You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

265 lines
12 KiB

  1. // Copyright 2017 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package integrations
  5. import (
  6. "net/http"
  7. "net/http/httptest"
  8. "strconv"
  9. "testing"
  10. api "code.gitea.io/gitea/modules/structs"
  11. "github.com/stretchr/testify/assert"
  12. )
  13. type makeRequestFunc func(testing.TB, *http.Request, int) *httptest.ResponseRecorder
  14. func TestGPGKeys(t *testing.T) {
  15. defer prepareTestEnv(t)()
  16. session := loginUser(t, "user2")
  17. token := getTokenForLoggedInUser(t, session)
  18. tt := []struct {
  19. name string
  20. makeRequest makeRequestFunc
  21. token string
  22. results []int
  23. }{
  24. {name: "NoLogin", makeRequest: MakeRequest, token: "",
  25. results: []int{http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized},
  26. },
  27. {name: "LoggedAsUser2", makeRequest: session.MakeRequest, token: token,
  28. results: []int{http.StatusOK, http.StatusOK, http.StatusNotFound, http.StatusNoContent, http.StatusUnprocessableEntity, http.StatusNotFound, http.StatusCreated, http.StatusCreated}},
  29. }
  30. for _, tc := range tt {
  31. //Basic test on result code
  32. t.Run(tc.name, func(t *testing.T) {
  33. t.Run("ViewOwnGPGKeys", func(t *testing.T) {
  34. testViewOwnGPGKeys(t, tc.makeRequest, tc.token, tc.results[0])
  35. })
  36. t.Run("ViewGPGKeys", func(t *testing.T) {
  37. testViewGPGKeys(t, tc.makeRequest, tc.token, tc.results[1])
  38. })
  39. t.Run("GetGPGKey", func(t *testing.T) {
  40. testGetGPGKey(t, tc.makeRequest, tc.token, tc.results[2])
  41. })
  42. t.Run("DeleteGPGKey", func(t *testing.T) {
  43. testDeleteGPGKey(t, tc.makeRequest, tc.token, tc.results[3])
  44. })
  45. t.Run("CreateInvalidGPGKey", func(t *testing.T) {
  46. testCreateInvalidGPGKey(t, tc.makeRequest, tc.token, tc.results[4])
  47. })
  48. t.Run("CreateNoneRegistredEmailGPGKey", func(t *testing.T) {
  49. testCreateNoneRegistredEmailGPGKey(t, tc.makeRequest, tc.token, tc.results[5])
  50. })
  51. t.Run("CreateValidGPGKey", func(t *testing.T) {
  52. testCreateValidGPGKey(t, tc.makeRequest, tc.token, tc.results[6])
  53. })
  54. t.Run("CreateValidSecondaryEmailGPGKey", func(t *testing.T) {
  55. testCreateValidSecondaryEmailGPGKey(t, tc.makeRequest, tc.token, tc.results[7])
  56. })
  57. })
  58. }
  59. //Check state after basic add
  60. t.Run("CheckState", func(t *testing.T) {
  61. var keys []*api.GPGKey
  62. req := NewRequest(t, "GET", "/api/v1/user/gpg_keys?token="+token) //GET all keys
  63. resp := session.MakeRequest(t, req, http.StatusOK)
  64. DecodeJSON(t, resp, &keys)
  65. primaryKey1 := keys[0] //Primary key 1
  66. assert.EqualValues(t, "38EA3BCED732982C", primaryKey1.KeyID)
  67. assert.EqualValues(t, 1, len(primaryKey1.Emails))
  68. assert.EqualValues(t, "user2@example.com", primaryKey1.Emails[0].Email)
  69. assert.EqualValues(t, true, primaryKey1.Emails[0].Verified)
  70. subKey := primaryKey1.SubsKey[0] //Subkey of 38EA3BCED732982C
  71. assert.EqualValues(t, "70D7C694D17D03AD", subKey.KeyID)
  72. assert.EqualValues(t, 0, len(subKey.Emails))
