closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6010 Commits
2 Branches
178 MiB
Tree: 674cfb7cac
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '674cfb7cac'
${ noResults }
gitea/integrations/api_admin_test.go

73 lines
2.6 KiB
Raw Normal View History

Delete a user's public key via admin api (closes #3014) (#3059) * Delete a user's public key via admin api * Test admin ssh endpoint for creating a new ssh key * Adapt public ssh key test to also test the delete operation * Test that deleting a missing key will result in a 404 * Test that a normal user can't delete another user's ssh key * Make DeletePublicKey return err * Update swagger doc
7 years ago
 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package integrations
  6. 

  7. import (
  8. 	"fmt"
  9. 	"net/http"
  10. 	"testing"
  11. 

  12. 	"code.gitea.io/gitea/models"
  13. 	api "code.gitea.io/sdk/gitea"
  14. )
  15. 

  16. func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {
  17. 	prepareTestEnv(t)
  18. 	// user1 is an admin user

  19. 	session := loginUser(t, "user1")
  20. 	keyOwner := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
  21. 

  22. 	urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", keyOwner.Name)
  23. 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
  24. 		"key":   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n",
  25. 		"title": "test-key",
  26. 	})
  27. 	resp := session.MakeRequest(t, req, http.StatusCreated)
  28. 

  29. 	var newPublicKey api.PublicKey
  30. 	DecodeJSON(t, resp, &newPublicKey)
  31. 	models.AssertExistsAndLoadBean(t, &models.PublicKey{
  32. 		ID:          newPublicKey.ID,
  33. 		Name:        newPublicKey.Title,
  34. 		Content:     newPublicKey.Key,
  35. 		Fingerprint: newPublicKey.Fingerprint,
  36. 		OwnerID:     keyOwner.ID,
  37. 	})
  38. 

  39. 	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d",
  40. 		keyOwner.Name, newPublicKey.ID)
  41. 	session.MakeRequest(t, req, http.StatusNoContent)
  42. 	models.AssertNotExistsBean(t, &models.PublicKey{ID: newPublicKey.ID})
  43. }
  44. 

  45. func TestAPIAdminDeleteMissingSSHKey(t *testing.T) {
  46. 	prepareTestEnv(t)
  47. 	// user1 is an admin user

  48. 	session := loginUser(t, "user1")
  49. 

  50. 	req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d", models.NonexistentID)
  51. 	session.MakeRequest(t, req, http.StatusNotFound)
  52. }
  53. 

  54. func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) {
  55. 	prepareTestEnv(t)
  56. 	adminUsername := "user1"
  57. 	normalUsername := "user2"
  58. 	session := loginUser(t, adminUsername)
  59. 

  60. 	urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", adminUsername)
  61. 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
  62. 		"key":   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n",
  63. 		"title": "test-key",
  64. 	})
  65. 	resp := session.MakeRequest(t, req, http.StatusCreated)
  66. 	var newPublicKey api.PublicKey
  67. 	DecodeJSON(t, resp, &newPublicKey)
  68. 

  69. 	session = loginUser(t, normalUsername)
  70. 	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d",
  71. 		adminUsername, newPublicKey.ID)
  72. 	session.MakeRequest(t, req, http.StatusForbidden)
  73. }