1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-01-25 15:29:19 +00:00
forgejo/integrations
zeripath 01c10a951b
Fix ssh deploy and user key constraints (#1357) (#5939)
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.

We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:

- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.

Fix #1357
2019-02-03 23:56:53 +00:00
..
gitea-repositories-meta Fix redirect with non-ascii branch names (#4764) (#4810) 2018-09-06 21:37:02 -04:00
migration-test Add migration test (#5773) 2019-01-28 11:18:52 -05:00
api_admin_test.go Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250) 2018-11-03 21:15:55 -04:00
api_branch_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_comment_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_fork_test.go Fix repo API bug (#2133) 2017-07-12 03:23:41 +02:00
api_gpg_keys_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_helper_for_declarative_test.go Fix ssh deploy and user key constraints (#1357) (#5939) 2019-02-03 23:56:53 +00:00
api_issue_label_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_issue_test.go feat(repo): support search repository by topic name (#4505) 2018-09-13 10:33:48 +08:00
api_keys_test.go Keys API changes (#4960) 2018-10-31 23:40:49 -04:00
api_org_test.go add api for user to create org (#5268) 2018-11-20 12:31:30 -05:00
api_pull_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_releases_test.go Fix new release creation API to allow empty target (#5870) 2019-01-30 11:33:00 -05:00
api_repo_git_commits_test.go Add single commit API support (#5843) 2019-02-02 22:35:17 -05:00
api_repo_git_ref_test.go Implement git refs API for listing references (branches, tags and other) (#5354) 2018-11-27 16:52:20 -05:00
api_repo_lfs_locks_test.go Fix SSH auth lfs locks (#3152) 2018-01-27 18:48:15 +02:00
api_repo_raw_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_repo_test.go Restrict permission check on repositories and fix some problems (#5314) 2018-11-28 19:26:14 +08:00
api_team_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_token_test.go Add ability to delete a token (#4235) 2018-07-06 21:54:30 -04:00
api_user_heatmap_test.go User action heatmap (#5131) 2018-10-23 10:57:42 +08:00
api_user_orgs_test.go Ensure valid git author names passed in signatures (#5774) 2019-01-24 16:12:17 +02:00
auth_ldap_test.go Fix issue where ecdsa and other key types are not synced from LDAP (#5092) (#5094) 2018-10-30 20:08:30 -04:00
benchmarks_test.go Fix type mismatch of format string (#5574) 2018-12-21 11:13:31 -05:00
branches_test.go Use httptest in integration tests (#3080) 2017-12-04 00:46:01 +02:00
change_default_branch_test.go Less verbose integration tests (#2123) 2017-07-07 21:36:47 +02:00
delete_user_test.go Refactor User Settings (#3900) 2018-05-15 13:07:32 +03:00
download_test.go Add raw blob endpoint to get objects by SHA ID (#5334) 2018-11-18 13:45:40 -05:00
editor_test.go Improve English grammar and consistency. (#3614) 2018-04-19 17:24:31 +03:00
empty_repo_test.go Refactor repo.isBare to repo.isEmpty #5629 (#5714) 2019-01-17 19:01:04 -05:00
explore_repos_test.go fix template error on explore repos (#2319) 2017-08-17 15:20:21 +03:00
git_helper_for_declarative_test.go Fix ssh deploy and user key constraints (#1357) (#5939) 2019-02-03 23:56:53 +00:00
git_test.go Fix ssh deploy and user key constraints (#1357) (#5939) 2019-02-03 23:56:53 +00:00
html_helper.go Use httptest in integration tests (#3080) 2017-12-04 00:46:01 +02:00
integration_test.go fix lfs version check warning log when using ssh protocol (#5501) 2018-12-19 09:17:43 +08:00
internal_test.go Use httptest in integration tests (#3080) 2017-12-04 00:46:01 +02:00
issue_test.go Unit tests for routers/repo/issue_label (#3198) 2017-12-15 23:11:02 +02:00
lfs_getobject_test.go Pooled and buffered gzip implementation (#5722) 2019-01-23 10:56:51 +02:00
links_test.go Refactor User Settings (#3900) 2018-05-15 13:07:32 +03:00
mssql.ini.tmpl Make log mailer for testing (#5893) 2019-02-02 21:06:52 -05:00
mysql.ini.tmpl Make log mailer for testing (#5893) 2019-02-02 21:06:52 -05:00
nonascii_branches_test.go Fix redirect with non-ascii branch names (#4764) (#4810) 2018-09-06 21:37:02 -04:00
pgsql.ini.tmpl Make log mailer for testing (#5893) 2019-02-02 21:06:52 -05:00
pull_compare_test.go Responsive view (#2750) 2017-12-30 18:47:52 -06:00
pull_create_test.go Fix escaping changed title in comments (#3530) 2018-02-18 22:06:37 +02:00
pull_merge_test.go Add rebase with merge commit merge style (#3844) (#4052) 2018-12-27 12:27:08 +02:00
README.md CN translation of README (#5050) 2018-10-15 12:13:21 +08:00
README_ZH.md CN translation of README (#5050) 2018-10-15 12:13:21 +08:00
release_test.go Unit tests for routers/repo/issue_label (#3198) 2017-12-15 23:11:02 +02:00
repo_activity_test.go Fix escaping changed title in comments (#3530) 2018-02-18 22:06:37 +02:00
repo_branch_test.go Add more bench (#3161) 2017-12-24 02:33:34 +02:00
repo_commits_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
repo_fork_test.go Use httptest in integration tests (#3080) 2017-12-04 00:46:01 +02:00
repo_migrate_test.go Add more bench (#3161) 2017-12-24 02:33:34 +02:00
repo_search_test.go Code/repo search (#2582) 2017-10-27 09:10:54 +03:00
repo_test.go Revert #3711 overwrite of only show "No Description" to repo admins #2167 (#5836) 2019-01-27 21:13:15 +00:00
setting_test.go fix not respecting landing page setting (#4209) 2018-06-15 11:42:46 +08:00
signin_test.go Add integration tests for signin (#2363) 2017-08-23 10:30:33 +03:00
signout_test.go Add integration test for logging out (#2892) 2017-11-11 23:29:07 -06:00
signup_test.go Less verbose integration tests (#2123) 2017-07-07 21:36:47 +02:00
sqlite.ini Make log mailer for testing (#5893) 2019-02-02 21:06:52 -05:00
ssh_key_test.go Fix ssh deploy and user key constraints (#1357) (#5939) 2019-02-03 23:56:53 +00:00
timetracking_test.go Unit tests for routers/repo/issue_label (#3198) 2017-12-15 23:11:02 +02:00
user_test.go Ensure valid git author names passed in signatures (#5774) 2019-01-24 16:12:17 +02:00
version_test.go Update hard-coded version to 1.3.0-dev (#2390) 2017-10-12 14:40:42 +03:00
xss_test.go Added user language setting (#3875) 2018-05-05 08:28:30 +08:00

