2022-03-30 10:42:47 +02:00
// Copyright 2021 The Gitea Authors. All rights reserved.
2022-11-27 13:20:29 -05:00
// SPDX-License-Identifier: MIT
2022-03-30 10:42:47 +02:00
2022-09-02 15:18:23 -04:00
package integration
2022-03-30 10:42:47 +02:00
import (
"archive/zip"
"bytes"
"encoding/base64"
2022-10-13 12:19:39 +02:00
"encoding/xml"
2022-03-30 10:42:47 +02:00
"fmt"
"io"
"net/http"
2022-10-13 12:19:39 +02:00
"net/http/httptest"
2023-07-26 21:43:21 +02:00
neturl "net/url"
2023-02-11 12:30:44 +01:00
"strconv"
2022-03-30 10:42:47 +02:00
"testing"
2022-10-13 12:19:39 +02:00
"time"
2022-03-30 10:42:47 +02:00
2023-04-26 19:24:03 -05:00
auth_model "code.gitea.io/gitea/models/auth"
2022-03-30 10:42:47 +02:00
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/packages"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
nuget_module "code.gitea.io/gitea/modules/packages/nuget"
"code.gitea.io/gitea/modules/setting"
2022-09-24 17:17:08 +02:00
"code.gitea.io/gitea/modules/structs"
2022-03-30 10:42:47 +02:00
"code.gitea.io/gitea/routers/api/packages/nuget"
2022-09-02 15:18:23 -04:00
"code.gitea.io/gitea/tests"
2022-03-30 10:42:47 +02:00
"github.com/stretchr/testify/assert"
)
2023-12-22 00:59:59 +01:00
func addNuGetAPIKeyHeader ( req * RequestWrapper , token string ) {
req . SetHeader ( "X-NuGet-ApiKey" , token )
2022-08-09 16:36:49 +02:00
}
2023-07-04 20:36:08 +02:00
func decodeXML ( t testing . TB , resp * httptest . ResponseRecorder , v any ) {
2022-10-13 12:19:39 +02:00
t . Helper ( )
assert . NoError ( t , xml . NewDecoder ( resp . Body ) . Decode ( v ) )
}
2022-03-30 10:42:47 +02:00
func TestPackageNuGet ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrepareTestEnv ( t ) ( )
2022-08-09 16:36:49 +02:00
2022-10-13 12:19:39 +02:00
type FeedEntryProperties struct {
Version string ` xml:"Version" `
NormalizedVersion string ` xml:"NormalizedVersion" `
Authors string ` xml:"Authors" `
Dependencies string ` xml:"Dependencies" `
Description string ` xml:"Description" `
VersionDownloadCount nuget . TypedValue [ int64 ] ` xml:"VersionDownloadCount" `
DownloadCount nuget . TypedValue [ int64 ] ` xml:"DownloadCount" `
PackageSize nuget . TypedValue [ int64 ] ` xml:"PackageSize" `
Created nuget . TypedValue [ time . Time ] ` xml:"Created" `
LastUpdated nuget . TypedValue [ time . Time ] ` xml:"LastUpdated" `
Published nuget . TypedValue [ time . Time ] ` xml:"Published" `
ProjectURL string ` xml:"ProjectUrl,omitempty" `
ReleaseNotes string ` xml:"ReleaseNotes,omitempty" `
RequireLicenseAcceptance nuget . TypedValue [ bool ] ` xml:"RequireLicenseAcceptance" `
Title string ` xml:"Title" `
}
type FeedEntry struct {
XMLName xml . Name ` xml:"entry" `
Properties * FeedEntryProperties ` xml:"properties" `
Content string ` xml:",innerxml" `
}
2023-07-26 21:43:21 +02:00
type FeedEntryLink struct {
Rel string ` xml:"rel,attr" `
Href string ` xml:"href,attr" `
}
2022-10-13 12:19:39 +02:00
type FeedResponse struct {
2023-07-26 21:43:21 +02:00
XMLName xml . Name ` xml:"feed" `
Links [ ] FeedEntryLink ` xml:"link" `
Entries [ ] * FeedEntry ` xml:"entry" `
Count int64 ` xml:"count" `
2022-10-13 12:19:39 +02:00
}
2022-08-16 10:22:25 +08:00
user := unittest . AssertExistsAndLoadBean ( t , & user_model . User { ID : 2 } )
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
- `activitypub`
- `admin` (hidden if user is not a site admin)
- `misc`
- `notification`
- `organization`
- `package`
- `issue`
- `repository`
- `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
- `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
- `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection
### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">
## tokenRequiresScopes Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error
## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
- _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
- _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
- _This should be addressed in this PR_
- For example:
```go
m.Group("/users/{username}/orgs", func() {
m.Get("", reqToken(), org.ListUserOrgs)
m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
```
## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default
Closes #24501
Closes #24799
Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 14:57:16 -04:00
token := getUserToken ( t , user . Name , auth_model . AccessTokenScopeWritePackage )
2022-03-30 10:42:47 +02:00
packageName := "test.package"
packageVersion := "1.0.3"
packageAuthors := "KN4CK3R"
packageDescription := "Gitea Test Package"
symbolFilename := "test.pdb"
symbolID := "d910bb6948bd4c6cb40155bcf52c3c94"
2022-10-16 19:18:09 +02:00
createPackage := func ( id , version string ) io . Reader {
var buf bytes . Buffer
archive := zip . NewWriter ( & buf )
w , _ := archive . Create ( "package.nuspec" )
w . Write ( [ ] byte ( ` < ? xml version = "1.0" encoding = "utf-8" ? >
< package xmlns = "http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd" >
< metadata >
< id > ` + id + ` < / id >
< version > ` + version + ` < / version >
< authors > ` + packageAuthors + ` < / authors >
< description > ` + packageDescription + ` < / description >
< dependencies >
< group targetFramework = ".NETStandard2.0" >
< dependency id = "Microsoft.CSharp" version = "4.5.0" / >
< / group >
< / dependencies >
< / metadata >
< / package > ` ) )
archive . Close ( )
return & buf
}
2022-12-02 17:06:23 -05:00
content , _ := io . ReadAll ( createPackage ( packageName , packageVersion ) )
2022-03-30 10:42:47 +02:00
url := fmt . Sprintf ( "/api/packages/%s/nuget" , user . Name )
t . Run ( "ServiceIndex" , func ( t * testing . T ) {
2022-10-13 12:19:39 +02:00
t . Run ( "v2" , func ( t * testing . T ) {
defer tests . PrintCurrentTest ( t ) ( )
2022-09-24 17:17:08 +02:00
2022-10-13 12:19:39 +02:00
privateUser := unittest . AssertExistsAndLoadBean ( t , & user_model . User { Visibility : structs . VisibleTypePrivate } )
cases := [ ] struct {
Owner string
UseBasicAuth bool
UseTokenAuth bool
} {
{ privateUser . Name , false , false } ,
{ privateUser . Name , true , false } ,
{ privateUser . Name , false , true } ,
{ user . Name , false , false } ,
{ user . Name , true , false } ,
{ user . Name , false , true } ,
}
2022-09-24 17:17:08 +02:00
2022-10-13 12:19:39 +02:00
for _ , c := range cases {
url := fmt . Sprintf ( "/api/packages/%s/nuget" , c . Owner )
2022-09-24 17:17:08 +02:00
2022-10-13 12:19:39 +02:00
req := NewRequest ( t , "GET" , url )
if c . UseBasicAuth {
2023-12-22 00:59:59 +01:00
req . AddBasicAuth ( user . Name )
2022-10-13 12:19:39 +02:00
} else if c . UseTokenAuth {
2023-12-22 00:59:59 +01:00
addNuGetAPIKeyHeader ( req , token )
2022-10-13 12:19:39 +02:00
}
resp := MakeRequest ( t , req , http . StatusOK )
var result nuget . ServiceIndexResponseV2
decodeXML ( t , resp , & result )
assert . Equal ( t , setting . AppURL + url [ 1 : ] , result . Base )
assert . Equal ( t , "Packages" , result . Workspace . Collection . Href )
2022-09-24 17:17:08 +02:00
}
2022-10-13 12:19:39 +02:00
} )
2022-09-24 17:17:08 +02:00
2022-10-13 12:19:39 +02:00
t . Run ( "v3" , func ( t * testing . T ) {
defer tests . PrintCurrentTest ( t ) ( )
privateUser := unittest . AssertExistsAndLoadBean ( t , & user_model . User { Visibility : structs . VisibleTypePrivate } )
cases := [ ] struct {
Owner string
UseBasicAuth bool
UseTokenAuth bool
} {
{ privateUser . Name , false , false } ,
{ privateUser . Name , true , false } ,
{ privateUser . Name , false , true } ,
{ user . Name , false , false } ,
{ user . Name , true , false } ,
{ user . Name , false , true } ,
}
for _ , c := range cases {
url := fmt . Sprintf ( "/api/packages/%s/nuget" , c . Owner )
2022-09-24 17:17:08 +02:00
2022-10-13 12:19:39 +02:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/index.json" , url ) )
if c . UseBasicAuth {
2023-12-22 00:59:59 +01:00
req . AddBasicAuth ( user . Name )
2022-10-13 12:19:39 +02:00
} else if c . UseTokenAuth {
2023-12-22 00:59:59 +01:00
addNuGetAPIKeyHeader ( req , token )
