2019-04-17 19:06:35 +03:00
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"fmt"
"net/http"
2019-05-11 18:29:17 +03:00
"net/url"
2019-04-17 19:06:35 +03:00
"testing"
"code.gitea.io/gitea/models"
2021-09-19 14:49:59 +03:00
"code.gitea.io/gitea/models/db"
2019-05-11 13:21:34 +03:00
api "code.gitea.io/gitea/modules/structs"
2019-04-17 19:06:35 +03:00
"github.com/stretchr/testify/assert"
)
func getDeleteFileOptions ( ) * api . DeleteFileOptions {
return & api . DeleteFileOptions {
FileOptions : api . FileOptions {
BranchName : "master" ,
NewBranchName : "master" ,
2019-06-29 18:19:24 +03:00
Message : "Removing the file new/file.txt" ,
2019-04-17 19:06:35 +03:00
Author : api . Identity {
Name : "John Doe" ,
Email : "johndoe@example.com" ,
} ,
Committer : api . Identity {
Name : "Jane Doe" ,
Email : "janedoe@example.com" ,
} ,
} ,
SHA : "103ff9234cefeee5ec5361d22b49fbb04d385885" ,
}
}
func TestAPIDeleteFile ( t * testing . T ) {
2019-05-11 18:29:17 +03:00
onGiteaRun ( t , func ( t * testing . T , u * url . URL ) {
2021-09-19 14:49:59 +03:00
user2 := db . AssertExistsAndLoadBean ( t , & models . User { ID : 2 } ) . ( * models . User ) // owner of the repo1 & repo16
user3 := db . AssertExistsAndLoadBean ( t , & models . User { ID : 3 } ) . ( * models . User ) // owner of the repo3, is an org
user4 := db . AssertExistsAndLoadBean ( t , & models . User { ID : 4 } ) . ( * models . User ) // owner of neither repos
repo1 := db . AssertExistsAndLoadBean ( t , & models . Repository { ID : 1 } ) . ( * models . Repository ) // public repo
repo3 := db . AssertExistsAndLoadBean ( t , & models . Repository { ID : 3 } ) . ( * models . Repository ) // public repo
repo16 := db . AssertExistsAndLoadBean ( t , & models . Repository { ID : 16 } ) . ( * models . Repository ) // private repo
2019-05-11 18:29:17 +03:00
fileID := 0
// Get user2's token
session := loginUser ( t , user2 . Name )
token2 := getTokenForLoggedInUser ( t , session )
session = emptyTestSession ( t )
// Get user4's token
session = loginUser ( t , user4 . Name )
token4 := getTokenForLoggedInUser ( t , session )
session = emptyTestSession ( t )
// Test deleting a file in repo1 which user2 owns, try both with branch and empty branch
for _ , branch := range [ ... ] string {
"master" , // Branch
"" , // Empty branch
} {
fileID ++
treePath := fmt . Sprintf ( "delete/file%d.txt" , fileID )
createFile ( user2 , repo1 , treePath )
deleteFileOptions := getDeleteFileOptions ( )
deleteFileOptions . BranchName = branch
url := fmt . Sprintf ( "/api/v1/repos/%s/%s/contents/%s?token=%s" , user2 . Name , repo1 . Name , treePath , token2 )
req := NewRequestWithJSON ( t , "DELETE" , url , & deleteFileOptions )
resp := session . MakeRequest ( t , req , http . StatusOK )
var fileResponse api . FileResponse
DecodeJSON ( t , resp , & fileResponse )
assert . NotNil ( t , fileResponse )
assert . Nil ( t , fileResponse . Content )
}
// Test deleting file and making the delete in a new branch
2019-04-17 19:06:35 +03:00
fileID ++
treePath := fmt . Sprintf ( "delete/file%d.txt" , fileID )
createFile ( user2 , repo1 , treePath )
deleteFileOptions := getDeleteFileOptions ( )
2019-05-11 18:29:17 +03:00
deleteFileOptions . BranchName = repo1 . DefaultBranch
deleteFileOptions . NewBranchName = "new_branch"
2019-04-17 19:06:35 +03:00
url := fmt . Sprintf ( "/api/v1/repos/%s/%s/contents/%s?token=%s" , user2 . Name , repo1 . Name , treePath , token2 )
req := NewRequestWithJSON ( t , "DELETE" , url , & deleteFileOptions )
resp := session . MakeRequest ( t , req , http . StatusOK )
var fileResponse api . FileResponse
DecodeJSON ( t , resp , & fileResponse )
assert . NotNil ( t , fileResponse )
assert . Nil ( t , fileResponse . Content )
2019-06-29 18:19:24 +03:00
assert . EqualValues ( t , deleteFileOptions . Message + "\n" , fileResponse . Commit . Message )
// Test deleting file without a message
fileID ++
treePath = fmt . Sprintf ( "delete/file%d.txt" , fileID )
