Example 1 with CredentialsProvider
use of org.eclipse.jgit.transport.CredentialsProvider in project gitblit by gitblit.
the class GitServletTest method testRefChange.
private void testRefChange(AccessPermission permission, Status expectedCreate, Status expectedDelete, Status expectedRewind) throws Exception {
final String originName = "ticgit.git";
final String forkName = "refchecks/ticgit.git";
final String workingCopy = "refchecks/ticgit-wc";
// lower access restriction on origin repository
RepositoryModel origin = repositories().getRepositoryModel(originName);
origin.accessRestriction = AccessRestrictionType.NONE;
repositories().updateRepositoryModel(origin.name, origin, false);
UserModel user = getUser();
delete(user);
CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);
// fork from original to a temporary bare repo
File refChecks = new File(GitBlitSuite.REPOSITORIES, forkName);
if (refChecks.exists()) {
FileUtils.delete(refChecks, FileUtils.RECURSIVE);
}
CloneCommand clone = Git.cloneRepository();
clone.setURI(url + "/" + originName);
clone.setDirectory(refChecks);
clone.setBare(true);
clone.setCloneAllBranches(true);
clone.setCredentialsProvider(cp);
GitBlitSuite.close(clone.call());
// elevate repository to clone permission
RepositoryModel model = repositories().getRepositoryModel(forkName);
switch(permission) {
case VIEW:
model.accessRestriction = AccessRestrictionType.CLONE;
break;
case CLONE:
model.accessRestriction = AccessRestrictionType.CLONE;
break;
default:
model.accessRestriction = AccessRestrictionType.PUSH;
}
model.authorizationControl = AuthorizationControl.NAMED;
// grant user specified
user.setRepositoryPermission(model.name, permission);
gitblit().addUser(user);
repositories().updateRepositoryModel(model.name, model, false);
// clone temp bare repo to working copy
File local = new File(GitBlitSuite.REPOSITORIES, workingCopy);
if (local.exists()) {
FileUtils.delete(local, FileUtils.RECURSIVE);
}
clone = Git.cloneRepository();
clone.setURI(MessageFormat.format("{0}/{1}", url, model.name));
clone.setDirectory(local);
clone.setBare(false);
clone.setCloneAllBranches(true);
clone.setCredentialsProvider(cp);
try {
GitBlitSuite.close(clone.call());
} catch (GitAPIException e) {
if (permission.atLeast(AccessPermission.CLONE)) {
throw e;
} else {
// close serving repository
GitBlitSuite.close(refChecks);
// user does not have clone permission
assertTrue(e.getMessage(), e.getMessage().contains("not permitted"));
return;
}
}
Git git = Git.open(local);
// commit a file and push it
File file = new File(local, "PUSHCHK");
OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);
BufferedWriter w = new BufferedWriter(os);
w.write("// " + new Date().toString() + "\n");
w.close();
git.add().addFilepattern(file.getName()).call();
git.commit().setMessage("push test").call();
Iterable<PushResult> results = null;
try {
results = git.push().setCredentialsProvider(cp).setRemote("origin").call();
} catch (GitAPIException e) {
if (permission.atLeast(AccessPermission.PUSH)) {
throw e;
} else {
// close serving repository
GitBlitSuite.close(refChecks);
// user does not have push permission
assertTrue(e.getMessage(), e.getMessage().contains("not permitted"));
GitBlitSuite.close(git);
return;
}
}
for (PushResult result : results) {
RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");
Status status = ref.getStatus();
if (permission.atLeast(AccessPermission.PUSH)) {
assertTrue("User failed to push commit?! " + status.name(), Status.OK.equals(status));
} else {
// close serving repository
GitBlitSuite.close(refChecks);
assertTrue("User was able to push commit! " + status.name(), Status.REJECTED_OTHER_REASON.equals(status));
GitBlitSuite.close(git);
// skip delete test
return;
}
}
// create a local branch and push the new branch back to the origin
git.branchCreate().setName("protectme").call();
RefSpec refSpec = new RefSpec("refs/heads/protectme:refs/heads/protectme");
