afan
/
gitea
İzle 1
Yıldızla 0
Çatalla 0
Kod Sorunlar 0 Değişiklik İstekleri 0 Sürümler 0 Wiki Aktivite
gitea源码
3 İşlemeler
2 Dallar
Dal: master
Dallar Biçim İmleri
${ item.name }
Branş ${ searchTerm } oluştur
'master'den
${ noResults }
gitea/tests/integration/org_team_invite_test.go

org_team_invite_test.go 12KB
Kalıcı Bağlantı Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356 
  1. // Copyright 2022 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package integration

  5. 

  6. import (

  7. 	"fmt"

  8. 	"net/http"

  9. 	"net/url"

  10. 	"strings"

  11. 	"testing"

  12. 

  13. 	"code.gitea.io/gitea/models/organization"

  14. 	"code.gitea.io/gitea/models/unittest"

  15. 	user_model "code.gitea.io/gitea/models/user"

  16. 	"code.gitea.io/gitea/modules/setting"

  17. 	"code.gitea.io/gitea/modules/test"

  18. 	"code.gitea.io/gitea/tests"

  19. 

  20. 	"github.com/stretchr/testify/assert"

  21. )

  22. 

  23. func TestOrgTeamEmailInvite(t *testing.T) {

  24. 	if setting.MailService == nil {

  25. 		t.Skip()

  26. 		return

  27. 	}

  28. 

  29. 	defer tests.PrepareTestEnv(t)()

  30. 

  31. 	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})

  32. 	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2})

  33. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})

  34. 

  35. 	isMember, err := organization.IsTeamMember(t.Context(), team.OrgID, team.ID, user.ID)

  36. 	assert.NoError(t, err)

  37. 	assert.False(t, isMember)

  38. 

  39. 	session := loginUser(t, "user1")

  40. 

  41. 	teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name)

  42. 	csrf := GetUserCSRFToken(t, session)

  43. 	req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{

  44. 		"_csrf": csrf,

  45. 		"uid":   "1",

  46. 		"uname": user.Email,

  47. 	})

  48. 	resp := session.MakeRequest(t, req, http.StatusSeeOther)

  49. 	req = NewRequest(t, "GET", test.RedirectURL(resp))

  50. 	session.MakeRequest(t, req, http.StatusOK)

  51. 

  52. 	// get the invite token

  53. 	invites, err := organization.GetInvitesByTeamID(t.Context(), team.ID)

  54. 	assert.NoError(t, err)

  55. 	assert.Len(t, invites, 1)

  56. 

  57. 	session = loginUser(t, user.Name)

  58. 

  59. 	// join the team

  60. 	inviteURL := "/org/invite/" + invites[0].Token

  61. 	csrf = GetUserCSRFToken(t, session)

  62. 	req = NewRequestWithValues(t, "POST", inviteURL, map[string]string{

  63. 		"_csrf": csrf,

  64. 	})

  65. 	resp = session.MakeRequest(t, req, http.StatusSeeOther)

  66. 	req = NewRequest(t, "GET", test.RedirectURL(resp))

  67. 	session.MakeRequest(t, req, http.StatusOK)

  68. 

  69. 	isMember, err = organization.IsTeamMember(t.Context(), team.OrgID, team.ID, user.ID)

  70. 	assert.NoError(t, err)

  71. 	assert.True(t, isMember)

  72. }

  73. 

  74. // Check that users are redirected to accept the invitation correctly after login

  75. func TestOrgTeamEmailInviteRedirectsExistingUser(t *testing.T) {

  76. 	if setting.MailService == nil {

  77. 		t.Skip()

  78. 		return

  79. 	}

  80. 

  81. 	defer tests.PrepareTestEnv(t)()

  82. 

  83. 	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})

  84. 	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2})

  85. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})

  86. 

  87. 	isMember, err := organization.IsTeamMember(t.Context(), team.OrgID, team.ID, user.ID)

  88. 	assert.NoError(t, err)

  89. 	assert.False(t, isMember)

  90. 

  91. 	// create the invite

  92. 	session := loginUser(t, "user1")

  93. 

