You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

164 lines
6.5 KiB

  1. // Copyright 2019 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package integrations
  5. import (
  6. "net/http"
  7. "net/url"
  8. "testing"
  9. "code.gitea.io/gitea/models"
  10. "code.gitea.io/gitea/modules/context"
  11. "code.gitea.io/gitea/modules/git"
  12. repo_module "code.gitea.io/gitea/modules/repository"
  13. "code.gitea.io/gitea/modules/setting"
  14. api "code.gitea.io/gitea/modules/structs"
  15. "github.com/stretchr/testify/assert"
  16. )
  17. func getExpectedContentsResponseForContents(ref, refType string) *api.ContentsResponse {
  18. treePath := "README.md"
  19. sha := "4b4851ad51df6a7d9f25c979345979eaeb5b349f"
  20. encoding := "base64"
  21. content := "IyByZXBvMQoKRGVzY3JpcHRpb24gZm9yIHJlcG8x"
  22. selfURL := setting.AppURL + "api/v1/repos/user2/repo1/contents/" + treePath + "?ref=" + ref
  23. htmlURL := setting.AppURL + "user2/repo1/src/" + refType + "/" + ref + "/" + treePath
  24. gitURL := setting.AppURL + "api/v1/repos/user2/repo1/git/blobs/" + sha
  25. downloadURL := setting.AppURL + "user2/repo1/raw/" + refType + "/" + ref + "/" + treePath
  26. return &api.ContentsResponse{
  27. Name: treePath,
  28. Path: treePath,
  29. SHA: sha,
  30. Type: "file",
  31. Size: 30,
  32. Encoding: &encoding,
  33. Content: &content,
  34. URL: &selfURL,
  35. HTMLURL: &htmlURL,
  36. GitURL: &gitURL,
  37. DownloadURL: &downloadURL,
  38. Links: &api.FileLinksResponse{
  39. Self: &selfURL,
  40. GitURL: &gitURL,
  41. HTMLURL: &htmlURL,
  42. },
  43. }
  44. }
  45. func TestAPIGetContents(t *testing.T) {
  46. onGiteaRun(t, testAPIGetContents)
  47. }
  48. func testAPIGetContents(t *testing.T, u *url.URL) {
  49. /*** SETUP ***/
  50. user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User) // owner of the repo1 & repo16
  51. user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User) // owner of the repo3, is an org
  52. user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User) // owner of neither repos
  53. repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) // public repo
  54. repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository) // public repo
  55. repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
  56. treePath := "README.md"
  57. // Get user2's token
  58. session := loginUser(t, user2.Name)
  59. token2 := getTokenForLoggedInUser(t, session)
  60. session = emptyTestSession(t)
  61. // Get user4's token
  62. session = loginUser(t, user4.Name)
  63. token4 := getTokenForLoggedInUser(t, session)
  64. session = emptyTestSession(t)
  65. // Make a new branch in repo1
  66. newBranch := "test_branch"
  67. err := repo_module.CreateNewBranch(user2, repo1, repo1.DefaultBranch, newBranch)
  68. assert.NoError(t, err)
  69. // Get the commit ID of the default branch
  70. gitRepo, err := git.OpenRepository(repo1.RepoPath())
  71. assert.NoError(t, err)
  72. defer gitRepo.Close()
  73. commitID, err := gitRepo.GetBranchCommitID(repo1.DefaultBranch)
  74. assert.NoError(t, err)
  75. // Make a new tag in repo1
  76. newTag := "test_tag"
  77. err = gitRepo.CreateTag(newTag, commitID)
  78. assert.NoError(t, err)
  79. /*** END SETUP ***/
  80. // ref is default ref
  81. ref := repo1.DefaultBranch
  82. refType := "branch"
  83. req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
  84. resp := session.MakeRequest(t, req, http.StatusOK)
  85. var contentsResponse api.ContentsResponse
  86. DecodeJSON(t, resp, &contentsResponse)
  87. assert.NotNil(t, contentsResponse)
  88. expectedContentsResponse := getExpectedContentsResponseForContents(ref, refType)
  89. assert.EqualValues(t, *expectedContentsResponse, contentsResponse)
  90. // No ref
  91. refType = "branch"
  92. req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s", user2.Name, repo1.Name, treePath)
  93. resp = session.MakeRequest(t, req, http.StatusOK)
  94. DecodeJSON(t, resp, &contentsResponse)
  95. assert.NotNil(t, contentsResponse)
  96. expectedContentsResponse = getExpectedContentsResponseForContents(repo1.DefaultBranch, refType)
  97. assert.EqualValues(t, *expectedContentsResponse, contentsResponse)
  98. // ref is the branch we created above in setup
  99. ref = newBranch
  100. refType = "branch"
  101. req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
  102. resp = session.MakeRequest(t, req, http.StatusOK)
  103. DecodeJSON(t, resp, &contentsResponse)
  104. assert.NotNil(t, contentsResponse)
  105. expectedContentsResponse = getExpectedContentsResponseForContents(ref, refType)
  106. assert.EqualValues(t, *expectedContentsResponse, contentsResponse)
  107. // ref is the new tag we created above in setup
  108. ref = newTag
  109. refType = "tag"
  110. req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
  111. resp = session.MakeRequest(t, req, http.StatusOK)
  112. DecodeJSON(t, resp, &contentsResponse)
  113. assert.NotNil(t, contentsResponse)
  114. expectedContentsResponse = getExpectedContentsResponseForContents(ref, refType)
  115. assert.EqualValues(t, *expectedContentsResponse, contentsResponse)
  116. // ref is a commit
  117. ref = commitID
  118. refType = "commit"
  119. req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
  120. resp = session.MakeRequest(t, req, http.StatusOK)
  121. DecodeJSON(t, resp, &contentsResponse)
  122. assert.NotNil(t, contentsResponse)
  123. expectedContentsResponse = getExpectedContentsResponseForContents(ref, refType)
  124. assert.EqualValues(t, *expectedContentsResponse, contentsResponse)
  125. // Test file contents a file with a bad ref
  126. ref = "badref"
  127. req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
  128. resp = session.MakeRequest(t, req, http.StatusInternalServerError)
  129. expectedAPIError := context.APIError{
  130. Message: "object does not exist [id: " + ref + ", rel_path: ]",
  131. URL: setting.API.SwaggerURL,
  132. }
  133. var apiError context.APIError
  134. DecodeJSON(t, resp, &apiError)
  135. assert.Equal(t, expectedAPIError, apiError)
  136. // Test accessing private ref with user token that does not have access - should fail
  137. req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token4)
  138. session.MakeRequest(t, req, http.StatusNotFound)
  139. // Test access private ref of owner of token
  140. req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/readme.md?token=%s", user2.Name, repo16.Name, token2)
  141. session.MakeRequest(t, req, http.StatusOK)
  142. // Test access of org user3 private repo file by owner user2
  143. req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?token=%s", user3.Name, repo3.Name, treePath, token2)
  144. session.MakeRequest(t, req, http.StatusOK)
  145. }