-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
1. A key can either be an ssh user key or a deploy key. It cannot be both. 2. If a key is a user key - it can only be associated with one user. 3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different. 4. If a repository is deleted, its deploy keys must be deleted too. We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints: - [x] You should not be able to add the same user key as another user - [x] You should not be able to add a ssh user key which is being used as a deploy key - [x] You should not be able to add a ssh deploy key which is being used as a user key - [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode. - [x] If you delete a repository you must delete all its deploy keys. Fix #1357
- Loading branch information
Showing
14 changed files
with
694 additions
and
342 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,152 @@ | ||
// Copyright 2019 The Gitea Authors. All rights reserved. | ||
// Use of this source code is governed by a MIT-style | ||
// license that can be found in the LICENSE file. | ||
|
||
package integrations | ||
|
||
import ( | ||
"fmt" | ||
"io/ioutil" | ||
"net/http" | ||
"testing" | ||
|
||
api "code.gitea.io/sdk/gitea" | ||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
type APITestContext struct { | ||
Reponame string | ||
Session *TestSession | ||
Token string | ||
Username string | ||
ExpectedCode int | ||
} | ||
|
||
func NewAPITestContext(t *testing.T, username, reponame string) APITestContext { | ||
session := loginUser(t, username) | ||
token := getTokenForLoggedInUser(t, session) | ||
return APITestContext{ | ||
Session: session, | ||
Token: token, | ||
Username: username, | ||
Reponame: reponame, | ||
} | ||
} | ||
|
||
func (ctx APITestContext) GitPath() string { | ||
return fmt.Sprintf("%s/%s.git", ctx.Username, ctx.Reponame) | ||
} | ||
|
||
func doAPICreateRepository(ctx APITestContext, empty bool, callback ...func(*testing.T, api.Repository)) func(*testing.T) { | ||
return func(t *testing.T) { | ||
createRepoOption := &api.CreateRepoOption{ | ||
AutoInit: !empty, | ||
Description: "Temporary repo", | ||
Name: ctx.Reponame, | ||
Private: true, | ||
Gitignores: "", | ||
License: "WTFPL", | ||
Readme: "Default", | ||
} | ||
req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+ctx.Token, createRepoOption) | ||
if ctx.ExpectedCode != 0 { | ||
ctx.Session.MakeRequest(t, req, ctx.ExpectedCode) | ||
return | ||
} | ||
resp := ctx.Session.MakeRequest(t, req, http.StatusCreated) | ||
|
||
var repository api.Repository | ||
DecodeJSON(t, resp, &repository) | ||
if len(callback) > 0 { | ||
callback[0](t, repository) | ||
} | ||
} | ||
} | ||
|
||
func doAPIGetRepository(ctx APITestContext, callback ...func(*testing.T, api.Repository)) func(*testing.T) { | ||
return func(t *testing.T) { | ||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", ctx.Username, ctx.Reponame, ctx.Token) | ||
|
||
req := NewRequest(t, "GET", urlStr) | ||
if ctx.ExpectedCode != 0 { | ||
ctx.Session.MakeRequest(t, req, ctx.ExpectedCode) | ||
return | ||
} | ||
resp := ctx.Session.MakeRequest(t, req, http.StatusOK) | ||
|
||
var repository api.Repository | ||
DecodeJSON(t, resp, &repository) | ||
if len(callback) > 0 { | ||
callback[0](t, repository) | ||
} | ||
} | ||
} | ||
|
||
func doAPIDeleteRepository(ctx APITestContext) func(*testing.T) { | ||
return func(t *testing.T) { | ||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", ctx.Username, ctx.Reponame, ctx.Token) | ||
|
||
req := NewRequest(t, "DELETE", urlStr) | ||
if ctx.ExpectedCode != 0 { | ||
ctx.Session.MakeRequest(t, req, ctx.ExpectedCode) | ||
return | ||
} | ||
ctx.Session.MakeRequest(t, req, http.StatusNoContent) | ||
} | ||
} | ||
|
||
func doAPICreateUserKey(ctx APITestContext, keyname, keyFile string, callback ...func(*testing.T, api.PublicKey)) func(*testing.T) { | ||
return func(t *testing.T) { | ||
urlStr := fmt.Sprintf("/api/v1/user/keys?token=%s", ctx.Token) | ||
|
||
dataPubKey, err := ioutil.ReadFile(keyFile + ".pub") | ||
assert.NoError(t, err) | ||
req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateKeyOption{ | ||
Title: keyname, | ||
Key: string(dataPubKey), | ||
}) | ||
if ctx.ExpectedCode != 0 { | ||
ctx.Session.MakeRequest(t, req, ctx.ExpectedCode) | ||
return | ||
} | ||
resp := ctx.Session.MakeRequest(t, req, http.StatusCreated) | ||
var publicKey api.PublicKey | ||
DecodeJSON(t, resp, &publicKey) | ||
if len(callback) > 0 { | ||
callback[0](t, publicKey) | ||
} | ||
} | ||
} | ||
|
||
func doAPIDeleteUserKey(ctx APITestContext, keyID int64) func(*testing.T) { | ||
return func(t *testing.T) { | ||
urlStr := fmt.Sprintf("/api/v1/user/keys/%d?token=%s", keyID, ctx.Token) | ||
|
||
req := NewRequest(t, "DELETE", urlStr) | ||
if ctx.ExpectedCode != 0 { | ||
ctx.Session.MakeRequest(t, req, ctx.ExpectedCode) | ||
return | ||
} | ||
ctx.Session.MakeRequest(t, req, http.StatusNoContent) | ||
} | ||
} | ||
|
||
func doAPICreateDeployKey(ctx APITestContext, keyname, keyFile string, readOnly bool) func(*testing.T) { | ||
return func(t *testing.T) { | ||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", ctx.Username, ctx.Reponame, ctx.Token) | ||
|
||
dataPubKey, err := ioutil.ReadFile(keyFile + ".pub") | ||
assert.NoError(t, err) | ||
req := NewRequestWithJSON(t, "POST", urlStr, api.CreateKeyOption{ | ||
Title: keyname, | ||
Key: string(dataPubKey), | ||
ReadOnly: readOnly, | ||
}) | ||
|
||
if ctx.ExpectedCode != 0 { | ||
ctx.Session.MakeRequest(t, req, ctx.ExpectedCode) | ||
return | ||
} | ||
ctx.Session.MakeRequest(t, req, http.StatusCreated) | ||
} | ||
} |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.