mirrors
/
gitblit
mirror of https://github.com/gitblit/gitblit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 43 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1024 Commits
11 Branches
Tree: eec3ef21b9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'eec3ef21b9'
${ noResults }
gitblit/tests/com/gitblit/tests/GitServletTest.java

GitServletTest.java 29KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774 
  1. package com.gitblit.tests;

  2. 

  3. import static org.junit.Assert.assertEquals;

  4. import static org.junit.Assert.assertFalse;

  5. import static org.junit.Assert.assertTrue;

  6. 

  7. import java.io.BufferedWriter;

  8. import java.io.File;

  9. import java.io.FileOutputStream;

  10. import java.io.IOException;

  11. import java.io.OutputStreamWriter;

  12. import java.text.MessageFormat;

  13. import java.util.Date;

  14. import java.util.List;

  15. import java.util.concurrent.atomic.AtomicBoolean;

  16. 

  17. import org.eclipse.jgit.api.CloneCommand;

  18. import org.eclipse.jgit.api.Git;

  19. import org.eclipse.jgit.api.ResetCommand.ResetType;

  20. import org.eclipse.jgit.api.errors.GitAPIException;

  21. import org.eclipse.jgit.lib.Constants;

  22. import org.eclipse.jgit.revwalk.RevCommit;

  23. import org.eclipse.jgit.storage.file.FileRepository;

  24. import org.eclipse.jgit.transport.CredentialsProvider;

  25. import org.eclipse.jgit.transport.PushResult;

  26. import org.eclipse.jgit.transport.RefSpec;

  27. import org.eclipse.jgit.transport.RemoteRefUpdate;

  28. import org.eclipse.jgit.transport.RemoteRefUpdate.Status;

  29. import org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider;

  30. import org.eclipse.jgit.util.FileUtils;

  31. import org.junit.AfterClass;

  32. import org.junit.BeforeClass;

  33. import org.junit.Test;

  34. 

  35. import com.gitblit.Constants.AccessPermission;

  36. import com.gitblit.Constants.AccessRestrictionType;

  37. import com.gitblit.Constants.AuthorizationControl;

  38. import com.gitblit.GitBlit;

  39. import com.gitblit.Keys;

  40. import com.gitblit.models.PushLogEntry;

  41. import com.gitblit.models.RepositoryModel;

  42. import com.gitblit.models.UserModel;

  43. import com.gitblit.utils.JGitUtils;

  44. import com.gitblit.utils.PushLogUtils;

  45. 

  46. public class GitServletTest {

  47. 

  48. 	static File ticgitFolder = new File(GitBlitSuite.REPOSITORIES, "working/ticgit");

  49. 	

  50. 	static File ticgit2Folder = new File(GitBlitSuite.REPOSITORIES, "working/ticgit2");

  51. 

  52. 	static File jgitFolder = new File(GitBlitSuite.REPOSITORIES, "working/jgit");

  53. 	

  54. 	static File jgit2Folder = new File(GitBlitSuite.REPOSITORIES, "working/jgit2");

  55. 

  56. 	String url = GitBlitSuite.url;

  57. 	String account = GitBlitSuite.account;

  58. 	String password = GitBlitSuite.password;

  59. 

  60. 	private static final AtomicBoolean started = new AtomicBoolean(false);

  61. 

  62. 	@BeforeClass

  63. 	public static void startGitblit() throws Exception {

  64. 		started.set(GitBlitSuite.startGitblit());

  65. 	}

  66. 

  67. 	@AfterClass

  68. 	public static void stopGitblit() throws Exception {

  69. 		if (started.get()) {

  70. 			GitBlitSuite.stopGitblit();

  71. 			deleteWorkingFolders();

  72. 		}

  73. 	}

  74. 	

  75. 	public static void deleteWorkingFolders() throws Exception {

  76. 		if (ticgitFolder.exists()) {

  77. 			GitBlitSuite.close(ticgitFolder);

  78. 			FileUtils.delete(ticgitFolder, FileUtils.RECURSIVE);

  79. 		}

  80. 		if (ticgit2Folder.exists()) {

  81. 			GitBlitSuite.close(ticgit2Folder);

  82. 			FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE);

  83. 		}

  84. 		if (jgitFolder.exists()) {

  85. 			GitBlitSuite.close(jgitFolder);

  86. 			FileUtils.delete(jgitFolder, FileUtils.RECURSIVE);

  87. 		}

  88. 		if (jgit2Folder.exists()) {

  89. 			GitBlitSuite.close(jgit2Folder);

  90. 			FileUtils.delete(jgit2Folder, FileUtils.RECURSIVE);

  91. 		}

  92. 	}

  93. 

