githubFork/gitblit.git - Solinfo Gitblit

parent: 04a98505 | patch | commit | ignore whitespace

Revised committer verification to require email address

James Moger

2013-11-25 f19b78e12517db6c4dcbb1981423830ea39916b3

Revised committer verification to require email address

Change-Id: I5298c93e03099813f5713a4effd87913429aa3dc

6 files modified

	releases.moxie	1 ●●●●● patch \| view \| raw \| blame \| history
	src/main/java/com/gitblit/git/GitblitReceivePack.java	20 ●●●●● patch \| view \| raw \| blame \| history
	src/main/java/com/gitblit/models/UserModel.java	13 ●●●●● patch \| view \| raw \| blame \| history
	src/site/administration.mkd	4 ●●●●● patch \| view \| raw \| blame \| history
	src/test/java/com/gitblit/tests/GitBlitTest.java	12 ●●●●● patch \| view \| raw \| blame \| history
	src/test/java/com/gitblit/tests/GitServletTest.java	20 ●●●●● patch \| view \| raw \| blame \| history

 releases.moxie

@@ -35,6 +35,7 @@
    - Removed docs indicator on the repositories page
    - Removed the repository setting to enable Markdown document enumeration, this is now automatic and expanded
    - Retrieve LDAP groups with dereferencing aliases (pr-122)
    - Revised committer verification to require a matching displayname or account name AND the email address
    additions:
    - Added an optional MirrorExecutor which will periodically fetch ref updates from source repositories for mirrors (issue-5).  Repositories must be manually cloned using native git and "--mirror".
    - Added branch graph image servlet based on EGit's branch graph renderer (issue-194)

 src/main/java/com/gitblit/git/GitblitReceivePack.java

@@ -167,8 +167,11 @@
        if (repository.accessRestriction.atLeast(AccessRestrictionType.PUSH) && repository.verifyCommitter) {

            // enforce committer verification

            if (StringUtils.isEmpty(user.emailAddress)) {

                // emit warning if user does not have an email address

                LOGGER.warn(MessageFormat.format("Consider setting an email address for {0} ({1}) to improve committer verification.", user.getDisplayName(), user.username));

                // reject the push because the pushing account does not have an email address

                for (ReceiveCommand cmd : commands) {

                    sendRejection(cmd, "Sorry, the account \"{0}\" does not have an email address set for committer verification!", user.username);

                }

                return;

            }



            // Optionally enforce that the committer of first parent chain

@@ -201,16 +204,9 @@


                        PersonIdent committer = commit.getCommitterIdent();

                        if (!user.is(committer.getName(), committer.getEmailAddress())) {

                            String reason;

                            if (StringUtils.isEmpty(user.emailAddress)) {

                                // account does not have an email address

                                reason = MessageFormat.format("{0} by {1} <{2}> was not committed by {3} ({4})",

                                        commit.getId().name(), committer.getName(), StringUtils.isEmpty(committer.getEmailAddress()) ? "?":committer.getEmailAddress(), user.getDisplayName(), user.username);

                            } else {

                                // account has an email address

                                reason = MessageFormat.format("{0} by {1} <{2}> was not committed by {3} ({4}) <{5}>",

                                        commit.getId().name(), committer.getName(), StringUtils.isEmpty(committer.getEmailAddress()) ? "?":committer.getEmailAddress(), user.getDisplayName(), user.username, user.emailAddress);

                            }

                            // verification failed

                            String reason = MessageFormat.format("{0} by {1} <{2}> was not committed by {3} ({4}) <{5}>",

                                    commit.getId().name(), committer.getName(), StringUtils.isEmpty(committer.getEmailAddress()) ? "?":committer.getEmailAddress(), user.getDisplayName(), user.username, user.emailAddress);

                            LOGGER.warn(reason);

                            cmd.setResult(Result.REJECTED_OTHER_REASON, reason);

                            allRejected &= true;


 src/main/java/com/gitblit/models/UserModel.java

@@ -648,22 +648,19 @@
     * @return true, if the name and email address match this account

     */

    public boolean is(String name, String email) {

        // at a minimum a usename or display name must be supplied

        if (StringUtils.isEmpty(name)) {

        // at a minimum a username or display name AND email address must be supplied

        if (StringUtils.isEmpty(name) || StringUtils.isEmpty(email)) {

            return false;

        }

        boolean nameVerified = name.equalsIgnoreCase(username) || name.equalsIgnoreCase(getDisplayName());

        boolean emailVerified = false;

        if (StringUtils.isEmpty(emailAddress)) {

            // user account has not specified an email address

            // rely on username/displayname verification

            emailVerified = true;

            // fail

            emailVerified = false;

        } else {

            // user account has specified an email address

            // require email address verification

            if (!StringUtils.isEmpty(email)) {

                emailVerified = email.equalsIgnoreCase(emailAddress);

            }

            emailVerified = email.equalsIgnoreCase(emailAddress);

        }

        return nameVerified && emailVerified;

    }


 src/site/administration.mkd

@@ -94,7 +94,7 @@


**How is this enforced?**



Bob must set his *user.name* and *user.email* values for the repository to match his Gitblit user account **BEFORE** committing to his repository.

