Add API for manipulating Git hooks (#6436)

* Add API for manipulating Git hooks

Signed-off-by: Segev Finer <[email protected]>

* Replace code.gitea.io/sdk with PR branch temporarily for CI

* Switch back to code.gitea.io/sdk@master

* Return 403 instead of 404 on no permission to edit hooks in API

* Add tests for Git hooks API

* Update models/repo_list_test.go

Co-Authored-By: segevfiner <[email protected]>

* Update models/repo_list_test.go

Co-Authored-By: segevfiner <[email protected]>

* empty line

Author: segevfiner

go.mod

@@ -3,7 +3,7 @@ module code.gitea.io/gitea
 go 1.12
 
 require (
-	code.gitea.io/sdk v0.0.0-20190321154058-a669487e86e0
+	code.gitea.io/sdk v0.0.0-20190416172854-7d954d775498
 	github.com/BurntSushi/toml v0.3.1 // indirect
 	github.com/PuerkitoBio/goquery v0.0.0-20170324135448-ed7d758e9a34
 	github.com/RoaringBitmap/roaring v0.4.7 // indirect

go.sum

@@ -1,6 +1,6 @@
 cloud.google.com/go v0.30.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-code.gitea.io/sdk v0.0.0-20190321154058-a669487e86e0 h1:pIKKrTUox+0pGcZwFl19Glw9gKfoeNkA02EqeiSmLjs=
-code.gitea.io/sdk v0.0.0-20190321154058-a669487e86e0/go.mod h1:5bZt0dRznpn2JysytQnV0yCru3FwDv9O5G91jo+lDAk=
+code.gitea.io/sdk v0.0.0-20190416172854-7d954d775498 h1:rcjwXMYIjYts88akPiyy/GB+imecpf159jojChciEEw=
+code.gitea.io/sdk v0.0.0-20190416172854-7d954d775498/go.mod h1:5bZt0dRznpn2JysytQnV0yCru3FwDv9O5G91jo+lDAk=
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/PuerkitoBio/goquery v0.0.0-20170324135448-ed7d758e9a34 h1:UsHpWO0Elp6NaWVARdZHjiYwkhrspHVEGsyIKPb9OI8=

integrations/api_repo_git_hook_test.go

@@ -0,0 +1,194 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	api "code.gitea.io/sdk/gitea"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const testHookContent = `#!/bin/bash
+
+echo Hello, World!
+`
+
+func TestAPIListGitHooks(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 37}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	// user1 is an admin user
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git?token=%s",
+		owner.Name, repo.Name, token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var apiGitHooks []*api.GitHook
+	DecodeJSON(t, resp, &apiGitHooks)
+	assert.Len(t, apiGitHooks, 3)
+	for _, apiGitHook := range apiGitHooks {
+		if apiGitHook.Name == "pre-receive" {
+			assert.True(t, apiGitHook.IsActive)
+			assert.Equal(t, testHookContent, apiGitHook.Content)
+		} else {
+			assert.False(t, apiGitHook.IsActive)
+			assert.Empty(t, apiGitHook.Content)
+		}
+	}
+}
+
+func TestAPIListGitHooksNoHooks(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	// user1 is an admin user
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git?token=%s",
+		owner.Name, repo.Name, token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var apiGitHooks []*api.GitHook
+	DecodeJSON(t, resp, &apiGitHooks)
+	assert.Len(t, apiGitHooks, 3)
+	for _, apiGitHook := range apiGitHooks {
+		assert.False(t, apiGitHook.IsActive)
+		assert.Empty(t, apiGitHook.Content)
+	}
+}
+
+func TestAPIListGitHooksNoAccess(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	session := loginUser(t, owner.Name)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git?token=%s",
+		owner.Name, repo.Name, token)
+	MakeRequest(t, req, http.StatusForbidden)
+}
+
+func TestAPIGetGitHook(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 37}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	// user1 is an admin user
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var apiGitHook *api.GitHook
+	DecodeJSON(t, resp, &apiGitHook)
+	assert.True(t, apiGitHook.IsActive)
+	assert.Equal(t, testHookContent, apiGitHook.Content)
+}
+
+func TestAPIGetGitHookNoAccess(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	session := loginUser(t, owner.Name)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	MakeRequest(t, req, http.StatusForbidden)
+}
+
+func TestAPIEditGitHook(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	// user1 is an admin user
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session)
+
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	req := NewRequestWithJSON(t, "PATCH", urlStr, &api.EditGitHookOption{
+		Content: testHookContent,
+	})
+	resp := MakeRequest(t, req, http.StatusOK)
+	var apiGitHook *api.GitHook
+	DecodeJSON(t, resp, &apiGitHook)
+	assert.True(t, apiGitHook.IsActive)
+	assert.Equal(t, testHookContent, apiGitHook.Content)
+
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	resp = MakeRequest(t, req, http.StatusOK)
+	var apiGitHook2 *api.GitHook
+	DecodeJSON(t, resp, &apiGitHook2)
+	assert.True(t, apiGitHook2.IsActive)
+	assert.Equal(t, testHookContent, apiGitHook2.Content)
+}
+
+func TestAPIEditGitHookNoAccess(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	session := loginUser(t, owner.Name)
+	token := getTokenForLoggedInUser(t, session)
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	req := NewRequestWithJSON(t, "PATCH", urlStr, &api.EditGitHookOption{
+		Content: testHookContent,
+	})
+	MakeRequest(t, req, http.StatusForbidden)
+}
+
+func TestAPIDeleteGitHook(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 37}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	// user1 is an admin user
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session)
+
+	req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	MakeRequest(t, req, http.StatusNoContent)
+
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var apiGitHook2 *api.GitHook
+	DecodeJSON(t, resp, &apiGitHook2)
+	assert.False(t, apiGitHook2.IsActive)
+	assert.Empty(t, apiGitHook2.Content)
+}
+
+func TestAPIDeleteGitHookNoAccess(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	session := loginUser(t, owner.Name)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	MakeRequest(t, req, http.StatusForbidden)
+}

