2018-11-18 19:45:40 +01:00
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
2022-09-02 15:18:23 -04:00
package integration
2018-11-18 19:45:40 +01:00
import (
"net/http"
"testing"
2021-06-30 23:31:54 +02:00
"code.gitea.io/gitea/modules/setting"
2022-09-02 15:18:23 -04:00
"code.gitea.io/gitea/tests"
2021-11-17 20:34:35 +08:00
2018-11-18 19:45:40 +01:00
"github.com/stretchr/testify/assert"
)
func TestDownloadByID ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrepareTestEnv ( t ) ( )
2018-11-18 19:45:40 +01:00
session := loginUser ( t , "user2" )
// Request raw blob
req := NewRequest ( t , "GET" , "/user2/repo1/raw/blob/4b4851ad51df6a7d9f25c979345979eaeb5b349f" )
resp := session . MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , "# repo1\n\nDescription for repo1" , resp . Body . String ( ) )
}
2019-02-12 15:09:43 +00:00
2021-01-12 22:45:19 -05:00
func TestDownloadByIDForSVGUsesSecureHeaders ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrepareTestEnv ( t ) ( )
2021-01-12 22:45:19 -05:00
session := loginUser ( t , "user2" )
// Request raw blob
req := NewRequest ( t , "GET" , "/user2/repo2/raw/blob/6395b68e1feebb1e4c657b4f9f6ba2676a283c0b" )
resp := session . MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , "default-src 'none'; style-src 'unsafe-inline'; sandbox" , resp . HeaderMap . Get ( "Content-Security-Policy" ) )
assert . Equal ( t , "image/svg+xml" , resp . HeaderMap . Get ( "Content-Type" ) )
assert . Equal ( t , "nosniff" , resp . HeaderMap . Get ( "X-Content-Type-Options" ) )
}
2019-02-12 15:09:43 +00:00
func TestDownloadByIDMedia ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrepareTestEnv ( t ) ( )
2019-02-12 15:09:43 +00:00
session := loginUser ( t , "user2" )
// Request raw blob
req := NewRequest ( t , "GET" , "/user2/repo1/media/blob/4b4851ad51df6a7d9f25c979345979eaeb5b349f" )
resp := session . MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , "# repo1\n\nDescription for repo1" , resp . Body . String ( ) )
}
2021-01-12 22:45:19 -05:00
func TestDownloadByIDMediaForSVGUsesSecureHeaders ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrepareTestEnv ( t ) ( )
2021-01-12 22:45:19 -05:00
session := loginUser ( t , "user2" )
// Request raw blob
req := NewRequest ( t , "GET" , "/user2/repo2/media/blob/6395b68e1feebb1e4c657b4f9f6ba2676a283c0b" )
resp := session . MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , "default-src 'none'; style-src 'unsafe-inline'; sandbox" , resp . HeaderMap . Get ( "Content-Security-Policy" ) )
assert . Equal ( t , "image/svg+xml" , resp . HeaderMap . Get ( "Content-Type" ) )
assert . Equal ( t , "nosniff" , resp . HeaderMap . Get ( "X-Content-Type-Options" ) )
}
2021-06-30 23:31:54 +02:00
func TestDownloadRawTextFileWithoutMimeTypeMapping ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrepareTestEnv ( t ) ( )
2021-06-30 23:31:54 +02:00
session := loginUser ( t , "user2" )
req := NewRequest ( t , "GET" , "/user2/repo2/raw/branch/master/test.xml" )
resp := session . MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , "text/plain; charset=utf-8" , resp . HeaderMap . Get ( "Content-Type" ) )
}
func TestDownloadRawTextFileWithMimeTypeMapping ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrepareTestEnv ( t ) ( )
2021-06-30 23:31:54 +02:00
setting . MimeTypeMap . Map [ ".xml" ] = "text/xml"
setting . MimeTypeMap . Enabled = true
session := loginUser ( t , "user2" )
req := NewRequest ( t , "GET" , "/user2/repo2/raw/branch/master/test.xml" )
resp := session . MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , "text/xml; charset=utf-8" , resp . HeaderMap . Get ( "Content-Type" ) )
delete ( setting . MimeTypeMap . Map , ".xml" )
setting . MimeTypeMap . Enabled = false
}