You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

162 lines
5.9 KiB

  1. // Copyright 2017 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package integrations
  5. import (
  6. "net/http"
  7. "net/http/httptest"
  8. "net/url"
  9. "path"
  10. "strings"
  11. "testing"
  12. "github.com/stretchr/testify/assert"
  13. )
  14. func testPullCreate(t *testing.T, session *TestSession, user, repo, branch, title string) *httptest.ResponseRecorder {
  15. req := NewRequest(t, "GET", path.Join(user, repo))
  16. resp := session.MakeRequest(t, req, http.StatusOK)
  17. // Click the PR button to create a pull
  18. htmlDoc := NewHTMLParser(t, resp.Body)
  19. link, exists := htmlDoc.doc.Find("#new-pull-request").Parent().Attr("href")
  20. assert.True(t, exists, "The template has changed")
  21. if branch != "master" {
  22. link = strings.Replace(link, ":master", ":"+branch, 1)
  23. }
  24. req = NewRequest(t, "GET", link)
  25. resp = session.MakeRequest(t, req, http.StatusOK)
  26. // Submit the form for creating the pull
  27. htmlDoc = NewHTMLParser(t, resp.Body)
  28. link, exists = htmlDoc.doc.Find("form.ui.form").Attr("action")
  29. assert.True(t, exists, "The template has changed")
  30. req = NewRequestWithValues(t, "POST", link, map[string]string{
  31. "_csrf": htmlDoc.GetCSRF(),
  32. "title": title,
  33. })
  34. resp = session.MakeRequest(t, req, http.StatusFound)
  35. return resp
  36. }
  37. func TestPullCreate(t *testing.T) {
  38. onGiteaRun(t, func(t *testing.T, u *url.URL) {
  39. session := loginUser(t, "user1")
  40. testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
  41. testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n")
  42. resp := testPullCreate(t, session, "user1", "repo1", "master", "This is a pull title")
  43. // check the redirected URL
  44. url := resp.Header().Get("Location")
  45. assert.Regexp(t, "^/user2/repo1/pulls/[0-9]*$", url)
  46. // check .diff can be accessed and matches performed change
  47. req := NewRequest(t, "GET", url+".diff")
  48. resp = session.MakeRequest(t, req, http.StatusOK)
  49. assert.Regexp(t, `\+Hello, World \(Edited\)`, resp.Body)
  50. assert.Regexp(t, "^diff", resp.Body)
  51. assert.NotRegexp(t, "diff.*diff", resp.Body) // not two diffs, just one
  52. // check .patch can be accessed and matches performed change
  53. req = NewRequest(t, "GET", url+".patch")
  54. resp = session.MakeRequest(t, req, http.StatusOK)
  55. assert.Regexp(t, `\+Hello, World \(Edited\)`, resp.Body)
  56. assert.Regexp(t, "diff", resp.Body)
  57. assert.Regexp(t, `Subject: \[PATCH\] Update 'README.md'`, resp.Body)
  58. assert.NotRegexp(t, "diff.*diff", resp.Body) // not two diffs, just one
  59. })
  60. }
  61. func TestPullCreate_TitleEscape(t *testing.T) {
  62. onGiteaRun(t, func(t *testing.T, u *url.URL) {
  63. session := loginUser(t, "user1")
  64. testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
  65. testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n")
  66. resp := testPullCreate(t, session, "user1", "repo1", "master", "<i>XSS PR</i>")
  67. // check the redirected URL
  68. url := resp.Header().Get("Location")
  69. assert.Regexp(t, "^/user2/repo1/pulls/[0-9]*$", url)
  70. // Edit title
  71. req := NewRequest(t, "GET", url)
  72. resp = session.MakeRequest(t, req, http.StatusOK)
  73. htmlDoc := NewHTMLParser(t, resp.Body)
  74. editTestTitleURL, exists := htmlDoc.doc.Find("#save-edit-title").First().Attr("data-update-url")
  75. assert.True(t, exists, "The template has changed")
  76. req = NewRequestWithValues(t, "POST", editTestTitleURL, map[string]string{
  77. "_csrf": htmlDoc.GetCSRF(),
  78. "title": "<u>XSS PR</u>",
  79. })
  80. session.MakeRequest(t, req, http.StatusOK)
  81. req = NewRequest(t, "GET", url)
  82. resp = session.MakeRequest(t, req, http.StatusOK)
  83. htmlDoc = NewHTMLParser(t, resp.Body)
  84. titleHTML, err := htmlDoc.doc.Find(".comment-list .timeline-item.event .text b").First().Html()
  85. assert.NoError(t, err)
  86. assert.Equal(t, "<strike>&lt;i&gt;XSS PR&lt;/i&gt;</strike>", titleHTML)
  87. titleHTML, err = htmlDoc.doc.Find(".comment-list .timeline-item.event .text b").Next().Html()
  88. assert.NoError(t, err)
  89. assert.Equal(t, "&lt;u&gt;XSS PR&lt;/u&gt;", titleHTML)
  90. })
  91. }
  92. func testUIDeleteBranch(t *testing.T, session *TestSession, ownerName, repoName, branchName string) {
  93. relURL := "/" + path.Join(ownerName, repoName, "branches")
  94. req := NewRequest(t, "GET", relURL)
  95. resp := session.MakeRequest(t, req, http.StatusOK)
  96. htmlDoc := NewHTMLParser(t, resp.Body)
  97. req = NewRequestWithValues(t, "POST", relURL+"/delete", map[string]string{
  98. "_csrf": getCsrf(t, htmlDoc.doc),
  99. "name": branchName,
  100. })
  101. session.MakeRequest(t, req, http.StatusOK)
  102. }
  103. func testDeleteRepository(t *testing.T, session *TestSession, ownerName, repoName string) {
  104. relURL := "/" + path.Join(ownerName, repoName, "settings")
  105. req := NewRequest(t, "GET", relURL)
  106. resp := session.MakeRequest(t, req, http.StatusOK)
  107. htmlDoc := NewHTMLParser(t, resp.Body)
  108. req = NewRequestWithValues(t, "POST", relURL+"?action=delete", map[string]string{
  109. "_csrf": getCsrf(t, htmlDoc.doc),
  110. "repo_name": repoName,
  111. })
  112. session.MakeRequest(t, req, http.StatusFound)
  113. }
  114. func TestPullBranchDelete(t *testing.T) {
  115. onGiteaRun(t, func(t *testing.T, u *url.URL) {
  116. defer prepareTestEnv(t)()
  117. session := loginUser(t, "user1")
  118. testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
  119. testCreateBranch(t, session, "user1", "repo1", "branch/master", "master1", http.StatusFound)
  120. testEditFile(t, session, "user1", "repo1", "master1", "README.md", "Hello, World (Edited)\n")
  121. resp := testPullCreate(t, session, "user1", "repo1", "master1", "This is a pull title")
  122. // check the redirected URL
  123. url := resp.Header().Get("Location")
  124. assert.Regexp(t, "^/user2/repo1/pulls/[0-9]*$", url)
  125. req := NewRequest(t, "GET", url)
  126. session.MakeRequest(t, req, http.StatusOK)
  127. // delete head branch and confirm pull page is ok
  128. testUIDeleteBranch(t, session, "user1", "repo1", "master1")
  129. req = NewRequest(t, "GET", url)
  130. session.MakeRequest(t, req, http.StatusOK)
  131. // delete head repository and confirm pull page is ok
  132. testDeleteRepository(t, session, "user1", "repo1")
  133. req = NewRequest(t, "GET", url)
  134. session.MakeRequest(t, req, http.StatusOK)
  135. })
  136. }