mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-29 02:02:41 +01:00
Fix some repository URI handling issues in Git and Mercurial
Summary: See <https://github.com/facebook/phabricator/issues/467>. @dctrwatson also ran into an issue where we were trying to `setPass()` a GitURI. - For Git and Mercurial, properly generate credential URIs where relevant. - Don't try to `setPass()` on Git-style URIs. This isn't perfect but should clean things up a bit. Test Plan: Added unit tests. Lots of `grep`. Reviewers: btrahan Reviewed By: btrahan CC: dctrwatson, aran Differential Revision: https://secure.phabricator.com/D7759
This commit is contained in:
parent
1d9bf6f82b
commit
d846f6508b
7 changed files with 145 additions and 113 deletions
|
@ -1,95 +1,6 @@
|
||||||
#!/usr/bin/env php
|
#!/usr/bin/env php
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
$root = dirname(dirname(dirname(__FILE__)));
|
echo "This script is obsolete. Use `bin/repository` to manage repositories.\n";
|
||||||
require_once $root.'/scripts/__init_script__.php';
|
|
||||||
|
|
||||||
if (empty($argv[1])) {
|
|
||||||
echo "usage: test_connection.php <repository_callsign>\n";
|
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
|
||||||
|
|
||||||
echo phutil_console_wrap(
|
|
||||||
phutil_console_format(
|
|
||||||
'This script will test that you have configured valid credentials for '.
|
|
||||||
'access to a repository, so the Phabricator daemons can pull from it. '.
|
|
||||||
'You should run this as the **same user you will run the daemons as**, '.
|
|
||||||
'from the **same machine they will run from**. Doing this will help '.
|
|
||||||
'detect various problems with your configuration, such as SSH issues.'));
|
|
||||||
|
|
||||||
list($whoami) = execx('whoami');
|
|
||||||
$whoami = trim($whoami);
|
|
||||||
|
|
||||||
$ok = phutil_console_confirm("Do you want to continue as '{$whoami}'?");
|
|
||||||
if (!$ok) {
|
|
||||||
die(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
$callsign = $argv[1];
|
|
||||||
echo "Loading '{$callsign}' repository...\n";
|
|
||||||
$repository = id(new PhabricatorRepository())->loadOneWhere(
|
|
||||||
'callsign = %s',
|
|
||||||
$argv[1]);
|
|
||||||
if (!$repository) {
|
|
||||||
throw new Exception("No such repository exists!");
|
|
||||||
}
|
|
||||||
|
|
||||||
$vcs = $repository->getVersionControlSystem();
|
|
||||||
|
|
||||||
PhutilServiceProfiler::installEchoListener();
|
|
||||||
|
|
||||||
echo phutil_console_format(
|
|
||||||
"\n".
|
|
||||||
"**NOTE:** If you are prompted for an SSH password in the next step, the\n".
|
|
||||||
"daemon won't work because it doesn't have the password and can't respond\n".
|
|
||||||
"to an interactive prompt. Instead of typing the password, it will hang\n".
|
|
||||||
"forever when prompted. There are several ways to resolve this:\n\n".
|
|
||||||
" - Run the daemon inside an ssh-agent session where you have unlocked\n".
|
|
||||||
" the key (most secure, but most complicated).\n".
|
|
||||||
" - Generate a new, passwordless certificate for the daemon to use\n".
|
|
||||||
" (usually quite easy).\n".
|
|
||||||
" - Remove the passphrase from the key with `ssh-keygen -p`\n".
|
|
||||||
" (easy, but questionable).");
|
|
||||||
|
|
||||||
phutil_console_confirm('Did you read all that?', $default_no = false);
|
|
||||||
|
|
||||||
echo "Trying to connect to the remote...\n";
|
|
||||||
switch ($vcs) {
|
|
||||||
case PhabricatorRepositoryType::REPOSITORY_TYPE_SVN:
|
|
||||||
$err = $repository->passthruRemoteCommand(
|
|
||||||
'--limit 1 log %s',
|
|
||||||
$repository->getRemoteURI());
|
|
||||||
break;
|
|
||||||
case PhabricatorRepositoryType::REPOSITORY_TYPE_GIT:
|
|
||||||
// Do an ls-remote on a nonexistent ref, which we expect to just return
|
|
||||||
// nothing.
