mirror of
https://github.com/go-gitea/gitea.git
synced 2025-10-31 10:56:10 +01:00
580e21dd2e
Gitea instance keeps reporting a lot of errors like "LFS SSH transfer connection denied, pure SSH protocol is disabled". When starting debugging the problem, there are more problems found. Try to address most of them: * avoid unnecessary server side error logs (change `fail()` to not log them) * figure out the broken tests/user2/lfs.git (added comments) * avoid `migratePushMirrors` failure when a repository doesn't exist (ignore them) * avoid "Authorization" (internal&lfs) header conflicts, remove the tricky "swapAuth" and use "X-Gitea-Internal-Auth" * make internal token comparing constant time (it wasn't a serous problem because in a real world it's nearly impossible to timing-attack the token, but good to fix and backport) * avoid duplicate routers (introduce AddOwnerRepoGitLFSRoutes) * avoid "internal (private)" routes using session/web context (they should use private context) * fix incorrect "path" usages (use "filepath") * fix incorrect mocked route point handling (need to check func nil correctly) * split some tests from "git general tests" to "git misc tests" (to keep "git_general_test.go" simple) Still no correct result for Git LFS SSH tests. So the code is kept there (`tests/integration/git_lfs_ssh_test.go`) and a FIXME explains the details.
62 lines
2.3 KiB
Go
62 lines
2.3 KiB
Go
// Copyright 2024 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package integration
|
|
|
|
import (
|
|
"net/url"
|
|
"sync"
|
|
"testing"
|
|
|
|
auth_model "code.gitea.io/gitea/models/auth"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
"code.gitea.io/gitea/modules/web"
|
|
"code.gitea.io/gitea/routers/private"
|
|
"code.gitea.io/gitea/services/context"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestGitLFSSSH(t *testing.T) {
|
|
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
|
dstPath := t.TempDir()
|
|
apiTestContext := NewAPITestContext(t, "user2", "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
|
|
|
|
var mu sync.Mutex
|
|
var routerCalls []string
|
|
web.RouteMock(private.RouterMockPointInternalLFS, func(ctx *context.PrivateContext) {
|
|
mu.Lock()
|
|
routerCalls = append(routerCalls, ctx.Req.Method+" "+ctx.Req.URL.Path)
|
|
mu.Unlock()
|
|
})
|
|
|
|
withKeyFile(t, "my-testing-key", func(keyFile string) {
|
|
t.Run("CreateUserKey", doAPICreateUserKey(apiTestContext, "test-key", keyFile))
|
|
cloneURL := createSSHUrl(apiTestContext.GitPath(), u)
|
|
t.Run("Clone", doGitClone(dstPath, cloneURL))
|
|
|
|
cfg, err := setting.CfgProvider.PrepareSaving()
|
|
require.NoError(t, err)
|
|
cfg.Section("server").Key("LFS_ALLOW_PURE_SSH").SetValue("true")
|
|
setting.LFS.AllowPureSSH = true
|
|
require.NoError(t, cfg.Save())
|
|
|
|
// do LFS SSH transfer?
|
|
lfsCommitAndPushTest(t, dstPath, 10)
|
|
})
|
|
|
|
// FIXME: Here we only see the following calls, but actually there should be calls to "PUT"?
|
|
// 0 = {string} "GET /api/internal/repo/user2/repo1.git/info/lfs/locks"
|
|
// 1 = {string} "POST /api/internal/repo/user2/repo1.git/info/lfs/objects/batch"
|
|
// 2 = {string} "GET /api/internal/repo/user2/repo1.git/info/lfs/locks"
|
|
// 3 = {string} "POST /api/internal/repo/user2/repo1.git/info/lfs/locks"
|
|
// 4 = {string} "GET /api/internal/repo/user2/repo1.git/info/lfs/locks"
|
|
// 5 = {string} "GET /api/internal/repo/user2/repo1.git/info/lfs/locks"
|
|
// 6 = {string} "GET /api/internal/repo/user2/repo1.git/info/lfs/locks"
|
|
// 7 = {string} "POST /api/internal/repo/user2/repo1.git/info/lfs/locks/24/unlock"
|
|
assert.NotEmpty(t, routerCalls)
|
|
// assert.Contains(t, routerCalls, "PUT /api/internal/repo/user2/repo1.git/info/lfs/objects/....")
|
|
})
|
|
}
|