Bob must properly set his *user.name* and *user.email* values for the repository to match his Gitblit user account **BEFORE** committing to his repository.



```

[user "bob"]

@@ -109,7 +109,7 @@
    git config user.name bob

    git config user.email bob@somewhere.com    



If the Gitblit account does not specify an email address, then the committer email address is ignored.  However, if the account does specify an address it must match the committer's email address.  Display name or username can be used as the committer name.

The committer email address is required to be identical.  Display name or username can be used as the committer name.



All checks are case-insensitive.




 src/test/java/com/gitblit/tests/GitBlitTest.java

@@ -70,13 +70,13 @@
        UserModel user = new UserModel("james");

        user.displayName = "James Moger";



        assertTrue(user.is("James", null));

        assertTrue(user.is("James", ""));

        assertTrue(user.is("JaMeS", "anything"));

        assertFalse(user.is("James", null));

        assertFalse(user.is("James", ""));

        assertFalse(user.is("JaMeS", "anything"));



        assertTrue(user.is("james moger", null));

        assertTrue(user.is("james moger", ""));

        assertTrue(user.is("james moger", "anything"));

        assertFalse(user.is("james moger", null));

        assertFalse(user.is("james moger", ""));

        assertFalse(user.is("james moger", "anything"));



        assertFalse(user.is("joe", null));

        assertFalse(user.is("joe", ""));


 src/test/java/com/gitblit/tests/GitServletTest.java

@@ -380,27 +380,15 @@
    public void testCommitterVerification() throws Exception {

        UserModel user = getUser();



        // account only uses account name to verify

        testCommitterVerification(user, user.username, null, true);

        // committer email address is ignored because account does not specify email

        testCommitterVerification(user, user.username, "something", true);

        // completely different committer

        testCommitterVerification(user, "joe", null, false);

        testCommitterVerification(user, "joe", user.emailAddress, false);

        testCommitterVerification(user, user.username, null, false);

        testCommitterVerification(user, user.username, user.emailAddress, true);



        // test display name verification

        user.displayName = "James Moger";

        testCommitterVerification(user, user.displayName, null, true);

        testCommitterVerification(user, user.displayName, "something", true);

        testCommitterVerification(user, "joe", null, false);



        // test email address verification

        user.emailAddress = "something";

        testCommitterVerification(user, user.displayName, null, false);

        testCommitterVerification(user, user.displayName, "somethingelse", false);

        testCommitterVerification(user, user.displayName, "something", false);

        testCommitterVerification(user, user.displayName, user.emailAddress, true);



        // use same email address but with different committer

        testCommitterVerification(user, "joe", "somethingelse", false);

    }



    private void testCommitterVerification(UserModel user, String displayName, String emailAddress, boolean expectedSuccess) throws Exception {

			@@ -35,6 +35,7 @@
			- Removed docs indicator on the repositories page
			- Removed the repository setting to enable Markdown document enumeration, this is now automatic and expanded
			- Retrieve LDAP groups with dereferencing aliases (pr-122)
			- Revised committer verification to require a matching displayname or account name AND the email address
			additions:
			- Added an optional MirrorExecutor which will periodically fetch ref updates from source repositories for mirrors (issue-5). Repositories must be manually cloned using native git and "--mirror".
			- Added branch graph image servlet based on EGit's branch graph renderer (issue-194)

			@@ -167,8 +167,11 @@
			if (repository.accessRestriction.atLeast(AccessRestrictionType.PUSH) && repository.verifyCommitter) {
			// enforce committer verification
			if (StringUtils.isEmpty(user.emailAddress)) {
			// emit warning if user does not have an email address
			LOGGER.warn(MessageFormat.format("Consider setting an email address for {0} ({1}) to improve committer verification.", user.getDisplayName(), user.username));
			// reject the push because the pushing account does not have an email address
			for (ReceiveCommand cmd : commands) {
			sendRejection(cmd, "Sorry, the account \"{0}\" does not have an email address set for committer verification!", user.username);
			}
			return;
			}

			// Optionally enforce that the committer of first parent chain
			@@ -201,16 +204,9 @@

			PersonIdent committer = commit.getCommitterIdent();
			if (!user.is(committer.getName(), committer.getEmailAddress())) {
			String reason;
			if (StringUtils.isEmpty(user.emailAddress)) {
			// account does not have an email address
			reason = MessageFormat.format("{0} by {1} <{2}> was not committed by {3} ({4})",
			commit.getId().name(), committer.getName(), StringUtils.isEmpty(committer.getEmailAddress()) ? "?":committer.getEmailAddress(), user.getDisplayName(), user.username);
			} else {
			// account has an email address
			reason = MessageFormat.format("{0} by {1} <{2}> was not committed by {3} ({4}) <{5}>",
			commit.getId().name(), committer.getName(), StringUtils.isEmpty(committer.getEmailAddress()) ? "?":committer.getEmailAddress(), user.getDisplayName(), user.username, user.emailAddress);
			}
			// verification failed
			String reason = MessageFormat.format("{0} by {1} <{2}> was not committed by {3} ({4}) <{5}>",
			commit.getId().name(), committer.getName(), StringUtils.isEmpty(committer.getEmailAddress()) ? "?":committer.getEmailAddress(), user.getDisplayName(), user.username, user.emailAddress);
			LOGGER.warn(reason);
			cmd.setResult(Result.REJECTED_OTHER_REASON, reason);
			allRejected &= true;

			@@ -648,22 +648,19 @@
			* @return true, if the name and email address match this account
			*/
			public boolean is(String name, String email) {
			// at a minimum a usename or display name must be supplied
			if (StringUtils.isEmpty(name)) {
			// at a minimum a username or display name AND email address must be supplied
			if (StringUtils.isEmpty(name) \|\| StringUtils.isEmpty(email)) {
			return false;
			}
			boolean nameVerified = name.equalsIgnoreCase(username) \|\| name.equalsIgnoreCase(getDisplayName());
			boolean emailVerified = false;
			if (StringUtils.isEmpty(emailAddress)) {
			// user account has not specified an email address
			// rely on username/displayname verification
			emailVerified = true;
			// fail
			emailVerified = false;
			} else {
			// user account has specified an email address
			// require email address verification
			if (!StringUtils.isEmpty(email)) {
			emailVerified = email.equalsIgnoreCase(emailAddress);
			}
			emailVerified = email.equalsIgnoreCase(emailAddress);
			}
			return nameVerified && emailVerified;
			}

			@@ -94,7 +94,7 @@

			How is this enforced?

			Bob must set his user.name and user.email values for the repository to match his Gitblit user account BEFORE committing to his repository.
			Bob must properly set his user.name and user.email values for the repository to match his Gitblit user account BEFORE committing to his repository.

			```
			[user "bob"]
			@@ -109,7 +109,7 @@
			git config user.name bob
			git config user.email bob@somewhere.com