  73. primaryKey2 := keys[1] //Primary key 2
  74. assert.EqualValues(t, "FABF39739FE1E927", primaryKey2.KeyID)
  75. assert.EqualValues(t, 1, len(primaryKey2.Emails))
  76. assert.EqualValues(t, "user21@example.com", primaryKey2.Emails[0].Email)
  77. assert.EqualValues(t, false, primaryKey2.Emails[0].Verified)
  78. var key api.GPGKey
  79. req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey1.ID, 10)+"?token="+token) //Primary key 1
  80. resp = session.MakeRequest(t, req, http.StatusOK)
  81. DecodeJSON(t, resp, &key)
  82. assert.EqualValues(t, "38EA3BCED732982C", key.KeyID)
  83. assert.EqualValues(t, 1, len(key.Emails))
  84. assert.EqualValues(t, "user2@example.com", key.Emails[0].Email)
  85. assert.EqualValues(t, true, key.Emails[0].Verified)
  86. req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(subKey.ID, 10)+"?token="+token) //Subkey of 38EA3BCED732982C
  87. resp = session.MakeRequest(t, req, http.StatusOK)
  88. DecodeJSON(t, resp, &key)
  89. assert.EqualValues(t, "70D7C694D17D03AD", key.KeyID)
  90. assert.EqualValues(t, 0, len(key.Emails))
  91. req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey2.ID, 10)+"?token="+token) //Primary key 2
  92. resp = session.MakeRequest(t, req, http.StatusOK)
  93. DecodeJSON(t, resp, &key)
  94. assert.EqualValues(t, "FABF39739FE1E927", key.KeyID)
  95. assert.EqualValues(t, 1, len(key.Emails))
  96. assert.EqualValues(t, "user21@example.com", key.Emails[0].Email)
  97. assert.EqualValues(t, false, key.Emails[0].Verified)
  98. })
  99. //Check state after basic add
  100. t.Run("CheckCommits", func(t *testing.T) {
  101. t.Run("NotSigned", func(t *testing.T) {
  102. var branch api.Branch
  103. req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/not-signed?token="+token)
  104. resp := session.MakeRequest(t, req, http.StatusOK)
  105. DecodeJSON(t, resp, &branch)
  106. assert.EqualValues(t, false, branch.Commit.Verification.Verified)
  107. })
  108. t.Run("SignedWithNotValidatedEmail", func(t *testing.T) {
  109. var branch api.Branch
  110. req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign-not-yet-validated?token="+token)
  111. resp := session.MakeRequest(t, req, http.StatusOK)
  112. DecodeJSON(t, resp, &branch)
  113. assert.EqualValues(t, false, branch.Commit.Verification.Verified)
  114. })
  115. t.Run("SignedWithValidEmail", func(t *testing.T) {
  116. var branch api.Branch
  117. req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign?token="+token)
  118. resp := session.MakeRequest(t, req, http.StatusOK)
  119. DecodeJSON(t, resp, &branch)
  120. assert.EqualValues(t, true, branch.Commit.Verification.Verified)
  121. })
  122. })
  123. }
  124. func testViewOwnGPGKeys(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
  125. req := NewRequest(t, "GET", "/api/v1/user/gpg_keys?token="+token)
  126. makeRequest(t, req, expected)
  127. }
  128. func testViewGPGKeys(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
  129. req := NewRequest(t, "GET", "/api/v1/users/user2/gpg_keys?token="+token)
  130. makeRequest(t, req, expected)
  131. }
  132. func testGetGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
