4d56716fe8
--- type: change message: |- Give the project a proper root, dehub.dev/src/dehub.git "dehub" was being used as a placeholder up till this point, but now that the project has matured enough to have a home, and people will want to be installing the binary, it's time to give it a proper import root. change_hash: ADTjLNnPARatUjx6HDo7m3O+0KUcWvcMJq1kNrj9++PU credentials: - type: pgp_signature pub_key_id: 95C46FA6A41148AC body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl6BECkACgkQlcRvpqQRSKyeJBAAocdHTs8AB2u9kZmMcJNf136Cq8KWjglvhuH49Nj9ILkeGOBF7+fIHBRSYxBQm4IIDWsjaQaRRhESJxKrkHUd7BG/z5iVsCfjYTyY7LPgv0oYJKEGbPOF2LDK2fuLLpRlA5v1fwamTdFYxs5j7yxW7weWiiKEgjMGjOiWQCWuqhw8rwOG6vjvYttQ5pekI7GvkdqWe+qODKmIF9xFFuhz7BMsFUAAwLz97W1wZkHA+O1BXGTe9hGwH88RY9IGJZftA6wuGes/SqwWJk+hpb89KV1yR0woMrwz7ITZZeNBboXO7KyxUXrfiLtxeRD4t15tJkdRY0FbIZvNCktviTqjPXOtoVh7c3m3p/LR5vcbgYDxaZKk51DYruovfaRI96Q9CYCK2kVb2PIJ4BJhlsUPzw8AWNVxXFECYZNEZly10hqNh4Xophr/x7PWOmoPoKL2PvXLtOHzk0r4Tw6JqUaC+7/08U/+lhlSKFKLdCj7Xru57qB7gxgd+P3g4rfqjIHqiB4tlViqR5RV7V8Z/goBMJg2uOJXIJGvwEZF9nj+QDgaofImMiQmcLrE6IBCYEELYz274w/6ugSCcdwVIC/n3VHuNY4zJDKN7Q/FgI9/GBS7UoNhTaHF2JmSKR9ErMKpm3PYPZr/VnsaXjfCBO5bVquvWLzfJ9aQ4t+tsRkuAvQ= account: mediocregopher
66 lines
1.6 KiB
Go
66 lines
1.6 KiB
Go
package dehub
|
|
|
|
import (
|
|
"dehub.dev/src/dehub.git/sigcred"
|
|
"testing"
|
|
|
|
"gopkg.in/src-d/go-git.v4/plumbing"
|
|
yaml "gopkg.in/yaml.v2"
|
|
)
|
|
|
|
func TestCredentialCommitVerify(t *testing.T) {
|
|
h := newHarness(t)
|
|
|
|
// create a new account and modify the config so that that account is only
|
|
// allowed to add verifications to a single branch
|
|
tootSig, tootPubKeyBody := sigcred.SignifierPGPTmp("toot", h.rand)
|
|
h.cfg.Accounts = append(h.cfg.Accounts, Account{
|
|
ID: "toot",
|
|
Signifiers: []sigcred.Signifier{{PGPPublicKey: &sigcred.SignifierPGP{
|
|
Body: string(tootPubKeyBody),
|
|
}}},
|
|
})
|
|
|
|
tootBranch := plumbing.NewBranchReferenceName("toot_branch")
|
|
|
|
err := yaml.Unmarshal([]byte(`
|
|
- action: allow
|
|
filters:
|
|
- type: branch
|
|
pattern: `+tootBranch.Short()+`
|
|
- type: signature
|
|
count: 1
|
|
account_ids:
|
|
- root
|
|
- toot
|
|
|
|
- action: allow
|
|
filters:
|
|
- type: signature
|
|
count: 1
|
|
account_ids:
|
|
- root
|
|
|
|
- action: deny
|
|
`), &h.cfg.AccessControls)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
h.stageCfg()
|
|
rootGitCommit := h.changeCommit("initial commit", h.cfg.Accounts[0].ID, h.sig)
|
|
|
|
// toot user wants to create a credential commit for the root commit, for
|
|
// whatever reason.
|
|
rootChangeHash := rootGitCommit.Commit.Change.ChangeHash
|
|
credCommit, err := h.repo.NewCommitCredential(rootChangeHash)
|
|
if err != nil {
|
|
t.Fatalf("creating credential commit for hash %x: %v", rootChangeHash, err)
|
|
|
|
}
|
|
h.tryCommit(false, credCommit, "toot", tootSig)
|
|
|
|
// toot tries again in their own branch, and should be allowed.
|
|
h.checkout(tootBranch)
|
|
h.tryCommit(true, credCommit, "toot", tootSig)
|
|
}
|