gamzinav/forgejo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
forgejo/tests/integration/api_pull_test.go

350 lines
14 KiB
Go
Raw Normal View History

Fix SQL bug in models.PullRequests
2017-06-30 12:50:57 -04:00
// Copyright 2017 The Gitea Authors. All rights reserved.
Implement FSFE REUSE for golang files (#21840) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-11-27 13:20:29 -05:00
// SPDX-License-Identifier: MIT
Fix SQL bug in models.PullRequests
2017-06-30 12:50:57 -04:00
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 15:18:23 -04:00
package integration
Fix SQL bug in models.PullRequests
2017-06-30 12:50:57 -04:00
import (
Disable merging a WIP Pull request (#4529) * prevent pull request to be merged when PR is a WIP * add tests * add helper to prepend WIP: in PR title * move default wip prefixes into settings * use configurable WIP prefixes in javascript and default to first one in templates * add documentation * add unit test on pull model Signed-off-by: Julien Tant <julien@craftyx.fr>
2018-08-13 21:04:39 +02:00
"fmt"
Remove deprecated packages & staticcheck fixes (#22012) `ioutil` is deprecated and should use `io` instead
2022-12-02 17:06:23 -05:00
"io"
Fix SQL bug in models.PullRequests
2017-06-30 12:50:57 -04:00
"net/http"
security: add permission check to 'delete branch after merge' - Add a permission check that the doer has write permissions to the head repository if the the 'delete branch after merge' is enabled when merging a pull request. - Unify the checks in the web and API router to `DeleteBranchAfterMerge`. - Added integration tests.
2024-10-23 00:48:46 +02:00
"net/url"
"strings"
Fix SQL bug in models.PullRequests
2017-06-30 12:50:57 -04:00
"testing"
Support scoped access tokens (#20908) This PR adds the support for scopes of access tokens, mimicking the design of GitHub OAuth scopes. The changes of the core logic are in `models/auth` that `AccessToken` struct will have a `Scope` field. The normalized (no duplication of scope), comma-separated scope string will be stored in `access_token` table in the database. In `services/auth`, the scope will be stored in context, which will be used by `reqToken` middleware in API calls. Only OAuth2 tokens will have granular token scopes, while others like BasicAuth will default to scope `all`. A large amount of work happens in `routers/api/v1/api.go` and the corresponding `tests/integration` tests, that is adding necessary scopes to each of the API calls as they fit. - [x] Add `Scope` field to `AccessToken` - [x] Add access control to all API endpoints - [x] Update frontend & backend for when creating tokens - [x] Add a database migration for `scope` column (enable 'all' access to past tokens) I'm aiming to complete it before Gitea 1.19 release. Fixes #4300
2023-01-17 16:46:03 -05:00
auth_model "code.gitea.io/gitea/models/auth"
Add `context.Context` to more methods (#21546) This PR adds a context parameter to a bunch of methods. Some helper `xxxCtx()` methods got replaced with the normal name now. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-19 09:12:33 +01:00
"code.gitea.io/gitea/models/db"
Move issues related files into models/issues (#19931) * Move access and repo permission to models/perm/access * fix test * fix git test * Move functions sequence * Some improvements per @KN4CK3R and @delvh * Move issues related code to models/issues * Move some issues related sub package * Merge * Fix test * Fix test * Fix test * Fix test * Rename some files
2022-06-13 17:37:59 +08:00
issues_model "code.gitea.io/gitea/models/issues"
Move repository model into models/repo (#17933) * Some refactors related repository model * Move more methods out of repository * Move repository into models/repo * Fix test * Fix test * some improvements * Remove unnecessary function
2021-12-10 09:27:50 +08:00
repo_model "code.gitea.io/gitea/models/repo"
Decouple unit test, remove intermediate `unittestbridge` package (#17662) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-11-16 16:53:21 +08:00
"code.gitea.io/gitea/models/unittest"
Move user related model into models/user (#17781) * Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
2021-11-24 17:49:20 +08:00
user_model "code.gitea.io/gitea/models/user"
Disable merging a WIP Pull request (#4529) * prevent pull request to be merged when PR is a WIP * add tests * add helper to prepend WIP: in PR title * move default wip prefixes into settings * use configurable WIP prefixes in javascript and default to first one in templates * add documentation * add unit test on pull model Signed-off-by: Julien Tant <julien@craftyx.fr>
2018-08-13 21:04:39 +02:00
"code.gitea.io/gitea/modules/setting"
Move sdk structs to modules/structs (#6905) * move sdk structs to moduels/structs * fix tests * fix fmt * fix swagger * fix vendor
2019-05-11 18:21:34 +08:00
api "code.gitea.io/gitea/modules/structs"
security: add permission check to 'delete branch after merge' - Add a permission check that the doer has write permissions to the head repository if the the 'delete branch after merge' is enabled when merging a pull request. - Unify the checks in the web and API router to `DeleteBranchAfterMerge`. - Added integration tests.
