* Only require one email (possibly not yet validated) * Update message error and check validation of commit * Add integrations tests * Complete integration for import * Add pre-check/optimization * Add some test (not finished) * Finish * Fix fixtures * Fix typo * Don't guess key IDtags/v1.3.0-rc1
@@ -0,0 +1,260 @@ | |||
// Copyright 2017 The Gogs Authors. All rights reserved. | |||
// Use of this source code is governed by a MIT-style | |||
// license that can be found in the LICENSE file. | |||
package integrations | |||
import ( | |||
"net/http" | |||
"strconv" | |||
"testing" | |||
"github.com/stretchr/testify/assert" | |||
api "code.gitea.io/sdk/gitea" | |||
) | |||
func TestGPGKeys(t *testing.T) { | |||
prepareTestEnv(t) | |||
session := loginUser(t, "user2") | |||
tt := []struct { | |||
name string | |||
reqBuilder func(testing.TB, *http.Request, int) *TestResponse | |||
results []int | |||
}{ | |||
{name: "NoLogin", reqBuilder: MakeRequest, | |||
results: []int{http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized}, | |||
}, | |||
{name: "LoggedAsUser2", reqBuilder: session.MakeRequest, | |||
results: []int{http.StatusOK, http.StatusOK, http.StatusNotFound, http.StatusNoContent, http.StatusInternalServerError, http.StatusInternalServerError, http.StatusCreated, http.StatusCreated}}, | |||
} | |||
for _, tc := range tt { | |||
//Basic test on result code | |||
t.Run(tc.name, func(t *testing.T) { | |||
t.Run("ViewOwnGPGKeys", func(t *testing.T) { | |||
testViewOwnGPGKeys(t, tc.reqBuilder, tc.results[0]) | |||
}) | |||
t.Run("ViewGPGKeys", func(t *testing.T) { | |||
testViewGPGKeys(t, tc.reqBuilder, tc.results[1]) | |||
}) | |||
t.Run("GetGPGKey", func(t *testing.T) { | |||
testGetGPGKey(t, tc.reqBuilder, tc.results[2]) | |||
}) | |||
t.Run("DeleteGPGKey", func(t *testing.T) { | |||
testDeleteGPGKey(t, tc.reqBuilder, tc.results[3]) | |||
}) | |||
t.Run("CreateInvalidGPGKey", func(t *testing.T) { | |||
testCreateInvalidGPGKey(t, tc.reqBuilder, tc.results[4]) | |||
}) | |||
t.Run("CreateNoneRegistredEmailGPGKey", func(t *testing.T) { | |||
testCreateNoneRegistredEmailGPGKey(t, tc.reqBuilder, tc.results[5]) | |||
}) | |||
t.Run("CreateValidGPGKey", func(t *testing.T) { | |||
testCreateValidGPGKey(t, tc.reqBuilder, tc.results[6]) | |||
}) | |||
t.Run("CreateValidSecondaryEmailGPGKey", func(t *testing.T) { | |||
testCreateValidSecondaryEmailGPGKey(t, tc.reqBuilder, tc.results[7]) | |||
}) | |||
}) | |||
} | |||
//Check state after basic add | |||
t.Run("CheckState", func(t *testing.T) { | |||
var keys []*api.GPGKey | |||
req := NewRequest(t, "GET", "/api/v1/user/gpg_keys") //GET all keys | |||
resp := session.MakeRequest(t, req, http.StatusOK) | |||
DecodeJSON(t, resp, &keys) | |||
primaryKey1 := keys[0] //Primary key 1 | |||
assert.EqualValues(t, "38EA3BCED732982C", primaryKey1.KeyID) | |||
assert.EqualValues(t, 1, len(primaryKey1.Emails)) | |||
assert.EqualValues(t, "user2@example.com", primaryKey1.Emails[0].Email) | |||
assert.EqualValues(t, true, primaryKey1.Emails[0].Verified) | |||
subKey := primaryKey1.SubsKey[0] //Subkey of 38EA3BCED732982C | |||
assert.EqualValues(t, "70D7C694D17D03AD", subKey.KeyID) | |||
assert.EqualValues(t, 0, len(subKey.Emails)) | |||
primaryKey2 := keys[1] //Primary key 2 | |||
assert.EqualValues(t, "FABF39739FE1E927", primaryKey2.KeyID) | |||
assert.EqualValues(t, 1, len(primaryKey2.Emails)) | |||
assert.EqualValues(t, "user21@example.com", primaryKey2.Emails[0].Email) | |||
assert.EqualValues(t, false, primaryKey2.Emails[0].Verified) | |||
var key api.GPGKey | |||
req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey1.ID, 10)) //Primary key 1 | |||
resp = session.MakeRequest(t, req, http.StatusOK) | |||
DecodeJSON(t, resp, &key) | |||
assert.EqualValues(t, "38EA3BCED732982C", key.KeyID) | |||
assert.EqualValues(t, 1, len(key.Emails)) | |||
assert.EqualValues(t, "user2@example.com", key.Emails[0].Email) | |||
assert.EqualValues(t, true, key.Emails[0].Verified) | |||
req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(subKey.ID, 10)) //Subkey of 38EA3BCED732982C | |||
resp = session.MakeRequest(t, req, http.StatusOK) | |||
DecodeJSON(t, resp, &key) | |||
assert.EqualValues(t, "70D7C694D17D03AD", key.KeyID) | |||
assert.EqualValues(t, 0, len(key.Emails)) | |||
req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey2.ID, 10)) //Primary key 2 | |||
resp = session.MakeRequest(t, req, http.StatusOK) | |||
DecodeJSON(t, resp, &key) | |||
assert.EqualValues(t, "FABF39739FE1E927", key.KeyID) | |||
