test_pagure_lib_git_auth.py 7.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211
  1. # -*- coding: utf-8 -*-
  2. """
  3. (c) 2015-2018 - Copyright Red Hat Inc
  4. Authors:
  5. Pierre-Yves Chibon <pingou@pingoured.fr>
  6. Patrick Uiterwijk <patrick@puiterwijk.org>
  7. """
  8. from __future__ import unicode_literals, absolute_import
  9. import datetime
  10. import os
  11. import shutil
  12. import sys
  13. import tempfile
  14. import time
  15. import unittest
  16. import pygit2
  17. import six
  18. from mock import patch, MagicMock
  19. sys.path.insert(0, os.path.join(os.path.dirname(
  20. os.path.abspath(__file__)), '..'))
  21. import pagure.lib.git
  22. import pagure.lib.query
  23. import tests
  24. from pagure.lib.repo import PagureRepo
  25. class PagureLibGitAuthtests(tests.Modeltests):
  26. """ Tests for pagure.lib.git_auth """
  27. config_values = {'authbackend': 'test_auth'}
  28. def setUp(self):
  29. super(PagureLibGitAuthtests, self).setUp()
  30. tests.create_projects(self.session)
  31. tests.create_tokens(self.session)
  32. tests.create_tokens_acl(self.session)
  33. self.create_project_full('hooktest')
  34. def test_edit_with_all_allowed(self):
  35. """Tests that editing a file is possible if ACLs say allowed."""
  36. user = tests.FakeUser()
  37. user.username = 'pingou'
  38. with tests.user_set(self.app.application, user):
  39. # Add some content to the git repo
  40. tests.add_content_git_repo(
  41. os.path.join(self.path, 'repos', 'hooktest.git'))
  42. data = {
  43. 'content': 'foo\n bar\n baz',
  44. 'commit_title': 'test commit',
  45. 'commit_message': 'Online commits from the gure.lib.get',
  46. 'email': 'bar@pingou.com',
  47. 'branch': 'master',
  48. 'csrf_token': self.get_csrf(),
  49. }
  50. output = self.app.post(
  51. '/hooktest/edit/master/f/sources', data=data,
  52. follow_redirects=True)
  53. self.assertEqual(output.status_code, 200)
  54. output_text = output.get_data(as_text=True)
  55. self.assertIn(
  56. '<title>Commits - hooktest - Pagure</title>', output_text)
  57. self.assertIn('test commit', output_text)
  58. # Check file after the commit
  59. output = self.app.get('/hooktest/raw/master/f/sources')
  60. self.assertEqual(output.status_code, 200)
  61. output_text = output.get_data(as_text=True)
  62. self.assertEqual(output_text, 'foo\n bar\n baz')
  63. def test_edit_with_all_denied(self):
  64. """Tests that editing a file is not possible if ACLs say denied."""
  65. self.set_auth_status(False)
  66. user = tests.FakeUser()
  67. user.username = 'pingou'
  68. with tests.user_set(self.app.application, user):
  69. # Add some content to the git repo
  70. tests.add_content_git_repo(
  71. os.path.join(self.path, 'repos', 'hooktest.git'))
  72. data = {
  73. 'content': 'foo\n bar\n baz',
  74. 'commit_title': 'test commit',
  75. 'commit_message': 'Online commits from the gure.lib.get',
  76. 'email': 'bar@pingou.com',
  77. 'branch': 'master',
  78. 'csrf_token': self.get_csrf(),
  79. }
  80. output = self.app.post(
  81. '/hooktest/edit/master/f/sources', data=data,
  82. follow_redirects=True)
  83. self.assertEqual(output.status_code, 200)
  84. output_text = output.get_data(as_text=True)
  85. self.assertIn(
  86. "Remote hook declined the push: "
  87. "Denied push for ref &#39;refs/heads/master&#39; for user &#39;pingou&#39;",
  88. output_text
  89. )
  90. self.assertIn("All changes have been rejected", output_text)
  91. # Check file after the commit:
  92. output = self.app.get('/hooktest/raw/master/f/sources')
  93. self.assertEqual(output.status_code, 200)
  94. output_text = output.get_data(as_text=True)
  95. self.assertEqual(output_text, 'foo\n bar')
  96. def test_edit_pr(self):
  97. """Tests the ACLs if they only accept PRs."""