  133. req := NewRequest(t, "GET", "/api/v1/user/gpg_keys/1?token="+token)
  134. makeRequest(t, req, expected)
  135. }
  136. func testDeleteGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
  137. req := NewRequest(t, "DELETE", "/api/v1/user/gpg_keys/1?token="+token)
  138. makeRequest(t, req, expected)
  139. }
  140. func testCreateGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int, publicKey string) {
  141. req := NewRequestWithJSON(t, "POST", "/api/v1/user/gpg_keys?token="+token, api.CreateGPGKeyOption{
  142. ArmoredKey: publicKey,
  143. })
  144. makeRequest(t, req, expected)
  145. }
  146. func testCreateInvalidGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
  147. testCreateGPGKey(t, makeRequest, token, expected, "invalid_key")
  148. }
  149. func testCreateNoneRegistredEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
  150. testCreateGPGKey(t, makeRequest, token, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
  151. mQENBFmGUygBCACjCNbKvMGgp0fd5vyFW9olE1CLCSyyF9gQN2hSuzmZLuAZF2Kh
  152. dCMCG2T1UwzUB/yWUFWJ2BtCwSjuaRv+cGohqEy6bhEBV90peGA33lHfjx7wP25O
  153. 7moAphDOTZtDj1AZfCh/PTcJut8Lc0eRDMhNyp/bYtO7SHNT1Hr6rrCV/xEtSAvR
  154. 3b148/tmIBiSadaLwc558KU3ucjnW5RVGins3AjBZ+TuT4XXVH/oeLSeXPSJ5rt1
  155. rHwaseslMqZ4AbvwFLx5qn1OC9rEQv/F548QsA8m0IntLjoPon+6wcubA9Gra21c
  156. Fp6aRYl9x7fiqXDLg8i3s2nKdV7+e6as6Tp9ABEBAAG0FG5vdGtub3duQGV4YW1w
  157. bGUuY29tiQEcBBABAgAGBQJZhlMoAAoJEC8+pvYULDtte/wH/2JNrhmHwDY+hMj0
  158. batIK4HICnkKxjIgbha80P2Ao08NkzSge58fsxiKDFYAQjHui+ZAw4dq79Ax9AOO
  159. Iv2GS9+DUfWhrb6RF+vNuJldFzcI0rTW/z2q+XGKrUCwN3khJY5XngHfQQrdBtMK
  160. qsoUXz/5B8g422RTbo/SdPsyYAV6HeLLeV3rdgjI1fpaW0seZKHeTXQb/HvNeuPg
  161. qz+XV1g6Gdqa1RjDOaX7A8elVKxrYq3LBtc93FW+grBde8n7JL0zPM3DY+vJ0IJZ
  162. INx/MmBfmtCq05FqNclvU+sj2R3N1JJOtBOjZrJHQbJhzoILou8AkxeX1A+q9OAz
  163. 1geiY5E=
  164. =TkP3
  165. -----END PGP PUBLIC KEY BLOCK-----`)
  166. }
  167. func testCreateValidGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
  168. //User2 <user2@example.com> //primary & activated
  169. testCreateGPGKey(t, makeRequest, token, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
  170. mQENBFmGVsMBCACuxgZ7W7rI9xN08Y4M7B8yx/6/I4Slm94+wXf8YNRvAyqj30dW
  171. VJhyBcnfNRDLKSQp5o/hhfDkCgdqBjLa1PnHlGS3PXJc0hP/FyYPD2BFvNMPpCYS
  172. eu3T1qKSNXm6X0XOWD2LIrdiDC8HaI9FqZVMI/srMK2CF8XCL2m67W1FuoPlWzod
  173. 5ORy0IZB7spoF0xihmcgnEGElRmdo5w/vkGH8U7Zyn9Eb57UVFeafgeskf4wqB23
  174. BjbMdW2YaB+yzMRwYgOnD5lnBD4uqSmvjaV9C0kxn7x+oJkkiRV8/z1cNcO+BaeQ
  175. Akh/yTTeTzYGSc/ZOqCX1O+NOPgSeixVlqenABEBAAG0GVVzZXIyIDx1c2VyMkBl
  176. eGFtcGxlLmNvbT6JAVQEEwEIAD4WIQRXgbSh0TtGbgRd7XI46jvO1zKYLAUCWYZW
  177. wwIbAwUJA8JnAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRA46jvO1zKYLF/e
  178. B/91wm2KLMIQBZBA9WA2/+9rQWTo9EqgYrXN60rEzX3cYJWXZiE4DrKR1oWDGNLi
  179. KXOCW62snvJldolBqq0ZqaKvPKzl0Y5TRqbYEc9AjUSqgRin1b+G2DevLGT4ibq+
  180. 7ocQvz0XkASEUAgHahp0Ubiiib1521WwT/duL+AG8Gg0+DK09RfV3eX5/EOkQCKv
  181. 8cutqgsd2Smz40A8wXuJkRcipZBtrB/GkUaZ/eJdwEeSYZjEA9GWF61LJT2stvRN
  182. HCk7C3z3pVEek1PluiFs/4VN8BG8yDzW4c0tLty4Fj3VwPqwIbB5AJbquVfhQCb4
  183. Eep2lm3Lc9b1OwO5N3coPJkouQENBFmGVsMBCADAGba2L6NCOE1i3WIP6CPzbdOo
  184. N3gdTfTgccAx9fNeon9jor+3tgEjlo9/6cXiRoksOV6W4wFab/ZwWgwN6JO4CGvZ
  185. Wi7EQwMMMp1E36YTojKQJrcA9UvMnTHulqQQ88F5E845DhzFQM3erv42QZZMBAX3
  186. kXCgy1GNFocl6tLUvJdEqs+VcJGGANMpmzE4WLa8KhSYnxipwuQ62JBy9R+cHyKT
  187. OARk8znRqSu5bT3LtlrZ/HXu+6Oy4+2uCdNzZIh5J5tPS7CPA6ptl88iGVBte/CJ
  188. 7cjgJWSQqeYp2Y5QvsWAivkQ4Ww9plHbbwV0A2eaHsjjWzlUl3HoJ/snMOhBABEB
  189. AAGJATwEGAEIACYWIQRXgbSh0TtGbgRd7XI46jvO1zKYLAUCWYZWwwIbDAUJA8Jn
  190. AAAKCRA46jvO1zKYLBwLCACQOpeRVrwIKVaWcPMYjVHHJsGscaLKpgpARAUgbiG6
  191. Cbc2WI8Sm3fRwrY0VAfN+u9QwrtvxANcyB3vTgTzw7FimfhOimxiTSO8HQCfjDZF
  192. Xly8rq+Fua7+ClWUpy21IekW41VvZYjH2sL6EVP+UcEOaGAyN53XfhaRVZPhNtZN
  193. NKAE9N5EG3rbsZ33LzJj40rEKlzFSseAAPft8qA3IXjzFBx+PQXHMpNCagL79he6
  194. lqockTJ+oPmta4CF/J0U5LUr1tOZXheL3TP6m8d08gDrtn0YuGOPk87i9sJz+jR9
  195. uy6MA3VSB99SK9ducGmE1Jv8mcziREroz2TEGr0zPs6h
  196. =J59D
  197. -----END PGP PUBLIC KEY BLOCK-----`)
  198. }
  199. func testCreateValidSecondaryEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
  200. //User2 <user21@example.com> //secondary and not activated
  201. testCreateGPGKey(t, makeRequest, token, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
  202. mQENBFmGWN4BCAC18V4tVGO65VLCV7p14FuXJlUtZ5CuYMvgEkcOqrvRaBSW9ao4
  203. PGESOhJpfWpnW3QgJniYndLzPpsmdHEclEER6aZjiNgReWPOjHD5tykWocZAJqXD
  204. eY1ym59gvVMLcfbV2yQsyR2hbJlc+dJsl16tigSEe3nwxZSw2IsW92pgEzT9JNUr
  205. Q+mC8dw4dqY0tYmFazYUGNxufUc/twgQT/Or1aNs0az5Q6Jft4rrTRsh/S7We0VB
  206. COKGkdcQyYgAls7HJBuPjQRi6DM9VhgBSHLAgSLyaUcZvhZBJr8Qe/q4PP3/kYDJ
  207. wm4RMnjOLz2pFZPgtRqgcAwpmFtLrACbEB3JABEBAAG0GlVzZXIyIDx1c2VyMjFA
  208. ZXhhbXBsZS5jb20+iQFUBBMBCAA+FiEEPOLHOjPSO42DWM57+r85c5/h6ScFAlmG
  209. WN4CGwMFCQPCZwAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ+r85c5/h6Sfx
  210. Lgf/dq64NBV8+X9an3seaLxePRviva48e4K67/wV/JxtXNO5Z/DhMGz5kHXCsG9D
  211. CXuWYO8ehlTjEnMZ6qqdDnY+H6bQsb2OS5oPn4RwpPXslAjEKtojPAr0dDsMS2DB
  212. dUuIm1AoOnewOVO0OFRf1EqX1bivxnN0FVMcO0m8AczfnKDaGb0y/qg/Y9JAsKqp
  213. j5pZNMWUkntRtGySeJ4CVJMmkVKJAHsa1Qj6MKdFeid4h4y94cBJ4ZdyBxNdpQOx
  214. ydf0doicovfeqGNO4oWzsGP4RBK2CqGPCUT+EFl20jPvMkKwOjxgqc8p0z3b2UT9
  215. +9bnmCGHgF/fW1HJ3iKmfFPqnLkBDQRZhljeAQgA5AirU/NJGgm19ZJYFOiHftjS
  216. azbrPxGeD3cSqmvDPIMc1DNZGfQV5D4EVumnVbQBtL6xHFoGKz9KisUMbe4a/X2J
  217. S8JmIphQWG0vMJX1DaZIzr2gT71MnPD7JMGsSUCh5dIKpTNTZX4w+oGPGOu0/UlL
  218. x0448AryKwp30J2p6D4GeI0nb03n35S2lTOpnHDn1wj7Jl/8LS2fdFOdNaNHXSZe
  219. twdSwJKhyBEiScgeHBDyKqo8zWkYoSb9eA2HiYlbVaiNtp24KP1mIEpiUdrRjWno
  220. zauYSZGHZlOFMgF4dKWuetPiuH9m7UYZGKyMLfQ9vYFb+xcPh2bLCQHJ1OEmMQAR
  221. AQABiQE8BBgBCAAmFiEEPOLHOjPSO42DWM57+r85c5/h6ScFAlmGWN4CGwwFCQPC
  222. ZwAACgkQ+r85c5/h6Sfjfwf+O4WEjRdvPJLxNy7mfAGoAqDMHIwyH/tVzYgyVhnG
  223. h/+cfRxJbGc3rpjYdr8dmvghzjEAout8uibPWaIqs63RCAPGPqgWLfxNO5c8+y8V
  224. LZMVOTV26l2olkkdBWAuhLqKTNh6TiQva03yhOgHWj4XDvFfxICWPFXVd6t5ELpD
  225. iApGu1OAj8JfhmzbG03Yzx+Ku7bWDxMonx3V/IDEu5LS5zrboHYDKCA53bXXghoi
  226. Aceqql+PKrDwEjoY4bptwMHLmcjGjdCQ//Qx1neho7nZcS7xjTucY8gQuulwCyXF
  227. y6wM+wMz8dunIG9gw4+Re6c4Rz9tX1kzxLrU7Pl21tMqfg==
  228. =0N/9
  229. -----END PGP PUBLIC KEY BLOCK-----`)
  230. }