assert.EqualValues(t, 1, len(key.Emails)) | |||
assert.EqualValues(t, "user21@example.com", key.Emails[0].Email) | |||
assert.EqualValues(t, false, key.Emails[0].Verified) | |||
}) | |||
//Check state after basic add | |||
t.Run("CheckCommits", func(t *testing.T) { | |||
t.Run("NotSigned", func(t *testing.T) { | |||
var branch api.Branch | |||
req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/not-signed") | |||
resp := session.MakeRequest(t, req, http.StatusOK) | |||
DecodeJSON(t, resp, &branch) | |||
assert.EqualValues(t, false, branch.Commit.Verification.Verified) | |||
}) | |||
t.Run("SignedWithNotValidatedEmail", func(t *testing.T) { | |||
var branch api.Branch | |||
req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign-not-yet-validated") | |||
resp := session.MakeRequest(t, req, http.StatusOK) | |||
DecodeJSON(t, resp, &branch) | |||
assert.EqualValues(t, false, branch.Commit.Verification.Verified) | |||
}) | |||
t.Run("SignedWithValidEmail", func(t *testing.T) { | |||
var branch api.Branch | |||
req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign") | |||
resp := session.MakeRequest(t, req, http.StatusOK) | |||
DecodeJSON(t, resp, &branch) | |||
assert.EqualValues(t, true, branch.Commit.Verification.Verified) | |||
}) | |||
}) | |||
} | |||
func testViewOwnGPGKeys(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { | |||
req := NewRequest(t, "GET", "/api/v1/user/gpg_keys") | |||
reqBuilder(t, req, expected) | |||
} | |||
func testViewGPGKeys(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { | |||
req := NewRequest(t, "GET", "/api/v1/users/user2/gpg_keys") | |||
reqBuilder(t, req, expected) | |||
} | |||
func testGetGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { | |||
req := NewRequest(t, "GET", "/api/v1/user/gpg_keys/1") | |||
reqBuilder(t, req, expected) | |||
} | |||
func testDeleteGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { | |||
req := NewRequest(t, "DELETE", "/api/v1/user/gpg_keys/1") | |||
reqBuilder(t, req, expected) | |||
} | |||
func testCreateGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int, publicKey string) { | |||
req := NewRequestWithJSON(t, "POST", "/api/v1/user/gpg_keys", api.CreateGPGKeyOption{ | |||
ArmoredKey: publicKey, | |||
}) | |||
reqBuilder(t, req, expected) | |||
} | |||
func testCreateInvalidGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { | |||
testCreateGPGKey(t, reqBuilder, expected, "invalid_key") | |||
} | |||
func testCreateNoneRegistredEmailGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { | |||
testCreateGPGKey(t, reqBuilder, expected, `-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
mQENBFmGUygBCACjCNbKvMGgp0fd5vyFW9olE1CLCSyyF9gQN2hSuzmZLuAZF2Kh | |||
dCMCG2T1UwzUB/yWUFWJ2BtCwSjuaRv+cGohqEy6bhEBV90peGA33lHfjx7wP25O | |||
7moAphDOTZtDj1AZfCh/PTcJut8Lc0eRDMhNyp/bYtO7SHNT1Hr6rrCV/xEtSAvR | |||
3b148/tmIBiSadaLwc558KU3ucjnW5RVGins3AjBZ+TuT4XXVH/oeLSeXPSJ5rt1 | |||
rHwaseslMqZ4AbvwFLx5qn1OC9rEQv/F548QsA8m0IntLjoPon+6wcubA9Gra21c | |||
Fp6aRYl9x7fiqXDLg8i3s2nKdV7+e6as6Tp9ABEBAAG0FG5vdGtub3duQGV4YW1w | |||
bGUuY29tiQEcBBABAgAGBQJZhlMoAAoJEC8+pvYULDtte/wH/2JNrhmHwDY+hMj0 | |||
batIK4HICnkKxjIgbha80P2Ao08NkzSge58fsxiKDFYAQjHui+ZAw4dq79Ax9AOO | |||
Iv2GS9+DUfWhrb6RF+vNuJldFzcI0rTW/z2q+XGKrUCwN3khJY5XngHfQQrdBtMK | |||
qsoUXz/5B8g422RTbo/SdPsyYAV6HeLLeV3rdgjI1fpaW0seZKHeTXQb/HvNeuPg | |||
qz+XV1g6Gdqa1RjDOaX7A8elVKxrYq3LBtc93FW+grBde8n7JL0zPM3DY+vJ0IJZ | |||
INx/MmBfmtCq05FqNclvU+sj2R3N1JJOtBOjZrJHQbJhzoILou8AkxeX1A+q9OAz | |||
1geiY5E= | |||
=TkP3 | |||
-----END PGP PUBLIC KEY BLOCK-----`) | |||
} | |||
func testCreateValidGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { | |||
//User2 <user2@example.com> //primary & activated | |||
testCreateGPGKey(t, reqBuilder, expected, `-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
mQENBFmGVsMBCACuxgZ7W7rI9xN08Y4M7B8yx/6/I4Slm94+wXf8YNRvAyqj30dW | |||
VJhyBcnfNRDLKSQp5o/hhfDkCgdqBjLa1PnHlGS3PXJc0hP/FyYPD2BFvNMPpCYS | |||
eu3T1qKSNXm6X0XOWD2LIrdiDC8HaI9FqZVMI/srMK2CF8XCL2m67W1FuoPlWzod | |||
5ORy0IZB7spoF0xihmcgnEGElRmdo5w/vkGH8U7Zyn9Eb57UVFeafgeskf4wqB23 | |||
BjbMdW2YaB+yzMRwYgOnD5lnBD4uqSmvjaV9C0kxn7x+oJkkiRV8/z1cNcO+BaeQ | |||
Akh/yTTeTzYGSc/ZOqCX1O+NOPgSeixVlqenABEBAAG0GVVzZXIyIDx1c2VyMkBl | |||
eGFtcGxlLmNvbT6JAVQEEwEIAD4WIQRXgbSh0TtGbgRd7XI46jvO1zKYLAUCWYZW | |||
wwIbAwUJA8JnAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRA46jvO1zKYLF/e | |||
B/91wm2KLMIQBZBA9WA2/+9rQWTo9EqgYrXN60rEzX3cYJWXZiE4DrKR1oWDGNLi | |||
KXOCW62snvJldolBqq0ZqaKvPKzl0Y5TRqbYEc9AjUSqgRin1b+G2DevLGT4ibq+ | |||
