go-gitea · silverwind · Aug 30, 2023 · Aug 22, 2023 · Aug 22, 2023 · Aug 23, 2023
diff --git a/models/fixtures/email_address.yml b/models/fixtures/email_address.yml
@@ -276,4 +276,12 @@
   email: user2-2@example.com
   lower_email: user2-2@example.com
   is_activated: false
-  is_primary: false
+  is_primary: false
+
+-
+  id: 36
+  uid: 36
+  email: 1290147055@qq.com
+  lower_email: 1290147055@qq.com
+  is_activated: true
+  is_primary: false
diff --git a/models/fixtures/gpg_key.yml b/models/fixtures/gpg_key.yml
@@ -1 +1,23 @@
-[] # empty
+-
+  id: 5
+  owner_id: 36
+  key_id: 2ECAAA351B755A40
+  primary_key_id:
+  content: xsDNBGTjB1cBDACv7YEaiA5VaoTBR0fcPRy+RHgTd88ALhklVVd54lbMKWwsHa3Ms9sCYbq8chly4g50l45o8qL0mu+zkZDvrU3EsZAwFwv/6iKltQXRIQ7j0uNKIyJi/+yyMiRJtU24ptAkc+bHhb2wi7cnJtldGyDZIoymzotTdpJupmjVFXqQtbeqMHpSKg6JdyGLK+wX+ITD7gZ6UddPPbw5Yo6N5b56w55cSIG6cDtafo+/Fc4WF0jdDDmCEyPlr3afDKEcpmnDSJsMhm7/eZ5MRn2dh9+brnEFyxkKSJYfI7ptA6trAs+DCil9FgZbXM9P/c0joVUzi1lSGSu1ryav9eAb4J5lgzl2Tad338+cVWuCHR6yTbq4qZcfgNVnFK1WMUrg9MF2A8wNLO1O9LSQpXwDSBmnM9W7TcTE6bpxbADVH7WEScCNmExKeqUnvvypaeiwmwz7Jqh/V5NhjE3ySgo3j/oBFFUp2SSkZhk7p0uP8mDLSdfPLxtBUv3EQAPs8CCD7WkAEQEAAQ==
+  verified: true
+  can_sign: true
+  can_encrypt_comms: true
+  can_encrypt_storage: true
+  can_certify: true
+
+-
+  id: 6
+  owner_id: 36
+  key_id: 2FCCED20E8714BAA
+  primary_key_id: 2ECAAA351B755A40
+  content: zsDNBGTjB1cBDADm2EFZ6SzUoF5We4kQBaLYtkFNRA2yQafbu+W/AYOITgxye2xDKVcMaopV6B+vPXKyIshakWkdpK8Xw5dZGI0loOm5PXFJDI6lzWWUy76J3SevenCXzxWOCXZOtI25Zpev/b96Cu7xsRdcL6eYpGRNwVJ3bW3AhD5z2AU0z05VYKrNIzs5e7PfO9g7uGQ5DuejLr6Wp9+zHfp6ppHkHFET7x0ZrNE+hH1hPAK0yFQ75iU4zvNXxa2PKgfSBkEADre+EV0+BxlRB9c9jkLWKa/Xa4ecaiFgH/ler12gr8/NOCJww+bLQapJBTKSGycupANwIZb1lgna1r09P6PCp25MBrvVWfD9qzvVmFxpM+e8/y9D3RcJkHwJjQ9SaX/gNq/nFdvVsLpIMGGQY0KDMeJW/XkwhGNZ/tuztLgqSIcbNuVZMooOwgAT9r1Z1XpKuuh+mNTwwzEzvV5Qo6Kd/9/zPqJmoniziNxyzfEQ82HhOMZg3CJVGenPPhIHXCJAO3kAEQEAAQ==
+  verified: true
+  can_sign: true
+  can_encrypt_comms: true
+  can_encrypt_storage: true
+  can_certify: true
diff --git a/models/fixtures/user.yml b/models/fixtures/user.yml
@@ -1301,7 +1301,7 @@
   lower_name: limited_org36
   name: limited_org36
   full_name: Limited Org 36
-  email: limited_org36@example.com
+  email: 1290147055@qq.com
   keep_email_private: false
   email_notifications_preference: enabled
   passwd: ZogKvWdyEx:password
@@ -1320,7 +1320,7 @@
   allow_create_organization: true
   prohibit_login: false
   avatar: avatar22
-  avatar_email: limited_org36@example.com
+  avatar_email: 1290147055@qq.com
   use_custom_avatar: false
   num_followers: 0
   num_following: 0

diff --git a/routers/private/hook_verification.go b/routers/private/hook_verification.go
@@ -28,23 +28,31 @@ func verifyCommits(oldCommitID, newCommitID string, repo *git.Repository, env []
 		_ = stdoutWriter.Close()
 	}()
 
+	var command *git.Command
+	if oldCommitID == git.EmptySHA {
+		// When creating a new branch, the oldCommitID is empty, by using "newCommitID --not --all":
+		// List commits that are reachable by following the newCommitID, exclude "all" existing heads/tags commits
+		// So, it only lists the new commits received, doesn't list the commits already present in the receiving repository
+		command = git.NewCommand(repo.Ctx, "rev-list").AddDynamicArguments(newCommitID).AddArguments("--not", "--all")
+	} else {
+		command = git.NewCommand(repo.Ctx, "rev-list").AddDynamicArguments(oldCommitID + "..." + newCommitID)
+	}
 	// This is safe as force pushes are already forbidden
-	err = git.NewCommand(repo.Ctx, "rev-list").AddDynamicArguments(oldCommitID + "..." + newCommitID).