results = git.push().setCredentialsProvider(cp).setRefSpecs(refSpec).setRemote("origin").call();
for (PushResult result : results) {
RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/protectme");
Status status = ref.getStatus();
if (Status.OK.equals(expectedCreate)) {
assertTrue("User failed to push creation?! " + status.name(), status.equals(expectedCreate));
} else {
// close serving repository
GitBlitSuite.close(refChecks);
assertTrue("User was able to push ref creation! " + status.name(), status.equals(expectedCreate));
GitBlitSuite.close(git);
// skip delete test
return;
}
}
// delete the branch locally
git.branchDelete().setBranchNames("protectme").call();
// push a delete ref command
refSpec = new RefSpec(":refs/heads/protectme");
results = git.push().setCredentialsProvider(cp).setRefSpecs(refSpec).setRemote("origin").call();
for (PushResult result : results) {
RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/protectme");
Status status = ref.getStatus();
if (Status.OK.equals(expectedDelete)) {
assertTrue("User failed to push ref deletion?! " + status.name(), status.equals(Status.OK));
} else {
// close serving repository
GitBlitSuite.close(refChecks);
assertTrue("User was able to push ref deletion?! " + status.name(), status.equals(expectedDelete));
GitBlitSuite.close(git);
// skip rewind test
return;
}
}
// rewind master by two commits
git.reset().setRef("HEAD~2").setMode(ResetType.HARD).call();
// commit a change on this detached HEAD
file = new File(local, "REWINDCHK");
os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);
w = new BufferedWriter(os);
w.write("// " + new Date().toString() + "\n");
w.close();
git.add().addFilepattern(file.getName()).call();
RevCommit commit = git.commit().setMessage("rewind master and new commit").call();
// Reset master to our new commit now we our local branch tip is no longer
// upstream of the remote branch tip. It is an alternate tip of the branch.
JGitUtils.setBranchRef(git.getRepository(), "refs/heads/master", commit.getName());
// Try pushing our new tip to the origin.
// This requires the server to "rewind" it's master branch and update it
// to point to our alternate tip. This leaves the original master tip
// unreferenced.
results = git.push().setCredentialsProvider(cp).setRemote("origin").setForce(true).call();
for (PushResult result : results) {
RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");
Status status = ref.getStatus();
if (Status.OK.equals(expectedRewind)) {
assertTrue("User failed to rewind master?! " + status.name(), status.equals(expectedRewind));
} else {
assertTrue("User was able to rewind master?! " + status.name(), status.equals(expectedRewind));
}
}
GitBlitSuite.close(git);
// close serving repository
GitBlitSuite.close(refChecks);
delete(user);
}
Also used :
CloneCommand(org.eclipse.jgit.api.CloneCommand)
RemoteRefUpdate(org.eclipse.jgit.transport.RemoteRefUpdate)
Status(org.eclipse.jgit.transport.RemoteRefUpdate.Status)
UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider)
RepositoryModel(com.gitblit.models.RepositoryModel)
UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider)
CredentialsProvider(org.eclipse.jgit.transport.CredentialsProvider)
PushResult(org.eclipse.jgit.transport.PushResult)
Date(java.util.Date)
BufferedWriter(java.io.BufferedWriter)
UserModel(com.gitblit.models.UserModel)
GitAPIException(org.eclipse.jgit.api.errors.GitAPIException)
Git(org.eclipse.jgit.api.Git)
RefSpec(org.eclipse.jgit.transport.RefSpec)
FileOutputStream(java.io.FileOutputStream)
OutputStreamWriter(java.io.OutputStreamWriter)
File(java.io.File)
RevCommit(org.eclipse.jgit.revwalk.RevCommit)
Example 2 with CredentialsProvider
use of org.eclipse.jgit.transport.CredentialsProvider in project gitblit by gitblit.
the class FederationPullService method pull.
/**
* Mirrors a repository and, optionally, the server's users, and/or
* configuration settings from a origin Gitblit instance.
