afan
/
gitea
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
gitea源码
3 Commits
2 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
gitea/tests/integration/pull_create_test.go

pull_create_test.go 11KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package integration

  5. 

  6. import (

  7. 	"fmt"

  8. 	"net/http"

  9. 	"net/http/httptest"

  10. 	"net/url"

  11. 	"path"

  12. 	"strings"

  13. 	"testing"

  14. 

  15. 	auth_model "code.gitea.io/gitea/models/auth"

  16. 	"code.gitea.io/gitea/modules/git/gitcmd"

  17. 	"code.gitea.io/gitea/modules/test"

  18. 	"code.gitea.io/gitea/tests"

  19. 

  20. 	"github.com/stretchr/testify/assert"

  21. )

  22. 

  23. func testPullCreate(t *testing.T, session *TestSession, user, repo string, toSelf bool, targetBranch, sourceBranch, title string) *httptest.ResponseRecorder {

  24. 	req := NewRequest(t, "GET", path.Join(user, repo))

  25. 	resp := session.MakeRequest(t, req, http.StatusOK)

  26. 

  27. 	// Click the PR button to create a pull

  28. 	htmlDoc := NewHTMLParser(t, resp.Body)

  29. 	link, exists := htmlDoc.doc.Find("#new-pull-request").Attr("href")

  30. 	assert.True(t, exists, "The template has changed")

  31. 

  32. 	targetUser := strings.Split(link, "/")[1]

  33. 	if toSelf && targetUser != user {

  34. 		link = strings.Replace(link, targetUser, user, 1)

  35. 	}

  36. 

  37. 	if targetBranch != "master" {

  38. 		link = strings.Replace(link, "master...", targetBranch+"...", 1)

  39. 	}

  40. 	if sourceBranch != "master" {

  41. 		if targetUser == user {

  42. 			link = strings.Replace(link, "...master", "..."+sourceBranch, 1)

  43. 		} else {

  44. 			link = strings.Replace(link, ":master", ":"+sourceBranch, 1)

  45. 		}

  46. 	}

  47. 

  48. 	req = NewRequest(t, "GET", link)

  49. 	resp = session.MakeRequest(t, req, http.StatusOK)

  50. 

  51. 	// Submit the form for creating the pull

  52. 	htmlDoc = NewHTMLParser(t, resp.Body)

  53. 	link, exists = htmlDoc.doc.Find("form.ui.form").Attr("action")

  54. 	assert.True(t, exists, "The template has changed")

  55. 	req = NewRequestWithValues(t, "POST", link, map[string]string{

  56. 		"_csrf": htmlDoc.GetCSRF(),

  57. 		"title": title,

  58. 	})

  59. 	resp = session.MakeRequest(t, req, http.StatusOK)

  60. 	return resp

  61. }

  62. 

  63. func testPullCreateDirectly(t *testing.T, session *TestSession, baseRepoOwner, baseRepoName, baseBranch, headRepoOwner, headRepoName, headBranch, title string) *httptest.ResponseRecorder {

  64. 	headCompare := headBranch

  65. 	if headRepoOwner != "" {

  66. 		if headRepoName != "" {

  67. 			headCompare = fmt.Sprintf("%s/%s:%s", headRepoOwner, headRepoName, headBranch)

  68. 		} else {

  69. 			headCompare = fmt.Sprintf("%s:%s", headRepoOwner, headBranch)

  70. 		}

  71. 	}

  72. 	req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/compare/%s...%s", baseRepoOwner, baseRepoName, baseBranch, headCompare))

  73. 	resp := session.MakeRequest(t, req, http.StatusOK)

  74. 

  75. 	// Submit the form for creating the pull

  76. 	htmlDoc := NewHTMLParser(t, resp.Body)

  77. 	link, exists := htmlDoc.doc.Find("form.ui.form").Attr("action")

  78. 	assert.True(t, exists, "The template has changed")

  79. 	req = NewRequestWithValues(t, "POST", link, map[string]string{

  80. 		"_csrf": htmlDoc.GetCSRF(),

  81. 		"title": title,

  82. 	})

  83. 	resp = session.MakeRequest(t, req, http.StatusOK)

  84. 	return resp

  85. }

  86. 

