mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
13586 Commits
17 Branches
Tree: ae52df6a64
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ae52df6a64'
${ noResults }
gitea/integrations/api_repo_test.go

api_repo_test.go 26KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package integrations

  6. 

  7. import (

  8. 	"fmt"

  9. 	"net/http"

  10. 	"net/url"

  11. 	"os"

  12. 	"testing"

  13. 

  14. 	"code.gitea.io/gitea/models"

  15. 	"code.gitea.io/gitea/models/db"

  16. 	access_model "code.gitea.io/gitea/models/perm/access"

  17. 	repo_model "code.gitea.io/gitea/models/repo"

  18. 	"code.gitea.io/gitea/models/unittest"

  19. 	user_model "code.gitea.io/gitea/models/user"

  20. 	"code.gitea.io/gitea/modules/setting"

  21. 	api "code.gitea.io/gitea/modules/structs"

  22. 	"code.gitea.io/gitea/modules/util"

  23. 

  24. 	"github.com/stretchr/testify/assert"

  25. )

  26. 

  27. func TestAPIUserReposNotLogin(t *testing.T) {

  28. 	defer prepareTestEnv(t)()

  29. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  30. 

  31. 	req := NewRequestf(t, "GET", "/api/v1/users/%s/repos", user.Name)

  32. 	resp := MakeRequest(t, req, http.StatusOK)

  33. 

  34. 	var apiRepos []api.Repository

  35. 	DecodeJSON(t, resp, &apiRepos)

  36. 	expectedLen := unittest.GetCount(t, repo_model.Repository{OwnerID: user.ID},

  37. 		unittest.Cond("is_private = ?", false))

  38. 	assert.Len(t, apiRepos, expectedLen)

  39. 	for _, repo := range apiRepos {

  40. 		assert.EqualValues(t, user.ID, repo.Owner.ID)

  41. 		assert.False(t, repo.Private)

  42. 	}

  43. }

  44. 

  45. func TestAPISearchRepo(t *testing.T) {

  46. 	defer prepareTestEnv(t)()

  47. 	const keyword = "test"

  48. 

  49. 	req := NewRequestf(t, "GET", "/api/v1/repos/search?q=%s", keyword)

  50. 	resp := MakeRequest(t, req, http.StatusOK)

  51. 

  52. 	var body api.SearchResults

  53. 	DecodeJSON(t, resp, &body)

  54. 	assert.NotEmpty(t, body.Data)

  55. 	for _, repo := range body.Data {

  56. 		assert.Contains(t, repo.Name, keyword)

  57. 		assert.False(t, repo.Private)

  58. 	}

  59. 

  60. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15}).(*user_model.User)

  61. 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 16}).(*user_model.User)

  62. 	user3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 18}).(*user_model.User)

  63. 	user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20}).(*user_model.User)

  64. 	orgUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 17}).(*user_model.User)

  65. 

  66. 	oldAPIDefaultNum := setting.API.DefaultPagingNum

  67. 	defer func() {

  68. 		setting.API.DefaultPagingNum = oldAPIDefaultNum

  69. 	}()

  70. 	setting.API.DefaultPagingNum = 10

  71. 

  72. 	// Map of expected results, where key is user for login

  73. 	type expectedResults map[*user_model.User]struct {

  74. 		count           int

  75. 		repoOwnerID     int64

  76. 		repoName        string

  77. 		includesPrivate bool

  78. 	}

  79. 

  80. 	testCases := []struct {

  81. 		name, requestURL string

  82. 		expectedResults

  83. 	}{

  84. 		{

  85. 			name: "RepositoriesMax50", requestURL: "/api/v1/repos/search?limit=50&private=false", expectedResults: expectedResults{

  86. 				nil:   {count: 30},

  87. 				user:  {count: 30},

  88. 				user2: {count: 30},

  89. 			},

  90. 		},

  91. 		{

  92. 			name: "RepositoriesMax10", requestURL: "/api/v1/repos/search?limit=10&private=false", expectedResults: expectedResults{

  93. 				nil:   {count: 10},

  94. 				user:  {count: 10},

  95. 				user2: {count: 10},

  96. 			},

  97. 		},

  98. 		{

  99. 			name: "RepositoriesDefault", requestURL: "/api/v1/repos/search?default&private=false", expectedResults: expectedResults{