  98. self.set_auth_status({'refs/heads/master': 'pronly',
  99. 'refs/heads/source': True})
  100. user = tests.FakeUser()
  101. user.username = 'pingou'
  102. with tests.user_set(self.app.application, user):
  103. # Add some content to the git repo
  104. tests.add_content_git_repo(
  105. os.path.join(self.path, 'repos', 'hooktest.git'))
  106. # Try editing master branch, should fail (only PRs allowed)
  107. data = {
  108. 'content': 'foo\n bar\n baz',
  109. 'commit_title': 'test commit',
  110. 'commit_message': 'Online commits from the gure.lib.get',
  111. 'email': 'bar@pingou.com',
  112. 'branch': 'master',
  113. 'csrf_token': self.get_csrf(),
  114. }
  115. output = self.app.post(
  116. '/hooktest/edit/master/f/sources', data=data,
  117. follow_redirects=True)
  118. self.assertEqual(output.status_code, 200)
  119. output_text = output.get_data(as_text=True)
  120. self.assertIn(
  121. "Remote hook declined the push: "
  122. "Denied push for ref &#39;refs/heads/master&#39; for user &#39;pingou&#39;",
  123. output_text
  124. )
  125. self.assertIn("All changes have been rejected", output_text)
  126. # Change something in the "source" branch
  127. data = {
  128. 'content': 'foo\n bar\n baz',
  129. 'commit_title': 'test commit',
  130. 'commit_message': 'Online commits from the gure.lib.get',
  131. 'email': 'bar@pingou.com',
  132. 'branch': 'source',
  133. 'csrf_token': self.get_csrf(),
  134. }
  135. output = self.app.post(
  136. '/hooktest/edit/master/f/sources', data=data,
  137. follow_redirects=True)
  138. self.assertEqual(output.status_code, 200)
  139. output_text = output.get_data(as_text=True)
  140. self.assertIn(
  141. '<title>Commits - hooktest - Pagure</title>', output_text)
  142. self.assertIn('test commit', output_text)
  143. # Check file after the commit:
  144. output = self.app.get('/hooktest/raw/source/f/sources')
  145. self.assertEqual(output.status_code, 200)
  146. output_text = output.get_data(as_text=True)
  147. self.assertEqual(output_text, 'foo\n bar\n baz')
  148. # Create the PRs
  149. project = pagure.lib.query.get_authorized_project(self.session, 'hooktest')
  150. req = pagure.lib.query.new_pull_request(
  151. session=self.session,
  152. repo_from=project,
  153. branch_from="source",
  154. repo_to=project,
  155. branch_to='master',
  156. title='PR to master',
  157. user='pingou',
  158. )
  159. self.session.add(req)
  160. self.session.commit()
  161. # Check file before the merge
  162. output = self.app.get('/hooktest/raw/master/f/sources')
  163. self.assertEqual(output.status_code, 200)
  164. output_text = output.get_data(as_text=True)
  165. self.assertEqual(output_text, 'foo\n bar')
  166. # Try to merge (should work)
  167. output = self.app.post(
  168. '/hooktest/pull-request/1/merge', data=data, follow_redirects=True)
  169. self.assertEqual(output.status_code, 200)
  170. output_text = output.get_data(as_text=True)
  171. self.assertIn(
  172. '<title>Overview - hooktest - Pagure</title>',
  173. output_text
  174. )
  175. # Check file after the merge
  176. output = self.app.get('/hooktest/raw/master/f/sources')
  177. self.assertEqual(output.status_code, 200)
  178. output_text = output.get_data(as_text=True)
  179. self.assertEqual(output_text, 'foo\n bar\n baz')