turnip

Merge ~twom/turnip:code-import-support-for-checkRefPermissions into turnip:master

Git
lp:~twom/turnip
code-import-support-for-checkRefPermissions
Merge into master

Proposed by Tom Wardill on 2018-10-24

Status:	Merged
Approved by:	Colin Watson on 2018-10-24
Approved revision:	0de65c59a1c616586f2a19bba43cd349b359852c
Merge reported by:	Otto Co-Pilot
Merged at revision:	not available
Proposed branch:	~twom/turnip:code-import-support-for-checkRefPermissions
Merge into:	turnip:master
Diff against target:	99 lines (+37/-13) 2 files modified turnip/pack/git.py (+15/-13) turnip/pack/tests/test_functional.py (+22/-0)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Colin Watson (community)		2018-10-24	Approve on 2018-10-24
Review via email: mp+357744@code.launchpad.net

Commit message

Check for more auth methods in checkRefPermissions

Description of the change

Allow http auth.

~twom/turnip:code-import-support-for-checkRefPermissions updated on 2018-10-24

e1990a9... by Tom Wardill on 2018-10-24: Correct method naming style
0de65c5... by Tom Wardill on 2018-10-24: Remove typo

Revision history for this message

Colin Watson (cjwatson) on 2018-10-24:

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Canonical Launchpad Engineering

Tom Wardill

 diff --git a/turnip/pack/git.py b/turnip/pack/git.py
 index d45e1db..79c6194 100644
 --- a/turnip/pack/git.py
 +++ b/turnip/pack/git.py
@@ -214,6 +214,19 @@ class PackServerProtocol(PackProxyProtocol):
          self.sendPacket(ERROR_PREFIX + message + b'\n')
          self.transport.loseConnection()
++    def createAuthParams(self, params):
++        auth_params = {}
++        for key, value in params.items():
++            if key.startswith(b'turnip-authenticated-'):
++                decoded_key = key[len(b'turnip-authenticated-'):].decode(
++                    'utf-8')
++                auth_params[decoded_key] = value
++        if 'uid' in auth_params:
++            auth_params['uid'] = int(auth_params['uid'])
++        if params.get(b'turnip-can-authenticate') == b'yes':
++            auth_params['can-authenticate'] = True
++        return auth_params
++
  class GitProcessProtocol(protocol.ProcessProtocol):
@@ -421,9 +434,7 @@ class PackBackendProtocol(PackServerProtocol):
          if params.pop(b'turnip-advertise-refs', None):
              args.append(b'--advertise-refs')
          args.append(self.path)
--        uid = params.get('turnip-authenticated-uid')
--        uid = int(uid) if uid else None
--        auth_params = {'uid': uid}
++        auth_params = self.createAuthParams(params)
          self.spawnGit(subcmd,
                        args,
                        write_operation=write_operation,
@@ -549,16 +560,7 @@ class PackVirtServerProtocol(PackProxyServerProtocol):
          permission = b'read' if command == b'git-upload-pack' else b'write'
          proxy = xmlrpc.Proxy(self.factory.virtinfo_endpoint, allowNone=True)
          try:
--            auth_params = {}
--            for key, value in params.items():
--                if key.startswith(b'turnip-authenticated-'):
--                    decoded_key = key[len(b'turnip-authenticated-'):].decode(
--                        'utf-8')
--                    auth_params[decoded_key] = value
--            if 'uid' in auth_params:
--                auth_params['uid'] = int(auth_params['uid'])
--            if params.get(b'turnip-can-authenticate') == b'yes':
--                auth_params['can-authenticate'] = True
++            auth_params = self.createAuthParams(params)
              self.log.info("Translating request.")
              translated = yield proxy.callRemote(
                  b'translatePath', pathname, permission, auth_params)
 diff --git a/turnip/pack/tests/test_functional.py b/turnip/pack/tests/test_functional.py
 index 6f0a838..6de8489 100644
 --- a/turnip/pack/tests/test_functional.py
 +++ b/turnip/pack/tests/test_functional.py
@@ -106,6 +106,7 @@ class FakeVirtInfoService(xmlrpc.XMLRPC):
          self.translations = []
          self.authentications = []
          self.push_notifications = []
++        self.ref_permissions_checks = []
          self.ref_permissions = {}
      def xmlrpc_translatePath(self, pathname, permission, auth_params):
@@ -130,6 +131,7 @@ class FakeVirtInfoService(xmlrpc.XMLRPC):
          self.push_notifications.append(path)
      def xmlrpc_checkRefPermissions(self, path, ref_paths, auth_params):
++        self.ref_permissions_checks.append((path, ref_paths, auth_params))
          return self.ref_permissions
@@ -677,6 +679,26 @@ class TestSmartHTTPFrontendWithAuthFunctional(TestSmartHTTPFrontendFunctional):
                {b'can-authenticate': True, b'user': b'test-user'})],
              self.virtinfo.translations)
++    @defer.inlineCallbacks
++    def test_authenticated_push(self):
++        test_root = self.useFixture(TempDir()).path
++        clone = os.path.join(test_root, 'clone')
++        yield self.assertCommandSuccess((b'git', b'clone', self.url, clone))
++        yield self.assertCommandSuccess(
++            (b'git', b'config', b'user.name', b'Test User'), path=clone)
++        yield self.assertCommandSuccess(
++            (b'git', b'config', b'user.email', b'test@example.com'),
++            path=clone)
++        yield self.assertCommandSuccess(
++            (b'git', b'commit', b'--allow-empty', b'-m', b'Committed test'),
++            path=clone)
++        yield self.assertCommandSuccess(
++            (b'git', b'push', b'origin', b'master'), path=clone)
++        self.assertEqual(
++            [(self.internal_name, [b'refs/heads/master'],
++              {b'can-authenticate': True, b'user': b'test-user'})],
++            self.virtinfo.ref_permissions_checks)
++
  class TestSmartSSHServiceFunctional(FrontendFunctionalTestMixin, TestCase):