afan
/
gitea
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
gitea源码
2 提交
2 分支
目录树: f5d5e77162
分支列表 标签列表
${ item.name }
创建分支 ${ searchTerm }
从 'f5d5e77162'
${ noResults }
gitea/tests/integration/api_user_search_test.go

api_user_search_test.go 4.9KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 
  1. // Copyright 2019 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package integration

  5. 

  6. import (

  7. 	"net/http"

  8. 	"testing"

  9. 

  10. 	auth_model "code.gitea.io/gitea/models/auth"

  11. 	"code.gitea.io/gitea/models/unittest"

  12. 	user_model "code.gitea.io/gitea/models/user"

  13. 	api "code.gitea.io/gitea/modules/structs"

  14. 	"code.gitea.io/gitea/tests"

  15. 

  16. 	"github.com/stretchr/testify/assert"

  17. )

  18. 

  19. type SearchResults struct {

  20. 	OK   bool        `json:"ok"`

  21. 	Data []*api.User `json:"data"`

  22. }

  23. 

  24. func TestAPIUserSearchLoggedIn(t *testing.T) {

  25. 	defer tests.PrepareTestEnv(t)()

  26. 	adminUsername := "user1"

  27. 	session := loginUser(t, adminUsername)

  28. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)

  29. 	query := "user2"

  30. 	req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query).

  31. 		AddTokenAuth(token)

  32. 	resp := MakeRequest(t, req, http.StatusOK)

  33. 

  34. 	var results SearchResults

  35. 	DecodeJSON(t, resp, &results)

  36. 	assert.NotEmpty(t, results.Data)

  37. 	for _, user := range results.Data {

  38. 		assert.Contains(t, user.UserName, query)

  39. 		assert.NotEmpty(t, user.Email)

  40. 	}

  41. 

  42. 	publicToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopePublicOnly)

  43. 	req = NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query).

  44. 		AddTokenAuth(publicToken)

  45. 	resp = MakeRequest(t, req, http.StatusOK)

  46. 	results = SearchResults{}

  47. 	DecodeJSON(t, resp, &results)

  48. 	assert.NotEmpty(t, results.Data)

  49. 	for _, user := range results.Data {

  50. 		assert.Contains(t, user.UserName, query)

  51. 		assert.NotEmpty(t, user.Email)

  52. 		assert.Equal(t, "public", user.Visibility)

  53. 	}

  54. }

  55. 

  56. func TestAPIUserSearchNotLoggedIn(t *testing.T) {

  57. 	defer tests.PrepareTestEnv(t)()

  58. 	query := "user2"

  59. 	req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query)

  60. 	resp := MakeRequest(t, req, http.StatusOK)

  61. 

  62. 	var results SearchResults

  63. 	DecodeJSON(t, resp, &results)

  64. 	assert.NotEmpty(t, results.Data)

  65. 	var modelUser *user_model.User

  66. 	for _, user := range results.Data {

  67. 		assert.Contains(t, user.UserName, query)

  68. 		modelUser = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: user.ID})

  69. 		assert.Equal(t, modelUser.GetPlaceholderEmail(), user.Email)

  70. 	}

  71. }

  72. 

  73. func TestAPIUserSearchSystemUsers(t *testing.T) {

  74. 	defer tests.PrepareTestEnv(t)()

  75. 	for _, systemUser := range []*user_model.User{

  76. 		user_model.NewGhostUser(),

  77. 		user_model.NewActionsUser(),

  78. 	} {

  79. 		t.Run(systemUser.Name, func(t *testing.T) {

  80. 			req := NewRequestf(t, "GET", "/api/v1/users/search?uid=%d", systemUser.ID)

  81. 			resp := MakeRequest(t, req, http.StatusOK)

  82. 

  83. 			var results SearchResults

  84. 			DecodeJSON(t, resp, &results)

  85. 			assert.NotEmpty(t, results.Data)

  86. 			if assert.Len(t, results.Data, 1) {

  87. 				user := results.Data[0]

  88. 				assert.Equal(t, user.UserName, systemUser.Name)

  89. 				assert.Equal(t, user.ID, systemUser.ID)

  90. 			}

  91. 		})

  92. 	}

  93. }

  94. 

  95. func TestAPIUserSearchAdminLoggedInUserHidden(t *testing.T) {

  96. 	defer tests.PrepareTestEnv(t)()

  97. 	adminUsername := "user1"

  98. 	session := loginUser(t, adminUsername)

  99. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)

  100. 	query := "user31"

  101. 	req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query).

  102. 		AddTokenAuth(token)

  103. 	resp := MakeRequest(t, req, http.StatusOK)

  104. 

  105. 	var results SearchResults

  106. 	DecodeJSON(t, resp, &results)

  107. 	assert.NotEmpty(t, results.Data)

  108. 	for _, user := range results.Data {

  109. 		assert.Contains(t, user.UserName, query)

  110. 		assert.NotEmpty(t, user.Email)

  111. 		assert.Equal(t, "private", user.Visibility)

  112. 	}

  113. }

  114. 

  115. func TestAPIUserSearchNotLoggedInUserHidden(t *testing.T) {

  116. 	defer tests.PrepareTestEnv(t)()

  117. 	query := "user31"

  118. 	req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query)

  119. 	resp := MakeRequest(t, req, http.StatusOK)

  120. 

  121. 	var results SearchResults

  122. 	DecodeJSON(t, resp, &results)

  123. 	assert.Empty(t, results.Data)

  124. }

  125. 

  126. func TestAPIUserSearchByEmail(t *testing.T) {

  127. 	defer tests.PrepareTestEnv(t)()

  128. 

  129. 	// admin can search user with private email

  130. 	adminUsername := "user1"

  131. 	session := loginUser(t, adminUsername)

  132. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)

  133. 	query := "user2@example.com"

  134. 	req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query).

  135. 		AddTokenAuth(token)

  136. 	resp := MakeRequest(t, req, http.StatusOK)

  137. 

  138. 	var results SearchResults

  139. 	DecodeJSON(t, resp, &results)

  140. 	assert.Len(t, results.Data, 1)

  141. 	assert.Equal(t, query, results.Data[0].Email)

  142. 

  143. 	// no login user can not search user with private email

  144. 	req = NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query)

  145. 	resp = MakeRequest(t, req, http.StatusOK)

  146. 	DecodeJSON(t, resp, &results)

  147. 	assert.Empty(t, results.Data)

  148. 

  149. 	// user can search self with private email

  150. 	user2 := "user2"

  151. 	session = loginUser(t, user2)

  152. 	token = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)

  153. 	req = NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query).

  154. 		AddTokenAuth(token)

  155. 	resp = MakeRequest(t, req, http.StatusOK)

  156. 

  157. 	DecodeJSON(t, resp, &results)

  158. 	assert.Len(t, results.Data, 1)

  159. 	assert.Equal(t, query, results.Data[0].Email)

  160. }