7ocQvz0XkASEUAgHahp0Ubiiib1521WwT/duL+AG8Gg0+DK09RfV3eX5/EOkQCKv | |||
8cutqgsd2Smz40A8wXuJkRcipZBtrB/GkUaZ/eJdwEeSYZjEA9GWF61LJT2stvRN | |||
HCk7C3z3pVEek1PluiFs/4VN8BG8yDzW4c0tLty4Fj3VwPqwIbB5AJbquVfhQCb4 | |||
Eep2lm3Lc9b1OwO5N3coPJkouQENBFmGVsMBCADAGba2L6NCOE1i3WIP6CPzbdOo | |||
N3gdTfTgccAx9fNeon9jor+3tgEjlo9/6cXiRoksOV6W4wFab/ZwWgwN6JO4CGvZ | |||
Wi7EQwMMMp1E36YTojKQJrcA9UvMnTHulqQQ88F5E845DhzFQM3erv42QZZMBAX3 | |||
kXCgy1GNFocl6tLUvJdEqs+VcJGGANMpmzE4WLa8KhSYnxipwuQ62JBy9R+cHyKT | |||
OARk8znRqSu5bT3LtlrZ/HXu+6Oy4+2uCdNzZIh5J5tPS7CPA6ptl88iGVBte/CJ | |||
7cjgJWSQqeYp2Y5QvsWAivkQ4Ww9plHbbwV0A2eaHsjjWzlUl3HoJ/snMOhBABEB | |||
AAGJATwEGAEIACYWIQRXgbSh0TtGbgRd7XI46jvO1zKYLAUCWYZWwwIbDAUJA8Jn | |||
AAAKCRA46jvO1zKYLBwLCACQOpeRVrwIKVaWcPMYjVHHJsGscaLKpgpARAUgbiG6 | |||
Cbc2WI8Sm3fRwrY0VAfN+u9QwrtvxANcyB3vTgTzw7FimfhOimxiTSO8HQCfjDZF | |||
Xly8rq+Fua7+ClWUpy21IekW41VvZYjH2sL6EVP+UcEOaGAyN53XfhaRVZPhNtZN | |||
NKAE9N5EG3rbsZ33LzJj40rEKlzFSseAAPft8qA3IXjzFBx+PQXHMpNCagL79he6 | |||
lqockTJ+oPmta4CF/J0U5LUr1tOZXheL3TP6m8d08gDrtn0YuGOPk87i9sJz+jR9 | |||
uy6MA3VSB99SK9ducGmE1Jv8mcziREroz2TEGr0zPs6h | |||
=J59D | |||
-----END PGP PUBLIC KEY BLOCK-----`) | |||
} | |||
func testCreateValidSecondaryEmailGPGKey(t *testing.T, reqBuilder func(testing.TB, *http.Request, int) *TestResponse, expected int) { | |||
//User2 <user21@example.com> //secondary and not activated | |||
testCreateGPGKey(t, reqBuilder, expected, `-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
mQENBFmGWN4BCAC18V4tVGO65VLCV7p14FuXJlUtZ5CuYMvgEkcOqrvRaBSW9ao4 | |||
PGESOhJpfWpnW3QgJniYndLzPpsmdHEclEER6aZjiNgReWPOjHD5tykWocZAJqXD | |||
eY1ym59gvVMLcfbV2yQsyR2hbJlc+dJsl16tigSEe3nwxZSw2IsW92pgEzT9JNUr | |||
Q+mC8dw4dqY0tYmFazYUGNxufUc/twgQT/Or1aNs0az5Q6Jft4rrTRsh/S7We0VB | |||
COKGkdcQyYgAls7HJBuPjQRi6DM9VhgBSHLAgSLyaUcZvhZBJr8Qe/q4PP3/kYDJ | |||
wm4RMnjOLz2pFZPgtRqgcAwpmFtLrACbEB3JABEBAAG0GlVzZXIyIDx1c2VyMjFA | |||
ZXhhbXBsZS5jb20+iQFUBBMBCAA+FiEEPOLHOjPSO42DWM57+r85c5/h6ScFAlmG | |||
WN4CGwMFCQPCZwAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ+r85c5/h6Sfx | |||
Lgf/dq64NBV8+X9an3seaLxePRviva48e4K67/wV/JxtXNO5Z/DhMGz5kHXCsG9D | |||
CXuWYO8ehlTjEnMZ6qqdDnY+H6bQsb2OS5oPn4RwpPXslAjEKtojPAr0dDsMS2DB | |||
dUuIm1AoOnewOVO0OFRf1EqX1bivxnN0FVMcO0m8AczfnKDaGb0y/qg/Y9JAsKqp | |||
j5pZNMWUkntRtGySeJ4CVJMmkVKJAHsa1Qj6MKdFeid4h4y94cBJ4ZdyBxNdpQOx | |||
ydf0doicovfeqGNO4oWzsGP4RBK2CqGPCUT+EFl20jPvMkKwOjxgqc8p0z3b2UT9 | |||
+9bnmCGHgF/fW1HJ3iKmfFPqnLkBDQRZhljeAQgA5AirU/NJGgm19ZJYFOiHftjS | |||
azbrPxGeD3cSqmvDPIMc1DNZGfQV5D4EVumnVbQBtL6xHFoGKz9KisUMbe4a/X2J | |||
S8JmIphQWG0vMJX1DaZIzr2gT71MnPD7JMGsSUCh5dIKpTNTZX4w+oGPGOu0/UlL | |||
x0448AryKwp30J2p6D4GeI0nb03n35S2lTOpnHDn1wj7Jl/8LS2fdFOdNaNHXSZe | |||
twdSwJKhyBEiScgeHBDyKqo8zWkYoSb9eA2HiYlbVaiNtp24KP1mIEpiUdrRjWno | |||
zauYSZGHZlOFMgF4dKWuetPiuH9m7UYZGKyMLfQ9vYFb+xcPh2bLCQHJ1OEmMQAR | |||
AQABiQE8BBgBCAAmFiEEPOLHOjPSO42DWM57+r85c5/h6ScFAlmGWN4CGwwFCQPC | |||
ZwAACgkQ+r85c5/h6Sfjfwf+O4WEjRdvPJLxNy7mfAGoAqDMHIwyH/tVzYgyVhnG | |||
h/+cfRxJbGc3rpjYdr8dmvghzjEAout8uibPWaIqs63RCAPGPqgWLfxNO5c8+y8V | |||
LZMVOTV26l2olkkdBWAuhLqKTNh6TiQva03yhOgHWj4XDvFfxICWPFXVd6t5ELpD | |||
iApGu1OAj8JfhmzbG03Yzx+Ku7bWDxMonx3V/IDEu5LS5zrboHYDKCA53bXXghoi | |||
Aceqql+PKrDwEjoY4bptwMHLmcjGjdCQ//Qx1neho7nZcS7xjTucY8gQuulwCyXF | |||
y6wM+wMz8dunIG9gw4+Re6c4Rz9tX1kzxLrU7Pl21tMqfg== | |||
=0N/9 | |||
-----END PGP PUBLIC KEY BLOCK-----`) | |||
} |
@@ -0,0 +1 @@ | |||
ref: refs/heads/master |
@@ -0,0 +1,4 @@ | |||
[core] | |||
repositoryformatversion = 0 | |||
filemode = true | |||
bare = true |
@@ -0,0 +1 @@ | |||
Unnamed repository; edit this file 'description' to name the repository. |
@@ -0,0 +1,15 @@ | |||
#!/bin/sh | |||
# | |||
# An example hook script to check the commit log message taken by | |||
# applypatch from an e-mail message. | |||
# | |||
# The hook should exit with non-zero status after issuing an | |||
# appropriate message if it wants to stop the commit. The hook is | |||
# allowed to edit the commit message file. | |||
# | |||
# To enable this hook, rename this file to "applypatch-msg". | |||
. git-sh-setup | |||
commitmsg="$(git rev-parse --git-path hooks/commit-msg)" | |||
test -x "$commitmsg" && exec "$commitmsg" ${1+"$@"} | |||
: |
@@ -0,0 +1,24 @@ | |||
#!/bin/sh | |||