  94. 	teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name)

  95. 	req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{

  96. 		"_csrf": GetUserCSRFToken(t, session),

  97. 		"uid":   "1",

  98. 		"uname": user.Email,

  99. 	})

  100. 	resp := session.MakeRequest(t, req, http.StatusSeeOther)

  101. 	req = NewRequest(t, "GET", test.RedirectURL(resp))

  102. 	session.MakeRequest(t, req, http.StatusOK)

  103. 

  104. 	// get the invite token

  105. 	invites, err := organization.GetInvitesByTeamID(t.Context(), team.ID)

  106. 	assert.NoError(t, err)

  107. 	assert.Len(t, invites, 1)

  108. 

  109. 	// accept the invite

  110. 	inviteURL := "/org/invite/" + invites[0].Token

  111. 	req = NewRequest(t, "GET", "/user/login?redirect_to="+url.QueryEscape(inviteURL))

  112. 	resp = MakeRequest(t, req, http.StatusOK)

  113. 

  114. 	doc := NewHTMLParser(t, resp.Body)

  115. 	req = NewRequestWithValues(t, "POST", "/user/login", map[string]string{

  116. 		"_csrf":     doc.GetCSRF(),

  117. 		"user_name": "user5",

  118. 		"password":  "password",

  119. 	})

  120. 	for _, c := range resp.Result().Cookies() {

  121. 		req.AddCookie(c)

  122. 	}

  123. 

  124. 	resp = MakeRequest(t, req, http.StatusSeeOther)

  125. 	assert.Equal(t, inviteURL, test.RedirectURL(resp))

  126. 

  127. 	// complete the login process

  128. 	ch := http.Header{}

  129. 	ch.Add("Cookie", strings.Join(resp.Header()["Set-Cookie"], ";"))

  130. 	cr := http.Request{Header: ch}

  131. 

  132. 	session = emptyTestSession(t)

  133. 	baseURL, err := url.Parse(setting.AppURL)

  134. 	assert.NoError(t, err)

  135. 	session.jar.SetCookies(baseURL, cr.Cookies())

  136. 

  137. 	// make the request

  138. 	req = NewRequestWithValues(t, "POST", test.RedirectURL(resp), map[string]string{

  139. 		"_csrf": GetUserCSRFToken(t, session),

  140. 	})

  141. 	resp = session.MakeRequest(t, req, http.StatusSeeOther)

  142. 	req = NewRequest(t, "GET", test.RedirectURL(resp))

  143. 	session.MakeRequest(t, req, http.StatusOK)

  144. 

  145. 	isMember, err = organization.IsTeamMember(t.Context(), team.OrgID, team.ID, user.ID)

  146. 	assert.NoError(t, err)

  147. 	assert.True(t, isMember)

  148. }

  149. 

  150. // Check that newly signed up users are redirected to accept the invitation correctly

  151. func TestOrgTeamEmailInviteRedirectsNewUser(t *testing.T) {

  152. 	if setting.MailService == nil {

  153. 		t.Skip()

  154. 		return

  155. 	}

  156. 

  157. 	defer tests.PrepareTestEnv(t)()

  158. 

  159. 	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})

  160. 	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2})

  161. 

  162. 	// create the invite

  163. 	session := loginUser(t, "user1")

  164. 

  165. 	teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name)

  166. 	req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{

  167. 		"_csrf": GetUserCSRFToken(t, session),

  168. 		"uid":   "1",

  169. 		"uname": "doesnotexist@example.com",

  170. 	})

  171. 	resp := session.MakeRequest(t, req, http.StatusSeeOther)

  172. 	req = NewRequest(t, "GET", test.RedirectURL(resp))

  173. 	session.MakeRequest(t, req, http.StatusOK)

  174. 

  175. 	// get the invite token

  176. 	invites, err := organization.GetInvitesByTeamID(t.Context(), team.ID)

  177. 	assert.NoError(t, err)

  178. 	assert.Len(t, invites, 1)

  179. 

  180. 	// accept the invite

  181. 	inviteURL := "/org/invite/" + invites[0].Token

  182. 	req = NewRequest(t, "GET", "/user/sign_up?redirect_to="+url.QueryEscape(inviteURL))

  183. 	resp = MakeRequest(t, req, http.StatusOK)

  184. 