2024-10-23 00:48:46 +02:00
"code.gitea.io/gitea/modules/test"
Move modules/forms to services/forms (#15305) Forms are dependent on models and therefore should be in services. This PR also removes the old auth. aliasing Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-06 20:44:05 +01:00
"code.gitea.io/gitea/services/forms"
Move change issue title from models to issue service package (#8456) * move change issue title from models to issue service package * make the change less * fix typo
2019-10-11 14:44:43 +08:00
issue_service "code.gitea.io/gitea/services/issue"
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 15:18:23 -04:00
"code.gitea.io/gitea/tests"
Fix SQL bug in models.PullRequests
2017-06-30 12:50:57 -04:00
"github.com/stretchr/testify/assert"
Add testifylint to lint checks (#4535) go-require lint is ignored for now Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4535 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: TheFox0x7 <thefox0x7@gmail.com> Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-07-30 19:41:10 +00:00
"github.com/stretchr/testify/require"
Fix SQL bug in models.PullRequests
2017-06-30 12:50:57 -04:00
)
func TestAPIViewPulls(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 15:18:23 -04:00
defer tests.PrepareTestEnv(t)()
Refactor AssertExistsAndLoadBean to use generics (#20797) * Refactor AssertExistsAndLoadBean to use generics * Fix tests Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 10:22:25 +08:00
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
Fix SQL bug in models.PullRequests
2017-06-30 12:50:57 -04:00
Redesign Scoped Access Tokens (#24767) ## Changes - Adds the following high level access scopes, each with `read` and `write` levels: - `activitypub` - `admin` (hidden if user is not a site admin) - `misc` - `notification` - `organization` - `package` - `issue` - `repository` - `user` - Adds new middleware function `tokenRequiresScopes()` in addition to `reqToken()` - `tokenRequiresScopes()` is used for each high-level api section - _if_ a scoped token is present, checks that the required scope is included based on the section and HTTP method - `reqToken()` is used for individual routes - checks that required authentication is present (but does not check scope levels as this will already have been handled by `tokenRequiresScopes()` - Adds migration to convert old scoped access tokens to the new set of scopes - Updates the user interface for scope selection ### User interface example <img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM" src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3"> <img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM" src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c"> ## tokenRequiresScopes Design Decision - `tokenRequiresScopes()` was added to more reliably cover api routes. For an incoming request, this function uses the given scope category (say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say `DELETE`) and verifies that any scoped tokens in use include `delete:organization`. - `reqToken()` is used to enforce auth for individual routes that require it. If a scoped token is not present for a request, `tokenRequiresScopes()` will not return an error ## TODO - [x] Alphabetize scope categories - [x] Change 'public repos only' to a radio button (private vs public). Also expand this to organizations - [X] Disable token creation if no scopes selected. Alternatively, show warning - [x] `reqToken()` is missing from many `POST/DELETE` routes in the api. `tokenRequiresScopes()` only checks that a given token has the correct scope, `reqToken()` must be used to check that a token (or some other auth) is present. - _This should be addressed in this PR_ - [x] The migration should be reviewed very carefully in order to minimize access changes to existing user tokens. - _This should be addressed in this PR_ - [x] Link to api to swagger documentation, clarify what read/write/delete levels correspond to - [x] Review cases where more than one scope is needed as this directly deviates from the api definition. - _This should be addressed in this PR_ - For example: ```go m.Group("/users/{username}/orgs", func() { m.Get("", reqToken(), org.ListUserOrgs) m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context_service.UserAssignmentAPI()) ``` ## Future improvements - [ ] Add required scopes to swagger documentation - [ ] Redesign `reqToken()` to be opt-out rather than opt-in - [ ] Subdivide scopes like `repository` - [ ] Once a token is created, if it has no scopes, we should display text instead of an empty bullet point - [ ] If the 'public repos only' option is selected, should read categories be selected by default Closes #24501 Closes #24799 Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 14:57:16 -04:00
ctx := NewAPITestContext(t, "user2", repo.Name, auth_model.AccessTokenScopeReadRepository)
Add API endpoint to get changed files of a PR (#21177) This adds an api endpoint `/files` to PRs that allows to get a list of changed files. built upon #18228, reviews there are included closes https://github.com/go-gitea/gitea/issues/654 Co-authored-by: Anton Bracke <anton@ju60.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 04:27:20 +02:00
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 00:59:59 +01:00
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls?state=all", owner.Name, repo.Name).
AddTokenAuth(ctx.Token)
Add API endpoint to get changed files of a PR (#21177) This adds an api endpoint `/files` to PRs that allows to get a list of changed files. built upon #18228, reviews there are included closes https://github.com/go-gitea/gitea/issues/654 Co-authored-by: Anton Bracke <anton@ju60.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 04:27:20 +02:00
resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
Fix SQL bug in models.PullRequests
2017-06-30 12:50:57 -04:00
var pulls []*api.PullRequest
DecodeJSON(t, resp, &pulls)
Move issues related files into models/issues (#19931) * Move access and repo permission to models/perm/access * fix test * fix git test * Move functions sequence * Some improvements per @KN4CK3R and @delvh * Move issues related code to models/issues * Move some issues related sub package * Merge * Fix test * Fix test * Fix test * Fix test * Rename some files
2022-06-13 17:37:59 +08:00
expectedLen := unittest.GetCount(t, &issues_model.Issue{RepoID: repo.ID}, unittest.Cond("is_pull = ?", true))
Fix SQL bug in models.PullRequests
2017-06-30 12:50:57 -04:00
assert.Len(t, pulls, expectedLen)
Add API endpoint to get changed files of a PR (#21177) This adds an api endpoint `/files` to PRs that allows to get a list of changed files. built upon #18228, reviews there are included closes https://github.com/go-gitea/gitea/issues/654 Co-authored-by: Anton Bracke <anton@ju60.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 04:27:20 +02:00
pull := pulls[0]
if assert.EqualValues(t, 5, pull.ID) {
resp = ctx.Session.MakeRequest(t, NewRequest(t, "GET", pull.DiffURL), http.StatusOK)
Remove deprecated packages & staticcheck fixes (#22012) `ioutil` is deprecated and should use `io` instead
2022-12-02 17:06:23 -05:00
_, err := io.ReadAll(resp.Body)
Add testifylint to lint checks (#4535) go-require lint is ignored for now Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4535 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: TheFox0x7 <thefox0x7@gmail.com> Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-07-30 19:41:10 +00:00
require.NoError(t, err)
Add API endpoint to get changed files of a PR (#21177) This adds an api endpoint `/files` to PRs that allows to get a list of changed files. built upon #18228, reviews there are included closes https://github.com/go-gitea/gitea/issues/654 Co-authored-by: Anton Bracke <anton@ju60.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 04:27:20 +02:00
// TODO: use diff to generate stats to test against
t.Run(fmt.Sprintf("APIGetPullFiles_%d", pull.ID),
doAPIGetPullFiles(ctx, pull, func(t *testing.T, files []*api.ChangedFile) {
if assert.Len(t, files, 1) {
Use more specific test methods (#24265) Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io>
2023-04-22 23:56:27 +02:00
assert.Equal(t, "File-WoW", files[0].Filename)
assert.Empty(t, files[0].PreviousFilename)
Add API endpoint to get changed files of a PR (#21177) This adds an api endpoint `/files` to PRs that allows to get a list of changed files. built upon #18228, reviews there are included closes https://github.com/go-gitea/gitea/issues/654 Co-authored-by: Anton Bracke <anton@ju60.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 04:27:20 +02:00
assert.EqualValues(t, 1, files[0].Additions)
assert.EqualValues(t, 1, files[0].Changes)
assert.EqualValues(t, 0, files[0].Deletions)
Use more specific test methods (#24265) Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Giteabot <teabot@gitea.io>
2023-04-22 23:56:27 +02:00
assert.Equal(t, "added", files[0].Status)
Add API endpoint to get changed files of a PR (#21177) This adds an api endpoint `/files` to PRs that allows to get a list of changed files. built upon #18228, reviews there are included closes https://github.com/go-gitea/gitea/issues/654 Co-authored-by: Anton Bracke <anton@ju60.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 04:27:20 +02:00
}
}))
}
Fix SQL bug in models.PullRequests
2017-06-30 12:50:57 -04:00
}
Disable merging a WIP Pull request (#4529) * prevent pull request to be merged when PR is a WIP * add tests * add helper to prepend WIP: in PR title * move default wip prefixes into settings * use configurable WIP prefixes in javascript and default to first one in templates * add documentation * add unit test on pull model Signed-off-by: Julien Tant <julien@craftyx.fr>
2018-08-13 21:04:39 +02:00
Add API to get PR by base/head (#29242) Closes https://github.com/go-gitea/gitea/issues/16289 Add a new API `/repos/{owner}/{repo}/pulls/{base}/{head}` to get a PR by its base and head branch.