  100. 				nil:   {count: 10},

  101. 				user:  {count: 10},

  102. 				user2: {count: 10},

  103. 			},

  104. 		},

  105. 		{

  106. 			name: "RepositoriesByName", requestURL: fmt.Sprintf("/api/v1/repos/search?q=%s&private=false", "big_test_"), expectedResults: expectedResults{

  107. 				nil:   {count: 7, repoName: "big_test_"},

  108. 				user:  {count: 7, repoName: "big_test_"},

  109. 				user2: {count: 7, repoName: "big_test_"},

  110. 			},

  111. 		},

  112. 		{

  113. 			name: "RepositoriesByName", requestURL: fmt.Sprintf("/api/v1/repos/search?q=%s&private=false", "user2/big_test_"), expectedResults: expectedResults{

  114. 				user2: {count: 2, repoName: "big_test_"},

  115. 			},

  116. 		},

  117. 		{

  118. 			name: "RepositoriesAccessibleAndRelatedToUser", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user.ID), expectedResults: expectedResults{

  119. 				nil:   {count: 5},

  120. 				user:  {count: 9, includesPrivate: true},

  121. 				user2: {count: 6, includesPrivate: true},

  122. 			},

  123. 		},

  124. 		{

  125. 			name: "RepositoriesAccessibleAndRelatedToUser2", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user2.ID), expectedResults: expectedResults{

  126. 				nil:   {count: 1},

  127. 				user:  {count: 2, includesPrivate: true},

  128. 				user2: {count: 2, includesPrivate: true},

  129. 				user4: {count: 1},

  130. 			},

  131. 		},

  132. 		{

  133. 			name: "RepositoriesAccessibleAndRelatedToUser3", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user3.ID), expectedResults: expectedResults{

  134. 				nil:   {count: 1},

  135. 				user:  {count: 4, includesPrivate: true},

  136. 				user2: {count: 3, includesPrivate: true},

  137. 				user3: {count: 4, includesPrivate: true},

  138. 			},

  139. 		},

  140. 		{

  141. 			name: "RepositoriesOwnedByOrganization", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", orgUser.ID), expectedResults: expectedResults{

  142. 				nil:   {count: 1, repoOwnerID: orgUser.ID},

  143. 				user:  {count: 2, repoOwnerID: orgUser.ID, includesPrivate: true},

  144. 				user2: {count: 1, repoOwnerID: orgUser.ID},

  145. 			},

  146. 		},

  147. 		{name: "RepositoriesAccessibleAndRelatedToUser4", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user4.ID), expectedResults: expectedResults{

  148. 			nil:   {count: 3},

  149. 			user:  {count: 4, includesPrivate: true},

  150. 			user4: {count: 7, includesPrivate: true},

  151. 		}},

  152. 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeSource", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "source"), expectedResults: expectedResults{

  153. 			nil:   {count: 0},

  154. 			user:  {count: 1, includesPrivate: true},

  155. 			user4: {count: 1, includesPrivate: true},

  156. 		}},

  157. 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeFork", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "fork"), expectedResults: expectedResults{

  158. 			nil:   {count: 1},

  159. 			user:  {count: 1},

  160. 			user4: {count: 2, includesPrivate: true},

  161. 		}},

  162. 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeFork/Exclusive", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s&exclusive=1", user4.ID, "fork"), expectedResults: expectedResults{

  163. 			nil:   {count: 1},

  164. 			user:  {count: 1},

  165. 			user4: {count: 2, includesPrivate: true},

  166. 		}},

  167. 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeMirror", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "mirror"), expectedResults: expectedResults{

  168. 			nil:   {count: 2},

  169. 			user:  {count: 2},

  170. 			user4: {count: 4, includesPrivate: true},

  171. 		}},

  172. 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeMirror/Exclusive", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s&exclusive=1", user4.ID, "mirror"), expectedResults: expectedResults{

  173. 			nil:   {count: 1},

  174. 			user:  {count: 1},

  175. 			user4: {count: 2, includesPrivate: true},

  176. 		}},

  177. 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeCollaborative", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "collaborative"), expectedResults: expectedResults{

  178. 			nil:   {count: 0},

  179. 			user:  {count: 1, includesPrivate: true},

  180. 			user4: {count: 1, includesPrivate: true},

  181. 		}},

  182. 	}

  183. 