*
* @param registration
* @throws Exception
*/
private void pull(FederationModel registration) throws Exception {
Map<String, RepositoryModel> repositories = FederationUtils.getRepositories(registration, true);
String registrationFolder = registration.folder.toLowerCase().trim();
// confirm valid characters in server alias
Character c = StringUtils.findInvalidCharacter(registrationFolder);
if (c != null) {
logger.error(MessageFormat.format("Illegal character ''{0}'' in folder name ''{1}'' of federation registration {2}!", c, registrationFolder, registration.name));
return;
}
File repositoriesFolder = gitblit.getRepositoriesFolder();
File registrationFolderFile = new File(repositoriesFolder, registrationFolder);
registrationFolderFile.mkdirs();
// Clone/Pull the repository
for (Map.Entry<String, RepositoryModel> entry : repositories.entrySet()) {
String cloneUrl = entry.getKey();
RepositoryModel repository = entry.getValue();
if (!repository.hasCommits) {
logger.warn(MessageFormat.format("Skipping federated repository {0} from {1} @ {2}. Repository is EMPTY.", repository.name, registration.name, registration.url));
registration.updateStatus(repository, FederationPullStatus.SKIPPED);
continue;
}
// Determine local repository name
String repositoryName;
if (StringUtils.isEmpty(registrationFolder)) {
repositoryName = repository.name;
} else {
repositoryName = registrationFolder + "/" + repository.name;
}
if (registration.bare) {
// bare repository, ensure .git suffix
if (!repositoryName.toLowerCase().endsWith(DOT_GIT_EXT)) {
repositoryName += DOT_GIT_EXT;
}
} else {
// normal repository, strip .git suffix
if (repositoryName.toLowerCase().endsWith(DOT_GIT_EXT)) {
repositoryName = repositoryName.substring(0, repositoryName.indexOf(DOT_GIT_EXT));
}
}
// confirm that the origin of any pre-existing repository matches
// the clone url
String fetchHead = null;
Repository existingRepository = gitblit.getRepository(repositoryName);
if (existingRepository == null && gitblit.isCollectingGarbage(repositoryName)) {
logger.warn(MessageFormat.format("Skipping local repository {0}, busy collecting garbage", repositoryName));
continue;
}
if (existingRepository != null) {
StoredConfig config = existingRepository.getConfig();
config.load();
String origin = config.getString("remote", "origin", "url");
RevCommit commit = JGitUtils.getCommit(existingRepository, org.eclipse.jgit.lib.Constants.FETCH_HEAD);
if (commit != null) {
fetchHead = commit.getName();
}
existingRepository.close();
if (!origin.startsWith(registration.url)) {
logger.warn(MessageFormat.format("Skipping federated repository {0} from {1} @ {2}. Origin does not match, consider EXCLUDING.", repository.name, registration.name, registration.url));
registration.updateStatus(repository, FederationPullStatus.SKIPPED);
continue;
}
}
// clone/pull this repository
CredentialsProvider credentials = new UsernamePasswordCredentialsProvider(Constants.FEDERATION_USER, registration.token);
logger.info(MessageFormat.format("Pulling federated repository {0} from {1} @ {2}", repository.name, registration.name, registration.url));
CloneResult result = JGitUtils.cloneRepository(registrationFolderFile, repository.name, cloneUrl, registration.bare, credentials);
Repository r = gitblit.getRepository(repositoryName);
RepositoryModel rm = gitblit.getRepositoryModel(repositoryName);
repository.isFrozen = registration.mirror;
if (result.createdRepository) {
// default local settings
repository.federationStrategy = FederationStrategy.EXCLUDE;
repository.isFrozen = registration.mirror;
repository.showRemoteBranches = !registration.mirror;
logger.info(MessageFormat.format(" cloning {0}", repository.name));
registration.updateStatus(repository, FederationPullStatus.MIRRORED);
} else {
// fetch and update
boolean fetched = false;
RevCommit commit = JGitUtils.getCommit(r, org.eclipse.jgit.lib.Constants.FETCH_HEAD);
String newFetchHead = commit.getName();
fetched = fetchHead == null || !fetchHead.equals(newFetchHead);
if (registration.mirror) {
// mirror
if (fetched) {
// update local branches to match the remote tracking branches
for (RefModel ref : JGitUtils.getRemoteBranches(r, false, -1)) {
if (ref.displayName.startsWith("origin/")) {
String branch = org.eclipse.jgit.lib.Constants.R_HEADS + ref.displayName.substring(ref.displayName.indexOf('/') + 1);
String hash = ref.getReferencedObjectId().getName();
JGitUtils.setBranchRef(r, branch, hash);
logger.info(MessageFormat.format(" resetting {0} of {1} to {2}", branch, repository.name, hash));
}
}
String newHead;
if (StringUtils.isEmpty(repository.HEAD)) {
newHead = newFetchHead;
} else {
newHead = repository.HEAD;
}
JGitUtils.setHEADtoRef(r, newHead);
logger.info(MessageFormat.format(" resetting HEAD of {0} to {1}", repository.name, newHead));
registration.updateStatus(repository, FederationPullStatus.MIRRORED);
} else {
// indicate no commits pulled
registration.updateStatus(repository, FederationPullStatus.NOCHANGE);
}
} else {
// non-mirror
if (fetched) {
// indicate commits pulled to origin/master
registration.updateStatus(repository, FederationPullStatus.PULLED);
} else {
// indicate no commits pulled
registration.updateStatus(repository, FederationPullStatus.NOCHANGE);
}
}
// preserve local settings
repository.isFrozen = rm.isFrozen;
repository.federationStrategy = rm.federationStrategy;
// merge federation sets
Set<String> federationSets = new HashSet<String>();
if (rm.federationSets != null) {
federationSets.addAll(rm.federationSets);
}
if (repository.federationSets != null) {
federationSets.addAll(repository.federationSets);
}
repository.federationSets = new ArrayList<String>(federationSets);
// merge indexed branches
Set<String> indexedBranches = new HashSet<String>();
if (rm.indexedBranches != null) {
indexedBranches.addAll(rm.indexedBranches);
}
if (repository.indexedBranches != null) {
indexedBranches.addAll(repository.indexedBranches);
}
repository.indexedBranches = new ArrayList<String>(indexedBranches);
}
// only repositories that are actually _cloned_ from the origin
// Gitblit repository are marked as federated. If the origin
// is from somewhere else, these repositories are not considered
// "federated" repositories.
