afan
/
gitea
İzle 1
Yıldızla 0
Çatalla 0
Kod Sorunlar 0 Değişiklik İstekleri 0 Sürümler 0 Wiki Aktivite
gitea源码
1 İşle
2 Dallar
Ağaç: 61128e8e94
Dallar Biçim İmleri
${ item.name }
Branş ${ searchTerm } oluştur
'61128e8e94'den
${ noResults }
gitea/tests/integration/api_repo_test.go

api_repo_test.go 28KB
Geçmiş Ham

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package integration

  5. 

  6. import (

  7. 	"fmt"

  8. 	"net/http"

  9. 	"net/url"

  10. 	"testing"

  11. 

  12. 	auth_model "code.gitea.io/gitea/models/auth"

  13. 	access_model "code.gitea.io/gitea/models/perm/access"

  14. 	repo_model "code.gitea.io/gitea/models/repo"

  15. 	unit_model "code.gitea.io/gitea/models/unit"

  16. 	"code.gitea.io/gitea/models/unittest"

  17. 	user_model "code.gitea.io/gitea/models/user"

  18. 	"code.gitea.io/gitea/modules/setting"

  19. 	api "code.gitea.io/gitea/modules/structs"

  20. 	repo_service "code.gitea.io/gitea/services/repository"

  21. 	"code.gitea.io/gitea/tests"

  22. 

  23. 	"github.com/stretchr/testify/assert"

  24. )

  25. 

  26. func TestAPIUserReposNotLogin(t *testing.T) {

  27. 	defer tests.PrepareTestEnv(t)()

  28. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  29. 

  30. 	req := NewRequestf(t, "GET", "/api/v1/users/%s/repos", user.Name)

  31. 	resp := MakeRequest(t, req, http.StatusOK)

  32. 

  33. 	var apiRepos []api.Repository

  34. 	DecodeJSON(t, resp, &apiRepos)

  35. 	expectedLen := unittest.GetCount(t, repo_model.Repository{OwnerID: user.ID},

  36. 		unittest.Cond("is_private = ?", false))

  37. 	assert.Len(t, apiRepos, expectedLen)

  38. 	for _, repo := range apiRepos {

  39. 		assert.Equal(t, user.ID, repo.Owner.ID)

  40. 		assert.False(t, repo.Private)

  41. 	}

  42. }

  43. 

  44. func TestAPIUserReposWithWrongToken(t *testing.T) {

  45. 	defer tests.PrepareTestEnv(t)()

  46. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  47. 	wrongToken := "Bearer " + "wrong_token"

  48. 	req := NewRequestf(t, "GET", "/api/v1/users/%s/repos", user.Name).

  49. 		AddTokenAuth(wrongToken)

  50. 	resp := MakeRequest(t, req, http.StatusUnauthorized)

  51. 

  52. 	assert.Contains(t, resp.Body.String(), "user does not exist")

  53. }

  54. 

  55. func TestAPISearchRepo(t *testing.T) {

  56. 	defer tests.PrepareTestEnv(t)()

  57. 	const keyword = "test"

  58. 

  59. 	req := NewRequestf(t, "GET", "/api/v1/repos/search?q=%s", keyword)

  60. 	resp := MakeRequest(t, req, http.StatusOK)

  61. 

  62. 	var body api.SearchResults

  63. 	DecodeJSON(t, resp, &body)

  64. 	assert.NotEmpty(t, body.Data)

  65. 	for _, repo := range body.Data {

  66. 		assert.Contains(t, repo.Name, keyword)

  67. 		assert.False(t, repo.Private)

  68. 	}

  69. 

  70. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15})

  71. 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 16})

  72. 	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 18})

  73. 	user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20})

  74. 	orgUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 17})

  75. 

  76. 	oldAPIDefaultNum := setting.API.DefaultPagingNum

  77. 	defer func() {

  78. 		setting.API.DefaultPagingNum = oldAPIDefaultNum

  79. 	}()

  80. 	setting.API.DefaultPagingNum = 10

  81. 

  82. 	// Map of expected results, where key is user for login

  83. 	type expectedResults map[*user_model.User]struct {

  84. 		count           int

  85. 		repoOwnerID     int64

  86. 		repoName        string

  87. 		includesPrivate bool

  88. 	}

  89. 