-		Run(&git.RunOpts{
-			Env:    env,
-			Dir:    repo.Path,
-			Stdout: stdoutWriter,
-			PipelineFunc: func(ctx context.Context, cancel context.CancelFunc) error {
-				_ = stdoutWriter.Close()
-				err := readAndVerifyCommitsFromShaReader(stdoutReader, repo, env)
-				if err != nil {
-					log.Error("%v", err)
-					cancel()
-				}
-				_ = stdoutReader.Close()
-				return err
-			},
-		})
+	err = command.Run(&git.RunOpts{
+		Env:    env,
+		Dir:    repo.Path,
+		Stdout: stdoutWriter,
+		PipelineFunc: func(ctx context.Context, cancel context.CancelFunc) error {
+			_ = stdoutWriter.Close()
+			err := readAndVerifyCommitsFromShaReader(stdoutReader, repo, env)
+			if err != nil {
+				log.Error("%v", err)
+				cancel()
+			}
+			_ = stdoutReader.Close()
+			return err
+		},
+	})
 	if err != nil && !isErrUnverifiedCommit(err) {
 		log.Error("Unable to check commits from %s to %s in %s: %v", oldCommitID, newCommitID, repo.Path, err)
 	}

diff --git a/routers/private/hook_verification_test.go b/routers/private/hook_verification_test.go
@@ -0,0 +1,43 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package private
+
+import (
+	"context"
+	"testing"
+
+	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/modules/git"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var testReposDir = "tests/repos/"
+
+func TestVerifyCommits(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	gitRepo, err := git.OpenRepository(context.Background(), testReposDir+"repo1_hook_verification")
+	defer gitRepo.Close()
+	assert.NoError(t, err)
+
+	testCases := []struct {
+		base, head string
+		verified   bool
+	}{
+		{"7d92f8f0cf7b989acf2c56a9a4387f5b39a92c41", "64e643f86a640d97f95820b43aeb28631042c629", true},
+		{git.EmptySHA, "451c1608ab9c5277fdc73ea68aea711c046ac7ac", true}, // New branch with verified commit
+		{"e05ec071e40a53cd4785345a99fd12f5dbb6a777", "7d92f8f0cf7b989acf2c56a9a4387f5b39a92c41", false},
+		{git.EmptySHA, "1128cd8e82948ea10b4932b2481210610604ce7e", false}, // New branch with unverified commit
+	}
+
+	for _, tc := range testCases {
+		err = verifyCommits(tc.base, tc.head, gitRepo, nil)
+		if tc.verified {
+			assert.NoError(t, err)
+		} else {
+			assert.Error(t, err)
+		}
+	}
+}
diff --git a/routers/private/main_test.go b/routers/private/main_test.go
@@ -0,0 +1,17 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package private
+
+import (
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models/unittest"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m, &unittest.TestOptions{
+		GiteaRootPath: filepath.Join("..", ".."),
+	})
+}
diff --git a/routers/private/tests/repos/repo1_hook_verification/HEAD b/routers/private/tests/repos/repo1_hook_verification/HEAD
@@ -0,0 +1 @@
+ref: refs/heads/main
diff --git a/routers/private/tests/repos/repo1_hook_verification/config b/routers/private/tests/repos/repo1_hook_verification/config
@@ -0,0 +1,6 @@
+[core]
+	repositoryformatversion = 0
+	filemode = false
+	bare = true
+	symlinks = false
+	ignorecase = true
diff --git a/routers/private/tests/repos/repo1_hook_verification/description b/routers/private/tests/repos/repo1_hook_verification/description
@@ -0,0 +1 @@
+Unnamed repository; edit this file 'description' to name the repository.
