You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

315 lines
12 KiB

  1. // Copyright 2017 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package integrations
  5. import (
  6. "fmt"
  7. "net/http"
  8. "testing"
  9. "code.gitea.io/gitea/models"
  10. api "code.gitea.io/sdk/gitea"
  11. "github.com/stretchr/testify/assert"
  12. )
  13. func TestAPIUserReposNotLogin(t *testing.T) {
  14. prepareTestEnv(t)
  15. user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
  16. req := NewRequestf(t, "GET", "/api/v1/users/%s/repos", user.Name)
  17. resp := MakeRequest(t, req, http.StatusOK)
  18. var apiRepos []api.Repository
  19. DecodeJSON(t, resp, &apiRepos)
  20. expectedLen := models.GetCount(t, models.Repository{OwnerID: user.ID},
  21. models.Cond("is_private = ?", false))
  22. assert.Len(t, apiRepos, expectedLen)
  23. for _, repo := range apiRepos {
  24. assert.EqualValues(t, user.ID, repo.Owner.ID)
  25. assert.False(t, repo.Private)
  26. }
  27. }
  28. func TestAPISearchRepo(t *testing.T) {
  29. prepareTestEnv(t)
  30. const keyword = "test"
  31. req := NewRequestf(t, "GET", "/api/v1/repos/search?q=%s", keyword)
  32. resp := MakeRequest(t, req, http.StatusOK)
  33. var body api.SearchResults
  34. DecodeJSON(t, resp, &body)
  35. assert.NotEmpty(t, body.Data)
  36. for _, repo := range body.Data {
  37. assert.Contains(t, repo.Name, keyword)
  38. assert.False(t, repo.Private)
  39. }
  40. user := models.AssertExistsAndLoadBean(t, &models.User{ID: 15}).(*models.User)
  41. user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 16}).(*models.User)
  42. user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 18}).(*models.User)
  43. user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 20}).(*models.User)
  44. orgUser := models.AssertExistsAndLoadBean(t, &models.User{ID: 17}).(*models.User)
  45. // Map of expected results, where key is user for login
  46. type expectedResults map[*models.User]struct {
  47. count int
  48. repoOwnerID int64
  49. repoName string
  50. includesPrivate bool
  51. }
  52. testCases := []struct {
  53. name, requestURL string
  54. expectedResults
  55. }{
  56. {name: "RepositoriesMax50", requestURL: "/api/v1/repos/search?limit=50", expectedResults: expectedResults{
  57. nil: {count: 19},
  58. user: {count: 19},
  59. user2: {count: 19}},
  60. },
  61. {name: "RepositoriesMax10", requestURL: "/api/v1/repos/search?limit=10", expectedResults: expectedResults{
  62. nil: {count: 10},
  63. user: {count: 10},
  64. user2: {count: 10}},
  65. },
  66. {name: "RepositoriesDefaultMax10", requestURL: "/api/v1/repos/search?default", expectedResults: expectedResults{
  67. nil: {count: 10},
  68. user: {count: 10},
  69. user2: {count: 10}},
  70. },
  71. {name: "RepositoriesByName", requestURL: fmt.Sprintf("/api/v1/repos/search?q=%s", "big_test_"), expectedResults: expectedResults{
  72. nil: {count: 7, repoName: "big_test_"},
  73. user: {count: 7, repoName: "big_test_"},
  74. user2: {count: 7, repoName: "big_test_"}},
  75. },
  76. {name: "RepositoriesAccessibleAndRelatedToUser", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user.ID), expectedResults: expectedResults{
  77. nil: {count: 4},
  78. user: {count: 8, includesPrivate: true},
  79. user2: {count: 4}},
  80. },
  81. {name: "RepositoriesAccessibleAndRelatedToUser2", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user2.ID), expectedResults: expectedResults{
  82. nil: {count: 1},
  83. user: {count: 1},
  84. user2: {count: 2, includesPrivate: true}},
  85. },
  86. {name: "RepositoriesAccessibleAndRelatedToUser3", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user3.ID), expectedResults: expectedResults{
  87. nil: {count: 1},
  88. user: {count: 1},
  89. user2: {count: 1},
  90. user3: {count: 4, includesPrivate: true}},
  91. },
  92. {name: "RepositoriesOwnedByOrganization", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", orgUser.ID), expectedResults: expectedResults{
  93. nil: {count: 1, repoOwnerID: orgUser.ID},
  94. user: {count: 2, repoOwnerID: orgUser.ID, includesPrivate: true},
  95. user2: {count: 1, repoOwnerID: orgUser.ID}},
  96. },
  97. {name: "RepositoriesAccessibleAndRelatedToUser4", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user4.ID), expectedResults: expectedResults{
