diff options
| author | DanConwayDev <DanConwayDev@protonmail.com> | 2025-11-28 03:38:50 +0000 |
|---|---|---|
| committer | DanConwayDev <DanConwayDev@protonmail.com> | 2025-11-28 03:38:50 +0000 |
| commit | f41550ea1898be2ec6c4be205e4cad0085400313 (patch) | |
| tree | 00cc474031bf81fe382c6276e52fd769b275cd3f /grasp-audit/src/specs/grasp01/push_authorization.rs | |
| parent | 3f74ababf338d65ac5e29e7eb5541ce416b7fe75 (diff) | |
audit: stop checking git_data_directory
Diffstat (limited to 'grasp-audit/src/specs/grasp01/push_authorization.rs')
| -rw-r--r-- | grasp-audit/src/specs/grasp01/push_authorization.rs | 64 |
1 files changed, 4 insertions, 60 deletions
diff --git a/grasp-audit/src/specs/grasp01/push_authorization.rs b/grasp-audit/src/specs/grasp01/push_authorization.rs index 4599ea5..69664d6 100644 --- a/grasp-audit/src/specs/grasp01/push_authorization.rs +++ b/grasp-audit/src/specs/grasp01/push_authorization.rs | |||
| @@ -33,15 +33,14 @@ impl PushAuthorizationTests { | |||
| 33 | /// Run all push authorization tests | 33 | /// Run all push authorization tests |
| 34 | pub async fn run_all( | 34 | pub async fn run_all( |
| 35 | client: &AuditClient, | 35 | client: &AuditClient, |
| 36 | git_data_dir: &Path, | ||
| 37 | relay_domain: &str, | 36 | relay_domain: &str, |
| 38 | ) -> crate::AuditResult { | 37 | ) -> crate::AuditResult { |
| 39 | let mut results = crate::AuditResult::new("GRASP-01 Push Authorization Tests"); | 38 | let mut results = crate::AuditResult::new("GRASP-01 Push Authorization Tests"); |
| 40 | 39 | ||
| 41 | results.add(Self::test_push_authorized_by_owner_state(client, git_data_dir, relay_domain).await); | 40 | results.add(Self::test_push_authorized_by_owner_state(client, relay_domain).await); |
| 42 | results.add(Self::test_push_rejected_without_state_event(client, git_data_dir, relay_domain).await); | 41 | results.add(Self::test_push_rejected_without_state_event(client, relay_domain).await); |
| 43 | results.add(Self::test_push_rejected_wrong_commit(client, git_data_dir, relay_domain).await); | 42 | results.add(Self::test_push_rejected_wrong_commit(client, relay_domain).await); |
| 44 | results.add(Self::test_push_authorized_by_maintainer_state_only(client, git_data_dir, relay_domain).await); | 43 | results.add(Self::test_push_authorized_by_maintainer_state_only(client, relay_domain).await); |
| 45 | 44 | ||
| 46 | results | 45 | results |
| 47 | } | 46 | } |
| @@ -59,7 +58,6 @@ impl PushAuthorizationTests { | |||
| 59 | /// 3. **Verify**: Push should succeed because state event authorizes this commit | 58 | /// 3. **Verify**: Push should succeed because state event authorizes this commit |
| 60 | pub async fn test_push_authorized_by_owner_state( | 59 | pub async fn test_push_authorized_by_owner_state( |
| 61 | client: &AuditClient, | 60 | client: &AuditClient, |
| 62 | git_data_dir: &Path, | ||
| 63 | relay_domain: &str, | 61 | relay_domain: &str, |
| 64 | ) -> TestResult { | 62 | ) -> TestResult { |
| 65 | use std::process::Command; | 63 | use std::process::Command; |
| @@ -103,13 +101,6 @@ impl PushAuthorizationTests { | |||
| 103 | } | 101 | } |
| 104 | }; | 102 | }; |
| 105 | 103 | ||
| 106 | // Verify repo exists on disk | ||
| 107 | let repo_path = git_data_dir.join(&npub).join(format!("{}.git", repo_id)); | ||
| 108 | if !repo_path.exists() { | ||
| 109 | return TestResult::new(test_name, "GRASP-01", "Push authorized with matching state") | ||
| 110 | .fail(&format!("Repo not found: {}", repo_path.display())); | ||
| 111 | } | ||
| 112 | |||
| 113 | // ============================================================ | 104 | // ============================================================ |
| 114 | // Step 2: SEND - Clone repo, create deterministic commit, push | 105 | // Step 2: SEND - Clone repo, create deterministic commit, push |
| 115 | // ============================================================ | 106 | // ============================================================ |