createFile ( user2 , repo1 , treePath )
deleteFileOptions = getDeleteFileOptions ( )
deleteFileOptions . Message = ""
url = fmt . Sprintf ( "/api/v1/repos/%s/%s/contents/%s?token=%s" , user2 . Name , repo1 . Name , treePath , token2 )
req = NewRequestWithJSON ( t , "DELETE" , url , & deleteFileOptions )
resp = session . MakeRequest ( t , req , http . StatusOK )
DecodeJSON ( t , resp , & fileResponse )
expectedMessage := "Delete '" + treePath + "'\n"
assert . EqualValues ( t , expectedMessage , fileResponse . Commit . Message )
2019-04-17 19:06:35 +03:00
2019-05-11 18:29:17 +03:00
// Test deleting a file with the wrong SHA
fileID ++
treePath = fmt . Sprintf ( "delete/file%d.txt" , fileID )
createFile ( user2 , repo1 , treePath )
deleteFileOptions = getDeleteFileOptions ( )
deleteFileOptions . SHA = "badsha"
url = fmt . Sprintf ( "/api/v1/repos/%s/%s/contents/%s?token=%s" , user2 . Name , repo1 . Name , treePath , token2 )
req = NewRequestWithJSON ( t , "DELETE" , url , & deleteFileOptions )
2020-04-15 08:18:51 +03:00
resp = session . MakeRequest ( t , req , http . StatusBadRequest )
2019-05-11 18:29:17 +03:00
2019-05-30 18:09:05 +03:00
// Test creating a file in repo16 by user4 who does not have write access
2019-05-11 18:29:17 +03:00
fileID ++
treePath = fmt . Sprintf ( "delete/file%d.txt" , fileID )
createFile ( user2 , repo16 , treePath )
deleteFileOptions = getDeleteFileOptions ( )
url = fmt . Sprintf ( "/api/v1/repos/%s/%s/contents/%s?token=%s" , user2 . Name , repo16 . Name , treePath , token4 )
req = NewRequestWithJSON ( t , "DELETE" , url , & deleteFileOptions )
session . MakeRequest ( t , req , http . StatusNotFound )
// Tests a repo with no token given so will fail
fileID ++
treePath = fmt . Sprintf ( "delete/file%d.txt" , fileID )
createFile ( user2 , repo16 , treePath )
deleteFileOptions = getDeleteFileOptions ( )
url = fmt . Sprintf ( "/api/v1/repos/%s/%s/contents/%s" , user2 . Name , repo16 . Name , treePath )
req = NewRequestWithJSON ( t , "DELETE" , url , & deleteFileOptions )
session . MakeRequest ( t , req , http . StatusNotFound )
// Test using access token for a private repo that the user of the token owns
fileID ++
treePath = fmt . Sprintf ( "delete/file%d.txt" , fileID )
createFile ( user2 , repo16 , treePath )
deleteFileOptions = getDeleteFileOptions ( )
url = fmt . Sprintf ( "/api/v1/repos/%s/%s/contents/%s?token=%s" , user2 . Name , repo16 . Name , treePath , token2 )
req = NewRequestWithJSON ( t , "DELETE" , url , & deleteFileOptions )
session . MakeRequest ( t , req , http . StatusOK )
// Test using org repo "user3/repo3" where user2 is a collaborator
fileID ++
treePath = fmt . Sprintf ( "delete/file%d.txt" , fileID )
createFile ( user3 , repo3 , treePath )
deleteFileOptions = getDeleteFileOptions ( )
url = fmt . Sprintf ( "/api/v1/repos/%s/%s/contents/%s?token=%s" , user3 . Name , repo3 . Name , treePath , token2 )
req = NewRequestWithJSON ( t , "DELETE" , url , & deleteFileOptions )
session . MakeRequest ( t , req , http . StatusOK )
// Test using org repo "user3/repo3" with no user token
fileID ++
treePath = fmt . Sprintf ( "delete/file%d.txt" , fileID )
createFile ( user3 , repo3 , treePath )
deleteFileOptions = getDeleteFileOptions ( )
url = fmt . Sprintf ( "/api/v1/repos/%s/%s/contents/%s" , user3 . Name , repo3 . Name , treePath )
req = NewRequestWithJSON ( t , "DELETE" , url , & deleteFileOptions )
session . MakeRequest ( t , req , http . StatusNotFound )
// Test using repo "user2/repo1" where user4 is a NOT collaborator
fileID ++
treePath = fmt . Sprintf ( "delete/file%d.txt" , fileID )
createFile ( user2 , repo1 , treePath )
deleteFileOptions = getDeleteFileOptions ( )
url = fmt . Sprintf ( "/api/v1/repos/%s/%s/contents/%s?token=%s" , user2 . Name , repo1 . Name , treePath , token4 )
req = NewRequestWithJSON ( t , "DELETE" , url , & deleteFileOptions )
session . MakeRequest ( t , req , http . StatusForbidden )
} )
2019-04-17 19:06:35 +03:00
}