You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

392 lines
14 KiB

  1. // Copyright 2017 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package integrations
  5. import (
  6. "fmt"
  7. "io/ioutil"
  8. "net/http"
  9. "net/url"
  10. "os"
  11. "testing"
  12. "code.gitea.io/gitea/models"
  13. api "code.gitea.io/gitea/modules/structs"
  14. "github.com/stretchr/testify/assert"
  15. )
  16. func TestAPIUserReposNotLogin(t *testing.T) {
  17. prepareTestEnv(t)
  18. user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
  19. req := NewRequestf(t, "GET", "/api/v1/users/%s/repos", user.Name)
  20. resp := MakeRequest(t, req, http.StatusOK)
  21. var apiRepos []api.Repository
  22. DecodeJSON(t, resp, &apiRepos)
  23. expectedLen := models.GetCount(t, models.Repository{OwnerID: user.ID},
  24. models.Cond("is_private = ?", false))
  25. assert.Len(t, apiRepos, expectedLen)
  26. for _, repo := range apiRepos {
  27. assert.EqualValues(t, user.ID, repo.Owner.ID)
  28. assert.False(t, repo.Private)
  29. }
  30. }
  31. func TestAPISearchRepo(t *testing.T) {
  32. prepareTestEnv(t)
  33. const keyword = "test"
  34. req := NewRequestf(t, "GET", "/api/v1/repos/search?q=%s", keyword)
  35. resp := MakeRequest(t, req, http.StatusOK)
  36. var body api.SearchResults
  37. DecodeJSON(t, resp, &body)
  38. assert.NotEmpty(t, body.Data)
  39. for _, repo := range body.Data {
  40. assert.Contains(t, repo.Name, keyword)
  41. assert.False(t, repo.Private)
  42. }
  43. user := models.AssertExistsAndLoadBean(t, &models.User{ID: 15}).(*models.User)
  44. user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 16}).(*models.User)
  45. user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 18}).(*models.User)
  46. user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 20}).(*models.User)
  47. orgUser := models.AssertExistsAndLoadBean(t, &models.User{ID: 17}).(*models.User)
  48. // Map of expected results, where key is user for login
  49. type expectedResults map[*models.User]struct {
  50. count int
  51. repoOwnerID int64
  52. repoName string
  53. includesPrivate bool
  54. }
  55. testCases := []struct {
  56. name, requestURL string
  57. expectedResults
  58. }{
  59. {name: "RepositoriesMax50", requestURL: "/api/v1/repos/search?limit=50&private=false", expectedResults: expectedResults{
  60. nil: {count: 22},
  61. user: {count: 22},
  62. user2: {count: 22}},
  63. },
  64. {name: "RepositoriesMax10", requestURL: "/api/v1/repos/search?limit=10&private=false", expectedResults: expectedResults{
  65. nil: {count: 10},
  66. user: {count: 10},
  67. user2: {count: 10}},
  68. },
  69. {name: "RepositoriesDefaultMax10", requestURL: "/api/v1/repos/search?default&private=false", expectedResults: expectedResults{
  70. nil: {count: 10},
  71. user: {count: 10},
  72. user2: {count: 10}},
  73. },
  74. {name: "RepositoriesByName", requestURL: fmt.Sprintf("/api/v1/repos/search?q=%s&private=false", "big_test_"), expectedResults: expectedResults{
  75. nil: {count: 7, repoName: "big_test_"},
  76. user: {count: 7, repoName: "big_test_"},
  77. user2: {count: 7, repoName: "big_test_"}},
  78. },
  79. {name: "RepositoriesAccessibleAndRelatedToUser", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user.ID), expectedResults: expectedResults{
  80. nil: {count: 5},
  81. user: {count: 9, includesPrivate: true},
  82. user2: {count: 5, includesPrivate: true}},
  83. },
  84. {name: "RepositoriesAccessibleAndRelatedToUser2", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user2.ID), expectedResults: expectedResults{
  85. nil: {count: 1},
  86. user: {count: 2, includesPrivate: true},
  87. user2: {count: 2, includesPrivate: true},
  88. user4: {count: 1}},
  89. },
  90. {name: "RepositoriesAccessibleAndRelatedToUser3", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user3.ID), expectedResults: expectedResults{
  91. nil: {count: 1},
  92. user: {count: 4, includesPrivate: true},