Integrations tests

Integration tests can be run with make commands for the appropriate backends, namely:

make test-mysql
make test-pgsql
make test-sqlite

Make sure to perform a clean build before running tests:

make clean build

Run all tests via local drone

drone exec --local --build-event "pull_request"

Run sqlite integrations tests

Start tests

make test-sqlite

Run mysql integrations tests

Setup a mysql database inside docker

docker run -e "MYSQL_DATABASE=test" -e "MYSQL_ALLOW_EMPTY_PASSWORD=yes" --rm --name mysql mysql:5.7 #(just ctrl-c to stop db and clean the container) 

Start tests based on the database container

TEST_MYSQL_HOST="$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mysql):3306" TEST_MYSQL_DBNAME=test TEST_MYSQL_USERNAME=root TEST_MYSQL_PASSWORD='' make test-mysql

Run pgsql integrations tests

Setup a pgsql database inside docker

docker run -e "POSTGRES_DB=test" --rm --name pgsql postgres:9.5 #(just ctrl-c to stop db and clean the container) 

Start tests based on the database container

TEST_PGSQL_HOST=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' pgsql) TEST_PGSQL_DBNAME=test TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql

Running individual tests

Example command to run GPG test with sqlite backend:

go test -c code.gitea.io/gitea/integrations \
  -o integrations.sqlite.test -tags 'sqlite' &&
  GITEA_ROOT="$GOPATH/src/code.gitea.io/gitea" \
  GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test \
  -test.v -test.run GPG