Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Convert to url auth to header auth in tests #28484

Merged
merged 7 commits into from
Dec 21, 2023
Merged

Convert to url auth to header auth in tests #28484

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
927f0ae
Convert to auth header.
KN4CK3R Dec 15, 2023
356c877
Use builder pattern.
KN4CK3R Dec 19, 2023
14dacbb
Convert more code.
KN4CK3R Dec 21, 2023
0753078
Convert more code.
KN4CK3R Dec 21, 2023
fc13498
Merge branch 'main' of https://github.com/go-gitea/gitea into fix-tes…
KN4CK3R Dec 21, 2023
b4eba08
Merge branch 'main' into fix-tests-token-auth
GiteaBot Dec 21, 2023
b7c35e2
Merge branch 'main' into fix-tests-token-auth
GiteaBot Dec 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions tests/integration/api_activitypub_person_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ func TestActivityPubPerson(t *testing.T) {
onGiteaRun(t, func(*testing.T, *url.URL) {
userID := 2
username := "user2"
req := NewRequestf(t, "GET", fmt.Sprintf("/api/v1/activitypub/user-id/%v", userID))
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/activitypub/user-id/%v", userID))
resp := MakeRequest(t, req, http.StatusOK)
body := resp.Body.Bytes()
assert.Contains(t, string(body), "@context")
Expand Down Expand Up @@ -68,7 +68,7 @@ func TestActivityPubMissingPerson(t *testing.T) {
}()

onGiteaRun(t, func(*testing.T, *url.URL) {
req := NewRequestf(t, "GET", "/api/v1/activitypub/user-id/999999999")
req := NewRequest(t, "GET", "/api/v1/activitypub/user-id/999999999")
resp := MakeRequest(t, req, http.StatusNotFound)
assert.Contains(t, resp.Body.String(), "user does not exist")
})
Expand Down
6 changes: 3 additions & 3 deletions tests/integration/api_admin_org_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ func TestAPIAdminOrgCreate(t *testing.T) {
Location: "Shanghai",
Visibility: "private",
}
req := NewRequestWithJSON(t, "POST", "/api/v1/admin/users/user2/orgs?token="+token, &org)
req := NewRequestWithJSON(t, "POST", "/api/v1/admin/users/user2/orgs", &org, token)
resp := MakeRequest(t, req, http.StatusCreated)

var apiOrg api.Organization
Expand Down Expand Up @@ -65,7 +65,7 @@ func TestAPIAdminOrgCreateBadVisibility(t *testing.T) {
Location: "Shanghai",
Visibility: "notvalid",
}
req := NewRequestWithJSON(t, "POST", "/api/v1/admin/users/user2/orgs?token="+token, &org)
req := NewRequestWithJSON(t, "POST", "/api/v1/admin/users/user2/orgs", &org, token)
MakeRequest(t, req, http.StatusUnprocessableEntity)
})
}
Expand All @@ -83,6 +83,6 @@ func TestAPIAdminOrgCreateNotAdmin(t *testing.T) {
Location: "Shanghai",
Visibility: "public",
}
req := NewRequestWithJSON(t, "POST", "/api/v1/admin/users/user2/orgs?token="+token, &org)
req := NewRequestWithJSON(t, "POST", "/api/v1/admin/users/user2/orgs", &org, token)
MakeRequest(t, req, http.StatusForbidden)
}
79 changes: 37 additions & 42 deletions tests/integration/api_admin_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,11 @@ func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {
keyOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user2"})

token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteAdmin)
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", keyOwner.Name, token)
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", keyOwner.Name)
req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",
"title": "test-key",
})
}, token)
resp := MakeRequest(t, req, http.StatusCreated)

var newPublicKey api.PublicKey
Expand All @@ -43,8 +43,8 @@ func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {
OwnerID: keyOwner.ID,
})

req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s",
keyOwner.Name, newPublicKey.ID, token)
req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d", keyOwner.Name, newPublicKey.ID)
addTokenAuthHeader(req, token)
MakeRequest(t, req, http.StatusNoContent)
unittest.AssertNotExistsBean(t, &asymkey_model.PublicKey{ID: newPublicKey.ID})
}
Expand All @@ -54,7 +54,8 @@ func TestAPIAdminDeleteMissingSSHKey(t *testing.T) {

// user1 is an admin user
token := getUserToken(t, "user1", auth_model.AccessTokenScopeWriteAdmin)
req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d?token=%s", unittest.NonexistentID, token)
req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d", unittest.NonexistentID)
addTokenAuthHeader(req, token)
MakeRequest(t, req, http.StatusNotFound)
}