  184. 	for _, testCase := range testCases {

  185. 		t.Run(testCase.name, func(t *testing.T) {

  186. 			for userToLogin, expected := range testCase.expectedResults {

  187. 				var session *TestSession

  188. 				var testName string

  189. 				var userID int64

  190. 				var token string

  191. 				if userToLogin != nil && userToLogin.ID > 0 {

  192. 					testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)

  193. 					session = loginUser(t, userToLogin.Name)

  194. 					token = getTokenForLoggedInUser(t, session)

  195. 					userID = userToLogin.ID

  196. 				} else {

  197. 					testName = "AnonymousUser"

  198. 					session = emptyTestSession(t)

  199. 				}

  200. 

  201. 				t.Run(testName, func(t *testing.T) {

  202. 					request := NewRequest(t, "GET", testCase.requestURL+"&token="+token)

  203. 					response := session.MakeRequest(t, request, http.StatusOK)

  204. 

  205. 					var body api.SearchResults

  206. 					DecodeJSON(t, response, &body)

  207. 

  208. 					repoNames := make([]string, 0, len(body.Data))

  209. 					for _, repo := range body.Data {

  210. 						repoNames = append(repoNames, fmt.Sprintf("%d:%s:%t", repo.ID, repo.FullName, repo.Private))

  211. 					}

  212. 					assert.Len(t, repoNames, expected.count)

  213. 					for _, repo := range body.Data {

  214. 						r := getRepo(t, repo.ID)

  215. 						hasAccess, err := access_model.HasAccess(db.DefaultContext, userID, r)

  216. 						assert.NoError(t, err, "Error when checking if User: %d has access to %s: %v", userID, repo.FullName, err)

  217. 						assert.True(t, hasAccess, "User: %d does not have access to %s", userID, repo.FullName)

  218. 

  219. 						assert.NotEmpty(t, repo.Name)

  220. 						assert.Equal(t, repo.Name, r.Name)

  221. 

  222. 						if len(expected.repoName) > 0 {

  223. 							assert.Contains(t, repo.Name, expected.repoName)

  224. 						}

  225. 

  226. 						if expected.repoOwnerID > 0 {

  227. 							assert.Equal(t, expected.repoOwnerID, repo.Owner.ID)

  228. 						}

  229. 

  230. 						if !expected.includesPrivate {

  231. 							assert.False(t, repo.Private, "User: %d not expecting private repository: %s", userID, repo.FullName)

  232. 						}

  233. 					}

  234. 				})

  235. 			}

  236. 		})

  237. 	}

  238. }

  239. 

  240. var repoCache = make(map[int64]*repo_model.Repository)

  241. 

  242. func getRepo(t *testing.T, repoID int64) *repo_model.Repository {

  243. 	if _, ok := repoCache[repoID]; !ok {

  244. 		repoCache[repoID] = unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: repoID}).(*repo_model.Repository)

  245. 	}

  246. 	return repoCache[repoID]

  247. }

  248. 

  249. func TestAPIViewRepo(t *testing.T) {

  250. 	defer prepareTestEnv(t)()

  251. 

  252. 	var repo api.Repository

  253. 

  254. 	req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1")

  255. 	resp := MakeRequest(t, req, http.StatusOK)

  256. 	DecodeJSON(t, resp, &repo)

  257. 	assert.EqualValues(t, 1, repo.ID)

  258. 	assert.EqualValues(t, "repo1", repo.Name)

  259. 	assert.EqualValues(t, 2, repo.Releases)

  260. 	assert.EqualValues(t, 1, repo.OpenIssues)

  261. 	assert.EqualValues(t, 3, repo.OpenPulls)

  262. 

  263. 	req = NewRequest(t, "GET", "/api/v1/repos/user12/repo10")

  264. 	resp = MakeRequest(t, req, http.StatusOK)

  265. 	DecodeJSON(t, resp, &repo)

  266. 	assert.EqualValues(t, 10, repo.ID)

  267. 	assert.EqualValues(t, "repo10", repo.Name)

  268. 	assert.EqualValues(t, 1, repo.OpenPulls)

  269. 	assert.EqualValues(t, 1, repo.Forks)

  270. 

