summaryrefslogtreecommitdiffstats
path: root/modules/repofiles
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2020-01-15 09:32:57 +0100
committerAntoine GIRARD <sapk@users.noreply.github.com>2020-01-15 09:32:57 +0100
commit66ee9b87f9aaabef836ec72bfaf8032b359b29c1 (patch)
treeb6d134fb5ccc83c4b7ddad6a0eb6206496cc8b76 /modules/repofiles
parentuse arm drone agent for docs (#9776) (diff)
downloadforgejo-66ee9b87f9aaabef836ec72bfaf8032b359b29c1.tar.xz
forgejo-66ee9b87f9aaabef836ec72bfaf8032b359b29c1.zip
Add require signed commit for protected branch (#9708)
* Add require signed commit for protected branch * Fix fmt * Make editor show if they will be signed * bugfix * Add basic merge check and better information for CRUD * linting comment * Add descriptors to merge signing * Slight refactor * Slight improvement to appearances * Handle Merge API * manage CRUD API * Move error to error.go * Remove fix to delete.go * prep for merge * need to tolerate \r\n in message * check protected branch before trying to load it * Apply suggestions from code review Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * fix commit-reader Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Diffstat (limited to 'modules/repofiles')
-rw-r--r--modules/repofiles/delete.go23
-rw-r--r--modules/repofiles/temp_repo.go5
-rw-r--r--modules/repofiles/update.go23
3 files changed, 44 insertions, 7 deletions
diff --git a/modules/repofiles/delete.go b/modules/repofiles/delete.go
index c91f597f9a..c1689b0be0 100644
--- a/modules/repofiles/delete.go
+++ b/modules/repofiles/delete.go
@@ -55,9 +55,26 @@ func DeleteRepoFile(repo *models.Repository, doer *models.User, opts *DeleteRepo
BranchName: opts.NewBranch,
}
}
- } else if protected, _ := repo.IsProtectedBranchForPush(opts.OldBranch, doer); protected {
- return nil, models.ErrUserCannotCommit{
- UserName: doer.LowerName,
+ } else {
+ protectedBranch, err := repo.GetBranchProtection(opts.OldBranch)
+ if err != nil {
+ return nil, err
+ }
+ if protectedBranch != nil && !protectedBranch.CanUserPush(doer.ID) {
+ return nil, models.ErrUserCannotCommit{
+ UserName: doer.LowerName,
+ }
+ }
+ if protectedBranch != nil && protectedBranch.RequireSignedCommits {
+ _, _, err := repo.SignCRUDAction(doer, repo.RepoPath(), opts.OldBranch)
+ if err != nil {
+ if !models.IsErrWontSign(err) {
+ return nil, err
+ }
+ return nil, models.ErrUserCannotCommit{
+ UserName: doer.LowerName,
+ }
+ }
}
}
diff --git a/modules/repofiles/temp_repo.go b/modules/repofiles/temp_repo.go
index f9ea4ba155..a1cc37e8c6 100644
--- a/modules/repofiles/temp_repo.go
+++ b/modules/repofiles/temp_repo.go
@@ -219,7 +219,7 @@ func (t *TemporaryUploadRepository) CommitTreeWithDate(author, committer *models
// Determine if we should sign
if version.Compare(binVersion, "1.7.9", ">=") {
- sign, keyID := t.repo.SignCRUDAction(author, t.basePath, "HEAD")
+ sign, keyID, _ := t.repo.SignCRUDAction(author, t.basePath, "HEAD")
if sign {
args = append(args, "-S"+keyID)
} else if version.Compare(binVersion, "2.0.0", ">=") {
@@ -268,7 +268,7 @@ func (t *TemporaryUploadRepository) DiffIndex() (*gitdiff.Diff, error) {
var finalErr error
if err := git.NewCommand("diff-index", "--cached", "-p", "HEAD").
- RunInDirTimeoutEnvFullPipelineFunc(nil, 30*time.Second, t.basePath, stdoutWriter, stderr, nil, func(ctx context.Context, cancel context.CancelFunc) {
+ RunInDirTimeoutEnvFullPipelineFunc(nil, 30*time.Second, t.basePath, stdoutWriter, stderr, nil, func(ctx context.Context, cancel context.CancelFunc) error {
_ = stdoutWriter.Close()
diff, finalErr = gitdiff.ParsePatch(setting.Git.MaxGitDiffLines, setting.Git.MaxGitDiffLineCharacters, setting.Git.MaxGitDiffFiles, stdoutReader)
if finalErr != nil {
@@ -276,6 +276,7 @@ func (t *TemporaryUploadRepository) DiffIndex() (*gitdiff.Diff, error) {
cancel()
}
_ = stdoutReader.Close()
+ return finalErr
}); err != nil {
if finalErr != nil {
log.Error("Unable to ParsePatch in temporary repo %s (%s). Error: %v", t.repo.FullName(), t.basePath, finalErr)
diff --git a/modules/repofiles/update.go b/modules/repofiles/update.go
index e22a2062a0..430a83093d 100644
--- a/modules/repofiles/update.go
+++ b/modules/repofiles/update.go
@@ -151,8 +151,27 @@ func CreateOrUpdateRepoFile(repo *models.Repository, doer *models.User, opts *Up
if err != nil && !git.IsErrBranchNotExist(err) {
return nil, err
}
- } else if protected, _ := repo.IsProtectedBranchForPush(opts.OldBranch, doer); protected {
- return nil, models.ErrUserCannotCommit{UserName: doer.LowerName}
+ } else {
+ protectedBranch, err := repo.GetBranchProtection(opts.OldBranch)
+ if err != nil {
+ return nil, err
+ }
+ if protectedBranch != nil && !protectedBranch.CanUserPush(doer.ID) {
+ return nil, models.ErrUserCannotCommit{
+ UserName: doer.LowerName,
+ }
+ }
+ if protectedBranch != nil && protectedBranch.RequireSignedCommits {
+ _, _, err := repo.SignCRUDAction(doer, repo.RepoPath(), opts.OldBranch)
+ if err != nil {
+ if !models.IsErrWontSign(err) {
+ return nil, err
+ }
+ return nil, models.ErrUserCannotCommit{
+ UserName: doer.LowerName,
+ }
+ }
+ }
}
// If FromTreePath is not set, set it to the opts.TreePath