integrations/api_repo_test.go

@@ -70,9 +70,9 @@ func TestAPISearchRepo(t *testing.T) {
 		expectedResults
 	}{
 		{name: "RepositoriesMax50", requestURL: "/api/v1/repos/search?limit=50", expectedResults: expectedResults{
-			nil:   {count: 20},
-			user:  {count: 20},
-			user2: {count: 20}},
+			nil:   {count: 21},
+			user:  {count: 21},
+			user2: {count: 21}},
 		},
 		{name: "RepositoriesMax10", requestURL: "/api/v1/repos/search?limit=10", expectedResults: expectedResults{
 			nil:   {count: 10},

integrations/gitea-repositories-meta/user2/git_hooks_test.git/HEAD

@@ -0,0 +1 @@
+ref: refs/heads/master

integrations/gitea-repositories-meta/user2/git_hooks_test.git/config

@@ -0,0 +1,4 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true

integrations/gitea-repositories-meta/user2/git_hooks_test.git/description

@@ -0,0 +1 @@
+Unnamed repository; edit this file 'description' to name the repository.

integrations/gitea-repositories-meta/user2/git_hooks_test.git/hooks/applypatch-msg.sample

@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# An example hook script to check the commit log message taken by
+# applypatch from an e-mail message.
+#
+# The hook should exit with non-zero status after issuing an
+# appropriate message if it wants to stop the commit.  The hook is
+# allowed to edit the commit message file.
+#
+# To enable this hook, rename this file to "applypatch-msg".
+
+. git-sh-setup
+commitmsg="$(git rev-parse --git-path hooks/commit-msg)"
+test -x "$commitmsg" && exec "$commitmsg" ${1+"$@"}
+:

integrations/gitea-repositories-meta/user2/git_hooks_test.git/hooks/commit-msg.sample

@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# An example hook script to check the commit log message.
+# Called by "git commit" with one argument, the name of the file
+# that has the commit message.  The hook should exit with non-zero
+# status after issuing an appropriate message if it wants to stop the
+# commit.  The hook is allowed to edit the commit message file.
+#
+# To enable this hook, rename this file to "commit-msg".
+
+# Uncomment the below to add a Signed-off-by line to the message.
+# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
+# hook is more suited to it.
+#
+# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
+# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
+
+# This example catches duplicate Signed-off-by lines.
+
+test "" = "$(grep '^Signed-off-by: ' "$1" |
+	 sort | uniq -c | sed -e '/^[ 	]*1[ 	]/d')" || {
+	echo >&2 Duplicate Signed-off-by lines.
+	exit 1
+}

integrations/gitea-repositories-meta/user2/git_hooks_test.git/hooks/post-receive

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+ORI_DIR=`pwd`
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+cd "$ORI_DIR"
+for i in `ls "$SHELL_FOLDER/post-receive.d"`; do
+    sh "$SHELL_FOLDER/post-receive.d/$i"
+done

integrations/gitea-repositories-meta/user2/git_hooks_test.git/hooks/post-receive.d/gitea

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$GITEA_ROOT/gitea" hook --config="$GITEA_ROOT/$GITEA_CONF" post-receive

integrations/gitea-repositories-meta/user2/git_hooks_test.git/hooks/post-update.sample

@@ -0,0 +1,8 @@
+#!/bin/sh
+#
+# An example hook script to prepare a packed repository for use over
+# dumb transports.
+#
+# To enable this hook, rename this file to "post-update".
+
+exec git update-server-info

integrations/gitea-repositories-meta/user2/git_hooks_test.git/hooks/pre-applypatch.sample

@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# An example hook script to verify what is about to be committed
+# by applypatch from an e-mail message.
+#
+# The hook should exit with non-zero status after issuing an
+# appropriate message if it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-applypatch".
+
+. git-sh-setup
+precommit="$(git rev-parse --git-path hooks/pre-commit)"
+test -x "$precommit" && exec "$precommit" ${1+"$@"}
+:

integrations/gitea-repositories-meta/user2/git_hooks_test.git/hooks/pre-commit.sample

@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# An example hook script to verify what is about to be committed.
+# Called by "git commit" with no arguments.  The hook should
+# exit with non-zero status after issuing an appropriate message if
+# it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-commit".
+
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+	against=HEAD
+else
+	# Initial commit: diff against an empty tree object
+	against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+fi
+
+# If you want to allow non-ASCII filenames set this variable to true.
+allownonascii=$(git config --bool hooks.allownonascii)
+
+# Redirect output to stderr.
+exec 1>&2
+
+# Cross platform projects tend to avoid non-ASCII filenames; prevent
+# them from being added to the repository. We exploit the fact that the
+# printable range starts at the space character and ends with tilde.
+if [ "$allownonascii" != "true" ] &&
+	# Note that the use of brackets around a tr range is ok here, (it's
+	# even required, for portability to Solaris 10's /usr/bin/tr), since
+	# the square bracket bytes happen to fall in the designated range.
+	test $(git diff --cached --name-only --diff-filter=A -z $against |
+	  LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
+then
+	cat <<\EOF
+Error: Attempt to add a non-ASCII file name.
+
+This can cause problems if you want to work with people on other platforms.
+
+To be portable it is advisable to rename the file.
+
+If you know what you are doing you can disable this check using:
+
+  git config hooks.allownonascii true
+EOF
+	exit 1
+fi
+
+# If there are whitespace errors, print the offending file names and fail.
+exec git diff-index --check --cached $against --