2017-08-17 10:52:28 -05:00
|
|
|
// Copyright 2017 The Gitea Authors. All rights reserved.
|
2022-11-27 13:20:29 -05:00
|
|
|
// SPDX-License-Identifier: MIT
|
2017-08-17 10:52:28 -05:00
|
|
|
|
2022-09-02 14:18:23 -05:00
|
|
|
package integration
|
2017-08-17 10:52:28 -05:00
|
|
|
|
|
|
|
import (
|
2017-08-23 04:53:35 -05:00
|
|
|
"fmt"
|
2017-08-17 10:52:28 -05:00
|
|
|
"net/http"
|
2017-11-02 17:01:22 -05:00
|
|
|
"path"
|
2017-08-17 10:52:28 -05:00
|
|
|
"testing"
|
2017-08-23 04:53:35 -05:00
|
|
|
|
2017-11-02 17:01:22 -05:00
|
|
|
"code.gitea.io/gitea/modules/setting"
|
2019-05-11 05:21:34 -05:00
|
|
|
api "code.gitea.io/gitea/modules/structs"
|
2017-12-15 16:11:02 -05:00
|
|
|
"code.gitea.io/gitea/modules/test"
|
2024-09-22 05:57:03 -05:00
|
|
|
forgejo_context "code.gitea.io/gitea/services/context"
|
2022-09-02 14:18:23 -05:00
|
|
|
"code.gitea.io/gitea/tests"
|
2017-10-29 21:04:25 -05:00
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
2017-08-17 10:52:28 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestLinksNoLogin(t *testing.T) {
|
2022-09-02 14:18:23 -05:00
|
|
|
defer tests.PrepareTestEnv(t)()
|
2017-08-17 10:52:28 -05:00
|
|
|
|
2022-01-20 12:46:10 -05:00
|
|
|
links := []string{
|
2017-08-17 10:52:28 -05:00
|
|
|
"/explore/repos",
|
2022-06-15 10:05:32 -05:00
|
|
|
"/explore/repos?q=test",
|
2017-08-17 10:52:28 -05:00
|
|
|
"/explore/users",
|
2022-06-15 10:05:32 -05:00
|
|
|
"/explore/users?q=test",
|
2017-08-17 10:52:28 -05:00
|
|
|
"/explore/organizations",
|
2022-06-15 10:05:32 -05:00
|
|
|
"/explore/organizations?q=test",
|
2017-08-17 10:52:28 -05:00
|
|
|
"/",
|
|
|
|
"/user/sign_up",
|
|
|
|
"/user/login",
|
|
|
|
"/user/forgot_password",
|
2017-10-21 09:05:50 -05:00
|
|
|
"/api/swagger",
|
2020-08-16 22:07:38 -05:00
|
|
|
"/user2/repo1",
|
2021-12-24 11:50:49 -05:00
|
|
|
"/user2/repo1/",
|
2020-08-16 22:07:38 -05:00
|
|
|
"/user2/repo1/projects",
|
|
|
|
"/user2/repo1/projects/1",
|
2023-07-21 07:14:20 -05:00
|
|
|
"/.well-known/security.txt",
|
2017-08-17 10:52:28 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, link := range links {
|
|
|
|
req := NewRequest(t, "GET", link)
|
|
|
|
MakeRequest(t, req, http.StatusOK)
|
|
|
|
}
|
|
|
|
}
|
2017-08-23 04:53:35 -05:00
|
|
|
|
2017-10-29 21:04:25 -05:00
|
|
|
func TestRedirectsNoLogin(t *testing.T) {
|
2022-09-02 14:18:23 -05:00
|
|
|
defer tests.PrepareTestEnv(t)()
|
2017-10-29 21:04:25 -05:00
|
|
|
|
2022-01-20 12:46:10 -05:00
|
|
|
redirects := map[string]string{
|
2017-12-06 20:09:02 -05:00
|
|
|
"/user2/repo1/commits/master": "/user2/repo1/commits/branch/master",
|
|
|
|
"/user2/repo1/src/master": "/user2/repo1/src/branch/master",
|
|
|
|
"/user2/repo1/src/master/file.txt": "/user2/repo1/src/branch/master/file.txt",
|
|
|
|
"/user2/repo1/src/master/directory/file.txt": "/user2/repo1/src/branch/master/directory/file.txt",