2024-02-26 03:39:01 +01:00
func TestAPIViewPullsByBaseHead(t *testing.T) {
defer tests.PrepareTestEnv(t)()
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
ctx := NewAPITestContext(t, "user2", repo.Name, auth_model.AccessTokenScopeReadRepository)
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls/master/branch2", owner.Name, repo.Name).
AddTokenAuth(ctx.Token)
resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
pull := &api.PullRequest{}
DecodeJSON(t, resp, pull)
assert.EqualValues(t, 3, pull.Index)
assert.EqualValues(t, 2, pull.ID)
req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls/master/branch-not-exist", owner.Name, repo.Name).
AddTokenAuth(ctx.Token)
ctx.Session.MakeRequest(t, req, http.StatusNotFound)
}
Disable merging a WIP Pull request (#4529) * prevent pull request to be merged when PR is a WIP * add tests * add helper to prepend WIP: in PR title * move default wip prefixes into settings * use configurable WIP prefixes in javascript and default to first one in templates * add documentation * add unit test on pull model Signed-off-by: Julien Tant <julien@craftyx.fr>
2018-08-13 21:04:39 +02:00
// TestAPIMergePullWIP ensures that we can't merge a WIP pull request
func TestAPIMergePullWIP(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 15:18:23 -04:00
defer tests.PrepareTestEnv(t)()
Refactor AssertExistsAndLoadBean to use generics (#20797) * Refactor AssertExistsAndLoadBean to use generics * Fix tests Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 10:22:25 +08:00
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{Status: issues_model.PullRequestStatusMergeable}, unittest.Cond("has_merged = ?", false))
Add `context.Context` to more methods (#21546) This PR adds a context parameter to a bunch of methods. Some helper `xxxCtx()` methods got replaced with the normal name now. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-19 09:12:33 +01:00
pr.LoadIssue(db.DefaultContext)
Make more functions use ctx instead of db.DefaultContext (#24068) Continue the "ctx refactoring" work. There are still a lot db.DefaultContext, incorrect context could cause database deadlock errors.
2023-04-15 02:18:28 +08:00
issue_service.ChangeTitle(db.DefaultContext, pr.Issue, owner, setting.Repository.PullRequest.WorkInProgressPrefixes[0]+" "+pr.Issue.Title)
Disable merging a WIP Pull request (#4529) * prevent pull request to be merged when PR is a WIP * add tests * add helper to prepend WIP: in PR title * move default wip prefixes into settings * use configurable WIP prefixes in javascript and default to first one in templates * add documentation * add unit test on pull model Signed-off-by: Julien Tant <julien@craftyx.fr>
2018-08-13 21:04:39 +02:00
// force reload
Add `context.Context` to more methods (#21546) This PR adds a context parameter to a bunch of methods. Some helper `xxxCtx()` methods got replaced with the normal name now. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-19 09:12:33 +01:00
pr.LoadAttributes(db.DefaultContext)
Disable merging a WIP Pull request (#4529) * prevent pull request to be merged when PR is a WIP * add tests * add helper to prepend WIP: in PR title * move default wip prefixes into settings * use configurable WIP prefixes in javascript and default to first one in templates * add documentation * add unit test on pull model Signed-off-by: Julien Tant <julien@craftyx.fr>
2018-08-13 21:04:39 +02:00
assert.Contains(t, pr.Issue.Title, setting.Repository.PullRequest.WorkInProgressPrefixes[0])
session := loginUser(t, owner.Name)
Redesign Scoped Access Tokens (#24767) ## Changes - Adds the following high level access scopes, each with `read` and `write` levels: - `activitypub` - `admin` (hidden if user is not a site admin) - `misc` - `notification` - `organization` - `package` - `issue` - `repository` - `user` - Adds new middleware function `tokenRequiresScopes()` in addition to `reqToken()` - `tokenRequiresScopes()` is used for each high-level api section - _if_ a scoped token is present, checks that the required scope is included based on the section and HTTP method - `reqToken()` is used for individual routes - checks that required authentication is present (but does not check scope levels as this will already have been handled by `tokenRequiresScopes()` - Adds migration to convert old scoped access tokens to the new set of scopes - Updates the user interface for scope selection ### User interface example <img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM" src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3"> <img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM" src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c"> ## tokenRequiresScopes Design Decision - `tokenRequiresScopes()` was added to more reliably cover api routes. For an incoming request, this function uses the given scope category (say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say `DELETE`) and verifies that any scoped tokens in use include `delete:organization`. - `reqToken()` is used to enforce auth for individual routes that require it. If a scoped token is not present for a request, `tokenRequiresScopes()` will not return an error ## TODO - [x] Alphabetize scope categories - [x] Change 'public repos only' to a radio button (private vs public). Also expand this to organizations - [X] Disable token creation if no scopes selected. Alternatively, show warning - [x] `reqToken()` is missing from many `POST/DELETE` routes in the api. `tokenRequiresScopes()` only checks that a given token has the correct scope, `reqToken()` must be used to check that a token (or some other auth) is present. - _This should be addressed in this PR_ - [x] The migration should be reviewed very carefully in order to minimize access changes to existing user tokens. - _This should be addressed in this PR_ - [x] Link to api to swagger documentation, clarify what read/write/delete levels correspond to - [x] Review cases where more than one scope is needed as this directly deviates from the api definition. - _This should be addressed in this PR_ - For example: ```go m.Group("/users/{username}/orgs", func() { m.Get("", reqToken(), org.ListUserOrgs) m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context_service.UserAssignmentAPI()) ``` ## Future improvements - [ ] Add required scopes to swagger documentation - [ ] Redesign `reqToken()` to be opt-out rather than opt-in - [ ] Subdivide scopes like `repository` - [ ] Once a token is created, if it has no scopes, we should display text instead of an empty bullet point - [ ] If the 'public repos only' option is selected, should read categories be selected by default Closes #24501 Closes #24799 Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 14:57:16 -04:00
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 00:59:59 +01:00
req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d/merge", owner.Name, repo.Name, pr.Index), &forms.MergePullRequestForm{
