| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652 |
- # -*- coding: utf-8 -*-
- """
- (c) 2015-2018 - Copyright Red Hat Inc
- Authors:
- Pierre-Yves Chibon <pingou@pingoured.fr>
- Patrick Uiterwijk <patrick@puiterwijk.org>
- """
- from __future__ import unicode_literals, absolute_import
- import datetime
- import os
- import shutil
- import sys
- import tempfile
- import time
- import unittest
- import pygit2
- import six
- from mock import patch, MagicMock
- sys.path.insert(
- 0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..")
- )
- import pagure.lib.git
- import pagure.lib.query
- import tests
- from pagure.lib.repo import PagureRepo
- class PagureLibGitAuthtests(tests.Modeltests):
- """ Tests for pagure.lib.git_auth """
- config_values = {"authbackend": "test_auth"}
- def setUp(self):
- super(PagureLibGitAuthtests, self).setUp()
- tests.create_projects(self.session)
- tests.create_tokens(self.session)
- tests.create_tokens_acl(self.session)
- self.create_project_full("hooktest")
- def test_edit_with_all_allowed(self):
- """Tests that editing a file is possible if ACLs say allowed."""
- user = tests.FakeUser()
- user.username = "pingou"
- with tests.user_set(self.app.application, user):
- # Add some content to the git repo
- tests.add_content_git_repo(
- os.path.join(self.path, "repos", "hooktest.git")
- )
- data = {
- "content": "foo\n bar\n baz",
- "commit_title": "test commit",
- "commit_message": "Online commits from the gure.lib.get",
- "email": "bar@pingou.com",
- "branch": "master",
- "csrf_token": self.get_csrf(),
- }
- output = self.app.post(
- "/hooktest/edit/master/f/sources",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "<title>Commits - hooktest - Pagure</title>", output_text
- )
- self.assertIn("test commit", output_text)
- # Check file after the commit
- output = self.app.get("/hooktest/raw/master/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar\n baz")
- def test_edit_with_all_denied(self):
- """Tests that editing a file is not possible if ACLs say denied."""
- self.set_auth_status(False)
- user = tests.FakeUser()
- user.username = "pingou"
- with tests.user_set(self.app.application, user):
- # Add some content to the git repo
- tests.add_content_git_repo(
- os.path.join(self.path, "repos", "hooktest.git")
- )
- data = {
- "content": "foo\n bar\n baz",
- "commit_title": "test commit",
- "commit_message": "Online commits from the gure.lib.get",
- "email": "bar@pingou.com",
- "branch": "master",
- "csrf_token": self.get_csrf(),
- }
- output = self.app.post(
- "/hooktest/edit/master/f/sources",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "Remote hook declined the push: "
- "Denied push for ref 'refs/heads/master' for user 'pingou'",
- output_text,
- )
- self.assertIn("All changes have been rejected", output_text)
- # Check file after the commit:
- output = self.app.get("/hooktest/raw/master/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar")
- def test_edit_pr(self):
- """Tests the ACLs if they only accept PRs."""
- self.set_auth_status(
- {"refs/heads/master": "pronly", "refs/heads/source": True}
- )
- user = tests.FakeUser()
- user.username = "pingou"
- with tests.user_set(self.app.application, user):
- # Add some content to the git repo
- tests.add_content_git_repo(
- os.path.join(self.path, "repos", "hooktest.git")
- )
- # Try editing master branch, should fail (only PRs allowed)
- data = {
- "content": "foo\n bar\n baz",
- "commit_title": "test commit",
- "commit_message": "Online commits from the gure.lib.get",
- "email": "bar@pingou.com",
- "branch": "master",
- "csrf_token": self.get_csrf(),
- }
- output = self.app.post(
- "/hooktest/edit/master/f/sources",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "Remote hook declined the push: "
- "Denied push for ref 'refs/heads/master' for user 'pingou'",
- output_text,
- )
- self.assertIn("All changes have been rejected", output_text)
- # Change something in the "source" branch
- data = {
- "content": "foo\n bar\n baz",
- "commit_title": "test commit",
- "commit_message": "Online commits from the gure.lib.get",
- "email": "bar@pingou.com",
- "branch": "source",
- "csrf_token": self.get_csrf(),
- }
- output = self.app.post(
- "/hooktest/edit/master/f/sources",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "<title>Commits - hooktest - Pagure</title>", output_text
- )
- self.assertIn("test commit", output_text)
- # Check file after the commit:
- output = self.app.get("/hooktest/raw/source/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar\n baz")
- # Create the PRs
- project = pagure.lib.query.get_authorized_project(
- self.session, "hooktest"
- )
- req = pagure.lib.query.new_pull_request(
- session=self.session,
- repo_from=project,
- branch_from="source",
- repo_to=project,
- branch_to="master",
- title="PR to master",
- user="pingou",
- )
- self.session.add(req)
- self.session.commit()
- # Check file before the merge
- output = self.app.get("/hooktest/raw/master/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar")
- # Try to merge (should work)
- output = self.app.post(