repository.isFederated = cloneUrl.startsWith(registration.url);
gitblit.updateConfiguration(r, repository);
r.close();
}
IUserService userService = null;
try {
// Pull USERS
// TeamModels are automatically pulled because they are contained
// within the UserModel. The UserService creates unknown teams
// and updates existing teams.
Collection<UserModel> users = FederationUtils.getUsers(registration);
if (users != null && users.size() > 0) {
File realmFile = new File(registrationFolderFile, registration.name + "_users.conf");
realmFile.delete();
userService = new ConfigUserService(realmFile);
for (UserModel user : users) {
userService.updateUserModel(user.username, user);
// the user accounts of this Gitblit instance
if (registration.mergeAccounts) {
// repositories are stored within subfolders
if (!StringUtils.isEmpty(registrationFolder)) {
if (user.permissions != null) {
// pulling from >= 1.2 version
Map<String, AccessPermission> copy = new HashMap<String, AccessPermission>(user.permissions);
user.permissions.clear();
for (Map.Entry<String, AccessPermission> entry : copy.entrySet()) {
user.setRepositoryPermission(registrationFolder + "/" + entry.getKey(), entry.getValue());
}
} else {
// pulling from <= 1.1 version
List<String> permissions = new ArrayList<String>(user.repositories);
user.repositories.clear();
for (String permission : permissions) {
user.addRepositoryPermission(registrationFolder + "/" + permission);
}
}
}
// insert new user or update local user
UserModel localUser = gitblit.getUserModel(user.username);
if (localUser == null) {
// create new local user
gitblit.addUser(user);
} else {
// update repository permissions of local user
if (user.permissions != null) {
// pulling from >= 1.2 version
Map<String, AccessPermission> copy = new HashMap<String, AccessPermission>(user.permissions);
for (Map.Entry<String, AccessPermission> entry : copy.entrySet()) {
localUser.setRepositoryPermission(entry.getKey(), entry.getValue());
}
} else {
// pulling from <= 1.1 version
for (String repository : user.repositories) {
localUser.addRepositoryPermission(repository);
}
}
localUser.password = user.password;
localUser.canAdmin = user.canAdmin;
gitblit.reviseUser(localUser.username, localUser);
}
for (String teamname : gitblit.getAllTeamNames()) {
TeamModel team = gitblit.getTeamModel(teamname);
if (user.isTeamMember(teamname) && !team.hasUser(user.username)) {
// new team member
team.addUser(user.username);
gitblit.updateTeamModel(teamname, team);
} else if (!user.isTeamMember(teamname) && team.hasUser(user.username)) {
// remove team member
team.removeUser(user.username);
gitblit.updateTeamModel(teamname, team);
}
// update team repositories
TeamModel remoteTeam = user.getTeam(teamname);
if (remoteTeam != null) {
if (remoteTeam.permissions != null) {
// pulling from >= 1.2
for (Map.Entry<String, AccessPermission> entry : remoteTeam.permissions.entrySet()) {
team.setRepositoryPermission(entry.getKey(), entry.getValue());
}
gitblit.updateTeamModel(teamname, team);
} else if (!ArrayUtils.isEmpty(remoteTeam.repositories)) {
// pulling from <= 1.1
team.addRepositoryPermissions(remoteTeam.repositories);
gitblit.updateTeamModel(teamname, team);
}
}
}
}
}
}
} catch (ForbiddenException e) {
// ignore forbidden exceptions
} catch (IOException e) {
logger.warn(MessageFormat.format("Failed to retrieve USERS from federated gitblit ({0} @ {1})", registration.name, registration.url), e);
}
try {
// mailing lists or push scripts without specifying users.
