mirrors
/
gitblit
mirror of https://github.com/gitblit/gitblit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 43 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1134 Commits
11 Branches
Tree: 47dc64a5d4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '47dc64a5d4'
${ noResults }
gitblit/src/test/java/com/gitblit/tests/GitServletTest.java

GitServletTest.java 30KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794 
  1. package com.gitblit.tests;

  2. 

  3. import static org.junit.Assert.assertEquals;

  4. import static org.junit.Assert.assertFalse;

  5. import static org.junit.Assert.assertTrue;

  6. 

  7. import java.io.BufferedWriter;

  8. import java.io.File;

  9. import java.io.FileOutputStream;

  10. import java.io.IOException;

  11. import java.io.OutputStreamWriter;

  12. import java.text.MessageFormat;

  13. import java.util.Date;

  14. import java.util.List;

  15. import java.util.concurrent.atomic.AtomicBoolean;

  16. 

  17. import org.eclipse.jgit.api.CloneCommand;

  18. import org.eclipse.jgit.api.Git;

  19. import org.eclipse.jgit.api.ResetCommand.ResetType;

  20. import org.eclipse.jgit.api.errors.GitAPIException;

  21. import org.eclipse.jgit.lib.Constants;

  22. import org.eclipse.jgit.revwalk.RevCommit;

  23. import org.eclipse.jgit.internal.storage.file.FileRepository;

  24. import org.eclipse.jgit.transport.CredentialsProvider;

  25. import org.eclipse.jgit.transport.PushResult;

  26. import org.eclipse.jgit.transport.RefSpec;

  27. import org.eclipse.jgit.transport.RemoteRefUpdate;

  28. import org.eclipse.jgit.transport.RemoteRefUpdate.Status;

  29. import org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider;

  30. import org.eclipse.jgit.util.FileUtils;

  31. import org.junit.AfterClass;

  32. import org.junit.BeforeClass;

  33. import org.junit.Test;

  34. 

  35. import com.gitblit.Constants.AccessPermission;

  36. import com.gitblit.Constants.AccessRestrictionType;

  37. import com.gitblit.Constants.AuthorizationControl;

  38. import com.gitblit.GitBlit;

  39. import com.gitblit.Keys;

  40. import com.gitblit.models.PushLogEntry;

  41. import com.gitblit.models.RepositoryModel;

  42. import com.gitblit.models.UserModel;

  43. import com.gitblit.utils.ArrayUtils;

  44. import com.gitblit.utils.JGitUtils;

  45. import com.gitblit.utils.PushLogUtils;

  46. 

  47. public class GitServletTest {

  48. 

  49. 	static File ticgitFolder = new File(GitBlitSuite.REPOSITORIES, "working/ticgit");

  50. 	

  51. 	static File ticgit2Folder = new File(GitBlitSuite.REPOSITORIES, "working/ticgit2");

  52. 

  53. 	static File jgitFolder = new File(GitBlitSuite.REPOSITORIES, "working/jgit");

  54. 	

  55. 	static File jgit2Folder = new File(GitBlitSuite.REPOSITORIES, "working/jgit2");

  56. 

  57. 	String url = GitBlitSuite.gitServletUrl;

  58. 	String account = GitBlitSuite.account;

  59. 	String password = GitBlitSuite.password;

  60. 

  61. 	private static final AtomicBoolean started = new AtomicBoolean(false);

  62. 

  63. 	@BeforeClass

  64. 	public static void startGitblit() throws Exception {

  65. 		started.set(GitBlitSuite.startGitblit());

  66. 	}

  67. 

  68. 	@AfterClass

  69. 	public static void stopGitblit() throws Exception {

  70. 		if (started.get()) {

  71. 			GitBlitSuite.stopGitblit();

  72. 			deleteWorkingFolders();

  73. 		}

  74. 	}

  75. 	

  76. 	public static void deleteWorkingFolders() throws Exception {

  77. 		if (ticgitFolder.exists()) {

  78. 			GitBlitSuite.close(ticgitFolder);

  79. 			FileUtils.delete(ticgitFolder, FileUtils.RECURSIVE);

  80. 		}

  81. 		if (ticgit2Folder.exists()) {

  82. 			GitBlitSuite.close(ticgit2Folder);

  83. 			FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE);

  84. 		}

  85. 		if (jgitFolder.exists()) {

  86. 			GitBlitSuite.close(jgitFolder);

  87. 			FileUtils.delete(jgitFolder, FileUtils.RECURSIVE);

  88. 		}

  89. 		if (jgit2Folder.exists()) {

  90. 			GitBlitSuite.close(jgit2Folder);

  91. 			FileUtils.delete(jgit2Folder, FileUtils.RECURSIVE);

  92. 		}

  93. 	}

  94. 

  95. 	@Test

  96. 	public void testClone() throws Exception {

  97. 		GitBlitSuite.close(ticgitFolder);

  98. 		if (ticgitFolder.exists()) {

  99. 			FileUtils.delete(ticgitFolder, FileUtils.RECURSIVE | FileUtils.RETRY);

  100. 		}

  101. 		

  102. 		CloneCommand clone = Git.cloneRepository();

  103. 		clone.setURI(MessageFormat.format("{0}/ticgit.git", url));

  104. 		clone.setDirectory(ticgitFolder);

  105. 		clone.setBare(false);

  106. 		clone.setCloneAllBranches(true);

  107. 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));

  108. 		GitBlitSuite.close(clone.call());		

  109. 		assertTrue(true);

  110. 	}

  111. 

  112. 	@Test

  113. 	public void testBogusLoginClone() throws Exception {

  114. 		// restrict repository access

  115. 		RepositoryModel model = GitBlit.self().getRepositoryModel("ticgit.git");

  116. 		model.accessRestriction = AccessRestrictionType.CLONE;

  117. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  118. 

  119. 		// delete any existing working folder		

  120. 		boolean cloned = false;

  121. 		try {

  122. 			CloneCommand clone = Git.cloneRepository();

  123. 			clone.setURI(MessageFormat.format("{0}/ticgit.git", url));

  124. 			clone.setDirectory(ticgit2Folder);

  125. 			clone.setBare(false);

  126. 			clone.setCloneAllBranches(true);

  127. 			clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider("bogus", "bogus"));

  128. 			GitBlitSuite.close(clone.call());

  129. 			cloned = true;

  130. 		} catch (Exception e) {

  131. 			// swallow the exception which we expect

  132. 		}

  133. 

  134. 		// restore anonymous repository access

  135. 		model.accessRestriction = AccessRestrictionType.NONE;

  136. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  137. 

  138. 		assertFalse("Bogus login cloned a repository?!", cloned);

  139. 	}

  140. 	

  141. 	@Test

  142. 	public void testUnauthorizedLoginClone() throws Exception {

  143. 		// restrict repository access

  144. 		RepositoryModel model = GitBlit.self().getRepositoryModel("ticgit.git");

  145. 		model.accessRestriction = AccessRestrictionType.CLONE;

  146. 		model.authorizationControl = AuthorizationControl.NAMED;

  147. 		UserModel user = new UserModel("james");

  148. 		user.password = "james";

  149. 		GitBlit.self().updateUserModel(user.username, user, true);

  150. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  151. 

  152. 		FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE);

  153. 		

  154. 		// delete any existing working folder		

  155. 		boolean cloned = false;

  156. 		try {

  157. 			CloneCommand clone = Git.cloneRepository();

  158. 			clone.setURI(MessageFormat.format("{0}/ticgit.git", url));

  159. 			clone.setDirectory(ticgit2Folder);

  160. 			clone.setBare(false);

  161. 			clone.setCloneAllBranches(true);

  162. 			clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(user.username, user.password));

  163. 			GitBlitSuite.close(clone.call());

  164. 			cloned = true;

  165. 		} catch (Exception e) {

  166. 			// swallow the exception which we expect

  167. 		}

  168. 

  169. 		assertFalse("Unauthorized login cloned a repository?!", cloned);

  170. 

  171. 		FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE);

  172. 		

  173. 		// switch to authenticated

  174. 		model.authorizationControl = AuthorizationControl.AUTHENTICATED;

  175. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  176. 		

  177. 		// try clone again

  178. 		cloned = false;

  179. 		CloneCommand clone = Git.cloneRepository();

  180. 		clone.setURI(MessageFormat.format("{0}/ticgit.git", url));

  181. 		clone.setDirectory(ticgit2Folder);

  182. 		clone.setBare(false);

  183. 		clone.setCloneAllBranches(true);

  184. 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(user.username, user.password));

  185. 		GitBlitSuite.close(clone.call());

  186. 		cloned = true;

  187. 

  188. 		assertTrue("Authenticated login could not clone!", cloned);

  189. 		

  190. 		FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE);

  191. 		

  192. 		// restore anonymous repository access

  193. 		model.accessRestriction = AccessRestrictionType.NONE;

  194. 		model.authorizationControl = AuthorizationControl.NAMED;

  195. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  196. 		GitBlit.self().deleteUser(user.username);

  197. 	}

  198. 

  199. 	@Test

  200. 	public void testAnonymousPush() throws Exception {

  201. 		GitBlitSuite.close(ticgitFolder);

  202. 		if (ticgitFolder.exists()) {

  203. 			FileUtils.delete(ticgitFolder, FileUtils.RECURSIVE | FileUtils.RETRY);

  204. 		}

  205. 