Disable merging a WIP Pull request (#4529) * prevent pull request to be merged when PR is a WIP * add tests * add helper to prepend WIP: in PR title * move default wip prefixes into settings * use configurable WIP prefixes in javascript and default to first one in templates * add documentation * add unit test on pull model Signed-off-by: Julien Tant <julien@craftyx.fr>
2018-08-13 21:04:39 +02:00
MergeMessageField: pr.Issue.Title,
Move repository model into models/repo (#17933) * Some refactors related repository model * Move more methods out of repository * Move repository into models/repo * Fix test * Fix test * some improvements * Remove unnecessary function
2021-12-10 09:27:50 +08:00
Do: string(repo_model.MergeStyleMerge),
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 00:59:59 +01:00
}).AddTokenAuth(token)
Disable merging a WIP Pull request (#4529) * prevent pull request to be merged when PR is a WIP * add tests * add helper to prepend WIP: in PR title * move default wip prefixes into settings * use configurable WIP prefixes in javascript and default to first one in templates * add documentation * add unit test on pull model Signed-off-by: Julien Tant <julien@craftyx.fr>
2018-08-13 21:04:39 +02:00
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 11:39:42 +08:00
MakeRequest(t, req, http.StatusMethodNotAllowed)
Disable merging a WIP Pull request (#4529) * prevent pull request to be merged when PR is a WIP * add tests * add helper to prepend WIP: in PR title * move default wip prefixes into settings * use configurable WIP prefixes in javascript and default to first one in templates * add documentation * add unit test on pull model Signed-off-by: Julien Tant <julien@craftyx.fr>
2018-08-13 21:04:39 +02:00
}
Fix 404 when send pull request some situation (#6871)
2019-05-08 01:20:23 +08:00
Add option to API to update PullRequest base branch (#11666) * EditPull: add option to change base Close #11552
2020-06-07 21:13:40 +02:00
func TestAPICreatePullSuccess(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 15:18:23 -04:00
defer tests.PrepareTestEnv(t)()
Refactor AssertExistsAndLoadBean to use generics (#20797) * Refactor AssertExistsAndLoadBean to use generics * Fix tests Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 10:22:25 +08:00
repo10 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 10})
Fix 404 when send pull request some situation (#6871)
2019-05-08 01:20:23 +08:00
// repo10 have code, pulls units.
Refactor AssertExistsAndLoadBean to use generics (#20797) * Refactor AssertExistsAndLoadBean to use generics * Fix tests Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 10:22:25 +08:00
repo11 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 11})
Fix 404 when send pull request some situation (#6871)
2019-05-08 01:20:23 +08:00
// repo11 only have code unit but should still create pulls
Refactor AssertExistsAndLoadBean to use generics (#20797) * Refactor AssertExistsAndLoadBean to use generics * Fix tests Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 10:22:25 +08:00
owner10 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo10.OwnerID})
owner11 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo11.OwnerID})
Fix 404 when send pull request some situation (#6871)
2019-05-08 01:20:23 +08:00
session := loginUser(t, owner11.Name)
Redesign Scoped Access Tokens (#24767) ## Changes - Adds the following high level access scopes, each with `read` and `write` levels: - `activitypub` - `admin` (hidden if user is not a site admin) - `misc` - `notification` - `organization` - `package` - `issue` - `repository` - `user` - Adds new middleware function `tokenRequiresScopes()` in addition to `reqToken()` - `tokenRequiresScopes()` is used for each high-level api section - _if_ a scoped token is present, checks that the required scope is included based on the section and HTTP method - `reqToken()` is used for individual routes - checks that required authentication is present (but does not check scope levels as this will already have been handled by `tokenRequiresScopes()` - Adds migration to convert old scoped access tokens to the new set of scopes - Updates the user interface for scope selection ### User interface example <img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM" src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3"> <img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM" src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c"> ## tokenRequiresScopes Design Decision - `tokenRequiresScopes()` was added to more reliably cover api routes. For an incoming request, this function uses the given scope category (say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say `DELETE`) and verifies that any scoped tokens in use include `delete:organization`. - `reqToken()` is used to enforce auth for individual routes that require it. If a scoped token is not present for a request, `tokenRequiresScopes()` will not return an error ## TODO - [x] Alphabetize scope categories - [x] Change 'public repos only' to a radio button (private vs public). Also expand this to organizations - [X] Disable token creation if no scopes selected. Alternatively, show warning - [x] `reqToken()` is missing from many `POST/DELETE` routes in the api. `tokenRequiresScopes()` only checks that a given token has the correct scope, `reqToken()` must be used to check that a token (or some other auth) is present. - _This should be addressed in this PR_ - [x] The migration should be reviewed very carefully in order to minimize access changes to existing user tokens. - _This should be addressed in this PR_ - [x] Link to api to swagger documentation, clarify what read/write/delete levels correspond to - [x] Review cases where more than one scope is needed as this directly deviates from the api definition. - _This should be addressed in this PR_ - For example: ```go m.Group("/users/{username}/orgs", func() { m.Get("", reqToken(), org.ListUserOrgs) m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context_service.UserAssignmentAPI()) ``` ## Future improvements - [ ] Add required scopes to swagger documentation - [ ] Redesign `reqToken()` to be opt-out rather than opt-in - [ ] Subdivide scopes like `repository` - [ ] Once a token is created, if it has no scopes, we should display text instead of an empty bullet point - [ ] If the 'public repos only' option is selected, should read categories be selected by default Closes #24501 Closes #24799 Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 14:57:16 -04:00
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 00:59:59 +01:00
req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls", owner10.Name, repo10.Name), &api.CreatePullRequestOption{
Fix 404 when send pull request some situation (#6871)
2019-05-08 01:20:23 +08:00
Head: fmt.Sprintf("%s:master", owner11.Name),
Base: "master",
Title: "create a failure pr",
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 00:59:59 +01:00
}).AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 11:39:42 +08:00
MakeRequest(t, req, http.StatusCreated)