if (userService != null) {
Collection<TeamModel> teams = FederationUtils.getTeams(registration);
if (teams != null && teams.size() > 0) {
for (TeamModel team : teams) {
userService.updateTeamModel(team);
}
}
}
} catch (ForbiddenException e) {
// ignore forbidden exceptions
} catch (IOException e) {
logger.warn(MessageFormat.format("Failed to retrieve TEAMS from federated gitblit ({0} @ {1})", registration.name, registration.url), e);
}
try {
// Pull SETTINGS
Map<String, String> settings = FederationUtils.getSettings(registration);
if (settings != null && settings.size() > 0) {
Properties properties = new Properties();
properties.putAll(settings);
FileOutputStream os = new FileOutputStream(new File(registrationFolderFile, registration.name + "_" + Constants.PROPERTIES_FILE));
properties.store(os, null);
os.close();
}
} catch (ForbiddenException e) {
// ignore forbidden exceptions
} catch (IOException e) {
logger.warn(MessageFormat.format("Failed to retrieve SETTINGS from federated gitblit ({0} @ {1})", registration.name, registration.url), e);
}
try {
// Pull SCRIPTS
Map<String, String> scripts = FederationUtils.getScripts(registration);
if (scripts != null && scripts.size() > 0) {
for (Map.Entry<String, String> script : scripts.entrySet()) {
String scriptName = script.getKey();
if (scriptName.endsWith(".groovy")) {
scriptName = scriptName.substring(0, scriptName.indexOf(".groovy"));
}
File file = new File(registrationFolderFile, registration.name + "_" + scriptName + ".groovy");
FileUtils.writeContent(file, script.getValue());
}
}
} catch (ForbiddenException e) {
// ignore forbidden exceptions
} catch (IOException e) {
logger.warn(MessageFormat.format("Failed to retrieve SCRIPTS from federated gitblit ({0} @ {1})", registration.name, registration.url), e);
}
}
Also used :
RefModel(com.gitblit.models.RefModel)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
RepositoryModel(com.gitblit.models.RepositoryModel)
Properties(java.util.Properties)
StoredConfig(org.eclipse.jgit.lib.StoredConfig)
UserModel(com.gitblit.models.UserModel)
TeamModel(com.gitblit.models.TeamModel)
RevCommit(org.eclipse.jgit.revwalk.RevCommit)
HashSet(java.util.HashSet)
UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider)
ForbiddenException(com.gitblit.GitBlitException.ForbiddenException)
ConfigUserService(com.gitblit.ConfigUserService)
AccessPermission(com.gitblit.Constants.AccessPermission)
UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider)
CredentialsProvider(org.eclipse.jgit.transport.CredentialsProvider)
IOException(java.io.IOException)
CloneResult(com.gitblit.utils.JGitUtils.CloneResult)
Repository(org.eclipse.jgit.lib.Repository)
IUserService(com.gitblit.IUserService)
FileOutputStream(java.io.FileOutputStream)
File(java.io.File)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 3 with CredentialsProvider
use of org.eclipse.jgit.transport.CredentialsProvider in project gitblit by gitblit.
the class GitServletTest method testCreateOnPush.
