closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9211 Commits
2 Branches
178 MiB
Tree: 8cffae65a6
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8cffae65a6'
${ noResults }
gitea/integrations/attachment_test.go

137 lines
4.6 KiB
Raw Normal View History

Only serve attachments when linked to issue/release and if accessible by user (#9340) * test: add current attachement responses * refactor: check if attachement is linked and accessible by user * chore: clean TODO * fix: typo attachement -> attachment * revert un-needed go.sum change * refactor: move models logic to models * fix TestCreateIssueAttachment which was wrongly successful * fix unit tests with unittype added * fix unit tests with changes * use a valid uuid format for pgsql int. test * test: add unit test TestLinkedRepository * refactor: allow uploader to access unlinked attachement * add missing blank line * refactor: move to a separate function repo.GetAttachment * typo * test: remove err test return * refactor: use repo perm for access checking generally + 404 for all reject
4 years ago
Fix missing defer prepareTestEnv(t)() on some tests (#9906) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
4 years ago
Only serve attachments when linked to issue/release and if accessible by user (#9340) * test: add current attachement responses * refactor: check if attachement is linked and accessible by user * chore: clean TODO * fix: typo attachement -> attachment * revert un-needed go.sum change * refactor: move models logic to models * fix TestCreateIssueAttachment which was wrongly successful * fix unit tests with unittype added * fix unit tests with changes * use a valid uuid format for pgsql int. test * test: add unit test TestLinkedRepository * refactor: allow uploader to access unlinked attachement * add missing blank line * refactor: move to a separate function repo.GetAttachment * typo * test: remove err test return * refactor: use repo perm for access checking generally + 404 for all reject
4 years ago
Fix missing defer prepareTestEnv(t)() on some tests (#9906) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
4 years ago
Only serve attachments when linked to issue/release and if accessible by user (#9340) * test: add current attachement responses * refactor: check if attachement is linked and accessible by user * chore: clean TODO * fix: typo attachement -> attachment * revert un-needed go.sum change * refactor: move models logic to models * fix TestCreateIssueAttachment which was wrongly successful * fix unit tests with unittype added * fix unit tests with changes * use a valid uuid format for pgsql int. test * test: add unit test TestLinkedRepository * refactor: allow uploader to access unlinked attachement * add missing blank line * refactor: move to a separate function repo.GetAttachment * typo * test: remove err test return * refactor: use repo perm for access checking generally + 404 for all reject
4 years ago
Fix missing defer prepareTestEnv(t)() on some tests (#9906) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
4 years ago
Only serve attachments when linked to issue/release and if accessible by user (#9340) * test: add current attachement responses * refactor: check if attachement is linked and accessible by user * chore: clean TODO * fix: typo attachement -> attachment * revert un-needed go.sum change * refactor: move models logic to models * fix TestCreateIssueAttachment which was wrongly successful * fix unit tests with unittype added * fix unit tests with changes * use a valid uuid format for pgsql int. test * test: add unit test TestLinkedRepository * refactor: allow uploader to access unlinked attachement * add missing blank line * refactor: move to a separate function repo.GetAttachment * typo * test: remove err test return * refactor: use repo perm for access checking generally + 404 for all reject
4 years ago
 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package integrations
  6. 

  7. import (
  8. 	"bytes"
  9. 	"image"
  10. 	"image/png"
  11. 	"io"
  12. 	"io/ioutil"
  13. 	"mime/multipart"
  14. 	"net/http"
  15. 	"os"
  16. 	"path"
  17. 	"testing"
  18. 

  19. 	"code.gitea.io/gitea/models"
  20. 	"code.gitea.io/gitea/modules/test"
  21. 

  22. 	"github.com/stretchr/testify/assert"
  23. )
  24. 

  25. func generateImg() bytes.Buffer {
  26. 	// Generate image

  27. 	myImage := image.NewRGBA(image.Rect(0, 0, 32, 32))
  28. 	var buff bytes.Buffer
  29. 	png.Encode(&buff, myImage)
  30. 	return buff
  31. }
  32. 

  33. func createAttachment(t *testing.T, session *TestSession, repoURL, filename string, buff bytes.Buffer, expectedStatus int) string {
  34. 	body := &bytes.Buffer{}
  35. 

  36. 	//Setup multi-part

  37. 	writer := multipart.NewWriter(body)
  38. 	part, err := writer.CreateFormFile("file", filename)
  39. 	assert.NoError(t, err)
  40. 	_, err = io.Copy(part, &buff)
  41. 	assert.NoError(t, err)
  42. 	err = writer.Close()
  43. 	assert.NoError(t, err)
  44. 

  45. 	csrf := GetCSRF(t, session, repoURL)
  46. 

