如何通过git pre-receive钩对用户进行身份验证 [英] How to authenticate user via git pre-receive hook

问题描述

我正在寻找用Python编写pre-receive githook的方法.据我了解，没有将任何参数传递到pre-receive脚本中，而是使用标准输入在单独的行中传递了每个引用.我已经能够通过以下方式阅读参考更改:

I am looking to write a pre-receive githook in Python. It is my understanding that no arguments are passed into pre-receive scripts but rather each reference is passed in using standard input on separate lines. I have been able to read the reference changes via:

!/usr/bin/env python

import sys
import fileinput

for line in fileinput.input():
    print "pre-receive: Trying to push ref: %s" % line

但是，对于这个钩子，我主要关心的是确保用户推送代码具有正确的特权来推送到他们要尝试的分支.通过研究，我一直无法找到一种方法来查找提交者的用户凭据.我的目标是将他们的信誉与白名单进行比较，以授予访问权限.

However, for this hook, I am mainly concerned with making sure that the user pushing code has the correct privileges to push to the branch of which they are trying to. Through my research, I have been unable to find a way to seek the committer's user credentials. It was my goal to compare their creds against a whitelist in order to grant access.

如何更改我的pre-receive代码以验证提交用户并验证其是否已列入白名单以推送到其尝试的分支?为了使代码功能，我必须对git仓库进行哪些更改(如果有的话)?

How can I change my pre-receive code to authenticate the committing user and verify that they are whitelisted to push to their attempted branch? And what, if any, changes do I have to make on the git repository to make the code function?

推荐答案

从标准输入中，我们可以得到<old-value> SP <new-value> SP <ref-name> LF.在挂钩中使用git cat-file -p $new-value或git cat-file -p $ref-name，我们可以获得类似的信息

From the stdin, we can get <old-value> SP <new-value> SP <ref-name> LF. Use git cat-file -p $new-value or git cat-file -p $ref-name in the hook, we can get info like this

tree d06734b17feff2faf22bcd7c0fac1587876e601d
parent 524bd5e2fa72e6358a22f28582e094de936c3768
author Xyz <mm@nn.com> 1466782764 +0800
committer Abc <ss@tt.com> 1466782764 +0800

或者以更直接的方式，我们可以使用git log -1 --pretty=%an $ref-name获取作者，并使用git log -1 --pretty=%cn $ref-name获取提交者.

Or in a more straightforward way, we can use git log -1 --pretty=%an $ref-name to get the author, and git log -1 --pretty=%cn $ref-name to get the committer.

所以bash中的钩子的一部分可能像这样:

So a part of the hook in bash could be like:

#!/bin/bash

read old new ref
author=$(git log -1 $ref --pretty=%an)
committer=$(git log -1 $ref --pretty=%cn)
echo author:$author
echo committer:$committer

左边是检查作者或提交者是否有权做某事.

The left part is to check if the author or committer has the right to do something.

在python中实现钩子的我的版本应该是

My version to implement your hook in python would be

#!/usr/bin/env python

import sys
import fileinput
import commands

for line in fileinput.input():
    print "pre-receive: Trying to push ref: %s" % line
    values = line.split()
    old = values[0]
    new = values[1]
    ref = values[2]
    author = ''
    committer = ''
    status,output = commands.getstatusoutput('git log -1 --pretty=%an {0}'.format(ref))
    if status == 0:
        author = output
    status,output = commands.getstatusoutput('git log -1 --pretty=%cn {0}'.format(ref))
    if status == 0:
        committer = output

这篇关于如何通过git pre-receive钩对用户进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！