private void testCreateOnPush(boolean canCreate, boolean canAdmin) throws Exception {
UserModel user = new UserModel("sampleuser");
user.password = user.username;
delete(user);
user.canCreate = canCreate;
user.canAdmin = canAdmin;
gitblit().addUser(user);
CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);
// fork from original to a temporary bare repo
File tmpFolder = File.createTempFile("gitblit", "").getParentFile();
File createCheck = new File(tmpFolder, "ticgit.git");
if (createCheck.exists()) {
FileUtils.delete(createCheck, FileUtils.RECURSIVE);
}
File personalRepo = new File(GitBlitSuite.REPOSITORIES, MessageFormat.format("~{0}/ticgit.git", user.username));
GitBlitSuite.close(personalRepo);
if (personalRepo.exists()) {
FileUtils.delete(personalRepo, FileUtils.RECURSIVE);
}
File projectRepo = new File(GitBlitSuite.REPOSITORIES, "project/ticgit.git");
GitBlitSuite.close(projectRepo);
if (projectRepo.exists()) {
FileUtils.delete(projectRepo, FileUtils.RECURSIVE);
}
CloneCommand clone = Git.cloneRepository();
clone.setURI(MessageFormat.format("{0}/ticgit.git", url));
clone.setDirectory(createCheck);
clone.setBare(true);
clone.setCloneAllBranches(true);
clone.setCredentialsProvider(cp);
Git git = clone.call();
GitBlitSuite.close(personalRepo);
// add a personal repository remote and a project remote
git.getRepository().getConfig().setString("remote", "user", "url", MessageFormat.format("{0}/~{1}/ticgit.git", url, user.username));
git.getRepository().getConfig().setString("remote", "project", "url", MessageFormat.format("{0}/project/ticgit.git", url));
git.getRepository().getConfig().save();
// push to non-existent user repository
try {
Iterable<PushResult> results = git.push().setRemote("user").setPushAll().setCredentialsProvider(cp).call();
for (PushResult result : results) {
RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");
Status status = ref.getStatus();
assertTrue("User failed to create repository?! " + status.name(), Status.OK.equals(status));
}
assertTrue("User canAdmin:" + user.canAdmin + " canCreate:" + user.canCreate, user.canAdmin || user.canCreate);
// confirm default personal repository permissions
RepositoryModel model = repositories().getRepositoryModel(MessageFormat.format("~{0}/ticgit.git", user.username));
assertEquals("Unexpected owner", user.username, ArrayUtils.toString(model.owners));
assertEquals("Unexpected authorization control", AuthorizationControl.NAMED, model.authorizationControl);
assertEquals("Unexpected access restriction", AccessRestrictionType.VIEW, model.accessRestriction);
} catch (GitAPIException e) {
assertTrue(e.getMessage(), e.getMessage().contains("git-receive-pack not found"));
assertFalse("User canAdmin:" + user.canAdmin + " canCreate:" + user.canCreate, user.canAdmin || user.canCreate);
}
// push to non-existent project repository
try {
Iterable<PushResult> results = git.push().setRemote("project").setPushAll().setCredentialsProvider(cp).call();
GitBlitSuite.close(git);
for (PushResult result : results) {
RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");
Status status = ref.getStatus();
assertTrue("User failed to create repository?! " + status.name(), Status.OK.equals(status));
}
assertTrue("User canAdmin:" + user.canAdmin, user.canAdmin);
// confirm default project repository permissions
RepositoryModel model = repositories().getRepositoryModel("project/ticgit.git");
assertEquals("Unexpected owner", user.username, ArrayUtils.toString(model.owners));
assertEquals("Unexpected authorization control", AuthorizationControl.fromName(settings().getString(Keys.git.defaultAuthorizationControl, "NAMED")), model.authorizationControl);
assertEquals("Unexpected access restriction", AccessRestrictionType.fromName(settings().getString(Keys.git.defaultAccessRestriction, "NONE")), model.accessRestriction);
} catch (GitAPIException e) {
assertTrue(e.getMessage(), e.getMessage().contains("git-receive-pack not found"));
assertFalse("User canAdmin:" + user.canAdmin, user.canAdmin);
}
GitBlitSuite.close(git);
delete(user);
}
Also used :
UserModel(com.gitblit.models.UserModel)
CloneCommand(org.eclipse.jgit.api.CloneCommand)
RemoteRefUpdate(org.eclipse.jgit.transport.RemoteRefUpdate)
Status(org.eclipse.jgit.transport.RemoteRefUpdate.Status)
GitAPIException(org.eclipse.jgit.api.errors.GitAPIException)
UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider)
Git(org.eclipse.jgit.api.Git)
UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider)
CredentialsProvider(org.eclipse.jgit.transport.CredentialsProvider)
PushResult(org.eclipse.jgit.transport.PushResult)
RepositoryModel(com.gitblit.models.RepositoryModel)
File(java.io.File)
Example 4 with CredentialsProvider
use of org.eclipse.jgit.transport.CredentialsProvider in project gitblit by gitblit.
the class GitServletTest method testCommitterVerification.
private void testCommitterVerification(UserModel user, String displayName, String emailAddress, boolean expectedSuccess) throws Exception {
delete(user);
CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);
// fork from original to a temporary bare repo
File verification = new File(GitBlitSuite.REPOSITORIES, "refchecks/verify-committer.git");
if (verification.exists()) {
FileUtils.delete(verification, FileUtils.RECURSIVE);
}
CloneCommand clone = Git.cloneRepository();
clone.setURI(MessageFormat.format("{0}/ticgit.git", url));
clone.setDirectory(verification);
clone.setBare(true);
clone.setCloneAllBranches(true);
clone.setCredentialsProvider(cp);
GitBlitSuite.close(clone.call());
// require push permissions and committer verification
RepositoryModel model = repositories().getRepositoryModel("refchecks/verify-committer.git");
model.authorizationControl = AuthorizationControl.NAMED;
model.accessRestriction = AccessRestrictionType.PUSH;
model.verifyCommitter = true;
// grant user push permission
user.setRepositoryPermission(model.name, AccessPermission.PUSH);
gitblit().addUser(user);
repositories().updateRepositoryModel(model.name, model, false);
// clone temp bare repo to working copy
File local = new File(GitBlitSuite.REPOSITORIES, "refchecks/verify-wc");
if (local.exists()) {
FileUtils.delete(local, FileUtils.RECURSIVE);
}
clone = Git.cloneRepository();
clone.setURI(MessageFormat.format("{0}/{1}", url, model.name));
clone.setDirectory(local);
clone.setBare(false);
clone.setCloneAllBranches(true);
clone.setCredentialsProvider(cp);
GitBlitSuite.close(clone.call());
Git git = Git.open(local);
// force an identity which may or may not match the account's identity
git.getRepository().getConfig().setString("user", null, "name", displayName);
git.getRepository().getConfig().setString("user", null, "email", emailAddress);
git.getRepository().getConfig().save();
// commit a file and push it
File file = new File(local, "PUSHCHK");
OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);
BufferedWriter w = new BufferedWriter(os);
w.write("// " + new Date().toString() + "\n");
w.close();
git.add().addFilepattern(file.getName()).call();
git.commit().setMessage("push test").call();
Iterable<PushResult> results = git.push().setCredentialsProvider(cp).setRemote("origin").call();
for (PushResult result : results) {
RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");
Status status = ref.getStatus();
if (expectedSuccess) {
assertTrue("Verification failed! User was NOT able to push commit! " + status.name(), Status.OK.equals(status));
} else {
assertTrue("Verification failed! User was able to push commit! " + status.name(), Status.REJECTED_OTHER_REASON.equals(status));
}
}
GitBlitSuite.close(git);
// close serving repository
GitBlitSuite.close(verification);
}
Also used :
CloneCommand(org.eclipse.jgit.api.CloneCommand)
RemoteRefUpdate(org.eclipse.jgit.transport.RemoteRefUpdate)
Status(org.eclipse.jgit.transport.RemoteRefUpdate.Status)
UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider)
UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider)
CredentialsProvider(org.eclipse.jgit.transport.CredentialsProvider)
RepositoryModel(com.gitblit.models.RepositoryModel)
PushResult(org.eclipse.jgit.transport.PushResult)
Date(java.util.Date)
BufferedWriter(java.io.BufferedWriter)
Git(org.eclipse.jgit.api.Git)
FileOutputStream(java.io.FileOutputStream)
OutputStreamWriter(java.io.OutputStreamWriter)
File(java.io.File)
Example 5 with CredentialsProvider
use of org.eclipse.jgit.transport.CredentialsProvider in project gitblit by gitblit.
the class GitServletTest method testMergeCommitterVerification.
private void testMergeCommitterVerification(boolean expectedSuccess) throws Exception {
UserModel user = getUser();
delete(user);
CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);
// fork from original to a temporary bare repo
File verification = new File(GitBlitSuite.REPOSITORIES, "refchecks/verify-committer.git");
if (verification.exists()) {
FileUtils.delete(verification, FileUtils.RECURSIVE);
}
CloneCommand clone = Git.cloneRepository();
clone.setURI(MessageFormat.format("{0}/ticgit.git", url));
clone.setDirectory(verification);
clone.setBare(true);
clone.setCloneAllBranches(true);
clone.setCredentialsProvider(cp);
GitBlitSuite.close(clone.call());
// require push permissions and committer verification
RepositoryModel model = repositories().getRepositoryModel("refchecks/verify-committer.git");
model.authorizationControl = AuthorizationControl.NAMED;
model.accessRestriction = AccessRestrictionType.PUSH;
model.verifyCommitter = true;
// grant user push permission
