mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-27 20:26:09 +01:00
229 lines
7.8 KiB
Go
229 lines
7.8 KiB
Go
|
// Copyright 2023 The Forgejo Authors. All rights reserved.
|
||
|
// SPDX-License-Identifier: MIT
|
||
|
|
||
|
package integration
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
"net/http"
|
||
|
"testing"
|
||
|
|
||
|
auth_model "code.gitea.io/gitea/models/auth"
|
||
|
repo_model "code.gitea.io/gitea/models/repo"
|
||
|
"code.gitea.io/gitea/models/unittest"
|
||
|
user_model "code.gitea.io/gitea/models/user"
|
||
|
api "code.gitea.io/gitea/modules/structs"
|
||
|
"code.gitea.io/gitea/tests"
|
||
|
|
||
|
"github.com/stretchr/testify/assert"
|
||
|
)
|
||
|
|
||
|
func TestAPIUserBlock(t *testing.T) {
|
||
|
defer tests.PrepareTestEnv(t)()
|
||
|
|
||
|
user := "user4"
|
||
|
session := loginUser(t, user)
|
||
|
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
|
||
|
|
||
|
t.Run("BlockUser", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/block/user2?token=%s", token))
|
||
|
MakeRequest(t, req, http.StatusNoContent)
|
||
|
|
||
|
unittest.AssertExistsAndLoadBean(t, &user_model.BlockedUser{UserID: 4, BlockID: 2})
|
||
|
})
|
||
|
|
||
|
t.Run("ListBlocked", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/list_blocked?token=%s", token))
|
||
|
resp := MakeRequest(t, req, http.StatusOK)
|
||
|
|
||
|
// One user just got blocked and the other one is defined in the fixtures.
|
||
|
assert.Equal(t, "2", resp.Header().Get("X-Total-Count"))
|
||
|
|
||
|
var blockedUsers []api.BlockedUser
|
||
|
DecodeJSON(t, resp, &blockedUsers)
|
||
|
assert.Len(t, blockedUsers, 2)
|
||
|
assert.EqualValues(t, 1, blockedUsers[0].BlockID)
|
||
|
assert.EqualValues(t, 2, blockedUsers[1].BlockID)
|
||
|
})
|
||
|
|
||
|
t.Run("UnblockUser", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/unblock/user2?token=%s", token))
|
||
|
MakeRequest(t, req, http.StatusNoContent)
|
||
|
|
||
|
unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 4, BlockID: 2})
|
||
|
})
|
||
|
|
||
|
t.Run("Organization as target", func(t *testing.T) {
|
||
|
org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 26, Type: user_model.UserTypeOrganization})
|
||
|
|
||
|
t.Run("Block", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/block/%s?token=%s", org.Name, token))
|
||
|
MakeRequest(t, req, http.StatusUnprocessableEntity)
|
||
|
|
||
|
unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 4, BlockID: org.ID})
|
||
|
})
|
||
|
|
||
|
t.Run("Unblock", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/unblock/%s?token=%s", org.Name, token))
|
||
|
MakeRequest(t, req, http.StatusUnprocessableEntity)
|
||
|
})
|
||
|
})
|
||
|
}
|
||
|
|
||
|
func TestAPIOrgBlock(t *testing.T) {
|
||
|
defer tests.PrepareTestEnv(t)()
|
||
|
|
||
|
user := "user5"
|
||
|
org := "org6"
|
||
|
session := loginUser(t, user)
|
||
|
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
|
||
|
|
||
|
t.Run("BlockUser", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/block/user2?token=%s", org, token))
|
||
|
MakeRequest(t, req, http.StatusNoContent)
|
||
|
|
||
|
unittest.AssertExistsAndLoadBean(t, &user_model.BlockedUser{UserID: 6, BlockID: 2})
|
||
|
})
|
||
|
|
||
|
t.Run("ListBlocked", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/list_blocked?token=%s", org, token))
|
||
|
resp := MakeRequest(t, req, http.StatusOK)
|
||
|
|
||
|
assert.Equal(t, "1", resp.Header().Get("X-Total-Count"))
|
||
|
|
||
|
var blockedUsers []api.BlockedUser
|
||
|
DecodeJSON(t, resp, &blockedUsers)
|
||
|
assert.Len(t, blockedUsers, 1)
|
||
|
assert.EqualValues(t, 2, blockedUsers[0].BlockID)
|
||
|
})
|
||
|
|
||
|
t.Run("UnblockUser", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/unblock/user2?token=%s", org, token))
|
||
|
MakeRequest(t, req, http.StatusNoContent)
|
||
|
|
||
|
unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 6, BlockID: 2})
|
||
|
})
|
||
|
|
||
|
t.Run("Organization as target", func(t *testing.T) {
|
||
|
targetOrg := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 26, Type: user_model.UserTypeOrganization})
|
||
|
|
||
|
t.Run("Block", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/block/%s?token=%s", org, targetOrg.Name, token))
|
||
|
MakeRequest(t, req, http.StatusUnprocessableEntity)
|
||
|
|
||
|
unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 4, BlockID: targetOrg.ID})
|
||
|
})
|
||
|
|
||
|
t.Run("Unblock", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/unblock/%s?token=%s", org, targetOrg.Name, token))
|
||
|
MakeRequest(t, req, http.StatusUnprocessableEntity)
|
||
|
})
|
||
|
})
|
||
|
|
||
|
t.Run("Read scope token", func(t *testing.T) {
|
||
|
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)
|
||
|
|
||
|
t.Run("Write action", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/block/user2?token=%s", org, token))
|
||
|
MakeRequest(t, req, http.StatusForbidden)
|
||
|
|
||
|
unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 6, BlockID: 2})
|
||
|
})
|
||
|
|
||
|
t.Run("Read action", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/list_blocked?token=%s", org, token))
|
||
|
MakeRequest(t, req, http.StatusOK)
|
||
|
})
|
||
|
})
|
||
|
|
||
|
t.Run("Not as owner", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
|
||
|
org := "org3"
|
||
|
user := "user4" // Part of org team with write perms.
|
||
|
|
||
|
session := loginUser(t, user)
|
||
|
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
|
||
|
|
||
|
t.Run("Block user", func(t *testing.T) {
|
||
|
req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/block/user2?token=%s", org, token))
|
||
|
MakeRequest(t, req, http.StatusForbidden)
|
||
|
|
||
|
unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 3, BlockID: 2})
|
||
|
})
|
||
|
|
||
|
t.Run("Unblock user", func(t *testing.T) {
|
||
|
req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/unblock/user2?token=%s", org, token))
|
||
|
MakeRequest(t, req, http.StatusForbidden)
|
||
|
})
|
||
|
|
||
|
t.Run("List blocked users", func(t *testing.T) {
|
||
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/list_blocked?token=%s", org, token))
|
||
|
MakeRequest(t, req, http.StatusForbidden)
|
||
|
})
|
||
|
})
|
||
|
}
|
||
|
|
||
|
// TestAPIBlock_AddCollaborator ensures that the doer and blocked user cannot
|
||
|
// add each others as collaborators via the API.
|
||
|
func TestAPIBlock_AddCollaborator(t *testing.T) {
|
||
|
defer tests.PrepareTestEnv(t)()
|
||
|
|
||
|
user1 := "user10"
|
||
|
user2 := "user2"
|
||
|
perm := "write"
|
||
|
collabOption := &api.AddCollaboratorOption{Permission: &perm}
|
||
|
|
||
|
// User1 blocks User2.
|
||
|
session := loginUser(t, user1)
|
||
|
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteRepository)
|
||
|
|
||
|
req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/block/%s?token=%s", user2, token))
|
||
|
MakeRequest(t, req, http.StatusNoContent)
|
||
|
unittest.AssertExistsAndLoadBean(t, &user_model.BlockedUser{UserID: 10, BlockID: 2})
|
||
|
|
||
|
t.Run("BlockedUser Add Doer", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2, OwnerID: 2})
|
||
|
session := loginUser(t, user2)
|
||
|
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
|
||
|
|
||
|
req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/%s/collaborators/%s?token=%s", user2, repo.Name, user1, token), collabOption)
|
||
|
session.MakeRequest(t, req, http.StatusForbidden)
|
||
|
})
|
||
|
|
||
|
t.Run("Doer Add BlockedUser", func(t *testing.T) {
|
||
|
defer tests.PrintCurrentTest(t)()
|
||
|
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 7, OwnerID: 10})
|
||
|
session := loginUser(t, user1)
|
||
|
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
|
||
|
|
||
|
req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/%s/collaborators/%s?token=%s", user1, repo.Name, user2, token), collabOption)
|
||
|
session.MakeRequest(t, req, http.StatusForbidden)
|
||
|
})
|
||
|
}
|