  271. 	req = NewRequest(t, "GET", "/api/v1/repos/user5/repo4")

  272. 	resp = MakeRequest(t, req, http.StatusOK)

  273. 	DecodeJSON(t, resp, &repo)

  274. 	assert.EqualValues(t, 4, repo.ID)

  275. 	assert.EqualValues(t, "repo4", repo.Name)

  276. 	assert.EqualValues(t, 1, repo.Stars)

  277. }

  278. 

  279. func TestAPIOrgRepos(t *testing.T) {

  280. 	defer prepareTestEnv(t)()

  281. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  282. 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  283. 	user3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)

  284. 	// User3 is an Org. Check their repos.

  285. 	sourceOrg := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}).(*user_model.User)

  286. 

  287. 	expectedResults := map[*user_model.User]struct {

  288. 		count           int

  289. 		includesPrivate bool

  290. 	}{

  291. 		nil:   {count: 1},

  292. 		user:  {count: 3, includesPrivate: true},

  293. 		user2: {count: 3, includesPrivate: true},

  294. 		user3: {count: 1},

  295. 	}

  296. 

  297. 	for userToLogin, expected := range expectedResults {

  298. 		var session *TestSession

  299. 		var testName string

  300. 		var token string

  301. 		if userToLogin != nil && userToLogin.ID > 0 {

  302. 			testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID)

  303. 			session = loginUser(t, userToLogin.Name)

  304. 			token = getTokenForLoggedInUser(t, session)

  305. 		} else {

  306. 			testName = "AnonymousUser"

  307. 			session = emptyTestSession(t)

  308. 		}

  309. 		t.Run(testName, func(t *testing.T) {

  310. 			req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token="+token, sourceOrg.Name)

  311. 			resp := session.MakeRequest(t, req, http.StatusOK)

  312. 

  313. 			var apiRepos []*api.Repository

  314. 			DecodeJSON(t, resp, &apiRepos)

  315. 			assert.Len(t, apiRepos, expected.count)

  316. 			for _, repo := range apiRepos {

  317. 				if !expected.includesPrivate {

  318. 					assert.False(t, repo.Private)

  319. 				}

  320. 			}

  321. 		})

  322. 	}

  323. }

  324. 

  325. func TestAPIGetRepoByIDUnauthorized(t *testing.T) {

  326. 	defer prepareTestEnv(t)()

  327. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}).(*user_model.User)

  328. 	session := loginUser(t, user.Name)

  329. 	token := getTokenForLoggedInUser(t, session)

  330. 	req := NewRequestf(t, "GET", "/api/v1/repositories/2?token="+token)

  331. 	session.MakeRequest(t, req, http.StatusNotFound)

  332. }

  333. 

  334. func TestAPIRepoMigrate(t *testing.T) {

  335. 	testCases := []struct {

  336. 		ctxUserID, userID  int64

  337. 		cloneURL, repoName string

  338. 		expectedStatus     int

  339. 	}{

  340. 		{ctxUserID: 1, userID: 2, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-admin", expectedStatus: http.StatusCreated},

  341. 		{ctxUserID: 2, userID: 2, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-own", expectedStatus: http.StatusCreated},

  342. 		{ctxUserID: 2, userID: 1, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-bad", expectedStatus: http.StatusForbidden},

  343. 		{ctxUserID: 2, userID: 3, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-org", expectedStatus: http.StatusCreated},

  344. 		{ctxUserID: 2, userID: 6, cloneURL: "https://github.com/go-gitea/test_repo.git", repoName: "git-bad-org", expectedStatus: http.StatusForbidden},

  345. 		{ctxUserID: 2, userID: 3, cloneURL: "https://localhost:3000/user/test_repo.git", repoName: "private-ip", expectedStatus: http.StatusUnprocessableEntity},

  346. 		{ctxUserID: 2, userID: 3, cloneURL: "https://10.0.0.1/user/test_repo.git", repoName: "private-ip", expectedStatus: http.StatusUnprocessableEntity},

  347. 	}

  348. 

