Launchpad itself

Merge lp:~wgrant/launchpad/bug-1451107 into lp:launchpad

bug-1451107
Merge into devel

Proposed by William Grant on 2015-05-06

Status:

Merged

Merged at revision:

17478

Proposed branch:

lp:~wgrant/launchpad/bug-1451107

Merge into:

lp:launchpad

Diff against target:

51 lines (+15/-1)

2 files modified

lib/lp/code/xmlrpc/git.py (+3/-1)
lib/lp/code/xmlrpc/tests/test_git.py (+12/-0)

To merge this branch:

bzr merge lp:~wgrant/launchpad/bug-1451107

Critical

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
William Grant	code		Approve on 2015-05-06
Review via email: mp+258328@code.launchpad.net

Commit message

Fix GitAPI.notify for private branches.

Description of the change

The XMLRPC GitAPI.notify method runs as anonymous with web security, but needs to function for private branches too. This branch strips the security proxy from the branch before creating the scan job for it, which is fine as the method is idempotent, returns nothing, and takes no compromising input.

Revision history for this message

William Grant (wgrant) on 2015-05-06:

review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Barki Mustapha

Celso Providelo

Christian Reis

Christy Awad

Colin Watson

Harpianto,ANDI

James Troup

John A Meinel

Kevin bush

Launchpad code reviewers

Launchpad code reviewers from Canonical

Matthew Tanner

Maximiliano Bertacchini

Oguz Ersoz

Simon Brakhane

Ubuntu-BR DevOps

William Grant

alhawiti

api.ng

pedro cavazos

todaioan

wenjingwen

to status/vote changes:

Tzaddi

Tzaddi Belding

1	=== modified file 'lib/lp/code/xmlrpc/git.py'
2	--- lib/lp/code/xmlrpc/git.py 2015-04-28 13:29:38 +0000
3	+++ lib/lp/code/xmlrpc/git.py 2015-05-06 00:48:17 +0000
4	@@ -16,6 +16,7 @@
5	from zope.error.interfaces import IErrorReportingUtility
6	from zope.interface import implements
7	from zope.security.interfaces import Unauthorized
8	+from zope.security.proxy import removeSecurityProxy
9
10	from lp.app.errors import NameLookupFailed
11	from lp.app.validators import LaunchpadValidationError
12	@@ -265,7 +266,8 @@
13	if repository is None:
14	return faults.NotFound(
15	"No repository found for '%s'." % translated_path)
16	- getUtility(IGitRefScanJobSource).create(repository)
17	+ getUtility(IGitRefScanJobSource).create(
18	+ removeSecurityProxy(repository))
19
20	def authenticateWithPassword(self, username, password):
21	"""See `IGitAPI`."""
22
23	=== modified file 'lib/lp/code/xmlrpc/tests/test_git.py'
24	--- lib/lp/code/xmlrpc/tests/test_git.py 2015-04-28 13:29:38 +0000
25	+++ lib/lp/code/xmlrpc/tests/test_git.py 2015-05-06 00:48:17 +0000
26	@@ -25,6 +25,7 @@
27	from lp.services.features.testing import FeatureFixture
28	from lp.services.webapp.escaping import html_escape
29	from lp.testing import (
30	+ admin_logged_in,
31	ANONYMOUS,
32	login,
33	person_logged_in,
34	@@ -687,6 +688,17 @@
35	job_source = getUtility(IGitRefScanJobSource)
36	self.assertEqual([], list(job_source.iterReady()))
37
38	+ def test_notify_private(self):
39	+ # notify works on private repos.
40	+ with admin_logged_in():
41	+ repository = self.factory.makeGitRepository(
42	+ information_type=InformationType.PRIVATESECURITY)
43	+ path = repository.getInternalPath()
44	+ self.assertIsNone(self.git_api.notify(path))
45	+ job_source = getUtility(IGitRefScanJobSource)
46	+ [job] = list(job_source.iterReady())
47	+ self.assertEqual(repository, job.repository)
48	+
49	def test_authenticateWithPassword(self):
50	self.assertIsInstance(
51	self.git_api.authenticateWithPassword('foo', 'bar'),