You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

194 lines
7.7 KiB

  1. // Copyright 2017 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package integrations
  5. import (
  6. "fmt"
  7. "net/http"
  8. "net/url"
  9. "testing"
  10. "code.gitea.io/gitea/models"
  11. api "code.gitea.io/gitea/modules/structs"
  12. "github.com/stretchr/testify/assert"
  13. )
  14. func TestViewDeployKeysNoLogin(t *testing.T) {
  15. prepareTestEnv(t)
  16. req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1/keys")
  17. MakeRequest(t, req, http.StatusUnauthorized)
  18. }
  19. func TestCreateDeployKeyNoLogin(t *testing.T) {
  20. prepareTestEnv(t)
  21. req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/keys", api.CreateKeyOption{
  22. Title: "title",
  23. Key: "key",
  24. })
  25. MakeRequest(t, req, http.StatusUnauthorized)
  26. }
  27. func TestGetDeployKeyNoLogin(t *testing.T) {
  28. prepareTestEnv(t)
  29. req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1/keys/1")
  30. MakeRequest(t, req, http.StatusUnauthorized)
  31. }
  32. func TestDeleteDeployKeyNoLogin(t *testing.T) {
  33. prepareTestEnv(t)
  34. req := NewRequest(t, "DELETE", "/api/v1/repos/user2/repo1/keys/1")
  35. MakeRequest(t, req, http.StatusUnauthorized)
  36. }
  37. func TestCreateReadOnlyDeployKey(t *testing.T) {
  38. prepareTestEnv(t)
  39. repo := models.AssertExistsAndLoadBean(t, &models.Repository{Name: "repo1"}).(*models.Repository)
  40. repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
  41. session := loginUser(t, repoOwner.Name)
  42. token := getTokenForLoggedInUser(t, session)
  43. keysURL := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", repoOwner.Name, repo.Name, token)
  44. rawKeyBody := api.CreateKeyOption{
  45. Title: "read-only",
  46. Key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n",
  47. ReadOnly: true,
  48. }
  49. req := NewRequestWithJSON(t, "POST", keysURL, rawKeyBody)
  50. resp := session.MakeRequest(t, req, http.StatusCreated)
  51. var newDeployKey api.DeployKey
  52. DecodeJSON(t, resp, &newDeployKey)
  53. models.AssertExistsAndLoadBean(t, &models.DeployKey{
  54. ID: newDeployKey.ID,
  55. Name: rawKeyBody.Title,
  56. Content: rawKeyBody.Key,
  57. Mode: models.AccessModeRead,
  58. })
  59. }
  60. func TestCreateReadWriteDeployKey(t *testing.T) {
  61. prepareTestEnv(t)
  62. repo := models.AssertExistsAndLoadBean(t, &models.Repository{Name: "repo1"}).(*models.Repository)
  63. repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
  64. session := loginUser(t, repoOwner.Name)
  65. token := getTokenForLoggedInUser(t, session)
  66. keysURL := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", repoOwner.Name, repo.Name, token)
  67. rawKeyBody := api.CreateKeyOption{
  68. Title: "read-write",
  69. Key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsufOCrDDlT8DLkodnnJtbq7uGflcPae7euTfM+Laq4So+v4WeSV362Rg0O/+Sje1UthrhN6lQkfRkdWIlCRQEXg+LMqr6RhvDfZquE2Xwqv/itlz7LjbdAUdYoO1iH7rMSmYvQh4WEnC/DAacKGbhdGIM/ZBz0z6tHm7bPgbI9ykEKekTmPwQFP1Qebvf5NYOFMWqQ2sCEAI9dBMVLoojsIpV+KADf+BotiIi8yNfTG2rzmzpxBpW9fYjd1Sy1yd4NSUpoPbEJJYJ1TrjiSWlYOVq9Ar8xW1O87i6gBjL/3zN7ANeoYhaAXupdOS6YL22YOK/yC0tJtXwwdh/eSrh",
  70. }
  71. req := NewRequestWithJSON(t, "POST", keysURL, rawKeyBody)
  72. resp := session.MakeRequest(t, req, http.StatusCreated)
  73. var newDeployKey api.DeployKey
  74. DecodeJSON(t, resp, &newDeployKey)
  75. models.AssertExistsAndLoadBean(t, &models.DeployKey{
  76. ID: newDeployKey.ID,
  77. Name: rawKeyBody.Title,
  78. Content: rawKeyBody.Key,
  79. Mode: models.AccessModeWrite,
  80. })
  81. }
  82. func TestCreateUserKey(t *testing.T) {
  83. prepareTestEnv(t)
  84. user := models.AssertExistsAndLoadBean(t, &models.User{Name: "user1"}).(*models.User)
  85. session := loginUser(t, "user1")
  86. token := url.QueryEscape(getTokenForLoggedInUser(t, session))
  87. keysURL := fmt.Sprintf("/api/v1/user/keys?token=%s", token)
  88. keyType := "ssh-rsa"
  89. keyContent := "AAAAB3NzaC1yc2EAAAADAQABAAABAQCyTiPTeHJl6Gs5D1FyHT0qTWpVkAy9+LIKjctQXklrePTvUNVrSpt4r2exFYXNMPeA8V0zCrc3Kzs1SZw3jWkG3i53te9onCp85DqyatxOD2pyZ30/gPn1ZUg40WowlFM8gsUFMZqaH7ax6d8nsBKW7N/cRyqesiOQEV9up3tnKjIB8XMTVvC5X4rBWgywz7AFxSv8mmaTHnUgVW4LgMPwnTWo0pxtiIWbeMLyrEE4hIM74gSwp6CRQYo6xnG3fn4yWkcK2X2mT9adQ241IDdwpENJHcry/T6AJ8dNXduEZ67egnk+rVlQ2HM4LpymAv9DAAFFeaQK0hT+3aMDoumV"