  90. 	testCases := []struct {

  91. 		name, requestURL string

  92. 		expectedResults

  93. 	}{

  94. 		{

  95. 			name: "RepositoriesMax50", requestURL: "/api/v1/repos/search?limit=50&private=false", expectedResults: expectedResults{

  96. 				nil:   {count: 36},

  97. 				user:  {count: 36},

  98. 				user2: {count: 36},

  99. 			},

  100. 		},

  101. 		{

  102. 			name: "RepositoriesMax10", requestURL: "/api/v1/repos/search?limit=10&private=false", expectedResults: expectedResults{

  103. 				nil:   {count: 10},

  104. 				user:  {count: 10},

  105. 				user2: {count: 10},

  106. 			},

  107. 		},

  108. 		{

  109. 			name: "RepositoriesDefault", requestURL: "/api/v1/repos/search?default&private=false", expectedResults: expectedResults{

  110. 				nil:   {count: 10},

  111. 				user:  {count: 10},

  112. 				user2: {count: 10},

  113. 			},

  114. 		},

  115. 		{

  116. 			name: "RepositoriesByName", requestURL: fmt.Sprintf("/api/v1/repos/search?q=%s&private=false", "big_test_"), expectedResults: expectedResults{

  117. 				nil:   {count: 7, repoName: "big_test_"},

  118. 				user:  {count: 7, repoName: "big_test_"},

  119. 				user2: {count: 7, repoName: "big_test_"},

  120. 			},

  121. 		},

  122. 		{

  123. 			name: "RepositoriesByName", requestURL: fmt.Sprintf("/api/v1/repos/search?q=%s&private=false", "user2/big_test_"), expectedResults: expectedResults{

  124. 				user2: {count: 2, repoName: "big_test_"},

  125. 			},

  126. 		},

  127. 		{

  128. 			name: "RepositoriesAccessibleAndRelatedToUser", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user.ID), expectedResults: expectedResults{

  129. 				nil:   {count: 5},

  130. 				user:  {count: 9, includesPrivate: true},

  131. 				user2: {count: 6, includesPrivate: true},

  132. 			},

  133. 		},

  134. 		{

  135. 			name: "RepositoriesAccessibleAndRelatedToUser2", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user2.ID), expectedResults: expectedResults{

  136. 				nil:   {count: 1},

  137. 				user:  {count: 2, includesPrivate: true},

  138. 				user2: {count: 2, includesPrivate: true},

  139. 				user4: {count: 1},

  140. 			},

  141. 		},

  142. 		{

  143. 			name: "RepositoriesAccessibleAndRelatedToUser3", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", org3.ID), expectedResults: expectedResults{

  144. 				nil:   {count: 1},

  145. 				user:  {count: 4, includesPrivate: true},

  146. 				user2: {count: 3, includesPrivate: true},

  147. 				org3:  {count: 4, includesPrivate: true},

  148. 			},

  149. 		},

  150. 		{

  151. 			name: "RepositoriesOwnedByOrganization", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", orgUser.ID), expectedResults: expectedResults{

  152. 				nil:   {count: 1, repoOwnerID: orgUser.ID},

  153. 				user:  {count: 2, repoOwnerID: orgUser.ID, includesPrivate: true},

  154. 				user2: {count: 1, repoOwnerID: orgUser.ID},

  155. 			},

  156. 		},

  157. 		{name: "RepositoriesAccessibleAndRelatedToUser4", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user4.ID), expectedResults: expectedResults{

  158. 			nil:   {count: 3},

  159. 			user:  {count: 4, includesPrivate: true},

  160. 			user4: {count: 7, includesPrivate: true},

  161. 		}},

  162. 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeSource", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "source"), expectedResults: expectedResults{

  163. 			nil:   {count: 0},

  164. 			user:  {count: 1, includesPrivate: true},

  165. 			user4: {count: 1, includesPrivate: true},

  166. 		}},

  167. 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeFork", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "fork"), expectedResults: expectedResults{

  168. 			nil:   {count: 1},

  169. 			user:  {count: 1},

  170. 			user4: {count: 2, includesPrivate: true},

  171. 		}},

  172. 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeFork/Exclusive", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s&exclusive=1", user4.ID, "fork"), expectedResults: expectedResults{

  173. 			nil:   {count: 1},

  174. 			user:  {count: 1},

  175. 			user4: {count: 2, includesPrivate: true},

  176. 		}},

  177. 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeMirror", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "mirror"), expectedResults: expectedResults{