|
|
||||||
$err = $repository->passthruRemoteCommand(
|
|
||||||
'ls-remote %s %s',
|
|
||||||
$repository->getRemoteURI(),
|
|
||||||
'just-testing');
|
|
||||||
break;
|
|
||||||
case PhabricatorRepositoryType::REPOSITORY_TYPE_MERCURIAL:
|
|
||||||
// TODO: 'hg id' doesn't support --insecure so we can't tell it not to
|
|
||||||
// spew. If 'hg id' eventually supports --insecure, consider using it.
|
|
||||||
echo "(It is safe to ignore any 'certificate with fingerprint ... not ".
|
|
||||||
"verified' warnings, although you may want to configure Mercurial ".
|
|
||||||
"to recognize the server's fingerprint/certificate.)\n";
|
|
||||||
$err = $repository->passthruRemoteCommand(
|
|
||||||
'id --rev tip %s',
|
|
||||||
$repository->getRemoteURI());
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
throw new Exception("Unsupported repository type.");
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($err) {
|
|
||||||
echo phutil_console_format(
|
|
||||||
"<bg:red>** FAIL **</bg> Connection failed. The credentials for this ".
|
|
||||||
"repository appear to be incorrectly configured.\n");
|
|
||||||
exit(1);
|
|
||||||
} else {
|
|
||||||
echo phutil_console_format(
|
|
||||||
"<bg:green>** OKAY **</bg> Connection successful. The credentials for ".
|
|
||||||
"this repository appear to be correctly configured.\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
|
@ -1815,6 +1815,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorRepositoryTransaction' => 'applications/repository/storage/PhabricatorRepositoryTransaction.php',
|
'PhabricatorRepositoryTransaction' => 'applications/repository/storage/PhabricatorRepositoryTransaction.php',
|
||||||
'PhabricatorRepositoryTransactionQuery' => 'applications/repository/query/PhabricatorRepositoryTransactionQuery.php',
|
'PhabricatorRepositoryTransactionQuery' => 'applications/repository/query/PhabricatorRepositoryTransactionQuery.php',
|
||||||
'PhabricatorRepositoryType' => 'applications/repository/constants/PhabricatorRepositoryType.php',
|
'PhabricatorRepositoryType' => 'applications/repository/constants/PhabricatorRepositoryType.php',
|
||||||
|
'PhabricatorRepositoryURITestCase' => 'applications/repository/storage/__tests__/PhabricatorRepositoryURITestCase.php',
|
||||||
'PhabricatorRepositoryVCSPassword' => 'applications/repository/storage/PhabricatorRepositoryVCSPassword.php',
|
'PhabricatorRepositoryVCSPassword' => 'applications/repository/storage/PhabricatorRepositoryVCSPassword.php',
|
||||||
'PhabricatorS3FileStorageEngine' => 'applications/files/engine/PhabricatorS3FileStorageEngine.php',
|
'PhabricatorS3FileStorageEngine' => 'applications/files/engine/PhabricatorS3FileStorageEngine.php',
|
||||||
'PhabricatorSQLPatchList' => 'infrastructure/storage/patch/PhabricatorSQLPatchList.php',
|
'PhabricatorSQLPatchList' => 'infrastructure/storage/patch/PhabricatorSQLPatchList.php',
|
||||||
|
@ -4380,6 +4381,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorRepositoryTestCase' => 'PhabricatorTestCase',
|
'PhabricatorRepositoryTestCase' => 'PhabricatorTestCase',
|
||||||
'PhabricatorRepositoryTransaction' => 'PhabricatorApplicationTransaction',
|
'PhabricatorRepositoryTransaction' => 'PhabricatorApplicationTransaction',
|
||||||
'PhabricatorRepositoryTransactionQuery' => 'PhabricatorApplicationTransactionQuery',
|
'PhabricatorRepositoryTransactionQuery' => 'PhabricatorApplicationTransactionQuery',
|
||||||
|
'PhabricatorRepositoryURITestCase' => 'PhabricatorTestCase',
|
||||||
