diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go index fd18646211..4e365f24ea 100644 --- a/routers/web/repo/pull.go +++ b/routers/web/repo/pull.go @@ -996,6 +996,13 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi ctx.Data["Verification"] = verification ctx.Data["Author"] = user_model.ValidateCommitWithEmail(ctx, curCommit) + if err := asymkey_model.CalculateTrustStatus(verification, ctx.Repo.Repository.GetTrustModel(), func(user *user_model.User) (bool, error) { + return repo_model.IsOwnerMemberCollaborator(ctx, ctx.Repo.Repository, user.ID) + }, nil); err != nil { + ctx.ServerError("CalculateTrustStatus", err) + return + } + note := &git.Note{} err = git.GetNote(ctx, ctx.Repo.GitRepo, specifiedEndCommit, note) if err == nil { diff --git a/tests/integration/pull_commit_test.go b/tests/integration/pull_commit_test.go index 8ca78f8147..1de437ef46 100644 --- a/tests/integration/pull_commit_test.go +++ b/tests/integration/pull_commit_test.go @@ -4,13 +4,26 @@ package integration import ( + "context" + "encoding/base64" + "fmt" "net/http" + "net/url" + "os" "testing" + auth_model "forgejo.org/models/auth" + "forgejo.org/models/unittest" + user_model "forgejo.org/models/user" + "forgejo.org/modules/git" + "forgejo.org/modules/setting" + api "forgejo.org/modules/structs" + "forgejo.org/modules/test" pull_service "forgejo.org/services/pull" "forgejo.org/tests" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestListPullCommits(t *testing.T) { @@ -48,3 +61,83 @@ func TestPullCommitLinks(t *testing.T) { commitLinkHref, _ := commitLink.Attr("href") assert.Equal(t, "/user2/repo1/pulls/3/commits/5f22f7d0d95d614d25a5b68592adb345a4b5c7fd", commitLinkHref) } + +func TestPullCommitSignature(t *testing.T) { + t.Cleanup(func() { + // Cannot use t.Context(), it is in the done state. + require.NoError(t, git.InitFull(context.Background())) //nolint:usetesting + }) + + defer test.MockVariableValue(&setting.Repository.Signing.SigningName, "UwU")() + defer test.MockVariableValue(&setting.Repository.Signing.SigningEmail, "fox@example.com")() + defer test.MockVariableValue(&setting.Repository.Signing.CRUDActions, []string{"always"})() + defer test.MockVariableValue(&setting.Repository.Signing.InitialCommit, []string{"always"})() + + filePath := "signed.txt" + fromBranch := "master" + toBranch := "branch-signed" + + onGiteaRun(t, func(t *testing.T, u *url.URL) { + // Use a new GNUPGPHOME to avoid messing with the existing GPG keyring. + tmpDir := t.TempDir() + require.NoError(t, os.Chmod(tmpDir, 0o700)) + t.Setenv("GNUPGHOME", tmpDir) + + rootKeyPair, err := importTestingKey() + require.NoError(t, err) + defer test.MockVariableValue(&setting.Repository.Signing.SigningKey, rootKeyPair.PrimaryKey.KeyIdShortString())() + defer test.MockVariableValue(&setting.Repository.Signing.Format, "openpgp")() + + // Ensure the git config is updated with the new signing format. + require.NoError(t, git.InitFull(t.Context())) + + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + testCtx := NewAPITestContext(t, user.Name, "pull-request-commit-header-signed", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser) + u.Path = testCtx.GitPath() + + t.Run("Create repository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) + + t.Run("Create commit", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() + + options := &api.CreateFileOptions{ + FileOptions: api.FileOptions{ + BranchName: fromBranch, + NewBranchName: toBranch, + Message: fmt.Sprintf("from:%s to:%s path:%s", fromBranch, toBranch, filePath), + Author: api.Identity{ + Name: user.FullName, + Email: user.Email, + }, + Committer: api.Identity{ + Name: user.FullName, + Email: user.Email, + }, + }, + ContentBase64: base64.StdEncoding.EncodeToString(fmt.Appendf(nil, "This is new text for %s", filePath)), + } + + req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", testCtx.Username, testCtx.Reponame, filePath), &options). + AddTokenAuth(testCtx.Token) + resp := testCtx.Session.MakeRequest(t, req, http.StatusCreated) + + var contents api.FileResponse + DecodeJSON(t, resp, &contents) + + assert.True(t, contents.Verification.Verified) + }) + + t.Run("Create pull request", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() + + pr, err := doAPICreatePullRequest(testCtx, testCtx.Username, testCtx.Reponame, fromBranch, toBranch)(t) + require.NoError(t, err) + + req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d/commits/%s", testCtx.Username, testCtx.Reponame, pr.Index, pr.Head.Sha)) + resp := testCtx.Session.MakeRequest(t, req, http.StatusOK) + + htmlDoc := NewHTMLParser(t, resp.Body) + htmlDoc.AssertElement(t, "#diff-commit-header .commit-header-row.message.isSigned.isVerified", true) + }) + }) +} diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go index b66726a3e6..329a31ace8 100644 --- a/tests/integration/repo_test.go +++ b/tests/integration/repo_test.go @@ -5,15 +5,19 @@ package integration import ( + "context" + "encoding/base64" "fmt" "net/http" "net/url" + "os" "path" "regexp" "strings" "testing" "time" + auth_model "forgejo.org/models/auth" "forgejo.org/models/db" repo_model "forgejo.org/models/repo" unit_model "forgejo.org/models/unit" @@ -22,6 +26,7 @@ import ( "forgejo.org/modules/git" "forgejo.org/modules/optional" "forgejo.org/modules/setting" + api "forgejo.org/modules/structs" "forgejo.org/modules/test" "forgejo.org/modules/translation" repo_service "forgejo.org/services/repository" @@ -682,6 +687,79 @@ func TestViewCommit(t *testing.T) { assert.True(t, test.IsNormalPageCompleted(resp.Body.String()), "non-existing commit should render 404 page") } +func TestViewCommitSignature(t *testing.T) { + t.Cleanup(func() { + // Cannot use t.Context(), it is in the done state. + require.NoError(t, git.InitFull(context.Background())) //nolint:usetesting + }) + + defer test.MockVariableValue(&setting.Repository.Signing.SigningName, "UwU")() + defer test.MockVariableValue(&setting.Repository.Signing.SigningEmail, "fox@example.com")() + defer test.MockVariableValue(&setting.Repository.Signing.CRUDActions, []string{"always"})() + defer test.MockVariableValue(&setting.Repository.Signing.InitialCommit, []string{"always"})() + + filePath := "signed.txt" + fromBranch := "master" + toBranch := "branch-signed" + + onGiteaRun(t, func(t *testing.T, u *url.URL) { + // Use a new GNUPGPHOME to avoid messing with the existing GPG keyring. + tmpDir := t.TempDir() + require.NoError(t, os.Chmod(tmpDir, 0o700)) + t.Setenv("GNUPGHOME", tmpDir) + + rootKeyPair, err := importTestingKey() + require.NoError(t, err) + defer test.MockVariableValue(&setting.Repository.Signing.SigningKey, rootKeyPair.PrimaryKey.KeyIdShortString())() + defer test.MockVariableValue(&setting.Repository.Signing.Format, "openpgp")() + + // Ensure the git config is updated with the new signing format. + require.NoError(t, git.InitFull(t.Context())) + + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + testCtx := NewAPITestContext(t, user.Name, "commit-header-signed", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser) + u.Path = testCtx.GitPath() + + t.Run("Create repository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) + + t.Run("Create commit", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() + + options := &api.CreateFileOptions{ + FileOptions: api.FileOptions{ + BranchName: fromBranch, + NewBranchName: toBranch, + Message: fmt.Sprintf("from:%s to:%s path:%s", fromBranch, toBranch, filePath), + Author: api.Identity{ + Name: user.FullName, + Email: user.Email, + }, + Committer: api.Identity{ + Name: user.FullName, + Email: user.Email, + }, + }, + ContentBase64: base64.StdEncoding.EncodeToString(fmt.Appendf(nil, "This is new text for %s", filePath)), + } + + req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", testCtx.Username, testCtx.Reponame, filePath), &options). + AddTokenAuth(testCtx.Token) + resp := testCtx.Session.MakeRequest(t, req, http.StatusCreated) + + var contents api.FileResponse + DecodeJSON(t, resp, &contents) + + assert.True(t, contents.Verification.Verified) + + req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/commit/%s", testCtx.Username, testCtx.Reponame, contents.Commit.SHA)) + resp = testCtx.Session.MakeRequest(t, req, http.StatusOK) + + htmlDoc := NewHTMLParser(t, resp.Body) + htmlDoc.AssertElement(t, ".commit-header-row.message.isSigned.isVerified", true) + }) + }) +} + func TestCommitView(t *testing.T) { defer tests.PrepareTestEnv(t)()