  178. 			nil:   {count: 2},

  179. 			user:  {count: 2},

  180. 			user4: {count: 4, includesPrivate: true},

  181. 		}},

  182. 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeMirror/Exclusive", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s&exclusive=1", user4.ID, "mirror"), expectedResults: expectedResults{

  183. 			nil:   {count: 1},

  184. 			user:  {count: 1},

  185. 			user4: {count: 2, includesPrivate: true},

  186. 		}},

  187. 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeCollaborative", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "collaborative"), expectedResults: expectedResults{

  188. 			nil:   {count: 0},

  189. 			user:  {count: 1, includesPrivate: true},

  190. 			user4: {count: 1, includesPrivate: true},

  191. 		}},

  192. 	}

  193. 

  194. 	for _, testCase := range testCases {

  195. 		t.Run(testCase.name, func(t *testing.T) {

  196. 			for userToLogin, expected := range testCase.expectedResults {

  197. 				var testName string

  198. 				var userID int64

  199. 				var token string

  200. 				if userToLogin != nil && userToLogin.ID > 0 {

  201. 					testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)

  202. 					session := loginUser(t, userToLogin.Name)

  203. 					token = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)

  204. 					userID = userToLogin.ID

  205. 				} else {

  206. 					testName = "AnonymousUser"

  207. 					_ = emptyTestSession(t)

  208. 				}

  209. 

  210. 				t.Run(testName, func(t *testing.T) {

  211. 					request := NewRequest(t, "GET", testCase.requestURL).

  212. 						AddTokenAuth(token)

  213. 					response := MakeRequest(t, request, http.StatusOK)

  214. 

  215. 					var body api.SearchResults

  216. 					DecodeJSON(t, response, &body)

  217. 

  218. 					repoNames := make([]string, 0, len(body.Data))

  219. 					for _, repo := range body.Data {

  220. 						repoNames = append(repoNames, fmt.Sprintf("%d:%s:%t", repo.ID, repo.FullName, repo.Private))

  221. 					}

  222. 					assert.Len(t, repoNames, expected.count)

  223. 					for _, repo := range body.Data {

  224. 						r := getRepo(t, repo.ID)

  225. 						hasAccess, err := access_model.HasAnyUnitAccess(t.Context(), userID, r)

  226. 						assert.NoError(t, err, "Error when checking if User: %d has access to %s: %v", userID, repo.FullName, err)

  227. 						assert.True(t, hasAccess, "User: %d does not have access to %s", userID, repo.FullName)

  228. 

  229. 						assert.NotEmpty(t, repo.Name)

  230. 						assert.Equal(t, repo.Name, r.Name)

  231. 

  232. 						if len(expected.repoName) > 0 {

  233. 							assert.Contains(t, repo.Name, expected.repoName)

  234. 						}

  235. 

  236. 						if expected.repoOwnerID > 0 {

  237. 							assert.Equal(t, expected.repoOwnerID, repo.Owner.ID)

  238. 						}

  239. 

  240. 						if !expected.includesPrivate {

  241. 							assert.False(t, repo.Private, "User: %d not expecting private repository: %s", userID, repo.FullName)

  242. 						}

  243. 					}

  244. 				})

  245. 			}

  246. 		})

  247. 	}

  248. }

  249. 

  250. var repoCache = make(map[int64]*repo_model.Repository)

  251. 

  252. func getRepo(t *testing.T, repoID int64) *repo_model.Repository {

  253. 	if _, ok := repoCache[repoID]; !ok {

  254. 		repoCache[repoID] = unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: repoID})

  255. 	}

  256. 	return repoCache[repoID]

  257. }

  258. 

  259. func TestAPIViewRepo(t *testing.T) {

  260. 	defer tests.PrepareTestEnv(t)()

  261. 

  262. 	var repo api.Repository

  263. 

  264. 	req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1")

  265. 	resp := MakeRequest(t, req, http.StatusOK)

  266. 	DecodeJSON(t, resp, &repo)

  267. 	assert.EqualValues(t, 1, repo.ID)

  268. 	assert.Equal(t, "repo1", repo.Name)

  269. 	assert.Equal(t, 2, repo.Releases)

  270. 	assert.Equal(t, 1, repo.OpenIssues)

  271. 	assert.Equal(t, 3, repo.OpenPulls)

  272. 