  206. 		RepositoryModel model = GitBlit.self().getRepositoryModel("ticgit.git");

  207. 		model.accessRestriction = AccessRestrictionType.NONE;

  208. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  209. 

  210. 		CloneCommand clone = Git.cloneRepository();

  211. 		clone.setURI(MessageFormat.format("{0}/ticgit.git", url));

  212. 		clone.setDirectory(ticgitFolder);

  213. 		clone.setBare(false);

  214. 		clone.setCloneAllBranches(true);

  215. 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));

  216. 		GitBlitSuite.close(clone.call());		

  217. 		assertTrue(true);

  218. 		

  219. 		Git git = Git.open(ticgitFolder);

  220. 		File file = new File(ticgitFolder, "TODO");

  221. 		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  222. 		BufferedWriter w = new BufferedWriter(os);

  223. 		w.write("// hellol中文 " + new Date().toString() + "\n");

  224. 		w.close();

  225. 		git.add().addFilepattern(file.getName()).call();

  226. 		git.commit().setMessage("test commit").call();

  227. 		Iterable<PushResult> results = git.push().setPushAll().call();

  228. 		GitBlitSuite.close(git);

  229. 		for (PushResult result : results) {

  230. 			for (RemoteRefUpdate update : result.getRemoteUpdates()) {

  231. 				assertEquals(Status.OK, update.getStatus());

  232. 			}

  233. 		}

  234. 	}

  235. 

  236. 	@Test

  237. 	public void testSubfolderPush() throws Exception {

  238. 		GitBlitSuite.close(jgitFolder);

  239. 		if (jgitFolder.exists()) {

  240. 			FileUtils.delete(jgitFolder, FileUtils.RECURSIVE | FileUtils.RETRY);

  241. 		}

  242. 		

  243. 		CloneCommand clone = Git.cloneRepository();

  244. 		clone.setURI(MessageFormat.format("{0}/test/jgit.git", url));

  245. 		clone.setDirectory(jgitFolder);

  246. 		clone.setBare(false);

  247. 		clone.setCloneAllBranches(true);

  248. 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));

  249. 		GitBlitSuite.close(clone.call());

  250. 		assertTrue(true);

  251. 

  252. 		Git git = Git.open(jgitFolder);

  253. 		File file = new File(jgitFolder, "TODO");

  254. 		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  255. 		BufferedWriter w = new BufferedWriter(os);

  256. 		w.write("// " + new Date().toString() + "\n");

  257. 		w.close();

  258. 		git.add().addFilepattern(file.getName()).call();

  259. 		git.commit().setMessage("test commit").call();

  260. 		Iterable<PushResult> results = git.push().setPushAll().setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password)).call();

  261. 		GitBlitSuite.close(git);

  262. 		for (PushResult result : results) {

  263. 			for (RemoteRefUpdate update : result.getRemoteUpdates()) {

  264. 				assertEquals(Status.OK, update.getStatus());

  265. 			}

  266. 		}

  267. 	}

  268. 	

  269. 	@Test

  270. 	public void testPushToFrozenRepo() throws Exception {

  271. 		GitBlitSuite.close(jgitFolder);

  272. 		if (jgitFolder.exists()) {

  273. 			FileUtils.delete(jgitFolder, FileUtils.RECURSIVE | FileUtils.RETRY);

  274. 		}

  275. 		

  276. 		CloneCommand clone = Git.cloneRepository();

  277. 		clone.setURI(MessageFormat.format("{0}/test/jgit.git", url));

  278. 		clone.setDirectory(jgitFolder);

  279. 		clone.setBare(false);

  280. 		clone.setCloneAllBranches(true);

  281. 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));

  282. 		GitBlitSuite.close(clone.call());

  283. 		assertTrue(true);

  284. 		

  285. 		// freeze repo

  286. 		RepositoryModel model = GitBlit.self().getRepositoryModel("test/jgit.git");

  287. 		model.isFrozen = true;

  288. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  289. 

  290. 		Git git = Git.open(jgitFolder);

  291. 		File file = new File(jgitFolder, "TODO");

  292. 		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  293. 		BufferedWriter w = new BufferedWriter(os);

  294. 		w.write("// " + new Date().toString() + "\n");

  295. 		w.close();

  296. 		git.add().addFilepattern(file.getName()).call();

  297. 		git.commit().setMessage("test commit").call();

  298. 		

  299. 		Iterable<PushResult> results = git.push().setPushAll().setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password)).call();

  300. 		for (PushResult result : results) {

  301. 			for (RemoteRefUpdate update : result.getRemoteUpdates()) {

  302. 				assertEquals(Status.REJECTED_OTHER_REASON, update.getStatus());

  303. 			}

  304. 		}

  305. 		