			If the Gitblit account does not specify an email address, then the committer email address is ignored. However, if the account does specify an address it must match the committer's email address. Display name or username can be used as the committer name.
			The committer email address is required to be identical. Display name or username can be used as the committer name.

			All checks are case-insensitive.

			@@ -70,13 +70,13 @@
			UserModel user = new UserModel("james");
			user.displayName = "James Moger";

			assertTrue(user.is("James", null));
			assertTrue(user.is("James", ""));
			assertTrue(user.is("JaMeS", "anything"));
			assertFalse(user.is("James", null));
			assertFalse(user.is("James", ""));
			assertFalse(user.is("JaMeS", "anything"));

			assertTrue(user.is("james moger", null));
			assertTrue(user.is("james moger", ""));
			assertTrue(user.is("james moger", "anything"));
			assertFalse(user.is("james moger", null));
			assertFalse(user.is("james moger", ""));
			assertFalse(user.is("james moger", "anything"));

			assertFalse(user.is("joe", null));
			assertFalse(user.is("joe", ""));

			@@ -380,27 +380,15 @@
			public void testCommitterVerification() throws Exception {
			UserModel user = getUser();

			// account only uses account name to verify
			testCommitterVerification(user, user.username, null, true);
			// committer email address is ignored because account does not specify email
			testCommitterVerification(user, user.username, "something", true);
			// completely different committer
			testCommitterVerification(user, "joe", null, false);
			testCommitterVerification(user, "joe", user.emailAddress, false);
			testCommitterVerification(user, user.username, null, false);
			testCommitterVerification(user, user.username, user.emailAddress, true);

			// test display name verification
			user.displayName = "James Moger";
			testCommitterVerification(user, user.displayName, null, true);
			testCommitterVerification(user, user.displayName, "something", true);
			testCommitterVerification(user, "joe", null, false);

			// test email address verification
			user.emailAddress = "something";
			testCommitterVerification(user, user.displayName, null, false);
			testCommitterVerification(user, user.displayName, "somethingelse", false);
			testCommitterVerification(user, user.displayName, "something", false);
			testCommitterVerification(user, user.displayName, user.emailAddress, true);

			// use same email address but with different committer
			testCommitterVerification(user, "joe", "somethingelse", false);
			}

			private void testCommitterVerification(UserModel user, String displayName, String emailAddress, boolean expectedSuccess) throws Exception {