MakeRequest(t, req, http.StatusUnprocessableEntity) // second request should fail
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
}
Fix PR creation via api between branches of same repo with head field namespaced (#26986) Fix #20175 Current implementation of API does not allow creating pull requests between branches of the same repo when you specify *namespace* (owner of the repo) in `head` field in http request body. --- Although GitHub implementation of API allows performing such action and since Gitea targeting compatibility with GitHub API I see it as an appropriate change. I'm proposing a fix to the described problem and test case which covers this logic. My use-case just in case: https://github.com/go-gitea/gitea/issues/20175#issuecomment-1711283022 (cherry picked from commit ed02d1fab85c9b8206c0af84dcfc3792e61609cf)
2024-03-17 06:56:49 +03:00
func TestAPICreatePullSameRepoSuccess(t *testing.T) {
defer tests.PrepareTestEnv(t)()
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
session := loginUser(t, owner.Name)
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls", owner.Name, repo.Name), &api.CreatePullRequestOption{
Head: fmt.Sprintf("%s:pr-to-update", owner.Name),
Base: "master",
Title: "successfully create a PR between branches of the same repository",
}).AddTokenAuth(token)
MakeRequest(t, req, http.StatusCreated)
MakeRequest(t, req, http.StatusUnprocessableEntity) // second request should fail
}
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
func TestAPICreatePullWithFieldsSuccess(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 15:18:23 -04:00
defer tests.PrepareTestEnv(t)()
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
// repo10 have code, pulls units.
Refactor AssertExistsAndLoadBean to use generics (#20797) * Refactor AssertExistsAndLoadBean to use generics * Fix tests Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 10:22:25 +08:00
repo10 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 10})
owner10 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo10.OwnerID})
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
// repo11 only have code unit but should still create pulls
Refactor AssertExistsAndLoadBean to use generics (#20797) * Refactor AssertExistsAndLoadBean to use generics * Fix tests Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 10:22:25 +08:00
repo11 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 11})
owner11 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo11.OwnerID})
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
session := loginUser(t, owner11.Name)
Redesign Scoped Access Tokens (#24767) ## Changes - Adds the following high level access scopes, each with `read` and `write` levels: - `activitypub` - `admin` (hidden if user is not a site admin) - `misc` - `notification` - `organization` - `package` - `issue` - `repository` - `user` - Adds new middleware function `tokenRequiresScopes()` in addition to `reqToken()` - `tokenRequiresScopes()` is used for each high-level api section - _if_ a scoped token is present, checks that the required scope is included based on the section and HTTP method - `reqToken()` is used for individual routes - checks that required authentication is present (but does not check scope levels as this will already have been handled by `tokenRequiresScopes()` - Adds migration to convert old scoped access tokens to the new set of scopes - Updates the user interface for scope selection ### User interface example <img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM" src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3"> <img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM" src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c"> ## tokenRequiresScopes Design Decision - `tokenRequiresScopes()` was added to more reliably cover api routes. For an incoming request, this function uses the given scope category (say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say `DELETE`) and verifies that any scoped tokens in use include `delete:organization`. - `reqToken()` is used to enforce auth for individual routes that require it. If a scoped token is not present for a request, `tokenRequiresScopes()` will not return an error ## TODO - [x] Alphabetize scope categories - [x] Change 'public repos only' to a radio button (private vs public). Also expand this to organizations - [X] Disable token creation if no scopes selected. Alternatively, show warning - [x] `reqToken()` is missing from many `POST/DELETE` routes in the api. `tokenRequiresScopes()` only checks that a given token has the correct scope, `reqToken()` must be used to check that a token (or some other auth) is present. - _This should be addressed in this PR_ - [x] The migration should be reviewed very carefully in order to minimize access changes to existing user tokens. - _This should be addressed in this PR_ - [x] Link to api to swagger documentation, clarify what read/write/delete levels correspond to - [x] Review cases where more than one scope is needed as this directly deviates from the api definition. - _This should be addressed in this PR_ - For example: ```go m.Group("/users/{username}/orgs", func() { m.Get("", reqToken(), org.ListUserOrgs) m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context_service.UserAssignmentAPI()) ``` ## Future improvements - [ ] Add required scopes to swagger documentation - [ ] Redesign `reqToken()` to be opt-out rather than opt-in - [ ] Subdivide scopes like `repository` - [ ] Once a token is created, if it has no scopes, we should display text instead of an empty bullet point - [ ] If the 'public repos only' option is selected, should read categories be selected by default Closes #24501 Closes #24799 Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 14:57:16 -04:00
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
opts := &api.CreatePullRequestOption{
Head: fmt.Sprintf("%s:master", owner11.Name),
Base: "master",
Title: "create a failure pr",
Body: "foobaaar",
Milestone: 5,
Assignees: []string{owner10.Name},
Labels: []int64{5},
}
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 00:59:59 +01:00
req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls", owner10.Name, repo10.Name), opts).
AddTokenAuth(token)
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 11:39:42 +08:00
res := MakeRequest(t, req, http.StatusCreated)
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
pull := new(api.PullRequest)
DecodeJSON(t, res, pull)
assert.NotNil(t, pull.Milestone)
assert.EqualValues(t, opts.Milestone, pull.Milestone.ID)
if assert.Len(t, pull.Assignees, 1) {
assert.EqualValues(t, opts.Assignees[0], owner10.Name)
}
assert.NotNil(t, pull.Labels)
assert.EqualValues(t, opts.Labels[0], pull.Labels[0].ID)
}
func TestAPICreatePullWithFieldsFailure(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 15:18:23 -04:00
defer tests.PrepareTestEnv(t)()
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
// repo10 have code, pulls units.