  98. nil: {count: 3},
  99. user: {count: 3},
  100. user4: {count: 6, includesPrivate: true}}},
  101. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeSource", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "source"), expectedResults: expectedResults{
  102. nil: {count: 0},
  103. user: {count: 0},
  104. user4: {count: 0, includesPrivate: true}}},
  105. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeFork", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "fork"), expectedResults: expectedResults{
  106. nil: {count: 1},
  107. user: {count: 1},
  108. user4: {count: 2, includesPrivate: true}}},
  109. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeFork/Exclusive", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s&exclusive=1", user4.ID, "fork"), expectedResults: expectedResults{
  110. nil: {count: 1},
  111. user: {count: 1},
  112. user4: {count: 2, includesPrivate: true}}},
  113. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeMirror", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "mirror"), expectedResults: expectedResults{
  114. nil: {count: 2},
  115. user: {count: 2},
  116. user4: {count: 4, includesPrivate: true}}},
  117. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeMirror/Exclusive", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s&exclusive=1", user4.ID, "mirror"), expectedResults: expectedResults{
  118. nil: {count: 1},
  119. user: {count: 1},
  120. user4: {count: 2, includesPrivate: true}}},
  121. {name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeCollaborative", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "collaborative"), expectedResults: expectedResults{
  122. nil: {count: 0},
  123. user: {count: 0},
  124. user4: {count: 0, includesPrivate: true}}},
  125. }
  126. for _, testCase := range testCases {
  127. t.Run(testCase.name, func(t *testing.T) {
  128. for userToLogin, expected := range testCase.expectedResults {
  129. var session *TestSession
  130. var testName string
  131. var userID int64
  132. var token string
  133. if userToLogin != nil && userToLogin.ID > 0 {
  134. testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)
  135. session = loginUser(t, userToLogin.Name)
  136. token = getTokenForLoggedInUser(t, session)
  137. userID = userToLogin.ID
  138. } else {
  139. testName = "AnonymousUser"
  140. session = emptyTestSession(t)
  141. }
  142. t.Run(testName, func(t *testing.T) {
  143. request := NewRequest(t, "GET", testCase.requestURL+"&token="+token)
  144. response := session.MakeRequest(t, request, http.StatusOK)
  145. var body api.SearchResults
  146. DecodeJSON(t, response, &body)
  147. assert.Len(t, body.Data, expected.count)
  148. for _, repo := range body.Data {
  149. r := getRepo(t, repo.ID)
  150. hasAccess, err := models.HasAccess(userID, r, models.AccessModeRead)
  151. assert.NoError(t, err)
  152. assert.True(t, hasAccess)
  153. assert.NotEmpty(t, repo.Name)
  154. if len(expected.repoName) > 0 {
  155. assert.Contains(t, repo.Name, expected.repoName)
  156. }
  157. if expected.repoOwnerID > 0 {
  158. assert.Equal(t, expected.repoOwnerID, repo.Owner.ID)
  159. }
  160. if !expected.includesPrivate {
  161. assert.False(t, repo.Private)
  162. }
  163. }
  164. })
  165. }
  166. })
  167. }
  168. }
  169. var repoCache = make(map[int64]*models.Repository)
  170. func getRepo(t *testing.T, repoID int64) *models.Repository {
  171. if _, ok := repoCache[repoID]; !ok {
  172. repoCache[repoID] = models.AssertExistsAndLoadBean(t, &models.Repository{ID: repoID}).(*models.Repository)
  173. }
  174. return repoCache[repoID]
  175. }
  176. func TestAPIViewRepo(t *testing.T) {
  177. prepareTestEnv(t)
  178. req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1")
  179. resp := MakeRequest(t, req, http.StatusOK)
  180. var repo api.Repository
  181. DecodeJSON(t, resp, &repo)
  182. assert.EqualValues(t, 1, repo.ID)
  183. assert.EqualValues(t, "repo1", repo.Name)
  184. }
  185. func TestAPIOrgRepos(t *testing.T) {
  186. prepareTestEnv(t)
  187. user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
  188. user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
  189. user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 5}).(*models.User)
  190. // User3 is an Org. Check their repos.
