You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
79 lines
2.1 KiB
79 lines
2.1 KiB
package dehub
|
|
|
|
import (
|
|
"dehub/accessctl"
|
|
"dehub/sigcred"
|
|
"testing"
|
|
|
|
"gopkg.in/src-d/go-git.v4/plumbing"
|
|
)
|
|
|
|
func TestCredentialCommitVerify(t *testing.T) {
|
|
h := newHarness(t)
|
|
|
|
// create a new account and modify the config so that that account is only
|
|
// allowed to add verifications to a single branch
|
|
tootSig, tootPubKeyBody := sigcred.SignifierPGPTmp("toot", h.rand)
|
|
h.cfg.Accounts = append(h.cfg.Accounts, Account{
|
|
ID: "toot",
|
|
Signifiers: []sigcred.Signifier{{PGPPublicKey: &sigcred.SignifierPGP{
|
|
Body: string(tootPubKeyBody),
|
|
}}},
|
|
})
|
|
|
|
tootBranch := plumbing.NewBranchReferenceName("toot_branch")
|
|
tootBranchCond := accessctl.Condition{
|
|
Signature: &accessctl.ConditionSignature{
|
|
AccountIDs: []string{"root", "toot"},
|
|
Count: "1",
|
|
},
|
|
}
|
|
allBranchCond := accessctl.Condition{
|
|
Signature: &accessctl.ConditionSignature{
|
|
AccountIDs: []string{"root"},
|
|
Count: "1",
|
|
},
|
|
}
|
|
h.cfg.AccessControls = []accessctl.BranchAccessControl{
|
|
{
|
|
BranchPattern: tootBranch.Short(),
|
|
ChangeAccessControls: []accessctl.ChangeAccessControl{
|
|
{
|
|
FilePathPattern: "**",
|
|
Condition: tootBranchCond,
|
|
},
|
|
},
|
|
CredentialAccessControl: &accessctl.CredentialAccessControl{
|
|
Condition: tootBranchCond,
|
|
},
|
|
},
|
|
{
|
|
BranchPattern: "**",
|
|
ChangeAccessControls: []accessctl.ChangeAccessControl{
|
|
{
|
|
FilePathPattern: "**",
|
|
Condition: allBranchCond,
|
|
},
|
|
},
|
|
CredentialAccessControl: &accessctl.CredentialAccessControl{
|
|
Condition: allBranchCond,
|
|
},
|
|
},
|
|
}
|
|
h.stageCfg()
|
|
rootGitCommit := h.changeCommit("initial commit", h.cfg.Accounts[0].ID, h.sig)
|
|
|
|
// toot user wants to create a credential commit for the root commit, for
|
|
// whatever reason.
|
|
rootChangeHash := rootGitCommit.Commit.Change.ChangeHash
|
|
credCommit, err := h.repo.NewCommitCredential(rootChangeHash)
|
|
if err != nil {
|
|
t.Fatalf("creating credential commit for hash %x: %v", rootChangeHash, err)
|
|
|
|
}
|
|
h.tryCommit(false, credCommit, "toot", tootSig)
|
|
|
|
// toot tries again in their own branch, and should be allowed.
|
|
h.checkout(tootBranch)
|
|
h.tryCommit(true, credCommit, "toot", tootSig)
|
|
}
|
|
|