Search in sources :

Example 21 with UsernamePasswordCredentialsProvider

use of org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider in project gitblit by gitblit.

the class GitServletTest method testRefChange.

private void testRefChange(AccessPermission permission, Status expectedCreate, Status expectedDelete, Status expectedRewind) throws Exception {
    final String originName = "ticgit.git";
    final String forkName = "refchecks/ticgit.git";
    final String workingCopy = "refchecks/ticgit-wc";
    // lower access restriction on origin repository
    RepositoryModel origin = repositories().getRepositoryModel(originName);
    origin.accessRestriction = AccessRestrictionType.NONE;
    repositories().updateRepositoryModel(origin.name, origin, false);
    UserModel user = getUser();
    delete(user);
    CredentialsProvider cp = new UsernamePasswordCredentialsProvider(user.username, user.password);
    // fork from original to a temporary bare repo
    File refChecks = new File(GitBlitSuite.REPOSITORIES, forkName);
    if (refChecks.exists()) {
        FileUtils.delete(refChecks, FileUtils.RECURSIVE | FileUtils.RETRY);
    }
    CloneCommand clone = Git.cloneRepository();
    clone.setURI(url + "/" + originName);
    clone.setDirectory(refChecks);
    clone.setBare(true);
    clone.setCloneAllBranches(true);
    clone.setCredentialsProvider(cp);
    GitBlitSuite.close(clone.call());
    // elevate repository to clone permission
    RepositoryModel model = repositories().getRepositoryModel(forkName);
    switch(permission) {
        case VIEW:
            model.accessRestriction = AccessRestrictionType.CLONE;
            break;
        case CLONE:
            model.accessRestriction = AccessRestrictionType.CLONE;
            break;
        default:
            model.accessRestriction = AccessRestrictionType.PUSH;
    }
    model.authorizationControl = AuthorizationControl.NAMED;
    // grant user specified
    user.setRepositoryPermission(model.name, permission);
    gitblit().addUser(user);
    repositories().updateRepositoryModel(model.name, model, false);
    // clone temp bare repo to working copy
    File local = new File(GitBlitSuite.REPOSITORIES, workingCopy);
    if (local.exists()) {
        FileUtils.delete(local, FileUtils.RECURSIVE | FileUtils.RETRY);
    }
    clone = Git.cloneRepository();
    clone.setURI(MessageFormat.format("{0}/{1}", url, model.name));
    clone.setDirectory(local);
    clone.setBare(false);
    clone.setCloneAllBranches(true);
    clone.setCredentialsProvider(cp);
    try {
        GitBlitSuite.close(clone.call());
    } catch (GitAPIException e) {
        if (permission.atLeast(AccessPermission.CLONE)) {
            throw e;
        } else {
            // close serving repository
            GitBlitSuite.close(refChecks);
            // user does not have clone permission
            assertTrue(e.getMessage(), e.getMessage().contains("not permitted"));
            return;
        }
    }
    Git git = Git.open(local);
    // commit a file and push it
    File file = new File(local, "PUSHCHK");
    OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);
    BufferedWriter w = new BufferedWriter(os);
    w.write("// " + new Date().toString() + "\n");
    w.close();
    git.add().addFilepattern(file.getName()).call();
    git.commit().setMessage("push test").call();
    Iterable<PushResult> results = null;
    try {
        results = git.push().setCredentialsProvider(cp).setRemote("origin").call();
    } catch (GitAPIException e) {
        if (permission.atLeast(AccessPermission.PUSH)) {
            throw e;
        } else {
            // close serving repository
            GitBlitSuite.close(refChecks);
            // user does not have push permission
            assertTrue(e.getMessage(), e.getMessage().contains("not permitted"));
            GitBlitSuite.close(git);
            return;
        }
    }
    for (PushResult result : results) {
        RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");
        Status status = ref.getStatus();
        if (permission.atLeast(AccessPermission.PUSH)) {
            assertTrue("User failed to push commit?! " + status.name(), Status.OK.equals(status));
        } else {
            // close serving repository
            GitBlitSuite.close(refChecks);
            assertTrue("User was able to push commit! " + status.name(), Status.REJECTED_OTHER_REASON.equals(status));