2022-10-13 12:19:39 +02:00
}
resp := MakeRequest ( t , req , http . StatusOK )
var result nuget . ServiceIndexResponseV3
DecodeJSON ( t , resp , & result )
assert . Equal ( t , "3.0.0" , result . Version )
assert . NotEmpty ( t , result . Resources )
root := setting . AppURL + url [ 1 : ]
for _ , r := range result . Resources {
switch r . Type {
case "SearchQueryService" :
fallthrough
case "SearchQueryService/3.0.0-beta" :
fallthrough
case "SearchQueryService/3.0.0-rc" :
assert . Equal ( t , root + "/query" , r . ID )
case "RegistrationsBaseUrl" :
fallthrough
case "RegistrationsBaseUrl/3.0.0-beta" :
fallthrough
case "RegistrationsBaseUrl/3.0.0-rc" :
assert . Equal ( t , root + "/registration" , r . ID )
case "PackageBaseAddress/3.0.0" :
assert . Equal ( t , root + "/package" , r . ID )
case "PackagePublish/2.0.0" :
assert . Equal ( t , root , r . ID )
}
2022-09-24 17:17:08 +02:00
}
2022-03-30 10:42:47 +02:00
}
2022-10-13 12:19:39 +02:00
} )
2022-03-30 10:42:47 +02:00
} )
t . Run ( "Upload" , func ( t * testing . T ) {
t . Run ( "DependencyPackage" , func ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrintCurrentTest ( t ) ( )
2022-03-30 10:42:47 +02:00
2023-12-22 00:59:59 +01:00
req := NewRequestWithBody ( t , "PUT" , url , bytes . NewReader ( content ) ) .
AddBasicAuth ( user . Name )
2022-03-30 10:42:47 +02:00
MakeRequest ( t , req , http . StatusCreated )
pvs , err := packages . GetVersionsByPackageType ( db . DefaultContext , user . ID , packages . TypeNuGet )
assert . NoError ( t , err )
assert . Len ( t , pvs , 1 )
pd , err := packages . GetPackageDescriptor ( db . DefaultContext , pvs [ 0 ] )
assert . NoError ( t , err )
assert . NotNil ( t , pd . SemVer )
assert . IsType ( t , & nuget_module . Metadata { } , pd . Metadata )
assert . Equal ( t , packageName , pd . Package . Name )
assert . Equal ( t , packageVersion , pd . Version . Version )
pfs , err := packages . GetFilesByVersionID ( db . DefaultContext , pvs [ 0 ] . ID )
assert . NoError ( t , err )
assert . Len ( t , pfs , 1 )
assert . Equal ( t , fmt . Sprintf ( "%s.%s.nupkg" , packageName , packageVersion ) , pfs [ 0 ] . Name )
assert . True ( t , pfs [ 0 ] . IsLead )
pb , err := packages . GetBlobByID ( db . DefaultContext , pfs [ 0 ] . BlobID )
assert . NoError ( t , err )
assert . Equal ( t , int64 ( len ( content ) ) , pb . Size )
2023-12-22 00:59:59 +01:00
req = NewRequestWithBody ( t , "PUT" , url , bytes . NewReader ( content ) ) .
AddBasicAuth ( user . Name )
2022-08-03 17:22:32 +02:00
MakeRequest ( t , req , http . StatusConflict )
2022-03-30 10:42:47 +02:00
} )
t . Run ( "SymbolPackage" , func ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrintCurrentTest ( t ) ( )
2022-03-30 10:42:47 +02:00
2022-10-16 19:18:09 +02:00
createSymbolPackage := func ( id , packageType string ) io . Reader {
2022-03-30 10:42:47 +02:00
var buf bytes . Buffer
archive := zip . NewWriter ( & buf )
w , _ := archive . Create ( "package.nuspec" )
w . Write ( [ ] byte ( ` < ? xml version = "1.0" encoding = "utf-8" ? >
< package xmlns = "http://schemas.microsoft.com/packaging/2013/05/nuspec.xsd" >
< metadata >
< id > ` + id + ` < / id >
< version > ` + packageVersion + ` < / version >
< authors > ` + packageAuthors + ` < / authors >
< description > ` + packageDescription + ` < / description >
< packageTypes > < packageType name = "` + packageType + `" / > < / packageTypes >
< / metadata >
< / package > ` ) )
w , _ = archive . Create ( symbolFilename )
b , _ := base64 . StdEncoding . DecodeString ( ` QlNKQgEAAQAAAAAADAAAAFBEQiB2MS4wAAAAAAAABgB8AAAAWAAAACNQZGIAAAAA1AAAAAgBAAAj
fgAA3AEAAAQAAAAjU3RyaW5ncwAAAADgAQAABAAAACNVUwDkAQAAMAAAACNHVUlEAAAAFAIAACgB
AAAjQmxvYgAAAGm7ENm9SGxMtAFVvPUsPJTF6PbtAAAAAFcVogEJAAAAAQAAAA == ` )
w . Write ( b )
archive . Close ( )
return & buf
}
2023-12-22 00:59:59 +01:00
req := NewRequestWithBody ( t , "PUT" , fmt . Sprintf ( "%s/symbolpackage" , url ) , createSymbolPackage ( "unknown-package" , "SymbolsPackage" ) ) .
