mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17489 Commits
17 Branches
Tree: 9b1a8888fa
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9b1a8888fa'
${ noResults }
gitea/tests/integration/api_admin_test.go

api_admin_test.go 13KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package integration

  5. 

  6. import (

  7. 	"fmt"

  8. 	"net/http"

  9. 	"testing"

  10. 	"time"

  11. 

  12. 	asymkey_model "code.gitea.io/gitea/models/asymkey"

  13. 	auth_model "code.gitea.io/gitea/models/auth"

  14. 	"code.gitea.io/gitea/models/unittest"

  15. 	user_model "code.gitea.io/gitea/models/user"

  16. 	"code.gitea.io/gitea/modules/json"

  17. 	"code.gitea.io/gitea/modules/setting"

  18. 	api "code.gitea.io/gitea/modules/structs"

  19. 	"code.gitea.io/gitea/tests"

  20. 

  21. 	"github.com/gobwas/glob"

  22. 	"github.com/stretchr/testify/assert"

  23. )

  24. 

  25. func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {

  26. 	defer tests.PrepareTestEnv(t)()

  27. 	// user1 is an admin user

  28. 	session := loginUser(t, "user1")

  29. 	keyOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user2"})

  30. 

  31. 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteAdmin)

  32. 	urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", keyOwner.Name)

  33. 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{

  34. 		"key":   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",

  35. 		"title": "test-key",

  36. 	}).AddTokenAuth(token)

  37. 	resp := MakeRequest(t, req, http.StatusCreated)

  38. 

  39. 	var newPublicKey api.PublicKey

  40. 	DecodeJSON(t, resp, &newPublicKey)

  41. 	unittest.AssertExistsAndLoadBean(t, &asymkey_model.PublicKey{

  42. 		ID:          newPublicKey.ID,

  43. 		Name:        newPublicKey.Title,

  44. 		Fingerprint: newPublicKey.Fingerprint,

  45. 		OwnerID:     keyOwner.ID,

  46. 	})

  47. 

  48. 	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d", keyOwner.Name, newPublicKey.ID).

  49. 		AddTokenAuth(token)

  50. 	MakeRequest(t, req, http.StatusNoContent)

  51. 	unittest.AssertNotExistsBean(t, &asymkey_model.PublicKey{ID: newPublicKey.ID})

  52. }

  53. 

  54. func TestAPIAdminDeleteMissingSSHKey(t *testing.T) {

  55. 	defer tests.PrepareTestEnv(t)()

  56. 

  57. 	// user1 is an admin user

  58. 	token := getUserToken(t, "user1", auth_model.AccessTokenScopeWriteAdmin)

  59. 	req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d", unittest.NonexistentID).

  60. 		AddTokenAuth(token)

  61. 	MakeRequest(t, req, http.StatusNotFound)

  62. }

  63. 

  64. func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) {

  65. 	defer tests.PrepareTestEnv(t)()

  66. 	adminUsername := "user1"

  67. 	normalUsername := "user2"

  68. 	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)

  69. 

  70. 	urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", adminUsername)

  71. 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{

  72. 		"key":   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",

  73. 		"title": "test-key",

  74. 	}).AddTokenAuth(token)

  75. 	resp := MakeRequest(t, req, http.StatusCreated)

  76. 	var newPublicKey api.PublicKey

  77. 	DecodeJSON(t, resp, &newPublicKey)

  78. 

  79. 	token = getUserToken(t, normalUsername)

  80. 	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d", adminUsername, newPublicKey.ID).

  81. 		AddTokenAuth(token)

  82. 	MakeRequest(t, req, http.StatusForbidden)

  83. }

  84. 

  85. func TestAPISudoUser(t *testing.T) {

  86. 	defer tests.PrepareTestEnv(t)()

  87. 	adminUsername := "user1"

  88. 	normalUsername := "user2"

  89. 	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeReadUser)

  90. 

  91. 	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/user?sudo=%s", normalUsername)).

  92. 		AddTokenAuth(token)

  93. 	resp := MakeRequest(t, req, http.StatusOK)

  94. 	var user api.User

  95. 	DecodeJSON(t, resp, &user)

  96. 

  97. 	assert.Equal(t, normalUsername, user.UserName)

  98. }

  99. 

  100. func TestAPISudoUserForbidden(t *testing.T) {

  101. 	defer tests.PrepareTestEnv(t)()

  102. 	adminUsername := "user1"

  103. 	normalUsername := "user2"

  104. 

