|
|
# Copyright (C) 2010-2024 RhodeCode GmbH
|
|
|
#
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
|
# it under the terms of the GNU Affero General Public License, version 3
|
|
|
# (only), as published by the Free Software Foundation.
|
|
|
#
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
# GNU General Public License for more details.
|
|
|
#
|
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
#
|
|
|
# This program is dual-licensed. If you wish to learn more about the
|
|
|
# RhodeCode Enterprise Edition, including its added features, Support services,
|
|
|
# and proprietary license terms, please see https://rhodecode.com/licenses/
|
|
|
|
|
|
"""
|
|
|
Test suite for making push/pull operations, on specially modified INI files
|
|
|
"""
|
|
|
|
|
|
import pytest
|
|
|
from importlib.metadata import version
|
|
|
|
|
|
from rhodecode.model.meta import Session
|
|
|
from rhodecode.model.settings import SettingsModel
|
|
|
|
|
|
from rhodecode.tests import GIT_REPO, HG_REPO
|
|
|
from rhodecode.tests.vcs_operations import Command, _add_files_and_push
|
|
|
|
|
|
|
|
|
@pytest.fixture()
|
|
|
def bad_client_setter_factory(request):
|
|
|
def _factory(client_type, client_str_val):
|
|
|
# set allowed clients
|
|
|
setting = SettingsModel().create_or_update_setting(name=f"{client_type}_allowed_clients", val=client_str_val)
|
|
|
Session().add(setting)
|
|
|
Session().commit()
|
|
|
|
|
|
@request.addfinalizer
|
|
|
def cleanup():
|
|
|
setting2 = SettingsModel().create_or_update_setting(name=f"{client_type}_allowed_clients", val="*")
|
|
|
Session().add(setting2)
|
|
|
Session().commit()
|
|
|
|
|
|
return _factory
|
|
|
|
|
|
|
|
|
@pytest.mark.usefixtures(
|
|
|
"init_pyramid_app",
|
|
|
"repo_group_repos",
|
|
|
"disable_anonymous_user",
|
|
|
"disable_locking",
|
|
|
)
|
|
|
class TestVCSOperationsOnUsingBadClient(object):
|
|
|
def test_push_with_bad_client_repo_by_other_user_hg(self, rcstack, tmpdir):
|
|
|
clone_url = rcstack.repo_clone_url(HG_REPO)
|
|
|
stdout, stderr = Command(tmpdir.strpath).execute("hg clone", clone_url, tmpdir.strpath)
|
|
|
|
|
|
# set allowed clients
|
|
|
setting = SettingsModel().create_or_update_setting(name=f"hg_allowed_clients", val="0.0.0")
|
|
|
Session().add(setting)
|
|
|
Session().commit()
|
|
|
|
|
|
# push fails repo is locked by other user !
|
|
|
push_url = rcstack.repo_clone_url(HG_REPO)
|
|
|
stdout, stderr = _add_files_and_push("hg", tmpdir.strpath, clone_url=push_url)
|
|
|
current_version = version('mercurial')
|
|
|
msg = f"Your hg client (version=mercurial/proto-1.0 (Mercurial {current_version})) is forbidden by security rules"
|
|
|
assert msg in stderr
|
|
|
|
|
|
def test_push_with_bad_client_repo_by_other_user_git(self, rcstack, tmpdir):
|
|
|
clone_url = rcstack.repo_clone_url(GIT_REPO)
|
|
|
stdout, stderr = Command(tmpdir.strpath).execute("git clone", clone_url, tmpdir.strpath)
|
|
|
|
|
|
# set allowed clients
|
|
|
setting = SettingsModel().create_or_update_setting(name=f"git_allowed_clients", val="0.0.0")
|
|
|
Session().add(setting)
|
|
|
Session().commit()
|
|
|
|
|
|
# push fails repo is locked by other user!
|
|
|
push_url = rcstack.repo_clone_url(GIT_REPO)
|
|
|
stdout, stderr = _add_files_and_push("git", tmpdir.strpath, clone_url=push_url)
|
|
|
|
|
|
err = "Your git client (version=git/2.45.2) is forbidden by security rules"
|
|
|
assert err in stderr
|
|
|
|
|
|
@pytest.mark.xfail(reason="Lack of proper SVN support of cloning")
|
|
|
def test_push_with_bad_client_repo_by_other_user_svn(self, rcstack, tmpdir):
|
|
|
raise NotImplementedError("lacks svn support")
|
|
|
|