  185. 	doc := NewHTMLParser(t, resp.Body)

  186. 	req = NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{

  187. 		"_csrf":     doc.GetCSRF(),

  188. 		"user_name": "doesnotexist",

  189. 		"email":     "doesnotexist@example.com",

  190. 		"password":  "examplePassword!1",

  191. 		"retype":    "examplePassword!1",

  192. 	})

  193. 	for _, c := range resp.Result().Cookies() {

  194. 		req.AddCookie(c)

  195. 	}

  196. 

  197. 	resp = MakeRequest(t, req, http.StatusSeeOther)

  198. 	assert.Equal(t, inviteURL, test.RedirectURL(resp))

  199. 

  200. 	// complete the signup process

  201. 	ch := http.Header{}

  202. 	ch.Add("Cookie", strings.Join(resp.Header()["Set-Cookie"], ";"))

  203. 	cr := http.Request{Header: ch}

  204. 

  205. 	session = emptyTestSession(t)

  206. 	baseURL, err := url.Parse(setting.AppURL)

  207. 	assert.NoError(t, err)

  208. 	session.jar.SetCookies(baseURL, cr.Cookies())

  209. 

  210. 	// make the redirected request

  211. 	req = NewRequestWithValues(t, "POST", test.RedirectURL(resp), map[string]string{

  212. 		"_csrf": GetUserCSRFToken(t, session),

  213. 	})

  214. 	resp = session.MakeRequest(t, req, http.StatusSeeOther)

  215. 	req = NewRequest(t, "GET", test.RedirectURL(resp))

  216. 	session.MakeRequest(t, req, http.StatusOK)

  217. 

  218. 	// get the new user

  219. 	newUser, err := user_model.GetUserByName(t.Context(), "doesnotexist")

  220. 	assert.NoError(t, err)

  221. 

  222. 	isMember, err := organization.IsTeamMember(t.Context(), team.OrgID, team.ID, newUser.ID)

  223. 	assert.NoError(t, err)

  224. 	assert.True(t, isMember)

  225. }

  226. 

  227. // Check that users are redirected correctly after confirming their email

  228. func TestOrgTeamEmailInviteRedirectsNewUserWithActivation(t *testing.T) {

  229. 	if setting.MailService == nil {

  230. 		t.Skip()

  231. 		return

  232. 	}

  233. 

  234. 	// enable email confirmation temporarily

  235. 	defer test.MockVariableValue(&setting.Service.RegisterEmailConfirm, true)()

  236. 	defer tests.PrepareTestEnv(t)()

  237. 

  238. 	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})

  239. 	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2})

  240. 

  241. 	// user1: create the invite

  242. 	session := loginUser(t, "user1")

  243. 

  244. 	teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name)

  245. 	req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{

  246. 		"_csrf": GetUserCSRFToken(t, session),

  247. 		"uid":   "1",

  248. 		"uname": "doesnotexist@example.com",

  249. 	})

  250. 	resp := session.MakeRequest(t, req, http.StatusSeeOther)

  251. 	req = NewRequest(t, "GET", test.RedirectURL(resp))

  252. 	session.MakeRequest(t, req, http.StatusOK)

  253. 

  254. 	// get the invite token

  255. 	invites, err := organization.GetInvitesByTeamID(t.Context(), team.ID)

  256. 	assert.NoError(t, err)

  257. 	assert.Len(t, invites, 1)

  258. 

  259. 	// new user: accept the invite

  260. 	session = emptyTestSession(t)

  261. 

  262. 	inviteURL := "/org/invite/" + invites[0].Token

  263. 	req = NewRequest(t, "GET", "/user/sign_up?redirect_to="+url.QueryEscape(inviteURL))

  264. 	session.MakeRequest(t, req, http.StatusOK)

  265. 	req = NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{

  266. 		"user_name": "doesnotexist",

  267. 		"email":     "doesnotexist@example.com",

  268. 		"password":  "examplePassword!1",

  269. 		"retype":    "examplePassword!1",

  270. 	})

  271. 	session.MakeRequest(t, req, http.StatusOK)

  272. 

