From 2262811e407facea09047e94aa1850c192511587 Mon Sep 17 00:00:00 2001 From: Richard Mahn Date: Wed, 17 Apr 2019 10:06:35 -0600 Subject: Fixes 4762 - Content API for Creating, Updating, Deleting Files (#6314) --- integrations/api_repo_git_blobs_test.go | 76 +++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 integrations/api_repo_git_blobs_test.go (limited to 'integrations/api_repo_git_blobs_test.go') diff --git a/integrations/api_repo_git_blobs_test.go b/integrations/api_repo_git_blobs_test.go new file mode 100644 index 0000000000..560f108fca --- /dev/null +++ b/integrations/api_repo_git_blobs_test.go @@ -0,0 +1,76 @@ +// Copyright 2019 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package integrations + +import ( + "net/http" + "testing" + + "code.gitea.io/gitea/models" + api "code.gitea.io/sdk/gitea" + + "github.com/stretchr/testify/assert" +) + +func TestAPIReposGitBlobs(t *testing.T) { + prepareTestEnv(t) + user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User) // owner of the repo1 & repo16 + user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User) // owner of the repo3 + user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User) // owner of neither repos + repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) // public repo + repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository) // public repo + repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo + repo1ReadmeSHA := "65f1bf27bc3bf70f64657658635e66094edbcb4d" + repo3ReadmeSHA := "d56a3073c1dbb7b15963110a049d50cdb5db99fc" + repo16ReadmeSHA := "f90451c72ef61a7645293d17b47be7a8e983da57" + badSHA := "0000000000000000000000000000000000000000" + + // Login as User2. + session := loginUser(t, user2.Name) + token := getTokenForLoggedInUser(t, session) + session = emptyTestSession(t) // don't want anyone logged in for this + + // Test a public repo that anyone can GET the blob of + req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo1.Name, repo1ReadmeSHA) + resp := session.MakeRequest(t, req, http.StatusOK) + var gitBlobResponse api.GitBlobResponse + DecodeJSON(t, resp, &gitBlobResponse) + assert.NotNil(t, gitBlobResponse) + expectedContent := "Y29tbWl0IDY1ZjFiZjI3YmMzYmY3MGY2NDY1NzY1ODYzNWU2NjA5NGVkYmNiNGQKQXV0aG9yOiB1c2VyMSA8YWRkcmVzczFAZXhhbXBsZS5jb20+CkRhdGU6ICAgU3VuIE1hciAxOSAxNjo0Nzo1OSAyMDE3IC0wNDAwCgogICAgSW5pdGlhbCBjb21taXQKCmRpZmYgLS1naXQgYS9SRUFETUUubWQgYi9SRUFETUUubWQKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMC4uNGI0ODUxYQotLS0gL2Rldi9udWxsCisrKyBiL1JFQURNRS5tZApAQCAtMCwwICsxLDMgQEAKKyMgcmVwbzEKKworRGVzY3JpcHRpb24gZm9yIHJlcG8xClwgTm8gbmV3bGluZSBhdCBlbmQgb2YgZmlsZQo=" + assert.Equal(t, expectedContent, gitBlobResponse.Content) + + // Tests a private repo with no token so will fail + req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo16.Name, repo16ReadmeSHA) + session.MakeRequest(t, req, http.StatusNotFound) + + // Test using access token for a private repo that the user of the token owns + req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s?token=%s", user2.Name, repo16.Name, repo16ReadmeSHA, token) + session.MakeRequest(t, req, http.StatusOK) + + // Test using bad sha + req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo1.Name, badSHA) + session.MakeRequest(t, req, http.StatusBadRequest) + + // Test using org repo "user3/repo3" where user2 is a collaborator + req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s?token=%s", user3.Name, repo3.Name, repo3ReadmeSHA, token) + session.MakeRequest(t, req, http.StatusOK) + + // Test using org repo "user3/repo3" where user2 is a collaborator + req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s?token=%s", user3.Name, repo3.Name, repo3ReadmeSHA, token) + session.MakeRequest(t, req, http.StatusOK) + + // Test using org repo "user3/repo3" with no user token + req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user3.Name, repo3ReadmeSHA, repo3.Name) + session.MakeRequest(t, req, http.StatusNotFound) + + // Login as User4. + session = loginUser(t, user4.Name) + token4 := getTokenForLoggedInUser(t, session) + session = emptyTestSession(t) // don't want anyone logged in for this + + // Test using org repo "user3/repo3" where user4 is a NOT collaborator + req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/d56a3073c1dbb7b15963110a049d50cdb5db99fc?access=%s", user3.Name, repo3.Name, token4) + session.MakeRequest(t, req, http.StatusNotFound) +} -- cgit v1.2.3