# | |||
# An example hook script to check the commit log message. | |||
# Called by "git commit" with one argument, the name of the file | |||
# that has the commit message. The hook should exit with non-zero | |||
# status after issuing an appropriate message if it wants to stop the | |||
# commit. The hook is allowed to edit the commit message file. | |||
# | |||
# To enable this hook, rename this file to "commit-msg". | |||
# Uncomment the below to add a Signed-off-by line to the message. | |||
# Doing this in a hook is a bad idea in general, but the prepare-commit-msg | |||
# hook is more suited to it. | |||
# | |||
# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p') | |||
# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1" | |||
# This example catches duplicate Signed-off-by lines. | |||
test "" = "$(grep '^Signed-off-by: ' "$1" | | |||
sort | uniq -c | sed -e '/^[ ]*1[ ]/d')" || { | |||
echo >&2 Duplicate Signed-off-by lines. | |||
exit 1 | |||
} |
@@ -0,0 +1,8 @@ | |||
#!/bin/sh | |||
# | |||
# An example hook script to prepare a packed repository for use over | |||
# dumb transports. | |||
# | |||
# To enable this hook, rename this file to "post-update". | |||
exec git update-server-info |
@@ -0,0 +1,14 @@ | |||
#!/bin/sh | |||
# | |||
# An example hook script to verify what is about to be committed | |||
# by applypatch from an e-mail message. | |||
# | |||
# The hook should exit with non-zero status after issuing an | |||
# appropriate message if it wants to stop the commit. | |||
# | |||
# To enable this hook, rename this file to "pre-applypatch". | |||
. git-sh-setup | |||
precommit="$(git rev-parse --git-path hooks/pre-commit)" | |||
test -x "$precommit" && exec "$precommit" ${1+"$@"} | |||
: |
@@ -0,0 +1,49 @@ | |||
#!/bin/sh | |||
# | |||
# An example hook script to verify what is about to be committed. | |||
# Called by "git commit" with no arguments. The hook should | |||
# exit with non-zero status after issuing an appropriate message if | |||
# it wants to stop the commit. | |||
# | |||
# To enable this hook, rename this file to "pre-commit". | |||
if git rev-parse --verify HEAD >/dev/null 2>&1 | |||
then | |||
against=HEAD | |||
else | |||
# Initial commit: diff against an empty tree object | |||
against=4b825dc642cb6eb9a060e54bf8d69288fbee4904 | |||
fi | |||
# If you want to allow non-ASCII filenames set this variable to true. | |||
allownonascii=$(git config --bool hooks.allownonascii) | |||
# Redirect output to stderr. | |||
exec 1>&2 | |||
# Cross platform projects tend to avoid non-ASCII filenames; prevent | |||
# them from being added to the repository. We exploit the fact that the | |||
# printable range starts at the space character and ends with tilde. | |||
if [ "$allownonascii" != "true" ] && | |||
# Note that the use of brackets around a tr range is ok here, (it's | |||
# even required, for portability to Solaris 10's /usr/bin/tr), since | |||
# the square bracket bytes happen to fall in the designated range. | |||
test $(git diff --cached --name-only --diff-filter=A -z $against | | |||
LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0 | |||
then | |||
cat <<\EOF | |||
Error: Attempt to add a non-ASCII file name. | |||
This can cause problems if you want to work with people on other platforms. | |||
To be portable it is advisable to rename the file. | |||
If you know what you are doing you can disable this check using: | |||
git config hooks.allownonascii true | |||
EOF | |||
exit 1 | |||
fi | |||
# If there are whitespace errors, print the offending file names and fail. | |||
exec git diff-index --check --cached $against -- |
@@ -0,0 +1,53 @@ | |||
#!/bin/sh | |||
# An example hook script to verify what is about to be pushed. Called by "git | |||
# push" after it has checked the remote status, but before anything has been | |||
# pushed. If this script exits with a non-zero status nothing will be pushed. | |||
# | |||
# This hook is called with the following parameters: | |||
# | |||
# $1 -- Name of the remote to which the push is being done | |||
# $2 -- URL to which the push is being done | |||
# | |||
# If pushing without using a named remote those arguments will be equal. | |||
# | |||
# Information about the commits which are being pushed is supplied as lines to | |||
# the standard input in the form: | |||
# | |||
# <local ref> <local sha1> <remote ref> <remote sha1> | |||
# | |||
# This sample shows how to prevent push of commits where the log message starts | |||
# with "WIP" (work in progress). | |||
remote="$1" | |||
url="$2" | |||
z40=0000000000000000000000000000000000000000 | |||
while read local_ref local_sha remote_ref remote_sha | |||
do | |||
if [ "$local_sha" = $z40 ] | |||
then | |||
# Handle delete | |||
: | |||
else | |||
if [ "$remote_sha" = $z40 ] | |||
then | |||
# New branch, examine all commits | |||
range="$local_sha" | |||
else | |||
# Update to existing branch, examine new commits | |||
range="$remote_sha..$local_sha" | |||
fi | |||
# Check for WIP commit | |||
commit=`git rev-list -n 1 --grep '^WIP' "$range"` | |||
if [ -n "$commit" ] | |||
then | |||
echo >&2 "Found WIP commit in $local_ref, not pushing" | |||
exit 1 | |||
fi | |||
fi | |||
done | |||
exit 0 |
@@ -0,0 +1,169 @@ | |||
#!/bin/sh | |||
# | |||
# Copyright (c) 2006, 2008 Junio C Hamano | |||
# | |||
# The "pre-rebase" hook is run just before "git rebase" starts doing | |||
# its job, and can prevent the command from running by exiting with | |||
# non-zero status. | |||
# | |||
# The hook is called with the following parameters: | |||
# | |||
# $1 -- the upstream the series was forked from. | |||
# $2 -- the branch being rebased (or empty when rebasing the current branch). | |||
# | |||
# This sample shows how to prevent topic branches that are already | |||
# merged to 'next' branch from getting rebased, because allowing it | |||
# would result in rebasing already published history. | |||
publish=next | |||
basebranch="$1" | |||
if test "$#" = 2 | |||
then | |||
topic="refs/heads/$2" | |||
else | |||
topic=`git symbolic-ref HEAD` || | |||
exit 0 ;# we do not interrupt rebasing detached HEAD | |||
fi | |||
case "$topic" in | |||
refs/heads/??/*) | |||
;; | |||
*) | |||
exit 0 ;# we do not interrupt others. | |||
;; | |||
esac | |||
# Now we are dealing with a topic branch being rebased | |||
# on top of master. Is it OK to rebase it? | |||
# Does the topic really exist? | |||
git show-ref -q "$topic" || { | |||
echo >&2 "No such branch $topic" | |||
exit 1 | |||
} | |||
# Is topic fully merged to master? | |||
not_in_master=`git rev-list --pretty=oneline ^master "$topic"` | |||
if test -z "$not_in_master" | |||
then | |||
echo >&2 "$topic is fully merged to master; better remove it." | |||
exit 1 ;# we could allow it, but there is no point. | |||
fi | |||
# Is topic ever merged to next? If so you should not be rebasing it. | |||
only_next_1=`git rev-list ^master "^$topic" ${publish} | sort` | |||
only_next_2=`git rev-list ^master ${publish} | sort` | |||
if test "$only_next_1" = "$only_next_2" | |||
then | |||
not_in_topic=`git rev-list "^$topic" master` | |||
if test -z "$not_in_topic" | |||
then | |||
echo >&2 "$topic is already up-to-date with master" | |||
exit 1 ;# we could allow it, but there is no point. | |||
else | |||
exit 0 | |||
fi | |||
else | |||
not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"` | |||
/usr/bin/perl -e ' | |||
my $topic = $ARGV[0]; | |||
my $msg = "* $topic has commits already merged to public branch:\n"; | |||
my (%not_in_next) = map { | |||
/^([0-9a-f]+) /; | |||
($1 => 1); | |||
} split(/\n/, $ARGV[1]); | |||
for my $elem (map { | |||
/^([0-9a-f]+) (.*)$/; | |||
[$1 => $2]; | |||
} split(/\n/, $ARGV[2])) { | |||
if (!exists $not_in_next{$elem->[0]}) { | |||
if ($msg) { | |||
print STDERR $msg; | |||
undef $msg; | |||
} | |||
print STDERR " $elem->[1]\n"; | |||
} | |||
} | |||
' "$topic" "$not_in_next" "$not_in_master" | |||
exit 1 | |||
fi | |||
exit 0 | |||
################################################################ | |||
This sample hook safeguards topic branches that have been | |||
published from being rewound. | |||
The workflow assumed here is: | |||
* Once a topic branch forks from "master", "master" is never | |||
merged into it again (either directly or indirectly). | |||
* Once a topic branch is fully cooked and merged into "master", | |||
it is deleted. If you need to build on top of it to correct | |||
earlier mistakes, a new topic branch is created by forking at | |||
the tip of the "master". This is not strictly necessary, but | |||
it makes it easier to keep your history simple. | |||
* Whenever you need to test or publish your changes to topic | |||
branches, merge them into "next" branch. | |||
The script, being an example, hardcodes the publish branch name | |||
to be "next", but it is trivial to make it configurable via | |||
$GIT_DIR/config mechanism. | |||
With this workflow, you would want to know: | |||
(1) ... if a topic branch has ever been merged to "next". Young | |||
topic branches can have stupid mistakes you would rather | |||
clean up before publishing, and things that have not been | |||
merged into other branches can be easily rebased without | |||
affecting other people. But once it is published, you would | |||
not want to rewind it. | |||
(2) ... if a topic branch has been fully merged to "master". | |||
Then you can delete it. More importantly, you should not | |||
build on top of it -- other people may already want to | |||
change things related to the topic as patches against your | |||
"master", so if you need further changes, it is better to | |||
fork the topic (perhaps with the same name) afresh from the | |||
tip of "master". | |||
Let's look at this example: | |||
o---o---o---o---o---o---o---o---o---o "next" | |||
/ / / / | |||
/ a---a---b A / / | |||
/ / / / | |||
/ / c---c---c---c B / | |||
/ / / \ / | |||
/ / / b---b C \ / | |||
/ / / / \ / | |||
---o---o---o---o---o---o---o---o---o---o---o "master" | |||
A, B and C are topic branches. | |||
* A has one fix since it was merged up to "next". | |||
* B has finished. It has been fully merged up to "master" and "next", | |||
and is ready to be deleted. | |||
* C has not merged to "next" at all. | |||
We would want to allow C to be rebased, refuse A, and encourage | |||
B to be deleted. | |||
To compute (1): | |||
git rev-list ^master ^topic next | |||
git rev-list ^master next | |||
if these match, topic has not merged in next at all. | |||
To compute (2): | |||
git rev-list master..topic | |||
if this is empty, it is fully merged to "master". |
@@ -0,0 +1,24 @@ | |||
#!/bin/sh | |||
# | |||
# An example hook script to make use of push options. | |||
# The example simply echoes all push options that start with 'echoback=' | |||
# and rejects all pushes when the "reject" push option is used. | |||
# | |||
# To enable this hook, rename this file to "pre-receive". | |||
if test -n "$GIT_PUSH_OPTION_COUNT" | |||
then | |||
i=0 | |||
while test "$i" -lt "$GIT_PUSH_OPTION_COUNT" | |||
do | |||
eval "value=\$GIT_PUSH_OPTION_$i" | |||
case "$value" in | |||
echoback=*) | |||
echo "echo from the pre-receive-hook: ${value#*=}" >&2 | |||
;; | |||
reject) | |||
exit 1 | |||
esac | |||
i=$((i + 1)) | |||
done | |||
fi |
@@ -0,0 +1,36 @@ | |||
#!/bin/sh | |||
# | |||
# An example hook script to prepare the commit log message. | |||
# Called by "git commit" with the name of the file that has the | |||
# commit message, followed by the description of the commit | |||
# message's source. The hook's purpose is to edit the commit | |||
# message file. If the hook fails with a non-zero status, | |||
# the commit is aborted. | |||
# | |||
# To enable this hook, rename this file to "prepare-commit-msg". | |||
# This hook includes three examples. The first comments out the | |||
# "Conflicts:" part of a merge commit. | |||
# | |||
# The second includes the output of "git diff --name-status -r" | |||
# into the message, just before the "git status" output. It is | |||
# commented because it doesn't cope with --amend or with squashed | |||
# commits. | |||
# | |||
# The third example adds a Signed-off-by line to the message, that can | |||
# still be edited. This is rarely a good idea. | |||
case "$2,$3" in | |||
merge,) | |||
/usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;; | |||
# ,|template,) | |||
# /usr/bin/perl -i.bak -pe ' | |||
# print "\n" . `git diff --cached --name-status -r` | |||
# if /^#/ && $first++ == 0' "$1" ;; | |||
*) ;; | |||
esac | |||
# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p') | |||
# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1" |
@@ -0,0 +1,128 @@ | |||
#!/bin/sh | |||
# | |||
# An example hook script to block unannotated tags from entering. | |||
# Called by "git receive-pack" with arguments: refname sha1-old sha1-new | |||
# | |||
# To enable this hook, rename this file to "update". | |||
# | |||
# Config | |||
# ------ | |||
# hooks.allowunannotated | |||
# This boolean sets whether unannotated tags will be allowed into the | |||
# repository. By default they won't be. | |||
# hooks.allowdeletetag | |||
# This boolean sets whether deleting tags will be allowed in the | |||
# repository. By default they won't be. | |||
# hooks.allowmodifytag | |||
# This boolean sets whether a tag may be modified after creation. By default | |||
# it won't be. | |||
# hooks.allowdeletebranch | |||
# This boolean sets whether deleting branches will be allowed in the | |||
# repository. By default they won't be. | |||
# hooks.denycreatebranch | |||
# This boolean sets whether remotely creating branches will be denied | |||
# in the repository. By default this is allowed. | |||
# | |||
# --- Command line | |||
refname="$1" | |||
oldrev="$2" | |||
newrev="$3" | |||
# --- Safety check | |||
if [ -z "$GIT_DIR" ]; then | |||
echo "Don't run this script from the command line." >&2 | |||
echo " (if you want, you could supply GIT_DIR then run" >&2 | |||
echo " $0 <ref> <oldrev> <newrev>)" >&2 | |||
exit 1 | |||
fi | |||
if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then | |||
echo "usage: $0 <ref> <oldrev> <newrev>" >&2 | |||
exit 1 | |||
fi | |||
# --- Config | |||
allowunannotated=$(git config --bool hooks.allowunannotated) | |||
allowdeletebranch=$(git config --bool hooks.allowdeletebranch) | |||
denycreatebranch=$(git config --bool hooks.denycreatebranch) | |||
allowdeletetag=$(git config --bool hooks.allowdeletetag) | |||
allowmodifytag=$(git config --bool hooks.allowmodifytag) | |||
# check for no description | |||
projectdesc=$(sed -e '1q' "$GIT_DIR/description") | |||
case "$projectdesc" in | |||
"Unnamed repository"* | "") | |||
echo "*** Project description file hasn't been set" >&2 | |||
exit 1 | |||
;; | |||
esac | |||
# --- Check types | |||
# if $newrev is 0000...0000, it's a commit to delete a ref. | |||
zero="0000000000000000000000000000000000000000" | |||
if [ "$newrev" = "$zero" ]; then | |||
newrev_type=delete | |||
else | |||
newrev_type=$(git cat-file -t $newrev) | |||
fi | |||
case "$refname","$newrev_type" in | |||
refs/tags/*,commit) | |||
# un-annotated tag | |||
short_refname=${refname##refs/tags/} | |||
if [ "$allowunannotated" != "true" ]; then | |||
echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2 | |||
echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2 | |||
exit 1 | |||
fi | |||
;; | |||
refs/tags/*,delete) | |||
# delete tag | |||
if [ "$allowdeletetag" != "true" ]; then | |||
echo "*** Deleting a tag is not allowed in this repository" >&2 | |||
exit 1 | |||
fi | |||
;; | |||
refs/tags/*,tag) | |||
# annotated tag | |||
if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1 | |||
then | |||
echo "*** Tag '$refname' already exists." >&2 | |||
echo "*** Modifying a tag is not allowed in this repository." >&2 | |||
exit 1 | |||
fi | |||
;; | |||
refs/heads/*,commit) | |||
# branch | |||
if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then | |||
echo "*** Creating a branch is not allowed in this repository" >&2 | |||
exit 1 | |||
fi | |||
;; | |||
refs/heads/*,delete) | |||
# delete branch | |||
if [ "$allowdeletebranch" != "true" ]; then | |||
echo "*** Deleting a branch is not allowed in this repository" >&2 | |||
exit 1 | |||
fi | |||
;; | |||
refs/remotes/*,commit) | |||
# tracking branch | |||
;; | |||
refs/remotes/*,delete) | |||
# delete tracking branch | |||
if [ "$allowdeletebranch" != "true" ]; then | |||
echo "*** Deleting a tracking branch is not allowed in this repository" >&2 | |||
exit 1 | |||
fi | |||
;; | |||
*) | |||
# Anything else (is there anything else?) | |||
echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2 | |||
exit 1 | |||
;; | |||
esac | |||
# --- Finished | |||
exit 0 |
@@ -0,0 +1,6 @@ | |||
# git ls-files --others --exclude-from=.git/info/exclude | |||
# Lines that start with '#' are comments. | |||
# For a project mostly in C, the following would be a good set of | |||
# exclude patterns (uncomment them if you want to use them): | |||
# *.[oa] | |||
# *~ |
@@ -0,0 +1 @@ | |||
x+)JMU06g040031Q(JMLÉMÕËMaXbR¶”10�-&ªéCüÕþË’‘Ý=À, |
@@ -0,0 +1,2 @@ | |||
xŤŤQ | |||
B!Eűvó„ŽO'!˘M´€Q‡×�Ěđů ĺgÔúş‡çŢTKY:v˝‰€N6»�…‘b f›˘÷š�&—‰19ĂÄÇhoýV\Wi§íyqyŢĺ�j9�qő„FŘŇj´ăŞË?Ůź¤ćZ3¬Ëü�ßő*S6# |
@@ -0,0 +1 @@ | |||
f27c2b2b03dcab38beaf89b0ab4ff61f6de63441 |
@@ -0,0 +1 @@ | |||
27566bd5738fc8b4e3fef3c5e72cce608537bd95 |
@@ -0,0 +1 @@ | |||
69554a64c1e6030f051e5c3f94bfbd773cd6a324 |
@@ -0,0 +1 @@ | |||
69554a64c1e6030f051e5c3f94bfbd773cd6a324 |
@@ -4,9 +4,7 @@ | |||
package models | |||
import ( | |||
"fmt" | |||
) | |||
import "fmt" | |||
// ErrNameReserved represents a "reserved name" error. | |||
type ErrNameReserved struct { | |||
@@ -260,19 +258,19 @@ func (err ErrKeyNameAlreadyUsed) Error() string { | |||
return fmt.Sprintf("public key already exists [owner_id: %d, name: %s]", err.OwnerID, err.Name) | |||
} | |||
// ErrGPGEmailNotFound represents a "ErrGPGEmailNotFound" kind of error. | |||
type ErrGPGEmailNotFound struct { | |||
Email string | |||
// ErrGPGNoEmailFound represents a "ErrGPGNoEmailFound" kind of error. | |||
type ErrGPGNoEmailFound struct { | |||
FailedEmails []string | |||
} | |||
// IsErrGPGEmailNotFound checks if an error is a ErrGPGEmailNotFound. | |||
func IsErrGPGEmailNotFound(err error) bool { | |||
_, ok := err.(ErrGPGEmailNotFound) | |||