Refactor AssertExistsAndLoadBean to use generics (#20797) * Refactor AssertExistsAndLoadBean to use generics * Fix tests Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 10:22:25 +08:00
repo10 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 10})
owner10 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo10.OwnerID})
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
// repo11 only have code unit but should still create pulls
Refactor AssertExistsAndLoadBean to use generics (#20797) * Refactor AssertExistsAndLoadBean to use generics * Fix tests Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 10:22:25 +08:00
repo11 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 11})
owner11 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo11.OwnerID})
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
session := loginUser(t, owner11.Name)
Redesign Scoped Access Tokens (#24767) ## Changes - Adds the following high level access scopes, each with `read` and `write` levels: - `activitypub` - `admin` (hidden if user is not a site admin) - `misc` - `notification` - `organization` - `package` - `issue` - `repository` - `user` - Adds new middleware function `tokenRequiresScopes()` in addition to `reqToken()` - `tokenRequiresScopes()` is used for each high-level api section - _if_ a scoped token is present, checks that the required scope is included based on the section and HTTP method - `reqToken()` is used for individual routes - checks that required authentication is present (but does not check scope levels as this will already have been handled by `tokenRequiresScopes()` - Adds migration to convert old scoped access tokens to the new set of scopes - Updates the user interface for scope selection ### User interface example <img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM" src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3"> <img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM" src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c"> ## tokenRequiresScopes Design Decision - `tokenRequiresScopes()` was added to more reliably cover api routes. For an incoming request, this function uses the given scope category (say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say `DELETE`) and verifies that any scoped tokens in use include `delete:organization`. - `reqToken()` is used to enforce auth for individual routes that require it. If a scoped token is not present for a request, `tokenRequiresScopes()` will not return an error ## TODO - [x] Alphabetize scope categories - [x] Change 'public repos only' to a radio button (private vs public). Also expand this to organizations - [X] Disable token creation if no scopes selected. Alternatively, show warning - [x] `reqToken()` is missing from many `POST/DELETE` routes in the api. `tokenRequiresScopes()` only checks that a given token has the correct scope, `reqToken()` must be used to check that a token (or some other auth) is present. - _This should be addressed in this PR_ - [x] The migration should be reviewed very carefully in order to minimize access changes to existing user tokens. - _This should be addressed in this PR_ - [x] Link to api to swagger documentation, clarify what read/write/delete levels correspond to - [x] Review cases where more than one scope is needed as this directly deviates from the api definition. - _This should be addressed in this PR_ - For example: ```go m.Group("/users/{username}/orgs", func() { m.Get("", reqToken(), org.ListUserOrgs) m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context_service.UserAssignmentAPI()) ``` ## Future improvements - [ ] Add required scopes to swagger documentation - [ ] Redesign `reqToken()` to be opt-out rather than opt-in - [ ] Subdivide scopes like `repository` - [ ] Once a token is created, if it has no scopes, we should display text instead of an empty bullet point - [ ] If the 'public repos only' option is selected, should read categories be selected by default Closes #24501 Closes #24799 Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 14:57:16 -04:00
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
opts := &api.CreatePullRequestOption{
Head: fmt.Sprintf("%s:master", owner11.Name),
Base: "master",
}
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 00:59:59 +01:00
req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls", owner10.Name, repo10.Name), opts).
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 11:39:42 +08:00
MakeRequest(t, req, http.StatusUnprocessableEntity)
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
opts.Title = "is required"
opts.Milestone = 666
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 11:39:42 +08:00
MakeRequest(t, req, http.StatusUnprocessableEntity)
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
opts.Milestone = 5
opts.Assignees = []string{"qweruqweroiuyqweoiruywqer"}
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 11:39:42 +08:00
MakeRequest(t, req, http.StatusUnprocessableEntity)
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
opts.Assignees = []string{owner10.LoginName}
opts.Labels = []int64{55555}
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 11:39:42 +08:00
MakeRequest(t, req, http.StatusUnprocessableEntity)
API: fix set milestone on PR creation (#14981) * API: fix set milestone on PR creation pr creation via API failed with 404, because we searched for milestoneID 0, due to uninitialized var usage D: * add tests * fix expected status codes * fix tests Co-authored-by: 6543 <6543@obermui.de>
2021-03-13 18:06:52 +00:00
opts.Labels = []int64{5}
Fix 404 when send pull request some situation (#6871)
2019-05-08 01:20:23 +08:00
}
Add option to API to update PullRequest base branch (#11666) * EditPull: add option to change base Close #11552
2020-06-07 21:13:40 +02:00
func TestAPIEditPull(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 15:18:23 -04:00
defer tests.PrepareTestEnv(t)()
Refactor AssertExistsAndLoadBean to use generics (#20797) * Refactor AssertExistsAndLoadBean to use generics * Fix tests Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 10:22:25 +08:00
repo10 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 10})
owner10 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo10.OwnerID})
Fix 404 when send pull request some situation (#6871)
2019-05-08 01:20:23 +08:00
session := loginUser(t, owner10.Name)