  273. 	user, err := user_model.GetUserByName(t.Context(), "doesnotexist")

  274. 	assert.NoError(t, err)

  275. 

  276. 	activationCode := user_model.GenerateUserTimeLimitCode(&user_model.TimeLimitCodeOptions{Purpose: user_model.TimeLimitCodeActivateAccount}, user)

  277. 	activateURL := "/user/activate?code=" + activationCode

  278. 	req = NewRequestWithValues(t, "POST", activateURL, map[string]string{

  279. 		"password": "examplePassword!1",

  280. 	})

  281. 

  282. 	resp = session.MakeRequest(t, req, http.StatusSeeOther)

  283. 	// should be redirected to accept the invite

  284. 	assert.Equal(t, inviteURL, test.RedirectURL(resp))

  285. 

  286. 	req = NewRequestWithValues(t, "POST", test.RedirectURL(resp), map[string]string{

  287. 		"_csrf": GetUserCSRFToken(t, session),

  288. 	})

  289. 	resp = session.MakeRequest(t, req, http.StatusSeeOther)

  290. 	req = NewRequest(t, "GET", test.RedirectURL(resp))

  291. 	session.MakeRequest(t, req, http.StatusOK)

  292. 

  293. 	isMember, err := organization.IsTeamMember(t.Context(), team.OrgID, team.ID, user.ID)

  294. 	assert.NoError(t, err)

  295. 	assert.True(t, isMember)

  296. }

  297. 

  298. // Test that a logged-in user who navigates to the sign-up link is then redirected using redirect_to

  299. // For example: an invite may have been created before the user account was created, but they may be

  300. // accepting the invite after having created an account separately

  301. func TestOrgTeamEmailInviteRedirectsExistingUserWithLogin(t *testing.T) {

  302. 	if setting.MailService == nil {

  303. 		t.Skip()

  304. 		return

  305. 	}

  306. 

  307. 	defer tests.PrepareTestEnv(t)()

  308. 

  309. 	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})

  310. 	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2})

  311. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})

  312. 

  313. 	isMember, err := organization.IsTeamMember(t.Context(), team.OrgID, team.ID, user.ID)

  314. 	assert.NoError(t, err)

  315. 	assert.False(t, isMember)

  316. 

  317. 	// create the invite

  318. 	session := loginUser(t, "user1")

  319. 

  320. 	teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name)

  321. 	req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{

  322. 		"_csrf": GetUserCSRFToken(t, session),

  323. 		"uid":   "1",

  324. 		"uname": user.Email,

  325. 	})

  326. 	resp := session.MakeRequest(t, req, http.StatusSeeOther)

  327. 	req = NewRequest(t, "GET", test.RedirectURL(resp))

  328. 	session.MakeRequest(t, req, http.StatusOK)

  329. 

  330. 	// get the invite token

  331. 	invites, err := organization.GetInvitesByTeamID(t.Context(), team.ID)

  332. 	assert.NoError(t, err)

  333. 	assert.Len(t, invites, 1)

  334. 

  335. 	// note: the invited user has logged in

  336. 	session = loginUser(t, "user5")

  337. 

  338. 	// accept the invite (note: this uses the sign_up url)

  339. 	inviteURL := "/org/invite/" + invites[0].Token

  340. 	req = NewRequest(t, "GET", "/user/sign_up?redirect_to="+url.QueryEscape(inviteURL))

  341. 	resp = session.MakeRequest(t, req, http.StatusSeeOther)

  342. 	assert.Equal(t, inviteURL, test.RedirectURL(resp))

  343. 

  344. 	// make the request

  345. 	req = NewRequestWithValues(t, "POST", test.RedirectURL(resp), map[string]string{

  346. 		"_csrf": GetUserCSRFToken(t, session),

  347. 	})

  348. 	resp = session.MakeRequest(t, req, http.StatusSeeOther)

  349. 	req = NewRequest(t, "GET", test.RedirectURL(resp))

  350. 	session.MakeRequest(t, req, http.StatusOK)

  351. 

  352. 	isMember, err = organization.IsTeamMember(t.Context(), team.OrgID, team.ID, user.ID)

  353. 	assert.NoError(t, err)

  354. 	assert.True(t, isMember)

  355. }