Backport #31931 by @lunny All refs under `refs/pull` should only be changed from Gitea inside but not by pushing from outside of Gitea. This PR will prevent the pull refs update but allow other refs to be updated on the same pushing with `--mirror` operations. The main changes are to add checks on `update` hook but not `pre-receive` because `update` will be invoked by every ref but `pre-receive` will revert all changes once one ref update fails. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
Giteabot
GitHub
parent
cc1520221a
commit
6f5748c507
3 changed files with 37 additions and 0 deletions
|
|
@ -6,8 +6,10 @@ package integration
|
|||
import (
|
||||
"fmt"
|
||||
"net/url"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
auth_model "code.gitea.io/gitea/models/auth"
|
||||
"code.gitea.io/gitea/models/db"
|
||||
git_model "code.gitea.io/gitea/models/git"
|
||||
"code.gitea.io/gitea/models/unittest"
|
||||
|
|
@ -192,3 +194,23 @@ func runTestGitPush(t *testing.T, u *url.URL, gitOperation func(t *testing.T, gi
|
|||
|
||||
require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID))
|
||||
}
|
||||
|
||||
func TestPushPullRefs(t *testing.T) {
|
||||
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
||||
baseAPITestContext := NewAPITestContext(t, "user2", "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
|
||||
|
||||
u.Path = baseAPITestContext.GitPath()
|
||||
u.User = url.UserPassword("user2", userPassword)
|
||||
|
||||
dstPath := t.TempDir()
|
||||
doGitClone(dstPath, u)(t)
|
||||
|
||||
cmd := git.NewCommand(git.DefaultContext, "push", "--delete", "origin", "refs/pull/2/head")
|
||||
stdout, stderr, err := cmd.RunStdString(&git.RunOpts{
|
||||
Dir: dstPath,
|
||||
})
|
||||
assert.Error(t, err)
|
||||
assert.Empty(t, stdout)
|
||||
assert.False(t, strings.Contains(stderr, "[deleted]"), "stderr: %s", stderr)
|
||||
})
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue