- // Copyright 2019 The Gitea Authors. All rights reserved.
- // Use of this source code is governed by a MIT-style
- // license that can be found in the LICENSE file.
-
- package integrations
-
- import (
- "bytes"
- "image"
- "image/png"
- "io"
- "mime/multipart"
- "net/http"
- "strings"
- "testing"
-
- "code.gitea.io/gitea/models"
- "code.gitea.io/gitea/modules/storage"
- "code.gitea.io/gitea/modules/test"
-
- "github.com/stretchr/testify/assert"
- )
-
- func generateImg() bytes.Buffer {
- // Generate image
- myImage := image.NewRGBA(image.Rect(0, 0, 32, 32))
- var buff bytes.Buffer
- png.Encode(&buff, myImage)
- return buff
- }
-
- func createAttachment(t *testing.T, session *TestSession, repoURL, filename string, buff bytes.Buffer, expectedStatus int) string {
- body := &bytes.Buffer{}
-
- //Setup multi-part
- writer := multipart.NewWriter(body)
- part, err := writer.CreateFormFile("file", filename)
- assert.NoError(t, err)
- _, err = io.Copy(part, &buff)
- assert.NoError(t, err)
- err = writer.Close()
- assert.NoError(t, err)
-
- csrf := GetCSRF(t, session, repoURL)
-
- req := NewRequestWithBody(t, "POST", "/attachments", body)
- req.Header.Add("X-Csrf-Token", csrf)
- req.Header.Add("Content-Type", writer.FormDataContentType())
- resp := session.MakeRequest(t, req, expectedStatus)
-
- if expectedStatus != http.StatusOK {
- return ""
- }
- var obj map[string]string
- DecodeJSON(t, resp, &obj)
- return obj["uuid"]
- }
-
- func TestCreateAnonymousAttachment(t *testing.T) {
- defer prepareTestEnv(t)()
- session := emptyTestSession(t)
- createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusFound)
- }
-
- func TestCreateIssueAttachment(t *testing.T) {
- defer prepareTestEnv(t)()
- const repoURL = "user2/repo1"
- session := loginUser(t, "user2")
- uuid := createAttachment(t, session, repoURL, "image.png", generateImg(), http.StatusOK)
-
- req := NewRequest(t, "GET", repoURL+"/issues/new")
- resp := session.MakeRequest(t, req, http.StatusOK)
- htmlDoc := NewHTMLParser(t, resp.Body)
-
- link, exists := htmlDoc.doc.Find("form").Attr("action")
- assert.True(t, exists, "The template has changed")
-
- postData := map[string]string{
- "_csrf": htmlDoc.GetCSRF(),
- "title": "New Issue With Attachment",
- "content": "some content",
- "files": uuid,
- }
-
- req = NewRequestWithValues(t, "POST", link, postData)
- resp = session.MakeRequest(t, req, http.StatusFound)
- test.RedirectURL(resp) // check that redirect URL exists
-
- //Validate that attachment is available
- req = NewRequest(t, "GET", "/attachments/"+uuid)
- session.MakeRequest(t, req, http.StatusOK)
- }
-
- func TestGetAttachment(t *testing.T) {
- defer prepareTestEnv(t)()
- adminSession := loginUser(t, "user1")
- user2Session := loginUser(t, "user2")
- user8Session := loginUser(t, "user8")
- emptySession := emptyTestSession(t)
- testCases := []struct {
- name string
- uuid string
- createFile bool
- session *TestSession
- want int
- }{
- {"LinkedIssueUUID", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11", true, user2Session, http.StatusOK},
- {"LinkedCommentUUID", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a17", true, user2Session, http.StatusOK},
- {"linked_release_uuid", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a19", true, user2Session, http.StatusOK},
- {"NotExistingUUID", "b0eebc99-9c0b-4ef8-bb6d-6bb9bd380a18", false, user2Session, http.StatusNotFound},
- {"FileMissing", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a18", false, user2Session, http.StatusInternalServerError},
- {"NotLinked", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a20", true, user2Session, http.StatusNotFound},
- {"NotLinkedAccessibleByUploader", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a20", true, user8Session, http.StatusOK},
- {"PublicByNonLogged", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11", true, emptySession, http.StatusOK},
- {"PrivateByNonLogged", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, emptySession, http.StatusNotFound},
- {"PrivateAccessibleByAdmin", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, adminSession, http.StatusOK},
- {"PrivateAccessibleByUser", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, user2Session, http.StatusOK},
- {"RepoNotAccessibleByUser", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, user8Session, http.StatusNotFound},
- {"OrgNotAccessibleByUser", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a21", true, user8Session, http.StatusNotFound},
- }
- for _, tc := range testCases {
- t.Run(tc.name, func(t *testing.T) {
- //Write empty file to be available for response
- if tc.createFile {
- _, err := storage.Attachments.Save(models.AttachmentRelativePath(tc.uuid), strings.NewReader("hello world"))
- assert.NoError(t, err)
- }
- //Actual test
- req := NewRequest(t, "GET", "/attachments/"+tc.uuid)
- tc.session.MakeRequest(t, req, tc.want)
- })
- }
- }
|