#2650 fix possbility that use email as pusher user name

Remove the possibility of using email as user name when user actually push
through combination of email and password with HTTP.

Also refactor update action function to replcae tons of arguments with
single PushUpdateOptions struct.
And define the user who pushes code as pusher, therefore variable names shouldn't
be confusing any more.
tokarchuk/v1.17
Unknwon 9 years ago
parent 2fdf8fc938
commit 338af89d56
  1. 2
      README.md
  2. 11
      cmd/serve.go
  3. 2
      gogs.go
  4. 90
      models/update.go
  5. 2
      modules/base/base.go
  6. 11
      routers/repo/http.go
  7. 2
      templates/.VERSION

@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true) ![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
##### Current version: 0.8.37 ##### Current version: 0.8.38
| Web | UI | Preview | | Web | UI | Preview |
|:-------------:|:-------:|:-------:| |:-------------:|:-------:|:-------:|

@ -104,8 +104,15 @@ func handleUpdateTask(uuid string, user, repoUser *models.User, reponame string,
return return
} }
if err = models.Update(task.RefName, task.OldCommitID, task.NewCommitID, if err = models.PushUpdate(models.PushUpdateOptions{
user.Name, repoUser.Name, reponame, user.Id); err != nil { RefName: task.RefName,
OldCommitID: task.OldCommitID,
NewCommitID: task.NewCommitID,
PusherID: user.Id,
PusherName: user.Name,
RepoUserName: repoUser.Name,
RepoName: reponame,
}); err != nil {
log.GitLogger.Error(2, "Update: %v", err) log.GitLogger.Error(2, "Update: %v", err)
} }

@ -17,7 +17,7 @@ import (
"github.com/gogits/gogs/modules/setting" "github.com/gogits/gogs/modules/setting"
) )
const APP_VER = "0.8.37.0217" const APP_VER = "0.8.38.0217"
func init() { func init() {
runtime.GOMAXPROCS(runtime.NumCPU()) runtime.GOMAXPROCS(runtime.NumCPU())