  349. 	defer prepareTestEnv(t)()

  350. 	for _, testCase := range testCases {

  351. 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: testCase.ctxUserID}).(*user_model.User)

  352. 		session := loginUser(t, user.Name)

  353. 		token := getTokenForLoggedInUser(t, session)

  354. 		req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate?token="+token, &api.MigrateRepoOptions{

  355. 			CloneAddr:   testCase.cloneURL,

  356. 			RepoOwnerID: testCase.userID,

  357. 			RepoName:    testCase.repoName,

  358. 		})

  359. 		resp := MakeRequest(t, req, NoExpectedStatus)

  360. 		if resp.Code == http.StatusUnprocessableEntity {

  361. 			respJSON := map[string]string{}

  362. 			DecodeJSON(t, resp, &respJSON)

  363. 			switch respJSON["message"] {

  364. 			case "Remote visit addressed rate limitation.":

  365. 				t.Log("test hit github rate limitation")

  366. 			case "You can not import from disallowed hosts.":

  367. 				assert.EqualValues(t, "private-ip", testCase.repoName)

  368. 			default:

  369. 				assert.Failf(t, "unexpected error '%v' on url '%s'", respJSON["message"], testCase.cloneURL)

  370. 			}

  371. 		} else {

  372. 			assert.EqualValues(t, testCase.expectedStatus, resp.Code)

  373. 		}

  374. 	}

  375. }

  376. 

  377. func TestAPIRepoMigrateConflict(t *testing.T) {

  378. 	onGiteaRun(t, testAPIRepoMigrateConflict)

  379. }

  380. 

  381. func testAPIRepoMigrateConflict(t *testing.T, u *url.URL) {

  382. 	username := "user2"

  383. 	baseAPITestContext := NewAPITestContext(t, username, "repo1")

  384. 

  385. 	u.Path = baseAPITestContext.GitPath()

  386. 

  387. 	t.Run("Existing", func(t *testing.T) {

  388. 		httpContext := baseAPITestContext

  389. 

  390. 		httpContext.Reponame = "repo-tmp-17"

  391. 		dstPath, err := os.MkdirTemp("", httpContext.Reponame)

  392. 		assert.NoError(t, err)

  393. 		defer util.RemoveAll(dstPath)

  394. 		t.Run("CreateRepo", doAPICreateRepository(httpContext, false))

  395. 

  396. 		user, err := user_model.GetUserByName(db.DefaultContext, httpContext.Username)

  397. 		assert.NoError(t, err)

  398. 		userID := user.ID

  399. 

  400. 		cloneURL := "https://github.com/go-gitea/test_repo.git"

  401. 

  402. 		req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate?token="+httpContext.Token,

  403. 			&api.MigrateRepoOptions{

  404. 				CloneAddr:   cloneURL,

  405. 				RepoOwnerID: userID,

  406. 				RepoName:    httpContext.Reponame,

  407. 			})

  408. 		resp := httpContext.Session.MakeRequest(t, req, http.StatusConflict)

  409. 		respJSON := map[string]string{}

  410. 		DecodeJSON(t, resp, &respJSON)

  411. 		assert.Equal(t, "The repository with the same name already exists.", respJSON["message"])

  412. 	})

  413. }

  414. 

  415. // mirror-sync must fail with "400 (Bad Request)" when an attempt is made to

  416. // sync a non-mirror repository.

  417. func TestAPIMirrorSyncNonMirrorRepo(t *testing.T) {

  418. 	defer prepareTestEnv(t)()

  419. 

  420. 	session := loginUser(t, "user2")

  421. 	token := getTokenForLoggedInUser(t, session)

  422. 

  423. 	var repo api.Repository

  424. 	req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1")

  425. 	resp := MakeRequest(t, req, http.StatusOK)

  426. 	DecodeJSON(t, resp, &repo)

  427. 	assert.EqualValues(t, false, repo.Mirror)

  428. 

  429. 	req = NewRequestf(t, "POST", "/api/v1/repos/user2/repo1/mirror-sync?token=%s", token)

  430. 	resp = session.MakeRequest(t, req, http.StatusBadRequest)

  431. 	errRespJSON := map[string]string{}

  432. 	DecodeJSON(t, resp, &errRespJSON)

  433. 	assert.Equal(t, "Repository is not a mirror", errRespJSON["message"])

  434. }

  435. 