AddBasicAuth ( user . Name )
2022-03-30 10:42:47 +02:00
MakeRequest ( t , req , http . StatusNotFound )
2023-12-22 00:59:59 +01:00
req = NewRequestWithBody ( t , "PUT" , fmt . Sprintf ( "%s/symbolpackage" , url ) , createSymbolPackage ( packageName , "DummyPackage" ) ) .
AddBasicAuth ( user . Name )
2022-03-30 10:42:47 +02:00
MakeRequest ( t , req , http . StatusBadRequest )
2023-12-22 00:59:59 +01:00
req = NewRequestWithBody ( t , "PUT" , fmt . Sprintf ( "%s/symbolpackage" , url ) , createSymbolPackage ( packageName , "SymbolsPackage" ) ) .
AddBasicAuth ( user . Name )
2022-03-30 10:42:47 +02:00
MakeRequest ( t , req , http . StatusCreated )
pvs , err := packages . GetVersionsByPackageType ( db . DefaultContext , user . ID , packages . TypeNuGet )
assert . NoError ( t , err )
assert . Len ( t , pvs , 1 )
pd , err := packages . GetPackageDescriptor ( db . DefaultContext , pvs [ 0 ] )
assert . NoError ( t , err )
assert . NotNil ( t , pd . SemVer )
assert . IsType ( t , & nuget_module . Metadata { } , pd . Metadata )
assert . Equal ( t , packageName , pd . Package . Name )
assert . Equal ( t , packageVersion , pd . Version . Version )
pfs , err := packages . GetFilesByVersionID ( db . DefaultContext , pvs [ 0 ] . ID )
assert . NoError ( t , err )
assert . Len ( t , pfs , 3 )
for _ , pf := range pfs {
switch pf . Name {
case fmt . Sprintf ( "%s.%s.nupkg" , packageName , packageVersion ) :
case fmt . Sprintf ( "%s.%s.snupkg" , packageName , packageVersion ) :
assert . False ( t , pf . IsLead )
pb , err := packages . GetBlobByID ( db . DefaultContext , pf . BlobID )
assert . NoError ( t , err )
assert . Equal ( t , int64 ( 616 ) , pb . Size )
case symbolFilename :
assert . False ( t , pf . IsLead )
pb , err := packages . GetBlobByID ( db . DefaultContext , pf . BlobID )
assert . NoError ( t , err )
assert . Equal ( t , int64 ( 160 ) , pb . Size )
pps , err := packages . GetProperties ( db . DefaultContext , packages . PropertyTypeFile , pf . ID )
assert . NoError ( t , err )
assert . Len ( t , pps , 1 )
assert . Equal ( t , nuget_module . PropertySymbolID , pps [ 0 ] . Name )
assert . Equal ( t , symbolID , pps [ 0 ] . Value )
default :
2023-10-11 19:02:24 +08:00
assert . FailNow ( t , "unexpected file: %v" , pf . Name )
2022-03-30 10:42:47 +02:00
}
}
2023-12-22 00:59:59 +01:00
req = NewRequestWithBody ( t , "PUT" , fmt . Sprintf ( "%s/symbolpackage" , url ) , createSymbolPackage ( packageName , "SymbolsPackage" ) ) .
AddBasicAuth ( user . Name )
2022-08-03 17:22:32 +02:00
MakeRequest ( t , req , http . StatusConflict )
2022-03-30 10:42:47 +02:00
} )
} )
t . Run ( "Download" , func ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrintCurrentTest ( t ) ( )
2022-03-30 10:42:47 +02:00
checkDownloadCount := func ( count int64 ) {
pvs , err := packages . GetVersionsByPackageType ( db . DefaultContext , user . ID , packages . TypeNuGet )
assert . NoError ( t , err )
assert . Len ( t , pvs , 1 )
assert . Equal ( t , count , pvs [ 0 ] . DownloadCount )
}
checkDownloadCount ( 0 )
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/package/%s/%s/%s.%s.nupkg" , url , packageName , packageVersion , packageName , packageVersion ) ) .
