gamzinav/forgejo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c08b3a8ebd
forgejo/tests/integration/api_notification_test.go

216 lines
7.4 KiB
Go
Raw Normal View History

[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
// Copyright 2020 The Gitea Authors. All rights reserved.
Implement FSFE REUSE for golang files (#21840) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-11-27 21:20:29 +03:00
// SPDX-License-Identifier: MIT
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
package integration
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
import (
"fmt"
"net/http"
"testing"
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 05:31:57 +03:00
activities_model "code.gitea.io/gitea/models/activities"
Support scoped access tokens (#20908) This PR adds the support for scopes of access tokens, mimicking the design of GitHub OAuth scopes. The changes of the core logic are in `models/auth` that `AccessToken` struct will have a `Scope` field. The normalized (no duplication of scope), comma-separated scope string will be stored in `access_token` table in the database. In `services/auth`, the scope will be stored in context, which will be used by `reqToken` middleware in API calls. Only OAuth2 tokens will have granular token scopes, while others like BasicAuth will default to scope `all`. A large amount of work happens in `routers/api/v1/api.go` and the corresponding `tests/integration` tests, that is adding necessary scopes to each of the API calls as they fit. - [x] Add `Scope` field to `AccessToken` - [x] Add access control to all API endpoints - [x] Update frontend & backend for when creating tokens - [x] Add a database migration for `scope` column (enable 'all' access to past tokens) I'm aiming to complete it before Gitea 1.19 release. Fixes #4300
2023-01-18 00:46:03 +03:00
auth_model "code.gitea.io/gitea/models/auth"
Add `context.Context` to more methods (#21546) This PR adds a context parameter to a bunch of methods. Some helper `xxxCtx()` methods got replaced with the normal name now. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-19 11:12:33 +03:00
"code.gitea.io/gitea/models/db"
Move repository model into models/repo (#17933) * Some refactors related repository model * Move more methods out of repository * Move repository into models/repo * Fix test * Fix test * some improvements * Remove unnecessary function
2021-12-10 04:27:50 +03:00
repo_model "code.gitea.io/gitea/models/repo"
Decouple unit test, remove intermediate `unittestbridge` package (#17662) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-11-16 11:53:21 +03:00
"code.gitea.io/gitea/models/unittest"
Move user related model into models/user (#17781) * Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
2021-11-24 12:49:20 +03:00
user_model "code.gitea.io/gitea/models/user"
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
api "code.gitea.io/gitea/modules/structs"
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
"code.gitea.io/gitea/tests"
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
"github.com/stretchr/testify/assert"
)
func TestAPINotification(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
defer tests.PrepareTestEnv(t)()
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
Refactor AssertExistsAndLoadBean to use generics (#20797) * Refactor AssertExistsAndLoadBean to use generics * Fix tests Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 05:22:25 +03:00
user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 05:31:57 +03:00
thread5 := unittest.AssertExistsAndLoadBean(t, &activities_model.Notification{ID: 5})
Add `context.Context` to more methods (#21546) This PR adds a context parameter to a bunch of methods. Some helper `xxxCtx()` methods got replaced with the normal name now. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-19 11:12:33 +03:00
assert.NoError(t, thread5.LoadAttributes(db.DefaultContext))
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
session := loginUser(t, user2.Name)
Redesign Scoped Access Tokens (#24767) ## Changes - Adds the following high level access scopes, each with `read` and `write` levels: - `activitypub` - `admin` (hidden if user is not a site admin) - `misc` - `notification` - `organization` - `package` - `issue` - `repository` - `user` - Adds new middleware function `tokenRequiresScopes()` in addition to `reqToken()` - `tokenRequiresScopes()` is used for each high-level api section - _if_ a scoped token is present, checks that the required scope is included based on the section and HTTP method - `reqToken()` is used for individual routes - checks that required authentication is present (but does not check scope levels as this will already have been handled by `tokenRequiresScopes()` - Adds migration to convert old scoped access tokens to the new set of scopes - Updates the user interface for scope selection ### User interface example <img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM" src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3"> <img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM" src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c"> ## tokenRequiresScopes Design Decision - `tokenRequiresScopes()` was