diff --git a/routers/private/tests/repos/repo1_hook_verification/git-daemon-export-ok b/routers/private/tests/repos/repo1_hook_verification/git-daemon-export-ok
diff --git a/routers/private/tests/repos/repo1_hook_verification/info/exclude b/routers/private/tests/repos/repo1_hook_verification/info/exclude
@@ -0,0 +1,6 @@
+# git ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~
diff --git a/routers/private/tests/repos/repo1_hook_verification/info/refs b/routers/private/tests/repos/repo1_hook_verification/info/refs
@@ -0,0 +1 @@
+64e643f86a640d97f95820b43aeb28631042c629	refs/heads/main
diff --git a/routers/private/tests/repos/repo1_hook_verification/logs/HEAD b/routers/private/tests/repos/repo1_hook_verification/logs/HEAD
@@ -0,0 +1,2 @@
+0000000000000000000000000000000000000000 7d92f8f0cf7b989acf2c56a9a4387f5b39a92c41 Gitea <gitea@fake.local> 1692868984 +0800	push
+7d92f8f0cf7b989acf2c56a9a4387f5b39a92c41 64e643f86a640d97f95820b43aeb28631042c629 Gitea <gitea@fake.local> 1692869253 +0800	push
diff --git a/routers/private/tests/repos/repo1_hook_verification/logs/refs/heads/main b/routers/private/tests/repos/repo1_hook_verification/logs/refs/heads/main
@@ -0,0 +1,2 @@
+0000000000000000000000000000000000000000 7d92f8f0cf7b989acf2c56a9a4387f5b39a92c41 Gitea <gitea@fake.local> 1692868984 +0800	push
+7d92f8f0cf7b989acf2c56a9a4387f5b39a92c41 64e643f86a640d97f95820b43aeb28631042c629 Gitea <gitea@fake.local> 1692869253 +0800	push
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/11/28cd8e82948ea10b4932b2481210610604ce7e b/...ate/tests/repos/repo1_hook_verification/objects/11/28cd8e82948ea10b4932b2481210610604ce7e
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/2b/df04adb23d2b40b6085efb230856e5e2a775b7 b/...ate/tests/repos/repo1_hook_verification/objects/2b/df04adb23d2b40b6085efb230856e5e2a775b7
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/45/1c1608ab9c5277fdc73ea68aea711c046ac7ac b/...ate/tests/repos/repo1_hook_verification/objects/45/1c1608ab9c5277fdc73ea68aea711c046ac7ac
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/64/e643f86a640d97f95820b43aeb28631042c629 b/...ate/tests/repos/repo1_hook_verification/objects/64/e643f86a640d97f95820b43aeb28631042c629
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/65/a457425a679cbe9adf0d2741785d3ceabb44a7 b/...ate/tests/repos/repo1_hook_verification/objects/65/a457425a679cbe9adf0d2741785d3ceabb44a7
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/7d/92f8f0cf7b989acf2c56a9a4387f5b39a92c41 b/...ate/tests/repos/repo1_hook_verification/objects/7d/92f8f0cf7b989acf2c56a9a4387f5b39a92c41
@@ -0,0 +1 @@
+x��Kj1��)�6��>!������[�,fd2$��n`�zԃ��ۺ.�b����Zd���0N��$�:plPR,1Gs+�n�*���z(4��c��Sɹ��J��My�߶�sY�e��]����G ��ߏs[Oօ�)��~B0�}]�7M�|�ݘ�r�T�����0O��N�
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/99/ff046fbdf6eed4ae4349f9181ff42b340a4582 b/...ate/tests/repos/repo1_hook_verification/objects/99/ff046fbdf6eed4ae4349f9181ff42b340a4582
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/c6/6377c623ba4a70ee872b64fbac7a3f27a32ef6 b/...ate/tests/repos/repo1_hook_verification/objects/c6/6377c623ba4a70ee872b64fbac7a3f27a32ef6
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/c8/871c5132e62a637e2afada08acd41146662bed b/...ate/tests/repos/repo1_hook_verification/objects/c8/871c5132e62a637e2afada08acd41146662bed
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/d1/b459fc1811eb7b30b2e14acaccb853f5d1b3e2 b/...ate/tests/repos/repo1_hook_verification/objects/d1/b459fc1811eb7b30b2e14acaccb853f5d1b3e2
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/e0/5ec071e40a53cd4785345a99fd12f5dbb6a777 b/...ate/tests/repos/repo1_hook_verification/objects/e0/5ec071e40a53cd4785345a99fd12f5dbb6a777
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/e3/7e5d19823e42fad252f6341b1f77a7bc6ee451 b/...ate/tests/repos/repo1_hook_verification/objects/e3/7e5d19823e42fad252f6341b1f77a7bc6ee451
diff --git a/...ate/tests/repos/repo1_hook_verification/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391 b/...ate/tests/repos/repo1_hook_verification/objects/e6/9de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/routers/private/tests/repos/repo1_hook_verification/objects/info/packs b/routers/private/tests/repos/repo1_hook_verification/objects/info/packs
@@ -0,0 +1 @@
+
diff --git a/routers/private/tests/repos/repo1_hook_verification/refs/heads/main b/routers/private/tests/repos/repo1_hook_verification/refs/heads/main
@@ -0,0 +1 @@
+64e643f86a640d97f95820b43aeb28631042c629