  87. func testPullCreateFailure(t *testing.T, session *TestSession, baseRepoOwner, baseRepoName, baseBranch, headRepoOwner, headRepoName, headBranch, title string) *httptest.ResponseRecorder {

  88. 	headCompare := headBranch

  89. 	if headRepoOwner != "" {

  90. 		if headRepoName != "" {

  91. 			headCompare = fmt.Sprintf("%s/%s:%s", headRepoOwner, headRepoName, headBranch)

  92. 		} else {

  93. 			headCompare = fmt.Sprintf("%s:%s", headRepoOwner, headBranch)

  94. 		}

  95. 	}

  96. 	req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s/compare/%s...%s", baseRepoOwner, baseRepoName, baseBranch, headCompare))

  97. 	resp := session.MakeRequest(t, req, http.StatusOK)

  98. 

  99. 	// Submit the form for creating the pull

  100. 	htmlDoc := NewHTMLParser(t, resp.Body)

  101. 	link, exists := htmlDoc.doc.Find("form.ui.form").Attr("action")

  102. 	assert.True(t, exists, "The template has changed")

  103. 	req = NewRequestWithValues(t, "POST", link, map[string]string{

  104. 		"_csrf": htmlDoc.GetCSRF(),

  105. 		"title": title,

  106. 	})

  107. 	resp = session.MakeRequest(t, req, http.StatusBadRequest)

  108. 	return resp

  109. }

  110. 

  111. func TestPullCreate(t *testing.T) {

  112. 	onGiteaRun(t, func(t *testing.T, u *url.URL) {

  113. 		session := loginUser(t, "user1")

  114. 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1", "")

  115. 		testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n")

  116. 		resp := testPullCreate(t, session, "user1", "repo1", false, "master", "master", "This is a pull title")

  117. 

  118. 		// check the redirected URL

  119. 		url := test.RedirectURL(resp)

  120. 		assert.Regexp(t, "^/user2/repo1/pulls/[0-9]*$", url)

  121. 

  122. 		// check .diff can be accessed and matches performed change

  123. 		req := NewRequest(t, "GET", url+".diff")

  124. 		resp = session.MakeRequest(t, req, http.StatusOK)

  125. 		assert.Regexp(t, `\+Hello, World \(Edited\)`, resp.Body)

  126. 		assert.Regexp(t, "^diff", resp.Body)

  127. 		assert.NotRegexp(t, "diff.*diff", resp.Body) // not two diffs, just one

  128. 

  129. 		// check .patch can be accessed and matches performed change

  130. 		req = NewRequest(t, "GET", url+".patch")

  131. 		resp = session.MakeRequest(t, req, http.StatusOK)

  132. 		assert.Regexp(t, `\+Hello, World \(Edited\)`, resp.Body)

  133. 		assert.Regexp(t, "diff", resp.Body)

  134. 		assert.Regexp(t, `Subject: \[PATCH\] Update README.md`, resp.Body)

  135. 		assert.NotRegexp(t, "diff.*diff", resp.Body) // not two diffs, just one

  136. 	})

  137. }

  138. 

  139. func TestPullCreate_TitleEscape(t *testing.T) {

  140. 	onGiteaRun(t, func(t *testing.T, u *url.URL) {

  141. 		session := loginUser(t, "user1")

  142. 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1", "")

  143. 		testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n")

  144. 		resp := testPullCreate(t, session, "user1", "repo1", false, "master", "master", "<i>XSS PR</i>")

  145. 

  146. 		// check the redirected URL

  147. 		url := test.RedirectURL(resp)

  148. 		assert.Regexp(t, "^/user2/repo1/pulls/[0-9]*$", url)

  149. 

  150. 		// Edit title

  151. 		req := NewRequest(t, "GET", url)

  152. 		resp = session.MakeRequest(t, req, http.StatusOK)

  153. 		htmlDoc := NewHTMLParser(t, resp.Body)

  154. 		editTestTitleURL, exists := htmlDoc.doc.Find(".issue-title-buttons button[data-update-url]").First().Attr("data-update-url")

  155. 		assert.True(t, exists, "The template has changed")

  156. 

  157. 		req = NewRequestWithValues(t, "POST", editTestTitleURL, map[string]string{

  158. 			"_csrf": htmlDoc.GetCSRF(),

  159. 			"title": "<u>XSS PR</u>",

  160. 		})

  161. 		session.MakeRequest(t, req, http.StatusOK)

  162. 