  273. 	req = NewRequest(t, "GET", "/api/v1/repos/user12/repo10")

  274. 	resp = MakeRequest(t, req, http.StatusOK)

  275. 	DecodeJSON(t, resp, &repo)

  276. 	assert.EqualValues(t, 10, repo.ID)

  277. 	assert.Equal(t, "repo10", repo.Name)

  278. 	assert.Equal(t, 1, repo.OpenPulls)

  279. 	assert.Equal(t, 1, repo.Forks)

  280. 

  281. 	req = NewRequest(t, "GET", "/api/v1/repos/user5/repo4")

  282. 	resp = MakeRequest(t, req, http.StatusOK)

  283. 	DecodeJSON(t, resp, &repo)

  284. 	assert.EqualValues(t, 4, repo.ID)

  285. 	assert.Equal(t, "repo4", repo.Name)

  286. 	assert.Equal(t, 1, repo.Stars)

  287. }

  288. 

  289. func TestAPIOrgRepos(t *testing.T) {

  290. 	defer tests.PrepareTestEnv(t)()

  291. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  292. 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})

  293. 	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})

  294. 	// org3 is an Org. Check their repos.

  295. 	sourceOrg := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})

  296. 

  297. 	expectedResults := map[*user_model.User]struct {

  298. 		count           int

  299. 		includesPrivate bool

  300. 	}{

  301. 		user:  {count: 1},

  302. 		user:  {count: 3, includesPrivate: true},

  303. 		user2: {count: 3, includesPrivate: true},

  304. 		org3:  {count: 1},

  305. 	}

  306. 

  307. 	for userToLogin, expected := range expectedResults {

  308. 		testName := fmt.Sprintf("LoggedUser%d", userToLogin.ID)

  309. 		session := loginUser(t, userToLogin.Name)

  310. 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)

  311. 

  312. 		t.Run(testName, func(t *testing.T) {

  313. 			req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", sourceOrg.Name).

  314. 				AddTokenAuth(token)

  315. 			resp := MakeRequest(t, req, http.StatusOK)

  316. 

  317. 			var apiRepos []*api.Repository

  318. 			DecodeJSON(t, resp, &apiRepos)

  319. 			assert.Len(t, apiRepos, expected.count)

  320. 			for _, repo := range apiRepos {

  321. 				if !expected.includesPrivate {

  322. 					assert.False(t, repo.Private)

  323. 				}

  324. 			}

  325. 		})

  326. 	}

  327. }

  328. 

  329. // See issue #28483. Tests to make sure we consider more than just code unit-enabled repositories.

  330. func TestAPIOrgReposWithCodeUnitDisabled(t *testing.T) {

  331. 	defer tests.PrepareTestEnv(t)()

  332. 	repo21 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{Name: "repo21"})

  333. 	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo21.OwnerID})

  334. 

  335. 	// Disable code repository unit.

  336. 	var units []unit_model.Type

  337. 	units = append(units, unit_model.TypeCode)

  338. 

  339. 	err := repo_service.UpdateRepositoryUnits(t.Context(), repo21, nil, units)

  340. 	assert.NoError(t, err, "should have been able to delete code repository unit")

  341. 

  342. 	assert.False(t, repo21.UnitEnabled(t.Context(), unit_model.TypeCode))

  343. 

  344. 	session := loginUser(t, "user2")

  345. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)

  346. 

  347. 	req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", org3.Name).

  348. 		AddTokenAuth(token)

  349. 

  350. 	resp := MakeRequest(t, req, http.StatusOK)

  351. 	var apiRepos []*api.Repository

  352. 	DecodeJSON(t, resp, &apiRepos)

  353. 

  354. 	var repoNames []string

  355. 	for _, r := range apiRepos {

  356. 		repoNames = append(repoNames, r.Name)

  357. 	}

  358. 

  359. 	assert.Contains(t, repoNames, repo21.Name)

  360. }

  361. 

  362. func TestAPIGetRepoByIDUnauthorized(t *testing.T) {

  363. 	defer tests.PrepareTestEnv(t)()

  364. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})

  365. 	session := loginUser(t, user.Name)

  366. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)

  367. 	req := NewRequest(t, "GET", "/api/v1/repositories/2").

  368. 		AddTokenAuth(token)

  369. 	MakeRequest(t, req, http.StatusNotFound)

  370. }

  371. 

