Add API for changing Avatars (#25369)

This adds an API for uploading and Deleting Avatars for of Users, Repos
and Organisations. I'm not sure, if this should also be added to the
Admin API.

Resolves #25344

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>

4 files changed, 220 insertions, 0 deletions

diff --git a/tests/integration/api_org_avatar_test.go b/tests/integration/api_org_avatar_test.go
new file mode 100644
index 0000000000..e0a4150e9f
--- /dev/null
+++ b/tests/integration/api_org_avatar_test.go
@@ -0,0 +1,72 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"encoding/base64"
+	"net/http"
+	"os"
+	"testing"
+
+	auth_model "code.gitea.io/gitea/models/auth"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAPIUpdateOrgAvatar(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user1")
+
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
+
+	// Test what happens if you use a valid image
+	avatar, err := os.ReadFile("tests/integration/avatar.png")
+	assert.NoError(t, err)
+	if err != nil {
+		assert.FailNow(t, "Unable to open avatar.png")
+	}
+
+	opts := api.UpdateUserAvatarOption{
+		Image: base64.StdEncoding.EncodeToString(avatar),
+	}
+
+	req := NewRequestWithJSON(t, "POST", "/api/v1/orgs/user3/avatar?token="+token, &opts)
+	MakeRequest(t, req, http.StatusNoContent)
+
+	// Test what happens if you don't have a valid Base64 string
+	opts = api.UpdateUserAvatarOption{
+		Image: "Invalid",
+	}
+
+	req = NewRequestWithJSON(t, "POST", "/api/v1/orgs/user3/avatar?token="+token, &opts)
+	MakeRequest(t, req, http.StatusBadRequest)
+
+	// Test what happens if you use a file that is not an image
+	text, err := os.ReadFile("tests/integration/README.md")
+	assert.NoError(t, err)
+	if err != nil {
+		assert.FailNow(t, "Unable to open README.md")
+	}
+
+	opts = api.UpdateUserAvatarOption{
+		Image: base64.StdEncoding.EncodeToString(text),
+	}
+
+	req = NewRequestWithJSON(t, "POST", "/api/v1/orgs/user3/avatar?token="+token, &opts)
+	MakeRequest(t, req, http.StatusInternalServerError)
+}
+
+func TestAPIDeleteOrgAvatar(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user1")
+
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
+
+	req := NewRequest(t, "DELETE", "/api/v1/orgs/user3/avatar?token="+token)
+	MakeRequest(t, req, http.StatusNoContent)
+}
diff --git a/tests/integration/api_repo_avatar_test.go b/tests/integration/api_repo_avatar_test.go
new file mode 100644
index 0000000000..58a4fc536c
--- /dev/null
+++ b/tests/integration/api_repo_avatar_test.go
@@ -0,0 +1,76 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"encoding/base64"
+	"fmt"
+	"net/http"
+	"os"
+	"testing"
+
+	auth_model "code.gitea.io/gitea/models/auth"
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAPIUpdateRepoAvatar(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	token := getUserToken(t, user2.LowerName, auth_model.AccessTokenScopeWriteRepository)
+
+	// Test what happens if you use a valid image
+	avatar, err := os.ReadFile("tests/integration/avatar.png")
+	assert.NoError(t, err)
+	if err != nil {
+		assert.FailNow(t, "Unable to open avatar.png")
+	}
+
+	opts := api.UpdateRepoAvatarOption{
+		Image: base64.StdEncoding.EncodeToString(avatar),
+	}
+
+	req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/avatar?token=%s", repo.OwnerName, repo.Name, token), &opts)
+	MakeRequest(t, req, http.StatusNoContent)
+
+	// Test what happens if you don't have a valid Base64 string
+	opts = api.UpdateRepoAvatarOption{
+		Image: "Invalid",
+	}
+
+	req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/avatar?token=%s", repo.OwnerName, repo.Name, token), &opts)
+	MakeRequest(t, req, http.StatusBadRequest)
+
+	// Test what happens if you use a file that is not an image
+	text, err := os.ReadFile("tests/integration/README.md")
+	assert.NoError(t, err)
+	if err != nil {
+		assert.FailNow(t, "Unable to open README.md")
+	}
+
+	opts = api.UpdateRepoAvatarOption{
+		Image: base64.StdEncoding.EncodeToString(text),
+	}
+
+	req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/avatar?token=%s", repo.OwnerName, repo.Name, token), &opts)
+	MakeRequest(t, req, http.StatusInternalServerError)
+}
+
+func TestAPIDeleteRepoAvatar(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	token := getUserToken(t, user2.LowerName, auth_model.AccessTokenScopeWriteRepository)
+
+	req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/%s/%s/avatar?token=%s", repo.OwnerName, repo.Name, token))
+	MakeRequest(t, req, http.StatusNoContent)
+}
diff --git a/tests/integration/api_user_avatar_test.go b/tests/integration/api_user_avatar_test.go
new file mode 100644
index 0000000000..807c119e2c
--- /dev/null
+++ b/tests/integration/api_user_avatar_test.go
@@ -0,0 +1,72 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"encoding/base64"
+	"net/http"
+	"os"
+	"testing"
+
+	auth_model "code.gitea.io/gitea/models/auth"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAPIUpdateUserAvatar(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	normalUsername := "user2"
+	session := loginUser(t, normalUsername)
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
+
+	// Test what happens if you use a valid image
+	avatar, err := os.ReadFile("tests/integration/avatar.png")
+	assert.NoError(t, err)
+	if err != nil {
+		assert.FailNow(t, "Unable to open avatar.png")
+	}
+
+	// Test what happens if you don't have a valid Base64 string
+	opts := api.UpdateUserAvatarOption{
+		Image: base64.StdEncoding.EncodeToString(avatar),
+	}
+
+	req := NewRequestWithJSON(t, "POST", "/api/v1/user/avatar?token="+token, &opts)
+	MakeRequest(t, req, http.StatusNoContent)
+
+	opts = api.UpdateUserAvatarOption{
+		Image: "Invalid",
+	}
+
+	req = NewRequestWithJSON(t, "POST", "/api/v1/user/avatar?token="+token, &opts)
+	MakeRequest(t, req, http.StatusBadRequest)
+
+	// Test what happens if you use a file that is not an image
+	text, err := os.ReadFile("tests/integration/README.md")
+	assert.NoError(t, err)
+	if err != nil {
+		assert.FailNow(t, "Unable to open README.md")
+	}
+
+	opts = api.UpdateUserAvatarOption{
+		Image: base64.StdEncoding.EncodeToString(text),
+	}
+
+	req = NewRequestWithJSON(t, "POST", "/api/v1/user/avatar?token="+token, &opts)
+	MakeRequest(t, req, http.StatusInternalServerError)
+}
+
+func TestAPIDeleteUserAvatar(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	normalUsername := "user2"
+	session := loginUser(t, normalUsername)
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
+
+	req := NewRequest(t, "DELETE", "/api/v1/user/avatar?token="+token)
+	MakeRequest(t, req, http.StatusNoContent)
+}
diff --git a/tests/integration/avatar.png b/tests/integration/avatar.png
new file mode 100644
index 0000000000..dfd2125edc
--- /dev/null
+++ b/tests/integration/avatar.png