  105. 	token := getUserToken(t, normalUsername, auth_model.AccessTokenScopeReadAdmin)

  106. 	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/user?sudo=%s", adminUsername)).

  107. 		AddTokenAuth(token)

  108. 	MakeRequest(t, req, http.StatusForbidden)

  109. }

  110. 

  111. func TestAPIListUsers(t *testing.T) {

  112. 	defer tests.PrepareTestEnv(t)()

  113. 	adminUsername := "user1"

  114. 	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeReadAdmin)

  115. 

  116. 	req := NewRequest(t, "GET", "/api/v1/admin/users").

  117. 		AddTokenAuth(token)

  118. 	resp := MakeRequest(t, req, http.StatusOK)

  119. 	var users []api.User

  120. 	DecodeJSON(t, resp, &users)

  121. 

  122. 	found := false

  123. 	for _, user := range users {

  124. 		if user.UserName == adminUsername {

  125. 			found = true

  126. 		}

  127. 	}

  128. 	assert.True(t, found)

  129. 	numberOfUsers := unittest.GetCount(t, &user_model.User{}, "type = 0")

  130. 	assert.Len(t, users, numberOfUsers)

  131. }

  132. 

  133. func TestAPIListUsersNotLoggedIn(t *testing.T) {

  134. 	defer tests.PrepareTestEnv(t)()

  135. 	req := NewRequest(t, "GET", "/api/v1/admin/users")

  136. 	MakeRequest(t, req, http.StatusUnauthorized)

  137. }

  138. 

  139. func TestAPIListUsersNonAdmin(t *testing.T) {

  140. 	defer tests.PrepareTestEnv(t)()

  141. 	nonAdminUsername := "user2"

  142. 	token := getUserToken(t, nonAdminUsername)

  143. 	req := NewRequest(t, "GET", "/api/v1/admin/users").

  144. 		AddTokenAuth(token)

  145. 	MakeRequest(t, req, http.StatusForbidden)

  146. }

  147. 

  148. func TestAPICreateUserInvalidEmail(t *testing.T) {

  149. 	defer tests.PrepareTestEnv(t)()

  150. 	adminUsername := "user1"

  151. 	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)

  152. 	req := NewRequestWithValues(t, "POST", "/api/v1/admin/users", map[string]string{

  153. 		"email":                "invalid_email@domain.com\r\n",

  154. 		"full_name":            "invalid user",

  155. 		"login_name":           "invalidUser",

  156. 		"must_change_password": "true",

  157. 		"password":             "password",

  158. 		"send_notify":          "true",

  159. 		"source_id":            "0",

  160. 		"username":             "invalidUser",

  161. 	}).AddTokenAuth(token)

  162. 	MakeRequest(t, req, http.StatusUnprocessableEntity)

  163. }

  164. 

  165. func TestAPICreateAndDeleteUser(t *testing.T) {

  166. 	defer tests.PrepareTestEnv(t)()

  167. 	adminUsername := "user1"

  168. 	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)

  169. 

  170. 	req := NewRequestWithValues(

  171. 		t,

  172. 		"POST",

  173. 		"/api/v1/admin/users",

  174. 		map[string]string{

  175. 			"email":                "deleteme@domain.com",

  176. 			"full_name":            "delete me",

  177. 			"login_name":           "deleteme",

  178. 			"must_change_password": "true",

  179. 			"password":             "password",

  180. 			"send_notify":          "true",

  181. 			"source_id":            "0",

  182. 			"username":             "deleteme",

  183. 		},

  184. 	).AddTokenAuth(token)

  185. 	MakeRequest(t, req, http.StatusCreated)

  186. 

  187. 	req = NewRequest(t, "DELETE", "/api/v1/admin/users/deleteme").

  188. 		AddTokenAuth(token)

  189. 	MakeRequest(t, req, http.StatusNoContent)

  190. }

  191. 

  192. func TestAPIEditUser(t *testing.T) {

  193. 	defer tests.PrepareTestEnv(t)()

  194. 	adminUsername := "user1"

  195. 	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)

  196. 	urlStr := fmt.Sprintf("/api/v1/admin/users/%s", "user2")

  197. 

  198. 	req := NewRequestWithValues(t, "PATCH", urlStr, map[string]string{

  199. 		// required

  200. 		"login_name": "user2",

  201. 		"source_id":  "0",

  202. 		// to change

  203. 		"full_name": "Full Name User 2",

  204. 	}).AddTokenAuth(token)

  205. 	MakeRequest(t, req, http.StatusOK)

  206. 

