mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14191 Commits
17 Branches
Tree: e81ccc406b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e81ccc406b'
${ noResults }
gitea/tests/integration/api_admin_test.go

api_admin_test.go 8.8KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package integration

  5. 

  6. import (

  7. 	"fmt"

  8. 	"net/http"

  9. 	"testing"

  10. 

  11. 	asymkey_model "code.gitea.io/gitea/models/asymkey"

  12. 	"code.gitea.io/gitea/models/unittest"

  13. 	user_model "code.gitea.io/gitea/models/user"

  14. 	"code.gitea.io/gitea/modules/json"

  15. 	api "code.gitea.io/gitea/modules/structs"

  16. 	"code.gitea.io/gitea/tests"

  17. 

  18. 	"github.com/stretchr/testify/assert"

  19. )

  20. 

  21. func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {

  22. 	defer tests.PrepareTestEnv(t)()

  23. 	// user1 is an admin user

  24. 	session := loginUser(t, "user1")

  25. 	keyOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user2"})

  26. 

  27. 	token := getTokenForLoggedInUser(t, session)

  28. 	urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", keyOwner.Name, token)

  29. 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{

  30. 		"key":   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",

  31. 		"title": "test-key",

  32. 	})

  33. 	resp := session.MakeRequest(t, req, http.StatusCreated)

  34. 

  35. 	var newPublicKey api.PublicKey

  36. 	DecodeJSON(t, resp, &newPublicKey)

  37. 	unittest.AssertExistsAndLoadBean(t, &asymkey_model.PublicKey{

  38. 		ID:          newPublicKey.ID,

  39. 		Name:        newPublicKey.Title,

  40. 		Fingerprint: newPublicKey.Fingerprint,

  41. 		OwnerID:     keyOwner.ID,

  42. 	})

  43. 

  44. 	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s",

  45. 		keyOwner.Name, newPublicKey.ID, token)

  46. 	session.MakeRequest(t, req, http.StatusNoContent)

  47. 	unittest.AssertNotExistsBean(t, &asymkey_model.PublicKey{ID: newPublicKey.ID})

  48. }

  49. 

  50. func TestAPIAdminDeleteMissingSSHKey(t *testing.T) {

  51. 	defer tests.PrepareTestEnv(t)()

  52. 	// user1 is an admin user

  53. 	session := loginUser(t, "user1")

  54. 

  55. 	token := getTokenForLoggedInUser(t, session)

  56. 	req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d?token=%s", unittest.NonexistentID, token)

  57. 	session.MakeRequest(t, req, http.StatusNotFound)

  58. }

  59. 

  60. func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) {

  61. 	defer tests.PrepareTestEnv(t)()

  62. 	adminUsername := "user1"

  63. 	normalUsername := "user2"

  64. 	session := loginUser(t, adminUsername)

  65. 

  66. 	token := getTokenForLoggedInUser(t, session)

  67. 	urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", adminUsername, token)

  68. 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{

  69. 		"key":   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",

  70. 		"title": "test-key",

  71. 	})

  72. 	resp := session.MakeRequest(t, req, http.StatusCreated)

  73. 	var newPublicKey api.PublicKey

  74. 	DecodeJSON(t, resp, &newPublicKey)

  75. 

  76. 	session = loginUser(t, normalUsername)

  77. 	token = getTokenForLoggedInUser(t, session)

  78. 	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s",

  79. 		adminUsername, newPublicKey.ID, token)

  80. 	session.MakeRequest(t, req, http.StatusForbidden)

  81. }

  82. 

  83. func TestAPISudoUser(t *testing.T) {

  84. 	defer tests.PrepareTestEnv(t)()

  85. 	adminUsername := "user1"

  86. 	normalUsername := "user2"

  87. 	session := loginUser(t, adminUsername)

  88. 	token := getTokenForLoggedInUser(t, session)

  89. 

  90. 	urlStr := fmt.Sprintf("/api/v1/user?sudo=%s&token=%s", normalUsername, token)

  91. 	req := NewRequest(t, "GET", urlStr)

  92. 	resp := session.MakeRequest(t, req, http.StatusOK)

  93. 	var user api.User

  94. 	DecodeJSON(t, resp, &user)

  95. 

  96. 	assert.Equal(t, normalUsername, user.UserName)

  97. }

  98. 

  99. func TestAPISudoUserForbidden(t *testing.T) {

  100. 	defer tests.PrepareTestEnv(t)()

  101. 	adminUsername := "user1"

  102. 	normalUsername := "user2"

  103. 

  104. 	session := loginUser(t, normalUsername)

  105. 	token := getTokenForLoggedInUser(t, session)

  106. 

  107. 	urlStr := fmt.Sprintf("/api/v1/user?sudo=%s&token=%s", adminUsername, token)

  108. 	req := NewRequest(t, "GET", urlStr)

  109. 	session.MakeRequest(t, req, http.StatusForbidden)

  110. }

  111. 

  112. func TestAPIListUsers(t *testing.T) {

  113. 	defer tests.PrepareTestEnv(t)()

  114. 	adminUsername := "user1"

  115. 	session := loginUser(t, adminUsername)

  116. 	token := getTokenForLoggedInUser(t, session)

  117. 

  118. 	urlStr := fmt.Sprintf("/api/v1/admin/users?token=%s", token)

  119. 	req := NewRequest(t, "GET", urlStr)

  120. 	resp := session.MakeRequest(t, req, http.StatusOK)

  121. 	var users []api.User

  122. 	DecodeJSON(t, resp, &users)

  123. 

