Extend pre-commit hook to check for missing pattern config

- This closes #6
- pre-commit hooks are now always installed by init
- This also changes the semantics of the timezone switch of init
  Now warnings are the default and strict checking (abort) can be
  optioned (Related to #3)
- Introduces a tzcheck command that solely checks for timezone changes
- Hide the normal check command from the help (only for hook usage)

Author: cburkert

README.md

@@ -48,18 +48,12 @@ Note: Git-privacy requires Python version 3.6 or later.
 ### Redaction of New Commits
 
 New commits are automatically redacted if git-privacy is initialised in a repo.
-This is achieve via a post-commit hook.
+This is achieved via a post-commit hook.
 
 If you want to manually redact the last commit, run:
 
     git-privacy redate --only-head
 
-### View Unredacted Dates
-
-To view the unredacted commit dates, git-privacy offers a git-log-like listing:
-
-    git-privacy log
-
 ### Bulk Re-dating of Commits
 
 To redact and redate all commits of the currently active branch run:
@@ -81,12 +75,27 @@ For example, you can use this to redate all commits of branch since it has been
 
     git-privacy redate master
 
-## Optional: Timezone Change Warnings
+### View Unredacted Dates
+
+To view the unredacted commit dates, git-privacy offers a git-log-like listing:
+
+    git-privacy log
+
+Note: Unredacted dates are only preserved if you specify a password in the
+config which allows git-privacy to store the encrypted dates in the commit.
+
+
+### Time Zone Change Warnings
+
+Git commit dates include your current system time zone. These time zones might
+leak information about your travel activities.
+Git-privacy warns you about any changes in your system time zone since your last commit.
+By default, this is just a warning.
+You can set git-privacy to prevent commits with changed time zone by running
 
-Additionally you may install a pre-commit hook which currently checks if your timezone differs from the last commit.
-To do so simply execute:
+    git-privacy init --timezone-change=abort
 
-    git-privacy init --enable-check
+or by setting the `privacy.ignoreTimezone` switch in the Git config to `False`.
 
 
 ## Email Address Redaction

gitprivacy/gitprivacy.py

@@ -36,7 +36,7 @@ def __init__(self, gitdir: str) -> None:
             self.salt = config.get_value(self.SECTION, 'salt', '')
             self.ignoreTimezone = bool(config.get_value(self.SECTION,
                                                         'ignoreTimezone',
-                                                        False))
+                                                        True))
 
     def get_crypto(self) -> Optional[EncryptionProvider]:
         if not self.password:
@@ -80,21 +80,27 @@ def cli(ctx: click.Context, gitdir):
 
 
 @cli.command('init')
-@click.option('-c', '--enable-check', is_flag=True,
-              help="Enable execution of 'check' before committing.")
 @click.option('-g', '--global', "globally", is_flag=True,
               help="Setup a global template instead.")
+@click.option('--timezone-change', type=click.Choice(("warn", "abort")),
+              #default="warn", show_default=True,
+              help=("Reaction strategy to detected time zone changes pre commit."
+                    " (default: warn)"))
 @click.pass_context
-def do_init(ctx: click.Context, enable_check, globally):
+def do_init(ctx: click.Context, globally: bool, 
+            timezone_change: Optional[str]) -> None:
     """Init git-privacy for this repository."""
     repo = ctx.obj.repo
     if globally:
         git_dir = get_template_dir(repo)
     else:
         git_dir = repo.git_dir
     copy_hook(git_dir, "post-commit")
-    if enable_check:
-        copy_hook(git_dir, "pre-commit")
+    copy_hook(git_dir, "pre-commit")
+    # only (over-)write settings if option is explicitly specified
+    if timezone_change is not None:
+        assert timezone_change in ("warn", "abort")
+        ctx.obj.write_config(ignoreTimezone=(timezone_change == "warn"))
 
 
 def get_template_dir(repo: git.Repo) -> str:
@@ -259,13 +265,31 @@ def do_redate(ctx: click.Context, startpoint: str,
     rewriter.finish(rev)
 
 
-@cli.command('check')
+@cli.command('check', hidden=True)
 @click.pass_context
 def do_check(ctx: click.Context):
+    """Pre-commit checks."""
+    # check for setup up redaction patterns
+    ctx.obj.get_dateredacter()  # raises errors if pattern is missing
+    # check for timezone changes
+    tzchanged = ctx.invoke(check_timezone_changes)
+    if tzchanged and not ctx.obj.ignoreTimezone:
+        click.echo(
+            '\n'
+            'abort commit (set "git config privacy.ignoreTimezone true"'
+            ' to commit anyway)',
+            err=True,
+        )
+        ctx.exit(2)
+
+
+@cli.command('tzcheck')
+@click.pass_context
+def check_timezone_changes(ctx: click.Context) -> bool:
     """Check for timezone change since last commit."""
     repo = ctx.obj.repo
     if not repo.head.is_valid():
-        return  # no previous commits
+        return False  # no previous commits
     with repo.config_reader() as cr:
         user_email = cr.get_value("user", "email", "")
     if not user_email:
@@ -277,7 +301,7 @@ def do_check(ctx: click.Context):
     )
     last_commit = next(user_commits, None)
     if last_commit is None:
-        return  # no previous commits by this user
+        return False  # no previous commits by this user
     current_tz = datetime.now(timezone.utc).astimezone().tzinfo
     if last_commit.author.email == user_email:
         last_tz = last_commit.authored_datetime.tzinfo
@@ -289,14 +313,8 @@ def do_check(ctx: click.Context):
     if (last_tz and current_tz and
             last_tz.utcoffset(dummy_date) != current_tz.utcoffset(dummy_date)):
         click.echo("Warning: Your timezone has changed since your last commit.", err=True)
-        if not ctx.obj.ignoreTimezone:
-            click.echo(
-                '\n'
-                'abort commit (set "git config privacy.ignoreTimezone true"'
-                ' to commit anyway)',
-                err=True,
-            )
-            ctx.exit(2)
+        return True
+    return False
 