AddBasicAuth ( user . Name )
2022-03-30 10:42:47 +02:00
resp := MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , content , resp . Body . Bytes ( ) )
2024-01-23 22:42:46 +01:00
req = NewRequest ( t , "GET" , fmt . Sprintf ( "%s/package/%s/%s/%s.nuspec" , url , packageName , packageVersion , packageName ) ) .
AddBasicAuth ( user . Name )
resp = MakeRequest ( t , req , http . StatusOK )
nuspec := ` <?xml version="1.0" encoding="UTF-8"?> ` + "\n" +
` <package xmlns="http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd"><metadata> ` +
` <id> ` + packageName + ` </id><version> ` + packageVersion + ` </version><authors> ` + packageAuthors + ` </authors><description> ` + packageDescription + ` </description> ` +
` <dependencies><group targetFramework=".NETStandard2.0"> ` +
// https://github.com/golang/go/issues/21399 go can't generate self-closing tags
` <dependency id="Microsoft.CSharp" version="4.5.0"></dependency> ` +
` </group></dependencies> ` +
` </metadata></package> `
assert . Equal ( t , nuspec , resp . Body . String ( ) )
2022-03-30 10:42:47 +02:00
checkDownloadCount ( 1 )
2023-12-22 00:59:59 +01:00
req = NewRequest ( t , "GET" , fmt . Sprintf ( "%s/package/%s/%s/%s.%s.snupkg" , url , packageName , packageVersion , packageName , packageVersion ) ) .
AddBasicAuth ( user . Name )
2022-03-30 10:42:47 +02:00
MakeRequest ( t , req , http . StatusOK )
checkDownloadCount ( 1 )
t . Run ( "Symbol" , func ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrintCurrentTest ( t ) ( )
2022-03-30 10:42:47 +02:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/symbols/%s/%sFFFFFFFF/gitea.pdb" , url , symbolFilename , symbolID ) )
MakeRequest ( t , req , http . StatusBadRequest )
2023-12-22 00:59:59 +01:00
req = NewRequest ( t , "GET" , fmt . Sprintf ( "%s/symbols/%s/%sFFFFFFFF/%s" , url , symbolFilename , "00000000000000000000000000000000" , symbolFilename ) ) .
AddBasicAuth ( user . Name )
2022-03-30 10:42:47 +02:00
MakeRequest ( t , req , http . StatusNotFound )
2023-12-22 00:59:59 +01:00
req = NewRequest ( t , "GET" , fmt . Sprintf ( "%s/symbols/%s/%sFFFFffff/%s" , url , symbolFilename , symbolID , symbolFilename ) ) .
AddBasicAuth ( user . Name )
2022-03-30 10:42:47 +02:00
MakeRequest ( t , req , http . StatusOK )
checkDownloadCount ( 1 )
} )
} )
2023-07-26 21:43:21 +02:00
containsOneNextLink := func ( t * testing . T , links [ ] FeedEntryLink ) func ( ) bool {
return func ( ) bool {
found := 0
for _ , l := range links {
if l . Rel == "next" {
found ++
u , err := neturl . Parse ( l . Href )
assert . NoError ( t , err )
q := u . Query ( )
assert . Contains ( t , q , "$skip" )
assert . Contains ( t , q , "$top" )
assert . Equal ( t , "1" , q . Get ( "$skip" ) )
assert . Equal ( t , "1" , q . Get ( "$top" ) )
}
}
return found == 1
}
}
2022-03-30 10:42:47 +02:00
t . Run ( "SearchService" , func ( t * testing . T ) {
cases := [ ] struct {
Query string
Skip int
Take int
ExpectedTotal int64
ExpectedResults int
} {
{ "" , 0 , 0 , 1 , 1 } ,
{ "" , 0 , 10 , 1 , 1 } ,
{ "gitea" , 0 , 10 , 0 , 0 } ,
{ "test" , 0 , 10 , 1 , 1 } ,
{ "test" , 1 , 10 , 1 , 0 } ,
}
2023-12-22 00:59:59 +01:00
req := NewRequestWithBody ( t , "PUT" , url , createPackage ( packageName , "1.0.99" ) ) .
AddBasicAuth ( user . Name )
2023-08-14 04:50:55 +02:00
MakeRequest ( t , req , http . StatusCreated )
2022-10-13 12:19:39 +02:00
t . Run ( "v2" , func ( t * testing . T ) {
t . Run ( "Search()" , func ( t * testing . T ) {
defer tests . PrintCurrentTest ( t ) ( )
2022-03-30 10:42:47 +02:00
2022-10-13 12:19:39 +02:00
for i , c := range cases {
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/Search()?searchTerm='%s'&$skip=%d&$top=%d" , url , c . Query , c . Skip , c . Take ) ) .