| @@ -222,7 +213,6 @@ impl PushAuthorizationTests { | |||
| 222 | /// Test that push is rejected when no state event exists | 213 | /// Test that push is rejected when no state event exists |
| 223 | pub async fn test_push_rejected_without_state_event( | 214 | pub async fn test_push_rejected_without_state_event( |
| 224 | client: &AuditClient, | 215 | client: &AuditClient, |
| 225 | git_data_dir: &Path, | ||
| 226 | relay_domain: &str, | 216 | relay_domain: &str, |
| 227 | ) -> TestResult { | 217 | ) -> TestResult { |
| 228 | let test_name = "test_push_rejected_without_state_event"; | 218 | let test_name = "test_push_rejected_without_state_event"; |
| @@ -243,12 +233,6 @@ impl PushAuthorizationTests { | |||
| 243 | .and_then(|t| t.content()).unwrap().to_string(); | 233 | .and_then(|t| t.content()).unwrap().to_string(); |
| 244 | let npub = repo.pubkey.to_bech32().unwrap(); | 234 | let npub = repo.pubkey.to_bech32().unwrap(); |
| 245 | 235 | ||
| 246 | let repo_path = git_data_dir.join(&npub).join(format!("{}.git", repo_id)); | ||
| 247 | if !repo_path.exists() { | ||
| 248 | return TestResult::new(test_name, "GRASP-01", "Push rejected without state event") | ||
| 249 | .fail(&format!("Repo not found: {}", repo_path.display())); | ||
| 250 | } | ||
| 251 | |||
| 252 | // Clone and create commit | 236 | // Clone and create commit |
| 253 | let clone_path = match clone_repo(relay_domain, &npub, &repo_id) { | 237 | let clone_path = match clone_repo(relay_domain, &npub, &repo_id) { |
| 254 | Ok(p) => p, | 238 | Ok(p) => p, |
| @@ -286,7 +270,6 @@ impl PushAuthorizationTests { | |||
| 286 | /// 4. **Verify**: Push should be rejected because new commit doesn't match state event | 270 | /// 4. **Verify**: Push should be rejected because new commit doesn't match state event |
| 287 | pub async fn test_push_rejected_wrong_commit( | 271 | pub async fn test_push_rejected_wrong_commit( |
| 288 | client: &AuditClient, | 272 | client: &AuditClient, |
| 289 | git_data_dir: &Path, | ||
| 290 | relay_domain: &str, | 273 | relay_domain: &str, |
| 291 | ) -> TestResult { | 274 | ) -> TestResult { |
| 292 | use std::process::Command; | 275 | use std::process::Command; |
| @@ -330,13 +313,6 @@ impl PushAuthorizationTests { | |||
| 330 | } | 313 | } |
| 331 | }; | 314 | }; |
| 332 | 315 | ||
| 333 | // Verify repo exists on disk | ||
| 334 | let repo_path = git_data_dir.join(&npub).join(format!("{}.git", repo_id)); | ||
| 335 | if !repo_path.exists() { | ||
| 336 | return TestResult::new(test_name, "GRASP-01", "Push rejected when commit not in state event") | ||
| 337 | .fail(&format!("Repo not found: {}", repo_path.display())); | ||
| 338 | } | ||
| 339 | |||
| 340 | // ============================================================ | 316 | // ============================================================ |
| 341 | // Step 2: SEND - Clone repo, create deterministic commit, push | 317 | // Step 2: SEND - Clone repo, create deterministic commit, push |
| 342 | // (establishes the state on the relay) | 318 | // (establishes the state on the relay) |
| @@ -495,7 +471,6 @@ impl PushAuthorizationTests { | |||
| 495 | /// 4. The push should be ACCEPTED because maintainer's state event authorizes it | 471 | /// 4. The push should be ACCEPTED because maintainer's state event authorizes it |
| 496 | pub async fn test_push_authorized_by_maintainer_state_only( | 472 | pub async fn test_push_authorized_by_maintainer_state_only( |
| 497 | client: &AuditClient, | 473 | client: &AuditClient, |
| 498 | git_data_dir: &Path, | ||
| 499 | relay_domain: &str, | 474 | relay_domain: &str, |
| 500 | ) -> TestResult { | 475 | ) -> TestResult { |
| 501 | use std::process::Command; | 476 | use std::process::Command; |
| @@ -566,17 +541,6 @@ impl PushAuthorizationTests { | |||
| 566 | } | 541 | } |
| 567 | }; | 542 | }; |
| 568 | 543 | ||
| 569 | // Verify repo exists on disk | ||
| 570 | let repo_path = git_data_dir.join(&npub).join(format!("{}.git", repo_id)); | ||