  436. func TestAPIOrgRepoCreate(t *testing.T) {

  437. 	testCases := []struct {

  438. 		ctxUserID         int64

  439. 		orgName, repoName string

  440. 		expectedStatus    int

  441. 	}{

  442. 		{ctxUserID: 1, orgName: "user3", repoName: "repo-admin", expectedStatus: http.StatusCreated},

  443. 		{ctxUserID: 2, orgName: "user3", repoName: "repo-own", expectedStatus: http.StatusCreated},

  444. 		{ctxUserID: 2, orgName: "user6", repoName: "repo-bad-org", expectedStatus: http.StatusForbidden},

  445. 		{ctxUserID: 28, orgName: "user3", repoName: "repo-creator", expectedStatus: http.StatusCreated},

  446. 		{ctxUserID: 28, orgName: "user6", repoName: "repo-not-creator", expectedStatus: http.StatusForbidden},

  447. 	}

  448. 

  449. 	defer prepareTestEnv(t)()

  450. 	for _, testCase := range testCases {

  451. 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: testCase.ctxUserID}).(*user_model.User)

  452. 		session := loginUser(t, user.Name)

  453. 		token := getTokenForLoggedInUser(t, session)

  454. 		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/org/%s/repos?token="+token, testCase.orgName), &api.CreateRepoOption{

  455. 			Name: testCase.repoName,

  456. 		})

  457. 		session.MakeRequest(t, req, testCase.expectedStatus)

  458. 	}

  459. }

  460. 

  461. func TestAPIRepoCreateConflict(t *testing.T) {

  462. 	onGiteaRun(t, testAPIRepoCreateConflict)

  463. }

  464. 

  465. func testAPIRepoCreateConflict(t *testing.T, u *url.URL) {

  466. 	username := "user2"

  467. 	baseAPITestContext := NewAPITestContext(t, username, "repo1")

  468. 

  469. 	u.Path = baseAPITestContext.GitPath()

  470. 

  471. 	t.Run("Existing", func(t *testing.T) {

  472. 		httpContext := baseAPITestContext

  473. 

  474. 		httpContext.Reponame = "repo-tmp-17"

  475. 		dstPath, err := os.MkdirTemp("", httpContext.Reponame)

  476. 		assert.NoError(t, err)

  477. 		defer util.RemoveAll(dstPath)

  478. 		t.Run("CreateRepo", doAPICreateRepository(httpContext, false))

  479. 

  480. 		req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+httpContext.Token,

  481. 			&api.CreateRepoOption{

  482. 				Name: httpContext.Reponame,

  483. 			})

  484. 		resp := httpContext.Session.MakeRequest(t, req, http.StatusConflict)

  485. 		respJSON := map[string]string{}

  486. 		DecodeJSON(t, resp, &respJSON)

  487. 		assert.Equal(t, respJSON["message"], "The repository with the same name already exists.")

  488. 	})

  489. }

  490. 

  491. func TestAPIRepoTransfer(t *testing.T) {

  492. 	testCases := []struct {

  493. 		ctxUserID      int64

  494. 		newOwner       string

  495. 		teams          *[]int64

  496. 		expectedStatus int

  497. 	}{

  498. 		// Disclaimer for test story: "user1" is an admin, "user2" is normal user and part of in owner team of org "user3"

  499. 		// Transfer to a user with teams in another org should fail

  500. 		{ctxUserID: 1, newOwner: "user3", teams: &[]int64{5}, expectedStatus: http.StatusForbidden},

  501. 		// Transfer to a user with non-existent team IDs should fail

  502. 		{ctxUserID: 1, newOwner: "user2", teams: &[]int64{2}, expectedStatus: http.StatusUnprocessableEntity},

  503. 		// Transfer should go through

  504. 		{ctxUserID: 1, newOwner: "user3", teams: &[]int64{2}, expectedStatus: http.StatusAccepted},

  505. 		// Let user transfer it back to himself

  506. 		{ctxUserID: 2, newOwner: "user2", expectedStatus: http.StatusAccepted},

  507. 		// And revert transfer

  508. 		{ctxUserID: 2, newOwner: "user3", teams: &[]int64{2}, expectedStatus: http.StatusAccepted},

  509. 		// Cannot start transfer to an existing repo

  510. 		{ctxUserID: 2, newOwner: "user3", teams: nil, expectedStatus: http.StatusUnprocessableEntity},

  511. 		// Start transfer, repo is now in pending transfer mode

  512. 		{ctxUserID: 2, newOwner: "user6", teams: nil, expectedStatus: http.StatusCreated},

  513. 	}

  514. 