  94. 	@Test

  95. 	public void testClone() throws Exception {

  96. 		GitBlitSuite.close(ticgitFolder);

  97. 		if (ticgitFolder.exists()) {

  98. 			FileUtils.delete(ticgitFolder, FileUtils.RECURSIVE | FileUtils.RETRY);

  99. 		}

  100. 		

  101. 		CloneCommand clone = Git.cloneRepository();

  102. 		clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url));

  103. 		clone.setDirectory(ticgitFolder);

  104. 		clone.setBare(false);

  105. 		clone.setCloneAllBranches(true);

  106. 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));

  107. 		GitBlitSuite.close(clone.call());		

  108. 		assertTrue(true);

  109. 	}

  110. 

  111. 	@Test

  112. 	public void testBogusLoginClone() throws Exception {

  113. 		// restrict repository access

  114. 		RepositoryModel model = GitBlit.self().getRepositoryModel("ticgit.git");

  115. 		model.accessRestriction = AccessRestrictionType.CLONE;

  116. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  117. 

  118. 		// delete any existing working folder		

  119. 		boolean cloned = false;

  120. 		try {

  121. 			CloneCommand clone = Git.cloneRepository();

  122. 			clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url));

  123. 			clone.setDirectory(ticgit2Folder);

  124. 			clone.setBare(false);

  125. 			clone.setCloneAllBranches(true);

  126. 			clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider("bogus", "bogus"));

  127. 			GitBlitSuite.close(clone.call());

  128. 			cloned = true;

  129. 		} catch (Exception e) {

  130. 			// swallow the exception which we expect

  131. 		}

  132. 

  133. 		// restore anonymous repository access

  134. 		model.accessRestriction = AccessRestrictionType.NONE;

  135. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  136. 

  137. 		assertFalse("Bogus login cloned a repository?!", cloned);

  138. 	}

  139. 	

  140. 	@Test

  141. 	public void testUnauthorizedLoginClone() throws Exception {

  142. 		// restrict repository access

  143. 		RepositoryModel model = GitBlit.self().getRepositoryModel("ticgit.git");

  144. 		model.accessRestriction = AccessRestrictionType.CLONE;

  145. 		model.authorizationControl = AuthorizationControl.NAMED;

  146. 		UserModel user = new UserModel("james");

  147. 		user.password = "james";

  148. 		GitBlit.self().updateUserModel(user.username, user, true);

  149. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  150. 

  151. 		FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE);

  152. 		

  153. 		// delete any existing working folder		

  154. 		boolean cloned = false;

  155. 		try {

  156. 			CloneCommand clone = Git.cloneRepository();

  157. 			clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url));

  158. 			clone.setDirectory(ticgit2Folder);

  159. 			clone.setBare(false);

  160. 			clone.setCloneAllBranches(true);

  161. 			clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(user.username, user.password));

  162. 			GitBlitSuite.close(clone.call());

  163. 			cloned = true;

  164. 		} catch (Exception e) {

  165. 			// swallow the exception which we expect

  166. 		}

  167. 

  168. 		assertFalse("Unauthorized login cloned a repository?!", cloned);

  169. 

  170. 		FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE);

  171. 		

  172. 		// switch to authenticated

  173. 		model.authorizationControl = AuthorizationControl.AUTHENTICATED;

  174. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  175. 		

  176. 		// try clone again

  177. 		cloned = false;

  178. 		CloneCommand clone = Git.cloneRepository();

  179. 		clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url));

  180. 		clone.setDirectory(ticgit2Folder);

  181. 		clone.setBare(false);

  182. 		clone.setCloneAllBranches(true);

  183. 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(user.username, user.password));

  184. 		GitBlitSuite.close(clone.call());

  185. 		cloned = true;

  186. 

  187. 		assertTrue("Authenticated login could not clone!", cloned);

  188. 		

  189. 		FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE);

  190. 		

  191. 		// restore anonymous repository access

  192. 		model.accessRestriction = AccessRestrictionType.NONE;

  193. 		model.authorizationControl = AuthorizationControl.NAMED;

  194. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  195. 		GitBlit.self().deleteUser(user.username);

  196. 	}

  197. 

  198. 	@Test

  199. 	public void testAnonymousPush() throws Exception {

  200. 		GitBlitSuite.close(ticgitFolder);

  201. 		if (ticgitFolder.exists()) {

  202. 			FileUtils.delete(ticgitFolder, FileUtils.RECURSIVE | FileUtils.RETRY);

  203. 		}

  204. 

