You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

386 lines
14 KiB

  1. // Copyright 2017 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package integrations
  5. import (
  6. "fmt"
  7. "io/ioutil"
  8. "net/http"
  9. "net/url"
  10. "os"
  11. "testing"
  12. "code.gitea.io/gitea/models"
  13. api "code.gitea.io/sdk/gitea"
  14. "github.com/stretchr/testify/assert"
  15. )
  16. func TestAPIUserReposNotLogin(t *testing.T) {
  17. prepareTestEnv(t)
  18. user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
  19. req := NewRequestf(t, "GET", "/api/v1/users/%s/repos", user.Name)
  20. resp := MakeRequest(t, req, http.StatusOK)
  21. var apiRepos []api.Repository
  22. DecodeJSON(t, resp, &apiRepos)
  23. expectedLen := models.GetCount(t, models.Repository{OwnerID: user.ID},
  24. models.Cond("is_private = ?", false))
  25. assert.Len(t, apiRepos, expectedLen)
  26. for _, repo := range apiRepos {
  27. assert.EqualValues(t, user.ID, repo.Owner.ID)
  28. assert.False(t, repo.Private)
  29. }
  30. }
  31. func TestAPISearchRepo(t *testing.T) {
  32. prepareTestEnv(t)
  33. const keyword = "test"
  34. req := NewRequestf(t, "GET", "/api/v1/repos/search?q=%s", keyword)
  35. resp := MakeRequest(t, req, http.StatusOK)
  36. var body api.SearchResults
  37. DecodeJSON(t, resp, &body)
  38. assert.NotEmpty(t, body.Data)
  39. for _, repo := range body.Data {
  40. assert.Contains(t, repo.Name, keyword)
  41. assert.False(t, repo.Private)
  42. }
  43. user := models.AssertExistsAndLoadBean(t, &models.User{ID: 15}).(*models.User)
  44. user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 16}).(*models.User)
  45. user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 18}).(*models.User)
  46. user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 20}).(*models.User)
  47. orgUser := models.AssertExistsAndLoadBean(t, &models.User{ID: 17}).(*models.User)
  48. // Map of expected results, where key is user for login
  49. type expectedResults map[*models.User]struct {
  50. count int
  51. repoOwnerID int64
  52. repoName string
  53. includesPrivate bool
  54. }
  55. testCases := []struct {
  56. name, requestURL string
  57. expectedResults
  58. }{
  59. {name: "RepositoriesMax50", requestURL: "/api/v1/repos/search?limit=50", expectedResults: expectedResults{
  60. nil: {count: 21},
  61. user: {count: 21},
  62. user2: {count: 21}},
  63. },
  64. {name: "RepositoriesMax10", requestURL: "/api/v1/repos/search?limit=10", expectedResults: expectedResults{
  65. nil: {count: 10},
  66. user: {count: 10},
  67. user2: {count: 10}},
  68. },
  69. {name: "RepositoriesDefaultMax10", requestURL: "/api/v1/repos/search?default", expectedResults: expectedResults{
  70. nil: {count: 10},
  71. user: {count: 10},
  72. user2: {count: 10}},
  73. },
  74. {name: "RepositoriesByName", requestURL: fmt.Sprintf("/api/v1/repos/search?q=%s", "big_test_"), expectedResults: expectedResults{
  75. nil: {count: 7, repoName: "big_test_"},
  76. user: {count: 7, repoName: "big_test_"},
  77. user2: {count: 7, repoName: "big_test_"}},
  78. },
  79. {name: "RepositoriesAccessibleAndRelatedToUser", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user.ID), expectedResults: expectedResults{
  80. nil: {count: 4},
  81. user: {count: 8, includesPrivate: true},
  82. user2: {count: 4}},
  83. },
  84. {name: "RepositoriesAccessibleAndRelatedToUser2", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user2.ID), expectedResults: expectedResults{
  85. nil: {count: 1},
  86. user: {count: 1},
  87. user2: {count: 2, includesPrivate: true}},
  88. },
  89. {name: "RepositoriesAccessibleAndRelatedToUser3", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user3.ID), expectedResults: expectedResults{
  90. nil: {count: 1},
  91. user: {count: 1},
  92. user2: {count: 1},
  93. user3: {count: 4, includesPrivate: true}},
  94. },
  95. {name: "RepositoriesOwnedByOrganization", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", orgUser.ID), expectedResults: expectedResults{
  96. nil: {count: 1, repoOwnerID: orgUser.ID},
  97. user: {count: 2, repoOwnerID: orgUser.ID, includesPrivate: true},
  98. user2: {count: 1, repoOwnerID: orgUser.ID}},
  99. },
  100. {name: "RepositoriesAccessibleAndRelatedToUser4", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user4.ID), expectedResults: expectedResults{
