You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
111 lines
3.3 KiB
111 lines
3.3 KiB
package dehub
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"dehub.dev/src/dehub.git/accessctl"
|
|
"dehub.dev/src/dehub.git/sigcred"
|
|
|
|
"gopkg.in/src-d/go-git.v4/plumbing"
|
|
)
|
|
|
|
func TestConfigChange(t *testing.T) {
|
|
h := newHarness(t)
|
|
|
|
var gitCommits []GitCommit
|
|
|
|
// commit the initial staged changes, which merely include the config and
|
|
// public key
|
|
gitCommit := h.changeCommit("commit configuration", h.cfg.Accounts[0].ID, h.sig)
|
|
gitCommits = append(gitCommits, gitCommit)
|
|
|
|
// create a new account and add it to the configuration. That commit should
|
|
// not be verifiable, though
|
|
newSig, newPubKeyBody := sigcred.SignifierPGPTmp("toot", h.rand)
|
|
h.cfg.Accounts = append(h.cfg.Accounts, Account{
|
|
ID: "toot",
|
|
Signifiers: []sigcred.Signifier{{PGPPublicKey: &sigcred.SignifierPGP{
|
|
Body: string(newPubKeyBody),
|
|
}}},
|
|
})
|
|
|
|
h.stageCfg()
|
|
badCommit, err := h.repo.NewCommitChange("add toot user")
|
|
if err != nil {
|
|
t.Fatalf("creating CommitChange: %v", err)
|
|
}
|
|
h.tryCommit(false, badCommit, h.cfg.Accounts[1].ID, newSig)
|
|
|
|
// now add with the root user, this should work.
|
|
h.stageCfg()
|
|
gitCommit = h.changeCommit("add toot user", h.cfg.Accounts[0].ID, h.sig)
|
|
gitCommits = append(gitCommits, gitCommit)
|
|
|
|
// _now_ the toot user should be able to do things.
|
|
h.stage(map[string]string{"foo/bar": "what a cool file"})
|
|
gitCommit = h.changeCommit("add a cool file", h.cfg.Accounts[1].ID, newSig)
|
|
gitCommits = append(gitCommits, gitCommit)
|
|
|
|
if err := h.repo.VerifyCommits(MainRefName, gitCommits); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestMainAncestryRequirement(t *testing.T) {
|
|
otherBranch := plumbing.NewBranchReferenceName("other")
|
|
t.Run("empty repo", func(t *testing.T) {
|
|
h := newHarness(t)
|
|
h.checkout(otherBranch)
|
|
|
|
// stage and try to add to the "other" branch, it shouldn't work though
|
|
h.stageCfg()
|
|
badCommit, err := h.repo.NewCommitChange("starting new branch at other")
|
|
if err != nil {
|
|
t.Fatalf("creating CommitChange: %v", err)
|
|
}
|
|
h.tryCommit(false, badCommit, h.cfg.Accounts[0].ID, h.sig)
|
|
})
|
|
|
|
t.Run("new branch, single commit", func(t *testing.T) {
|
|
h := newHarness(t)
|
|
h.stageCfg()
|
|
h.changeCommit("add cfg", h.cfg.Accounts[0].ID, h.sig)
|
|
|
|
// set HEAD to this other branch which doesn't really exist
|
|
ref := plumbing.NewSymbolicReference(plumbing.HEAD, otherBranch)
|
|
if err := h.repo.GitRepo.Storer.SetReference(ref); err != nil {
|
|
h.t.Fatal(err)
|
|
}
|
|
|
|
h.stageCfg()
|
|
badCommit, err := h.repo.NewCommitChange("starting new branch at other")
|
|
if err != nil {
|
|
t.Fatalf("creating CommitChange: %v", err)
|
|
}
|
|
h.tryCommit(false, badCommit, h.cfg.Accounts[0].ID, h.sig)
|
|
})
|
|
}
|
|
|
|
func TestAnonymousCommits(t *testing.T) {
|
|
h := newHarness(t)
|
|
anonSig, anonPubKeyBody := sigcred.SignifierPGPTmp("", h.rand)
|
|
|
|
h.cfg.AccessControls = []accessctl.AccessControl{{
|
|
Action: accessctl.ActionAllow,
|
|
Filters: []accessctl.Filter{
|
|
{Signature: &accessctl.FilterSignature{Any: true}},
|
|
},
|
|
}}
|
|
h.stageCfg()
|
|
|
|
// manually accredit the commit this time
|
|
goodCommit, err := h.repo.NewCommitChange("this will work")
|
|
if err != nil {
|
|
t.Fatalf("creating CommitChange: %v", err)
|
|
} else if goodCommit, err = h.repo.AccreditCommit(goodCommit, anonSig); err != nil {
|
|
t.Fatalf("accreditting CommitChange: %v", err)
|
|
}
|
|
// There is, unfortunately, not a prettier way to do this
|
|
goodCommit.Common.Credentials[0].PGPSignature.PubKeyBody = string(anonPubKeyBody)
|
|
h.tryCommit(true, goodCommit, "", nil)
|
|
}
|
|
|