'PhabricatorRepositoryVCSPassword' => 'PhabricatorRepositoryDAO',
|
'PhabricatorRepositoryVCSPassword' => 'PhabricatorRepositoryDAO',
|
||||||
'PhabricatorS3FileStorageEngine' => 'PhabricatorFileStorageEngine',
|
'PhabricatorS3FileStorageEngine' => 'PhabricatorFileStorageEngine',
|
||||||
'PhabricatorSSHLog' => 'Phobject',
|
'PhabricatorSSHLog' => 'Phobject',
|
||||||
|
|
|
@ -63,8 +63,8 @@ final class DrydockWorkingCopyBlueprintImplementation
|
||||||
|
|
||||||
$cmd = $host_lease->getInterface('command');
|
$cmd = $host_lease->getInterface('command');
|
||||||
$cmd->execx(
|
$cmd->execx(
|
||||||
'git clone --origin origin %s %s',
|
'git clone --origin origin %P %s',
|
||||||
$repository->getRemoteURI(),
|
$repository->getRemoteURIEnvelope(),
|
||||||
$path);
|
$path);
|
||||||
|
|
||||||
$this->log(pht('Complete.'));
|
$this->log(pht('Complete.'));
|
||||||
|
|
|
@ -842,8 +842,8 @@ final class PhabricatorRepositoryPullLocalDaemon
|
||||||
}
|
}
|
||||||
|
|
||||||
$future = $proxy->getRemoteCommandFuture(
|
$future = $proxy->getRemoteCommandFuture(
|
||||||
'push --verbose --mirror -- %s',
|
'push --verbose --mirror -- %P',
|
||||||
$proxy->getRemoteURI());
|
$proxy->getRemoteURIEnvelope());
|
||||||
|
|
||||||
$future
|
$future
|
||||||
->setCWD($proxy->getLocalPath())
|
->setCWD($proxy->getLocalPath())
|
||||||
|
|
|
@ -188,8 +188,8 @@ final class PhabricatorRepositoryPullEngine
|
||||||
$path);
|
$path);
|
||||||
} else {
|
} else {
|
||||||
$repository->execxRemoteCommand(
|
$repository->execxRemoteCommand(
|
||||||
'clone --bare -- %s %s',
|
'clone --bare -- %P %s',
|
||||||
$repository->getRemoteURI(),
|
$repository->getRemoteURIEnvelope(),
|
||||||
$path);
|
$path);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -337,8 +337,8 @@ final class PhabricatorRepositoryPullEngine
|
||||||
$path);
|
$path);
|
||||||
} else {
|
} else {
|
||||||
$repository->execxRemoteCommand(
|
$repository->execxRemoteCommand(
|
||||||
'clone --noupdate -- %s %s',
|
'clone --noupdate -- %P %s',
|
||||||
$repository->getRemoteURI(),
|
$repository->getRemoteURIEnvelope(),
|
||||||
$path);
|
$path);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -81,7 +81,7 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
||||||
'callsign' => $this->getCallsign(),
|
'callsign' => $this->getCallsign(),
|
||||||
'vcs' => $this->getVersionControlSystem(),
|
'vcs' => $this->getVersionControlSystem(),
|
||||||
'uri' => PhabricatorEnv::getProductionURI($this->getURI()),
|
'uri' => PhabricatorEnv::getProductionURI($this->getURI()),
|
||||||
'remoteURI' => (string)$this->getPublicRemoteURI(),
|
'remoteURI' => (string)$this->getRemoteURI(),
|
||||||
'tracking' => $this->getDetail('tracking-enabled'),
|
'tracking' => $this->getDetail('tracking-enabled'),
|
||||||
'description' => $this->getDetail('description'),
|
'description' => $this->getDetail('description'),
|
||||||
);
|
);
|
||||||
|
@ -440,10 +440,6 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
||||||
return $args;
|
return $args;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getSSHLogin() {
|
|
||||||
return $this->getDetail('ssh-login');
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getURI() {
|
public function getURI() {
|
||||||
return '/diffusion/'.$this->getCallsign().'/';
|
return '/diffusion/'.$this->getCallsign().'/';
|
||||||
}
|
}
|
||||||
|
@ -568,6 +564,37 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the remote URI for this repository, including credentials if they're
|
||||||
|
* used by this repository.