  93. user2: {count: 2, includesPrivate: true},
  94. user3: {count: 4, includesPrivate: true}},
  95. },
  96. {name: "RepositoriesOwnedByOrganization", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", orgUser.ID), expectedResults: expectedResults{
  97. nil: {count: 1, repoOwnerID: orgUser.ID},
  98. user: {count: 2, repoOwnerID: orgUser.ID, includesPrivate: true},
  99. user2: {count: 1, repoOwnerID: orgUser.ID}},
  100. },
  101. {name: "RepositoriesAccessibleAndRelatedToUser4", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user4.ID), expectedResults: expectedResults{
  102. nil: {count: 3},
  103. user: {count: 4, includesPrivate: true},
  104. user4: {count: 7, includesPrivate: true}}},
  105. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeSource", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "source"), expectedResults: expectedResults{
  106. nil: {count: 0},
  107. user: {count: 1, includesPrivate: true},
  108. user4: {count: 1, includesPrivate: true}}},
  109. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeFork", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "fork"), expectedResults: expectedResults{
  110. nil: {count: 1},
  111. user: {count: 1},
  112. user4: {count: 2, includesPrivate: true}}},
  113. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeFork/Exclusive", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s&exclusive=1", user4.ID, "fork"), expectedResults: expectedResults{
  114. nil: {count: 1},
  115. user: {count: 1},
  116. user4: {count: 2, includesPrivate: true}}},
  117. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeMirror", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "mirror"), expectedResults: expectedResults{
  118. nil: {count: 2},
  119. user: {count: 2},
  120. user4: {count: 4, includesPrivate: true}}},
  121. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeMirror/Exclusive", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s&exclusive=1", user4.ID, "mirror"), expectedResults: expectedResults{
  122. nil: {count: 1},
  123. user: {count: 1},
  124. user4: {count: 2, includesPrivate: true}}},
  125. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeCollaborative", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "collaborative"), expectedResults: expectedResults{
  126. nil: {count: 0},
  127. user: {count: 1, includesPrivate: true},
  128. user4: {count: 1, includesPrivate: true}}},
  129. }
  130. for _, testCase := range testCases {
  131. t.Run(testCase.name, func(t *testing.T) {
  132. for userToLogin, expected := range testCase.expectedResults {
  133. var session *TestSession
  134. var testName string
  135. var userID int64
  136. var token string
  137. if userToLogin != nil && userToLogin.ID > 0 {
  138. testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)
  139. session = loginUser(t, userToLogin.Name)
  140. token = getTokenForLoggedInUser(t, session)
  141. userID = userToLogin.ID
  142. } else {
  143. testName = "AnonymousUser"
  144. session = emptyTestSession(t)
  145. }
  146. t.Run(testName, func(t *testing.T) {
  147. request := NewRequest(t, "GET", testCase.requestURL+"&token="+token)
  148. response := session.MakeRequest(t, request, http.StatusOK)
  149. var body api.SearchResults
  150. DecodeJSON(t, response, &body)
  151. repoNames := make([]string, 0, len(body.Data))
  152. for _, repo := range body.Data {
  153. repoNames = append(repoNames, fmt.Sprintf("%d:%s:%t", repo.ID, repo.FullName, repo.Private))
  154. }
  155. assert.Len(t, repoNames, expected.count)
  156. for _, repo := range body.Data {
  157. r := getRepo(t, repo.ID)
  158. hasAccess, err := models.HasAccess(userID, r)
  159. assert.NoError(t, err, "Error when checking if User: %d has access to %s: %v", userID, repo.FullName, err)
  160. assert.True(t, hasAccess, "User: %d does not have access to %s", userID, repo.FullName)
  161. assert.NotEmpty(t, repo.Name)