  47. 	req := NewRequestWithBody(t, "POST", "/attachments", body)
  48. 	req.Header.Add("X-Csrf-Token", csrf)
  49. 	req.Header.Add("Content-Type", writer.FormDataContentType())
  50. 	resp := session.MakeRequest(t, req, expectedStatus)
  51. 

  52. 	if expectedStatus != http.StatusOK {
  53. 		return ""
  54. 	}
  55. 	var obj map[string]string
  56. 	DecodeJSON(t, resp, &obj)
  57. 	return obj["uuid"]
  58. }
  59. 

  60. func TestCreateAnonymousAttachment(t *testing.T) {
  61. 	defer prepareTestEnv(t)()
  62. 	session := emptyTestSession(t)
  63. 	createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusFound)
  64. }
  65. 

  66. func TestCreateIssueAttachment(t *testing.T) {
  67. 	defer prepareTestEnv(t)()
  68. 	const repoURL = "user2/repo1"
  69. 	session := loginUser(t, "user2")
  70. 	uuid := createAttachment(t, session, repoURL, "image.png", generateImg(), http.StatusOK)
  71. 

  72. 	req := NewRequest(t, "GET", repoURL+"/issues/new")
  73. 	resp := session.MakeRequest(t, req, http.StatusOK)
  74. 	htmlDoc := NewHTMLParser(t, resp.Body)
  75. 

  76. 	link, exists := htmlDoc.doc.Find("form").Attr("action")
  77. 	assert.True(t, exists, "The template has changed")
  78. 

  79. 	postData := map[string]string{
  80. 		"_csrf":   htmlDoc.GetCSRF(),
  81. 		"title":   "New Issue With Attachment",
  82. 		"content": "some content",
  83. 		"files":   uuid,
  84. 	}
  85. 

  86. 	req = NewRequestWithValues(t, "POST", link, postData)
  87. 	resp = session.MakeRequest(t, req, http.StatusFound)
  88. 	test.RedirectURL(resp) // check that redirect URL exists

  89. 

  90. 	//Validate that attachment is available

  91. 	req = NewRequest(t, "GET", "/attachments/"+uuid)
  92. 	session.MakeRequest(t, req, http.StatusOK)
  93. }
  94. 

  95. func TestGetAttachment(t *testing.T) {
  96. 	defer prepareTestEnv(t)()
  97. 	adminSession := loginUser(t, "user1")
  98. 	user2Session := loginUser(t, "user2")
  99. 	user8Session := loginUser(t, "user8")
  100. 	emptySession := emptyTestSession(t)
  101. 	testCases := []struct {
  102. 		name       string
  103. 		uuid       string
  104. 		createFile bool
  105. 		session    *TestSession
  106. 		want       int
  107. 	}{
  108. 		{"LinkedIssueUUID", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11", true, user2Session, http.StatusOK},
  109. 		{"LinkedCommentUUID", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a17", true, user2Session, http.StatusOK},
  110. 		{"linked_release_uuid", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a19", true, user2Session, http.StatusOK},
  111. 		{"NotExistingUUID", "b0eebc99-9c0b-4ef8-bb6d-6bb9bd380a18", false, user2Session, http.StatusNotFound},
  112. 		{"FileMissing", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a18", false, user2Session, http.StatusInternalServerError},
  113. 		{"NotLinked", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a20", true, user2Session, http.StatusNotFound},
  114. 		{"NotLinkedAccessibleByUploader", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a20", true, user8Session, http.StatusOK},
  115. 		{"PublicByNonLogged", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11", true, emptySession, http.StatusOK},
  116. 		{"PrivateByNonLogged", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, emptySession, http.StatusNotFound},
  117. 		{"PrivateAccessibleByAdmin", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, adminSession, http.StatusOK},
  118. 		{"PrivateAccessibleByUser", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, user2Session, http.StatusOK},
  119. 		{"RepoNotAccessibleByUser", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, user8Session, http.StatusNotFound},
  120. 		{"OrgNotAccessibleByUser", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a21", true, user8Session, http.StatusNotFound},
  121. 	}
  122. 	for _, tc := range testCases {
  123. 		t.Run(tc.name, func(t *testing.T) {
  124. 			//Write empty file to be available for response

  125. 			if tc.createFile {
  126. 				localPath := models.AttachmentLocalPath(tc.uuid)
  127. 				err := os.MkdirAll(path.Dir(localPath), os.ModePerm)
  128. 				assert.NoError(t, err)
  129. 				err = ioutil.WriteFile(localPath, []byte("hello world"), 0644)
  130. 				assert.NoError(t, err)
  131. 			}
  132. 			//Actual test

  133. 			req := NewRequest(t, "GET", "/attachments/"+tc.uuid)
  134. 			tc.session.MakeRequest(t, req, tc.want)
  135. 		})
  136. 	}
  137. }