2017-06-15 10:01:51 +03:00
// Copyright 2017 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"net/http"
2017-12-04 01:46:01 +03:00
"net/http/httptest"
2019-05-11 18:29:17 +03:00
"net/url"
2017-06-15 10:01:51 +03:00
"path"
2017-06-21 04:00:03 +03:00
"strings"
2017-06-15 10:01:51 +03:00
"testing"
"github.com/stretchr/testify/assert"
)
2018-02-18 23:06:37 +03:00
func testPullCreate ( t * testing . T , session * TestSession , user , repo , branch , title string ) * httptest . ResponseRecorder {
2017-06-15 10:01:51 +03:00
req := NewRequest ( t , "GET" , path . Join ( user , repo ) )
2017-07-07 22:36:47 +03:00
resp := session . MakeRequest ( t , req , http . StatusOK )
2017-06-15 10:01:51 +03:00
2019-02-20 02:09:47 +03:00
// Click the PR button to create a pull
2017-06-17 19:29:59 +03:00
htmlDoc := NewHTMLParser ( t , resp . Body )
2019-02-20 02:09:47 +03:00
link , exists := htmlDoc . doc . Find ( "#new-pull-request" ) . Parent ( ) . Attr ( "href" )
2017-06-15 10:01:51 +03:00
assert . True ( t , exists , "The template has changed" )
2017-06-21 04:00:03 +03:00
if branch != "master" {
link = strings . Replace ( link , ":master" , ":" + branch , 1 )
}
2017-06-15 10:01:51 +03:00
req = NewRequest ( t , "GET" , link )
2017-07-07 22:36:47 +03:00
resp = session . MakeRequest ( t , req , http . StatusOK )
2017-06-15 10:01:51 +03:00
// Submit the form for creating the pull
2017-06-17 19:29:59 +03:00
htmlDoc = NewHTMLParser ( t , resp . Body )
2017-06-15 10:01:51 +03:00
link , exists = htmlDoc . doc . Find ( "form.ui.form" ) . Attr ( "action" )
assert . True ( t , exists , "The template has changed" )
2017-06-17 07:49:45 +03:00
req = NewRequestWithValues ( t , "POST" , link , map [ string ] string {
"_csrf" : htmlDoc . GetCSRF ( ) ,
2018-02-18 23:06:37 +03:00
"title" : title ,
2017-06-17 07:49:45 +03:00
} )
2017-07-07 22:36:47 +03:00
resp = session . MakeRequest ( t , req , http . StatusFound )
2017-06-15 10:01:51 +03:00
2017-06-15 14:20:39 +03:00
return resp
2017-06-15 10:01:51 +03:00
}
func TestPullCreate ( t * testing . T ) {
2019-05-11 18:29:17 +03:00
onGiteaRun ( t , func ( t * testing . T , u * url . URL ) {
session := loginUser ( t , "user1" )
testRepoFork ( t , session , "user2" , "repo1" , "user1" , "repo1" )
testEditFile ( t , session , "user1" , "repo1" , "master" , "README.md" , "Hello, World (Edited)\n" )
resp := testPullCreate ( t , session , "user1" , "repo1" , "master" , "This is a pull title" )
// check the redirected URL
url := resp . HeaderMap . Get ( "Location" )
assert . Regexp ( t , "^/user2/repo1/pulls/[0-9]*$" , url )
// check .diff can be accessed and matches performed change
req := NewRequest ( t , "GET" , url + ".diff" )
resp = session . MakeRequest ( t , req , http . StatusOK )
assert . Regexp ( t , ` \+Hello, World \(Edited\) ` , resp . Body )
assert . Regexp ( t , "^diff" , resp . Body )
assert . NotRegexp ( t , "diff.*diff" , resp . Body ) // not two diffs, just one
// check .patch can be accessed and matches performed change
req = NewRequest ( t , "GET" , url + ".patch" )
resp = session . MakeRequest ( t , req , http . StatusOK )
assert . Regexp ( t , ` \+Hello, World \(Edited\) ` , resp . Body )
assert . Regexp ( t , "diff" , resp . Body )
assert . Regexp ( t , ` Subject: \[PATCH\] Update 'README.md' ` , resp . Body )
assert . NotRegexp ( t , "diff.*diff" , resp . Body ) // not two diffs, just one
} )
2017-06-15 10:01:51 +03:00
}
2018-02-18 23:06:37 +03:00
func TestPullCreate_TitleEscape ( t * testing . T ) {
2019-05-11 18:29:17 +03:00
onGiteaRun ( t , func ( t * testing . T , u * url . URL ) {
session := loginUser ( t , "user1" )
testRepoFork ( t , session , "user2" , "repo1" , "user1" , "repo1" )
testEditFile ( t , session , "user1" , "repo1" , "master" , "README.md" , "Hello, World (Edited)\n" )
resp := testPullCreate ( t , session , "user1" , "repo1" , "master" , "<i>XSS PR</i>" )
// check the redirected URL
url := resp . HeaderMap . Get ( "Location" )
assert . Regexp ( t , "^/user2/repo1/pulls/[0-9]*$" , url )
// Edit title
req := NewRequest ( t , "GET" , url )
resp = session . MakeRequest ( t , req , http . StatusOK )
htmlDoc := NewHTMLParser ( t , resp . Body )
editTestTitleURL , exists := htmlDoc . doc . Find ( "#save-edit-title" ) . First ( ) . Attr ( "data-update-url" )
assert . True ( t , exists , "The template has changed" )
req = NewRequestWithValues ( t , "POST" , editTestTitleURL , map [ string ] string {
"_csrf" : htmlDoc . GetCSRF ( ) ,
"title" : "<u>XSS PR</u>" ,
} )
session . MakeRequest ( t , req , http . StatusOK )
req = NewRequest ( t , "GET" , url )
resp = session . MakeRequest ( t , req , http . StatusOK )
htmlDoc = NewHTMLParser ( t , resp . Body )
titleHTML , err := htmlDoc . doc . Find ( ".comments .event .text b" ) . First ( ) . Html ( )
assert . NoError ( t , err )
assert . Equal ( t , "<i>XSS PR</i>" , titleHTML )
titleHTML , err = htmlDoc . doc . Find ( ".comments .event .text b" ) . Next ( ) . Html ( )
assert . NoError ( t , err )
assert . Equal ( t , "<u>XSS PR</u>" , titleHTML )
2018-02-18 23:06:37 +03:00
} )
}