|
||||||
|
*
|
||||||
|
* @return PhutilOpaqueEnvelope URI, possibly including credentials.
|
||||||
|
* @task uri
|
||||||
|
*/
|
||||||
|
public function getRemoteURIEnvelope() {
|
||||||
|
$uri = $this->getRemoteURIObject();
|
||||||
|
|
||||||
|
$remote_protocol = $this->getRemoteProtocol();
|
||||||
|
if ($remote_protocol == 'http' || $remote_protocol == 'https') {
|
||||||
|
// For SVN, we use `--username` and `--password` flags separately, so
|
||||||
|
// don't add any credentials here.
|
||||||
|
if (!$this->isSVN()) {
|
||||||
|
$credential_phid = $this->getCredentialPHID();
|
||||||
|
if ($credential_phid) {
|
||||||
|
$key = PassphrasePasswordKey::loadFromPHID(
|
||||||
|
$credential_phid,
|
||||||
|
PhabricatorUser::getOmnipotentUser());
|
||||||
|
|
||||||
|
$uri->setUser($key->getUsernameEnvelope()->openEnvelope());
|
||||||
|
$uri->setPass($key->getPasswordEnvelope()->openEnvelope());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PhutilOpaqueEnvelope((string)$uri);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the remote URI for this repository, without authentication information.
|
* Get the remote URI for this repository, without authentication information.
|
||||||
*
|
*
|
||||||
|
@ -584,8 +611,13 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
||||||
// password.
|
// password.
|
||||||
if (!$this->shouldUseSSH()) {
|
if (!$this->shouldUseSSH()) {
|
||||||
$uri->setUser(null);
|
$uri->setUser(null);
|
||||||
|
|
||||||
|
// This might be a Git URI or a normal URI. If it's Git, there's no
|
||||||
|
// password support.
|
||||||
|
if ($uri instanceof PhutilURI) {
|
||||||
$uri->setPass(null);
|
$uri->setPass(null);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return (string)$uri;
|
return (string)$uri;
|
||||||
}
|
}
|
||||||
|
@ -629,19 +661,11 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
|
||||||
|
|
||||||
$uri = new PhutilURI($raw_uri);
|
$uri = new PhutilURI($raw_uri);
|
||||||
if ($uri->getProtocol()) {
|
if ($uri->getProtocol()) {
|
||||||
if ($this->isSSHProtocol($uri->getProtocol())) {
|
|
||||||
if ($this->getSSHLogin()) {
|
|
||||||
$uri->setUser($this->getSSHLogin());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $uri;
|
return $uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
$uri = new PhutilGitURI($raw_uri);
|
$uri = new PhutilGitURI($raw_uri);
|
||||||
if ($uri->getDomain()) {
|
if ($uri->getDomain()) {
|
||||||
if ($this->getSSHLogin()) {
|
|
||||||
$uri->setUser($this->getSSHLogin());
|
|
||||||
}
|
|
||||||
return $uri;
|
return $uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,95 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PhabricatorRepositoryURITestCase
|
||||||
|
extends PhabricatorTestCase {
|
||||||
|
|
||||||
|
protected function getPhabricatorTestCaseConfiguration() {
|
||||||
|
return array(
|
||||||
|
self::PHABRICATOR_TESTCONFIG_BUILD_STORAGE_FIXTURES => true,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testURIGeneration() {
|
||||||
|
$svn = PhabricatorRepositoryType::REPOSITORY_TYPE_SVN;
|
||||||
|
$git = PhabricatorRepositoryType::REPOSITORY_TYPE_GIT;
|
||||||
|
$hg = PhabricatorRepositoryType::REPOSITORY_TYPE_MERCURIAL;
|
||||||
|
|
||||||
|
$user = $this->generateNewTestUser();
|
||||||
|
|
||||||
|
$http_secret = id(new PassphraseSecret())->setSecretData('quack')->save();
|
||||||
|
|
||||||
|
$http_credential = PassphraseCredential::initializeNewCredential($user)
|
||||||
|
->setCredentialType(PassphraseCredentialTypePassword::CREDENTIAL_TYPE)
|
||||||
|
->setProvidesType(PassphraseCredentialTypePassword::PROVIDES_TYPE)
|
||||||
|
->setUsername('duck')
|
||||||
|
->setSecretID($http_secret->getID())
|
||||||
|
->save();
|
||||||
|
|
||||||
|
$repo = PhabricatorRepository::initializeNewRepository($user)
|
||||||
|
->setVersionControlSystem($svn)
|
||||||
|
->setName('Test Repo')
|
||||||
|
->setCallsign('TESTREPO')
|
||||||
|
->setCredentialPHID($http_credential->getPHID())
|
||||||
|
->save();
|
||||||
|
|
||||||
|
// Test HTTP URIs.