  162. assert.Equal(t, repo.Name, r.Name)
  163. if len(expected.repoName) > 0 {
  164. assert.Contains(t, repo.Name, expected.repoName)
  165. }
  166. if expected.repoOwnerID > 0 {
  167. assert.Equal(t, expected.repoOwnerID, repo.Owner.ID)
  168. }
  169. if !expected.includesPrivate {
  170. assert.False(t, repo.Private, "User: %d not expecting private repository: %s", userID, repo.FullName)
  171. }
  172. }
  173. })
  174. }
  175. })
  176. }
  177. }
  178. var repoCache = make(map[int64]*models.Repository)
  179. func getRepo(t *testing.T, repoID int64) *models.Repository {
  180. if _, ok := repoCache[repoID]; !ok {
  181. repoCache[repoID] = models.AssertExistsAndLoadBean(t, &models.Repository{ID: repoID}).(*models.Repository)
  182. }
  183. return repoCache[repoID]
  184. }
  185. func TestAPIViewRepo(t *testing.T) {
  186. prepareTestEnv(t)
  187. req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1")
  188. resp := MakeRequest(t, req, http.StatusOK)
  189. var repo api.Repository
  190. DecodeJSON(t, resp, &repo)
  191. assert.EqualValues(t, 1, repo.ID)
  192. assert.EqualValues(t, "repo1", repo.Name)
  193. }
  194. func TestAPIOrgRepos(t *testing.T) {
  195. prepareTestEnv(t)
  196. user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
  197. user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
  198. user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 5}).(*models.User)
  199. // User3 is an Org. Check their repos.
  200. sourceOrg := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)
  201. expectedResults := map[*models.User]struct {
  202. count int
  203. includesPrivate bool
  204. }{
  205. nil: {count: 1},
  206. user: {count: 2, includesPrivate: true},
  207. user2: {count: 3, includesPrivate: true},
  208. user3: {count: 1},
  209. }
  210. for userToLogin, expected := range expectedResults {
  211. var session *TestSession
  212. var testName string
  213. var token string
  214. if userToLogin != nil && userToLogin.ID > 0 {
  215. testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)
  216. session = loginUser(t, userToLogin.Name)
  217. token = getTokenForLoggedInUser(t, session)
  218. } else {
  219. testName = "AnonymousUser"
  220. session = emptyTestSession(t)
  221. }
  222. t.Run(testName, func(t *testing.T) {
  223. req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token="+token, sourceOrg.Name)
  224. resp := session.MakeRequest(t, req, http.StatusOK)
  225. var apiRepos []*api.Repository
  226. DecodeJSON(t, resp, &apiRepos)
  227. assert.Len(t, apiRepos, expected.count)
  228. for _, repo := range apiRepos {
  229. if !expected.includesPrivate {
  230. assert.False(t, repo.Private)
  231. }
  232. }
  233. })
  234. }
  235. }
  236. func TestAPIGetRepoByIDUnauthorized(t *testing.T) {
  237. prepareTestEnv(t)
  238. user := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)
  239. session := loginUser(t, user.Name)
  240. token := getTokenForLoggedInUser(t, session)
  241. req := NewRequestf(t, "GET", "/api/v1/repositories/2?token="+token)
  242. session.MakeRequest(t, req, http.StatusNotFound)
  243. }
  244. func TestAPIRepoMigrate(t *testing.T) {
  245. testCases := []struct {
  246. ctxUserID, userID int64
  247. cloneURL, repoName string
  248. expectedStatus int
  249. }{
  250. {ctxUserID: 1, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-admin", expectedStatus: http.StatusCreated},
  251. {ctxUserID: 2, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-own", expectedStatus: http.StatusCreated},
  252. {ctxUserID: 2, userID: 1, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-bad", expectedStatus: http.StatusForbidden},
  253. {ctxUserID: 2, userID: 3, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-org", expectedStatus: http.StatusCreated},
  254. {ctxUserID: 2, userID: 6, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-bad-org", expectedStatus: http.StatusForbidden},
  255. }