- "/hooktest/pull-request/1/merge",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "<title>PR#1: PR to master - hooktest\n - Pagure</title>",
- output_text,
- )
- # Check file after the merge
- output = self.app.get("/hooktest/raw/master/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar\n baz")
- class PagureLibGitAuthPagureBackendtests(tests.Modeltests):
- """ Tests for pagure.lib.git_auth """
- config_values = {"authbackend": "pagure"}
- def setUp(self):
- super(PagureLibGitAuthPagureBackendtests, self).setUp()
- tests.create_projects(self.session)
- tests.create_tokens(self.session)
- tests.create_tokens_acl(self.session)
- self.create_project_full("hooktest")
- def test_edit_no_commit(self):
- user = tests.FakeUser()
- user.username = "foo"
- with tests.user_set(self.app.application, user):
- # Add some content to the git repo
- tests.add_content_git_repo(
- os.path.join(self.path, "repos", "hooktest.git")
- )
- data = {
- "content": "foo\n bar\n baz",
- "commit_title": "test commit",
- "commit_message": "Online commits from the gure.lib.get",
- "email": "bar@pingou.com",
- "branch": "master",
- "csrf_token": self.get_csrf(),
- }
- output = self.app.post(
- "/hooktest/edit/master/f/sources",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 403)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "You are not allowed to edit files in this project",
- output_text,
- )
- # Check file after the commit:
- output = self.app.get("/hooktest/raw/master/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar")
- def test_edit_ticket_rejected(self):
- project = pagure.lib.query._get_project(self.session, "hooktest")
- # Add user foo to project test
- msg = pagure.lib.query.add_user_to_project(
- self.session,
- project=project,
- new_user="foo",
- user="pingou",
- access="ticket",
- branches="epel*",
- )
- self.session.commit()
- user = tests.FakeUser()
- user.username = "foo"
- with tests.user_set(self.app.application, user):
- # Add some content to the git repo
- tests.add_content_git_repo(
- os.path.join(self.path, "repos", "hooktest.git")
- )
- data = {
- "content": "foo\n bar\n baz",
- "commit_title": "test commit",
- "commit_message": "Online commits from the gure.lib.get",
- "email": "foo@bar.com",
- "branch": "master",
- "csrf_token": self.get_csrf(),
- }
- output = self.app.post(
- "/hooktest/edit/master/f/sources",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 403)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "You are not allowed to edit files in this project",
- output_text,
- )
- # Check file after the commit:
- output = self.app.get("/hooktest/raw/master/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar")
- def test_edit_contributor_rejected(self):
- project = pagure.lib.query._get_project(self.session, "hooktest")
- # Add user foo to project test
- msg = pagure.lib.query.add_user_to_project(
- self.session,
- project=project,
- new_user="foo",
- user="pingou",
- access="collaborator",
- branches="epel*",
- )
- self.session.commit()
- user = tests.FakeUser()
- user.username = "foo"
- with tests.user_set(self.app.application, user):
- # Add some content to the git repo
- tests.add_content_git_repo(
- os.path.join(self.path, "repos", "hooktest.git")
- )
- data = {
- "content": "foo\n bar\n baz",
- "commit_title": "test commit",
- "commit_message": "Online commits from the gure.lib.get",
- "email": "foo@bar.com",
- "branch": "master",
- "csrf_token": self.get_csrf(),
- }
- output = self.app.post(
- "/hooktest/edit/master/f/sources",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 403)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "You are not allowed to edit files in this project",
- output_text,
- )
- # Check file after the commit:
- output = self.app.get("/hooktest/raw/master/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar")
- def test_edit_contributor_passed_epel8(self):
- project = pagure.lib.query._get_project(self.session, "hooktest")
- # Add user foo to project test
- msg = pagure.lib.query.add_user_to_project(
- self.session,
- project=project,
- new_user="foo",
- user="pingou",
- access="collaborator",
- branches="epel*",
- )
- self.session.commit()
- user = tests.FakeUser()
- user.username = "foo"
- with tests.user_set(self.app.application, user):
- # Add some content to the git repo
- tests.add_content_git_repo(
- os.path.join(self.path, "repos", "hooktest.git")
- )
- data = {
- "content": "foo\n bar\n baz",
- "commit_title": "test commit",
- "commit_message": "Online commits from the gure.lib.get",
- "email": "foo@bar.com",
- "branch": "epel8",
- "csrf_token": self.get_csrf(),
- }
- output = self.app.post(
- "/hooktest/edit/master/f/sources",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "<title>Commits - hooktest - Pagure</title>", output_text
- )
- # Check file after the commit:
- # master did not change
- output = self.app.get("/hooktest/raw/master/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar")
- # epel8 did change
- output = self.app.get("/hooktest/raw/epel8/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar\n baz")
- def test_edit_commit_passed_epel8(self):
- project = pagure.lib.query._get_project(self.session, "hooktest")