  515. 	defer prepareTestEnv(t)()

  516. 

  517. 	// create repo to move

  518. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  519. 	session := loginUser(t, user.Name)

  520. 	token := getTokenForLoggedInUser(t, session)

  521. 	repoName := "moveME"

  522. 	apiRepo := new(api.Repository)

  523. 	req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/user/repos?token=%s", token), &api.CreateRepoOption{

  524. 		Name:        repoName,

  525. 		Description: "repo move around",

  526. 		Private:     false,

  527. 		Readme:      "Default",

  528. 		AutoInit:    true,

  529. 	})

  530. 	resp := session.MakeRequest(t, req, http.StatusCreated)

  531. 	DecodeJSON(t, resp, apiRepo)

  532. 

  533. 	// start testing

  534. 	for _, testCase := range testCases {

  535. 		user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: testCase.ctxUserID}).(*user_model.User)

  536. 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: apiRepo.ID}).(*repo_model.Repository)

  537. 		session = loginUser(t, user.Name)

  538. 		token = getTokenForLoggedInUser(t, session)

  539. 		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer?token=%s", repo.OwnerName, repo.Name, token), &api.TransferRepoOption{

  540. 			NewOwner: testCase.newOwner,

  541. 			TeamIDs:  testCase.teams,

  542. 		})

  543. 		session.MakeRequest(t, req, testCase.expectedStatus)

  544. 	}

  545. 

  546. 	// cleanup

  547. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: apiRepo.ID}).(*repo_model.Repository)

  548. 	_ = models.DeleteRepository(user, repo.OwnerID, repo.ID)

  549. }

  550. 

  551. func transfer(t *testing.T) *repo_model.Repository {

  552. 	// create repo to move

  553. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  554. 	session := loginUser(t, user.Name)

  555. 	token := getTokenForLoggedInUser(t, session)

  556. 	repoName := "moveME"

  557. 	apiRepo := new(api.Repository)

  558. 	req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/user/repos?token=%s", token), &api.CreateRepoOption{

  559. 		Name:        repoName,

  560. 		Description: "repo move around",

  561. 		Private:     false,

  562. 		Readme:      "Default",

  563. 		AutoInit:    true,

  564. 	})

  565. 

  566. 	resp := session.MakeRequest(t, req, http.StatusCreated)

  567. 	DecodeJSON(t, resp, apiRepo)

  568. 

  569. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: apiRepo.ID}).(*repo_model.Repository)

  570. 	req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer?token=%s", repo.OwnerName, repo.Name, token), &api.TransferRepoOption{

  571. 		NewOwner: "user4",

  572. 	})

  573. 	session.MakeRequest(t, req, http.StatusCreated)

  574. 

  575. 	return repo

  576. }

  577. 

  578. func TestAPIAcceptTransfer(t *testing.T) {

  579. 	defer prepareTestEnv(t)()

  580. 

  581. 	repo := transfer(t)

  582. 

  583. 	// try to accept with not authorized user

  584. 	session := loginUser(t, "user2")

  585. 	token := getTokenForLoggedInUser(t, session)

  586. 	req := NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/reject?token=%s", repo.OwnerName, repo.Name, token))

  587. 	session.MakeRequest(t, req, http.StatusForbidden)

  588. 

  589. 	// try to accept repo that's not marked as transferred

  590. 	req = NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/accept?token=%s", "user2", "repo1", token))

  591. 	session.MakeRequest(t, req, http.StatusNotFound)

  592. 

  593. 	// accept transfer

  594. 	session = loginUser(t, "user4")

  595. 	token = getTokenForLoggedInUser(t, session)

  596. 

  597. 	req = NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/accept?token=%s", repo.OwnerName, repo.Name, token))

  598. 	resp := session.MakeRequest(t, req, http.StatusAccepted)

  599. 	apiRepo := new(api.Repository)

  600. 	DecodeJSON(t, resp, apiRepo)

  601. 	assert.Equal(t, "user4", apiRepo.Owner.UserName)

  602. }

  603. 