  101. nil: {count: 3},
  102. user: {count: 3},
  103. user4: {count: 6, includesPrivate: true}}},
  104. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeSource", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "source"), expectedResults: expectedResults{
  105. nil: {count: 0},
  106. user: {count: 0},
  107. user4: {count: 0, includesPrivate: true}}},
  108. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeFork", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "fork"), expectedResults: expectedResults{
  109. nil: {count: 1},
  110. user: {count: 1},
  111. user4: {count: 2, includesPrivate: true}}},
  112. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeFork/Exclusive", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s&exclusive=1", user4.ID, "fork"), expectedResults: expectedResults{
  113. nil: {count: 1},
  114. user: {count: 1},
  115. user4: {count: 2, includesPrivate: true}}},
  116. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeMirror", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "mirror"), expectedResults: expectedResults{
  117. nil: {count: 2},
  118. user: {count: 2},
  119. user4: {count: 4, includesPrivate: true}}},
  120. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeMirror/Exclusive", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s&exclusive=1", user4.ID, "mirror"), expectedResults: expectedResults{
  121. nil: {count: 1},
  122. user: {count: 1},
  123. user4: {count: 2, includesPrivate: true}}},
  124. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeCollaborative", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "collaborative"), expectedResults: expectedResults{
  125. nil: {count: 0},
  126. user: {count: 0},
  127. user4: {count: 0, includesPrivate: true}}},
  128. }
  129. for _, testCase := range testCases {
  130. t.Run(testCase.name, func(t *testing.T) {
  131. for userToLogin, expected := range testCase.expectedResults {
  132. var session *TestSession
  133. var testName string
  134. var userID int64
  135. var token string
  136. if userToLogin != nil && userToLogin.ID > 0 {
  137. testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)
  138. session = loginUser(t, userToLogin.Name)
  139. token = getTokenForLoggedInUser(t, session)
  140. userID = userToLogin.ID
  141. } else {
  142. testName = "AnonymousUser"
  143. session = emptyTestSession(t)
  144. }
  145. t.Run(testName, func(t *testing.T) {
  146. request := NewRequest(t, "GET", testCase.requestURL+"&token="+token)
  147. response := session.MakeRequest(t, request, http.StatusOK)
  148. var body api.SearchResults
  149. DecodeJSON(t, response, &body)
  150. assert.Len(t, body.Data, expected.count)
  151. for _, repo := range body.Data {
  152. r := getRepo(t, repo.ID)
  153. hasAccess, err := models.HasAccess(userID, r)
  154. assert.NoError(t, err)
  155. assert.True(t, hasAccess)
  156. assert.NotEmpty(t, repo.Name)
  157. if len(expected.repoName) > 0 {
  158. assert.Contains(t, repo.Name, expected.repoName)
  159. }
  160. if expected.repoOwnerID > 0 {
  161. assert.Equal(t, expected.repoOwnerID, repo.Owner.ID)
  162. }
  163. if !expected.includesPrivate {
  164. assert.False(t, repo.Private)
  165. }
  166. }
  167. })
  168. }
  169. })
  170. }
  171. }
  172. var repoCache = make(map[int64]*models.Repository)
  173. func getRepo(t *testing.T, repoID int64) *models.Repository {
  174. if _, ok := repoCache[repoID]; !ok {
  175. repoCache[repoID] = models.AssertExistsAndLoadBean(t, &models.Repository{ID: repoID}).(*models.Repository)
  176. }
  177. return repoCache[repoID]
  178. }
  179. func TestAPIViewRepo(t *testing.T) {
  180. prepareTestEnv(t)
  181. req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1")
  182. resp := MakeRequest(t, req, http.StatusOK)
  183. var repo api.Repository
  184. DecodeJSON(t, resp, &repo)
  185. assert.EqualValues(t, 1, repo.ID)
  186. assert.EqualValues(t, "repo1", repo.Name)
  187. }
  188. func TestAPIOrgRepos(t *testing.T) {
  189. prepareTestEnv(t)
  190. user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
  191. user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
  192. user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 5}).(*models.User)
  193. // User3 is an Org. Check their repos.