AddBasicAuth ( user . Name )
2022-10-13 12:19:39 +02:00
resp := MakeRequest ( t , req , http . StatusOK )
var result FeedResponse
decodeXML ( t , resp , & result )
assert . Equal ( t , c . ExpectedTotal , result . Count , "case %d: unexpected total hits" , i )
assert . Len ( t , result . Entries , c . ExpectedResults , "case %d: unexpected result count" , i )
2023-02-11 12:30:44 +01:00
2023-12-22 00:59:59 +01:00
req = NewRequest ( t , "GET" , fmt . Sprintf ( "%s/Search()/$count?searchTerm='%s'&$skip=%d&$top=%d" , url , c . Query , c . Skip , c . Take ) ) .
AddBasicAuth ( user . Name )
2023-02-11 12:30:44 +01:00
resp = MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , strconv . FormatInt ( c . ExpectedTotal , 10 ) , resp . Body . String ( ) , "case %d: unexpected total hits" , i )
2022-10-13 12:19:39 +02:00
}
} )
t . Run ( "Packages()" , func ( t * testing . T ) {
defer tests . PrintCurrentTest ( t ) ( )
for i , c := range cases {
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/Packages()?$filter=substringof('%s',tolower(Id))&$skip=%d&$top=%d" , url , c . Query , c . Skip , c . Take ) ) .
AddBasicAuth ( user . Name )
2022-10-13 12:19:39 +02:00
resp := MakeRequest ( t , req , http . StatusOK )
var result FeedResponse
decodeXML ( t , resp , & result )
assert . Equal ( t , c . ExpectedTotal , result . Count , "case %d: unexpected total hits" , i )
assert . Len ( t , result . Entries , c . ExpectedResults , "case %d: unexpected result count" , i )
2023-02-11 12:30:44 +01:00
2023-12-22 00:59:59 +01:00
req = NewRequest ( t , "GET" , fmt . Sprintf ( "%s/Packages()/$count?$filter=substringof('%s',tolower(Id))&$skip=%d&$top=%d" , url , c . Query , c . Skip , c . Take ) ) .
AddBasicAuth ( user . Name )
2023-02-11 12:30:44 +01:00
resp = MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , strconv . FormatInt ( c . ExpectedTotal , 10 ) , resp . Body . String ( ) , "case %d: unexpected total hits" , i )
2022-10-13 12:19:39 +02:00
}
} )
2023-07-26 21:43:21 +02:00
t . Run ( "Next" , func ( t * testing . T ) {
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/Search()?searchTerm='test'&$skip=0&$top=1" , url ) ) .
AddBasicAuth ( user . Name )
2023-07-26 21:43:21 +02:00
resp := MakeRequest ( t , req , http . StatusOK )
var result FeedResponse
decodeXML ( t , resp , & result )
assert . Condition ( t , containsOneNextLink ( t , result . Links ) )
} )
2022-10-13 12:19:39 +02:00
} )
t . Run ( "v3" , func ( t * testing . T ) {
defer tests . PrintCurrentTest ( t ) ( )
for i , c := range cases {
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/query?q=%s&skip=%d&take=%d" , url , c . Query , c . Skip , c . Take ) ) .
AddBasicAuth ( user . Name )
2022-10-13 12:19:39 +02:00
resp := MakeRequest ( t , req , http . StatusOK )
var result nuget . SearchResultResponse
DecodeJSON ( t , resp , & result )
assert . Equal ( t , c . ExpectedTotal , result . TotalHits , "case %d: unexpected total hits" , i )
assert . Len ( t , result . Data , c . ExpectedResults , "case %d: unexpected result count" , i )
}
2022-10-16 19:18:09 +02:00
t . Run ( "EnforceGrouped" , func ( t * testing . T ) {
defer tests . PrintCurrentTest ( t ) ( )
2023-12-22 00:59:59 +01:00
req := NewRequestWithBody ( t , "PUT" , url , createPackage ( packageName + ".dummy" , "1.0.0" ) ) .
AddBasicAuth ( user . Name )
2022-10-16 19:18:09 +02:00
MakeRequest ( t , req , http . StatusCreated )
2023-12-22 00:59:59 +01:00
req = NewRequest ( t , "GET" , fmt . Sprintf ( "%s/query?q=%s" , url , packageName ) ) .