|
2021-04-28 07:35:06 -05:00
|
|
|
"/user/avatar/Ghost/-1": "/assets/img/avatar_default.png",
|
2021-01-26 10:36:53 -05:00
|
|
|
"/api/v1/swagger": "/api/swagger",
|
2017-10-29 21:04:25 -05:00
|
|
|
}
|
|
|
|
for link, redirectLink := range redirects {
|
|
|
|
req := NewRequest(t, "GET", link)
|
2022-03-22 23:54:07 -05:00
|
|
|
resp := MakeRequest(t, req, http.StatusSeeOther)
|
2017-12-15 16:11:02 -05:00
|
|
|
assert.EqualValues(t, path.Join(setting.AppSubURL, redirectLink), test.RedirectURL(resp))
|
2017-10-29 21:04:25 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-08-16 22:07:38 -05:00
|
|
|
func TestNoLoginNotExist(t *testing.T) {
|
2022-09-02 14:18:23 -05:00
|
|
|
defer tests.PrepareTestEnv(t)()
|
2020-08-16 22:07:38 -05:00
|
|
|
|
2022-01-20 12:46:10 -05:00
|
|
|
links := []string{
|
2020-08-16 22:07:38 -05:00
|
|
|
"/user5/repo4/projects",
|
|
|
|
"/user5/repo4/projects/3",
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, link := range links {
|
|
|
|
req := NewRequest(t, "GET", link)
|
|
|
|
MakeRequest(t, req, http.StatusNotFound)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-08-23 04:53:35 -05:00
|
|
|
func testLinksAsUser(userName string, t *testing.T) {
|
2022-01-20 12:46:10 -05:00
|
|
|
links := []string{
|
2017-08-23 04:53:35 -05:00
|
|
|
"/explore/repos",
|
2022-06-15 10:05:32 -05:00
|
|
|
"/explore/repos?q=test",
|
2017-08-23 04:53:35 -05:00
|
|
|
"/explore/users",
|
2022-06-15 10:05:32 -05:00
|
|
|
"/explore/users?q=test",
|
2017-08-23 04:53:35 -05:00
|
|
|
"/explore/organizations",
|
2022-06-15 10:05:32 -05:00
|
|
|
"/explore/organizations?q=test",
|
2017-08-23 04:53:35 -05:00
|
|
|
"/",
|
|
|
|
"/user/forgot_password",
|
2017-10-21 09:05:50 -05:00
|
|
|
"/api/swagger",
|
2017-08-23 04:53:35 -05:00
|
|
|
"/issues",
|
2019-12-01 22:50:36 -05:00
|
|
|
"/issues?type=your_repositories&repos=[0]&sort=&state=open",
|
|
|
|
"/issues?type=assigned&repos=[0]&sort=&state=open",
|
|
|
|
"/issues?type=your_repositories&repos=[0]&sort=&state=closed",
|
|
|
|
"/issues?type=assigned&repos=[]&sort=&state=closed",
|
|
|
|
"/issues?type=assigned&sort=&state=open",
|
|
|
|
"/issues?type=created_by&repos=[1,2]&sort=&state=closed",
|
|
|
|
"/issues?type=created_by&repos=[1,2]&sort=&state=open",
|
2017-08-23 04:53:35 -05:00
|
|
|
"/pulls",
|
2019-12-01 22:50:36 -05:00
|
|
|
"/pulls?type=your_repositories&repos=[2]&sort=&state=open",
|
|
|
|
"/pulls?type=assigned&repos=[]&sort=&state=open",
|
|
|
|
"/pulls?type=created_by&repos=[0]&sort=&state=open",
|
|
|
|
"/pulls?type=your_repositories&repos=[0]&sort=&state=closed",
|
|
|
|
"/pulls?type=assigned&repos=[0]&sort=&state=closed",
|
|
|
|
"/pulls?type=created_by&repos=[0]&sort=&state=closed",
|
2019-12-15 09:20:08 -05:00
|
|
|
"/milestones",
|
|
|
|
"/milestones?sort=mostcomplete&state=closed",
|
|
|
|
"/milestones?type=your_repositories&sort=mostcomplete&state=closed",