  205. 		CloneCommand clone = Git.cloneRepository();

  206. 		clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url));

  207. 		clone.setDirectory(ticgitFolder);

  208. 		clone.setBare(false);

  209. 		clone.setCloneAllBranches(true);

  210. 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));

  211. 		GitBlitSuite.close(clone.call());		

  212. 		assertTrue(true);

  213. 		

  214. 		Git git = Git.open(ticgitFolder);

  215. 		File file = new File(ticgitFolder, "TODO");

  216. 		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  217. 		BufferedWriter w = new BufferedWriter(os);

  218. 		w.write("// hellol中文 " + new Date().toString() + "\n");

  219. 		w.close();

  220. 		git.add().addFilepattern(file.getName()).call();

  221. 		git.commit().setMessage("test commit").call();

  222. 		git.push().setPushAll().call();

  223. 		GitBlitSuite.close(git);

  224. 	}

  225. 

  226. 	@Test

  227. 	public void testSubfolderPush() throws Exception {

  228. 		GitBlitSuite.close(jgitFolder);

  229. 		if (jgitFolder.exists()) {

  230. 			FileUtils.delete(jgitFolder, FileUtils.RECURSIVE | FileUtils.RETRY);

  231. 		}

  232. 		

  233. 		CloneCommand clone = Git.cloneRepository();

  234. 		clone.setURI(MessageFormat.format("{0}/git/test/jgit.git", url));

  235. 		clone.setDirectory(jgitFolder);

  236. 		clone.setBare(false);

  237. 		clone.setCloneAllBranches(true);

  238. 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));

  239. 		GitBlitSuite.close(clone.call());

  240. 		assertTrue(true);

  241. 

  242. 		Git git = Git.open(jgitFolder);

  243. 		File file = new File(jgitFolder, "TODO");

  244. 		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  245. 		BufferedWriter w = new BufferedWriter(os);

  246. 		w.write("// " + new Date().toString() + "\n");

  247. 		w.close();

  248. 		git.add().addFilepattern(file.getName()).call();

  249. 		git.commit().setMessage("test commit").call();

  250. 		git.push().setPushAll().call();

  251. 		GitBlitSuite.close(git);

  252. 	}

  253. 	

  254. 	@Test

  255. 	public void testPushToFrozenRepo() throws Exception {

  256. 		GitBlitSuite.close(jgitFolder);

  257. 		if (jgitFolder.exists()) {

  258. 			FileUtils.delete(jgitFolder, FileUtils.RECURSIVE | FileUtils.RETRY);

  259. 		}

  260. 		

  261. 		CloneCommand clone = Git.cloneRepository();

  262. 		clone.setURI(MessageFormat.format("{0}/git/test/jgit.git", url));

  263. 		clone.setDirectory(jgitFolder);

  264. 		clone.setBare(false);

  265. 		clone.setCloneAllBranches(true);

  266. 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));

  267. 		GitBlitSuite.close(clone.call());

  268. 		assertTrue(true);

  269. 		

  270. 		// freeze repo

  271. 		RepositoryModel model = GitBlit.self().getRepositoryModel("test/jgit.git");

  272. 		model.isFrozen = true;

  273. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  274. 

  275. 		Git git = Git.open(jgitFolder);

  276. 		File file = new File(jgitFolder, "TODO");

  277. 		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  278. 		BufferedWriter w = new BufferedWriter(os);

  279. 		w.write("// " + new Date().toString() + "\n");

  280. 		w.close();

  281. 		git.add().addFilepattern(file.getName()).call();

  282. 		git.commit().setMessage("test commit").call();

  283. 		

  284. 		try {

  285. 			git.push().setPushAll().call();

  286. 			assertTrue(false);

  287. 		} catch (Exception e) {

  288. 			assertTrue(e.getCause().getMessage().contains("access forbidden"));

  289. 		}

  290. 		

  291. 		// unfreeze repo

  292. 		model.isFrozen = false;

  293. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  294. 

  295. 		git.push().setPushAll().call();

  296. 		GitBlitSuite.close(git);

  297. 	}

  298. 	

  299. 	@Test

  300. 	public void testPushToNonBareRepository() throws Exception {

  301. 		CloneCommand clone = Git.cloneRepository();

  302. 		clone.setURI(MessageFormat.format("{0}/git/working/jgit", url));

  303. 		clone.setDirectory(jgit2Folder);

  304. 		clone.setBare(false);

  305. 		clone.setCloneAllBranches(true);

  306. 		clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));

  307. 		GitBlitSuite.close(clone.call());

  308. 		assertTrue(true);

  309. 

