fix: skip push permission check when no identity resolver is configured

CheckUserPushPermissionHook was blocking all pushes in open mode (no
users configured) because a null identityResolver returned
Optional.empty(), which fell through to the "user not registered" error
path. Add an early return when identityResolver is null, consistent with
DummyUserAuthorizationService's open/permissive behaviour.

Fixes the two failing e2eTest cases in StoreForwardModeE2ETest.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: coopernetes

jgit-proxy-core/src/main/java/org/finos/gitproxy/git/CheckUserPushPermissionHook.java

@@ -61,6 +61,16 @@ public void onPreReceive(ReceivePack rp, Collection<ReceiveCommand> commands) {
         String pushUser = config.getString("gitproxy", null, "pushUser");
         String pushToken = config.getString("gitproxy", null, "pushToken");
 
+        if (identityResolver == null) {
+            log.debug("No identity resolver configured (open mode), skipping permission check");
+            pushContext.addStep(PushStep.builder()
+                    .stepName("checkUserPermission")
+                    .stepOrder(ORDER)
+                    .status(StepStatus.PASS)
+                    .build());
+            return;
+        }
+
         if (pushUser == null || pushUser.isEmpty()) {
             log.debug("No push user found in repo config, skipping permission check");
             pushContext.addStep(PushStep.builder()

jgit-proxy-core/src/test/java/org/finos/gitproxy/git/CheckUserPushPermissionHookTest.java

@@ -167,10 +167,10 @@ void resolvedAndAuthorized_recordsPass() throws Exception {
         assertEquals(StepStatus.PASS, pushContext.getSteps().get(0).getStatus());
     }
 
-    // ---- null resolver (open mode) → treated same as resolver returning empty ----
+    // ---- null resolver (open mode) → always passes, credentials are ignored ----
 
     @Test
-    void nullResolver_withPushUser_addsNotRegisteredIssue() throws Exception {
+    void nullResolver_withPushUser_passesInOpenMode() throws Exception {
         repo.getConfig().setString("gitproxy", null, "pushUser", "anyone");
         repo.getConfig().save();
 
@@ -181,11 +181,14 @@ void nullResolver_withPushUser_addsNotRegisteredIssue() throws Exception {
         PushContext pushContext = new PushContext();
         ValidationContext validationContext = new ValidationContext();
 
-        // Explicit null resolver
+        // Null resolver = open mode: any push passes regardless of credentials
         new CheckUserPushPermissionHook(null, authService, validationContext, pushContext)
                 .onPreReceive(rp, List.of(cmd));
 
-        assertTrue(validationContext.hasIssues(), "Null resolver should still block — no way to verify identity");
+        assertFalse(
+                validationContext.hasIssues(), "Null resolver (open mode) should pass — no identity check configured");
+        assertFalse(pushContext.getSteps().isEmpty());
+        assertEquals(StepStatus.PASS, pushContext.getSteps().get(0).getStatus());
     }
 
     // ---- providerName is passed through to resolver ----