  163. 		req = NewRequest(t, "GET", url)

  164. 		resp = session.MakeRequest(t, req, http.StatusOK)

  165. 		htmlDoc = NewHTMLParser(t, resp.Body)

  166. 		titleHTML, err := htmlDoc.doc.Find(".comment-list .timeline-item.event .comment-text-line b").First().Html()

  167. 		assert.NoError(t, err)

  168. 		assert.Equal(t, "<strike>&lt;i&gt;XSS PR&lt;/i&gt;</strike>", titleHTML)

  169. 		titleHTML, err = htmlDoc.doc.Find(".comment-list .timeline-item.event .comment-text-line b").Next().Html()

  170. 		assert.NoError(t, err)

  171. 		assert.Equal(t, "&lt;u&gt;XSS PR&lt;/u&gt;", titleHTML)

  172. 	})

  173. }

  174. 

  175. func testUIDeleteBranch(t *testing.T, session *TestSession, ownerName, repoName, branchName string) {

  176. 	relURL := "/" + path.Join(ownerName, repoName, "branches")

  177. 	req := NewRequest(t, "GET", relURL)

  178. 	resp := session.MakeRequest(t, req, http.StatusOK)

  179. 	htmlDoc := NewHTMLParser(t, resp.Body)

  180. 

  181. 	req = NewRequestWithValues(t, "POST", relURL+"/delete", map[string]string{

  182. 		"_csrf": htmlDoc.GetCSRF(),

  183. 		"name":  branchName,

  184. 	})

  185. 	session.MakeRequest(t, req, http.StatusOK)

  186. }

  187. 

  188. func testDeleteRepository(t *testing.T, session *TestSession, ownerName, repoName string) {

  189. 	relURL := "/" + path.Join(ownerName, repoName, "settings")

  190. 	req := NewRequest(t, "GET", relURL)

  191. 	resp := session.MakeRequest(t, req, http.StatusOK)

  192. 	htmlDoc := NewHTMLParser(t, resp.Body)

  193. 

  194. 	req = NewRequestWithValues(t, "POST", relURL+"?action=delete", map[string]string{

  195. 		"_csrf":     htmlDoc.GetCSRF(),

  196. 		"repo_name": repoName,

  197. 	})

  198. 	session.MakeRequest(t, req, http.StatusSeeOther)

  199. }

  200. 

  201. func TestPullBranchDelete(t *testing.T) {

  202. 	onGiteaRun(t, func(t *testing.T, u *url.URL) {

  203. 		defer tests.PrepareTestEnv(t)()

  204. 

  205. 		session := loginUser(t, "user1")

  206. 		testRepoFork(t, session, "user2", "repo1", "user1", "repo1", "")

  207. 		testCreateBranch(t, session, "user1", "repo1", "branch/master", "master1", http.StatusSeeOther)

  208. 		testEditFile(t, session, "user1", "repo1", "master1", "README.md", "Hello, World (Edited)\n")

  209. 		resp := testPullCreate(t, session, "user1", "repo1", false, "master", "master1", "This is a pull title")

  210. 

  211. 		// check the redirected URL

  212. 		url := test.RedirectURL(resp)

  213. 		assert.Regexp(t, "^/user2/repo1/pulls/[0-9]*$", url)

  214. 		req := NewRequest(t, "GET", url)

  215. 		session.MakeRequest(t, req, http.StatusOK)

  216. 

  217. 		// delete head branch and confirm pull page is ok

  218. 		testUIDeleteBranch(t, session, "user1", "repo1", "master1")

  219. 		req = NewRequest(t, "GET", url)

  220. 		session.MakeRequest(t, req, http.StatusOK)

  221. 

  222. 		// delete head repository and confirm pull page is ok

  223. 		testDeleteRepository(t, session, "user1", "repo1")

  224. 		req = NewRequest(t, "GET", url)

  225. 		session.MakeRequest(t, req, http.StatusOK)

  226. 	})

  227. }

  228. 

  229. /*

  230. Setup:

  231. The base repository is: user2/repo1

  232. Fork repository to: user1/repo1

  233. Push extra commit to: user2/repo1, which changes README.md

  234. Create a PR on user1/repo1

  235. 