  310. 		Git git = Git.open(jgit2Folder);

  311. 		File file = new File(jgit2Folder, "NONBARE");

  312. 		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  313. 		BufferedWriter w = new BufferedWriter(os);

  314. 		w.write("// " + new Date().toString() + "\n");

  315. 		w.close();

  316. 		git.add().addFilepattern(file.getName()).call();

  317. 		git.commit().setMessage("test commit followed by push to non-bare repository").call();

  318. 		try {

  319. 			git.push().setPushAll().call();

  320. 			assertTrue(false);

  321. 		} catch (Exception e) {

  322. 			assertTrue(e.getCause().getMessage().contains("git-receive-pack not permitted"));

  323. 		}

  324. 		GitBlitSuite.close(git);

  325. 	}

  326. 

  327. 	@Test

  328. 	public void testCommitterVerification() throws Exception {

  329. 		UserModel user = new UserModel("james");

  330. 		user.password = "james";

  331. 

  332. 		// account only uses account name to verify

  333. 		testCommitterVerification(user, user.username, null, true);

  334. 		// committer email address is ignored because account does not specify email

  335. 		testCommitterVerification(user, user.username, "something", true);

  336. 		// completely different committer

  337. 		testCommitterVerification(user, "joe", null, false);

  338. 

  339. 		// test display name verification

  340. 		user.displayName = "James Moger";

  341. 		testCommitterVerification(user, user.displayName, null, true);

  342. 		testCommitterVerification(user, user.displayName, "something", true);

  343. 		testCommitterVerification(user, "joe", null, false);

  344. 		

  345. 		// test email address verification

  346. 		user.emailAddress = "something";

  347. 		testCommitterVerification(user, user.displayName, null, false);

  348. 		testCommitterVerification(user, user.displayName, "somethingelse", false);

  349. 		testCommitterVerification(user, user.displayName, user.emailAddress, true);

  350. 		

  351. 		// use same email address but with different committer

  352. 		testCommitterVerification(user, "joe", "somethingelse", false);

  353. 	}

  354. 	

  355. 	private void testCommitterVerification(UserModel user, String displayName, String emailAddress, boolean expectedSuccess) throws Exception {

  356. 		

  357. 		if (GitBlit.self().getUserModel(user.username) != null) {

  358. 			GitBlit.self().deleteUser(user.username);

  359. 		}

  360. 		

  361. 		CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);

  362. 		

  363. 		// fork from original to a temporary bare repo

  364. 		File verification = new File(GitBlitSuite.REPOSITORIES, "refchecks/verify-committer.git");

  365. 		if (verification.exists()) {

  366. 			FileUtils.delete(verification, FileUtils.RECURSIVE);

  367. 		}

  368. 		CloneCommand clone = Git.cloneRepository();

  369. 		clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url));

  370. 		clone.setDirectory(verification);

  371. 		clone.setBare(true);

  372. 		clone.setCloneAllBranches(true);

  373. 		clone.setCredentialsProvider(cp);

  374. 		GitBlitSuite.close(clone.call());

  375. 		

  376. 		// require push permissions and committer verification

  377. 		RepositoryModel model = GitBlit.self().getRepositoryModel("refchecks/verify-committer.git");

  378. 		model.authorizationControl = AuthorizationControl.NAMED;

  379. 		model.accessRestriction = AccessRestrictionType.PUSH;

  380. 		model.verifyCommitter = true;

  381. 		

  382. 		// grant user push permission

  383. 		user.setRepositoryPermission(model.name, AccessPermission.PUSH);

  384. 		

  385. 		GitBlit.self().updateUserModel(user.username, user, true);

  386. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  387. 

  388. 		// clone temp bare repo to working copy

  389. 		File local = new File(GitBlitSuite.REPOSITORIES, "refchecks/verify-wc");

  390. 		if (local.exists()) {

  391. 			FileUtils.delete(local, FileUtils.RECURSIVE);

  392. 		}

  393. 		clone = Git.cloneRepository();

  394. 		clone.setURI(MessageFormat.format("{0}/git/{1}", url, model.name));

  395. 		clone.setDirectory(local);

  396. 		clone.setBare(false);

  397. 		clone.setCloneAllBranches(true);

  398. 		clone.setCredentialsProvider(cp);

  399. 		GitBlitSuite.close(clone.call());

  400. 		

  401. 		Git git = Git.open(local);

  402. 		