            GitBlitSuite.close(git);
            // skip delete test
            return;
        }
    }
    // create a local branch and push the new branch back to the origin
    git.branchCreate().setName("protectme").call();
    RefSpec refSpec = new RefSpec("refs/heads/protectme:refs/heads/protectme");
    results = git.push().setCredentialsProvider(cp).setRefSpecs(refSpec).setRemote("origin").call();
    for (PushResult result : results) {
        RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/protectme");
        Status status = ref.getStatus();
        if (Status.OK.equals(expectedCreate)) {
            assertTrue("User failed to push creation?! " + status.name(), status.equals(expectedCreate));
        } else {
            // close serving repository
            GitBlitSuite.close(refChecks);
            assertTrue("User was able to push ref creation! " + status.name(), status.equals(expectedCreate));
            GitBlitSuite.close(git);
            // skip delete test
            return;
        }
    }
    // delete the branch locally
    git.branchDelete().setBranchNames("protectme").call();
    // push a delete ref command
    refSpec = new RefSpec(":refs/heads/protectme");
    results = git.push().setCredentialsProvider(cp).setRefSpecs(refSpec).setRemote("origin").call();
    for (PushResult result : results) {
        RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/protectme");
        Status status = ref.getStatus();
        if (Status.OK.equals(expectedDelete)) {
            assertTrue("User failed to push ref deletion?! " + status.name(), status.equals(Status.OK));
        } else {
            // close serving repository
            GitBlitSuite.close(refChecks);
            assertTrue("User was able to push ref deletion?! " + status.name(), status.equals(expectedDelete));
            GitBlitSuite.close(git);
            // skip rewind test
            return;
        }
    }
    // rewind master by two commits
    git.reset().setRef("HEAD~2").setMode(ResetType.HARD).call();
    // commit a change on this detached HEAD
    file = new File(local, "REWINDCHK");
    os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);
    w = new BufferedWriter(os);
    w.write("// " + new Date().toString() + "\n");
    w.close();
    git.add().addFilepattern(file.getName()).call();
    RevCommit commit = git.commit().setMessage("rewind master and new commit").call();
    // Reset master to our new commit now we our local branch tip is no longer
    // upstream of the remote branch tip.  It is an alternate tip of the branch.
    JGitUtils.setBranchRef(git.getRepository(), "refs/heads/master", commit.getName());
    // Try pushing our new tip to the origin.
    // This requires the server to "rewind" it's master branch and update it
    // to point to our alternate tip.  This leaves the original master tip
    // unreferenced.
    results = git.push().setCredentialsProvider(cp).setRemote("origin").setForce(true).call();
    for (PushResult result : results) {
        RemoteRefUpdate ref = result.getRemoteUpdate("refs/heads/master");
        Status status = ref.getStatus();
        if (Status.OK.equals(expectedRewind)) {
            assertTrue("User failed to rewind master?! " + status.name(), status.equals(expectedRewind));
        } else {
            assertTrue("User was able to rewind master?! " + status.name(), status.equals(expectedRewind));
        }
    }
    GitBlitSuite.close(git);
    // close serving repository
    GitBlitSuite.close(refChecks);
    delete(user);
}
Also used : CloneCommand(org.eclipse.jgit.api.CloneCommand) RemoteRefUpdate(org.eclipse.jgit.transport.RemoteRefUpdate) Status(org.eclipse.jgit.transport.RemoteRefUpdate.Status) UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider) RepositoryModel(com.gitblit.models.RepositoryModel) UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider) CredentialsProvider(org.eclipse.jgit.transport.CredentialsProvider) PushResult(org.eclipse.jgit.transport.PushResult) Date(java.util.Date) BufferedWriter(java.io.BufferedWriter) UserModel(com.gitblit.models.UserModel) GitAPIException(org.eclipse.jgit.api.errors.GitAPIException) Git(org.eclipse.jgit.api.Git) RefSpec(org.eclipse.jgit.transport.RefSpec) FileOutputStream(java.io.FileOutputStream) OutputStreamWriter(java.io.OutputStreamWriter) File(java.io.File) RevCommit(org.eclipse.jgit.revwalk.RevCommit)

