From 13c0f7dfffc99c58c1c53f3bc0c6eaf17c3860f8 Mon Sep 17 00:00:00 2001 From: zeripath Date: Sun, 3 Feb 2019 14:00:48 +0000 Subject: [PATCH] Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) The gitea prerecieve and postrecieve hooks and the gitea PushUpdate function require that the PusherID and PusherName are real users. Previously, these environment variables were not being set when using a deploy key - the main result being that pushing to empty repositories meant that is_empty status was not changed. I've also added an integration test to ensure that the is_empty status is updated on pushing with a deploy key. There is a slight issue in that the deploy key is now considered a proxy for the owner - we don't have a way of separating out the deploy key from the owner at present. This can be fixed in another PR. Fix #3795 Signed-off-by: Andrew Thornton art27@cantab.net --- cmd/serv.go | 6 + integrations/deploy_key_push_test.go | 160 +++++++++++++++++++++++++++ 2 files changed, 166 insertions(+) create mode 100644 integrations/deploy_key_push_test.go diff --git a/cmd/serv.go b/cmd/serv.go index 1b65dab2b..21a69b24d 100644 --- a/cmd/serv.go +++ b/cmd/serv.go @@ -251,6 +251,12 @@ func runServ(c *cli.Context) error { if err = private.UpdateDeployKeyUpdated(key.ID, repo.ID); err != nil { fail("Internal error", "UpdateDeployKey: %v", err) } + + // FIXME: Deploy keys aren't really the owner of the repo pushing changes + // however we don't have good way of representing deploy keys in hook.go + // so for now use the owner + os.Setenv(models.EnvPusherName, username) + os.Setenv(models.EnvPusherID, fmt.Sprintf("%d", repo.OwnerID)) } else { user, err = private.GetUserByKeyID(key.ID) if err != nil { diff --git a/integrations/deploy_key_push_test.go b/integrations/deploy_key_push_test.go new file mode 100644 index 000000000..8b3d66562 --- /dev/null +++ b/integrations/deploy_key_push_test.go @@ -0,0 +1,160 @@ +// Copyright 2019 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package integrations + +import ( + "fmt" + "io/ioutil" + "log" + "net/http" + "net/url" + "os" + "os/exec" + "path/filepath" + "testing" + "time" + + "code.gitea.io/git" + + "code.gitea.io/gitea/modules/setting" + api "code.gitea.io/sdk/gitea" + "github.com/stretchr/testify/assert" +) + +func createEmptyRepository(username, reponame string) func(*testing.T) { + return func(t *testing.T) { + session := loginUser(t, username) + token := getTokenForLoggedInUser(t, session) + req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+token, &api.CreateRepoOption{ + AutoInit: false, + Description: "Temporary empty repo", + Name: reponame, + Private: false, + }) + session.MakeRequest(t, req, http.StatusCreated) + } +} + +func createDeployKey(username, reponame, keyname, keyFile string, readOnly bool) func(*testing.T) { + return func(t *testing.T) { + session := loginUser(t, username) + token := getTokenForLoggedInUser(t, session) + urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", username, reponame, token) + + dataPubKey, err := ioutil.ReadFile(keyFile + ".pub") + assert.NoError(t, err) + req := NewRequestWithJSON(t, "POST", urlStr, api.CreateKeyOption{ + Title: keyname, + Key: string(dataPubKey), + ReadOnly: readOnly, + }) + session.MakeRequest(t, req, http.StatusCreated) + } +} + +func initTestRepository(dstPath string) func(*testing.T) { + return func(t *testing.T) { + // Init repository in dstPath + assert.NoError(t, git.InitRepository(dstPath, false)) + assert.NoError(t, ioutil.WriteFile(filepath.Join(dstPath, "README.md"), []byte(fmt.Sprintf("# Testing Repository\n\nOriginally created in: %s", dstPath)), 0644)) + assert.NoError(t, git.AddChanges(dstPath, true)) + signature := git.Signature{ + Email: "test@example.com", + Name: "test", + When: time.Now(), + } + assert.NoError(t, git.CommitChanges(dstPath, git.CommitChangesOptions{ + Committer: &signature, + Author: &signature, + Message: "Initial Commit", + })) + } +} + +func pushTestRepository(dstPath, username, reponame string, u url.URL, keyFile string) func(*testing.T) { + return func(t *testing.T) { + //Setup remote link + u.Scheme = "ssh" + u.User = url.User("git") + u.Host = fmt.Sprintf("%s:%d", setting.SSH.ListenHost, setting.SSH.ListenPort) + + //Setup ssh wrapper + os.Setenv("GIT_SSH_COMMAND", + "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "+ + filepath.Join(setting.AppWorkPath, keyFile)) + os.Setenv("GIT_SSH_VARIANT", "ssh") + + log.Printf("Adding remote: %s\n", u.String()) + _, err := git.NewCommand("remote", "add", "origin", u.String()).RunInDir(dstPath) + assert.NoError(t, err) + + log.Printf("Pushing to: %s\n", u.String()) + _, err = git.NewCommand("push", "-u", "origin", "master").RunInDir(dstPath) + assert.NoError(t, err) + } +} + +func checkRepositoryEmptyStatus(username, reponame string, isEmpty bool) func(*testing.T) { + return func(t *testing.T) { + session := loginUser(t, username) + token := getTokenForLoggedInUser(t, session) + urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", username, reponame, token) + + req := NewRequest(t, "GET", urlStr) + resp := session.MakeRequest(t, req, http.StatusOK) + + var repository api.Repository + DecodeJSON(t, resp, &repository) + + assert.Equal(t, isEmpty, repository.Empty) + } +} + +func deleteRepository(username, reponame string) func(*testing.T) { + return func(t *testing.T) { + session := loginUser(t, username) + token := getTokenForLoggedInUser(t, session) + urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", username, reponame, token) + + req := NewRequest(t, "DELETE", urlStr) + session.MakeRequest(t, req, http.StatusNoContent) + } +} + +func TestPushDeployKeyOnEmptyRepo(t *testing.T) { + onGiteaRun(t, testPushDeployKeyOnEmptyRepo) +} + +func testPushDeployKeyOnEmptyRepo(t *testing.T, u *url.URL) { + reponame := "deploy-key-empty-repo-1" + username := "user2" + u.Path = fmt.Sprintf("%s/%s.git", username, reponame) + keyname := fmt.Sprintf("%s-push", reponame) + + t.Run("CreateEmptyRepository", createEmptyRepository(username, reponame)) + t.Run("CheckIsEmpty", checkRepositoryEmptyStatus(username, reponame, true)) + + //Setup the push deploy key file + keyFile := filepath.Join(setting.AppDataPath, keyname) + err := exec.Command("ssh-keygen", "-f", keyFile, "-t", "rsa", "-N", "").Run() + assert.NoError(t, err) + defer os.RemoveAll(keyFile) + defer os.RemoveAll(keyFile + ".pub") + + t.Run("CreatePushDeployKey", createDeployKey(username, reponame, keyname, keyFile, false)) + + // Setup the testing repository + dstPath, err := ioutil.TempDir("", "repo-tmp-deploy-key-empty-repo-1") + assert.NoError(t, err) + defer os.RemoveAll(dstPath) + + t.Run("InitTestRepository", initTestRepository(dstPath)) + t.Run("SSHPushTestRepository", pushTestRepository(dstPath, username, reponame, *u, keyFile)) + + log.Println("Done Push") + t.Run("CheckIsNotEmpty", checkRepositoryEmptyStatus(username, reponame, false)) + + t.Run("DeleteRepository", deleteRepository(username, reponame)) +}