added to more reliably cover api routes. For an incoming request, this function uses the given scope category (say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say `DELETE`) and verifies that any scoped tokens in use include `delete:organization`. - `reqToken()` is used to enforce auth for individual routes that require it. If a scoped token is not present for a request, `tokenRequiresScopes()` will not return an error ## TODO - [x] Alphabetize scope categories - [x] Change 'public repos only' to a radio button (private vs public). Also expand this to organizations - [X] Disable token creation if no scopes selected. Alternatively, show warning - [x] `reqToken()` is missing from many `POST/DELETE` routes in the api. `tokenRequiresScopes()` only checks that a given token has the correct scope, `reqToken()` must be used to check that a token (or some other auth) is present. - _This should be addressed in this PR_ - [x] The migration should be reviewed very carefully in order to minimize access changes to existing user tokens. - _This should be addressed in this PR_ - [x] Link to api to swagger documentation, clarify what read/write/delete levels correspond to - [x] Review cases where more than one scope is needed as this directly deviates from the api definition. - _This should be addressed in this PR_ - For example: ```go m.Group("/users/{username}/orgs", func() { m.Get("", reqToken(), org.ListUserOrgs) m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context_service.UserAssignmentAPI()) ``` ## Future improvements - [ ] Add required scopes to swagger documentation - [ ] Redesign `reqToken()` to be opt-out rather than opt-in - [ ] Subdivide scopes like `repository` - [ ] Once a token is created, if it has no scopes, we should display text instead of an empty bullet point - [ ] If the 'public repos only' option is selected, should read categories be selected by default Closes #24501 Closes #24799 Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 21:57:16 +03:00
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteNotification, auth_model.AccessTokenScopeWriteRepository)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
Add missing `reqToken()` to notifications endpoints (#26914) They currently throw a Internal Server Error when you use them without a token. Now they correctly return a `token is required` error. This is no security issue. If you use this endpoints with a token that don't have the correct permission, you get the correct error. This is not affected by this PR.
2023-09-05 17:43:34 +03:00
MakeRequest(t, NewRequest(t, "GET", "/api/v1/notifications"), http.StatusUnauthorized)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
// -- GET /notifications --
// test filter
format with gofumpt (#18184) * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
2022-01-20 20:46:10 +03:00
since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/notifications?since=%s", since)).
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
resp := MakeRequest(t, req, http.StatusOK)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
var apiNL []api.NotificationThread
DecodeJSON(t, resp, &apiNL)
assert.Len(t, apiNL, 1)
assert.EqualValues(t, 5, apiNL[0].ID)
// test filter
format with gofumpt (#18184) * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
2022-01-20 20:46:10 +03:00
before := "2000-01-01T01%3A06%3A59%2B00%3A00" // 946688819
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/notifications?all=%s&before=%s", "true", before)).
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
resp = MakeRequest(t, req, http.StatusOK)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
DecodeJSON(t, resp, &apiNL)
assert.Len(t, apiNL, 3)
assert.EqualValues(t, 4, apiNL[0].ID)
Fixed assert statements. (#16089)
2021-06-07 08:27:09 +03:00
assert.True(t, apiNL[0].Unread)
assert.False(t, apiNL[0].Pinned)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
assert.EqualValues(t, 3, apiNL[1].ID)
Fixed assert statements. (#16089)
2021-06-07 08:27:09 +03:00
assert.False(t, apiNL[1].Unread)
assert.True(t, apiNL[1].Pinned)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
assert.EqualValues(t, 2, apiNL[2].ID)
Fixed assert statements. (#16089)
2021-06-07 08:27:09 +03:00
assert.False(t, apiNL[2].Unread)
assert.False(t, apiNL[2].Pinned)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
// -- GET /repos/{owner}/{repo}/notifications --
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/%s/notifications?status-types=unread", user2.Name, repo1.Name)).
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
resp = MakeRequest(t, req, http.StatusOK)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
DecodeJSON(t, resp, &apiNL)
assert.Len(t, apiNL, 1)
assert.EqualValues(t, 4, apiNL[0].ID)
tests: more integration tests for notifications (#17845) Verify that multiple status-types are taken into account as expected. Refs: https://github.com/go-gitea/gitea/issues/16796
2021-12-03 22:20:41 +03:00
// -- GET /repos/{owner}/{repo}/notifications -- multiple status-types
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/%s/notifications?status-types=unread&status-types=pinned", user2.Name, repo1.Name)).
