From 3fb6e171051c4946b93a38bbb5212d3245d485ef Mon Sep 17 00:00:00 2001 From: Lucas Schwiderski Date: Fri, 27 Jun 2025 15:29:44 +0200 Subject: [PATCH] fix: add missing trust status to pull review commits (#8296) Closes: #8293 ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8296 Reviewed-by: Earl Warren Co-authored-by: Lucas Schwiderski Co-committed-by: Lucas Schwiderski --- routers/web/repo/pull.go | 7 ++ tests/integration/pull_commit_test.go | 93 +++++++++++++++++++++++++++ tests/integration/repo_test.go | 78 ++++++++++++++++++++++ 3 files changed, 178 insertions(+) diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go index fd18646211..4e365f24ea 100644 --- a/routers/web/repo/pull.go +++ b/routers/web/repo/pull.go @@ -996,6 +996,13 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi ctx.Data["Verification"] = verification ctx.Data["Author"] = user_model.ValidateCommitWithEmail(ctx, curCommit) + if err := asymkey_model.CalculateTrustStatus(verification, ctx.Repo.Repository.GetTrustModel(), func(user *user_model.User) (bool, error) { + return repo_model.IsOwnerMemberCollaborator(ctx, ctx.Repo.Repository, user.ID) + }, nil); err != nil { + ctx.ServerError("CalculateTrustStatus", err) + return + } + note := &git.Note{} err = git.GetNote(ctx, ctx.Repo.GitRepo, specifiedEndCommit, note) if err == nil { diff --git a/tests/integration/pull_commit_test.go b/tests/integration/pull_commit_test.go index 8ca78f8147..1de437ef46 100644 --- a/tests/integration/pull_commit_test.go +++ b/tests/integration/pull_commit_test.go @@ -4,13 +4,26 @@ package integration import ( + "context" + "encoding/base64" + "fmt" "net/http" + "net/url" + "os" "testing" + auth_model "forgejo.org/models/auth" + "forgejo.org/models/unittest" + user_model "forgejo.org/models/user" + "forgejo.org/modules/git" + "forgejo.org/modules/setting" + api "forgejo.org/modules/structs" + "forgejo.org/modules/test" pull_service "forgejo.org/services/pull" "forgejo.org/tests" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestListPullCommits(t *testing.T) { @@ -48,3 +61,83 @@ func TestPullCommitLinks(t *testing.T) { commitLinkHref, _ := commitLink.Attr("href") assert.Equal(t, "/user2/repo1/pulls/3/commits/5f22f7d0d95d614d25a5b68592adb345a4b5c7fd", commitLinkHref) } + +func TestPullCommitSignature(t *testing.T) { + t.Cleanup(func() { + // Cannot use t.Context(), it is in the done state. + require.NoError(t, git.InitFull(context.Background())) //nolint:usetesting + }) + + defer test.MockVariableValue(&setting.Repository.Signing.SigningName, "UwU")() + defer test.MockVariableValue(&setting.Repository.Signing.SigningEmail, "fox@example.com")() + defer test.MockVariableValue(&setting.Repository.Signing.CRUDActions, []string{"always"})() + defer test.MockVariableValue(&setting.Repository.Signing.InitialCommit, []string{"always"})() + + filePath := "signed.txt" + fromBranch := "master" + toBranch := "branch-signed" + + onGiteaRun(t, func(t *testing.T, u *url.URL) { + // Use a new GNUPGPHOME to avoid messing with the existing GPG keyring. + tmpDir := t.TempDir() + require.NoError(t, os.Chmod(tmpDir, 0o700)) + t.Setenv("GNUPGHOME", tmpDir) + + rootKeyPair, err := importTestingKey() + require.NoError(t, err) + defer test.MockVariableValue(&setting.Repository.Signing.SigningKey, rootKeyPair.PrimaryKey.KeyIdShortString())() + defer test.MockVariableValue(&setting.Repository.Signing.Format, "openpgp")() + + // Ensure the git config is updated with the new signing format. + require.NoError(t, git.InitFull(t.Context())) + + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + testCtx := NewAPITestContext(t, user.Name, "pull-request-commit-header-signed", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser) + u.Path = testCtx.GitPath() + + t.Run("Create repository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) + + t.Run("Create commit", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() + + options := &api.CreateFileOptions{ + FileOptions: api.FileOptions{ + BranchName: fromBranch, + NewBranchName: toBranch, + Message: fmt.Sprintf("from:%s to:%s path:%s", fromBranch, toBranch, filePath), + Author: api.Identity{ + Name: user.FullName, + Email: user.Email, + }, + Committer: api.Identity{ + Name: user.FullName, + Email: user.Email, + }, + }, + ContentBase64: base64.StdEncoding.EncodeToString(fmt.Appendf(nil, "This is new text for %s", filePath)), + } + + req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", testCtx.Username, testCtx.Reponame, filePath), &options). + AddTokenAuth(testCtx.Token) + resp := testCtx.Session.MakeRequest(t, req, http.StatusCreated) + + var contents api.FileResponse + DecodeJSON(t, resp, &contents) + + assert.True(t, contents.Verification.Verified) + }) + + t.Run("Create pull request", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() + + pr, err := doAPICreatePullRequest(testCtx, testCtx.Username, testCtx.Reponame, fromBranch, toBranch)(t) + require.NoError(t, err) + + req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/pulls/%d/commits/%s", testCtx.Username, testCtx.Reponame, pr.Index, pr.Head.Sha)) + resp := testCtx.Session.MakeRequest(t, req, http.StatusOK) + + htmlDoc := NewHTMLParser(t, resp.Body) + htmlDoc.AssertElement(t, "#diff-commit-header .commit-header-row.message.isSigned.isVerified", true) + }) + }) +} diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go index b66726a3e6..329a31ace8 100644 --- a/tests/integration/repo_test.go +++ b/tests/integration/repo_test.go @@ -5,15 +5,19 @@ package integration import ( + "context" + "encoding/base64" "fmt" "net/http" "net/url" + "os" "path" "regexp" "strings" "testing" "time" + auth_model "forgejo.org/models/auth" "forgejo.org/models/db" repo_model "forgejo.org/models/repo" unit_model "forgejo.org/models/unit" @@ -22,6 +26,7 @@ import ( "forgejo.org/modules/git" "forgejo.org/modules/optional" "forgejo.org/modules/setting" + api "forgejo.org/modules/structs" "forgejo.org/modules/test" "forgejo.org/modules/translation" repo_service "forgejo.org/services/repository" @@ -682,6 +687,79 @@ func TestViewCommit(t *testing.T) { assert.True(t, test.IsNormalPageCompleted(resp.Body.String()), "non-existing commit should render 404 page") } +func TestViewCommitSignature(t *testing.T) { + t.Cleanup(func() { + // Cannot use t.Context(), it is in the done state. + require.NoError(t, git.InitFull(context.Background())) //nolint:usetesting + }) + + defer test.MockVariableValue(&setting.Repository.Signing.SigningName, "UwU")() + defer test.MockVariableValue(&setting.Repository.Signing.SigningEmail, "fox@example.com")() + defer test.MockVariableValue(&setting.Repository.Signing.CRUDActions, []string{"always"})() + defer test.MockVariableValue(&setting.Repository.Signing.InitialCommit, []string{"always"})() + + filePath := "signed.txt" + fromBranch := "master" + toBranch := "branch-signed" + + onGiteaRun(t, func(t *testing.T, u *url.URL) { + // Use a new GNUPGPHOME to avoid messing with the existing GPG keyring. + tmpDir := t.TempDir() + require.NoError(t, os.Chmod(tmpDir, 0o700)) + t.Setenv("GNUPGHOME", tmpDir) + + rootKeyPair, err := importTestingKey() + require.NoError(t, err) + defer test.MockVariableValue(&setting.Repository.Signing.SigningKey, rootKeyPair.PrimaryKey.KeyIdShortString())() + defer test.MockVariableValue(&setting.Repository.Signing.Format, "openpgp")() + + // Ensure the git config is updated with the new signing format. + require.NoError(t, git.InitFull(t.Context())) + + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) + testCtx := NewAPITestContext(t, user.Name, "commit-header-signed", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser) + u.Path = testCtx.GitPath() + + t.Run("Create repository", doAPICreateRepository(testCtx, false, git.Sha1ObjectFormat)) + + t.Run("Create commit", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() + + options := &api.CreateFileOptions{ + FileOptions: api.FileOptions{ + BranchName: fromBranch, + NewBranchName: toBranch, + Message: fmt.Sprintf("from:%s to:%s path:%s", fromBranch, toBranch, filePath), + Author: api.Identity{ + Name: user.FullName, + Email: user.Email, + }, + Committer: api.Identity{ + Name: user.FullName, + Email: user.Email, + }, + }, + ContentBase64: base64.StdEncoding.EncodeToString(fmt.Appendf(nil, "This is new text for %s", filePath)), + } + + req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", testCtx.Username, testCtx.Reponame, filePath), &options). + AddTokenAuth(testCtx.Token) + resp := testCtx.Session.MakeRequest(t, req, http.StatusCreated) + + var contents api.FileResponse + DecodeJSON(t, resp, &contents) + + assert.True(t, contents.Verification.Verified) + + req = NewRequest(t, "GET", fmt.Sprintf("/%s/%s/commit/%s", testCtx.Username, testCtx.Reponame, contents.Commit.SHA)) + resp = testCtx.Session.MakeRequest(t, req, http.StatusOK) + + htmlDoc := NewHTMLParser(t, resp.Body) + htmlDoc.AssertElement(t, ".commit-header-row.message.isSigned.isVerified", true) + }) + }) +} + func TestCommitView(t *testing.T) { defer tests.PrepareTestEnv(t)()