Example 22 with UsernamePasswordCredentialsProvider

use of org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider in project gitblit by gitblit.

the class GitServletTest method testPushToFrozenRepo.

@Test
public void testPushToFrozenRepo() throws Exception {
    GitBlitSuite.close(jgitFolder);
    if (jgitFolder.exists()) {
        FileUtils.delete(jgitFolder, FileUtils.RECURSIVE | FileUtils.RETRY);
    }
    CloneCommand clone = Git.cloneRepository();
    clone.setURI(MessageFormat.format("{0}/test/jgit.git", url));
    clone.setDirectory(jgitFolder);
    clone.setBare(false);
    clone.setCloneAllBranches(true);
    clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password));
    GitBlitSuite.close(clone.call());
    assertTrue(true);
    // freeze repo
    RepositoryModel model = repositories().getRepositoryModel("test/jgit.git");
    model.isFrozen = true;
    repositories().updateRepositoryModel(model.name, model, false);
    Git git = Git.open(jgitFolder);
    File file = new File(jgitFolder, "TODO");
    OutputStreamWriter os = new OutputStreamWriter(new FileOutputStream(file, true), Constants.CHARSET);
    BufferedWriter w = new BufferedWriter(os);
    w.write("// " + new Date().toString() + "\n");
    w.close();
    git.add().addFilepattern(file.getName()).call();
    git.commit().setMessage("test commit").call();
    Iterable<PushResult> results = git.push().setPushAll().setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password)).call();
    for (PushResult result : results) {
        for (RemoteRefUpdate update : result.getRemoteUpdates()) {
            assertEquals(Status.REJECTED_OTHER_REASON, update.getStatus());
        }
    }
    // unfreeze repo
    model.isFrozen = false;
    repositories().updateRepositoryModel(model.name, model, false);
    results = git.push().setPushAll().setCredentialsProvider(new UsernamePasswordCredentialsProvider(account, password)).call();
    GitBlitSuite.close(git);
    for (PushResult result : results) {
        for (RemoteRefUpdate update : result.getRemoteUpdates()) {
            assertEquals(Status.OK, update.getStatus());
        }
    }
}
Also used : CloneCommand(org.eclipse.jgit.api.CloneCommand) RemoteRefUpdate(org.eclipse.jgit.transport.RemoteRefUpdate) UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider) Git(org.eclipse.jgit.api.Git) FileOutputStream(java.io.FileOutputStream) OutputStreamWriter(java.io.OutputStreamWriter) RepositoryModel(com.gitblit.models.RepositoryModel) PushResult(org.eclipse.jgit.transport.PushResult) File(java.io.File) Date(java.util.Date) BufferedWriter(java.io.BufferedWriter) Test(org.junit.Test)

Example 23 with UsernamePasswordCredentialsProvider

use of org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider in project gitblit by gitblit.

the class GitServletTest method testBogusLoginClone.

@Test
public void testBogusLoginClone() throws Exception {
    // restrict repository access
    RepositoryModel model = repositories().getRepositoryModel("ticgit.git");
    model.accessRestriction = AccessRestrictionType.CLONE;
    repositories().updateRepositoryModel(model.name, model, false);
    // delete any existing working folder
    boolean cloned = false;
    try {
        CloneCommand clone = Git.cloneRepository();
        clone.setURI(MessageFormat.format("{0}/ticgit.git", url));
        clone.setDirectory(ticgit2Folder);
        clone.setBare(false);
        clone.setCloneAllBranches(true);
        clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider("bogus", "bogus"));
        GitBlitSuite.close(clone.call());
        cloned = true;
    } catch (Exception e) {
    // swallow the exception which we expect
    }
    // restore anonymous repository access
    model.accessRestriction = AccessRestrictionType.NONE;
    repositories().updateRepositoryModel(model.name, model, false);
    assertFalse("Bogus login cloned a repository?!", cloned);
}
Also used : CloneCommand(org.eclipse.jgit.api.CloneCommand) UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider) RepositoryModel(com.gitblit.models.RepositoryModel) GitAPIException(org.eclipse.jgit.api.errors.GitAPIException) IOException(java.io.IOException) Test(org.junit.Test)

Example 24 with UsernamePasswordCredentialsProvider

use of org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider in project gitblit by gitblit.

the class GitServletTest method testUnauthorizedLoginClone.

