1
0

test_pagure_lib_git_auth.py 7.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215
  1. # -*- coding: utf-8 -*-
  2. """
  3. (c) 2015-2018 - Copyright Red Hat Inc
  4. Authors:
  5. Pierre-Yves Chibon <pingou@pingoured.fr>
  6. Patrick Uiterwijk <patrick@puiterwijk.org>
  7. """
  8. from __future__ import unicode_literals
  9. __requires__ = ['SQLAlchemy >= 0.8']
  10. import pkg_resources
  11. import datetime
  12. import os
  13. import shutil
  14. import sys
  15. import tempfile
  16. import time
  17. import unittest
  18. import pygit2
  19. import six
  20. from mock import patch, MagicMock
  21. sys.path.insert(0, os.path.join(os.path.dirname(
  22. os.path.abspath(__file__)), '..'))
  23. import pagure.lib.git
  24. import pagure.lib.query
  25. import tests
  26. from pagure.lib.repo import PagureRepo
  27. class PagureLibGitAuthtests(tests.Modeltests):
  28. """ Tests for pagure.lib.git_auth """
  29. config_values = {'authbackend': 'test_auth'}
  30. def setUp(self):
  31. super(PagureLibGitAuthtests, self).setUp()
  32. tests.create_projects(self.session)
  33. tests.create_tokens(self.session)
  34. tests.create_tokens_acl(self.session)
  35. self.create_project_full('hooktest')
  36. def test_edit_with_all_allowed(self):
  37. """Tests that editing a file is possible if ACLs say allowed."""
  38. user = tests.FakeUser()
  39. user.username = 'pingou'
  40. with tests.user_set(self.app.application, user):
  41. # Add some content to the git repo
  42. tests.add_content_git_repo(
  43. os.path.join(self.path, 'repos', 'hooktest.git'))
  44. data = {
  45. 'content': 'foo\n bar\n baz',
  46. 'commit_title': 'test commit',
  47. 'commit_message': 'Online commits from the gure.lib.get',
  48. 'email': 'bar@pingou.com',
  49. 'branch': 'master',
  50. 'csrf_token': self.get_csrf(),
  51. }
  52. output = self.app.post(
  53. '/hooktest/edit/master/f/sources', data=data,
  54. follow_redirects=True)
  55. self.assertEqual(output.status_code, 200)
  56. output_text = output.get_data(as_text=True)
  57. self.assertIn(
  58. '<title>Commits - hooktest - Pagure</title>', output_text)
  59. self.assertIn('test commit', output_text)
  60. # Check file after the commit
  61. output = self.app.get('/hooktest/raw/master/f/sources')
  62. self.assertEqual(output.status_code, 200)
  63. output_text = output.get_data(as_text=True)
  64. self.assertEqual(output_text, 'foo\n bar\n baz')
  65. def test_edit_with_all_denied(self):
  66. """Tests that editing a file is not possible if ACLs say denied."""
  67. self.set_auth_status(False)
  68. user = tests.FakeUser()
  69. user.username = 'pingou'
  70. with tests.user_set(self.app.application, user):
  71. # Add some content to the git repo
  72. tests.add_content_git_repo(
  73. os.path.join(self.path, 'repos', 'hooktest.git'))
  74. data = {
  75. 'content': 'foo\n bar\n baz',
  76. 'commit_title': 'test commit',
  77. 'commit_message': 'Online commits from the gure.lib.get',
  78. 'email': 'bar@pingou.com',
  79. 'branch': 'master',
  80. 'csrf_token': self.get_csrf(),
  81. }
  82. output = self.app.post(
  83. '/hooktest/edit/master/f/sources', data=data,
  84. follow_redirects=True)
  85. self.assertEqual(output.status_code, 200)
  86. output_text = output.get_data(as_text=True)
  87. self.assertIn(
  88. "Remote hook declined the push: "
  89. "Denied push for ref &#39;refs/heads/master&#39; for user &#39;pingou&#39;\n"
  90. "All changes have been rejected",
  91. output_text
  92. )
  93. # Check file after the commit:
  94. output = self.app.get('/hooktest/raw/master/f/sources')
  95. self.assertEqual(output.status_code, 200)
  96. output_text = output.get_data(as_text=True)
  97. self.assertEqual(output_text, 'foo\n bar')
  98. def test_edit_pr(self):
  99. """Tests the ACLs if they only accept PRs."""
