2020-03-14 22:14:18 +00:00
|
|
|
package dehub
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"gopkg.in/src-d/go-git.v4/plumbing"
|
|
|
|
|
)
|
|
|
|
|
|
2020-04-26 20:23:03 +00:00
|
|
|
func TestPayloadCredentialVerify(t *testing.T) {
|
2020-03-14 22:14:18 +00:00
|
|
|
h := newHarness(t)
|
2020-04-18 18:05:56 +00:00
|
|
|
rootSig := h.stageNewAccount("root", false)
|
2020-03-14 22:14:18 +00:00
|
|
|
|
|
|
|
|
// create a new account and modify the config so that that account is only
|
|
|
|
|
// allowed to add verifications to a single branch
|
2020-04-18 18:05:56 +00:00
|
|
|
tootSig := h.stageNewAccount("toot", false)
|
2020-03-14 22:14:18 +00:00
|
|
|
tootBranch := plumbing.NewBranchReferenceName("toot_branch")
|
2020-04-18 18:05:56 +00:00
|
|
|
h.stageAccessControls(`
|
2020-03-18 22:35:32 +00:00
|
|
|
- action: allow
|
|
|
|
|
filters:
|
|
|
|
|
- type: branch
|
2020-04-18 18:05:56 +00:00
|
|
|
pattern: ` + tootBranch.Short() + `
|
2020-03-18 22:35:32 +00:00
|
|
|
- type: signature
|
|
|
|
|
count: 1
|
|
|
|
|
account_ids:
|
|
|
|
|
- root
|
|
|
|
|
- toot
|
|
|
|
|
|
|
|
|
|
- action: allow
|
|
|
|
|
filters:
|
|
|
|
|
- type: signature
|
|
|
|
|
count: 1
|
|
|
|
|
account_ids:
|
|
|
|
|
- root
|
2020-04-18 18:05:56 +00:00
|
|
|
`)
|
2020-04-24 19:33:33 +00:00
|
|
|
rootGitCommit := h.assertCommitChange(verifyShouldSucceed, "initial commit", rootSig)
|
2020-03-14 22:14:18 +00:00
|
|
|
|
|
|
|
|
// toot user wants to create a credential commit for the root commit, for
|
|
|
|
|
// whatever reason.
|
2020-04-26 20:23:03 +00:00
|
|
|
rootChangeFingerprint := rootGitCommit.Payload.Common.Fingerprint
|
|
|
|
|
credCommitPayUn, err := h.proj.NewPayloadCredential(rootChangeFingerprint)
|
2020-03-14 22:14:18 +00:00
|
|
|
if err != nil {
|
2020-04-26 20:23:03 +00:00
|
|
|
t.Fatalf("creating credential commit for fingerprint %x: %v", rootChangeFingerprint, err)
|
2020-03-14 22:14:18 +00:00
|
|
|
|
|
|
|
|
}
|
2020-04-26 20:23:03 +00:00
|
|
|
h.tryCommit(verifyShouldFail, credCommitPayUn, tootSig)
|
2020-03-14 22:14:18 +00:00
|
|
|
|
|
|
|
|
// toot tries again in their own branch, and should be allowed.
|
|
|
|
|
h.checkout(tootBranch)
|
2020-04-26 20:23:03 +00:00
|
|
|
h.tryCommit(verifyShouldSucceed, credCommitPayUn, tootSig)
|
2020-03-14 22:14:18 +00:00
|
|
|
}
|