  124. 	found := false

  125. 	for _, user := range users {

  126. 		if user.UserName == adminUsername {

  127. 			found = true

  128. 		}

  129. 	}

  130. 	assert.True(t, found)

  131. 	numberOfUsers := unittest.GetCount(t, &user_model.User{}, "type = 0")

  132. 	assert.Equal(t, numberOfUsers, len(users))

  133. }

  134. 

  135. func TestAPIListUsersNotLoggedIn(t *testing.T) {

  136. 	defer tests.PrepareTestEnv(t)()

  137. 	req := NewRequest(t, "GET", "/api/v1/admin/users")

  138. 	MakeRequest(t, req, http.StatusUnauthorized)

  139. }

  140. 

  141. func TestAPIListUsersNonAdmin(t *testing.T) {

  142. 	defer tests.PrepareTestEnv(t)()

  143. 	nonAdminUsername := "user2"

  144. 	session := loginUser(t, nonAdminUsername)

  145. 	token := getTokenForLoggedInUser(t, session)

  146. 	req := NewRequestf(t, "GET", "/api/v1/admin/users?token=%s", token)

  147. 	session.MakeRequest(t, req, http.StatusForbidden)

  148. }

  149. 

  150. func TestAPICreateUserInvalidEmail(t *testing.T) {

  151. 	defer tests.PrepareTestEnv(t)()

  152. 	adminUsername := "user1"

  153. 	session := loginUser(t, adminUsername)

  154. 	token := getTokenForLoggedInUser(t, session)

  155. 	urlStr := fmt.Sprintf("/api/v1/admin/users?token=%s", token)

  156. 	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{

  157. 		"email":                "invalid_email@domain.com\r\n",

  158. 		"full_name":            "invalid user",

  159. 		"login_name":           "invalidUser",

  160. 		"must_change_password": "true",

  161. 		"password":             "password",

  162. 		"send_notify":          "true",

  163. 		"source_id":            "0",

  164. 		"username":             "invalidUser",

  165. 	})

  166. 	session.MakeRequest(t, req, http.StatusUnprocessableEntity)

  167. }

  168. 

  169. func TestAPICreateAndDeleteUser(t *testing.T) {

  170. 	defer tests.PrepareTestEnv(t)()

  171. 	adminUsername := "user1"

  172. 	session := loginUser(t, adminUsername)

  173. 	token := getTokenForLoggedInUser(t, session)

  174. 

  175. 	req := NewRequestWithValues(

  176. 		t,

  177. 		"POST",

  178. 		fmt.Sprintf("/api/v1/admin/users?token=%s", token),

  179. 		map[string]string{

  180. 			"email":                "deleteme@domain.com",

  181. 			"full_name":            "delete me",

  182. 			"login_name":           "deleteme",

  183. 			"must_change_password": "true",

  184. 			"password":             "password",

  185. 			"send_notify":          "true",

  186. 			"source_id":            "0",

  187. 			"username":             "deleteme",

  188. 		},

  189. 	)

  190. 	MakeRequest(t, req, http.StatusCreated)

  191. 

  192. 	req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/admin/users/deleteme?token=%s", token))

  193. 	MakeRequest(t, req, http.StatusNoContent)

  194. }

  195. 

  196. func TestAPIEditUser(t *testing.T) {

  197. 	defer tests.PrepareTestEnv(t)()

  198. 	adminUsername := "user1"

  199. 	session := loginUser(t, adminUsername)

  200. 	token := getTokenForLoggedInUser(t, session)

  201. 	urlStr := fmt.Sprintf("/api/v1/admin/users/%s?token=%s", "user2", token)

  202. 

  203. 	req := NewRequestWithValues(t, "PATCH", urlStr, map[string]string{

  204. 		// required

  205. 		"login_name": "user2",

  206. 		"source_id":  "0",

  207. 		// to change

  208. 		"full_name": "Full Name User 2",

  209. 	})

  210. 	session.MakeRequest(t, req, http.StatusOK)

  211. 

  212. 	empty := ""

  213. 	req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{

  214. 		LoginName: "user2",

  215. 		SourceID:  0,

  216. 		Email:     &empty,

  217. 	})

  218. 	resp := session.MakeRequest(t, req, http.StatusUnprocessableEntity)

  219. 

  220. 	errMap := make(map[string]interface{})

  221. 	json.Unmarshal(resp.Body.Bytes(), &errMap)

  222. 	assert.EqualValues(t, "email is not allowed to be empty string", errMap["message"].(string))

  223. 

  224. 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{LoginName: "user2"})

  225. 	assert.False(t, user2.IsRestricted)

  226. 	bTrue := true

  227. 	req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{

  228. 		// required

  229. 		LoginName: "user2",

  230. 		SourceID:  0,

  231. 		// to change

  232. 		Restricted: &bTrue,

  233. 	})

  234. 	session.MakeRequest(t, req, http.StatusOK)

  235. 	user2 = unittest.AssertExistsAndLoadBean(t, &user_model.User{LoginName: "user2"})

  236. 	assert.True(t, user2.IsRestricted)

  237. }

  238. 

  239. func TestAPICreateRepoForUser(t *testing.T) {

  240. 	defer tests.PrepareTestEnv(t)()

  241. 	adminUsername := "user1"

  242. 	session := loginUser(t, adminUsername)

  243. 	token := getTokenForLoggedInUser(t, session)

  244. 

  245. 	req := NewRequestWithJSON(

  246. 		t,

  247. 		"POST",

  248. 		fmt.Sprintf("/api/v1/admin/users/%s/repos?token=%s", adminUsername, token),

  249. 		&api.CreateRepoOption{

  250. 			Name: "admincreatedrepo",

  251. 		},

  252. 	)

  253. 	MakeRequest(t, req, http.StatusCreated)

  254. }