  256. prepareTestEnv(t)
  257. for _, testCase := range testCases {
  258. user := models.AssertExistsAndLoadBean(t, &models.User{ID: testCase.ctxUserID}).(*models.User)
  259. session := loginUser(t, user.Name)
  260. token := getTokenForLoggedInUser(t, session)
  261. req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate?token="+token, &api.MigrateRepoOption{
  262. CloneAddr: testCase.cloneURL,
  263. UID: int(testCase.userID),
  264. RepoName: testCase.repoName,
  265. })
  266. session.MakeRequest(t, req, testCase.expectedStatus)
  267. }
  268. }
  269. func TestAPIRepoMigrateConflict(t *testing.T) {
  270. onGiteaRun(t, testAPIRepoMigrateConflict)
  271. }
  272. func testAPIRepoMigrateConflict(t *testing.T, u *url.URL) {
  273. username := "user2"
  274. baseAPITestContext := NewAPITestContext(t, username, "repo1")
  275. u.Path = baseAPITestContext.GitPath()
  276. t.Run("Existing", func(t *testing.T) {
  277. httpContext := baseAPITestContext
  278. httpContext.Reponame = "repo-tmp-17"
  279. dstPath, err := ioutil.TempDir("", httpContext.Reponame)
  280. assert.NoError(t, err)
  281. defer os.RemoveAll(dstPath)
  282. t.Run("CreateRepo", doAPICreateRepository(httpContext, false))
  283. user, err := models.GetUserByName(httpContext.Username)
  284. assert.NoError(t, err)
  285. userID := user.ID
  286. cloneURL := "https://github.com/go-gitea/git.git"
  287. req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate?token="+httpContext.Token,
  288. &api.MigrateRepoOption{
  289. CloneAddr: cloneURL,
  290. UID: int(userID),
  291. RepoName: httpContext.Reponame,
  292. })
  293. resp := httpContext.Session.MakeRequest(t, req, http.StatusConflict)
  294. respJSON := map[string]string{}
  295. DecodeJSON(t, resp, &respJSON)
  296. assert.Equal(t, respJSON["message"], "The repository with the same name already exists.")
  297. })
  298. }
  299. func TestAPIOrgRepoCreate(t *testing.T) {
  300. testCases := []struct {
  301. ctxUserID int64
  302. orgName, repoName string
  303. expectedStatus int
  304. }{
  305. {ctxUserID: 1, orgName: "user3", repoName: "repo-admin", expectedStatus: http.StatusCreated},
  306. {ctxUserID: 2, orgName: "user3", repoName: "repo-own", expectedStatus: http.StatusCreated},
  307. {ctxUserID: 2, orgName: "user6", repoName: "repo-bad-org", expectedStatus: http.StatusForbidden},
  308. }
  309. prepareTestEnv(t)
  310. for _, testCase := range testCases {
  311. user := models.AssertExistsAndLoadBean(t, &models.User{ID: testCase.ctxUserID}).(*models.User)
  312. session := loginUser(t, user.Name)
  313. token := getTokenForLoggedInUser(t, session)
  314. req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/org/%s/repos?token="+token, testCase.orgName), &api.CreateRepoOption{
  315. Name: testCase.repoName,
  316. })
  317. session.MakeRequest(t, req, testCase.expectedStatus)
  318. }
  319. }
  320. func TestAPIRepoCreateConflict(t *testing.T) {
  321. onGiteaRun(t, testAPIRepoCreateConflict)
  322. }
  323. func testAPIRepoCreateConflict(t *testing.T, u *url.URL) {
  324. username := "user2"
  325. baseAPITestContext := NewAPITestContext(t, username, "repo1")
  326. u.Path = baseAPITestContext.GitPath()
  327. t.Run("Existing", func(t *testing.T) {
  328. httpContext := baseAPITestContext
  329. httpContext.Reponame = "repo-tmp-17"
  330. dstPath, err := ioutil.TempDir("", httpContext.Reponame)
  331. assert.NoError(t, err)
  332. defer os.RemoveAll(dstPath)
  333. t.Run("CreateRepo", doAPICreateRepository(httpContext, false))
  334. req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+httpContext.Token,
  335. &api.CreateRepoOption{
  336. Name: httpContext.Reponame,
  337. })
  338. resp := httpContext.Session.MakeRequest(t, req, http.StatusConflict)
  339. respJSON := map[string]string{}
  340. DecodeJSON(t, resp, &respJSON)
  341. assert.Equal(t, respJSON["message"], "The repository with the same name already exists.")
  342. })
  343. }