  236. Test checks:

  237. Check if pull request can be created from base to the fork repository.

  238. */

  239. func TestPullCreatePrFromBaseToFork(t *testing.T) {

  240. 	onGiteaRun(t, func(t *testing.T, u *url.URL) {

  241. 		sessionFork := loginUser(t, "user1")

  242. 		testRepoFork(t, sessionFork, "user2", "repo1", "user1", "repo1", "")

  243. 

  244. 		// Edit base repository

  245. 		sessionBase := loginUser(t, "user2")

  246. 		testEditFile(t, sessionBase, "user2", "repo1", "master", "README.md", "Hello, World (Edited)\n")

  247. 

  248. 		// Create a PR

  249. 		resp := testPullCreateDirectly(t, sessionFork, "user1", "repo1", "master", "user2", "repo1", "master", "This is a pull title")

  250. 		// check the redirected URL

  251. 		url := test.RedirectURL(resp)

  252. 		assert.Regexp(t, "^/user1/repo1/pulls/[0-9]*$", url)

  253. 	})

  254. }

  255. 

  256. func TestCreateAgitPullWithReadPermission(t *testing.T) {

  257. 	onGiteaRun(t, func(t *testing.T, u *url.URL) {

  258. 		dstPath := t.TempDir()

  259. 

  260. 		u.Path = "user2/repo1.git"

  261. 		u.User = url.UserPassword("user4", userPassword)

  262. 

  263. 		t.Run("Clone", doGitClone(dstPath, u))

  264. 

  265. 		t.Run("add commit", doGitAddSomeCommits(dstPath, "master"))

  266. 

  267. 		t.Run("do agit pull create", func(t *testing.T) {

  268. 			err := gitcmd.NewCommand("push", "origin", "HEAD:refs/for/master", "-o").AddDynamicArguments("topic="+"test-topic").Run(t.Context(), &gitcmd.RunOpts{Dir: dstPath})

  269. 			assert.NoError(t, err)

  270. 		})

  271. 	})

  272. }

  273. 

  274. /*

  275. Setup: user2 has repository, user1 forks it

  276. ---

  277. 

  278. 1. User2 blocks User1

  279. 2. User1 adds changes to fork

  280. 3. User1 attempts to create a pull request

  281. 4. User1 sees alert that the action is not allowed because of the block

  282. */

  283. func TestCreatePullWhenBlocked(t *testing.T) {

  284. 	RepoOwner := "user2"

  285. 	ForkOwner := "user16"

  286. 	onGiteaRun(t, func(t *testing.T, u *url.URL) {

  287. 		// Setup

  288. 		// User1 forks repo1 from User2

  289. 		sessionFork := loginUser(t, ForkOwner)

  290. 		testRepoFork(t, sessionFork, RepoOwner, "repo1", ForkOwner, "forkrepo1", "")

  291. 

  292. 		// 1. User2 blocks user1

  293. 		// sessionBase := loginUser(t, "user2")

  294. 		token := getUserToken(t, RepoOwner, auth_model.AccessTokenScopeWriteUser)

  295. 

  296. 		req := NewRequest(t, "GET", "/api/v1/user/blocks/"+ForkOwner).

  297. 			AddTokenAuth(token)

  298. 		MakeRequest(t, req, http.StatusNotFound)

  299. 		req = NewRequest(t, "PUT", "/api/v1/user/blocks/"+ForkOwner).

  300. 			AddTokenAuth(token)

  301. 		MakeRequest(t, req, http.StatusNoContent)

  302. 

  303. 		// 2. User1 adds changes to fork

  304. 		testEditFile(t, sessionFork, ForkOwner, "forkrepo1", "master", "README.md", "Hello, World (Edited)\n")

  305. 

  306. 		// 3. User1 attempts to create a pull request

  307. 		testPullCreateFailure(t, sessionFork, RepoOwner, "repo1", "master", ForkOwner, "forkrepo1", "master", "This is a pull title")

  308. 

  309. 		// Teardown

  310. 		// Unblock user

  311. 		req = NewRequest(t, "DELETE", "/api/v1/user/blocks/"+ForkOwner).

  312. 			AddTokenAuth(token)

  313. 		MakeRequest(t, req, http.StatusNoContent)

  314. 	})

  315. }