@Test
public void testUnauthorizedLoginClone() throws Exception {
    // restrict repository access
    RepositoryModel model = repositories().getRepositoryModel("ticgit.git");
    model.accessRestriction = AccessRestrictionType.CLONE;
    model.authorizationControl = AuthorizationControl.NAMED;
    UserModel user = new UserModel("james");
    user.password = "james";
    gitblit().addUser(user);
    repositories().updateRepositoryModel(model.name, model, false);
    FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE);
    // delete any existing working folder
    boolean cloned = false;
    try {
        CloneCommand clone = Git.cloneRepository();
        clone.setURI(MessageFormat.format("{0}/ticgit.git", url));
        clone.setDirectory(ticgit2Folder);
        clone.setBare(false);
        clone.setCloneAllBranches(true);
        clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(user.username, user.password));
        GitBlitSuite.close(clone.call());
        cloned = true;
    } catch (Exception e) {
    // swallow the exception which we expect
    }
    assertFalse("Unauthorized login cloned a repository?!", cloned);
    FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE);
    // switch to authenticated
    model.authorizationControl = AuthorizationControl.AUTHENTICATED;
    repositories().updateRepositoryModel(model.name, model, false);
    // try clone again
    cloned = false;
    CloneCommand clone = Git.cloneRepository();
    clone.setURI(MessageFormat.format("{0}/ticgit.git", url));
    clone.setDirectory(ticgit2Folder);
    clone.setBare(false);
    clone.setCloneAllBranches(true);
    clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(user.username, user.password));
    GitBlitSuite.close(clone.call());
    cloned = true;
    assertTrue("Authenticated login could not clone!", cloned);
    FileUtils.delete(ticgit2Folder, FileUtils.RECURSIVE);
    // restore anonymous repository access
    model.accessRestriction = AccessRestrictionType.NONE;
    model.authorizationControl = AuthorizationControl.NAMED;
    repositories().updateRepositoryModel(model.name, model, false);
    delete(user);
}
Also used : UserModel(com.gitblit.models.UserModel) CloneCommand(org.eclipse.jgit.api.CloneCommand) UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider) RepositoryModel(com.gitblit.models.RepositoryModel) GitAPIException(org.eclipse.jgit.api.errors.GitAPIException) IOException(java.io.IOException) Test(org.junit.Test)

Example 25 with UsernamePasswordCredentialsProvider

use of org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider in project gitblit by gitblit.

the class SshDaemonTest method testCloneCommand.

@Test
public void testCloneCommand() throws Exception {
    if (ticgitFolder.exists()) {
        GitBlitSuite.close(ticgitFolder);
        FileUtils.delete(ticgitFolder, FileUtils.RECURSIVE);
    }
    // set clone restriction
    RepositoryModel model = repositories().getRepositoryModel("ticgit.git");
    assertNotNull("Could not get repository modle for ticgit.git", model);
    model.accessRestriction = AccessRestrictionType.CLONE;
    model.authorizationControl = AuthorizationControl.NAMED;
    repositories().updateRepositoryModel(model.name, model, false);
    JschConfigTestSessionFactory sessionFactory = new JschConfigTestSessionFactory(roKeyPair);
    SshSessionFactory.setInstance(sessionFactory);
    CloneCommand clone = Git.cloneRepository();
    clone.setCredentialsProvider(new UsernamePasswordCredentialsProvider(username, password));
    clone.setURI(MessageFormat.format("{0}/ticgit.git", url));
    clone.setDirectory(ticgitFolder);
    clone.setBare(false);
    clone.setCloneAllBranches(true);
    Git git = clone.call();
    List<RevCommit> commits = JGitUtils.getRevLog(git.getRepository(), 10);
    GitBlitSuite.close(git);
    assertEquals(10, commits.size());
    // restore anonymous repository access
    model.accessRestriction = AccessRestrictionType.NONE;
    model.authorizationControl = AuthorizationControl.NAMED;
    repositories().updateRepositoryModel(model.name, model, false);
}
Also used : CloneCommand(org.eclipse.jgit.api.CloneCommand) UsernamePasswordCredentialsProvider(org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider) Git(org.eclipse.jgit.api.Git) RepositoryModel(com.gitblit.models.RepositoryModel) RevCommit(org.eclipse.jgit.revwalk.RevCommit) Test(org.junit.Test)

Aggregations

UsernamePasswordCredentialsProvider (org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider)76 Git (org.eclipse.jgit.api.Git)47 File (java.io.File)34 CredentialsProvider (org.eclipse.jgit.transport.CredentialsProvider)23 IOException (java.io.IOException)19 Test (org.junit.Test)18 CloneCommand (org.eclipse.jgit.api.CloneCommand)17 GitAPIException (org.eclipse.jgit.api.errors.GitAPIException)15 RepositoryModel (com.gitblit.models.RepositoryModel)12 PushResult (org.eclipse.jgit.transport.PushResult)12 RemoteRefUpdate (org.eclipse.jgit.transport.RemoteRefUpdate)9 FileOutputStream (java.io.FileOutputStream)8 PushCommand (org.eclipse.jgit.api.PushCommand)8 RevCommit (org.eclipse.jgit.revwalk.RevCommit)8 BufferedWriter (java.io.BufferedWriter)7 OutputStreamWriter (java.io.OutputStreamWriter)7 Date (java.util.Date)7 Ref (org.eclipse.jgit.lib.Ref)7 Repository (org.eclipse.jgit.lib.Repository)7 URIish (org.eclipse.jgit.transport.URIish)7