afan
/
gitea
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
gitea源码
1 提交
2 分支
目录树: 61128e8e94
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 '61128e8e94'
${ noResults }
gitea/cmd/admin_user_create_test.go

admin_user_create_test.go 6.2KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 
  1. // Copyright 2023 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package cmd

  5. 

  6. import (

  7. 	"fmt"

  8. 	"strings"

  9. 	"testing"

  10. 

  11. 	auth_model "code.gitea.io/gitea/models/auth"

  12. 	"code.gitea.io/gitea/models/db"

  13. 	"code.gitea.io/gitea/models/unittest"

  14. 	user_model "code.gitea.io/gitea/models/user"

  15. 

  16. 	"github.com/stretchr/testify/assert"

  17. 	"github.com/stretchr/testify/require"

  18. )

  19. 

  20. func TestAdminUserCreate(t *testing.T) {

  21. 	reset := func() {

  22. 		require.NoError(t, db.TruncateBeans(t.Context(), &user_model.User{}))

  23. 		require.NoError(t, db.TruncateBeans(t.Context(), &user_model.EmailAddress{}))

  24. 		require.NoError(t, db.TruncateBeans(t.Context(), &auth_model.AccessToken{}))

  25. 	}

  26. 

  27. 	t.Run("MustChangePassword", func(t *testing.T) {

  28. 		type check struct {

  29. 			IsAdmin            bool

  30. 			MustChangePassword bool

  31. 		}

  32. 

  33. 		createCheck := func(name, args string) check {

  34. 			require.NoError(t, microcmdUserCreate().Run(t.Context(), strings.Fields(fmt.Sprintf("create --username %s --email %s@gitea.local %s --password foobar", name, name, args))))

  35. 			u := unittest.AssertExistsAndLoadBean(t, &user_model.User{LowerName: name})

  36. 			return check{IsAdmin: u.IsAdmin, MustChangePassword: u.MustChangePassword}

  37. 		}

  38. 		reset()

  39. 		assert.Equal(t, check{IsAdmin: false, MustChangePassword: false}, createCheck("u", ""), "first non-admin user doesn't need to change password")

  40. 

  41. 		reset()

  42. 		assert.Equal(t, check{IsAdmin: true, MustChangePassword: false}, createCheck("u", "--admin"), "first admin user doesn't need to change password")

  43. 

  44. 		reset()

  45. 		assert.Equal(t, check{IsAdmin: true, MustChangePassword: true}, createCheck("u", "--admin --must-change-password"))

  46. 		assert.Equal(t, check{IsAdmin: true, MustChangePassword: true}, createCheck("u2", "--admin"))

  47. 		assert.Equal(t, check{IsAdmin: true, MustChangePassword: false}, createCheck("u3", "--admin --must-change-password=false"))

  48. 		assert.Equal(t, check{IsAdmin: false, MustChangePassword: true}, createCheck("u4", ""))

  49. 		assert.Equal(t, check{IsAdmin: false, MustChangePassword: false}, createCheck("u5", "--must-change-password=false"))

  50. 	})

  51. 

  52. 	createUser := func(name string, args ...string) error {

  53. 		return microcmdUserCreate().Run(t.Context(), append([]string{"create", "--username", name, "--email", name + "@gitea.local"}, args...))

  54. 	}

  55. 

  56. 	t.Run("UserType", func(t *testing.T) {

  57. 		reset()

  58. 		assert.ErrorContains(t, createUser("u", "--user-type", "invalid"), "invalid user type")

  59. 		assert.ErrorContains(t, createUser("u", "--user-type", "bot", "--password", "123"), "can only be set for individual users")

  60. 		assert.ErrorContains(t, createUser("u", "--user-type", "bot", "--must-change-password"), "can only be set for individual users")

  61. 

  62. 		assert.NoError(t, createUser("u", "--user-type", "bot"))

  63. 		u := unittest.AssertExistsAndLoadBean(t, &user_model.User{LowerName: "u"})

  64. 		assert.Equal(t, user_model.UserTypeBot, u.Type)

  65. 		assert.Empty(t, u.Passwd)

  66. 	})

  67. 