  372. func TestAPIRepoMigrate(t *testing.T) {

  373. 	testCases := []struct {

  374. 		ctxUserID, userID  int64

  375. 		cloneURL, repoName string

  376. 		expectedStatus     int

  377. 	}{

  378. 		{ctxUserID: 1, userID: 2, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-admin", expectedStatus: http.StatusCreated},

  379. 		{ctxUserID: 2, userID: 2, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-own", expectedStatus: http.StatusCreated},

  380. 		{ctxUserID: 2, userID: 1, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-bad", expectedStatus: http.StatusForbidden},

  381. 		{ctxUserID: 2, userID: 3, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-org", expectedStatus: http.StatusCreated},

  382. 		{ctxUserID: 2, userID: 6, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-bad-org", expectedStatus: http.StatusForbidden},

  383. 		{ctxUserID: 2, userID: 3, cloneURL: "https://localhost:3000/user/test_repo.git", repoName: "private-ip", expectedStatus: http.StatusUnprocessableEntity},

  384. 		{ctxUserID: 2, userID: 3, cloneURL: "https://10.0.0.1/user/test_repo.git", repoName: "private-ip", expectedStatus: http.StatusUnprocessableEntity},

  385. 	}

  386. 

  387. 	defer tests.PrepareTestEnv(t)()

  388. 	for _, testCase := range testCases {

  389. 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: testCase.ctxUserID})

  390. 		session := loginUser(t, user.Name)

  391. 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)

  392. 		req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate", &api.MigrateRepoOptions{

  393. 			CloneAddr:   testCase.cloneURL,

  394. 			RepoOwnerID: testCase.userID,

  395. 			RepoName:    testCase.repoName,

  396. 		}).AddTokenAuth(token)

  397. 		resp := MakeRequest(t, req, NoExpectedStatus)

  398. 		if resp.Code == http.StatusUnprocessableEntity {

  399. 			respJSON := map[string]string{}

  400. 			DecodeJSON(t, resp, &respJSON)

  401. 			switch respJSON["message"] {

  402. 			case "Remote visit addressed rate limitation.":

  403. 				t.Log("test hit github rate limitation")

  404. 			case "You can not import from disallowed hosts.":

  405. 				assert.Equal(t, "private-ip", testCase.repoName)

  406. 			default:

  407. 				assert.FailNow(t, "unexpected error", "unexpected error '%v' on url '%s'", respJSON["message"], testCase.cloneURL)

  408. 			}

  409. 		} else {

  410. 			assert.Equal(t, testCase.expectedStatus, resp.Code)

  411. 		}

  412. 	}

  413. }

  414. 

  415. func TestAPIRepoMigrateConflict(t *testing.T) {

  416. 	onGiteaRun(t, testAPIRepoMigrateConflict)

  417. }

  418. 

  419. func testAPIRepoMigrateConflict(t *testing.T, u *url.URL) {

  420. 	username := "user2"

  421. 	baseAPITestContext := NewAPITestContext(t, username, "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)

  422. 

  423. 	u.Path = baseAPITestContext.GitPath()

  424. 

  425. 	t.Run("Existing", func(t *testing.T) {

  426. 		httpContext := baseAPITestContext

  427. 

  428. 		httpContext.Reponame = "repo-tmp-17"

  429. 		t.Run("CreateRepo", doAPICreateRepository(httpContext, false))

  430. 

  431. 		user, err := user_model.GetUserByName(t.Context(), httpContext.Username)

  432. 		assert.NoError(t, err)

  433. 		userID := user.ID

  434. 

  435. 		cloneURL := "https://github.com/go-gitea/test_repo.git"

  436. 

  437. 		req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate",

  438. 			&api.MigrateRepoOptions{

  439. 				CloneAddr:   cloneURL,

  440. 				RepoOwnerID: userID,

  441. 				RepoName:    httpContext.Reponame,

  442. 			}).

  443. 			AddTokenAuth(httpContext.Token)

  444. 		resp := httpContext.Session.MakeRequest(t, req, http.StatusConflict)

  445. 		respJSON := map[string]string{}

  446. 		DecodeJSON(t, resp, &respJSON)

  447. 		assert.Equal(t, "The repository with the same name already exists.", respJSON["message"])

  448. 	})

  449. }

  450. 

  451. // mirror-sync must fail with "400 (Bad Request)" when an attempt is made to

  452. // sync a non-mirror repository.

  453. func TestAPIMirrorSyncNonMirrorRepo(t *testing.T) {

  454. 	defer tests.PrepareTestEnv(t)()

  455. 

  456. 	session := loginUser(t, "user2")

  457. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)

  458. 

