launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~twom/turnip:code-import-support-for-checkRefPermissions into turnip:master

To: mp+357744@xxxxxxxxxxxxxxxxxx
From: Tom Wardill <tom.wardill@xxxxxxxxxxxxx>
Date: Wed, 24 Oct 2018 09:26:27 -0000
Reply-to: mp+357744@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Tom Wardill has proposed merging ~twom/turnip:code-import-support-for-checkRefPermissions into turnip:master.

Commit message:
Check for more auth methods in checkRefPermissions

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~twom/turnip/+git/turnip/+merge/357744

Allow http auth.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~twom/turnip:code-import-support-for-checkRefPermissions into turnip:master.

diff --git a/turnip/pack/git.py b/turnip/pack/git.py
index d45e1db..db10eab 100644
--- a/turnip/pack/git.py
+++ b/turnip/pack/git.py
@@ -214,6 +214,19 @@ class PackServerProtocol(PackProxyProtocol):
         self.sendPacket(ERROR_PREFIX + message + b'\n')
         self.transport.loseConnection()
 
+    def create_auth_params(self, params):
+        auth_params = {}
+        for key, value in params.items():
+            if key.startswith(b'turnip-authenticated-'):
+                decoded_key = key[len(b'turnip-authenticated-'):].decode(
+                    'utf-8')
+                auth_params[decoded_key] = value
+        if 'uid' in auth_params:
+            auth_params['uid'] = int(auth_params['uid'])
+        if params.get(b'turnip-can-authenticate') == b'yes':
+            auth_params['can-authenticate'] = True#
+        return auth_params
+
 
 class GitProcessProtocol(protocol.ProcessProtocol):
 
@@ -421,9 +434,7 @@ class PackBackendProtocol(PackServerProtocol):
         if params.pop(b'turnip-advertise-refs', None):
             args.append(b'--advertise-refs')
         args.append(self.path)
-        uid = params.get('turnip-authenticated-uid')
-        uid = int(uid) if uid else None
-        auth_params = {'uid': uid}
+        auth_params = self.create_auth_params(params)
         self.spawnGit(subcmd,
                       args,
                       write_operation=write_operation,
@@ -549,16 +560,7 @@ class PackVirtServerProtocol(PackProxyServerProtocol):
         permission = b'read' if command == b'git-upload-pack' else b'write'
         proxy = xmlrpc.Proxy(self.factory.virtinfo_endpoint, allowNone=True)
         try:
-            auth_params = {}
-            for key, value in params.items():
-                if key.startswith(b'turnip-authenticated-'):
-                    decoded_key = key[len(b'turnip-authenticated-'):].decode(
-                        'utf-8')
-                    auth_params[decoded_key] = value
-            if 'uid' in auth_params:
-                auth_params['uid'] = int(auth_params['uid'])
-            if params.get(b'turnip-can-authenticate') == b'yes':
-                auth_params['can-authenticate'] = True
+            auth_params = self.create_auth_params(params)
             self.log.info("Translating request.")
             translated = yield proxy.callRemote(
                 b'translatePath', pathname, permission, auth_params)
diff --git a/turnip/pack/tests/test_functional.py b/turnip/pack/tests/test_functional.py
index 6f0a838..6de8489 100644
--- a/turnip/pack/tests/test_functional.py
+++ b/turnip/pack/tests/test_functional.py
@@ -106,6 +106,7 @@ class FakeVirtInfoService(xmlrpc.XMLRPC):
         self.translations = []
         self.authentications = []
         self.push_notifications = []
+        self.ref_permissions_checks = []
         self.ref_permissions = {}
 
     def xmlrpc_translatePath(self, pathname, permission, auth_params):
@@ -130,6 +131,7 @@ class FakeVirtInfoService(xmlrpc.XMLRPC):
         self.push_notifications.append(path)
 
     def xmlrpc_checkRefPermissions(self, path, ref_paths, auth_params):
+        self.ref_permissions_checks.append((path, ref_paths, auth_params))
         return self.ref_permissions
 
 
@@ -677,6 +679,26 @@ class TestSmartHTTPFrontendWithAuthFunctional(TestSmartHTTPFrontendFunctional):
               {b'can-authenticate': True, b'user': b'test-user'})],
             self.virtinfo.translations)
 
+    @defer.inlineCallbacks
+    def test_authenticated_push(self):
+        test_root = self.useFixture(TempDir()).path
+        clone = os.path.join(test_root, 'clone')
+        yield self.assertCommandSuccess((b'git', b'clone', self.url, clone))
+        yield self.assertCommandSuccess(
+            (b'git', b'config', b'user.name', b'Test User'), path=clone)
+        yield self.assertCommandSuccess(
+            (b'git', b'config', b'user.email', b'test@xxxxxxxxxxx'),
+            path=clone)
+        yield self.assertCommandSuccess(
+            (b'git', b'commit', b'--allow-empty', b'-m', b'Committed test'),
+            path=clone)
+        yield self.assertCommandSuccess(
+            (b'git', b'push', b'origin', b'master'), path=clone)
+        self.assertEqual(
+            [(self.internal_name, [b'refs/heads/master'],
+              {b'can-authenticate': True, b'user': b'test-user'})],
+            self.virtinfo.ref_permissions_checks)
+
 
 class TestSmartSSHServiceFunctional(FrontendFunctionalTestMixin, TestCase):