  403. 		// force an identity which may or may not match the account's identity

  404. 		git.getRepository().getConfig().setString("user", null, "name", displayName);

  405. 		git.getRepository().getConfig().setString("user", null, "email", emailAddress);

  406. 		git.getRepository().getConfig().save();

  407. 		

  408. 		// commit a file and push it

  409. 		File file = new File(local, "PUSHCHK");

  410. 		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  411. 		BufferedWriter w = new BufferedWriter(os);

  412. 		w.write("// " + new Date().toString() + "\n");

  413. 		w.close();

  414. 		git.add().addFilepattern(file.getName()).call();

  415. 		git.commit().setMessage("push test").call();

  416. 		Iterable<PushResult> results = git.push().setCredentialsProvider(cp).setRemote("origin").call();

  417. 		

  418. 		for (PushResult result : results) {

  419. 			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");

  420. 			Status status = ref.getStatus();

  421. 			if (expectedSuccess) {

  422. 				assertTrue("Verification failed! User was NOT able to push commit! " + status.name(), Status.OK.equals(status));

  423. 			} else {

  424. 				assertTrue("Verification failed! User was able to push commit! " + status.name(), Status.REJECTED_OTHER_REASON.equals(status));

  425. 			}

  426. 		}

  427. 		

  428. 		GitBlitSuite.close(git);

  429. 		// close serving repository

  430. 		GitBlitSuite.close(verification);

  431. 	}

  432. 

  433. 	@Test

  434. 	public void testBlockClone() throws Exception {

  435. 		testRefChange(AccessPermission.VIEW, null, null, null);

  436. 	}

  437. 

  438. 	@Test

  439. 	public void testBlockPush() throws Exception {

  440. 		testRefChange(AccessPermission.CLONE, null, null, null);

  441. 	}

  442. 

  443. 	@Test

  444. 	public void testBlockBranchCreation() throws Exception {

  445. 		testRefChange(AccessPermission.PUSH, Status.REJECTED_OTHER_REASON, null, null);

  446. 	}

  447. 

  448. 	@Test

  449. 	public void testBlockBranchDeletion() throws Exception {

  450. 		testRefChange(AccessPermission.CREATE, Status.OK, Status.REJECTED_OTHER_REASON, null);

  451. 	}

  452. 	

  453. 	@Test

  454. 	public void testBlockBranchRewind() throws Exception {

  455. 		testRefChange(AccessPermission.DELETE, Status.OK, Status.OK, Status.REJECTED_OTHER_REASON);

  456. 	}

  457. 

  458. 	@Test

  459. 	public void testBranchRewind() throws Exception {		

  460. 		testRefChange(AccessPermission.REWIND, Status.OK, Status.OK, Status.OK);

  461. 	}

  462. 

  463. 	private void testRefChange(AccessPermission permission, Status expectedCreate, Status expectedDelete, Status expectedRewind) throws Exception {

  464. 

  465. 		UserModel user = new UserModel("james");

  466. 		user.password = "james";

  467. 		

  468. 		if (GitBlit.self().getUserModel(user.username) != null) {

  469. 			GitBlit.self().deleteUser(user.username);

  470. 		}

  471. 		

  472. 		CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);

  473. 		

  474. 		// fork from original to a temporary bare repo

  475. 		File refChecks = new File(GitBlitSuite.REPOSITORIES, "refchecks/ticgit.git");

  476. 		if (refChecks.exists()) {

  477. 			FileUtils.delete(refChecks, FileUtils.RECURSIVE);

  478. 		}

  479. 		CloneCommand clone = Git.cloneRepository();

  480. 		clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url));

  481. 		clone.setDirectory(refChecks);

  482. 		clone.setBare(true);

  483. 		clone.setCloneAllBranches(true);

  484. 		clone.setCredentialsProvider(cp);

  485. 		GitBlitSuite.close(clone.call());

  486. 

  487. 		// elevate repository to clone permission

  488. 		RepositoryModel model = GitBlit.self().getRepositoryModel("refchecks/ticgit.git");

  489. 		switch (permission) {

  490. 			case VIEW:

  491. 				model.accessRestriction = AccessRestrictionType.CLONE;

  492. 				break;

  493. 			case CLONE:

  494. 				model.accessRestriction = AccessRestrictionType.CLONE;

  495. 				break;

  496. 			default:

  497. 				model.accessRestriction = AccessRestrictionType.PUSH;

  498. 		}

  499. 		model.authorizationControl = AuthorizationControl.NAMED;

  500. 		

