A read-only clone of the dehub project, for until dehub.dev can be brought back online.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
dehub/payload_credential_test.go

50 lines
1.3 KiB

package dehub
import (
"testing"
"gopkg.in/src-d/go-git.v4/plumbing"
)
func TestPayloadCredentialVerify(t *testing.T) {
h := newHarness(t)
rootSig := h.stageNewAccount("root", false)
// create a new account and modify the config so that that account is only
// allowed to add verifications to a single branch
tootSig := h.stageNewAccount("toot", false)
tootBranch := plumbing.NewBranchReferenceName("toot_branch")
h.stageAccessControls(`
- action: allow
filters:
- type: branch
pattern: ` + tootBranch.Short() + `
- type: signature
count: 1
account_ids:
- root
- toot
- action: allow
filters:
- type: signature
count: 1
account_ids:
- root
`)
rootGitCommit := h.assertCommitChange(verifyShouldSucceed, "initial commit", rootSig)
// toot user wants to create a credential commit for the root commit, for
// whatever reason.
rootChangeFingerprint := rootGitCommit.Payload.Common.Fingerprint
credCommitPayUn, err := h.proj.NewPayloadCredential(rootChangeFingerprint)
if err != nil {
t.Fatalf("creating credential commit for fingerprint %x: %v", rootChangeFingerprint, err)
}
h.tryCommit(verifyShouldFail, credCommitPayUn, tootSig)
// toot tries again in their own branch, and should be allowed.
h.checkout(tootBranch)
h.tryCommit(verifyShouldSucceed, credCommitPayUn, tootSig)
}