Redesign Scoped Access Tokens (#24767) ## Changes - Adds the following high level access scopes, each with `read` and `write` levels: - `activitypub` - `admin` (hidden if user is not a site admin) - `misc` - `notification` - `organization` - `package` - `issue` - `repository` - `user` - Adds new middleware function `tokenRequiresScopes()` in addition to `reqToken()` - `tokenRequiresScopes()` is used for each high-level api section - _if_ a scoped token is present, checks that the required scope is included based on the section and HTTP method - `reqToken()` is used for individual routes - checks that required authentication is present (but does not check scope levels as this will already have been handled by `tokenRequiresScopes()` - Adds migration to convert old scoped access tokens to the new set of scopes - Updates the user interface for scope selection ### User interface example <img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM" src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3"> <img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM" src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c"> ## tokenRequiresScopes Design Decision - `tokenRequiresScopes()` was added to more reliably cover api routes. For an incoming request, this function uses the given scope category (say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say `DELETE`) and verifies that any scoped tokens in use include `delete:organization`. - `reqToken()` is used to enforce auth for individual routes that require it. If a scoped token is not present for a request, `tokenRequiresScopes()` will not return an error ## TODO - [x] Alphabetize scope categories - [x] Change 'public repos only' to a radio button (private vs public). Also expand this to organizations - [X] Disable token creation if no scopes selected. Alternatively, show warning - [x] `reqToken()` is missing from many `POST/DELETE` routes in the api. `tokenRequiresScopes()` only checks that a given token has the correct scope, `reqToken()` must be used to check that a token (or some other auth) is present. - _This should be addressed in this PR_ - [x] The migration should be reviewed very carefully in order to minimize access changes to existing user tokens. - _This should be addressed in this PR_ - [x] Link to api to swagger documentation, clarify what read/write/delete levels correspond to - [x] Review cases where more than one scope is needed as this directly deviates from the api definition. - _This should be addressed in this PR_ - For example: ```go m.Group("/users/{username}/orgs", func() { m.Get("", reqToken(), org.ListUserOrgs) m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context_service.UserAssignmentAPI()) ``` ## Future improvements - [ ] Add required scopes to swagger documentation - [ ] Redesign `reqToken()` to be opt-out rather than opt-in - [ ] Subdivide scopes like `repository` - [ ] Once a token is created, if it has no scopes, we should display text instead of an empty bullet point - [ ] If the 'public repos only' option is selected, should read categories be selected by default Closes #24501 Closes #24799 Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 14:57:16 -04:00
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
Fix no edit history after editing issue's title and content (#30814) Fix #30807 reuse functions in services (cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26) Conflicts: models/issues/issue_update.go routers/api/v1/repo/issue.go trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-03 15:11:51 +09:00
title := "create a success pr"
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 00:59:59 +01:00
req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls", owner10.Name, repo10.Name), &api.CreatePullRequestOption{
Fix 404 when send pull request some situation (#6871)
2019-05-08 01:20:23 +08:00
Head: "develop",
Base: "master",
Fix no edit history after editing issue's title and content (#30814) Fix #30807 reuse functions in services (cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26) Conflicts: models/issues/issue_update.go routers/api/v1/repo/issue.go trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-03 15:11:51 +09:00
Title: title,
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 00:59:59 +01:00
}).AddTokenAuth(token)
Fix no edit history after editing issue's title and content (#30814) Fix #30807 reuse functions in services (cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26) Conflicts: models/issues/issue_update.go routers/api/v1/repo/issue.go trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-03 15:11:51 +09:00
apiPull := new(api.PullRequest)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 11:39:42 +08:00
resp := MakeRequest(t, req, http.StatusCreated)
Fix no edit history after editing issue's title and content (#30814) Fix #30807 reuse functions in services (cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26) Conflicts: models/issues/issue_update.go routers/api/v1/repo/issue.go trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-03 15:11:51 +09:00
DecodeJSON(t, resp, apiPull)
assert.EqualValues(t, "master", apiPull.Base.Name)
Add option to API to update PullRequest base branch (#11666) * EditPull: add option to change base Close #11552
2020-06-07 21:13:40 +02:00
Fix no edit history after editing issue's title and content (#30814) Fix #30807 reuse functions in services (cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26) Conflicts: models/issues/issue_update.go routers/api/v1/repo/issue.go trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-03 15:11:51 +09:00
newTitle := "edit a this pr"
newBody := "edited body"
fix(api): issue state change is not idempotent The PATCH if issue & pull request switched to use the service functions instead. However, the service function changing the state is not idempotent. Instead of doing nothing which changing from open to open or close to close, it will fail with an error like: Issue [2472] 0 was already closed Regression of: 6a4bc0289db5d5d791864f45ed9bb47b6bc8d2fe Fixes: https://codeberg.org/forgejo/forgejo/issues/4686
2024-07-25 15:16:44 +02:00
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d", owner10.Name, repo10.Name, apiPull.Index)
req = NewRequestWithJSON(t, http.MethodPatch, urlStr, &api.EditPullRequestOption{
Add option to API to update PullRequest base branch (#11666) * EditPull: add option to change base Close #11552
2020-06-07 21:13:40 +02:00
Base: "feature/1",
Fix no edit history after editing issue's title and content (#30814) Fix #30807 reuse functions in services (cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26) Conflicts: models/issues/issue_update.go routers/api/v1/repo/issue.go trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-03 15:11:51 +09:00
Title: newTitle,
Body: &newBody,
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 00:59:59 +01:00
}).AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 11:39:42 +08:00
resp = MakeRequest(t, req, http.StatusCreated)
Fix no edit history after editing issue's title and content (#30814) Fix #30807 reuse functions in services (cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26) Conflicts: models/issues/issue_update.go routers/api/v1/repo/issue.go trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-03 15:11:51 +09:00
DecodeJSON(t, resp, apiPull)
assert.EqualValues(t, "feature/1", apiPull.Base.Name)
// check comment history
pull := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: apiPull.ID})
err := pull.LoadIssue(db.DefaultContext)
Add testifylint to lint checks (#4535) go-require lint is ignored for now Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4535 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: TheFox0x7 <thefox0x7@gmail.com> Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-07-30 19:41:10 +00:00
require.NoError(t, err)
Fix no edit history after editing issue's title and content (#30814) Fix #30807 reuse functions in services (cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26) Conflicts: models/issues/issue_update.go routers/api/v1/repo/issue.go trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-03 15:11:51 +09:00
unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{IssueID: pull.Issue.ID, OldTitle: title, NewTitle: newTitle})
unittest.AssertExistsAndLoadBean(t, &issues_model.ContentHistory{IssueID: pull.Issue.ID, ContentText: newBody, IsFirstCreated: false})
Fix 404 when send pull request some situation (#6871)
2019-05-08 01:20:23 +08:00
fix(api): issue state change is not idempotent The PATCH if issue & pull request switched to use the service functions instead. However, the service function changing the state is not idempotent. Instead of doing nothing which changing from open to open or close to close, it will fail with an error like: Issue [2472] 0 was already closed Regression of: 6a4bc0289db5d5d791864f45ed9bb47b6bc8d2fe Fixes: https://codeberg.org/forgejo/forgejo/issues/4686
2024-07-25 15:16:44 +02:00
// verify the idempotency of a state change
pullState := string(apiPull.State)
req = NewRequestWithJSON(t, http.MethodPatch, urlStr, &api.EditPullRequestOption{
State: &pullState,
}).AddTokenAuth(token)
apiPullIdempotent := new(api.PullRequest)
resp = MakeRequest(t, req, http.StatusCreated)
DecodeJSON(t, resp, apiPullIdempotent)
assert.EqualValues(t, apiPull.State, apiPullIdempotent.State)
req = NewRequestWithJSON(t, http.MethodPatch, urlStr, &api.EditPullRequestOption{
Add option to API to update PullRequest base branch (#11666) * EditPull: add option to change base Close #11552
2020-06-07 21:13:40 +02:00
Base: "not-exist",
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 00:59:59 +01:00
}).AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 11:39:42 +08:00
MakeRequest(t, req, http.StatusNotFound)
Fix 404 when send pull request some situation (#6871)
2019-05-08 01:20:23 +08:00
}
Add API endpoint to get changed files of a PR (#21177) This adds an api endpoint `/files` to PRs that allows to get a list of changed files. built upon #18228, reviews there are included closes https://github.com/go-gitea/gitea/issues/654 Co-authored-by: Anton Bracke <anton@ju60.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 04:27:20 +02:00
[TESTS] add TestAPIForkDifferentName Refs: https://codeberg.org/forgejo/forgejo/pulls/1719 (cherry picked from commit ed3413891523b07d4da47347b632ad3a3c7bd16f) (cherry picked from commit 166d769a6eda0cece2ccbfd3c12f1fce41e2c5b8) (cherry picked from commit 8da818646c7c129b9a61b9b983f20ab1af897bc4) (cherry picked from commit 95c9d6ede40f3aab7578f38b1881a2472fd20931) (cherry picked from commit 505ffa2cc444d5917d394a2cebd5e4554d6a0370) (cherry picked from commit 602bf1fa7f2f3d4db73dbab83ba889a6b9701427) [TESTS] add TestAPIForkDifferentName (squash) do not use token= query param See https://codeberg.org/forgejo/forgejo/commit/33439b733a (cherry picked from commit d600fabdbcaa8eb01e7b0f6bf337fa1aa844c2da) (cherry picked from commit 40c1130c410359ab007c2b92081856ca0f805c55) (cherry picked from commit 7b254f84cfd3aa58ee80d7ea8ae0e1c9636cdc3e) (cherry picked from commit af15c5a60a773b4af8760f94b82ab704f19a29be) (cherry picked from commit 852b42bc7a48620efd778cea728374cc1e325451) (cherry picked from commit 90b3d0ca09a2057265ee371767232496399168ce)
2023-11-04 15:23:44 -03:00
func TestAPIForkDifferentName(t *testing.T) {
defer tests.PrepareTestEnv(t)()
// Step 1: get a repo and a user that can fork this repo
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
session := loginUser(t, user.Name)
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
// Step 2: fork this repo with another name
forkName := "myfork"
req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/forks", owner.Name, repo.Name),
&api.CreateForkOption{Name: &forkName}).AddTokenAuth(token)
MakeRequest(t, req, http.StatusAccepted)
// Step 3: make a PR onto the original repo, it should succeed
req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/pulls?state=all", owner.Name, repo.Name),
&api.CreatePullRequestOption{Head: user.Name + ":master", Base: "master", Title: "hi"}).AddTokenAuth(token)
MakeRequest(t, req, http.StatusCreated)
}
Add API endpoint to get changed files of a PR (#21177) This adds an api endpoint `/files` to PRs that allows to get a list of changed files. built upon #18228, reviews there are included closes https://github.com/go-gitea/gitea/issues/654 Co-authored-by: Anton Bracke <anton@ju60.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 04:27:20 +02:00
func doAPIGetPullFiles(ctx APITestContext, pr *api.PullRequest, callback func(*testing.T, []*api.ChangedFile)) func(*testing.T) {
return func(t *testing.T) {
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 00:59:59 +01:00
req := NewRequest(t, http.MethodGet, fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d/files", ctx.Username, ctx.Reponame, pr.Index)).
AddTokenAuth(ctx.Token)
Add API endpoint to get changed files of a PR (#21177) This adds an api endpoint `/files` to PRs that allows to get a list of changed files. built upon #18228, reviews there are included closes https://github.com/go-gitea/gitea/issues/654 Co-authored-by: Anton Bracke <anton@ju60.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 04:27:20 +02:00
if ctx.ExpectedCode == 0 {
ctx.ExpectedCode = http.StatusOK
}
resp := ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
files := make([]*api.ChangedFile, 0, 1)
DecodeJSON(t, resp, &files)
if callback != nil {
callback(t, files)
}
}
}
security: add permission check to 'delete branch after merge' - Add a permission check that the doer has write permissions to the head repository if the the 'delete branch after merge' is enabled when merging a pull request. - Unify the checks in the web and API router to `DeleteBranchAfterMerge`. - Added integration tests.
2024-10-23 00:48:46 +02:00
func TestAPIPullDeleteBranchPerms(t *testing.T) {
onGiteaRun(t, func(t *testing.T, giteaURL *url.URL) {
user2Session := loginUser(t, "user2")
user4Session := loginUser(t, "user4")
testRepoFork(t, user4Session, "user2", "repo1", "user4", "repo1")
testEditFileToNewBranch(t, user2Session, "user2", "repo1", "master", "base-pr", "README.md", "Hello, World\n(Edited - base PR)\n")
req := NewRequestWithValues(t, "POST", "/user4/repo1/compare/master...user2/repo1:base-pr", map[string]string{
"_csrf": GetCSRF(t, user4Session, "/user4/repo1/compare/master...user2/repo1:base-pr"),
"title": "Testing PR",
})
resp := user4Session.MakeRequest(t, req, http.StatusOK)
elem := strings.Split(test.RedirectURL(resp), "/")
token := getTokenForLoggedInUser(t, user4Session, auth_model.AccessTokenScopeWriteRepository)
req = NewRequestWithValues(t, "POST", "/api/v1/repos/user4/repo1/pulls/"+elem[4]+"/merge", map[string]string{
"do": "merge",
"delete_branch_after_merge": "on",
}).AddTokenAuth(token)
resp = user4Session.MakeRequest(t, req, http.StatusForbidden)
type userResponse struct {
Message string `json:"message"`
}
var bodyResp userResponse
DecodeJSON(t, resp, &bodyResp)
assert.EqualValues(t, "insufficient permission to delete head branch", bodyResp.Message)
// Check that the branch still exist.
req = NewRequest(t, "GET", "/api/v1/repos/user2/repo1/branches/base-pr").AddTokenAuth(token)
user4Session.MakeRequest(t, req, http.StatusOK)
})
}
Reference in New Issue Copy Permalink