  194. sourceOrg := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)
  195. expectedResults := map[*models.User]struct {
  196. count int
  197. includesPrivate bool
  198. }{
  199. nil: {count: 1},
  200. user: {count: 2, includesPrivate: true},
  201. user2: {count: 3, includesPrivate: true},
  202. user3: {count: 1},
  203. }
  204. for userToLogin, expected := range expectedResults {
  205. var session *TestSession
  206. var testName string
  207. var token string
  208. if userToLogin != nil && userToLogin.ID > 0 {
  209. testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)
  210. session = loginUser(t, userToLogin.Name)
  211. token = getTokenForLoggedInUser(t, session)
  212. } else {
  213. testName = "AnonymousUser"
  214. session = emptyTestSession(t)
  215. }
  216. t.Run(testName, func(t *testing.T) {
  217. req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token="+token, sourceOrg.Name)
  218. resp := session.MakeRequest(t, req, http.StatusOK)
  219. var apiRepos []*api.Repository
  220. DecodeJSON(t, resp, &apiRepos)
  221. assert.Len(t, apiRepos, expected.count)
  222. for _, repo := range apiRepos {
  223. if !expected.includesPrivate {
  224. assert.False(t, repo.Private)
  225. }
  226. }
  227. })
  228. }
  229. }
  230. func TestAPIGetRepoByIDUnauthorized(t *testing.T) {
  231. prepareTestEnv(t)
  232. user := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)
  233. session := loginUser(t, user.Name)
  234. token := getTokenForLoggedInUser(t, session)
  235. req := NewRequestf(t, "GET", "/api/v1/repositories/2?token="+token)
  236. session.MakeRequest(t, req, http.StatusNotFound)
  237. }
  238. func TestAPIRepoMigrate(t *testing.T) {
  239. testCases := []struct {
  240. ctxUserID, userID int64
  241. cloneURL, repoName string
  242. expectedStatus int
  243. }{
  244. {ctxUserID: 1, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-admin", expectedStatus: http.StatusCreated},
  245. {ctxUserID: 2, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-own", expectedStatus: http.StatusCreated},
  246. {ctxUserID: 2, userID: 1, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-bad", expectedStatus: http.StatusForbidden},
  247. {ctxUserID: 2, userID: 3, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-org", expectedStatus: http.StatusCreated},
  248. {ctxUserID: 2, userID: 6, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-bad-org", expectedStatus: http.StatusForbidden},
  249. }
  250. prepareTestEnv(t)
  251. for _, testCase := range testCases {
  252. user := models.AssertExistsAndLoadBean(t, &models.User{ID: testCase.ctxUserID}).(*models.User)
  253. session := loginUser(t, user.Name)
  254. token := getTokenForLoggedInUser(t, session)
  255. req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate?token="+token, &api.MigrateRepoOption{
  256. CloneAddr: testCase.cloneURL,
  257. UID: int(testCase.userID),
  258. RepoName: testCase.repoName,
  259. })
  260. session.MakeRequest(t, req, testCase.expectedStatus)
  261. }
  262. }
  263. func TestAPIRepoMigrateConflict(t *testing.T) {
  264. onGiteaRun(t, testAPIRepoMigrateConflict)
  265. }
  266. func testAPIRepoMigrateConflict(t *testing.T, u *url.URL) {