|
||||||
|
|
||||||
|
$repo->setDetail('remote-uri', 'http://example.com/');
|
||||||
|
$repo->setVersionControlSystem($svn);
|
||||||
|
|
||||||
|
$this->assertEqual('http://example.com/', $repo->getRemoteURI());
|
||||||
|
$this->assertEqual('http://example.com/', $repo->getPublicRemoteURI());
|
||||||
|
$this->assertEqual('http://example.com/',
|
||||||
|
$repo->getRemoteURIEnvelope()->openEnvelope());
|
||||||
|
|
||||||
|
$repo->setVersionControlSystem($git);
|
||||||
|
|
||||||
|
$this->assertEqual('http://example.com/', $repo->getRemoteURI());
|
||||||
|
$this->assertEqual('http://example.com/', $repo->getPublicRemoteURI());
|
||||||
|
$this->assertEqual('http://duck:quack@example.com/',
|
||||||
|
$repo->getRemoteURIEnvelope()->openEnvelope());
|
||||||
|
|
||||||
|
$repo->setVersionControlSystem($hg);
|
||||||
|
|
||||||
|
$this->assertEqual('http://example.com/', $repo->getRemoteURI());
|
||||||
|
$this->assertEqual('http://example.com/', $repo->getPublicRemoteURI());
|
||||||
|
$this->assertEqual('http://duck:quack@example.com/',
|
||||||
|
$repo->getRemoteURIEnvelope()->openEnvelope());
|
||||||
|
|
||||||
|
// Test SSH URIs.
|
||||||
|
|
||||||
|
$repo->setDetail('remote-uri', 'ssh://example.com/');
|
||||||
|
$repo->setVersionControlSystem($svn);
|
||||||
|
|
||||||
|
$this->assertEqual('ssh://example.com/', $repo->getRemoteURI());
|
||||||
|
$this->assertEqual('ssh://example.com/', $repo->getPublicRemoteURI());
|
||||||
|
$this->assertEqual('ssh://example.com/',
|
||||||
|
$repo->getRemoteURIEnvelope()->openEnvelope());
|
||||||
|
|
||||||
|
$repo->setVersionControlSystem($git);
|
||||||
|
|
||||||
|
$this->assertEqual('ssh://example.com/', $repo->getRemoteURI());
|
||||||
|
$this->assertEqual('ssh://example.com/', $repo->getPublicRemoteURI());
|
||||||
|
$this->assertEqual('ssh://example.com/',
|
||||||
|
$repo->getRemoteURIEnvelope()->openEnvelope());
|
||||||
|
|
||||||
|
$repo->setVersionControlSystem($hg);
|
||||||
|
|
||||||
|
$this->assertEqual('ssh://example.com/', $repo->getRemoteURI());
|
||||||
|
$this->assertEqual('ssh://example.com/', $repo->getPublicRemoteURI());
|
||||||
|
$this->assertEqual('ssh://example.com/',
|
||||||
|
$repo->getRemoteURIEnvelope()->openEnvelope());
|
||||||
|
|
||||||
|
// Test Git URIs.
|
||||||
|
|
||||||
|
$repo->setDetail('remote-uri', 'git@example.com:path.git');
|
||||||
|
$repo->setVersionControlSystem($git);
|
||||||
|
|
||||||
|
$this->assertEqual('git@example.com:path.git', $repo->getRemoteURI());
|
||||||
|
$this->assertEqual('git@example.com:path.git', $repo->getPublicRemoteURI());
|
||||||
|
$this->assertEqual('git@example.com:path.git',
|
||||||
|
$repo->getRemoteURIEnvelope()->openEnvelope());
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue