Add util for self-verification of subgroups

Author: tobias

resources/queries/queryfile.sql

@@ -64,6 +64,22 @@ SELECT *
 FROM group_verifications
 WHERE group_name = :group_name;
 
+--name: find-group-verifications-for-users-groups
+SELECT *
+FROM group_verifications gv
+JOIN (
+  SELECT name
+  FROM groups
+  WHERE (
+    "user" = :username
+    AND
+    inactive IS NOT true
+  )
+) g
+ON (
+  gv.group_name = g.name
+)
+
 --name: verify-group!
 INSERT INTO group_verifications (group_name, verified_by)
 VALUES (:group_name, :verifying_username);

src/clojars/db.clj

@@ -177,6 +177,10 @@
                                {:connection db
                                 :result-set-fn first}))
 
+(defn find-group-verifications-for-users-groups [db username]
+  (sql/find-group-verifications-for-users-groups {:username username}
+                                                 {:connection db}))
+
 (defn verify-group! [db username group-name]
   (when-not (find-group-verification db group-name)
     (sql/verify-group! {:group_name group-name

src/clojars/verification.clj

@@ -113,3 +113,26 @@
 
           :else
           (err request "You are not an active member of the group."))))))
+
+(defn verify-group-by-parent-group
+  "Verifies a group that is a subgroup of an already verified group."
+  [db {:as request :keys [username group]}]
+  (let [group              (str/lower-case group)
+        group-verification (db/find-group-verification db group)]
+    (cond
+      (not (valid-identifier? group))
+      (err request "The group name is not a valid reverse-domain name.")
+
+      group-verification
+      (err request (format "Group already verified by user '%s' on %s."
+                           (:verified_by group-verification)
+                           (common/format-date (:created group-verification))))
+
+      :else
+      (if-some [parent-group-name (some
+                                   (fn [{:keys [group_name]}]
+                                     (when (str/starts-with? group (str group_name "."))
+                                       group_name))
+                                   (db/find-group-verifications-for-users-groups db username))]
+        (verify-group db (assoc request :parent-group parent-group-name) username group)
+        (err request "The group is not a subgroup of a verified group.")))))

test/clojars/unit/verification_test.clj

@@ -134,3 +134,39 @@
                                                :domain  "foo.com"}))))
     (is (db/group-activenames help/*db* "com.foo"))
     (is (db/find-group-verification help/*db* "com.foo"))))
+
+(deftest verify-group-by-parent-group-with-invalid-group
+  (are [given] (= "The group name is not a valid reverse-domain name."
+                  (:error (nut/verify-group-by-parent-group help/*db* {:group given})))
+    "bar"
+    "com.bar;rm -rf /"
+    ".com"
+    "..com"))
+
+(deftest verify-group-by-parent-group-with-already-verified-group
+  (db/verify-group! help/*db* "dantheman" "com.foo.bar")
+  (is (match?
+       {:error (format "Group already verified by user 'dantheman' on %s."
+                       (common/format-date (Date.)))}
+       (nut/verify-group-by-parent-group help/*db* {:group "com.foo.bar"}))))
+
+(deftest verify-group-by-parent-group-with-non-subgroup
+  (db/add-group help/*db* "dantheman" "com.foo")
+  (db/verify-group! help/*db* "dantheman" "com.foo")
+  (is (match?
+       {:error "The group is not a subgroup of a verified group."}
+       (nut/verify-group-by-parent-group help/*db* {:group    "com.bar"
+                                                    :username "dantheman"})))
+  (is (match?
+       {:error "The group is not a subgroup of a verified group."}
+       (nut/verify-group-by-parent-group help/*db* {:group    "com.food"
+                                                    :username "dantheman"}))))
+
+(deftest verify-group-by-parent-group-that-is-subgroup
+  (db/add-group help/*db* "dantheman" "com.foo")
+  (db/verify-group! help/*db* "dantheman" "com.foo")
+  (is (match?
+       {:message      "The group 'com.foo.bar' has been verified."
+        :parent-group "com.foo"}
+       (nut/verify-group-by-parent-group help/*db* {:group    "com.foo.bar"
+                                                    :username "dantheman"}))))