  191. sourceOrg := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)
  192. expectedResults := map[*models.User]struct {
  193. count int
  194. includesPrivate bool
  195. }{
  196. nil: {count: 1},
  197. user: {count: 2, includesPrivate: true},
  198. user2: {count: 3, includesPrivate: true},
  199. user3: {count: 1},
  200. }
  201. for userToLogin, expected := range expectedResults {
  202. var session *TestSession
  203. var testName string
  204. var token string
  205. if userToLogin != nil && userToLogin.ID > 0 {
  206. testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)
  207. session = loginUser(t, userToLogin.Name)
  208. token = getTokenForLoggedInUser(t, session)
  209. } else {
  210. testName = "AnonymousUser"
  211. session = emptyTestSession(t)
  212. }
  213. t.Run(testName, func(t *testing.T) {
  214. req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token="+token, sourceOrg.Name)
  215. resp := session.MakeRequest(t, req, http.StatusOK)
  216. var apiRepos []*api.Repository
  217. DecodeJSON(t, resp, &apiRepos)
  218. assert.Len(t, apiRepos, expected.count)
  219. for _, repo := range apiRepos {
  220. if !expected.includesPrivate {
  221. assert.False(t, repo.Private)
  222. }
  223. }
  224. })
  225. }
  226. }
  227. func TestAPIGetRepoByIDUnauthorized(t *testing.T) {
  228. prepareTestEnv(t)
  229. user := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)
  230. session := loginUser(t, user.Name)
  231. token := getTokenForLoggedInUser(t, session)
  232. req := NewRequestf(t, "GET", "/api/v1/repositories/2?token="+token)
  233. session.MakeRequest(t, req, http.StatusNotFound)
  234. }
  235. func TestAPIRepoMigrate(t *testing.T) {
  236. testCases := []struct {
  237. ctxUserID, userID int64
  238. cloneURL, repoName string
  239. expectedStatus int
  240. }{
  241. {ctxUserID: 1, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-admin", expectedStatus: http.StatusCreated},
  242. {ctxUserID: 2, userID: 2, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-own", expectedStatus: http.StatusCreated},
  243. {ctxUserID: 2, userID: 1, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-bad", expectedStatus: http.StatusForbidden},
  244. {ctxUserID: 2, userID: 3, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-org", expectedStatus: http.StatusCreated},
  245. {ctxUserID: 2, userID: 6, cloneURL: "https://github.com/go-gitea/git.git", repoName: "git-bad-org", expectedStatus: http.StatusForbidden},
  246. }
  247. prepareTestEnv(t)
  248. for _, testCase := range testCases {
  249. user := models.AssertExistsAndLoadBean(t, &models.User{ID: testCase.ctxUserID}).(*models.User)
  250. session := loginUser(t, user.Name)
  251. token := getTokenForLoggedInUser(t, session)
  252. req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate?token="+token, &api.MigrateRepoOption{
  253. CloneAddr: testCase.cloneURL,
  254. UID: int(testCase.userID),
  255. RepoName: testCase.repoName,
  256. })
  257. session.MakeRequest(t, req, testCase.expectedStatus)
  258. }
  259. }
  260. func TestAPIOrgRepoCreate(t *testing.T) {
  261. testCases := []struct {
  262. ctxUserID int64
  263. orgName, repoName string
  264. expectedStatus int
  265. }{
  266. {ctxUserID: 1, orgName: "user3", repoName: "repo-admin", expectedStatus: http.StatusCreated},
  267. {ctxUserID: 2, orgName: "user3", repoName: "repo-own", expectedStatus: http.StatusCreated},
  268. {ctxUserID: 2, orgName: "user6", repoName: "repo-bad-org", expectedStatus: http.StatusForbidden},
  269. }
  270. prepareTestEnv(t)
  271. for _, testCase := range testCases {
  272. user := models.AssertExistsAndLoadBean(t, &models.User{ID: testCase.ctxUserID}).(*models.User)
  273. session := loginUser(t, user.Name)
  274. token := getTokenForLoggedInUser(t, session)
  275. req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/org/%s/repos?token="+token, testCase.orgName), &api.CreateRepoOption{
  276. Name: testCase.repoName,
  277. })
  278. session.MakeRequest(t, req, testCase.expectedStatus)
  279. }
  280. }