  306. 		// unfreeze repo

  307. 		model.isFrozen = false;

  308. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  309. 

  310. 		results = git.push().setPushAll().setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password)).call();

  311. 		GitBlitSuite.close(git);

  312. 		for (PushResult result : results) {

  313. 			for (RemoteRefUpdate update : result.getRemoteUpdates()) {

  314. 				assertEquals(Status.OK, update.getStatus());

  315. 			}

  316. 		}

  317. 	}

  318. 	

  319. 	@Test

  320. 	public void testPushToNonBareRepository() throws Exception {

  321. 		CloneCommand clone = Git.cloneRepository();

  322. 		clone.setURI(MessageFormat.format("{0}/working/jgit", url));

  323. 		clone.setDirectory(jgit2Folder);

  324. 		clone.setBare(false);

  325. 		clone.setCloneAllBranches(true);

  326. 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));

  327. 		GitBlitSuite.close(clone.call());

  328. 		assertTrue(true);

  329. 

  330. 		Git git = Git.open(jgit2Folder);

  331. 		File file = new File(jgit2Folder, "NONBARE");

  332. 		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  333. 		BufferedWriter w = new BufferedWriter(os);

  334. 		w.write("// " + new Date().toString() + "\n");

  335. 		w.close();

  336. 		git.add().addFilepattern(file.getName()).call();

  337. 		git.commit().setMessage("test commit followed by push to non-bare repository").call();

  338. 		Iterable<PushResult> results = git.push().setPushAll().setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password)).call();

  339. 		GitBlitSuite.close(git);

  340. 		for (PushResult result : results) {

  341. 			for (RemoteRefUpdate update : result.getRemoteUpdates()) {

  342. 				assertEquals(Status.REJECTED_OTHER_REASON, update.getStatus());

  343. 			}

  344. 		}

  345. 	}

  346. 

  347. 	@Test

  348. 	public void testCommitterVerification() throws Exception {

  349. 		UserModel user = new UserModel("james");

  350. 		user.password = "james";

  351. 

  352. 		// account only uses account name to verify

  353. 		testCommitterVerification(user, user.username, null, true);

  354. 		// committer email address is ignored because account does not specify email

  355. 		testCommitterVerification(user, user.username, "something", true);

  356. 		// completely different committer

  357. 		testCommitterVerification(user, "joe", null, false);

  358. 

  359. 		// test display name verification

  360. 		user.displayName = "James Moger";

  361. 		testCommitterVerification(user, user.displayName, null, true);

  362. 		testCommitterVerification(user, user.displayName, "something", true);

  363. 		testCommitterVerification(user, "joe", null, false);

  364. 		

  365. 		// test email address verification

  366. 		user.emailAddress = "something";

  367. 		testCommitterVerification(user, user.displayName, null, false);

  368. 		testCommitterVerification(user, user.displayName, "somethingelse", false);

  369. 		testCommitterVerification(user, user.displayName, user.emailAddress, true);

  370. 		

  371. 		// use same email address but with different committer

  372. 		testCommitterVerification(user, "joe", "somethingelse", false);

  373. 	}

  374. 	

  375. 	private void testCommitterVerification(UserModel user, String displayName, String emailAddress, boolean expectedSuccess) throws Exception {

  376. 		

  377. 		if (GitBlit.self().getUserModel(user.username) != null) {

  378. 			GitBlit.self().deleteUser(user.username);

  379. 		}

  380. 		

  381. 		CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);

  382. 		

  383. 		// fork from original to a temporary bare repo

  384. 		File verification = new File(GitBlitSuite.REPOSITORIES, "refchecks/verify-committer.git");

  385. 		if (verification.exists()) {

  386. 			FileUtils.delete(verification, FileUtils.RECURSIVE);

  387. 		}

  388. 		CloneCommand clone = Git.cloneRepository();

  389. 		clone.setURI(MessageFormat.format("{0}/ticgit.git", url));

  390. 		clone.setDirectory(verification);

  391. 		clone.setBare(true);

  392. 		clone.setCloneAllBranches(true);

  393. 		clone.setCredentialsProvider(cp);

  394. 		GitBlitSuite.close(clone.call());

  395. 		

  396. 		// require push permissions and committer verification

  397. 		RepositoryModel model = GitBlit.self().getRepositoryModel("refchecks/verify-committer.git");

  398. 		model.authorizationControl = AuthorizationControl.NAMED;

  399. 		model.accessRestriction = AccessRestrictionType.PUSH;

  400. 		model.verifyCommitter = true;

  401. 		

  402. 		// grant user push permission

  403. 		user.setRepositoryPermission(model.name, AccessPermission.PUSH);

  404. 		