  90. rawKeyBody := api.CreateKeyOption{
  91. Title: "test-key",
  92. Key: keyType + " " + keyContent,
  93. }
  94. req := NewRequestWithJSON(t, "POST", keysURL, rawKeyBody)
  95. resp := session.MakeRequest(t, req, http.StatusCreated)
  96. var newPublicKey api.PublicKey
  97. DecodeJSON(t, resp, &newPublicKey)
  98. models.AssertExistsAndLoadBean(t, &models.PublicKey{
  99. ID: newPublicKey.ID,
  100. OwnerID: user.ID,
  101. Name: rawKeyBody.Title,
  102. Content: rawKeyBody.Key,
  103. Mode: models.AccessModeWrite,
  104. })
  105. // Search by fingerprint
  106. fingerprintURL := fmt.Sprintf("/api/v1/user/keys?token=%s&fingerprint=%s", token, newPublicKey.Fingerprint)
  107. req = NewRequest(t, "GET", fingerprintURL)
  108. resp = session.MakeRequest(t, req, http.StatusOK)
  109. var fingerprintPublicKeys []api.PublicKey
  110. DecodeJSON(t, resp, &fingerprintPublicKeys)
  111. assert.Equal(t, newPublicKey.Fingerprint, fingerprintPublicKeys[0].Fingerprint)
  112. assert.Equal(t, newPublicKey.ID, fingerprintPublicKeys[0].ID)
  113. assert.Equal(t, user.ID, fingerprintPublicKeys[0].Owner.ID)
  114. fingerprintURL = fmt.Sprintf("/api/v1/users/%s/keys?token=%s&fingerprint=%s", user.Name, token, newPublicKey.Fingerprint)
  115. req = NewRequest(t, "GET", fingerprintURL)
  116. resp = session.MakeRequest(t, req, http.StatusOK)
  117. DecodeJSON(t, resp, &fingerprintPublicKeys)
  118. assert.Equal(t, newPublicKey.Fingerprint, fingerprintPublicKeys[0].Fingerprint)
  119. assert.Equal(t, newPublicKey.ID, fingerprintPublicKeys[0].ID)
  120. assert.Equal(t, user.ID, fingerprintPublicKeys[0].Owner.ID)
  121. // Fail search by fingerprint
  122. fingerprintURL = fmt.Sprintf("/api/v1/user/keys?token=%s&fingerprint=%sA", token, newPublicKey.Fingerprint)
  123. req = NewRequest(t, "GET", fingerprintURL)
  124. resp = session.MakeRequest(t, req, http.StatusOK)
  125. DecodeJSON(t, resp, &fingerprintPublicKeys)
  126. assert.Len(t, fingerprintPublicKeys, 0)
  127. // Fail searching for wrong users key
  128. fingerprintURL = fmt.Sprintf("/api/v1/users/%s/keys?token=%s&fingerprint=%s", "user2", token, newPublicKey.Fingerprint)
  129. req = NewRequest(t, "GET", fingerprintURL)
  130. resp = session.MakeRequest(t, req, http.StatusOK)
  131. DecodeJSON(t, resp, &fingerprintPublicKeys)
  132. assert.Len(t, fingerprintPublicKeys, 0)
  133. // Now login as user 2
  134. session2 := loginUser(t, "user2")
  135. token2 := url.QueryEscape(getTokenForLoggedInUser(t, session2))
  136. // Should find key even though not ours, but we shouldn't know whose it is
  137. fingerprintURL = fmt.Sprintf("/api/v1/user/keys?token=%s&fingerprint=%s", token2, newPublicKey.Fingerprint)
  138. req = NewRequest(t, "GET", fingerprintURL)
  139. resp = session.MakeRequest(t, req, http.StatusOK)
  140. DecodeJSON(t, resp, &fingerprintPublicKeys)
  141. assert.Equal(t, newPublicKey.Fingerprint, fingerprintPublicKeys[0].Fingerprint)
  142. assert.Equal(t, newPublicKey.ID, fingerprintPublicKeys[0].ID)
  143. assert.Nil(t, fingerprintPublicKeys[0].Owner)
  144. // Should find key even though not ours, but we shouldn't know whose it is
  145. fingerprintURL = fmt.Sprintf("/api/v1/users/%s/keys?token=%s&fingerprint=%s", user.Name, token2, newPublicKey.Fingerprint)
  146. req = NewRequest(t, "GET", fingerprintURL)
  147. resp = session.MakeRequest(t, req, http.StatusOK)
  148. DecodeJSON(t, resp, &fingerprintPublicKeys)
  149. assert.Equal(t, newPublicKey.Fingerprint, fingerprintPublicKeys[0].Fingerprint)
  150. assert.Equal(t, newPublicKey.ID, fingerprintPublicKeys[0].ID)
  151. assert.Nil(t, fingerprintPublicKeys[0].Owner)
  152. // Fail when searching for key if it is not ours
  153. fingerprintURL = fmt.Sprintf("/api/v1/users/%s/keys?token=%s&fingerprint=%s", "user2", token2, newPublicKey.Fingerprint)
  154. req = NewRequest(t, "GET", fingerprintURL)
  155. resp = session.MakeRequest(t, req, http.StatusOK)
  156. DecodeJSON(t, resp, &fingerprintPublicKeys)
  157. assert.Len(t, fingerprintPublicKeys, 0)
  158. }