update (#31931) (#31955)
Backport #31931 by @lunny
All refs under `refs/pull` should only be changed from Gitea inside but
not by pushing from outside of Gitea.
This PR will prevent the pull refs update but allow other refs to be
updated on the same pushing with `--mirror` operations.
The main changes are to add checks on `update` hook but not
`pre-receive` because `update` will be invoked by every ref but
`pre-receive` will revert all changes once one ref update fails.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/integration/git_push_test.go | 22 | ||||
| -rw-r--r-- | tests/test_utils.go | 1 |
2 files changed, 23 insertions, 0 deletions
diff --git a/tests/integration/git_push_test.go b/tests/integration/git_push_test.go index da254fc88f..dc0b52203a 100644 --- a/tests/integration/git_push_test.go +++ b/tests/integration/git_push_test.go @@ -6,8 +6,10 @@ package integration import ( "fmt" "net/url" + "strings" "testing" + auth_model "code.gitea.io/gitea/models/auth" "code.gitea.io/gitea/models/db" git_model "code.gitea.io/gitea/models/git" "code.gitea.io/gitea/models/unittest" @@ -192,3 +194,23 @@ func runTestGitPush(t *testing.T, u *url.URL, gitOperation func(t *testing.T, gi require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID)) } + +func TestPushPullRefs(t *testing.T) { + onGiteaRun(t, func(t *testing.T, u *url.URL) { + baseAPITestContext := NewAPITestContext(t, "user2", "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser) + + u.Path = baseAPITestContext.GitPath() + u.User = url.UserPassword("user2", userPassword) + + dstPath := t.TempDir() + doGitClone(dstPath, u)(t) + + cmd := git.NewCommand(git.DefaultContext, "push", "--delete", "origin", "refs/pull/2/head") + stdout, stderr, err := cmd.RunStdString(&git.RunOpts{ + Dir: dstPath, + }) + assert.Error(t, err) + assert.Empty(t, stdout) + assert.False(t, strings.Contains(stderr, "[deleted]"), "stderr: %s", stderr) + }) +} diff --git a/tests/test_utils.go b/tests/test_utils.go index 66a287ecad..6f9592b204 100644 --- a/tests/test_utils.go +++ b/tests/test_utils.go @@ -223,6 +223,7 @@ func PrepareTestEnv(t testing.TB, skip ...int) func() { _ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "objects", "info"), 0o755) _ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "refs", "heads"), 0o755) _ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "refs", "tag"), 0o755) + _ = os.MkdirAll(filepath.Join(setting.RepoRootPath, ownerDir.Name(), repoDir.Name(), "refs", "pull"), 0o755) } } |