forgejo/integrations
zeripath 44371b96f5 Ensure valid git author names passed in signatures (#5774)
* Ensure valid git author names passed in signatures

Fix #5772 - Git author names are not allowed to include `\n` `<` or `>` and
must not be empty. Ensure that the name passed in a signature is valid.

* Account for pathologically named external users

LDAP and the like usernames are not checked in the same way that users who signup are.
Therefore just ensure that user names are also git safe and if totally pathological -
Set them to "user-$UID"

* Add Tests and adjust test users

Make our testcases a little more pathological so that we be sure that integration
tests have a chance to spot these cases.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-24 16:12:17 +02:00
..
gitea-repositories-meta Fix redirect with non-ascii branch names (#4764) (#4810) 2018-09-06 21:37:02 -04:00
api_admin_test.go Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250) 2018-11-03 21:15:55 -04:00
api_branch_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_comment_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_fork_test.go
api_gpg_keys_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_issue_label_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_issue_test.go feat(repo): support search repository by topic name (#4505) 2018-09-13 10:33:48 +08:00
api_keys_test.go Keys API changes (#4960) 2018-10-31 23:40:49 -04:00
api_org_test.go add api for user to create org (#5268) 2018-11-20 12:31:30 -05:00
api_pull_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_releases_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_repo_git_ref_test.go Implement git refs API for listing references (branches, tags and other) (#5354) 2018-11-27 16:52:20 -05:00
api_repo_lfs_locks_test.go Fix SSH auth lfs locks (#3152) 2018-01-27 18:48:15 +02:00
api_repo_raw_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_repo_test.go Restrict permission check on repositories and fix some problems (#5314) 2018-11-28 19:26:14 +08:00
api_team_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
api_token_test.go Add ability to delete a token (#4235) 2018-07-06 21:54:30 -04:00
api_user_heatmap_test.go User action heatmap (#5131) 2018-10-23 10:57:42 +08:00
api_user_orgs_test.go Ensure valid git author names passed in signatures (#5774) 2019-01-24 16:12:17 +02:00
auth_ldap_test.go Fix issue where ecdsa and other key types are not synced from LDAP (#5092) (#5094) 2018-10-30 20:08:30 -04:00
benchmarks_test.go Fix type mismatch of format string (#5574) 2018-12-21 11:13:31 -05:00
branches_test.go
change_default_branch_test.go
delete_user_test.go Refactor User Settings (#3900) 2018-05-15 13:07:32 +03:00
download_test.go Add raw blob endpoint to get objects by SHA ID (#5334) 2018-11-18 13:45:40 -05:00
editor_test.go Improve English grammar and consistency. (#3614) 2018-04-19 17:24:31 +03:00
empty_repo_test.go Refactor repo.isBare to repo.isEmpty #5629 (#5714) 2019-01-17 19:01:04 -05:00
explore_repos_test.go
git_test.go Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250) 2018-11-03 21:15:55 -04:00
html_helper.go
integration_test.go fix lfs version check warning log when using ssh protocol (#5501) 2018-12-19 09:17:43 +08:00
internal_test.go
issue_test.go
lfs_getobject_test.go Pooled and buffered gzip implementation (#5722) 2019-01-23 10:56:51 +02:00
links_test.go Refactor User Settings (#3900) 2018-05-15 13:07:32 +03:00
mssql.ini.tmpl Added test environment for mssql (#4282) 2018-12-12 09:01:41 +08:00
mysql.ini.tmpl Add integrations tests from git cli (#3377) 2018-01-16 13:07:47 +02:00
nonascii_branches_test.go Fix redirect with non-ascii branch names (#4764) (#4810) 2018-09-06 21:37:02 -04:00
pgsql.ini.tmpl Add integrations tests from git cli (#3377) 2018-01-16 13:07:47 +02:00
pull_compare_test.go
pull_create_test.go Fix escaping changed title in comments (#3530) 2018-02-18 22:06:37 +02:00
pull_merge_test.go Add rebase with merge commit merge style (#3844) (#4052) 2018-12-27 12:27:08 +02:00
README.md CN translation of README (#5050) 2018-10-15 12:13:21 +08:00
README_ZH.md CN translation of README (#5050) 2018-10-15 12:13:21 +08:00
release_test.go
repo_activity_test.go Fix escaping changed title in comments (#3530) 2018-02-18 22:06:37 +02:00
repo_branch_test.go
repo_commits_test.go Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
repo_fork_test.go
repo_migrate_test.go
repo_search_test.go
repo_test.go Symlink icons (#1416) (#3826) 2018-05-01 10:04:36 +03:00
setting_test.go fix not respecting landing page setting (#4209) 2018-06-15 11:42:46 +08:00
signin_test.go
signout_test.go
signup_test.go
sqlite.ini Pooled and buffered gzip implementation (#5722) 2019-01-23 10:56:51 +02:00
timetracking_test.go
user_test.go Ensure valid git author names passed in signatures (#5774) 2019-01-24 16:12:17 +02:00
version_test.go
xss_test.go Added user language setting (#3875) 2018-05-05 08:28:30 +08:00

Integrations tests

Integration tests can be run with make commands for the appropriate backends, namely:

make test-mysql
make test-pgsql
make test-sqlite

Make sure to perform a clean build before running tests:

make clean build

Run all tests via local drone

drone exec --local --build-event "pull_request"

Run sqlite integrations tests

Start tests

make test-sqlite

Run mysql integrations tests

Setup a mysql database inside docker

docker run -e "MYSQL_DATABASE=test" -e "MYSQL_ALLOW_EMPTY_PASSWORD=yes" --rm --name mysql mysql:5.7 #(just ctrl-c to stop db and clean the container) 

Start tests based on the database container

TEST_MYSQL_HOST="$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' mysql):3306" TEST_MYSQL_DBNAME=test TEST_MYSQL_USERNAME=root TEST_MYSQL_PASSWORD='' make test-mysql

Run pgsql integrations tests

Setup a pgsql database inside docker

docker run -e "POSTGRES_DB=test" --rm --name pgsql postgres:9.5 #(just ctrl-c to stop db and clean the container) 

Start tests based on the database container

TEST_PGSQL_HOST=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' pgsql) TEST_PGSQL_DBNAME=test TEST_PGSQL_USERNAME=postgres TEST_PGSQL_PASSWORD=postgres make test-pgsql

Running individual tests

Example command to run GPG test with sqlite backend:

go test -c code.gitea.io/gitea/integrations \
  -o integrations.sqlite.test -tags 'sqlite' &&
  GITEA_ROOT="$GOPATH/src/code.gitea.io/gitea" \
  GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test \
  -test.v -test.run GPG