AddBasicAuth ( user . Name )
2022-10-16 19:18:09 +02:00
resp := MakeRequest ( t , req , http . StatusOK )
var result nuget . SearchResultResponse
DecodeJSON ( t , resp , & result )
2023-08-14 04:50:55 +02:00
assert . EqualValues ( t , 2 , result . TotalHits )
2022-10-16 19:18:09 +02:00
assert . Len ( t , result . Data , 2 )
for _ , sr := range result . Data {
if sr . ID == packageName {
assert . Len ( t , sr . Versions , 2 )
} else {
assert . Len ( t , sr . Versions , 1 )
}
}
2023-12-22 00:59:59 +01:00
req = NewRequest ( t , "DELETE" , fmt . Sprintf ( "%s/%s/%s" , url , packageName + ".dummy" , "1.0.0" ) ) .
AddBasicAuth ( user . Name )
2022-10-16 19:18:09 +02:00
MakeRequest ( t , req , http . StatusNoContent )
} )
2022-10-13 12:19:39 +02:00
} )
2023-08-14 04:50:55 +02:00
2023-12-22 00:59:59 +01:00
req = NewRequest ( t , "DELETE" , fmt . Sprintf ( "%s/%s/%s" , url , packageName , "1.0.99" ) ) .
AddBasicAuth ( user . Name )
2023-08-14 04:50:55 +02:00
MakeRequest ( t , req , http . StatusNoContent )
2022-03-30 10:42:47 +02:00
} )
t . Run ( "RegistrationService" , func ( t * testing . T ) {
indexURL := fmt . Sprintf ( "%s%s/registration/%s/index.json" , setting . AppURL , url [ 1 : ] , packageName )
leafURL := fmt . Sprintf ( "%s%s/registration/%s/%s.json" , setting . AppURL , url [ 1 : ] , packageName , packageVersion )
contentURL := fmt . Sprintf ( "%s%s/package/%s/%s/%s.%s.nupkg" , setting . AppURL , url [ 1 : ] , packageName , packageVersion , packageName , packageVersion )
t . Run ( "RegistrationIndex" , func ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrintCurrentTest ( t ) ( )
2022-03-30 10:42:47 +02:00
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/registration/%s/index.json" , url , packageName ) ) .
AddBasicAuth ( user . Name )
2022-03-30 10:42:47 +02:00
resp := MakeRequest ( t , req , http . StatusOK )
var result nuget . RegistrationIndexResponse
DecodeJSON ( t , resp , & result )
assert . Equal ( t , indexURL , result . RegistrationIndexURL )
assert . Equal ( t , 1 , result . Count )
assert . Len ( t , result . Pages , 1 )
assert . Equal ( t , indexURL , result . Pages [ 0 ] . RegistrationPageURL )
assert . Equal ( t , packageVersion , result . Pages [ 0 ] . Lower )
assert . Equal ( t , packageVersion , result . Pages [ 0 ] . Upper )
assert . Equal ( t , 1 , result . Pages [ 0 ] . Count )
assert . Len ( t , result . Pages [ 0 ] . Items , 1 )
assert . Equal ( t , packageName , result . Pages [ 0 ] . Items [ 0 ] . CatalogEntry . ID )
assert . Equal ( t , packageVersion , result . Pages [ 0 ] . Items [ 0 ] . CatalogEntry . Version )
assert . Equal ( t , packageAuthors , result . Pages [ 0 ] . Items [ 0 ] . CatalogEntry . Authors )
assert . Equal ( t , packageDescription , result . Pages [ 0 ] . Items [ 0 ] . CatalogEntry . Description )
assert . Equal ( t , leafURL , result . Pages [ 0 ] . Items [ 0 ] . CatalogEntry . CatalogLeafURL )
assert . Equal ( t , contentURL , result . Pages [ 0 ] . Items [ 0 ] . CatalogEntry . PackageContentURL )
} )
t . Run ( "RegistrationLeaf" , func ( t * testing . T ) {
2022-10-13 12:19:39 +02:00
t . Run ( "v2" , func ( t * testing . T ) {
defer tests . PrintCurrentTest ( t ) ( )
2022-03-30 10:42:47 +02:00
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/Packages(Id='%s',Version='%s')" , url , packageName , packageVersion ) ) .
AddBasicAuth ( user . Name )
2022-10-13 12:19:39 +02:00
resp := MakeRequest ( t , req , http . StatusOK )
2022-03-30 10:42:47 +02:00
2022-10-13 12:19:39 +02:00
var result FeedEntry
decodeXML ( t , resp , & result )
assert . Equal ( t , packageName , result . Properties . Title )
assert . Equal ( t , packageVersion , result . Properties . Version )
assert . Equal ( t , packageAuthors , result . Properties . Authors )
assert . Equal ( t , packageDescription , result . Properties . Description )
assert . Equal ( t , "Microsoft.CSharp:4.5.0:.NETStandard2.0" , result . Properties . Dependencies )
} )
t . Run ( "v3" , func ( t * testing . T ) {
defer tests . PrintCurrentTest ( t ) ( )
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/registration/%s/%s.json" , url , packageName , packageVersion ) ) .