// IsErrGPGNoEmailFound checks if an error is a ErrGPGNoEmailFound. | |||
func IsErrGPGNoEmailFound(err error) bool { | |||
_, ok := err.(ErrGPGNoEmailFound) | |||
return ok | |||
} | |||
func (err ErrGPGEmailNotFound) Error() string { | |||
return fmt.Sprintf("failed to found email or is not confirmed : %s", err.Email) | |||
func (err ErrGPGNoEmailFound) Error() string { | |||
return fmt.Sprintf("none of the emails attached to the GPG key could be found: %v", err.FailedEmails) | |||
} | |||
// ErrGPGKeyParsing represents a "ErrGPGKeyParsing" kind of error. |
@@ -176,3 +176,15 @@ | |||
lower_name: repo15 | |||
name: repo15 | |||
is_bare: true | |||
- | |||
id: 16 | |||
owner_id: 2 | |||
lower_name: repo16 | |||
name: repo16 | |||
is_private: false | |||
num_issues: 0 | |||
num_closed_issues: 0 | |||
num_pulls: 0 | |||
num_closed_pulls: 0 | |||
num_watches: 0 |
@@ -26,7 +26,7 @@ | |||
is_admin: false | |||
avatar: avatar2 | |||
avatar_email: user2@example.com | |||
num_repos: 3 | |||
num_repos: 4 | |||
num_stars: 2 | |||
num_followers: 2 | |||
num_following: 1 |
@@ -208,21 +208,27 @@ func parseGPGKey(ownerID int64, e *openpgp.Entity) (*GPGKey, error) { | |||
if err != nil { | |||
return nil, err | |||
} | |||
emails := make([]*EmailAddress, len(e.Identities)) | |||
n := 0 | |||
emails := make([]*EmailAddress, 0, len(e.Identities)) | |||
for _, ident := range e.Identities { | |||
email := strings.ToLower(strings.TrimSpace(ident.UserId.Email)) | |||
for _, e := range userEmails { | |||
if e.Email == email && e.IsActivated { | |||
emails[n] = e | |||
if e.Email == email { | |||
emails = append(emails, e) | |||
break | |||
} | |||
} | |||
if emails[n] == nil { | |||
return nil, ErrGPGEmailNotFound{ident.UserId.Email} | |||
} | |||
//In the case no email as been found | |||
if len(emails) == 0 { | |||
failedEmails := make([]string, 0, len(e.Identities)) | |||
for _, ident := range e.Identities { | |||
failedEmails = append(failedEmails, ident.UserId.Email) | |||
} | |||
n++ | |||
return nil, ErrGPGNoEmailFound{failedEmails} | |||
} | |||
content, err := base64EncPubKey(pubkey) | |||
if err != nil { | |||
return nil, err | |||
@@ -380,8 +386,8 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification { | |||
} | |||
//Find Committer account | |||
committer, err := GetUserByEmail(c.Committer.Email) | |||
if err != nil { //Skipping not user for commiter | |||
committer, err := GetUserByEmail(c.Committer.Email) //This find the user by primary email or activated email so commit will not be valid if email is not | |||
if err != nil { //Skipping not user for commiter | |||
log.Error(3, "NoCommitterAccount: %v", err) | |||
return &CommitVerification{ | |||
Verified: false, | |||
@@ -399,6 +405,18 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification { | |||
} | |||
for _, k := range keys { | |||
//Pre-check (& optimization) that emails attached to key can be attached to the commiter email and can validate | |||
canValidate := false | |||
for _, e := range k.Emails { | |||
if e.IsActivated && e.Email == c.Committer.Email { | |||
canValidate = true | |||
break | |||
} | |||
} | |||
if !canValidate { | |||
continue //Skip this key | |||
} | |||
//Generating hash of commit | |||
hash, err := populateHash(sig.Hash, []byte(c.Signature.Payload)) | |||
if err != nil { //Skipping ailed to generate hash |
@@ -378,7 +378,7 @@ add_new_gpg_key = Add GPG Key | |||
ssh_key_been_used = This public key has already been used. | |||
ssh_key_name_used = A public key with same name already exists. | |||
gpg_key_id_used = A public GPG key with same id already exists. | |||
gpg_key_email_not_found = The email attached to the GPG key couldn't be found or is not confirmed yet: %s | |||
gpg_no_key_email_found = None of the emails attached to the GPG key could be found. | |||
subkeys = Subkeys | |||
key_id = Key ID | |||
key_name = Key Name |
@@ -378,9 +378,9 @@ func SettingsKeysPost(ctx *context.Context, form auth.AddKeyForm) { | |||
case models.IsErrGPGKeyIDAlreadyUsed(err): | |||
ctx.Data["Err_Content"] = true | |||
ctx.RenderWithErr(ctx.Tr("settings.gpg_key_id_used"), tplSettingsKeys, &form) | |||
case models.IsErrGPGEmailNotFound(err): | |||
case models.IsErrGPGNoEmailFound(err): | |||
ctx.Data["Err_Content"] = true | |||
ctx.RenderWithErr(ctx.Tr("settings.gpg_key_email_not_found", err.(models.ErrGPGEmailNotFound).Email), tplSettingsKeys, &form) | |||
ctx.RenderWithErr(ctx.Tr("settings.gpg_no_key_email_found"), tplSettingsKeys, &form) | |||
default: | |||
ctx.Handle(500, "AddPublicKey", err) | |||
} |