  604. func TestAPIRejectTransfer(t *testing.T) {

  605. 	defer prepareTestEnv(t)()

  606. 

  607. 	repo := transfer(t)

  608. 

  609. 	// try to reject with not authorized user

  610. 	session := loginUser(t, "user2")

  611. 	token := getTokenForLoggedInUser(t, session)

  612. 	req := NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/reject?token=%s", repo.OwnerName, repo.Name, token))

  613. 	session.MakeRequest(t, req, http.StatusForbidden)

  614. 

  615. 	// try to reject repo that's not marked as transferred

  616. 	req = NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/reject?token=%s", "user2", "repo1", token))

  617. 	session.MakeRequest(t, req, http.StatusNotFound)

  618. 

  619. 	// reject transfer

  620. 	session = loginUser(t, "user4")

  621. 	token = getTokenForLoggedInUser(t, session)

  622. 

  623. 	req = NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/reject?token=%s", repo.OwnerName, repo.Name, token))

  624. 	resp := session.MakeRequest(t, req, http.StatusOK)

  625. 	apiRepo := new(api.Repository)

  626. 	DecodeJSON(t, resp, apiRepo)

  627. 	assert.Equal(t, "user2", apiRepo.Owner.UserName)

  628. }

  629. 

  630. func TestAPIGenerateRepo(t *testing.T) {

  631. 	defer prepareTestEnv(t)()

  632. 

  633. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

  634. 	session := loginUser(t, user.Name)

  635. 	token := getTokenForLoggedInUser(t, session)

  636. 

  637. 	templateRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 44}).(*repo_model.Repository)

  638. 

  639. 	// user

  640. 	repo := new(api.Repository)

  641. 	req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/generate?token=%s", templateRepo.OwnerName, templateRepo.Name, token), &api.GenerateRepoOption{

  642. 		Owner:       user.Name,

  643. 		Name:        "new-repo",

  644. 		Description: "test generate repo",

  645. 		Private:     false,

  646. 		GitContent:  true,

  647. 	})

  648. 	resp := session.MakeRequest(t, req, http.StatusCreated)

  649. 	DecodeJSON(t, resp, repo)

  650. 

  651. 	assert.Equal(t, "new-repo", repo.Name)

  652. 

  653. 	// org

  654. 	req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/generate?token=%s", templateRepo.OwnerName, templateRepo.Name, token), &api.GenerateRepoOption{

  655. 		Owner:       "user3",

  656. 		Name:        "new-repo",

  657. 		Description: "test generate repo",

  658. 		Private:     false,

  659. 		GitContent:  true,

  660. 	})

  661. 	resp = session.MakeRequest(t, req, http.StatusCreated)

  662. 	DecodeJSON(t, resp, repo)

  663. 

  664. 	assert.Equal(t, "new-repo", repo.Name)

  665. }

  666. 

  667. func TestAPIRepoGetReviewers(t *testing.T) {

  668. 	defer prepareTestEnv(t)()

  669. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  670. 	session := loginUser(t, user.Name)

  671. 	token := getTokenForLoggedInUser(t, session)

  672. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1}).(*repo_model.Repository)

  673. 

  674. 	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/reviewers?token=%s", user.Name, repo.Name, token)

  675. 	resp := session.MakeRequest(t, req, http.StatusOK)

  676. 	var reviewers []*api.User

  677. 	DecodeJSON(t, resp, &reviewers)

  678. 	assert.Len(t, reviewers, 4)

  679. }

  680. 

  681. func TestAPIRepoGetAssignees(t *testing.T) {

  682. 	defer prepareTestEnv(t)()

  683. 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)

  684. 	session := loginUser(t, user.Name)

  685. 	token := getTokenForLoggedInUser(t, session)

  686. 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1}).(*repo_model.Repository)

  687. 

  688. 	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/assignees?token=%s", user.Name, repo.Name, token)

  689. 	resp := session.MakeRequest(t, req, http.StatusOK)

  690. 	var assignees []*api.User

  691. 	DecodeJSON(t, resp, &assignees)

  692. 	assert.Len(t, assignees, 1)

  693. }