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
resp = MakeRequest(t, req, http.StatusOK)
tests: more integration tests for notifications (#17845) Verify that multiple status-types are taken into account as expected. Refs: https://github.com/go-gitea/gitea/issues/16796
2021-12-03 22:20:41 +03:00
DecodeJSON(t, resp, &apiNL)
assert.Len(t, apiNL, 2)
assert.EqualValues(t, 4, apiNL[0].ID)
assert.True(t, apiNL[0].Unread)
assert.False(t, apiNL[0].Pinned)
assert.EqualValues(t, 3, apiNL[1].ID)
assert.False(t, apiNL[1].Unread)
assert.True(t, apiNL[1].Pinned)
Add missing `reqToken()` to notifications endpoints (#26914) They currently throw a Internal Server Error when you use them without a token. Now they correctly return a `token is required` error. This is no security issue. If you use this endpoints with a token that don't have the correct permission, you get the correct error. This is not affected by this PR.
2023-09-05 17:43:34 +03:00
MakeRequest(t, NewRequest(t, "GET", fmt.Sprintf("/api/v1/notifications/threads/%d", 1)), http.StatusUnauthorized)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
// -- GET /notifications/threads/{id} --
// get forbidden
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/notifications/threads/%d", 1)).
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
MakeRequest(t, req, http.StatusForbidden)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
// get own
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/notifications/threads/%d", thread5.ID)).
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
resp = MakeRequest(t, req, http.StatusOK)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
var apiN api.NotificationThread
DecodeJSON(t, resp, &apiN)
assert.EqualValues(t, 5, apiN.ID)
Fixed assert statements. (#16089)
2021-06-07 08:27:09 +03:00
assert.False(t, apiN.Pinned)
assert.True(t, apiN.Unread)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
assert.EqualValues(t, "issue4", apiN.Subject.Title)
assert.EqualValues(t, "Issue", apiN.Subject.Type)
Even more `db.DefaultContext` refactor (#27352) Part of #27065 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: delvh <dev.lh@web.de>
2023-10-03 13:30:41 +03:00
assert.EqualValues(t, thread5.Issue.APIURL(db.DefaultContext), apiN.Subject.URL)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
assert.EqualValues(t, thread5.Repository.HTMLURL(), apiN.Repository.HTMLURL)
Add missing `reqToken()` to notifications endpoints (#26914) They currently throw a Internal Server Error when you use them without a token. Now they correctly return a `token is required` error. This is no security issue. If you use this endpoints with a token that don't have the correct permission, you get the correct error. This is not affected by this PR.
2023-09-05 17:43:34 +03:00
MakeRequest(t, NewRequest(t, "GET", "/api/v1/notifications/new"), http.StatusUnauthorized)
[Api] Check Notify (always return json) (#10059) * BEAKING: check return status based on struct not httpStatus * update Tests * CI.restart()
2020-04-11 02:49:39 +03:00
new := struct {
New int64 `json:"new"`
}{}
[API] add endpoint to check notifications [Extend #9488] (#9595) * introduce GET /notifications/new * add TEST * use Sprintf instead of path.Join * Error more verbose * return number of notifications if unreaded exist * 200 http status for available notifications
2020-01-14 18:37:19 +03:00
// -- check notifications --
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "GET", "/api/v1/notifications/new").
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
resp = MakeRequest(t, req, http.StatusOK)
[Api] Check Notify (always return json) (#10059) * BEAKING: check return status based on struct not httpStatus * update Tests * CI.restart()
2020-04-11 02:49:39 +03:00
DecodeJSON(t, resp, &new)
assert.True(t, new.New > 0)
[API] add endpoint to check notifications [Extend #9488] (#9595) * introduce GET /notifications/new * add TEST * use Sprintf instead of path.Join * Error more verbose * return number of notifications if unreaded exist * 200 http status for available notifications
2020-01-14 18:37:19 +03:00
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
// -- mark notifications as read --
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "GET", "/api/v1/notifications?status-types=unread").
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
resp = MakeRequest(t, req, http.StatusOK)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
DecodeJSON(t, resp, &apiNL)
assert.Len(t, apiNL, 2)
format with gofumpt (#18184) * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
2022-01-20 20:46:10 +03:00
lastReadAt := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801 <- only Notification 4 is in this filter ...
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/%s/notifications?last_read_at=%s", user2.Name, repo1.Name, lastReadAt)).
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
MakeRequest(t, req, http.StatusResetContent)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "GET", "/api/v1/notifications?status-types=unread").
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
resp = MakeRequest(t, req, http.StatusOK)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
DecodeJSON(t, resp, &apiNL)
assert.Len(t, apiNL, 1)
// -- PATCH /notifications/threads/{id} --
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "PATCH", fmt.Sprintf("/api/v1/notifications/threads/%d", thread5.ID)).