  501. 		// grant user specified

  502. 		user.setRepositoryPermission(model.name, permission);

  503. 

  504. 		GitBlit.self().updateUserModel(user.username, user, true);

  505. 		GitBlit.self().updateRepositoryModel(model.name, model, false);

  506. 

  507. 		// clone temp bare repo to working copy

  508. 		File local = new File(GitBlitSuite.REPOSITORIES, "refchecks/ticgit-wc");

  509. 		if (local.exists()) {

  510. 			FileUtils.delete(local, FileUtils.RECURSIVE);

  511. 		}

  512. 		clone = Git.cloneRepository();

  513. 		clone.setURI(MessageFormat.format("{0}/git/{1}", url, model.name));

  514. 		clone.setDirectory(local);

  515. 		clone.setBare(false);

  516. 		clone.setCloneAllBranches(true);

  517. 		clone.setCredentialsProvider(cp);

  518. 		

  519. 		try {

  520. 			GitBlitSuite.close(clone.call());

  521. 		} catch (GitAPIException e) {

  522. 			if (permission.atLeast(AccessPermission.CLONE)) {

  523. 				throw e;

  524. 			} else {

  525. 				// close serving repository

  526. 				GitBlitSuite.close(refChecks);

  527. 				

  528. 				// user does not have clone permission

  529. 				assertTrue(e.getMessage(), e.getMessage().contains("not permitted"));	

  530. 				return;

  531. 			}

  532. 		}

  533. 		

  534. 		Git git = Git.open(local);

  535. 		

  536. 		// commit a file and push it

  537. 		File file = new File(local, "PUSHCHK");

  538. 		OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  539. 		BufferedWriter w = new BufferedWriter(os);

  540. 		w.write("// " + new Date().toString() + "\n");

  541. 		w.close();

  542. 		git.add().addFilepattern(file.getName()).call();

  543. 		git.commit().setMessage("push test").call();

  544. 		Iterable<PushResult> results = null;

  545. 		try {

  546. 			results = git.push().setCredentialsProvider(cp).setRemote("origin").call();

  547. 		} catch (GitAPIException e) {

  548. 			if (permission.atLeast(AccessPermission.PUSH)) {

  549. 				throw e;

  550. 			} else {

  551. 				// close serving repository

  552. 				GitBlitSuite.close(refChecks);

  553. 				

  554. 				// user does not have push permission

  555. 				assertTrue(e.getMessage(), e.getMessage().contains("not permitted"));

  556. 				GitBlitSuite.close(git);

  557. 				return;

  558. 			}

  559. 		}

  560. 		

  561. 		for (PushResult result : results) {

  562. 			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");

  563. 			Status status = ref.getStatus();

  564. 			if (permission.atLeast(AccessPermission.PUSH)) {

  565. 				assertTrue("User failed to push commit?! " + status.name(), Status.OK.equals(status));

  566. 			} else {

  567. 				// close serving repository

  568. 				GitBlitSuite.close(refChecks);

  569. 

  570. 				assertTrue("User was able to push commit! " + status.name(), Status.REJECTED_OTHER_REASON.equals(status));

  571. 				GitBlitSuite.close(git);

  572. 				// skip delete test

  573. 				return;

  574. 			}

  575. 		}

  576. 		

  577. 		// create a local branch and push the new branch back to the origin				

  578. 		git.branchCreate().setName("protectme").call();

  579. 		RefSpec refSpec = new RefSpec("refs/heads/protectme:refs/heads/protectme");

  580. 		results = git.push().setCredentialsProvider(cp).setRefSpecs(refSpec).setRemote("origin").call();

  581. 		for (PushResult result : results) {

  582. 			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/protectme");

  583. 			Status status = ref.getStatus();

  584. 			if (Status.OK.equals(expectedCreate)) {

  585. 				assertTrue("User failed to push creation?! " + status.name(), status.equals(expectedCreate));

  586. 			} else {

  587. 				// close serving repository

  588. 				GitBlitSuite.close(refChecks);

  589. 

  590. 				assertTrue("User was able to push ref creation! " + status.name(), status.equals(expectedCreate));

  591. 				GitBlitSuite.close(git);

  592. 				// skip delete test

  593. 				return;

  594. 			}

  595. 		}

  596. 		

  597. 		// delete the branch locally

  598. 		git.branchDelete().setBranchNames("protectme").call();

  599. 		