  405. 		GitBlit.self().updateUserModel(user.username, user, true);

  406. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  407. 

  408. 		// clone temp bare repo to working copy

  409. 		File local = new File(GitBlitSuite.REPOSITORIES, "refchecks/verify-wc");

  410. 		if (local.exists()) {

  411. 			FileUtils.delete(local, FileUtils.RECURSIVE);

  412. 		}

  413. 		clone = Git.cloneRepository();

  414. 		clone.setURI(MessageFormat.format("{0}/{1}", url, model.name));

  415. 		clone.setDirectory(local);

  416. 		clone.setBare(false);

  417. 		clone.setCloneAllBranches(true);

  418. 		clone.setCredentialsProvider(cp);

  419. 		GitBlitSuite.close(clone.call());

  420. 		

  421. 		Git git = Git.open(local);

  422. 		

  423. 		// force an identity which may or may not match the account's identity

  424. 		git.getRepository().getConfig().setString("user", null, "name", displayName);

  425. 		git.getRepository().getConfig().setString("user", null, "email", emailAddress);

  426. 		git.getRepository().getConfig().save();

  427. 		

  428. 		// commit a file and push it

  429. 		File file = new File(local, "PUSHCHK");

  430. 		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  431. 		BufferedWriter w = new BufferedWriter(os);

  432. 		w.write("// " + new Date().toString() + "\n");

  433. 		w.close();

  434. 		git.add().addFilepattern(file.getName()).call();

  435. 		git.commit().setMessage("push test").call();

  436. 		Iterable<PushResult> results = git.push().setCredentialsProvider(cp).setRemote("origin").call();

  437. 		

  438. 		for (PushResult result : results) {

  439. 			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");

  440. 			Status status = ref.getStatus();

  441. 			if (expectedSuccess) {

  442. 				assertTrue("Verification failed! User was NOT able to push commit! " + status.name(), Status.OK.equals(status));

  443. 			} else {

  444. 				assertTrue("Verification failed! User was able to push commit! " + status.name(), Status.REJECTED_OTHER_REASON.equals(status));

  445. 			}

  446. 		}

  447. 		

  448. 		GitBlitSuite.close(git);

  449. 		// close serving repository

  450. 		GitBlitSuite.close(verification);

  451. 	}

  452. 

  453. 	@Test

  454. 	public void testBlockClone() throws Exception {

  455. 		testRefChange(AccessPermission.VIEW, null, null, null);

  456. 	}

  457. 

  458. 	@Test

  459. 	public void testBlockPush() throws Exception {

  460. 		testRefChange(AccessPermission.CLONE, null, null, null);

  461. 	}

  462. 

  463. 	@Test

  464. 	public void testBlockBranchCreation() throws Exception {

  465. 		testRefChange(AccessPermission.PUSH, Status.REJECTED_OTHER_REASON, null, null);

  466. 	}

  467. 

  468. 	@Test

  469. 	public void testBlockBranchDeletion() throws Exception {

  470. 		testRefChange(AccessPermission.CREATE, Status.OK, Status.REJECTED_OTHER_REASON, null);

  471. 	}

  472. 	

  473. 	@Test

  474. 	public void testBlockBranchRewind() throws Exception {

  475. 		testRefChange(AccessPermission.DELETE, Status.OK, Status.OK, Status.REJECTED_OTHER_REASON);

  476. 	}

  477. 

  478. 	@Test

  479. 	public void testBranchRewind() throws Exception {		

  480. 		testRefChange(AccessPermission.REWIND, Status.OK, Status.OK, Status.OK);

  481. 	}

  482. 

  483. 	private void testRefChange(AccessPermission permission, Status expectedCreate, Status expectedDelete, Status expectedRewind) throws Exception {

  484. 

  485. 		UserModel user = new UserModel("james");

  486. 		user.password = "james";

  487. 		

  488. 		if (GitBlit.self().getUserModel(user.username) != null) {

  489. 			GitBlit.self().deleteUser(user.username);

  490. 		}

  491. 		

  492. 		CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);

  493. 		

  494. 		// fork from original to a temporary bare repo

  495. 		File refChecks = new File(GitBlitSuite.REPOSITORIES, "refchecks/ticgit.git");

  496. 		if (refChecks.exists()) {

  497. 			FileUtils.delete(refChecks, FileUtils.RECURSIVE);

  498. 		}

  499. 		CloneCommand clone = Git.cloneRepository();

  500. 		clone.setURI(MessageFormat.format("{0}/ticgit.git", url));

  501. 		clone.setDirectory(refChecks);

  502. 		clone.setBare(true);

  503. 		clone.setCloneAllBranches(true);

  504. 		clone.setCredentialsProvider(cp);

  505. 		GitBlitSuite.close(clone.call());

  506. 

