diff options
author | Vlad Temian <vladtemian@gmail.com> | 2017-12-06 12:27:10 +0200 |
---|---|---|
committer | Lauris BH <lauris@nix.lv> | 2017-12-06 12:27:10 +0200 |
commit | 469ab99e9a4e31c1e95ab37f363c26b62b782542 (patch) | |
tree | 610c3848c07f2d0ca8854c6fb989f72e8a656b3b /integrations/api_admin_test.go | |
parent | c7fb6e30870ea1abff13a8214107e0747d293320 (diff) | |
download | gitea-469ab99e9a4e31c1e95ab37f363c26b62b782542.tar.gz gitea-469ab99e9a4e31c1e95ab37f363c26b62b782542.zip |
Delete a user's public key via admin api (closes #3014) (#3059)
* Delete a user's public key via admin api
* Test admin ssh endpoint for creating a new ssh key
* Adapt public ssh key test to also test the delete operation
* Test that deleting a missing key will result in a 404
* Test that a normal user can't delete another user's ssh key
* Make DeletePublicKey return err
* Update swagger doc
Diffstat (limited to 'integrations/api_admin_test.go')
-rw-r--r-- | integrations/api_admin_test.go | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/integrations/api_admin_test.go b/integrations/api_admin_test.go new file mode 100644 index 0000000000..37e5fd199a --- /dev/null +++ b/integrations/api_admin_test.go @@ -0,0 +1,73 @@ +// Copyright 2017 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package integrations + +import ( + "fmt" + "net/http" + "testing" + + "code.gitea.io/gitea/models" + api "code.gitea.io/sdk/gitea" +) + +func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) { + prepareTestEnv(t) + // user1 is an admin user + session := loginUser(t, "user1") + keyOwner := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User) + + urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", keyOwner.Name) + req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ + "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n", + "title": "test-key", + }) + resp := session.MakeRequest(t, req, http.StatusCreated) + + var newPublicKey api.PublicKey + DecodeJSON(t, resp, &newPublicKey) + models.AssertExistsAndLoadBean(t, &models.PublicKey{ + ID: newPublicKey.ID, + Name: newPublicKey.Title, + Content: newPublicKey.Key, + Fingerprint: newPublicKey.Fingerprint, + OwnerID: keyOwner.ID, + }) + + req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d", + keyOwner.Name, newPublicKey.ID) + session.MakeRequest(t, req, http.StatusNoContent) + models.AssertNotExistsBean(t, &models.PublicKey{ID: newPublicKey.ID}) +} + +func TestAPIAdminDeleteMissingSSHKey(t *testing.T) { + prepareTestEnv(t) + // user1 is an admin user + session := loginUser(t, "user1") + + req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d", models.NonexistentID) + session.MakeRequest(t, req, http.StatusNotFound) +} + +func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) { + prepareTestEnv(t) + adminUsername := "user1" + normalUsername := "user2" + session := loginUser(t, adminUsername) + + urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", adminUsername) + req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ + "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n", + "title": "test-key", + }) + resp := session.MakeRequest(t, req, http.StatusCreated) + var newPublicKey api.PublicKey + DecodeJSON(t, resp, &newPublicKey) + + session = loginUser(t, normalUsername) + req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d", + adminUsername, newPublicKey.ID) + session.MakeRequest(t, req, http.StatusForbidden) +} |