diff options
| author | harryzcy <harry@harryzheng.com> | 2023-04-21 11:39:03 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-21 11:39:03 -0400 |
| commit | cb19772d6a2a86d556f350d42758a9d64db1b402 (patch) | |
| tree | 0b374fc7c9e0055c82cd7adb3a924c57ff3746ac /tests/integration | |
| parent | 949ba4894b1237490d872277fc48d2a1fdc26562 (diff) | |
| download | gitea-cb19772d6a2a86d556f350d42758a9d64db1b402.tar.gz gitea-cb19772d6a2a86d556f350d42758a9d64db1b402.zip | |
Fix access token issue on some public endpoints (#24194)
- [x] Identify endpoints that should be public
- [x] Update integration tests
Fix #24159
Diffstat (limited to 'tests/integration')
| -rw-r--r-- | tests/integration/api_org_test.go | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/tests/integration/api_org_test.go b/tests/integration/api_org_test.go index 3d1c3b2494..4b79b32c59 100644 --- a/tests/integration/api_org_test.go +++ b/tests/integration/api_org_test.go @@ -147,16 +147,14 @@ func TestAPIOrgDeny(t *testing.T) { setting.Service.RequireSignInView = false }() - token := getUserToken(t, "user1", auth_model.AccessTokenScopeReadOrg) - orgName := "user1_org" - req := NewRequestf(t, "GET", "/api/v1/orgs/%s?token=%s", orgName, token) + req := NewRequestf(t, "GET", "/api/v1/orgs/%s", orgName) MakeRequest(t, req, http.StatusNotFound) - req = NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token=%s", orgName, token) + req = NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", orgName) MakeRequest(t, req, http.StatusNotFound) - req = NewRequestf(t, "GET", "/api/v1/orgs/%s/members?token=%s", orgName, token) + req = NewRequestf(t, "GET", "/api/v1/orgs/%s/members", orgName) MakeRequest(t, req, http.StatusNotFound) }) } @@ -166,16 +164,24 @@ func TestAPIGetAll(t *testing.T) { token := getUserToken(t, "user1", auth_model.AccessTokenScopeReadOrg) + // accessing with a token will return all orgs req := NewRequestf(t, "GET", "/api/v1/orgs?token=%s", token) resp := MakeRequest(t, req, http.StatusOK) - var apiOrgList []*api.Organization - DecodeJSON(t, resp, &apiOrgList) - // accessing with a token will return all orgs + DecodeJSON(t, resp, &apiOrgList) assert.Len(t, apiOrgList, 9) assert.Equal(t, "org25", apiOrgList[1].FullName) assert.Equal(t, "public", apiOrgList[1].Visibility) + + // accessing without a token will return only public orgs + req = NewRequestf(t, "GET", "/api/v1/orgs") + resp = MakeRequest(t, req, http.StatusOK) + + DecodeJSON(t, resp, &apiOrgList) + assert.Len(t, apiOrgList, 7) + assert.Equal(t, "org25", apiOrgList[0].FullName) + assert.Equal(t, "public", apiOrgList[0].Visibility) } func TestAPIOrgSearchEmptyTeam(t *testing.T) { |