0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-24 08:06:49 -05:00
forgejo/modules
Earl Warren 9d1bf7be15
[GITEA] API commentAssignment() to verify the id belongs
Instead of repeating the tests that verify the ID of a comment
is related to the repository of the API endpoint, add the middleware
function commentAssignment() to assign ctx.Comment if the ID of the
comment is verified to be related to the repository.

There already are integration tests for cases of potential unrelated
comment IDs that cover some of the modified endpoints which covers the
commentAssignment() function logic.

* TestAPICommentReactions - GetIssueCommentReactions
* TestAPICommentReactions - PostIssueCommentReaction
* TestAPICommentReactions - DeleteIssueCommentReaction
* TestAPIEditComment - EditIssueComment
* TestAPIDeleteComment - DeleteIssueComment
* TestAPIGetCommentAttachment - GetIssueCommentAttachment

The other modified endpoints do not have tests to verify cases of
potential unrelated comment IDs. They no longer need to because they
no longer implement the logic to enforce this. They however all have
integration tests that verify the commentAssignment() they now rely on
does not introduce a regression.

* TestAPIGetComment - GetIssueComment
* TestAPIListCommentAttachments - ListIssueCommentAttachments
* TestAPICreateCommentAttachment - CreateIssueCommentAttachment
* TestAPIEditCommentAttachment - EditIssueCommentAttachment
* TestAPIDeleteCommentAttachment - DeleteIssueCommentAttachment

(cherry picked from commit d414376d74)
(cherry picked from commit 09db07aeae)
(cherry picked from commit f44830c3cb)

Conflicts:
	modules/context/api.go
	https://codeberg.org/forgejo/forgejo/pulls/2249
2024-01-28 11:01:04 +01:00
..
actions [CI] Search .forgejo/workflows first 2024-01-28 07:47:32 +01:00
activitypub Upgrade to golangci-lint@v1.55.0 (#27756) 2023-10-24 02:54:59 +00:00
analyze Rename code_langauge.go to code_language.go (#26377) 2023-08-07 15:00:53 -04:00
assetfs Use Set[Type] instead of map[Type]bool/struct{}. (#26804) 2023-08-30 06:55:25 +00:00
auth [GITEA] Drop sha256-simd in favor of stdlib 2024-01-28 10:48:05 +01:00
avatar [GITEA] Drop sha256-simd in favor of stdlib 2024-01-28 10:48:05 +01:00
base [GITEA] Drop sha256-simd in favor of stdlib 2024-01-28 10:48:05 +01:00
cache Always enable caches (#28527) 2023-12-19 09:29:05 +00:00
charset Preserve BOM in web editor (#28935) 2024-01-27 18:02:51 +00:00
container
context [GITEA] API commentAssignment() to verify the id belongs 2024-01-28 11:01:04 +01:00
contexttest Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
csv
emoji
eventsource Final round of db.DefaultContext refactor (#27587) 2023-10-14 08:37:24 +00:00
generate Handle base64 decoding correctly to avoid panic (#26483) 2023-08-14 10:30:16 +00:00
git [GITEA] Find README.md for user profiles case insensitively 2024-01-28 10:55:00 +01:00
gitgraph More db.DefaultContext refactor (#27265) 2023-09-29 12:12:54 +00:00
gitrepo Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
graceful Suggest to use Type=simple for systemd service (#28717) 2024-01-07 15:18:04 +00:00
hcaptcha
highlight Add option to disable ambiguous unicode characters detection (#28454) 2023-12-17 14:38:54 +00:00
hostmatcher Support allowed hosts for webhook to work with proxy (#27655) 2023-10-18 09:44:36 +00:00
html Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
httpcache Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
httplib Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
indexer [GITEA] Vendor rupture dependency 2024-01-28 08:54:31 +01:00
issue/template
json
label
lfs [GITEA] Drop sha256-simd in favor of stdlib 2024-01-28 10:48:05 +01:00
log Reduce some allocations in type conversion (#26772) 2023-08-29 00:43:16 +08:00
markup [GITEA] Add footnote testing 2024-01-28 10:54:59 +01:00
mcaptcha
metrics Reduce usage of db.DefaultContext (#27073) 2023-09-14 17:09:32 +00:00
migration
nosql Update tool dependencies, lock govulncheck and actionlint (#25655) 2023-07-09 11:58:06 +00:00
options
packages [GITEA] feat(nuget): basic manifest download 2024-01-28 08:54:31 +01:00
paginator
pprof
private [CLI] implement forgejo-cli 2024-01-28 07:47:32 +01:00
process Replace assert.Fail with assert.FailNow (#27578) 2023-10-11 11:02:24 +00:00
proxy
proxyprotocol
public Refactor CORS handler (#28587) 2023-12-25 20:13:18 +08:00
queue [CI] disable redis test, no redis server yet in CI 2024-01-28 07:47:32 +01:00
recaptcha
references Add support for sha256 repositories (#23894) 2024-01-19 17:05:02 +01:00
regexplru Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
repository Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
secret [GITEA] Drop sha256-simd in favor of stdlib 2024-01-28 10:48:05 +01:00
session Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
setting [FEAT] Repository flags 2024-01-28 10:58:28 +01:00
sitemap
ssh Remove SSH workaround (#27893) 2023-11-03 15:21:05 +00:00
storage [CI] Forgejo Actions based CI for PR & branches 2024-01-28 07:47:32 +01:00
structs [GITEA] POST /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments 2024-01-28 10:58:28 +01:00
svg Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
sync
system Replace more db.DefaultContext (#27628) 2023-10-15 17:46:06 +02:00
templates [FEAT] Repository flags 2024-01-28 10:58:28 +01:00
test Move web/api context related testing function into a separate package (#26859) 2023-09-01 11:26:07 +00:00
testlogger
timeutil Make template DateTime show proper tooltip (#28677) 2024-01-02 20:09:18 +01:00
translation [I18N] add [common] as first line 2024-01-28 08:54:31 +01:00
turnstile
typesniffer Detect ogg mime-type as audio or video (#26494) 2023-08-15 10:31:25 +08:00
updatechecker Replace more db.DefaultContext (#27628) 2023-10-15 17:46:06 +02:00
upload
uri
user
util [GITEA] Drop sha256-simd in favor of stdlib 2024-01-28 10:48:05 +01:00
validation [GITEA] add option for banning dots in usernames 2024-01-28 09:22:15 +01:00
web [GITEA] Configurable clone methods 2024-01-28 10:55:00 +01:00
webhook Fix schedule tasks bugs (#28691) 2024-01-12 21:50:38 +00:00