AddBasicAuth ( user . Name )
2022-10-13 12:19:39 +02:00
resp := MakeRequest ( t , req , http . StatusOK )
var result nuget . RegistrationLeafResponse
DecodeJSON ( t , resp , & result )
assert . Equal ( t , leafURL , result . RegistrationLeafURL )
assert . Equal ( t , contentURL , result . PackageContentURL )
assert . Equal ( t , indexURL , result . RegistrationIndexURL )
} )
2022-03-30 10:42:47 +02:00
} )
} )
t . Run ( "PackageService" , func ( t * testing . T ) {
2022-10-13 12:19:39 +02:00
t . Run ( "v2" , func ( t * testing . T ) {
defer tests . PrintCurrentTest ( t ) ( )
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/FindPackagesById()?id='%s'&$top=1" , url , packageName ) ) .
AddBasicAuth ( user . Name )
2022-10-13 12:19:39 +02:00
resp := MakeRequest ( t , req , http . StatusOK )
var result FeedResponse
decodeXML ( t , resp , & result )
2022-03-30 10:42:47 +02:00
2022-10-13 12:19:39 +02:00
assert . Len ( t , result . Entries , 1 )
assert . Equal ( t , packageVersion , result . Entries [ 0 ] . Properties . Version )
2023-07-26 21:43:21 +02:00
assert . Condition ( t , containsOneNextLink ( t , result . Links ) )
2023-02-11 12:30:44 +01:00
2023-12-22 00:59:59 +01:00
req = NewRequest ( t , "GET" , fmt . Sprintf ( "%s/FindPackagesById()/$count?id='%s'" , url , packageName ) ) .
AddBasicAuth ( user . Name )
2023-02-11 12:30:44 +01:00
resp = MakeRequest ( t , req , http . StatusOK )
assert . Equal ( t , "1" , resp . Body . String ( ) )
2022-10-13 12:19:39 +02:00
} )
t . Run ( "v3" , func ( t * testing . T ) {
defer tests . PrintCurrentTest ( t ) ( )
2022-03-30 10:42:47 +02:00
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/package/%s/index.json" , url , packageName ) ) .
AddBasicAuth ( user . Name )
2022-10-13 12:19:39 +02:00
resp := MakeRequest ( t , req , http . StatusOK )
var result nuget . PackageVersionsResponse
DecodeJSON ( t , resp , & result )
assert . Len ( t , result . Versions , 1 )
assert . Equal ( t , packageVersion , result . Versions [ 0 ] )
} )
2022-03-30 10:42:47 +02:00
} )
t . Run ( "Delete" , func ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrintCurrentTest ( t ) ( )
2022-03-30 10:42:47 +02:00
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "DELETE" , fmt . Sprintf ( "%s/%s/%s" , url , packageName , packageVersion ) ) .
AddBasicAuth ( user . Name )
2022-08-03 17:22:32 +02:00
MakeRequest ( t , req , http . StatusNoContent )
2022-03-30 10:42:47 +02:00
pvs , err := packages . GetVersionsByPackageType ( db . DefaultContext , user . ID , packages . TypeNuGet )
assert . NoError ( t , err )
assert . Empty ( t , pvs )
} )
t . Run ( "DownloadNotExists" , func ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrintCurrentTest ( t ) ( )
2022-03-30 10:42:47 +02:00
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "GET" , fmt . Sprintf ( "%s/package/%s/%s/%s.%s.nupkg" , url , packageName , packageVersion , packageName , packageVersion ) ) .
AddBasicAuth ( user . Name )
2022-03-30 10:42:47 +02:00
MakeRequest ( t , req , http . StatusNotFound )
2023-12-22 00:59:59 +01:00
req = NewRequest ( t , "GET" , fmt . Sprintf ( "%s/package/%s/%s/%s.%s.snupkg" , url , packageName , packageVersion , packageName , packageVersion ) ) .
AddBasicAuth ( user . Name )
2022-03-30 10:42:47 +02:00
MakeRequest ( t , req , http . StatusNotFound )
} )
t . Run ( "DeleteNotExists" , func ( t * testing . T ) {
2022-09-02 15:18:23 -04:00
defer tests . PrintCurrentTest ( t ) ( )
2022-03-30 10:42:47 +02:00
2023-12-22 00:59:59 +01:00
req := NewRequest ( t , "DELETE" , fmt . Sprintf ( "%s/package/%s/%s" , url , packageName , packageVersion ) ) .
AddBasicAuth ( user . Name )
2022-03-30 10:42:47 +02:00
MakeRequest ( t , req , http . StatusNotFound )
} )
}