diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2016-12-03 14:55:14 +0000 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2016-12-03 16:06:49 +0000 |
commit | abdf0cf6b732d8a7aff05c26e7cd0c82d2ea0f34 (patch) | |
tree | 37db7388421cfda0470576179b75a4edf1aaee64 | |
parent | b9f45628f4ef30ba4737121d1f84f1ebd12ea6bf (diff) | |
download | gitano-abdf0cf6b732d8a7aff05c26e7cd0c82d2ea0f34.tar.gz |
Ensure that if the gitano-bypass user is invoked, Gitano whines loudly
-rw-r--r-- | lang/en.lua | 3 | ||||
-rw-r--r-- | lib/gitano/auth.lua | 6 | ||||
-rw-r--r-- | testing/01-basics.yarn | 13 |
3 files changed, 22 insertions, 0 deletions
diff --git a/lang/en.lua b/lang/en.lua index 672373b..2f1b76b 100644 --- a/lang/en.lua +++ b/lang/en.lua @@ -132,6 +132,9 @@ example administration repository rules and an admin user and group. ERROR_RULESET_UNCLEAN = "Ruleset did not complete cleanly", RULESET_ALLOWED = "Ruleset permitted action", RULESET_DENIED = "Ruleset denied action. Sorry.", + BYPASS_USER_BANNER_HEADER = "**** ALERT **** ALERT **** PAY CAREFUL ATTENTION **** ALERT **** ALERT ****", + BYPASS_USER_ALERT_MESSAGE = "**** You are acting as the bypass user. Rules and hooks WILL NOT APPLY ****", + BYPASS_USER_BANNER_FOOTER = "**** ALERT **** ALERT **** DO NOT DO THIS NORMALLY **** ALERT **** ALERT ****", -- Messages from the config module NO_SITE_CONF = "No site.conf", diff --git a/lib/gitano/auth.lua b/lib/gitano/auth.lua index 11d74a4..705002d 100644 --- a/lib/gitano/auth.lua +++ b/lib/gitano/auth.lua @@ -104,6 +104,12 @@ local function is_authorized(user, source, cmdline, repo_root, end end + if user == "gitano-bypass" then + log.stdout(i18n.expand("BYPASS_USER_BANNER_HEADER")) + log.stdout(i18n.expand("BYPASS_USER_ALERT_MESSAGE")) + log.stdout(i18n.expand("BYPASS_USER_BANNER_FOOTER")) + end + if not cmd.validate(admin_conf, repo, parsed_cmdline) then log.critical(i18n.expand("ERROR_VALIDATION_FAILED")) return nil diff --git a/testing/01-basics.yarn b/testing/01-basics.yarn index 5667851..76c492b 100644 --- a/testing/01-basics.yarn +++ b/testing/01-basics.yarn @@ -117,3 +117,16 @@ so when you haven't provided a command you get an error message. GIVEN a standard instance WHEN testinstance adminkey, expecting failure, runs THEN stderr contains FATAL: No command provided, cannot continue + +Bypass user alerting +-------------------- + +When the bypass user is used, Gitano should whine strongly in order to +discourage the human doing this. In addition this whine is sent to stdout +in order to discourage the human from automating bypasses instead. + + SCENARIO using bypass warns loudly + GIVEN a standard instance + WHEN testinstance bypasskey runs ls + THEN stdout contains ALERT + AND stdout contains DO NOT DO THIS |