|
|
|
|
"/milestones?sort=&repos=[1]&state=closed",
|
|
|
|
"/milestones?sort=&repos=[1]&state=open",
|
|
|
|
"/milestones?repos=[0]&sort=mostissues&state=open",
|
2017-08-23 04:53:35 -05:00
|
|
|
"/notifications",
|
|
|
|
"/repo/create",
|
|
|
|
"/repo/migrate",
|
|
|
|
"/org/create",
|
|
|
|
"/user2",
|
|
|
|
"/user2?tab=stars",
|
|
|
|
"/user2?tab=activity",
|
|
|
|
"/user/settings",
|
2018-05-15 05:07:32 -05:00
|
|
|
"/user/settings/account",
|
2017-10-16 04:14:12 -05:00
|
|
|
"/user/settings/security",
|
|
|
|
"/user/settings/security/two_factor/enroll",
|
2017-08-23 04:53:35 -05:00
|
|
|
"/user/settings/keys",
|
|
|
|
"/user/settings/organization",
|
2018-05-15 05:07:32 -05:00
|
|
|
"/user/settings/repos",
|
2017-08-23 04:53:35 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
session := loginUser(t, userName)
|
|
|
|
for _, link := range links {
|
|
|
|
req := NewRequest(t, "GET", link)
|
|
|
|
session.MakeRequest(t, req, http.StatusOK)
|
|
|
|
}
|
|
|
|
|
|
|
|
reqAPI := NewRequestf(t, "GET", "/api/v1/users/%s/repos", userName)
|
|
|
|
respAPI := MakeRequest(t, reqAPI, http.StatusOK)
|
|
|
|
|
2019-05-28 10:45:54 -05:00
|
|
|
var apiRepos []*api.Repository
|
2017-08-23 04:53:35 -05:00
|
|
|
DecodeJSON(t, respAPI, &apiRepos)
|
|
|
|
|
2022-01-20 12:46:10 -05:00
|
|
|
repoLinks := []string{
|
2017-08-23 04:53:35 -05:00
|
|
|
"",
|
|
|
|
"/issues",
|
|
|
|
"/pulls",
|
2017-10-29 21:04:25 -05:00
|
|
|
"/commits/branch/master",
|
2017-08-23 04:53:35 -05:00
|
|
|
"/graph",
|
|
|
|
"/settings",
|
|
|
|
"/settings/collaboration",
|
|
|
|
"/settings/branches",
|
|
|
|
"/settings/hooks",
|
|
|
|
// FIXME: below links should return 200 but 404 ??
|
|
|
|
//"/settings/hooks/git",
|
|
|
|
//"/settings/hooks/git/pre-receive",
|
|
|
|
//"/settings/hooks/git/update",
|
|
|
|
//"/settings/hooks/git/post-receive",
|
|
|
|
"/settings/keys",
|
|
|
|
"/releases",
|
|
|
|
"/releases/new",
|
|
|
|
//"/wiki/_pages",
|
2021-11-16 13:18:25 -05:00
|
|
|
"/wiki/?action=_new",
|
2023-10-02 02:56:55 -05:00
|
|
|
"/activity",
|
2017-08-23 04:53:35 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, repo := range apiRepos {
|
|
|
|
for _, link := range repoLinks {
|
|
|
|
req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s%s", userName, repo.Name, link))
|
|
|
|
session.MakeRequest(t, req, http.StatusOK)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestLinksLogin(t *testing.T) {
|
2022-09-02 14:18:23 -05:00
|
|
|
defer tests.PrepareTestEnv(t)()
|
2017-08-23 04:53:35 -05:00
|
|
|
|
|
|
|
testLinksAsUser("user2", t)
|
|
|
|
}
|
2023-10-02 02:56:55 -05:00
|
|
|
|
2023-01-14 04:07:01 -05:00
|
|
|
func TestRedirectsWebhooks(t *testing.T) {
|
|
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
|
|
|
|
//
|
|
|
|
// A redirect means the route exists but not if it performs as intended.
|
|
|
|
//
|
|
|
|
for _, kind := range []string{"forgejo", "gitea"} {
|
|
|
|
redirects := []struct {
|
|
|
|
from string
|
|
|
|
to string
|
|
|
|
verb string
|
|
|
|
}{
|
|
|
|
{from: "/user2/repo1/settings/hooks/" + kind + "/new", to: "/user/login", verb: "GET"},
|
|
|
|
{from: "/user/settings/hooks/" + kind + "/new", to: "/user/login", verb: "GET"},
|
|
|
|
{from: "/admin/system-hooks/" + kind + "/new", to: "/user/login", verb: "GET"},
|
|
|
|
{from: "/admin/default-hooks/" + kind + "/new", to: "/user/login", verb: "GET"},
|
|
|
|
}
|
|
|
|
for _, info := range redirects {
|
|
|
|
req := NewRequest(t, info.verb, info.from)
|
|
|
|
resp := MakeRequest(t, req, http.StatusSeeOther)
|
|
|
|
assert.EqualValues(t, path.Join(setting.AppSubURL, info.to), test.RedirectURL(resp), info.from)
|
|
|
|
}
|
|
|
|
}
|
2024-09-22 05:57:03 -05:00
|
|
|
|
|
|
|
for _, kind := range []string{"forgejo", "gitea"} {
|
|
|
|
csrf := []struct {
|
|
|
|
from string
|
|
|
|
verb string
|
|
|
|
}{
|
|
|
|
{from: "/user2/repo1/settings/hooks/" + kind + "/new", verb: "POST"},
|
|
|
|
{from: "/admin/hooks/1", verb: "POST"},
|
|
|
|
{from: "/admin/system-hooks/" + kind + "/new", verb: "POST"},
|
|
|
|
{from: "/admin/default-hooks/" + kind + "/new", verb: "POST"},
|
|
|
|
{from: "/user2/repo1/settings/hooks/1", verb: "POST"},
|
|
|
|
}
|
|
|
|
for _, info := range csrf {
|
|
|
|
req := NewRequest(t, info.verb, info.from)
|
|
|
|
resp := MakeRequest(t, req, http.StatusBadRequest)
|
|
|
|
assert.Contains(t, resp.Body.String(), forgejo_context.CsrfErrorString)
|
|
|
|
}
|
|
|
|
}
|
2023-01-14 04:07:01 -05:00
|
|
|
}
|
|
|
|
|
2023-10-02 02:56:55 -05:00
|
|
|
func TestRepoLinks(t *testing.T) {
|
|
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
|
|
|
|
// repo1 has enabled almost features, so we can test most links
|
|
|
|
repoLink := "/user2/repo1"
|
|
|
|
links := []string{
|
|
|
|
"/actions",
|
|
|
|
"/packages",
|
|
|
|
"/projects",
|
|
|
|
}
|
|
|
|
|
|
|
|
// anonymous user
|
|
|
|
for _, link := range links {
|
|
|
|
req := NewRequest(t, "GET", repoLink+link)
|
|
|
|
MakeRequest(t, req, http.StatusOK)
|
|
|
|
}
|
|
|
|
|
|
|
|
// admin/owner user
|
|
|
|
session := loginUser(t, "user1")
|
|
|
|
for _, link := range links {
|
|
|
|
req := NewRequest(t, "GET", repoLink+link)
|
|
|
|
session.MakeRequest(t, req, http.StatusOK)
|
|
|
|
}
|
|
|
|
|
|
|
|
// non-admin non-owner user
|
|
|
|
session = loginUser(t, "user2")
|
|
|
|
for _, link := range links {
|
|
|
|
req := NewRequest(t, "GET", repoLink+link)
|
|
|
|
session.MakeRequest(t, req, http.StatusOK)
|
|
|
|
}
|
|
|
|
}
|