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
MakeRequest(t, req, http.StatusResetContent)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 05:31:57 +03:00
assert.Equal(t, activities_model.NotificationStatusUnread, thread5.Status)
thread5 = unittest.AssertExistsAndLoadBean(t, &activities_model.Notification{ID: 5})
assert.Equal(t, activities_model.NotificationStatusRead, thread5.Status)
[API] add endpoint to check notifications [Extend #9488] (#9595) * introduce GET /notifications/new * add TEST * use Sprintf instead of path.Join * Error more verbose * return number of notifications if unreaded exist * 200 http status for available notifications
2020-01-14 18:37:19 +03:00
// -- check notifications --
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "GET", "/api/v1/notifications/new").
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
resp = MakeRequest(t, req, http.StatusOK)
[Api] Check Notify (always return json) (#10059) * BEAKING: check return status based on struct not httpStatus * update Tests * CI.restart()
2020-04-11 02:49:39 +03:00
DecodeJSON(t, resp, &new)
assert.True(t, new.New == 0)
[API] Add notification endpoint (#9488) * [API] Add notification endpoints * add func GetNotifications(opts FindNotificationOptions) * add func (n *Notification) APIFormat() * add func (nl NotificationList) APIFormat() * add func (n *Notification) APIURL() * add func (nl NotificationList) APIFormat() * add LoadAttributes functions (loadRepo, loadIssue, loadComment, loadUser) * add func (c *Comment) APIURL() * add func (issue *Issue) GetLastComment() * add endpoint GET /notifications * add endpoint PUT /notifications * add endpoint GET /repos/{owner}/{repo}/notifications * add endpoint PUT /repos/{owner}/{repo}/notifications * add endpoint GET /notifications/threads/{id} * add endpoint PATCH /notifications/threads/{id} * Add TEST * code format * code format
2020-01-09 14:56:32 +03:00
}
tests: more integration tests for notifications (#17845) Verify that multiple status-types are taken into account as expected. Refs: https://github.com/go-gitea/gitea/issues/16796
2021-12-03 22:20:41 +03:00
func TestAPINotificationPUT(t *testing.T) {
Kd/ci playwright go test (#20123) * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
2022-09-02 22:18:23 +03:00
defer tests.PrepareTestEnv(t)()
tests: more integration tests for notifications (#17845) Verify that multiple status-types are taken into account as expected. Refs: https://github.com/go-gitea/gitea/issues/16796
2021-12-03 22:20:41 +03:00
Refactor AssertExistsAndLoadBean to use generics (#20797) * Refactor AssertExistsAndLoadBean to use generics * Fix tests Co-authored-by: zeripath <art27@cantab.net>
2022-08-16 05:22:25 +03:00
user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
2022-08-25 05:31:57 +03:00
thread5 := unittest.AssertExistsAndLoadBean(t, &activities_model.Notification{ID: 5})
Add `context.Context` to more methods (#21546) This PR adds a context parameter to a bunch of methods. Some helper `xxxCtx()` methods got replaced with the normal name now. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-19 11:12:33 +03:00
assert.NoError(t, thread5.LoadAttributes(db.DefaultContext))
tests: more integration tests for notifications (#17845) Verify that multiple status-types are taken into account as expected. Refs: https://github.com/go-gitea/gitea/issues/16796
2021-12-03 22:20:41 +03:00
session := loginUser(t, user2.Name)
Redesign Scoped Access Tokens (#24767) ## Changes - Adds the following high level access scopes, each with `read` and `write` levels: - `activitypub` - `admin` (hidden if user is not a site admin) - `misc` - `notification` - `organization` - `package` - `issue` - `repository` - `user` - Adds new middleware function `tokenRequiresScopes()` in addition to `reqToken()` - `tokenRequiresScopes()` is used for each high-level api section - _if_ a scoped token is present, checks that the required scope is included based on the section and HTTP method - `reqToken()` is used for individual routes - checks that required authentication is present (but does not check scope levels as this will already have been handled by `tokenRequiresScopes()` - Adds migration to convert old scoped access tokens to the new set of scopes - Updates the user interface for scope selection ### User interface example <img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM" src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3"> <img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM" src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c"> ## tokenRequiresScopes Design Decision - `tokenRequiresScopes()` was added to more reliably cover api routes. For an incoming request, this function uses the given