  459. 	var repo api.Repository

  460. 	req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1")

  461. 	resp := MakeRequest(t, req, http.StatusOK)

  462. 	DecodeJSON(t, resp, &repo)

  463. 	assert.False(t, repo.Mirror)

  464. 

  465. 	req = NewRequestf(t, "POST", "/api/v1/repos/user2/repo1/mirror-sync").

  466. 		AddTokenAuth(token)

  467. 	resp = MakeRequest(t, req, http.StatusBadRequest)

  468. 	errRespJSON := map[string]string{}

  469. 	DecodeJSON(t, resp, &errRespJSON)

  470. 	assert.Equal(t, "Repository is not a mirror", errRespJSON["message"])

  471. }

  472. 

  473. func testAPIOrgCreateRepo(t *testing.T, session *TestSession, orgName, repoName string, status int) {

  474. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization, auth_model.AccessTokenScopeWriteRepository)

  475. 

  476. 	req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/org/%s/repos", orgName), &api.CreateRepoOption{

  477. 		Name: repoName,

  478. 	}).AddTokenAuth(token)

  479. 	MakeRequest(t, req, status)

  480. }

  481. 

  482. func TestAPIOrgRepoCreate(t *testing.T) {

  483. 	testCases := []struct {

  484. 		ctxUserID         int64

  485. 		orgName, repoName string

  486. 		expectedStatus    int

  487. 	}{

  488. 		{ctxUserID: 1, orgName: "org3", repoName: "repo-admin", expectedStatus: http.StatusCreated},

  489. 		{ctxUserID: 2, orgName: "org3", repoName: "repo-own", expectedStatus: http.StatusCreated},

  490. 		{ctxUserID: 2, orgName: "org6", repoName: "repo-bad-org", expectedStatus: http.StatusForbidden},

  491. 		{ctxUserID: 28, orgName: "org3", repoName: "repo-creator", expectedStatus: http.StatusCreated},

  492. 		{ctxUserID: 28, orgName: "org6", repoName: "repo-not-creator", expectedStatus: http.StatusForbidden},

  493. 	}

  494. 

  495. 	defer tests.PrepareTestEnv(t)()

  496. 	for _, testCase := range testCases {

  497. 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: testCase.ctxUserID})

  498. 		session := loginUser(t, user.Name)

  499. 		testAPIOrgCreateRepo(t, session, testCase.orgName, testCase.repoName, testCase.expectedStatus)

  500. 	}

  501. }

  502. 

  503. func TestAPIRepoCreateConflict(t *testing.T) {

  504. 	onGiteaRun(t, testAPIRepoCreateConflict)

  505. }

  506. 

  507. func testAPIRepoCreateConflict(t *testing.T, u *url.URL) {

  508. 	username := "user2"

  509. 	baseAPITestContext := NewAPITestContext(t, username, "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)

  510. 

  511. 	u.Path = baseAPITestContext.GitPath()

  512. 

  513. 	t.Run("Existing", func(t *testing.T) {

  514. 		httpContext := baseAPITestContext

  515. 

  516. 		httpContext.Reponame = "repo-tmp-17"

  517. 		t.Run("CreateRepo", doAPICreateRepository(httpContext, false))

  518. 

  519. 		req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos",

  520. 			&api.CreateRepoOption{

  521. 				Name: httpContext.Reponame,

  522. 			}).

  523. 			AddTokenAuth(httpContext.Token)

  524. 		resp := httpContext.Session.MakeRequest(t, req, http.StatusConflict)

  525. 		respJSON := map[string]string{}

  526. 		DecodeJSON(t, resp, &respJSON)

  527. 		assert.Equal(t, "The repository with the same name already exists.", respJSON["message"])

  528. 	})

  529. }

  530. 

  531. func TestAPIRepoTransfer(t *testing.T) {

  532. 	testCases := []struct {

  533. 		ctxUserID      int64

  534. 		newOwner       string

  535. 		teams          *[]int64

  536. 		expectedStatus int

  537. 	}{

  538. 		// Disclaimer for test story: "user1" is an admin, "user2" is normal user and part of in owner team of org "org3"

  539. 		// Transfer to a user with teams in another org should fail

  540. 		{ctxUserID: 1, newOwner: "org3", teams: &[]int64{5}, expectedStatus: http.StatusForbidden},

  541. 		// Transfer to a user with non-existent team IDs should fail

  542. 		{ctxUserID: 1, newOwner: "user2", teams: &[]int64{2}, expectedStatus: http.StatusUnprocessableEntity},