  507. 		// elevate repository to clone permission

  508. 		RepositoryModel model = GitBlit.self().getRepositoryModel("refchecks/ticgit.git");

  509. 		switch (permission) {

  510. 			case VIEW:

  511. 				model.accessRestriction = AccessRestrictionType.CLONE;

  512. 				break;

  513. 			case CLONE:

  514. 				model.accessRestriction = AccessRestrictionType.CLONE;

  515. 				break;

  516. 			default:

  517. 				model.accessRestriction = AccessRestrictionType.PUSH;

  518. 		}

  519. 		model.authorizationControl = AuthorizationControl.NAMED;

  520. 		

  521. 		// grant user specified

  522. 		user.setRepositoryPermission(model.name, permission);

  523. 

  524. 		GitBlit.self().updateUserModel(user.username, user, true);

  525. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  526. 

  527. 		// clone temp bare repo to working copy

  528. 		File local = new File(GitBlitSuite.REPOSITORIES, "refchecks/ticgit-wc");

  529. 		if (local.exists()) {

  530. 			FileUtils.delete(local, FileUtils.RECURSIVE);

  531. 		}

  532. 		clone = Git.cloneRepository();

  533. 		clone.setURI(MessageFormat.format("{0}/{1}", url, model.name));

  534. 		clone.setDirectory(local);

  535. 		clone.setBare(false);

  536. 		clone.setCloneAllBranches(true);

  537. 		clone.setCredentialsProvider(cp);

  538. 		

  539. 		try {

  540. 			GitBlitSuite.close(clone.call());

  541. 		} catch (GitAPIException e) {

  542. 			if (permission.atLeast(AccessPermission.CLONE)) {

  543. 				throw e;

  544. 			} else {

  545. 				// close serving repository

  546. 				GitBlitSuite.close(refChecks);

  547. 				

  548. 				// user does not have clone permission

  549. 				assertTrue(e.getMessage(), e.getMessage().contains("not permitted"));	

  550. 				return;

  551. 			}

  552. 		}

  553. 		

  554. 		Git git = Git.open(local);

  555. 		

  556. 		// commit a file and push it

  557. 		File file = new File(local, "PUSHCHK");

  558. 		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  559. 		BufferedWriter w = new BufferedWriter(os);

  560. 		w.write("// " + new Date().toString() + "\n");

  561. 		w.close();

  562. 		git.add().addFilepattern(file.getName()).call();

  563. 		git.commit().setMessage("push test").call();

  564. 		Iterable<PushResult> results = null;

  565. 		try {

  566. 			results = git.push().setCredentialsProvider(cp).setRemote("origin").call();

  567. 		} catch (GitAPIException e) {

  568. 			if (permission.atLeast(AccessPermission.PUSH)) {

  569. 				throw e;

  570. 			} else {

  571. 				// close serving repository

  572. 				GitBlitSuite.close(refChecks);

  573. 				

  574. 				// user does not have push permission

  575. 				assertTrue(e.getMessage(), e.getMessage().contains("not permitted"));

  576. 				GitBlitSuite.close(git);

  577. 				return;

  578. 			}

  579. 		}

  580. 		

  581. 		for (PushResult result : results) {

  582. 			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");

  583. 			Status status = ref.getStatus();

  584. 			if (permission.atLeast(AccessPermission.PUSH)) {

  585. 				assertTrue("User failed to push commit?! " + status.name(), Status.OK.equals(status));

  586. 			} else {

  587. 				// close serving repository

  588. 				GitBlitSuite.close(refChecks);

  589. 

  590. 				assertTrue("User was able to push commit! " + status.name(), Status.REJECTED_OTHER_REASON.equals(status));

  591. 				GitBlitSuite.close(git);

  592. 				// skip delete test

  593. 				return;

  594. 			}

  595. 		}

  596. 		

  597. 		// create a local branch and push the new branch back to the origin				

  598. 		git.branchCreate().setName("protectme").call();

  599. 		RefSpec refSpec = new RefSpec("refs/heads/protectme:refs/heads/protectme");

  600. 		results = git.push().setCredentialsProvider(cp).setRefSpecs(refSpec).setRemote("origin").call();

  601. 		for (PushResult result : results) {

  602. 			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/protectme");

  603. 			Status status = ref.getStatus();

  604. 			if (Status.OK.equals(expectedCreate)) {

  605. 				assertTrue("User failed to push creation?! " + status.name(), status.equals(expectedCreate));

  606. 			} else {

  607. 				// close serving repository

  608. 				GitBlitSuite.close(refChecks);

  609. 

  610. 				assertTrue("User was able to push ref creation! " + status.name(), status.equals(expectedCreate));

  611. 				GitBlitSuite.close(git);

  612. 				// skip delete test

  613. 				return;

  614. 			}

  615. 		}

  616. 		

  617. 		// delete the branch locally

  618. 		git.branchDelete().setBranchNames("protectme").call();

  619. 		

  620. 		// push a delete ref command

  621. 		refSpec = new RefSpec(":refs/heads/protectme");

  622. 		results = git.push().setCredentialsProvider(cp).setRefSpecs(refSpec).setRemote("origin").call();

  623. 		for (PushResult result : results) {

  624. 			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/protectme");

  625. 			Status status = ref.getStatus();

  626. 			if (Status.OK.equals(expectedDelete)) {

  627. 				assertTrue("User failed to push ref deletion?! " + status.name(), status.equals(Status.OK));

  628. 			} else {

  629. 				// close serving repository

  630. 				GitBlitSuite.close(refChecks);

  631. 

  632. 				assertTrue("User was able to push ref deletion?! " + status.name(), status.equals(expectedDelete));

  633. 				GitBlitSuite.close(git);

  634. 				// skip rewind test

  635. 				return;

  636. 			}

  637. 		}

  638. 		

  639. 		// rewind master by two commits

  640. 		git.reset().setRef("HEAD~2").setMode(ResetType.HARD).call();

  641. 		

  642. 		// commit a change on this detached HEAD

  643. 		file = new File(local, "REWINDCHK");

  644. 		os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  645. 		w = new BufferedWriter(os);

  646. 		w.write("// " + new Date().toString() + "\n");

  647. 		w.close();

  648. 		git.add().addFilepattern(file.getName()).call();

  649. 		RevCommit commit = git.commit().setMessage("rewind master and new commit").call();

  650. 		

  651. 		// Reset master to our new commit now we our local branch tip is no longer

  652. 		// upstream of the remote branch tip.  It is an alternate tip of the branch.

  653. 		JGitUtils.setBranchRef(git.getRepository(), "refs/heads/master", commit.getName());

  654. 		

  655. 		// Try pushing our new tip to the origin.

  656. 		// This requires the server to "rewind" it's master branch and update it

  657. 		// to point to our alternate tip.  This leaves the original master tip

  658. 		// unreferenced.

  659. 		results = git.push().setCredentialsProvider(cp).setRemote("origin").setForce(true).call();

  660. 		for (PushResult result : results) {

  661. 			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");

  662. 			Status status = ref.getStatus();

  663. 			if (Status.OK.equals(expectedRewind)) {

  664. 				assertTrue("User failed to rewind master?! " + status.name(), status.equals(expectedRewind));

  665. 			} else {

  666. 				assertTrue("User was able to rewind master?! " + status.name(), status.equals(expectedRewind));

  667. 			}

  668. 		}

  669. 		GitBlitSuite.close(git);

  670. 		

  671. 		// close serving repository

  672. 		GitBlitSuite.close(refChecks);

  673. 

  674. 		GitBlit.self().deleteUser(user.username);

  675. 	}

  676. 	

  677. 	@Test

  678. 	public void testCreateOnPush() throws Exception {

  679. 		testCreateOnPush(false, false);

  680. 		testCreateOnPush(true, false);

  681. 		testCreateOnPush(false, true);

  682. 	}

  683. 	

  684. 	private void testCreateOnPush(boolean canCreate, boolean canAdmin) throws Exception {

  685. 

  686. 		UserModel user = new UserModel("sampleuser");

  687. 		user.password = user.username;

  688. 		

  689. 		if (GitBlit.self().getUserModel(user.username) != null) {

  690. 			GitBlit.self().deleteUser(user.username);

  691. 		}

  692. 		

  693. 		user.canCreate = canCreate;

  694. 		user.canAdmin = canAdmin;

  695. 		

  696. 		GitBlit.self().updateUserModel(user.username, user, true);

  697. 

  698. 		CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);

  699. 		

  700. 		// fork from original to a temporary bare repo

  701. 		File tmpFolder = File.createTempFile("gitblit", "").getParentFile();

  702. 		File createCheck = new File(tmpFolder, "ticgit.git");

  703. 		if (createCheck.exists()) {

  704. 			FileUtils.delete(createCheck, FileUtils.RECURSIVE);

  705. 		}

  706. 		

  707. 		File personalRepo = new File(GitBlitSuite.REPOSITORIES, MessageFormat.format("~{0}/ticgit.git", user.username));

  708. 		GitBlitSuite.close(personalRepo);

  709. 		if (personalRepo.exists()) {

  710. 			FileUtils.delete(personalRepo, FileUtils.RECURSIVE);

  711. 		}

  712. 