Expand All @@ -64,18 +65,18 @@ func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) {
normalUsername := "user2"
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)

urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", adminUsername, token)
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", adminUsername)
req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",
"title": "test-key",
})
}, token)
resp := MakeRequest(t, req, http.StatusCreated)
var newPublicKey api.PublicKey
DecodeJSON(t, resp, &newPublicKey)

token = getUserToken(t, normalUsername)
req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s",
adminUsername, newPublicKey.ID, token)
req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d", adminUsername, newPublicKey.ID)
addTokenAuthHeader(req, token)
MakeRequest(t, req, http.StatusForbidden)
}

Expand All @@ -85,8 +86,7 @@ func TestAPISudoUser(t *testing.T) {
normalUsername := "user2"
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeReadUser)

urlStr := fmt.Sprintf("/api/v1/user?sudo=%s&token=%s", normalUsername, token)
req := NewRequest(t, "GET", urlStr)
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/user?sudo=%s", normalUsername), token)
resp := MakeRequest(t, req, http.StatusOK)
var user api.User
DecodeJSON(t, resp, &user)
Expand All @@ -100,8 +100,7 @@ func TestAPISudoUserForbidden(t *testing.T) {
normalUsername := "user2"

token := getUserToken(t, normalUsername, auth_model.AccessTokenScopeReadAdmin)
urlStr := fmt.Sprintf("/api/v1/user?sudo=%s&token=%s", adminUsername, token)
req := NewRequest(t, "GET", urlStr)
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/user?sudo=%s", adminUsername), token)
MakeRequest(t, req, http.StatusForbidden)
}

Expand All @@ -110,8 +109,7 @@ func TestAPIListUsers(t *testing.T) {
adminUsername := "user1"
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeReadAdmin)

urlStr := fmt.Sprintf("/api/v1/admin/users?token=%s", token)
req := NewRequest(t, "GET", urlStr)
req := NewRequest(t, "GET", "/api/v1/admin/users", token)
resp := MakeRequest(t, req, http.StatusOK)
var users []api.User
DecodeJSON(t, resp, &users)
Expand All @@ -137,16 +135,15 @@ func TestAPIListUsersNonAdmin(t *testing.T) {
defer tests.PrepareTestEnv(t)()
nonAdminUsername := "user2"
token := getUserToken(t, nonAdminUsername)
req := NewRequestf(t, "GET", "/api/v1/admin/users?token=%s", token)
req := NewRequest(t, "GET", "/api/v1/admin/users", token)
MakeRequest(t, req, http.StatusForbidden)
}

func TestAPICreateUserInvalidEmail(t *testing.T) {
defer tests.PrepareTestEnv(t)()
adminUsername := "user1"
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
urlStr := fmt.Sprintf("/api/v1/admin/users?token=%s", token)
req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
req := NewRequestWithValues(t, "POST", "/api/v1/admin/users", map[string]string{
"email": "invalid_email@domain.com\r\n",
"full_name": "invalid user",
"login_name": "invalidUser",
Expand All @@ -155,7 +152,7 @@ func TestAPICreateUserInvalidEmail(t *testing.T) {
"send_notify": "true",
"source_id": "0",
"username": "invalidUser",
})
}, token)
MakeRequest(t, req, http.StatusUnprocessableEntity)
}

Expand All @@ -167,7 +164,7 @@ func TestAPICreateAndDeleteUser(t *testing.T) {
req := NewRequestWithValues(
t,
"POST",
fmt.Sprintf("/api/v1/admin/users?token=%s", token),
"/api/v1/admin/users",
map[string]string{
"email": "deleteme@domain.com",
"full_name": "delete me",
Expand All @@ -178,34 +175,35 @@ func TestAPICreateAndDeleteUser(t *testing.T) {
"source_id": "0",
"username": "deleteme",
},
token,
)
MakeRequest(t, req, http.StatusCreated)

req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/admin/users/deleteme?token=%s", token))
req = NewRequest(t, "DELETE", "/api/v1/admin/users/deleteme", token)
MakeRequest(t, req, http.StatusNoContent)
}

func TestAPIEditUser(t *testing.T) {
defer tests.PrepareTestEnv(t)()
adminUsername := "user1"
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
urlStr := fmt.Sprintf("/api/v1/admin/users/%s?token=%s", "user2", token)
urlStr := fmt.Sprintf("/api/v1/admin/users/%s", "user2")