| 571 | if !repo_path.exists() { | ||
| 572 | return TestResult::new( | ||
| 573 | test_name, | ||
| 574 | "GRASP-01", | ||
| 575 | "Push authorized by maintainer state event only (no announcement)", | ||
| 576 | ) | ||
| 577 | .fail(&format!("Repo not found: {}", repo_path.display())); | ||
| 578 | } | ||
| 579 | |||
| 580 | // ============================================================ | 544 | // ============================================================ |
| 581 | // Step 2: SEND - Clone, create maintainer commit, push | 545 | // Step 2: SEND - Clone, create maintainer commit, push |
| 582 | // ============================================================ | 546 | // ============================================================ |
| @@ -741,7 +705,6 @@ impl PushAuthorizationTests { | |||
| 741 | /// Each level publishes announcements that authorize the next level. | 705 | /// Each level publishes announcements that authorize the next level. |
| 742 | pub async fn test_push_authorized_by_recursive_maintainer_state( | 706 | pub async fn test_push_authorized_by_recursive_maintainer_state( |
| 743 | client: &AuditClient, | 707 | client: &AuditClient, |
| 744 | git_data_dir: &Path, | ||
| 745 | relay_domain: &str, | 708 | relay_domain: &str, |
| 746 | ) -> TestResult { | 709 | ) -> TestResult { |
| 747 | use std::process::Command; | 710 | use std::process::Command; |
| @@ -837,17 +800,6 @@ impl PushAuthorizationTests { | |||
| 837 | } | 800 | } |
| 838 | }; | 801 | }; |
| 839 | 802 | ||
| 840 | // Verify repo exists on disk | ||
| 841 | let repo_path = git_data_dir.join(&npub).join(format!("{}.git", repo_id)); | ||
| 842 | if !repo_path.exists() { | ||
| 843 | return TestResult::new( | ||
| 844 | test_name, | ||
| 845 | "GRASP-01", | ||
| 846 | "Push authorized by recursive maintainer state event", | ||
| 847 | ) | ||
| 848 | .fail(&format!("Repo not found: {}", repo_path.display())); | ||
| 849 | } | ||
| 850 | |||
| 851 | // ============================================================ | 803 | // ============================================================ |
| 852 | // Step 2: SEND - Clone, create recursive maintainer commit, push | 804 | // Step 2: SEND - Clone, create recursive maintainer commit, push |
| 853 | // ============================================================ | 805 | // ============================================================ |
| @@ -1007,7 +959,6 @@ impl PushAuthorizationTests { | |||
| 1007 | /// 5. **Verify**: Push should be rejected because rogue state event is ignored | 959 | /// 5. **Verify**: Push should be rejected because rogue state event is ignored |
| 1008 | pub async fn test_non_maintainer_state_rejected( | 960 | pub async fn test_non_maintainer_state_rejected( |
| 1009 | client: &AuditClient, | 961 | client: &AuditClient, |
| 1010 | git_data_dir: &Path, | ||
| 1011 | relay_domain: &str, | 962 | relay_domain: &str, |
| 1012 | ) -> TestResult { | 963 | ) -> TestResult { |
| 1013 | use std::process::Command; | 964 | use std::process::Command; |
| @@ -1051,13 +1002,6 @@ impl PushAuthorizationTests { | |||
| 1051 | } | 1002 | } |
| 1052 | }; | 1003 | }; |
| 1053 | 1004 | ||
| 1054 | // Verify repo exists on disk | ||
| 1055 | let repo_path = git_data_dir.join(&npub).join(format!("{}.git", repo_id)); | ||
| 1056 | if !repo_path.exists() { | ||
| 1057 | return TestResult::new(test_name, "GRASP-01", "Non-maintainer state events ignored") | ||
| 1058 | .fail(&format!("Repo not found: {}", repo_path.display())); | ||
| 1059 | } | ||
| 1060 | |||
| 1061 | // ============================================================ | 1005 | // ============================================================ |
| 1062 | // Step 2: SEND - Clone repo, create deterministic commit, push | 1006 | // Step 2: SEND - Clone repo, create deterministic commit, push |
| 1063 | // (establishes the state on the relay) | 1007 | // (establishes the state on the relay) |