  100. self.set_auth_status({'refs/heads/master': 'pronly',
  101. 'refs/heads/source': True})
  102. user = tests.FakeUser()
  103. user.username = 'pingou'
  104. with tests.user_set(self.app.application, user):
  105. # Add some content to the git repo
  106. tests.add_content_git_repo(
  107. os.path.join(self.path, 'repos', 'hooktest.git'))
  108. # Try editing master branch, should fail (only PRs allowed)
  109. data = {
  110. 'content': 'foo\n bar\n baz',
  111. 'commit_title': 'test commit',
  112. 'commit_message': 'Online commits from the gure.lib.get',
  113. 'email': 'bar@pingou.com',
  114. 'branch': 'master',
  115. 'csrf_token': self.get_csrf(),
  116. }
  117. output = self.app.post(
  118. '/hooktest/edit/master/f/sources', data=data,
  119. follow_redirects=True)
  120. self.assertEqual(output.status_code, 200)
  121. output_text = output.get_data(as_text=True)
  122. self.assertIn(
  123. "Remote hook declined the push: "
  124. "Denied push for ref &#39;refs/heads/master&#39; for user &#39;pingou&#39;\n"
  125. "All changes have been rejected",
  126. output_text
  127. )
  128. # Change something in the "source" branch
  129. data = {
  130. 'content': 'foo\n bar\n baz',
  131. 'commit_title': 'test commit',
  132. 'commit_message': 'Online commits from the gure.lib.get',
  133. 'email': 'bar@pingou.com',
  134. 'branch': 'source',
  135. 'csrf_token': self.get_csrf(),
  136. }
  137. output = self.app.post(
  138. '/hooktest/edit/master/f/sources', data=data,
  139. follow_redirects=True)
  140. self.assertEqual(output.status_code, 200)
  141. output_text = output.get_data(as_text=True)
  142. self.assertIn(
  143. '<title>Commits - hooktest - Pagure</title>', output_text)
  144. self.assertIn('test commit', output_text)
  145. # Check file after the commit:
  146. output = self.app.get('/hooktest/raw/source/f/sources')
  147. self.assertEqual(output.status_code, 200)
  148. output_text = output.get_data(as_text=True)
  149. self.assertEqual(output_text, 'foo\n bar\n baz')
  150. # Create the PRs
  151. project = pagure.lib.query.get_authorized_project(self.session, 'hooktest')
  152. req = pagure.lib.query.new_pull_request(
  153. session=self.session,
  154. repo_from=project,
  155. branch_from="source",
  156. repo_to=project,
  157. branch_to='master',
  158. title='PR to master',
  159. user='pingou',
  160. )
  161. self.session.add(req)
  162. self.session.commit()
  163. # Check file before the merge
  164. output = self.app.get('/hooktest/raw/master/f/sources')
  165. self.assertEqual(output.status_code, 200)
  166. output_text = output.get_data(as_text=True)
  167. self.assertEqual(output_text, 'foo\n bar')
  168. # Try to merge (should work)
  169. output = self.app.post(
  170. '/hooktest/pull-request/1/merge', data=data, follow_redirects=True)
  171. self.assertEqual(output.status_code, 200)
  172. output_text = output.get_data(as_text=True)
  173. self.assertIn(
  174. '<title>Overview - hooktest - Pagure</title>',
  175. output_text
  176. )
  177. # Check file after the merge
  178. output = self.app.get('/hooktest/raw/master/f/sources')
  179. self.assertEqual(output.status_code, 200)
  180. output_text = output.get_data(as_text=True)
  181. self.assertEqual(output_text, 'foo\n bar\n baz')