  267. username := "user2"
  268. baseAPITestContext := NewAPITestContext(t, username, "repo1")
  269. u.Path = baseAPITestContext.GitPath()
  270. t.Run("Existing", func(t *testing.T) {
  271. httpContext := baseAPITestContext
  272. httpContext.Reponame = "repo-tmp-17"
  273. dstPath, err := ioutil.TempDir("", httpContext.Reponame)
  274. assert.NoError(t, err)
  275. defer os.RemoveAll(dstPath)
  276. t.Run("CreateRepo", doAPICreateRepository(httpContext, false))
  277. user, err := models.GetUserByName(httpContext.Username)
  278. assert.NoError(t, err)
  279. userID := user.ID
  280. cloneURL := "https://github.com/go-gitea/git.git"
  281. req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate?token="+httpContext.Token,
  282. &api.MigrateRepoOption{
  283. CloneAddr: cloneURL,
  284. UID: int(userID),
  285. RepoName: httpContext.Reponame,
  286. })
  287. resp := httpContext.Session.MakeRequest(t, req, http.StatusConflict)
  288. respJSON := map[string]string{}
  289. DecodeJSON(t, resp, &respJSON)
  290. assert.Equal(t, respJSON["message"], "The repository with the same name already exists.")
  291. })
  292. }
  293. func TestAPIOrgRepoCreate(t *testing.T) {
  294. testCases := []struct {
  295. ctxUserID int64
  296. orgName, repoName string
  297. expectedStatus int
  298. }{
  299. {ctxUserID: 1, orgName: "user3", repoName: "repo-admin", expectedStatus: http.StatusCreated},
  300. {ctxUserID: 2, orgName: "user3", repoName: "repo-own", expectedStatus: http.StatusCreated},
  301. {ctxUserID: 2, orgName: "user6", repoName: "repo-bad-org", expectedStatus: http.StatusForbidden},
  302. }
  303. prepareTestEnv(t)
  304. for _, testCase := range testCases {
  305. user := models.AssertExistsAndLoadBean(t, &models.User{ID: testCase.ctxUserID}).(*models.User)
  306. session := loginUser(t, user.Name)
  307. token := getTokenForLoggedInUser(t, session)
  308. req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/org/%s/repos?token="+token, testCase.orgName), &api.CreateRepoOption{
  309. Name: testCase.repoName,
  310. })
  311. session.MakeRequest(t, req, testCase.expectedStatus)
  312. }
  313. }
  314. func TestAPIRepoCreateConflict(t *testing.T) {
  315. onGiteaRun(t, testAPIRepoCreateConflict)
  316. }
  317. func testAPIRepoCreateConflict(t *testing.T, u *url.URL) {
  318. username := "user2"
  319. baseAPITestContext := NewAPITestContext(t, username, "repo1")
  320. u.Path = baseAPITestContext.GitPath()
  321. t.Run("Existing", func(t *testing.T) {
  322. httpContext := baseAPITestContext
  323. httpContext.Reponame = "repo-tmp-17"
  324. dstPath, err := ioutil.TempDir("", httpContext.Reponame)
  325. assert.NoError(t, err)
  326. defer os.RemoveAll(dstPath)
  327. t.Run("CreateRepo", doAPICreateRepository(httpContext, false))
  328. req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+httpContext.Token,
  329. &api.CreateRepoOption{
  330. Name: httpContext.Reponame,
  331. })
  332. resp := httpContext.Session.MakeRequest(t, req, http.StatusConflict)
  333. respJSON := map[string]string{}
  334. DecodeJSON(t, resp, &respJSON)
  335. assert.Equal(t, respJSON["message"], "The repository with the same name already exists.")
  336. })
  337. }