@ -10,7 +10,7 @@ import (
"os/exec" "os/exec"
"strings" "strings"
"github.com/gogits/git-module" git "github.com/gogits/git-module"
"github.com/gogits/gogs/modules/log" "github.com/gogits/gogs/modules/log"
) )
@ -65,94 +65,104 @@ func ListToPushCommits(l *list.List) *PushCommits {
return &PushCommits{l.Len(), commits, "", nil} return &PushCommits{l.Len(), commits, "", nil}
} }
func Update(refName, oldCommitID, newCommitID, userName, repoUserName, repoName string, userID int64) error { type PushUpdateOptions struct {
isNew := strings.HasPrefix(oldCommitID, "0000000") RefName string
if isNew && OldCommitID string
strings.HasPrefix(newCommitID, "0000000") { NewCommitID string
return fmt.Errorf("old rev and new rev both 000000") PusherID int64
PusherName string
RepoUserName string
RepoName string
}
// PushUpdate must be called for any push actions in order to
// generates necessary push action history feeds.
func PushUpdate(opts PushUpdateOptions) (err error) {
isNewRef := strings.HasPrefix(opts.OldCommitID, "0000000")
isDelRef := strings.HasPrefix(opts.NewCommitID, "0000000")
if isNewRef && isDelRef {
return fmt.Errorf("Old and new revisions both start with 000000")
} }
f := RepoPath(repoUserName, repoName) repoPath := RepoPath(opts.RepoUserName, opts.RepoName)
gitUpdate := exec.Command("git", "update-server-info") gitUpdate := exec.Command("git", "update-server-info")
gitUpdate.Dir = f gitUpdate.Dir = repoPath
gitUpdate.Run() if err = gitUpdate.Run(); err != nil {
return fmt.Errorf("Fail to call 'git update-server-info': %v", err)
}
isDel := strings.HasPrefix(newCommitID, "0000000") if isDelRef {
if isDel { log.GitLogger.Info("Reference '%s' has been deleted from '%s/%s' by %d",
log.GitLogger.Info("del rev", refName, "from", userName+"/"+repoName+".git", "by", userID) opts.RefName, opts.RepoUserName, opts.RepoName, opts.PusherName)
return nil return nil
} }
gitRepo, err := git.OpenRepository(f) gitRepo, err := git.OpenRepository(repoPath)
if err != nil { if err != nil {
return fmt.Errorf("runUpdate.Open repoId: %v", err) return fmt.Errorf("OpenRepository: %v", err)
} }
user, err := GetUserByName(repoUserName) repoUser, err := GetUserByName(opts.RepoUserName)
if err != nil { if err != nil {
return fmt.Errorf("runUpdate.GetUserByName: %v", err) return fmt.Errorf("GetUserByName: %v", err)
} }
repo, err := GetRepositoryByName(user.Id, repoName) repo, err := GetRepositoryByName(repoUser.Id, opts.RepoName)
if err != nil { if err != nil {
return fmt.Errorf("runUpdate.GetRepositoryByName userId: %v", err) return fmt.Errorf("GetRepositoryByName: %v", err)
} }
// Push tags. // Push tags.
if strings.HasPrefix(refName, "refs/tags/") { if strings.HasPrefix(opts.RefName, "refs/tags/") {
tagName := git.RefEndName(refName) tag, err := gitRepo.GetTag(git.RefEndName(opts.RefName))
tag, err := gitRepo.GetTag(tagName)
if err != nil { if err != nil {
log.GitLogger.Fatal(4, "runUpdate.GetTag: %v", err) return fmt.Errorf("gitRepo.GetTag: %v", err)
} }
// When tagger isn't available, fall back to get committer email.
var actEmail string var actEmail string
if tag.Tagger != nil { if tag.Tagger != nil {
actEmail = tag.Tagger.Email actEmail = tag.Tagger.Email
} else { } else {
cmt, err := tag.Commit() cmt, err := tag.Commit()
if err != nil { if err != nil {
log.GitLogger.Fatal(4, "runUpdate.GetTag Commit: %v", err) return fmt.Errorf("tag.Commit: %v", err)
} }
actEmail = cmt.Committer.Email actEmail = cmt.Committer.Email
} }
commit := &PushCommits{} commit := &PushCommits{}
if err = CommitRepoAction(opts.PusherID, repoUser.Id, opts.PusherName, actEmail,
if err = CommitRepoAction(userID, user.Id, userName, actEmail, repo.ID, opts.RepoUserName, opts.RepoName, opts.RefName, commit, opts.OldCommitID, opts.NewCommitID); err != nil {
repo.ID, repoUserName, repoName, refName, commit, oldCommitID, newCommitID); err != nil { return fmt.Errorf("CommitRepoAction (tag): %v", err)
log.GitLogger.Fatal(4, "CommitRepoAction: %s/%s:%v", repoUserName, repoName, err)
} }
return err return err
} }
newCommit, err := gitRepo.GetCommit(newCommitID) newCommit, err := gitRepo.GetCommit(opts.NewCommitID)
if err != nil { if err != nil {
return fmt.Errorf("runUpdate GetCommit of newCommitId: %v", err) return fmt.Errorf("gitRepo.GetCommit: %v", err)
} }
// Push new branch. // Push new branch.
var l *list.List var l *list.List
if isNew { if isNewRef {
l, err = newCommit.CommitsBeforeLimit(10) l, err = newCommit.CommitsBeforeLimit(10)
if err != nil { if err != nil {
return fmt.Errorf("CommitsBefore: %v", err) return fmt.Errorf("newCommit.CommitsBeforeLimit: %v", err)
} }
} else { } else {
l, err = newCommit.CommitsBeforeUntil(oldCommitID) l, err = newCommit.CommitsBeforeUntil(opts.OldCommitID)
if err != nil { if err != nil {
return fmt.Errorf("CommitsBeforeUntil: %v", err) return fmt.Errorf("newCommit.CommitsBeforeUntil: %v", err)
} }
} }
if err != nil { if err = CommitRepoAction(opts.PusherID, repoUser.Id, opts.PusherName, repoUser.Email,
return fmt.Errorf("runUpdate.Commit repoId: %v", err) repo.ID, opts.RepoUserName, opts.RepoName, opts.RefName, ListToPushCommits(l),
} opts.OldCommitID, opts.NewCommitID); err != nil {
return fmt.Errorf("CommitRepoAction (branch): %v", err)
if err = CommitRepoAction(userID, user.Id, userName, user.Email,
repo.ID, repoUserName, repoName, refName, ListToPushCommits(l), oldCommitID, newCommitID); err != nil {
return fmt.Errorf("runUpdate.models.CommitRepoAction: %s/%s:%v", repoUserName, repoName, err)
} }
return nil return nil
} }

@ -16,8 +16,6 @@ type (
TplName string TplName string
) )
var GoGetMetas = make(map[string]bool)
// ExecPath returns the executable path. // ExecPath returns the executable path.
func ExecPath() (string, error) { func ExecPath() (string, error) {
file, err := exec.LookPath(os.Args[0]) file, err := exec.LookPath(os.Args[0])

@ -134,7 +134,6 @@ func HTTP(ctx *middleware.Context) {
ctx.Handle(500, "GetUserByID", err) ctx.Handle(500, "GetUserByID", err)
return return
} }
authUsername = authUser.Name
} }
if !isPublicPull { if !isPublicPull {
@ -202,7 +201,15 @@ func HTTP(ctx *middleware.Context) {
refName := fields[2] refName := fields[2]
// FIXME: handle error. // FIXME: handle error.
if err = models.Update(refName, oldCommitId, newCommitId, authUsername, username, reponame, authUser.Id); err == nil { if err = models.PushUpdate(models.PushUpdateOptions{
RefName: refName,
OldCommitID: oldCommitId,
NewCommitID: newCommitId,
PusherID: authUser.Id,
PusherName: authUser.Name,
RepoUserName: username,
RepoName: reponame,
}); err == nil {
go models.HookQueue.Add(repo.ID) go models.HookQueue.Add(repo.ID)
go models.AddTestPullRequestTask(repo.ID, strings.TrimPrefix(refName, "refs/heads/")) go models.AddTestPullRequestTask(repo.ID, strings.TrimPrefix(refName, "refs/heads/"))
} }

@ -1 +1 @@
0.8.37.0217 0.8.38.0217
Loading…
Cancel
Save