  600. 		// push a delete ref command

  601. 		refSpec = new RefSpec(":refs/heads/protectme");

  602. 		results = git.push().setCredentialsProvider(cp).setRefSpecs(refSpec).setRemote("origin").call();

  603. 		for (PushResult result : results) {

  604. 			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/protectme");

  605. 			Status status = ref.getStatus();

  606. 			if (Status.OK.equals(expectedDelete)) {

  607. 				assertTrue("User failed to push ref deletion?! " + status.name(), status.equals(Status.OK));

  608. 			} else {

  609. 				// close serving repository

  610. 				GitBlitSuite.close(refChecks);

  611. 

  612. 				assertTrue("User was able to push ref deletion?! " + status.name(), status.equals(expectedDelete));

  613. 				GitBlitSuite.close(git);

  614. 				// skip rewind test

  615. 				return;

  616. 			}

  617. 		}

  618. 		

  619. 		// rewind master by two commits

  620. 		git.reset().setRef("HEAD~2").setMode(ResetType.HARD).call();

  621. 		

  622. 		// commit a change on this detached HEAD

  623. 		file = new File(local, "REWINDCHK");

  624. 		os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);

  625. 		w = new BufferedWriter(os);

  626. 		w.write("// " + new Date().toString() + "\n");

  627. 		w.close();

  628. 		git.add().addFilepattern(file.getName()).call();

  629. 		RevCommit commit = git.commit().setMessage("rewind master and new commit").call();

  630. 		

  631. 		// Reset master to our new commit now we our local branch tip is no longer

  632. 		// upstream of the remote branch tip.  It is an alternate tip of the branch.

  633. 		JGitUtils.setBranchRef(git.getRepository(), "refs/heads/master", commit.getName());

  634. 		

  635. 		// Try pushing our new tip to the origin.

  636. 		// This requires the server to "rewind" it's master branch and update it

  637. 		// to point to our alternate tip.  This leaves the original master tip

  638. 		// unreferenced.

  639. 		results = git.push().setCredentialsProvider(cp).setRemote("origin").setForce(true).call();

  640. 		for (PushResult result : results) {

  641. 			RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");

  642. 			Status status = ref.getStatus();

  643. 			if (Status.OK.equals(expectedRewind)) {

  644. 				assertTrue("User failed to rewind master?! " + status.name(), status.equals(expectedRewind));

  645. 			} else {

  646. 				assertTrue("User was able to rewind master?! " + status.name(), status.equals(expectedRewind));

  647. 			}

  648. 		}

  649. 		GitBlitSuite.close(git);

  650. 		

  651. 		// close serving repository

  652. 		GitBlitSuite.close(refChecks);

  653. 

  654. 		GitBlit.self().deleteUser(user.username);

  655. 	}

  656. 	

  657. 	@Test

  658. 	public void testCreateOnPush() throws Exception {

  659. 		testCreateOnPush(false, false);

  660. 		testCreateOnPush(true, false);

  661. 		testCreateOnPush(false, true);

  662. 	}

  663. 	

  664. 	private void testCreateOnPush(boolean canCreate, boolean canAdmin) throws Exception {

  665. 

  666. 		UserModel user = new UserModel("sampleuser");

  667. 		user.password = user.username;

  668. 		

  669. 		if (GitBlit.self().getUserModel(user.username) != null) {

  670. 			GitBlit.self().deleteUser(user.username);

  671. 		}

  672. 		

  673. 		user.canCreate = canCreate;

  674. 		user.canAdmin = canAdmin;

  675. 		

  676. 		GitBlit.self().updateUserModel(user.username, user, true);

  677. 

  678. 		CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);

  679. 		

  680. 		// fork from original to a temporary bare repo

  681. 		File tmpFolder = File.createTempFile("gitblit", "").getParentFile();

  682. 		File createCheck = new File(tmpFolder, "ticgit.git");

  683. 		if (createCheck.exists()) {

  684. 			FileUtils.delete(createCheck, FileUtils.RECURSIVE);

  685. 		}

  686. 		

  687. 		File personalRepo = new File(GitBlitSuite.REPOSITORIES, MessageFormat.format("~{0}/ticgit.git", user.username));

  688. 		GitBlitSuite.close(personalRepo);

  689. 		if (personalRepo.exists()) {

  690. 			FileUtils.delete(personalRepo, FileUtils.RECURSIVE);

  691. 		}

  692. 

  693. 		File projectRepo = new File(GitBlitSuite.REPOSITORIES, "project/ticgit.git");

  694. 		GitBlitSuite.close(projectRepo);

  695. 		if (projectRepo.exists()) {

  696. 			FileUtils.delete(projectRepo, FileUtils.RECURSIVE);

  697. 		}

  698. 

