aboutsummaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorJohn Olheiser <john.olheiser@gmail.com>2023-04-26 19:24:03 -0500
committerGitHub <noreply@github.com>2023-04-26 19:24:03 -0500
commit5e360241053f6fcfb7f8b89373cba431adaf44ce (patch)
tree8253e76b296a437b3e288e5cc0b70070e9578946 /tests
parent8f57aa014b5642bcd33a6b22492df3c63f03d808 (diff)
downloadgitea-5e360241053f6fcfb7f8b89373cba431adaf44ce.tar.gz
gitea-5e360241053f6fcfb7f8b89373cba431adaf44ce.zip
Require repo scope for PATs for private repos and basic authentication (#24362)
> The scoped token PR just checked all API routes but in fact, some web routes like `LFS`, git `HTTP`, container, and attachments supports basic auth. This PR added scoped token check for them. --------- Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'tests')
-rw-r--r--tests/integration/api_packages_npm_test.go3
-rw-r--r--tests/integration/api_packages_nuget_test.go3
-rw-r--r--tests/integration/api_packages_pub_test.go3
-rw-r--r--tests/integration/api_packages_vagrant_test.go3
4 files changed, 8 insertions, 4 deletions
diff --git a/tests/integration/api_packages_npm_test.go b/tests/integration/api_packages_npm_test.go
index 28c14fb3b8..78389b5740 100644
--- a/tests/integration/api_packages_npm_test.go
+++ b/tests/integration/api_packages_npm_test.go
@@ -11,6 +11,7 @@ import (
"strings"
"testing"
+ auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/packages"
"code.gitea.io/gitea/models/unittest"
@@ -27,7 +28,7 @@ func TestPackageNpm(t *testing.T) {
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
- token := fmt.Sprintf("Bearer %s", getTokenForLoggedInUser(t, loginUser(t, user.Name)))
+ token := fmt.Sprintf("Bearer %s", getTokenForLoggedInUser(t, loginUser(t, user.Name), auth_model.AccessTokenScopePackage))
packageName := "@scope/test-package"
packageVersion := "1.0.1-pre"
diff --git a/tests/integration/api_packages_nuget_test.go b/tests/integration/api_packages_nuget_test.go
index a74d696f03..2240d2a5d4 100644
--- a/tests/integration/api_packages_nuget_test.go
+++ b/tests/integration/api_packages_nuget_test.go
@@ -16,6 +16,7 @@ import (
"testing"
"time"
+ auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/packages"
"code.gitea.io/gitea/models/unittest"
@@ -74,7 +75,7 @@ func TestPackageNuGet(t *testing.T) {
}
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
- token := getUserToken(t, user.Name)
+ token := getUserToken(t, user.Name, auth_model.AccessTokenScopePackage)
packageName := "test.package"
packageVersion := "1.0.3"
diff --git a/tests/integration/api_packages_pub_test.go b/tests/integration/api_packages_pub_test.go
index 4d4ce12402..5c1cc6052f 100644
--- a/tests/integration/api_packages_pub_test.go
+++ b/tests/integration/api_packages_pub_test.go
@@ -15,6 +15,7 @@ import (
"testing"
"time"
+ auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/packages"
"code.gitea.io/gitea/models/unittest"
@@ -30,7 +31,7 @@ func TestPackagePub(t *testing.T) {
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
- token := "Bearer " + getUserToken(t, user.Name)
+ token := "Bearer " + getUserToken(t, user.Name, auth_model.AccessTokenScopePackage)
packageName := "test_package"
packageVersion := "1.0.1"
diff --git a/tests/integration/api_packages_vagrant_test.go b/tests/integration/api_packages_vagrant_test.go
index b4f04b0c89..b28bfca6f0 100644
--- a/tests/integration/api_packages_vagrant_test.go
+++ b/tests/integration/api_packages_vagrant_test.go
@@ -12,6 +12,7 @@ import (
"strings"
"testing"
+ auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/packages"
"code.gitea.io/gitea/models/unittest"
@@ -27,7 +28,7 @@ func TestPackageVagrant(t *testing.T) {
defer tests.PrepareTestEnv(t)()
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
- token := "Bearer " + getUserToken(t, user.Name)
+ token := "Bearer " + getUserToken(t, user.Name, auth_model.AccessTokenScopePackage)
packageName := "test_package"
packageVersion := "1.0.1"