afan
/
gitea
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
gitea源码
1 Commit
2 Branches
Tree: 61128e8e94
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '61128e8e94'
${ noResults }
gitea/tests/integration/signin_test.go

signin_test.go 7.0KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package integration

  5. 

  6. import (

  7. 	"net/http"

  8. 	"net/url"

  9. 	"strings"

  10. 	"testing"

  11. 

  12. 	auth_model "code.gitea.io/gitea/models/auth"

  13. 	"code.gitea.io/gitea/models/db"

  14. 	"code.gitea.io/gitea/models/unittest"

  15. 	user_model "code.gitea.io/gitea/models/user"

  16. 	"code.gitea.io/gitea/modules/setting"

  17. 	"code.gitea.io/gitea/modules/test"

  18. 	"code.gitea.io/gitea/modules/translation"

  19. 	"code.gitea.io/gitea/modules/web"

  20. 	"code.gitea.io/gitea/routers"

  21. 	"code.gitea.io/gitea/routers/web/auth"

  22. 	"code.gitea.io/gitea/services/context"

  23. 	"code.gitea.io/gitea/tests"

  24. 

  25. 	"github.com/markbates/goth"

  26. 	"github.com/stretchr/testify/assert"

  27. 	"github.com/stretchr/testify/require"

  28. )

  29. 

  30. func testLoginFailed(t *testing.T, username, password, message string) {

  31. 	session := emptyTestSession(t)

  32. 	req := NewRequestWithValues(t, "POST", "/user/login", map[string]string{

  33. 		"user_name": username,

  34. 		"password":  password,

  35. 	})

  36. 	resp := session.MakeRequest(t, req, http.StatusOK)

  37. 

  38. 	htmlDoc := NewHTMLParser(t, resp.Body)

  39. 	resultMsg := htmlDoc.doc.Find(".ui.message>p").Text()

  40. 

  41. 	assert.Equal(t, message, resultMsg)

  42. }

  43. 

  44. func TestSignin(t *testing.T) {

  45. 	defer tests.PrepareTestEnv(t)()

  46. 

  47. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  48. 

  49. 	// add new user with user2's email

  50. 	user.Name = "testuser"

  51. 	user.LowerName = strings.ToLower(user.Name)

  52. 	user.ID = 0

  53. 	require.NoError(t, db.Insert(t.Context(), user))

  54. 

  55. 	samples := []struct {

  56. 		username string

  57. 		password string

  58. 		message  string

  59. 	}{

  60. 		{username: "wrongUsername", password: "wrongPassword", message: translation.NewLocale("en-US").TrString("form.username_password_incorrect")},

  61. 		{username: "wrongUsername", password: "password", message: translation.NewLocale("en-US").TrString("form.username_password_incorrect")},

  62. 		{username: "user15", password: "wrongPassword", message: translation.NewLocale("en-US").TrString("form.username_password_incorrect")},

  63. 		{username: "user1@example.com", password: "wrongPassword", message: translation.NewLocale("en-US").TrString("form.username_password_incorrect")},

  64. 	}

  65. 

  66. 	for _, s := range samples {

  67. 		testLoginFailed(t, s.username, s.password, s.message)

  68. 	}

  69. }

  70. 

  71. func TestSigninWithRememberMe(t *testing.T) {

  72. 	defer tests.PrepareTestEnv(t)()

  73. 

  74. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

  75. 	baseURL, _ := url.Parse(setting.AppURL)

  76. 

  77. 	session := emptyTestSession(t)

  78. 	req := NewRequestWithValues(t, "POST", "/user/login", map[string]string{

  79. 		"user_name": user.Name,

  80. 		"password":  userPassword,

  81. 		"remember":  "on",

  82. 	})

  83. 	session.MakeRequest(t, req, http.StatusSeeOther)

  84. 

  85. 	c := session.GetRawCookie(setting.CookieRememberName)

  86. 	assert.NotNil(t, c)

  87. 

  88. 	session = emptyTestSession(t)

  89. 

  90. 	// Without session the settings page should not be reachable

  91. 	req = NewRequest(t, "GET", "/user/settings")

  92. 	session.MakeRequest(t, req, http.StatusSeeOther)

  93. 

  94. 	req = NewRequest(t, "GET", "/user/login")

  95. 	// Set the remember me cookie for the login GET request

  96. 	session.jar.SetCookies(baseURL, []*http.Cookie{c})

  97. 	session.MakeRequest(t, req, http.StatusSeeOther)

  98. 

  99. 	// With session the settings page should be reachable

  100. 	req = NewRequest(t, "GET", "/user/settings")

  101. 	session.MakeRequest(t, req, http.StatusOK)

  102. }

  103. 

  104. func TestEnablePasswordSignInFormAndEnablePasskeyAuth(t *testing.T) {

  105. 	defer tests.PrepareTestEnv(t)()

  106. 

  107. 	mockLinkAccount := func(ctx *context.Context) {

  108. 		authSource := auth_model.Source{ID: 1}

  109. 		gothUser := goth.User{Email: "invalid-email", Name: "."}

  110. 		_ = auth.Oauth2SetLinkAccountData(ctx, auth.LinkAccountData{AuthSourceID: authSource.ID, GothUser: gothUser})

  111. 	}

  112. 

  113. 	t.Run("EnablePasswordSignInForm=false", func(t *testing.T) {

  114. 		defer tests.PrintCurrentTest(t)()

  115. 		defer test.MockVariableValue(&setting.Service.EnablePasswordSignInForm, false)()

  116. 

  117. 		req := NewRequest(t, "GET", "/user/login")

  118. 		resp := MakeRequest(t, req, http.StatusOK)

  119. 		doc := NewHTMLParser(t, resp.Body)

  120. 		AssertHTMLElement(t, doc, "form[action='/user/login']", false)

  121. 

  122. 		req = NewRequest(t, "POST", "/user/login")

  123. 		MakeRequest(t, req, http.StatusForbidden)

  124. 

  125. 		req = NewRequest(t, "GET", "/user/link_account")

  126. 		defer web.RouteMockReset()

  127. 		web.RouteMock(web.MockAfterMiddlewares, mockLinkAccount)

  128. 		resp = MakeRequest(t, req, http.StatusOK)

  129. 		doc = NewHTMLParser(t, resp.Body)

  130. 		AssertHTMLElement(t, doc, "form[action='/user/link_account_signin']", false)

  131. 	})

  132. 

  133. 	t.Run("EnablePasswordSignInForm=true", func(t *testing.T) {

  134. 		defer tests.PrintCurrentTest(t)()

  135. 		defer test.MockVariableValue(&setting.Service.EnablePasswordSignInForm, true)()

  136. 

  137. 		req := NewRequest(t, "GET", "/user/login")

  138. 		resp := MakeRequest(t, req, http.StatusOK)

  139. 		doc := NewHTMLParser(t, resp.Body)

  140. 		AssertHTMLElement(t, doc, "form[action='/user/login']", true)

  141. 

  142. 		req = NewRequest(t, "POST", "/user/login")

  143. 		MakeRequest(t, req, http.StatusOK)

  144. 

  145. 		req = NewRequest(t, "GET", "/user/link_account")

  146. 		defer web.RouteMockReset()

  147. 		web.RouteMock(web.MockAfterMiddlewares, mockLinkAccount)

  148. 		resp = MakeRequest(t, req, http.StatusOK)

  149. 		doc = NewHTMLParser(t, resp.Body)

  150. 		AssertHTMLElement(t, doc, "form[action='/user/link_account_signin']", true)

  151. 	})

  152. 

  153. 	t.Run("EnablePasskeyAuth=false", func(t *testing.T) {

  154. 		defer tests.PrintCurrentTest(t)()

  155. 		defer test.MockVariableValue(&setting.Service.EnablePasskeyAuth, false)()

  156. 

  157. 		req := NewRequest(t, "GET", "/user/login")

  158. 		resp := MakeRequest(t, req, http.StatusOK)

  159. 		doc := NewHTMLParser(t, resp.Body)

  160. 		AssertHTMLElement(t, doc, ".signin-passkey", false)

  161. 	})

  162. 

  163. 	t.Run("EnablePasskeyAuth=true", func(t *testing.T) {

  164. 		defer tests.PrintCurrentTest(t)()

  165. 		defer test.MockVariableValue(&setting.Service.EnablePasskeyAuth, true)()

  166. 

  167. 		req := NewRequest(t, "GET", "/user/login")

  168. 		resp := MakeRequest(t, req, http.StatusOK)

  169. 		doc := NewHTMLParser(t, resp.Body)

  170. 		AssertHTMLElement(t, doc, ".signin-passkey", true)

  171. 	})

  172. }

  173. 

  174. func TestRequireSignInView(t *testing.T) {

  175. 	defer tests.PrepareTestEnv(t)()

  176. 	t.Run("NoRequireSignInView", func(t *testing.T) {

  177. 		require.False(t, setting.Service.RequireSignInViewStrict)

  178. 		require.False(t, setting.Service.BlockAnonymousAccessExpensive)

  179. 		req := NewRequest(t, "GET", "/user2/repo1/src/branch/master")

  180. 		MakeRequest(t, req, http.StatusOK)

  181. 	})

  182. 	t.Run("RequireSignInView", func(t *testing.T) {

  183. 		defer test.MockVariableValue(&setting.Service.RequireSignInViewStrict, true)()

  184. 		defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()

  185. 		req := NewRequest(t, "GET", "/user2/repo1/src/branch/master")

  186. 		resp := MakeRequest(t, req, http.StatusSeeOther)

  187. 		assert.Equal(t, "/user/login", resp.Header().Get("Location"))

  188. 	})

  189. 	t.Run("BlockAnonymousAccessExpensive", func(t *testing.T) {

  190. 		defer test.MockVariableValue(&setting.Service.RequireSignInViewStrict, false)()

  191. 		defer test.MockVariableValue(&setting.Service.BlockAnonymousAccessExpensive, true)()

  192. 		defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()

  193. 

  194. 		req := NewRequest(t, "GET", "/user2/repo1")

  195. 		MakeRequest(t, req, http.StatusOK)

  196. 

  197. 		req = NewRequest(t, "GET", "/user2/repo1/src/branch/master")

  198. 		resp := MakeRequest(t, req, http.StatusSeeOther)

  199. 		assert.Equal(t, "/user/login", resp.Header().Get("Location"))

  200. 	})

  201. }