  699. 		CloneCommand clone = Git.cloneRepository();

  700. 		clone.setURI(MessageFormat.format("{0}/git/ticgit.git", url));

  701. 		clone.setDirectory(createCheck);

  702. 		clone.setBare(true);

  703. 		clone.setCloneAllBranches(true);

  704. 		clone.setCredentialsProvider(cp);

  705. 		Git git = clone.call();

  706. 		

  707. 		GitBlitSuite.close(personalRepo);

  708. 		

  709. 		// add a personal repository remote and a project remote

  710. 		git.getRepository().getConfig().setString("remote", "user", "url", MessageFormat.format("{0}/git/~{1}/ticgit.git", url, user.username));

  711. 		git.getRepository().getConfig().setString("remote", "project", "url", MessageFormat.format("{0}/git/project/ticgit.git", url));

  712. 		git.getRepository().getConfig().save();

  713. 

  714. 		// push to non-existent user repository

  715. 		try {

  716. 			Iterable<PushResult> results = git.push().setRemote("user").setPushAll().setCredentialsProvider(cp).call();

  717. 

  718. 			for (PushResult result : results) {

  719. 				RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");

  720. 				Status status = ref.getStatus();

  721. 				assertTrue("User failed to create repository?! " + status.name(), Status.OK.equals(status));

  722. 			}

  723. 

  724. 			assertTrue("User canAdmin:" + user.canAdmin + " canCreate:" + user.canCreate, user.canAdmin || user.canCreate);

  725. 			

  726. 			// confirm default personal repository permissions

  727. 			RepositoryModel model = GitBlit.self().getRepositoryModel(MessageFormat.format("~{0}/ticgit.git", user.username));

  728. 			assertEquals("Unexpected owner", user.username, model.owner);

  729. 			assertEquals("Unexpected authorization control", AuthorizationControl.NAMED, model.authorizationControl);

  730. 			assertEquals("Unexpected access restriction", AccessRestrictionType.VIEW, model.accessRestriction);

  731. 			

  732. 		} catch (GitAPIException e) {

  733. 			assertTrue(e.getMessage(), e.getMessage().contains("git-receive-pack not found"));

  734. 			assertFalse("User canAdmin:" + user.canAdmin + " canCreate:" + user.canCreate, user.canAdmin || user.canCreate);

  735. 		}

  736. 		

  737. 		// push to non-existent project repository

  738. 		try {

  739. 			Iterable<PushResult> results = git.push().setRemote("project").setPushAll().setCredentialsProvider(cp).call();

  740. 			GitBlitSuite.close(git);

  741. 

  742. 			for (PushResult result : results) {

  743. 				RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");

  744. 				Status status = ref.getStatus();

  745. 				assertTrue("User failed to create repository?! " + status.name(), Status.OK.equals(status));

  746. 			}

  747. 			

  748. 			assertTrue("User canAdmin:" + user.canAdmin, user.canAdmin);

  749. 			

  750. 			// confirm default project repository permissions

  751. 			RepositoryModel model = GitBlit.self().getRepositoryModel("project/ticgit.git");

  752. 			assertEquals("Unexpected owner", user.username, model.owner);

  753. 			assertEquals("Unexpected authorization control", AuthorizationControl.fromName(GitBlit.getString(Keys.git.defaultAuthorizationControl, "NAMED")), model.authorizationControl);

  754. 			assertEquals("Unexpected access restriction", AccessRestrictionType.fromName(GitBlit.getString(Keys.git.defaultAccessRestriction, "NONE")), model.accessRestriction);

  755. 

  756. 		} catch (GitAPIException e) {

  757. 			assertTrue(e.getMessage(), e.getMessage().contains("git-receive-pack not found"));

  758. 			assertFalse("User canAdmin:" + user.canAdmin, user.canAdmin);

  759. 		}

  760. 

  761. 		GitBlitSuite.close(git);

  762. 		GitBlit.self().deleteUser(user.username);

  763. 	}

  764. 	

  765. 	@Test

  766. 	public void testPushLog() throws IOException {

  767. 		String name = "refchecks/ticgit.git";

  768. 		File refChecks = new File(GitBlitSuite.REPOSITORIES, name);

  769. 		FileRepository repository = new FileRepository(refChecks);

  770. 		List<PushLogEntry> pushes = PushLogUtils.getPushLog(name, repository);

  771. 		GitBlitSuite.close(repository);

  772. 		assertTrue("Repository has an empty push log!", pushes.size() > 0);

  773. 	}

  774. }