req := NewRequestWithValues(t, "PATCH", urlStr, map[string]string{
// required
"login_name": "user2",
"source_id": "0",
// to change
"full_name": "Full Name User 2",
})
}, token)
MakeRequest(t, req, http.StatusOK)

empty := ""
req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
LoginName: "user2",
SourceID: 0,
Email: &empty,
})
}, token)
resp := MakeRequest(t, req, http.StatusUnprocessableEntity)

errMap := make(map[string]any)
Expand All @@ -221,7 +219,7 @@ func TestAPIEditUser(t *testing.T) {
SourceID: 0,
// to change
Restricted: &bTrue,
})
}, token)
MakeRequest(t, req, http.StatusOK)
user2 = unittest.AssertExistsAndLoadBean(t, &user_model.User{LoginName: "user2"})
assert.True(t, user2.IsRestricted)
Expand All @@ -235,10 +233,11 @@ func TestAPICreateRepoForUser(t *testing.T) {
req := NewRequestWithJSON(
t,
"POST",
fmt.Sprintf("/api/v1/admin/users/%s/repos?token=%s", adminUsername, token),
fmt.Sprintf("/api/v1/admin/users/%s/repos", adminUsername),
&api.CreateRepoOption{
Name: "admincreatedrepo",
},
token,
)
MakeRequest(t, req, http.StatusCreated)
}
Expand All @@ -247,40 +246,38 @@ func TestAPIRenameUser(t *testing.T) {
defer tests.PrepareTestEnv(t)()
adminUsername := "user1"
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/rename?token=%s", "user2", token)
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/rename", "user2")
req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
// required
"new_name": "User2",
})
}, token)
MakeRequest(t, req, http.StatusOK)

urlStr = fmt.Sprintf("/api/v1/admin/users/%s/rename?token=%s", "User2", token)
urlStr = fmt.Sprintf("/api/v1/admin/users/%s/rename", "User2")
req = NewRequestWithValues(t, "POST", urlStr, map[string]string{
// required
"new_name": "User2-2-2",
})
}, token)
MakeRequest(t, req, http.StatusOK)

urlStr = fmt.Sprintf("/api/v1/admin/users/%s/rename?token=%s", "User2", token)
req = NewRequestWithValues(t, "POST", urlStr, map[string]string{
// required
"new_name": "user1",
})
}, token)
// the old user name still be used by with a redirect
MakeRequest(t, req, http.StatusTemporaryRedirect)

urlStr = fmt.Sprintf("/api/v1/admin/users/%s/rename?token=%s", "User2-2-2", token)
urlStr = fmt.Sprintf("/api/v1/admin/users/%s/rename", "User2-2-2")
req = NewRequestWithValues(t, "POST", urlStr, map[string]string{
// required
"new_name": "user1",
})
}, token)
MakeRequest(t, req, http.StatusUnprocessableEntity)

urlStr = fmt.Sprintf("/api/v1/admin/users/%s/rename?token=%s", "User2-2-2", token)
req = NewRequestWithValues(t, "POST", urlStr, map[string]string{
// required
"new_name": "user2",
})
}, token)
MakeRequest(t, req, http.StatusOK)
}

Expand All @@ -294,8 +291,8 @@ func TestAPICron(t *testing.T) {
defer tests.PrintCurrentTest(t)()

token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadAdmin)
urlStr := fmt.Sprintf("/api/v1/admin/cron?token=%s", token)
req := NewRequest(t, "GET", urlStr)

req := NewRequest(t, "GET", "/api/v1/admin/cron", token)
resp := MakeRequest(t, req, http.StatusOK)

assert.Equal(t, "28", resp.Header().Get("X-Total-Count"))
Expand All @@ -313,13 +310,11 @@ func TestAPICron(t *testing.T) {
// Archive cleanup is harmless, because in the test environment there are none
// and is thus an NOOP operation and therefore doesn't interfere with any other
// tests.
urlStr := fmt.Sprintf("/api/v1/admin/cron/archive_cleanup?token=%s", token)
req := NewRequest(t, "POST", urlStr)
req := NewRequest(t, "POST", "/api/v1/admin/cron/archive_cleanup", token)
MakeRequest(t, req, http.StatusNoContent)

// Check for the latest run time for this cron, to ensure it has been run.
urlStr = fmt.Sprintf("/api/v1/admin/cron?token=%s", token)
req = NewRequest(t, "GET", urlStr)
req = NewRequest(t, "GET", "/api/v1/admin/cron", token)
resp := MakeRequest(t, req, http.StatusOK)

var crons []api.Cron
Expand Down
Loading