  543. 		// Transfer should go through

  544. 		{ctxUserID: 1, newOwner: "org3", teams: &[]int64{2}, expectedStatus: http.StatusAccepted},

  545. 		// Let user transfer it back to himself

  546. 		{ctxUserID: 2, newOwner: "user2", expectedStatus: http.StatusAccepted},

  547. 		// And revert transfer

  548. 		{ctxUserID: 2, newOwner: "org3", teams: &[]int64{2}, expectedStatus: http.StatusAccepted},

  549. 		// Cannot start transfer to an existing repo

  550. 		{ctxUserID: 2, newOwner: "org3", teams: nil, expectedStatus: http.StatusUnprocessableEntity},

  551. 		// Start transfer, repo is now in pending transfer mode

  552. 		{ctxUserID: 2, newOwner: "org6", teams: nil, expectedStatus: http.StatusCreated},

  553. 	}

  554. 

  555. 	defer tests.PrepareTestEnv(t)()

  556. 

  557. 	// create repo to move

  558. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})

  559. 	session := loginUser(t, user.Name)

  560. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)

  561. 	repoName := "moveME"

  562. 	apiRepo := new(api.Repository)

  563. 	req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos", &api.CreateRepoOption{

  564. 		Name:        repoName,

  565. 		Description: "repo move around",

  566. 		Private:     false,

  567. 		Readme:      "Default",

  568. 		AutoInit:    true,

  569. 	}).AddTokenAuth(token)

  570. 	resp := MakeRequest(t, req, http.StatusCreated)

  571. 	DecodeJSON(t, resp, apiRepo)

  572. 

  573. 	// start testing

  574. 	for _, testCase := range testCases {

  575. 		user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: testCase.ctxUserID})

  576. 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: apiRepo.ID})

  577. 		session = loginUser(t, user.Name)

  578. 		token = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)

  579. 		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer", repo.OwnerName, repo.Name), &api.TransferRepoOption{

  580. 			NewOwner: testCase.newOwner,

  581. 			TeamIDs:  testCase.teams,

  582. 		}).AddTokenAuth(token)

  583. 		MakeRequest(t, req, testCase.expectedStatus)

  584. 	}

  585. 

  586. 	// cleanup

  587. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: apiRepo.ID})

  588. 	_ = repo_service.DeleteRepositoryDirectly(t.Context(), repo.ID)

  589. }

  590. 

  591. func transfer(t *testing.T) *repo_model.Repository {

  592. 	// create repo to move

  593. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  594. 	session := loginUser(t, user.Name)

  595. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)

  596. 	repoName := "moveME"

  597. 	apiRepo := new(api.Repository)

  598. 	req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos", &api.CreateRepoOption{

  599. 		Name:        repoName,

  600. 		Description: "repo move around",

  601. 		Private:     false,

  602. 		Readme:      "Default",

  603. 		AutoInit:    true,

  604. 	}).AddTokenAuth(token)

  605. 

  606. 	resp := MakeRequest(t, req, http.StatusCreated)

  607. 	DecodeJSON(t, resp, apiRepo)

  608. 

  609. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: apiRepo.ID})

  610. 	req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer", repo.OwnerName, repo.Name), &api.TransferRepoOption{

  611. 		NewOwner: "user4",

  612. 	}).AddTokenAuth(token)

  613. 	MakeRequest(t, req, http.StatusCreated)

  614. 

  615. 	return repo

  616. }

  617. 

  618. func TestAPIAcceptTransfer(t *testing.T) {

  619. 	defer tests.PrepareTestEnv(t)()

  620. 

  621. 	repo := transfer(t)

  622. 

  623. 	// try to accept with not authorized user

  624. 	session := loginUser(t, "user2")

  625. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)

  626. 	req := NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/reject", repo.OwnerName, repo.Name)).

  627. 		AddTokenAuth(token)

  628. 	MakeRequest(t, req, http.StatusForbidden)

  629. 

  630. 	// try to accept repo that's not marked as transferred

  631. 	req = NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/accept", "user2", "repo1")).

  632. 		AddTokenAuth(token)

  633. 	MakeRequest(t, req, http.StatusNotFound)

  634. 

  635. 	// accept transfer

  636. 	session = loginUser(t, "user4")

  637. 	token = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)

  638. 

  639. 	req = NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/accept", repo.OwnerName, repo.Name)).