  207. 	empty := ""

  208. 	req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{

  209. 		LoginName: "user2",

  210. 		SourceID:  0,

  211. 		Email:     &empty,

  212. 	}).AddTokenAuth(token)

  213. 	resp := MakeRequest(t, req, http.StatusBadRequest)

  214. 

  215. 	errMap := make(map[string]any)

  216. 	json.Unmarshal(resp.Body.Bytes(), &errMap)

  217. 	assert.EqualValues(t, "e-mail invalid [email: ]", errMap["message"].(string))

  218. 

  219. 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{LoginName: "user2"})

  220. 	assert.False(t, user2.IsRestricted)

  221. 	bTrue := true

  222. 	req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{

  223. 		// required

  224. 		LoginName: "user2",

  225. 		SourceID:  0,

  226. 		// to change

  227. 		Restricted: &bTrue,

  228. 	}).AddTokenAuth(token)

  229. 	MakeRequest(t, req, http.StatusOK)

  230. 	user2 = unittest.AssertExistsAndLoadBean(t, &user_model.User{LoginName: "user2"})

  231. 	assert.True(t, user2.IsRestricted)

  232. }

  233. 

  234. func TestAPICreateRepoForUser(t *testing.T) {

  235. 	defer tests.PrepareTestEnv(t)()

  236. 	adminUsername := "user1"

  237. 	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)

  238. 

  239. 	req := NewRequestWithJSON(

  240. 		t,

  241. 		"POST",

  242. 		fmt.Sprintf("/api/v1/admin/users/%s/repos", adminUsername),

  243. 		&api.CreateRepoOption{

  244. 			Name: "admincreatedrepo",

  245. 		},

  246. 	).AddTokenAuth(token)

  247. 	MakeRequest(t, req, http.StatusCreated)

  248. }

  249. 

  250. func TestAPIRenameUser(t *testing.T) {

  251. 	defer tests.PrepareTestEnv(t)()

  252. 	adminUsername := "user1"

  253. 	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)

  254. 	urlStr := fmt.Sprintf("/api/v1/admin/users/%s/rename", "user2")

  255. 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{

  256. 		// required

  257. 		"new_name": "User2",

  258. 	}).AddTokenAuth(token)

  259. 	MakeRequest(t, req, http.StatusNoContent)

  260. 

  261. 	urlStr = fmt.Sprintf("/api/v1/admin/users/%s/rename", "User2")

  262. 	req = NewRequestWithValues(t, "POST", urlStr, map[string]string{

  263. 		// required

  264. 		"new_name": "User2-2-2",

  265. 	}).AddTokenAuth(token)

  266. 	MakeRequest(t, req, http.StatusNoContent)

  267. 

  268. 	req = NewRequestWithValues(t, "POST", urlStr, map[string]string{

  269. 		// required

  270. 		"new_name": "user1",

  271. 	}).AddTokenAuth(token)

  272. 	// the old user name still be used by with a redirect

  273. 	MakeRequest(t, req, http.StatusTemporaryRedirect)

  274. 

  275. 	urlStr = fmt.Sprintf("/api/v1/admin/users/%s/rename", "User2-2-2")

  276. 	req = NewRequestWithValues(t, "POST", urlStr, map[string]string{

  277. 		// required

  278. 		"new_name": "user1",

  279. 	}).AddTokenAuth(token)

  280. 	MakeRequest(t, req, http.StatusUnprocessableEntity)

  281. 

  282. 	req = NewRequestWithValues(t, "POST", urlStr, map[string]string{

  283. 		// required

  284. 		"new_name": "user2",

  285. 	}).AddTokenAuth(token)

  286. 	MakeRequest(t, req, http.StatusNoContent)

  287. }

  288. 

  289. func TestAPICron(t *testing.T) {

  290. 	defer tests.PrepareTestEnv(t)()

  291. 

  292. 	// user1 is an admin user

  293. 	session := loginUser(t, "user1")

  294. 

  295. 	t.Run("List", func(t *testing.T) {

  296. 		defer tests.PrintCurrentTest(t)()

  297. 

  298. 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadAdmin)

  299. 

  300. 		req := NewRequest(t, "GET", "/api/v1/admin/cron").

  301. 			AddTokenAuth(token)

  302. 		resp := MakeRequest(t, req, http.StatusOK)

  303. 

