You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

169 lines
6.9 KiB

  1. // Copyright 2019 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package integrations
  5. import (
  6. "fmt"
  7. "net/http"
  8. "net/url"
  9. "testing"
  10. "code.gitea.io/gitea/models"
  11. api "code.gitea.io/gitea/modules/structs"
  12. "github.com/stretchr/testify/assert"
  13. )
  14. func getDeleteFileOptions() *api.DeleteFileOptions {
  15. return &api.DeleteFileOptions{
  16. FileOptions: api.FileOptions{
  17. BranchName: "master",
  18. NewBranchName: "master",
  19. Message: "Removing the file new/file.txt",
  20. Author: api.Identity{
  21. Name: "John Doe",
  22. Email: "johndoe@example.com",
  23. },
  24. Committer: api.Identity{
  25. Name: "Jane Doe",
  26. Email: "janedoe@example.com",
  27. },
  28. },
  29. SHA: "103ff9234cefeee5ec5361d22b49fbb04d385885",
  30. }
  31. }
  32. func TestAPIDeleteFile(t *testing.T) {
  33. onGiteaRun(t, func(t *testing.T, u *url.URL) {
  34. user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User) // owner of the repo1 & repo16
  35. user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User) // owner of the repo3, is an org
  36. user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User) // owner of neither repos
  37. repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) // public repo
  38. repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository) // public repo
  39. repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
  40. fileID := 0
  41. // Get user2's token
  42. session := loginUser(t, user2.Name)
  43. token2 := getTokenForLoggedInUser(t, session)
  44. session = emptyTestSession(t)
  45. // Get user4's token
  46. session = loginUser(t, user4.Name)
  47. token4 := getTokenForLoggedInUser(t, session)
  48. session = emptyTestSession(t)
  49. // Test deleting a file in repo1 which user2 owns, try both with branch and empty branch
  50. for _, branch := range [...]string{
  51. "master", // Branch
  52. "", // Empty branch
  53. } {
  54. fileID++
  55. treePath := fmt.Sprintf("delete/file%d.txt", fileID)
  56. createFile(user2, repo1, treePath)
  57. deleteFileOptions := getDeleteFileOptions()
  58. deleteFileOptions.BranchName = branch
  59. url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
  60. req := NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
  61. resp := session.MakeRequest(t, req, http.StatusOK)
  62. var fileResponse api.FileResponse
  63. DecodeJSON(t, resp, &fileResponse)
  64. assert.NotNil(t, fileResponse)
  65. assert.Nil(t, fileResponse.Content)
  66. }
  67. // Test deleting file and making the delete in a new branch
  68. fileID++
  69. treePath := fmt.Sprintf("delete/file%d.txt", fileID)
  70. createFile(user2, repo1, treePath)
  71. deleteFileOptions := getDeleteFileOptions()
  72. deleteFileOptions.BranchName = repo1.DefaultBranch
  73. deleteFileOptions.NewBranchName = "new_branch"
  74. url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
  75. req := NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
  76. resp := session.MakeRequest(t, req, http.StatusOK)
  77. var fileResponse api.FileResponse
  78. DecodeJSON(t, resp, &fileResponse)
  79. assert.NotNil(t, fileResponse)
  80. assert.Nil(t, fileResponse.Content)
  81. assert.EqualValues(t, deleteFileOptions.Message+"\n", fileResponse.Commit.Message)
  82. // Test deleting file without a message
  83. fileID++
  84. treePath = fmt.Sprintf("delete/file%d.txt", fileID)
  85. createFile(user2, repo1, treePath)
  86. deleteFileOptions = getDeleteFileOptions()
  87. deleteFileOptions.Message = ""
  88. url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
  89. req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
  90. resp = session.MakeRequest(t, req, http.StatusOK)
  91. DecodeJSON(t, resp, &fileResponse)
  92. expectedMessage := "Delete '" + treePath + "'\n"
  93. assert.EqualValues(t, expectedMessage, fileResponse.Commit.Message)
  94. // Test deleting a file with the wrong SHA
  95. fileID++
  96. treePath = fmt.Sprintf("delete/file%d.txt", fileID)
  97. createFile(user2, repo1, treePath)
  98. deleteFileOptions = getDeleteFileOptions()
  99. deleteFileOptions.SHA = "badsha"
  100. url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
  101. req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
  102. resp = session.MakeRequest(t, req, http.StatusBadRequest)
  103. // Test creating a file in repo16 by user4 who does not have write access
  104. fileID++
  105. treePath = fmt.Sprintf("delete/file%d.txt", fileID)
  106. createFile(user2, repo16, treePath)
  107. deleteFileOptions = getDeleteFileOptions()
  108. url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token4)
  109. req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
  110. session.MakeRequest(t, req, http.StatusNotFound)
  111. // Tests a repo with no token given so will fail
  112. fileID++
  113. treePath = fmt.Sprintf("delete/file%d.txt", fileID)
  114. createFile(user2, repo16, treePath)
  115. deleteFileOptions = getDeleteFileOptions()
  116. url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user2.Name, repo16.Name, treePath)
  117. req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
  118. session.MakeRequest(t, req, http.StatusNotFound)
  119. // Test using access token for a private repo that the user of the token owns
  120. fileID++
  121. treePath = fmt.Sprintf("delete/file%d.txt", fileID)
  122. createFile(user2, repo16, treePath)
  123. deleteFileOptions = getDeleteFileOptions()
  124. url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token2)
  125. req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
  126. session.MakeRequest(t, req, http.StatusOK)
  127. // Test using org repo "user3/repo3" where user2 is a collaborator
  128. fileID++
  129. treePath = fmt.Sprintf("delete/file%d.txt", fileID)
  130. createFile(user3, repo3, treePath)
  131. deleteFileOptions = getDeleteFileOptions()
  132. url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user3.Name, repo3.Name, treePath, token2)
  133. req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
  134. session.MakeRequest(t, req, http.StatusOK)
  135. // Test using org repo "user3/repo3" with no user token
  136. fileID++
  137. treePath = fmt.Sprintf("delete/file%d.txt", fileID)
  138. createFile(user3, repo3, treePath)
  139. deleteFileOptions = getDeleteFileOptions()
  140. url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user3.Name, repo3.Name, treePath)
  141. req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
  142. session.MakeRequest(t, req, http.StatusNotFound)
  143. // Test using repo "user2/repo1" where user4 is a NOT collaborator
  144. fileID++
  145. treePath = fmt.Sprintf("delete/file%d.txt", fileID)
  146. createFile(user2, repo1, treePath)
  147. deleteFileOptions = getDeleteFileOptions()
  148. url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token4)
  149. req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
  150. session.MakeRequest(t, req, http.StatusForbidden)
  151. })
  152. }