scope category (say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say `DELETE`) and verifies that any scoped tokens in use include `delete:organization`. - `reqToken()` is used to enforce auth for individual routes that require it. If a scoped token is not present for a request, `tokenRequiresScopes()` will not return an error ## TODO - [x] Alphabetize scope categories - [x] Change 'public repos only' to a radio button (private vs public). Also expand this to organizations - [X] Disable token creation if no scopes selected. Alternatively, show warning - [x] `reqToken()` is missing from many `POST/DELETE` routes in the api. `tokenRequiresScopes()` only checks that a given token has the correct scope, `reqToken()` must be used to check that a token (or some other auth) is present. - _This should be addressed in this PR_ - [x] The migration should be reviewed very carefully in order to minimize access changes to existing user tokens. - _This should be addressed in this PR_ - [x] Link to api to swagger documentation, clarify what read/write/delete levels correspond to - [x] Review cases where more than one scope is needed as this directly deviates from the api definition. - _This should be addressed in this PR_ - For example: ```go m.Group("/users/{username}/orgs", func() { m.Get("", reqToken(), org.ListUserOrgs) m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context_service.UserAssignmentAPI()) ``` ## Future improvements - [ ] Add required scopes to swagger documentation - [ ] Redesign `reqToken()` to be opt-out rather than opt-in - [ ] Subdivide scopes like `repository` - [ ] Once a token is created, if it has no scopes, we should display text instead of an empty bullet point - [ ] If the 'public repos only' option is selected, should read categories be selected by default Closes #24501 Closes #24799 Co-authored-by: Jonathan Tran <jon@allspice.io> Co-authored-by: Kyle D <kdumontnu@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 21:57:16 +03:00
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteNotification)
tests: more integration tests for notifications (#17845) Verify that multiple status-types are taken into account as expected. Refs: https://github.com/go-gitea/gitea/issues/16796
2021-12-03 22:20:41 +03:00
// Check notifications are as expected
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req := NewRequest(t, "GET", "/api/v1/notifications?all=true").
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
resp := MakeRequest(t, req, http.StatusOK)
tests: more integration tests for notifications (#17845) Verify that multiple status-types are taken into account as expected. Refs: https://github.com/go-gitea/gitea/issues/16796
2021-12-03 22:20:41 +03:00
var apiNL []api.NotificationThread
DecodeJSON(t, resp, &apiNL)
assert.Len(t, apiNL, 4)
assert.EqualValues(t, 5, apiNL[0].ID)
assert.True(t, apiNL[0].Unread)
assert.False(t, apiNL[0].Pinned)
assert.EqualValues(t, 4, apiNL[1].ID)
assert.True(t, apiNL[1].Unread)
assert.False(t, apiNL[1].Pinned)
assert.EqualValues(t, 3, apiNL[2].ID)
assert.False(t, apiNL[2].Unread)
assert.True(t, apiNL[2].Pinned)
assert.EqualValues(t, 2, apiNL[3].ID)
assert.False(t, apiNL[3].Unread)
assert.False(t, apiNL[3].Pinned)
//
// Notification ID 2 is the only one with status-type read & pinned
// change it to unread.
//
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "PUT", "/api/v1/notifications?status-types=read&status-type=pinned&to-status=unread").
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
resp = MakeRequest(t, req, http.StatusResetContent)
tests: more integration tests for notifications (#17845) Verify that multiple status-types are taken into account as expected. Refs: https://github.com/go-gitea/gitea/issues/16796
2021-12-03 22:20:41 +03:00
DecodeJSON(t, resp, &apiNL)
assert.Len(t, apiNL, 1)
assert.EqualValues(t, 2, apiNL[0].ID)
assert.True(t, apiNL[0].Unread)
assert.False(t, apiNL[0].Pinned)
//
// Now nofication ID 2 is the first in the list and is unread.
//
Convert to url auth to header auth in tests (#28484) Related #28390
2023-12-22 02:59:59 +03:00
req = NewRequest(t, "GET", "/api/v1/notifications?all=true").
AddTokenAuth(token)
Remove session in api tests (#21984) It's no meaning to request an API route with session.
2022-12-02 06:39:42 +03:00
resp = MakeRequest(t, req, http.StatusOK)
tests: more integration tests for notifications (#17845) Verify that multiple status-types are taken into account as expected. Refs: https://github.com/go-gitea/gitea/issues/16796
2021-12-03 22:20:41 +03:00
DecodeJSON(t, resp, &apiNL)
assert.Len(t, apiNL, 4)
assert.EqualValues(t, 2, apiNL[0].ID)
assert.True(t, apiNL[0].Unread)
assert.False(t, apiNL[0].Pinned)
}
Reference in New Issue Copy Permalink