summaryrefslogtreecommitdiffstats
path: root/models/repo_sign.go
diff options
context:
space:
mode:
Diffstat (limited to 'models/repo_sign.go')
-rw-r--r--models/repo_sign.go89
1 files changed, 54 insertions, 35 deletions
diff --git a/models/repo_sign.go b/models/repo_sign.go
index a684efb55f..64f70ac7bd 100644
--- a/models/repo_sign.go
+++ b/models/repo_sign.go
@@ -25,6 +25,7 @@ const (
headSigned signingMode = "headsigned"
commitsSigned signingMode = "commitssigned"
approved signingMode = "approved"
+ noKey signingMode = "nokey"
)
func signingModeFromStrings(modeStrings []string) []signingMode {
@@ -95,122 +96,140 @@ func PublicSigningKey(repoPath string) (string, error) {
}
// SignInitialCommit determines if we should sign the initial commit to this repository
-func SignInitialCommit(repoPath string, u *User) (bool, string) {
+func SignInitialCommit(repoPath string, u *User) (bool, string, error) {
rules := signingModeFromStrings(setting.Repository.Signing.InitialCommit)
signingKey := signingKey(repoPath)
if signingKey == "" {
- return false, ""
+ return false, "", &ErrWontSign{noKey}
}
for _, rule := range rules {
switch rule {
case never:
- return false, ""
+ return false, "", &ErrWontSign{never}
case always:
break
case pubkey:
keys, err := ListGPGKeys(u.ID)
- if err != nil || len(keys) == 0 {
- return false, ""
+ if err != nil {
+ return false, "", err
+ }
+ if len(keys) == 0 {
+ return false, "", &ErrWontSign{pubkey}
}
case twofa:
- twofa, err := GetTwoFactorByUID(u.ID)
- if err != nil || twofa == nil {
- return false, ""
+ twofaModel, err := GetTwoFactorByUID(u.ID)
+ if err != nil {
+ return false, "", err
+ }
+ if twofaModel == nil {
+ return false, "", &ErrWontSign{twofa}
}
}
}
- return true, signingKey
+ return true, signingKey, nil
}
// SignWikiCommit determines if we should sign the commits to this repository wiki
-func (repo *Repository) SignWikiCommit(u *User) (bool, string) {
+func (repo *Repository) SignWikiCommit(u *User) (bool, string, error) {
rules := signingModeFromStrings(setting.Repository.Signing.Wiki)
signingKey := signingKey(repo.WikiPath())
if signingKey == "" {
- return false, ""
+ return false, "", &ErrWontSign{noKey}
}
for _, rule := range rules {
switch rule {
case never:
- return false, ""
+ return false, "", &ErrWontSign{never}
case always:
break
case pubkey:
keys, err := ListGPGKeys(u.ID)
- if err != nil || len(keys) == 0 {
- return false, ""
+ if err != nil {
+ return false, "", err
+ }
+ if len(keys) == 0 {
+ return false, "", &ErrWontSign{pubkey}
}
case twofa:
- twofa, err := GetTwoFactorByUID(u.ID)
- if err != nil || twofa == nil {
- return false, ""
+ twofaModel, err := GetTwoFactorByUID(u.ID)
+ if err != nil {
+ return false, "", err
+ }
+ if twofaModel == nil {
+ return false, "", &ErrWontSign{twofa}
}
case parentSigned:
gitRepo, err := git.OpenRepository(repo.WikiPath())
if err != nil {
- return false, ""
+ return false, "", err
}
defer gitRepo.Close()
commit, err := gitRepo.GetCommit("HEAD")
if err != nil {
- return false, ""
+ return false, "", err
}
if commit.Signature == nil {
- return false, ""
+ return false, "", &ErrWontSign{parentSigned}
}
verification := ParseCommitWithSignature(commit)
if !verification.Verified {
- return false, ""
+ return false, "", &ErrWontSign{parentSigned}
}
}
}
- return true, signingKey
+ return true, signingKey, nil
}
// SignCRUDAction determines if we should sign a CRUD commit to this repository
-func (repo *Repository) SignCRUDAction(u *User, tmpBasePath, parentCommit string) (bool, string) {
+func (repo *Repository) SignCRUDAction(u *User, tmpBasePath, parentCommit string) (bool, string, error) {
rules := signingModeFromStrings(setting.Repository.Signing.CRUDActions)
signingKey := signingKey(repo.RepoPath())
if signingKey == "" {
- return false, ""
+ return false, "", &ErrWontSign{noKey}
}
for _, rule := range rules {
switch rule {
case never:
- return false, ""
+ return false, "", &ErrWontSign{never}
case always:
break
case pubkey:
keys, err := ListGPGKeys(u.ID)
- if err != nil || len(keys) == 0 {
- return false, ""
+ if err != nil {
+ return false, "", err
+ }
+ if len(keys) == 0 {
+ return false, "", &ErrWontSign{pubkey}
}
case twofa:
- twofa, err := GetTwoFactorByUID(u.ID)
- if err != nil || twofa == nil {
- return false, ""
+ twofaModel, err := GetTwoFactorByUID(u.ID)
+ if err != nil {
+ return false, "", err
+ }
+ if twofaModel == nil {
+ return false, "", &ErrWontSign{twofa}
}
case parentSigned:
gitRepo, err := git.OpenRepository(tmpBasePath)
if err != nil {
- return false, ""
+ return false, "", err
}
defer gitRepo.Close()
commit, err := gitRepo.GetCommit(parentCommit)
if err != nil {
- return false, ""
+ return false, "", err
}
if commit.Signature == nil {
- return false, ""
+ return false, "", &ErrWontSign{parentSigned}
}
verification := ParseCommitWithSignature(commit)
if !verification.Verified {
- return false, ""
+ return false, "", &ErrWontSign{parentSigned}
}
}
}
- return true, signingKey
+ return true, signingKey, nil
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-24 05:54:40 +0000