fix for git secret hide -m doesn't work on first use #466 (#469)

5 years ago · 10879e2253
parent 57903b9e75
commit 10879e2253
2 changed files with 45 additions and 16 deletions
--- a/src/commands/git_secret_hide.sh
+++ b/src/commands/git_secret_hide.sh
@ -65,7 +65,7 @@ function _get_file_hash {
  echo "$file_hash"
 }

-function _optional_fsdb_update_hash {
+function _fsdb_update_hash {
  local key="$1"
  local hash="$2"
  local fsdb          # path_mappings
@ -80,7 +80,7 @@ function hide {
  local clean=0
  local preserve=0
  local delete=0
-  local fsdb_update_hash=0 # add checksum hashes to fsdb
+  local update_only_modified=0
  local force_continue=0

  OPTIND=1
@ -95,7 +95,7 @@ function hide {

      d) delete=1;;

-      m) fsdb_update_hash=1;;
+      m) update_only_modified=1;;

      v) _SECRETS_VERBOSE=1;;

@ -160,7 +160,7 @@ function hide {
      file_hash=$(_get_file_hash "$input_path")
  
      # encrypt file only if required
-      if [[ "$fsdb_file_hash" != "$file_hash" ]]; then
+      if [[ "$update_only_modified" -eq 0 ]] || [[ "$fsdb_file_hash" != "$file_hash" ]]; then

        local args=( --homedir "$secrets_dir_keys" "--no-permission-warning" --use-agent --yes "--trust-model=always" --encrypt )

@ -193,12 +193,10 @@ function hide {
          fi
        fi
  
-        # If -m option was provided, it will update unencrypted file hash
+        # Update file hash for future use of -m
        local key="$filename"
        local hash="$file_hash"
-        # Update file hash if required in fsdb
-        [[ "$fsdb_update_hash" -gt 0 ]] && \
-          _optional_fsdb_update_hash "$key" "$hash"
+        _fsdb_update_hash "$key" "$hash"
      fi
    fi
  done
--- a/tests/test_hide.bats
+++ b/tests/test_hide.bats
@ -32,7 +32,7 @@ function teardown {

  # Command must execute normally:
  [ "$status" -eq 0 ]
-  [ "$output" = "git-secret: done. 1 of 1 files are hidden." ]
+  [[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]

  # New files should be created:
  local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
@ -50,11 +50,11 @@ function teardown {
 }

@test "run 'hide' normally with SECRETS_VERBOSE=1" {
-  SECRETS_VERBOSE=1 run git secret hide
+  SECRETS_VERBOSE=1 run git secret hide 

  # Command must execute normally. 
  [ "$status" -eq 0 ]
-  [[ "$output" == "git-secret: done. 1 of 1 files are hidden." ]]
+  [[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
 }

@test "run 'hide' with '-P'" {
@ -68,7 +68,7 @@ function teardown {

  # Command must execute normally:
  [ "$status" -eq 0 ]
-  [ "$output" = "git-secret: done. 1 of 1 files are hidden." ]
+  [[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]

  # New files should be created:
  local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
@ -141,7 +141,7 @@ function teardown {
  run git secret hide
  #echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
  [ "$status" -eq 0 ]
-  [ "$output" = "git-secret: done. 2 of 2 files are hidden." ]
+  [[ "$output" == *"git-secret: done. 2 of 2 files are hidden."* ]]

  # Cleaning up:
  rm "$second_file"
@ -172,7 +172,38 @@ function teardown {
  # Command must execute normally:
  [ "$status" -eq 0 ]
  # git secret hide -m: uses temp file so cleaning should take place, but we only show tmp file cleanup in VERBOSE mode
-  [ "${lines[0]}" = "git-secret: done. 1 of 1 files are hidden." ]
+  [[ "${lines[0]}" == *"git-secret: done. 1 of 1 files are hidden."* ]]
+
+  # back path mappings
+  cp "${path_mappings}" "${path_mappings}.bak"
+  # run hide again
+  run git secret hide -m
+  # compare
+  [ "$status" -eq 0 ]
+  [[ "${#lines[@]}" -eq 1 ]]
+  
+  # output says 0 of 1 files are hidden because checksum didn't change and we didn't need to hide it again.
+  [[ "$output" == *"git-secret: done. 0 of 1 files are hidden."* ]]
+  # no changes should occur to path_mappings files
+  cmp -s "${path_mappings}" "${path_mappings}.bak"
+
+  # New files should be created:
+  local encrypted_file=$(_get_encrypted_filename "$FILE_TO_HIDE")
+  [ -f "$encrypted_file" ]
+}
+
+
+@test "run 'hide' without then with '-m'" {
+  local path_mappings
+  path_mappings=$(_get_secrets_dir_paths_mapping)
+  run git secret hide
+
+  #echo "$output" | sed "s/^/# '$BATS_TEST_DESCRIPTION' output: /" >&3
+
+  # Command must execute normally:
+  [ "$status" -eq 0 ]
+  # git secret hide -m: uses temp file so cleaning should take place, but we only show tmp file cleanup in VERBOSE mode
+  [[ "${lines[0]}" == *"git-secret: done. 1 of 1 files are hidden."* ]]

  # back path mappings
  cp "${path_mappings}" "${path_mappings}.bak"
@ -183,7 +214,7 @@ function teardown {
  [[ "${#lines[@]}" -eq 1 ]]
  
  # output says 0 of 1 files are hidden because checksum didn't change and we didn't need to hide it again.
-  [ "$output" = "git-secret: done. 0 of 1 files are hidden." ]
+  [[ "$output" == *"git-secret: done. 0 of 1 files are hidden."* ]]
  # no changes should occur to path_mappings files
  cmp -s "${path_mappings}" "${path_mappings}.bak"

@ -264,5 +295,5 @@ function teardown {

  run git secret hide
  [ "$status" -eq 0 ]
-  [ "$output" = "git-secret: done. 1 of 1 files are hidden." ]
+  [[ "$output" == *"git-secret: done. 1 of 1 files are hidden."* ]]
 }