  304. 		assert.Equal(t, "28", resp.Header().Get("X-Total-Count"))

  305. 

  306. 		var crons []api.Cron

  307. 		DecodeJSON(t, resp, &crons)

  308. 		assert.Len(t, crons, 28)

  309. 	})

  310. 

  311. 	t.Run("Execute", func(t *testing.T) {

  312. 		defer tests.PrintCurrentTest(t)()

  313. 

  314. 		now := time.Now()

  315. 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteAdmin)

  316. 		// Archive cleanup is harmless, because in the test environment there are none

  317. 		// and is thus an NOOP operation and therefore doesn't interfere with any other

  318. 		// tests.

  319. 		req := NewRequest(t, "POST", "/api/v1/admin/cron/archive_cleanup").

  320. 			AddTokenAuth(token)

  321. 		MakeRequest(t, req, http.StatusNoContent)

  322. 

  323. 		// Check for the latest run time for this cron, to ensure it has been run.

  324. 		req = NewRequest(t, "GET", "/api/v1/admin/cron").

  325. 			AddTokenAuth(token)

  326. 		resp := MakeRequest(t, req, http.StatusOK)

  327. 

  328. 		var crons []api.Cron

  329. 		DecodeJSON(t, resp, &crons)

  330. 

  331. 		for _, cron := range crons {

  332. 			if cron.Name == "archive_cleanup" {

  333. 				assert.True(t, now.Before(cron.Prev))

  334. 			}

  335. 		}

  336. 	})

  337. }

  338. 

  339. func TestAPICreateUser_NotAllowedEmailDomain(t *testing.T) {

  340. 	defer tests.PrepareTestEnv(t)()

  341. 

  342. 	setting.Service.EmailDomainAllowList = []glob.Glob{glob.MustCompile("example.org")}

  343. 	defer func() {

  344. 		setting.Service.EmailDomainAllowList = []glob.Glob{}

  345. 	}()

  346. 

  347. 	adminUsername := "user1"

  348. 	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)

  349. 

  350. 	req := NewRequestWithValues(t, "POST", "/api/v1/admin/users", map[string]string{

  351. 		"email":                "allowedUser1@example1.org",

  352. 		"login_name":           "allowedUser1",

  353. 		"username":             "allowedUser1",

  354. 		"password":             "allowedUser1_pass",

  355. 		"must_change_password": "true",

  356. 	}).AddTokenAuth(token)

  357. 	resp := MakeRequest(t, req, http.StatusCreated)

  358. 	assert.Equal(t, "the domain of user email allowedUser1@example1.org conflicts with EMAIL_DOMAIN_ALLOWLIST or EMAIL_DOMAIN_BLOCKLIST", resp.Header().Get("X-Gitea-Warning"))

  359. 

  360. 	req = NewRequest(t, "DELETE", "/api/v1/admin/users/allowedUser1").AddTokenAuth(token)

  361. 	MakeRequest(t, req, http.StatusNoContent)

  362. }

  363. 

  364. func TestAPIEditUser_NotAllowedEmailDomain(t *testing.T) {

  365. 	defer tests.PrepareTestEnv(t)()

  366. 

  367. 	setting.Service.EmailDomainAllowList = []glob.Glob{glob.MustCompile("example.org")}

  368. 	defer func() {

  369. 		setting.Service.EmailDomainAllowList = []glob.Glob{}

  370. 	}()

  371. 

  372. 	adminUsername := "user1"

  373. 	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)

  374. 	urlStr := fmt.Sprintf("/api/v1/admin/users/%s", "user2")

  375. 

  376. 	newEmail := "user2@example1.com"

  377. 	req := NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{

  378. 		LoginName: "user2",

  379. 		SourceID:  0,

  380. 		Email:     &newEmail,

  381. 	}).AddTokenAuth(token)

  382. 	resp := MakeRequest(t, req, http.StatusOK)

  383. 	assert.Equal(t, "the domain of user email user2@example1.com conflicts with EMAIL_DOMAIN_ALLOWLIST or EMAIL_DOMAIN_BLOCKLIST", resp.Header().Get("X-Gitea-Warning"))

  384. 

  385. 	originalEmail := "user2@example.com"

  386. 	req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{

  387. 		LoginName: "user2",

  388. 		SourceID:  0,

  389. 		Email:     &originalEmail,

  390. 	}).AddTokenAuth(token)

  391. 	MakeRequest(t, req, http.StatusOK)

  392. }