# Copyright (C) 2010-2024 RhodeCode GmbH # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License, version 3 # (only), as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # # This program is dual-licensed. If you wish to learn more about the # RhodeCode Enterprise Edition, including its added features, Support services, # and proprietary license terms, please see https://rhodecode.com/licenses/ """ Test suite for making push/pull operations, on specially modified INI files """ import pytest from rhodecode.model.meta import Session from rhodecode.model.settings import SettingsModel from rhodecode.tests import GIT_REPO, HG_REPO from rhodecode.tests.vcs_operations import Command, _add_files_and_push @pytest.fixture() def bad_client_setter_factory(request): def _factory(client_type, client_str_val): # set allowed clients setting = SettingsModel().create_or_update_setting(name=f"{client_type}_allowed_clients", val=client_str_val) Session().add(setting) Session().commit() @request.addfinalizer def cleanup(): setting2 = SettingsModel().create_or_update_setting(name=f"{client_type}_allowed_clients", val="*") Session().add(setting2) Session().commit() return _factory @pytest.mark.usefixtures( "init_pyramid_app", "repo_group_repos", "disable_anonymous_user", "disable_locking", ) class TestVCSOperationsOnUsingBadClient(object): def test_push_with_bad_client_repo_by_other_user_hg(self, rcstack, tmpdir): clone_url = rcstack.repo_clone_url(HG_REPO) stdout, stderr = Command(tmpdir.strpath).execute("hg clone", clone_url, tmpdir.strpath) # set allowed clients setting = SettingsModel().create_or_update_setting(name=f"hg_allowed_clients", val="0.0.0") Session().add(setting) Session().commit() # push fails repo is locked by other user ! push_url = rcstack.repo_clone_url(HG_REPO) stdout, stderr = _add_files_and_push("hg", tmpdir.strpath, clone_url=push_url) msg = "Your hg client (version=mercurial/proto-1.0 (Mercurial 6.7.4)) is forbidden by security rules" assert msg in stderr def test_push_with_bad_client_repo_by_other_user_git(self, rcstack, tmpdir): clone_url = rcstack.repo_clone_url(GIT_REPO) stdout, stderr = Command(tmpdir.strpath).execute("git clone", clone_url, tmpdir.strpath) # set allowed clients setting = SettingsModel().create_or_update_setting(name=f"git_allowed_clients", val="0.0.0") Session().add(setting) Session().commit() # push fails repo is locked by other user! push_url = rcstack.repo_clone_url(GIT_REPO) stdout, stderr = _add_files_and_push("git", tmpdir.strpath, clone_url=push_url) err = "Your git client (version=git/2.45.2) is forbidden by security rules" assert err in stderr @pytest.mark.xfail(reason="Lack of proper SVN support of cloning") def test_push_with_bad_client_repo_by_other_user_svn(self, rcstack, tmpdir): raise NotImplementedError("lacks svn support")