- # Add user foo to project test
- msg = pagure.lib.query.add_user_to_project(
- self.session,
- project=project,
- new_user="foo",
- user="pingou",
- access="commit",
- branches="epel*",
- )
- self.session.commit()
- user = tests.FakeUser()
- user.username = "foo"
- with tests.user_set(self.app.application, user):
- # Add some content to the git repo
- tests.add_content_git_repo(
- os.path.join(self.path, "repos", "hooktest.git")
- )
- data = {
- "content": "foo\n bar\n baz",
- "commit_title": "test commit",
- "commit_message": "Online commits from the gure.lib.get",
- "email": "foo@bar.com",
- "branch": "epel8",
- "csrf_token": self.get_csrf(),
- }
- output = self.app.post(
- "/hooktest/edit/master/f/sources",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "<title>Commits - hooktest - Pagure</title>", output_text
- )
- # Check file after the commit:
- # master did not change
- output = self.app.get("/hooktest/raw/master/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar")
- # epel8 did change
- output = self.app.get("/hooktest/raw/epel8/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar\n baz")
- def test_edit_contributor_passed_epel(self):
- # Same test as above but the target branch change
- project = pagure.lib.query._get_project(self.session, "hooktest")
- # Add user foo to project test
- msg = pagure.lib.query.add_user_to_project(
- self.session,
- project=project,
- new_user="foo",
- user="pingou",
- access="collaborator",
- branches="epel*",
- )
- self.session.commit()
- user = tests.FakeUser()
- user.username = "foo"
- with tests.user_set(self.app.application, user):
- # Add some content to the git repo
- tests.add_content_git_repo(
- os.path.join(self.path, "repos", "hooktest.git")
- )
- data = {
- "content": "foo\n bar\n baz",
- "commit_title": "test commit",
- "commit_message": "Online commits from the gure.lib.get",
- "email": "foo@bar.com",
- "branch": "epel",
- "csrf_token": self.get_csrf(),
- }
- output = self.app.post(
- "/hooktest/edit/master/f/sources",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "<title>Commits - hooktest - Pagure</title>", output_text
- )
- # Check file after the commit:
- # master did not change
- output = self.app.get("/hooktest/raw/master/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar")
- # epel did change
- output = self.app.get("/hooktest/raw/epel/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar\n baz")
- def test_edit_contributor_passed_epel_no_regex(self):
- # Same test as above but the allowed branch has no regex
- project = pagure.lib.query._get_project(self.session, "hooktest")
- # Add user foo to project test
- msg = pagure.lib.query.add_user_to_project(
- self.session,
- project=project,
- new_user="foo",
- user="pingou",
- access="collaborator",
- branches="epel",
- )
- self.session.commit()
- user = tests.FakeUser()
- user.username = "foo"
- with tests.user_set(self.app.application, user):
- # Add some content to the git repo
- tests.add_content_git_repo(
- os.path.join(self.path, "repos", "hooktest.git")
- )
- data = {
- "content": "foo\n bar\n baz",
- "commit_title": "test commit",
- "commit_message": "Online commits from the gure.lib.get",
- "email": "foo@bar.com",
- "branch": "epel",
- "csrf_token": self.get_csrf(),
- }
- output = self.app.post(
- "/hooktest/edit/master/f/sources",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "<title>Commits - hooktest - Pagure</title>", output_text
- )
- # Check file after the commit:
- # master did not change
- output = self.app.get("/hooktest/raw/master/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar")
- # epel did change
- output = self.app.get("/hooktest/raw/epel/f/sources")
- self.assertEqual(output.status_code, 200)
- output_text = output.get_data(as_text=True)
- self.assertEqual(output_text, "foo\n bar\n baz")
- def test_edit_contributor_denied_epel8_no_regex(self):
- # Same test as above but the allowed branch has no regex
- project = pagure.lib.query._get_project(self.session, "hooktest")
- # Add user foo to project test
- msg = pagure.lib.query.add_user_to_project(
- self.session,
- project=project,
- new_user="foo",
- user="pingou",
- access="collaborator",
- branches="epel",
- )
- self.session.commit()
- user = tests.FakeUser()
- user.username = "foo"
- with tests.user_set(self.app.application, user):
- # Add some content to the git repo
- tests.add_content_git_repo(
- os.path.join(self.path, "repos", "hooktest.git")
- )
- data = {
- "content": "foo\n bar\n baz",
- "commit_title": "test commit",
- "commit_message": "Online commits from the gure.lib.get",
- "email": "foo@bar.com",
- "branch": "epel8",
- "csrf_token": self.get_csrf(),
- }
- output = self.app.post(
- "/hooktest/edit/master/f/sources",
- data=data,
- follow_redirects=True,
- )
- self.assertEqual(output.status_code, 403)
- output_text = output.get_data(as_text=True)
- self.assertIn(
- "You are not allowed to edit files in this project",
- output_text,
- )
- # Check file after the commit:
- # epel not found
- output = self.app.get("/hooktest/raw/epel8/f/sources")
- self.assertEqual(output.status_code, 404)
|
