mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-25 11:16:11 +01:00
eb066a472c
- The RSS and atom feed for branches exposes details about the code, it
therefore should be guarded by the requirement that the doer has access
to the code of that repository.
- Added integration testing.
(cherry picked from commit 3e3ef76808)
110 lines
3.2 KiB
Go
110 lines
3.2 KiB
Go
// Copyright 2022 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package integration
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
"code.gitea.io/gitea/models/db"
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/tests"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestFeed(t *testing.T) {
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
t.Run("User", func(t *testing.T) {
|
|
t.Run("Atom", func(t *testing.T) {
|
|
defer tests.PrintCurrentTest(t)()
|
|
|
|
req := NewRequest(t, "GET", "/user2.atom")
|
|
resp := MakeRequest(t, req, http.StatusOK)
|
|
|
|
data := resp.Body.String()
|
|
assert.Contains(t, data, `<feed xmlns="http://www.w3.org/2005/Atom"`)
|
|
})
|
|
|
|
t.Run("RSS", func(t *testing.T) {
|
|
defer tests.PrintCurrentTest(t)()
|
|
|
|
req := NewRequest(t, "GET", "/user2.rss")
|
|
resp := MakeRequest(t, req, http.StatusOK)
|
|
|
|
data := resp.Body.String()
|
|
assert.Contains(t, data, `<rss version="2.0"`)
|
|
})
|
|
})
|
|
|
|
t.Run("Repo", func(t *testing.T) {
|
|
t.Run("Normal", func(t *testing.T) {
|
|
t.Run("Atom", func(t *testing.T) {
|
|
defer tests.PrintCurrentTest(t)()
|
|
|
|
req := NewRequest(t, "GET", "/user2/repo1/atom/branch/master")
|
|
resp := MakeRequest(t, req, http.StatusOK)
|
|
|
|
data := resp.Body.String()
|
|
assert.Contains(t, data, `<feed xmlns="http://www.w3.org/2005/Atom"`)
|
|
})
|
|
t.Run("RSS", func(t *testing.T) {
|
|
defer tests.PrintCurrentTest(t)()
|
|
|
|
req := NewRequest(t, "GET", "/user2/repo1/rss/branch/master")
|
|
resp := MakeRequest(t, req, http.StatusOK)
|
|
|
|
data := resp.Body.String()
|
|
assert.Contains(t, data, `<rss version="2.0"`)
|
|
})
|
|
})
|
|
t.Run("Empty", func(t *testing.T) {
|
|
err := user_model.UpdateUserCols(db.DefaultContext, &user_model.User{ID: 30, ProhibitLogin: false}, "prohibit_login")
|
|
require.NoError(t, err)
|
|
|
|
session := loginUser(t, "user30")
|
|
t.Run("Atom", func(t *testing.T) {
|
|
defer tests.PrintCurrentTest(t)()
|
|
|
|
req := NewRequest(t, "GET", "/user30/empty/atom/branch/master")
|
|
session.MakeRequest(t, req, http.StatusNotFound)
|
|
|
|
req = NewRequest(t, "GET", "/user30/empty.atom/src/branch/master")
|
|
session.MakeRequest(t, req, http.StatusNotFound)
|
|
})
|
|
t.Run("RSS", func(t *testing.T) {
|
|
defer tests.PrintCurrentTest(t)()
|
|
|
|
req := NewRequest(t, "GET", "/user30/empty/rss/branch/master")
|
|
session.MakeRequest(t, req, http.StatusNotFound)
|
|
|
|
req = NewRequest(t, "GET", "/user30/empty.rss/src/branch/master")
|
|
session.MakeRequest(t, req, http.StatusNotFound)
|
|
})
|
|
})
|
|
})
|
|
|
|
t.Run("View permission", func(t *testing.T) {
|
|
t.Run("Anomynous", func(t *testing.T) {
|
|
defer tests.PrintCurrentTest(t)()
|
|
req := NewRequest(t, "GET", "/org3/repo3/rss/branch/master")
|
|
MakeRequest(t, req, http.StatusNotFound)
|
|
})
|
|
t.Run("No code permission", func(t *testing.T) {
|
|
defer tests.PrintCurrentTest(t)()
|
|
session := loginUser(t, "user8")
|
|
req := NewRequest(t, "GET", "/org3/repo3/rss/branch/master")
|
|
session.MakeRequest(t, req, http.StatusNotFound)
|
|
})
|
|
t.Run("With code permission", func(t *testing.T) {
|
|
defer tests.PrintCurrentTest(t)()
|
|
session := loginUser(t, "user9")
|
|
req := NewRequest(t, "GET", "/org3/repo3/rss/branch/master")
|
|
session.MakeRequest(t, req, http.StatusOK)
|
|
})
|
|
})
|
|
}
|