 
 cli.add_command(email.redact_email)

tests/test_gitprivacy.py

@@ -239,11 +239,14 @@ def test_init(self):
             self.setConfig()
             result = self.invoke('init')
             self.assertEqual(result.exit_code, 0)
-            self.assertEqual(result.output, "Installed post-commit hook" + os.linesep)
+            self.assertEqual(result.output, os.linesep.join(
+                f"Installed {hook} hook"
+                for hook in ["post-commit", "pre-commit"]
+            ) + os.linesep)
             self.assertTrue(os.access(os.path.join(".git", "hooks", "post-commit"),
                                       os.R_OK | os.X_OK))
-            self.assertFalse(os.access(os.path.join(".git", "hooks", "pre-commit"),
-                                       os.F_OK))
+            self.assertTrue(os.access(os.path.join(".git", "hooks", "pre-commit"),
+                                      os.F_OK))
             a = self.addCommit("a")  # gitpython already returns the rewritten commit
             self.assertEqual(a.authored_datetime,
                              a.authored_datetime.replace(minute=0, second=0))
@@ -252,7 +255,7 @@ def test_initwithcheck(self):
         with self.runner.isolated_filesystem():
             self.setUpRepo()
             self.setConfig()
-            result = self.invoke('init --enable-check')
+            result = self.invoke('init --timezone-change=abort')
             self.assertEqual(result.exit_code, 0)
             self.assertEqual(result.output, os.linesep.join(
                 f"Installed {hook} hook"
@@ -283,15 +286,16 @@ def test_checkchange(self):
         with self.runner.isolated_filesystem():
             self.setUpRepo()
             self.setConfig()
+            self.git.config(["privacy.ignoreTimezone", "false"])  # default is ignore
             os.environ['TZ'] = 'Europe/London'
             time.tzset()
             a = self.addCommit("a")
             os.environ['TZ'] = 'Europe/Berlin'
             time.tzset()
             result = self.invoke('check')
-            self.assertEqual(result.exit_code, 2)
             self.assertTrue(result.output.startswith(
                 "Warning: Your timezone has changed"))
+            self.assertEqual(result.exit_code, 2)
 
     def test_checkchangeignore(self):
         with self.runner.isolated_filesystem():
@@ -312,7 +316,18 @@ def test_checkwithhook(self):
         with self.runner.isolated_filesystem():
             self.setUpRepo()
             self.setConfig()
-            result = self.invoke('init -c')
+            result = self.invoke('init')
+            self.assertEqual(result.exit_code, 0)
+            os.environ['TZ'] = 'Europe/London'
+            time.tzset()
+            a = self.addCommit("a")
+            os.environ['TZ'] = 'Europe/Berlin'
+            time.tzset()
+            self.addCommit("b")  # should not fail
+        with self.runner.isolated_filesystem():
+            self.setUpRepo()
+            self.setConfig()
+            result = self.invoke('init --timezone-change=abort')
             self.assertEqual(result.exit_code, 0)
             os.environ['TZ'] = 'Europe/London'
             time.tzset()
@@ -326,6 +341,7 @@ def test_checkdifferentusers(self):
         with self.runner.isolated_filesystem():
             self.setUpRepo()
             self.setConfig()
+            self.git.config(["privacy.ignoreTimezone", "false"])  # default is ignore
             os.environ['TZ'] = 'Europe/London'
             time.tzset()
             self.git.config(["user.email", "[email protected]"])
@@ -444,7 +460,10 @@ def test_globaltemplate(self):
             self.git.config(["user.email", "[email protected]"])
             result = self.invoke('init -g')
             self.assertEqual(result.exit_code, 0)
-            self.assertEqual(result.output, "Installed post-commit hook" + os.linesep)
+            self.assertEqual(result.output, os.linesep.join(
+                f"Installed {hook} hook"
+                for hook in ["post-commit", "pre-commit"]
+            ) + os.linesep)
             # local Git repo initialised BEFORE global template was set up
             # hence the hooks are not present and active locally yet
             self.assertFalse(os.access(os.path.join(".git", "hooks", "post-commit"),
@@ -453,8 +472,8 @@ def test_globaltemplate(self):
                                        os.F_OK))
             self.assertTrue(os.access(os.path.join(templdir, "hooks", "post-commit"),
                                        os.R_OK | os.X_OK))
-            self.assertFalse(os.access(os.path.join(templdir, "hooks", "pre-commit"),
-                                       os.F_OK))
+            self.assertTrue(os.access(os.path.join(templdir, "hooks", "pre-commit"),
+                                      os.F_OK))
             a = self.addCommit("a")  # gitpython already returns the rewritten commit
             self.assertNotEqual(a.authored_datetime,
                              a.authored_datetime.replace(minute=0, second=0))
@@ -463,8 +482,8 @@ def test_globaltemplate(self):
             self.setUpRepo(templatedir=templdir)
             self.assertTrue(os.access(os.path.join(".git", "hooks", "post-commit"),
                                        os.R_OK | os.X_OK))  # now installed locally too
-            self.assertFalse(os.access(os.path.join(".git", "hooks", "pre-commit"),
-                                       os.F_OK))
+            self.assertTrue(os.access(os.path.join(".git", "hooks", "pre-commit"),
+                                      os.F_OK))
             b = self.addCommit("b")  # gitpython already returns the rewritten commit
             self.assertEqual(b.authored_datetime,
                              b.authored_datetime.replace(minute=0, second=0))