  68. 	t.Run("AccessToken", func(t *testing.T) {

  69. 		// no generated access token

  70. 		reset()

  71. 		assert.NoError(t, createUser("u", "--random-password"))

  72. 		assert.Equal(t, 1, unittest.GetCount(t, &user_model.User{}))

  73. 		assert.Equal(t, 0, unittest.GetCount(t, &auth_model.AccessToken{}))

  74. 

  75. 		// using "--access-token" only means "all" access

  76. 		reset()

  77. 		assert.NoError(t, createUser("u", "--random-password", "--access-token"))

  78. 		assert.Equal(t, 1, unittest.GetCount(t, &user_model.User{}))

  79. 		assert.Equal(t, 1, unittest.GetCount(t, &auth_model.AccessToken{}))

  80. 		accessToken := unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{Name: "gitea-admin"})

  81. 		hasScopes, err := accessToken.Scope.HasScope(auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeWriteRepository)

  82. 		assert.NoError(t, err)

  83. 		assert.True(t, hasScopes)

  84. 

  85. 		// using "--access-token" with name & scopes

  86. 		reset()

  87. 		assert.NoError(t, createUser("u", "--random-password", "--access-token", "--access-token-name", "new-token-name", "--access-token-scopes", "read:issue,read:user"))

  88. 		assert.Equal(t, 1, unittest.GetCount(t, &user_model.User{}))

  89. 		assert.Equal(t, 1, unittest.GetCount(t, &auth_model.AccessToken{}))

  90. 		accessToken = unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{Name: "new-token-name"})

  91. 		hasScopes, err = accessToken.Scope.HasScope(auth_model.AccessTokenScopeReadIssue, auth_model.AccessTokenScopeReadUser)

  92. 		assert.NoError(t, err)

  93. 		assert.True(t, hasScopes)

  94. 		hasScopes, err = accessToken.Scope.HasScope(auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeWriteRepository)

  95. 		assert.NoError(t, err)

  96. 		assert.False(t, hasScopes)

  97. 

  98. 		// using "--access-token-name" without "--access-token"

  99. 		reset()

  100. 		err = createUser("u", "--random-password", "--access-token-name", "new-token-name")

  101. 		assert.Equal(t, 0, unittest.GetCount(t, &user_model.User{}))

  102. 		assert.Equal(t, 0, unittest.GetCount(t, &auth_model.AccessToken{}))

  103. 		assert.ErrorContains(t, err, "access-token-name and access-token-scopes flags are only valid when access-token flag is set")

  104. 

  105. 		// using "--access-token-scopes" without "--access-token"

  106. 		reset()

  107. 		err = createUser("u", "--random-password", "--access-token-scopes", "read:issue")

  108. 		assert.Equal(t, 0, unittest.GetCount(t, &user_model.User{}))

  109. 		assert.Equal(t, 0, unittest.GetCount(t, &auth_model.AccessToken{}))

  110. 		assert.ErrorContains(t, err, "access-token-name and access-token-scopes flags are only valid when access-token flag is set")

  111. 

  112. 		// empty permission

  113. 		reset()

  114. 		err = createUser("u", "--random-password", "--access-token", "--access-token-scopes", "public-only")

  115. 		assert.Equal(t, 0, unittest.GetCount(t, &user_model.User{}))

  116. 		assert.Equal(t, 0, unittest.GetCount(t, &auth_model.AccessToken{}))

  117. 		assert.ErrorContains(t, err, "access token does not have any permission")

  118. 	})

  119. 

  120. 	t.Run("UserFields", func(t *testing.T) {

  121. 		reset()

  122. 		assert.NoError(t, createUser("u-FullNameWithSpace", "--random-password", "--fullname", "First O'Middle Last"))

  123. 		unittest.AssertExistsAndLoadBean(t, &user_model.User{

  124. 			Name:      "u-FullNameWithSpace",

  125. 			LowerName: "u-fullnamewithspace",

  126. 			FullName:  "First O'Middle Last",

  127. 			Email:     "u-FullNameWithSpace@gitea.local",

  128. 		})

  129. 

  130. 		assert.NoError(t, createUser("u-FullNameEmpty", "--random-password", "--fullname", ""))

  131. 		u := unittest.AssertExistsAndLoadBean(t, &user_model.User{LowerName: "u-fullnameempty"})

  132. 		assert.Empty(t, u.FullName)

  133. 	})

  134. }