user.setRepositoryPermission(model.name, AccessPermission.PUSH);
gitblit().addUser(user);
repositories().updateRepositoryModel(model.name, model, false);
// clone temp bare repo to working copy
File local = new File(GitBlitSuite.REPOSITORIES, "refchecks/verify-wc");
if (local.exists()) {
FileUtils.delete(local, FileUtils.RECURSIVE);
}
clone = Git.cloneRepository();
clone.setURI(MessageFormat.format("{0}/{1}", url, model.name));
clone.setDirectory(local);
clone.setBare(false);
clone.setCloneAllBranches(true);
clone.setCredentialsProvider(cp);
GitBlitSuite.close(clone.call());
Git git = Git.open(local);
// checkout a mergetest branch
git.checkout().setCreateBranch(true).setName("mergetest").call();
// change identity
git.getRepository().getConfig().setString("user", null, "name", "mergetest");
git.getRepository().getConfig().setString("user", null, "email", "mergetest@merge.com");
git.getRepository().getConfig().save();
// commit a file
File file = new File(local, "MERGECHK2");
OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);
BufferedWriter w = new BufferedWriter(os);
w.write("// " + new Date().toString() + "\n");
w.close();
git.add().addFilepattern(file.getName()).call();
RevCommit mergeTip = git.commit().setMessage(file.getName() + " test").call();
// return to master
git.checkout().setName("master").call();
// restore identity
if (expectedSuccess) {
git.getRepository().getConfig().setString("user", null, "name", user.username);
git.getRepository().getConfig().setString("user", null, "email", user.emailAddress);
git.getRepository().getConfig().save();
}
// commit a file
file = new File(local, "MERGECHK1");
os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);
w = new BufferedWriter(os);
w.write("// " + new Date().toString() + "\n");
w.close();
git.add().addFilepattern(file.getName()).call();
git.commit().setMessage(file.getName() + " test").call();
// merge the tip of the mergetest branch into master with --no-ff
MergeResult mergeResult = git.merge().setFastForward(FastForwardMode.NO_FF).include(mergeTip.getId()).call();
assertEquals(MergeResult.MergeStatus.MERGED, mergeResult.getMergeStatus());
// push the merged master to the origin
Iterable<PushResult> results = git.push().setCredentialsProvider(cp).setRemote("origin").call();
for (PushResult result : results) {
RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");
Status status = ref.getStatus();
if (expectedSuccess) {
assertTrue("Verification failed! User was NOT able to push commit! " + status.name(), Status.OK.equals(status));
} else {
assertTrue("Verification failed! User was able to push commit! " + status.name(), Status.REJECTED_OTHER_REASON.equals(status));
}
}
GitBlitSuite.close(git);
// close serving repository
GitBlitSuite.close(verification);
}
Also used :
CloneCommand(org.eclipse.jgit.api.CloneCommand)
RemoteRefUpdate(org.eclipse.jgit.transport.RemoteRefUpdate)
Status(org.eclipse.jgit.transport.RemoteRefUpdate.Status)
UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider)
MergeResult(org.eclipse.jgit.api.MergeResult)
UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider)
CredentialsProvider(org.eclipse.jgit.transport.CredentialsProvider)
RepositoryModel(com.gitblit.models.RepositoryModel)
PushResult(org.eclipse.jgit.transport.PushResult)
Date(java.util.Date)
BufferedWriter(java.io.BufferedWriter)
UserModel(com.gitblit.models.UserModel)
Git(org.eclipse.jgit.api.Git)
FileOutputStream(java.io.FileOutputStream)
OutputStreamWriter(java.io.OutputStreamWriter)
File(java.io.File)
RevCommit(org.eclipse.jgit.revwalk.RevCommit)
Aggregations
RepositoryModel (com.gitblit.models.RepositoryModel)5
File (java.io.File)5
CredentialsProvider (org.eclipse.jgit.transport.CredentialsProvider)5
UsernamePasswordCredentialsProvider (org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider)5
UserModel (com.gitblit.models.UserModel)4
FileOutputStream (java.io.FileOutputStream)4
CloneCommand (org.eclipse.jgit.api.CloneCommand)4
Git (org.eclipse.jgit.api.Git)4
PushResult (org.eclipse.jgit.transport.PushResult)4
RemoteRefUpdate (org.eclipse.jgit.transport.RemoteRefUpdate)4
Status (org.eclipse.jgit.transport.RemoteRefUpdate.Status)4
BufferedWriter (java.io.BufferedWriter)3
OutputStreamWriter (java.io.OutputStreamWriter)3
Date (java.util.Date)3
RevCommit (org.eclipse.jgit.revwalk.RevCommit)3
GitAPIException (org.eclipse.jgit.api.errors.GitAPIException)2
ConfigUserService (com.gitblit.ConfigUserService)1
AccessPermission (com.gitblit.Constants.AccessPermission)1
ForbiddenException (com.gitblit.GitBlitException.ForbiddenException)1
IUserService (com.gitblit.IUserService)1