  640. 		AddTokenAuth(token)

  641. 	resp := MakeRequest(t, req, http.StatusAccepted)

  642. 	apiRepo := new(api.Repository)

  643. 	DecodeJSON(t, resp, apiRepo)

  644. 	assert.Equal(t, "user4", apiRepo.Owner.UserName)

  645. }

  646. 

  647. func TestAPIRejectTransfer(t *testing.T) {

  648. 	defer tests.PrepareTestEnv(t)()

  649. 

  650. 	repo := transfer(t)

  651. 

  652. 	// try to reject with not authorized user

  653. 	session := loginUser(t, "user2")

  654. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)

  655. 	req := NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/reject", repo.OwnerName, repo.Name)).

  656. 		AddTokenAuth(token)

  657. 	MakeRequest(t, req, http.StatusForbidden)

  658. 

  659. 	// try to reject repo that's not marked as transferred

  660. 	req = NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/reject", "user2", "repo1")).

  661. 		AddTokenAuth(token)

  662. 	MakeRequest(t, req, http.StatusNotFound)

  663. 

  664. 	// reject transfer

  665. 	session = loginUser(t, "user4")

  666. 	token = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)

  667. 

  668. 	req = NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/reject", repo.OwnerName, repo.Name)).

  669. 		AddTokenAuth(token)

  670. 	resp := MakeRequest(t, req, http.StatusOK)

  671. 	apiRepo := new(api.Repository)

  672. 	DecodeJSON(t, resp, apiRepo)

  673. 	assert.Equal(t, "user2", apiRepo.Owner.UserName)

  674. }

  675. 

  676. func TestAPIGenerateRepo(t *testing.T) {

  677. 	defer tests.PrepareTestEnv(t)()

  678. 

  679. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})

  680. 	session := loginUser(t, user.Name)

  681. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)

  682. 

  683. 	templateRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 44})

  684. 

  685. 	// user

  686. 	repo := new(api.Repository)

  687. 	req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/generate", templateRepo.OwnerName, templateRepo.Name), &api.GenerateRepoOption{

  688. 		Owner:       user.Name,

  689. 		Name:        "new-repo",

  690. 		Description: "test generate repo",

  691. 		Private:     false,

  692. 		GitContent:  true,

  693. 	}).AddTokenAuth(token)

  694. 	resp := MakeRequest(t, req, http.StatusCreated)

  695. 	DecodeJSON(t, resp, repo)

  696. 

  697. 	assert.Equal(t, "new-repo", repo.Name)

  698. 

  699. 	// org

  700. 	req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/generate", templateRepo.OwnerName, templateRepo.Name), &api.GenerateRepoOption{

  701. 		Owner:       "org3",

  702. 		Name:        "new-repo",

  703. 		Description: "test generate repo",

  704. 		Private:     false,

  705. 		GitContent:  true,

  706. 	}).AddTokenAuth(token)

  707. 	resp = MakeRequest(t, req, http.StatusCreated)

  708. 	DecodeJSON(t, resp, repo)

  709. 

  710. 	assert.Equal(t, "new-repo", repo.Name)

  711. }

  712. 

  713. func TestAPIRepoGetReviewers(t *testing.T) {

  714. 	defer tests.PrepareTestEnv(t)()

  715. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  716. 	session := loginUser(t, user.Name)

  717. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)

  718. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})

  719. 

  720. 	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/reviewers", user.Name, repo.Name).

  721. 		AddTokenAuth(token)

  722. 	resp := MakeRequest(t, req, http.StatusOK)

  723. 	var reviewers []*api.User

  724. 	DecodeJSON(t, resp, &reviewers)

  725. 	if assert.Len(t, reviewers, 1) {

  726. 		assert.ElementsMatch(t, []int64{2}, []int64{reviewers[0].ID})

  727. 	}

  728. }

  729. 

  730. func TestAPIRepoGetAssignees(t *testing.T) {

  731. 	defer tests.PrepareTestEnv(t)()

  732. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  733. 	session := loginUser(t, user.Name)

  734. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)

  735. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})

  736. 

  737. 	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/assignees", user.Name, repo.Name).

  738. 		AddTokenAuth(token)

  739. 	resp := MakeRequest(t, req, http.StatusOK)

  740. 	var assignees []*api.User

  741. 	DecodeJSON(t, resp, &assignees)

  742. 	assert.Len(t, assignees, 2)

  743. }