  713. 		File projectRepo = new File(GitBlitSuite.REPOSITORIES, "project/ticgit.git");

  714. 		GitBlitSuite.close(projectRepo);

  715. 		if (projectRepo.exists()) {

  716. 			FileUtils.delete(projectRepo, FileUtils.RECURSIVE);

  717. 		}

  718. 

  719. 		CloneCommand clone = Git.cloneRepository();

  720. 		clone.setURI(MessageFormat.format("{0}/ticgit.git", url));

  721. 		clone.setDirectory(createCheck);

  722. 		clone.setBare(true);

  723. 		clone.setCloneAllBranches(true);

  724. 		clone.setCredentialsProvider(cp);

  725. 		Git git = clone.call();

  726. 		

  727. 		GitBlitSuite.close(personalRepo);

  728. 		

  729. 		// add a personal repository remote and a project remote

  730. 		git.getRepository().getConfig().setString("remote", "user", "url", MessageFormat.format("{0}/~{1}/ticgit.git", url, user.username));

  731. 		git.getRepository().getConfig().setString("remote", "project", "url", MessageFormat.format("{0}/project/ticgit.git", url));

  732. 		git.getRepository().getConfig().save();

  733. 

  734. 		// push to non-existent user repository

  735. 		try {

  736. 			Iterable<PushResult> results = git.push().setRemote("user").setPushAll().setCredentialsProvider(cp).call();

  737. 

  738. 			for (PushResult result : results) {

  739. 				RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");

  740. 				Status status = ref.getStatus();

  741. 				assertTrue("User failed to create repository?! " + status.name(), Status.OK.equals(status));

  742. 			}

  743. 

  744. 			assertTrue("User canAdmin:" + user.canAdmin + " canCreate:" + user.canCreate, user.canAdmin || user.canCreate);

  745. 			

  746. 			// confirm default personal repository permissions

  747. 			RepositoryModel model = GitBlit.self().getRepositoryModel(MessageFormat.format("~{0}/ticgit.git", user.username));

  748. 			assertEquals("Unexpected owner", user.username, ArrayUtils.toString(model.owners));

  749. 			assertEquals("Unexpected authorization control", AuthorizationControl.NAMED, model.authorizationControl);

  750. 			assertEquals("Unexpected access restriction", AccessRestrictionType.VIEW, model.accessRestriction);

  751. 			

  752. 		} catch (GitAPIException e) {

  753. 			assertTrue(e.getMessage(), e.getMessage().contains("git-receive-pack not found"));

  754. 			assertFalse("User canAdmin:" + user.canAdmin + " canCreate:" + user.canCreate, user.canAdmin || user.canCreate);

  755. 		}

  756. 		

  757. 		// push to non-existent project repository

  758. 		try {

  759. 			Iterable<PushResult> results = git.push().setRemote("project").setPushAll().setCredentialsProvider(cp).call();

  760. 			GitBlitSuite.close(git);

  761. 

  762. 			for (PushResult result : results) {

  763. 				RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");

  764. 				Status status = ref.getStatus();

  765. 				assertTrue("User failed to create repository?! " + status.name(), Status.OK.equals(status));

  766. 			}

  767. 			

  768. 			assertTrue("User canAdmin:" + user.canAdmin, user.canAdmin);

  769. 			

  770. 			// confirm default project repository permissions

  771. 			RepositoryModel model = GitBlit.self().getRepositoryModel("project/ticgit.git");

  772. 			assertEquals("Unexpected owner", user.username, ArrayUtils.toString(model.owners));

  773. 			assertEquals("Unexpected authorization control", AuthorizationControl.fromName(GitBlit.getString(Keys.git.defaultAuthorizationControl, "NAMED")), model.authorizationControl);

  774. 			assertEquals("Unexpected access restriction", AccessRestrictionType.fromName(GitBlit.getString(Keys.git.defaultAccessRestriction, "NONE")), model.accessRestriction);

  775. 

  776. 		} catch (GitAPIException e) {

  777. 			assertTrue(e.getMessage(), e.getMessage().contains("git-receive-pack not found"));

  778. 			assertFalse("User canAdmin:" + user.canAdmin, user.canAdmin);

  779. 		}

  780. 

  781. 		GitBlitSuite.close(git);

  782. 		GitBlit.self().deleteUser(user.username);

  783. 	}

  784. 	

  785. 	@Test

  786. 	public void testPushLog() throws IOException {

  787. 		String name = "refchecks/ticgit.git";

  788. 		File refChecks = new File(GitBlitSuite.REPOSITORIES, name);

  789. 		FileRepository repository = new FileRepository(refChecks);

  790. 		List<PushLogEntry> pushes = PushLogUtils.getPushLog(name, repository);

  791. 		GitBlitSuite.close(repository);

  792. 		assertTrue("Repository has an empty push log!", pushes.size() > 0);

  793. 	}

  794. }