gitea/tests/integration/api_user_secrets_test.go

// Copyright 2023 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package integration

import (
	"fmt"
	"net/http"
	"testing"

	auth_model "code.gitea.io/gitea/models/auth"
	api "code.gitea.io/gitea/modules/structs"
	"code.gitea.io/gitea/tests"
)

func TestAPIUserSecrets(t *testing.T) {
	defer tests.PrepareTestEnv(t)()

	session := loginUser(t, "user1")
	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)

	t.Run("Create", func(t *testing.T) {
		cases := []struct {
			Name           string
			ExpectedStatus int
		}{
			{
				Name:           "",
				ExpectedStatus: http.StatusNotFound,
			},
			{
				Name:           "-",
				ExpectedStatus: http.StatusBadRequest,
			},
			{
				Name:           "_",
				ExpectedStatus: http.StatusCreated,
			},
			{
				Name:           "secret",
				ExpectedStatus: http.StatusCreated,
			},
			{
				Name:           "2secret",
				ExpectedStatus: http.StatusBadRequest,
			},
			{
				Name:           "GITEA_secret",
				ExpectedStatus: http.StatusBadRequest,
			},
			{
				Name:           "GITHUB_secret",
				ExpectedStatus: http.StatusBadRequest,
			},
		}

		for _, c := range cases {
			req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/user/actions/secrets/%s", c.Name), api.CreateOrUpdateSecretOption{
				Data: "data",
			}).AddTokenAuth(token)
			MakeRequest(t, req, c.ExpectedStatus)
		}
	})

	t.Run("Update", func(t *testing.T) {
		name := "update_secret"
		url := fmt.Sprintf("/api/v1/user/actions/secrets/%s", name)

		req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
			Data: "initial",
		}).AddTokenAuth(token)
		MakeRequest(t, req, http.StatusCreated)

		req = NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
			Data: "changed",
		}).AddTokenAuth(token)
		MakeRequest(t, req, http.StatusNoContent)
	})

	t.Run("Delete", func(t *testing.T) {
		name := "delete_secret"
		url := fmt.Sprintf("/api/v1/user/actions/secrets/%s", name)

		req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
			Data: "initial",
		}).AddTokenAuth(token)
		MakeRequest(t, req, http.StatusCreated)

		req = NewRequest(t, "DELETE", url).
			AddTokenAuth(token)
		MakeRequest(t, req, http.StatusNoContent)

		req = NewRequest(t, "DELETE", url).
			AddTokenAuth(token)
		MakeRequest(t, req, http.StatusNotFound)

		req = NewRequest(t, "DELETE", "/api/v1/user/actions/secrets/000").
			AddTokenAuth(token)
		MakeRequest(t, req, http.StatusBadRequest)
	})
}
Add user secrets API integration tests (#27832) Adds the missing user secrets API integration tests so #27829 does not happen again 2023-10-31 04:46:09 +01:00			`// Copyright 2023 The Gitea Authors. All rights reserved.`
			`// SPDX-License-Identifier: MIT`

			`package integration`

			`import (`
			`"fmt"`
			`"net/http"`
			`"testing"`

			`auth_model "code.gitea.io/gitea/models/auth"`
			`api "code.gitea.io/gitea/modules/structs"`
			`"code.gitea.io/gitea/tests"`
			`)`

			`func TestAPIUserSecrets(t *testing.T) {`
			`defer tests.PrepareTestEnv(t)()`

			`session := loginUser(t, "user1")`
			`token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)`

			`t.Run("Create", func(t *testing.T) {`
			`cases := []struct {`
			`Name string`
			`ExpectedStatus int`
			`}{`
			`{`
			`Name: "",`
			`ExpectedStatus: http.StatusNotFound,`
			`},`
			`{`
			`Name: "-",`
			`ExpectedStatus: http.StatusBadRequest,`
			`},`
			`{`
			`Name: "_",`
			`ExpectedStatus: http.StatusCreated,`
			`},`
			`{`
			`Name: "secret",`
			`ExpectedStatus: http.StatusCreated,`
			`},`
			`{`
			`Name: "2secret",`
			`ExpectedStatus: http.StatusBadRequest,`
			`},`
			`{`
			`Name: "GITEA_secret",`
			`ExpectedStatus: http.StatusBadRequest,`
			`},`
			`{`
			`Name: "GITHUB_secret",`
			`ExpectedStatus: http.StatusBadRequest,`
			`},`
			`}`

			`for _, c := range cases {`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 00:59:59 +01:00			`req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/user/actions/secrets/%s", c.Name), api.CreateOrUpdateSecretOption{`
Add user secrets API integration tests (#27832) Adds the missing user secrets API integration tests so #27829 does not happen again 2023-10-31 04:46:09 +01:00			`Data: "data",`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 00:59:59 +01:00			`}).AddTokenAuth(token)`
Add user secrets API integration tests (#27832) Adds the missing user secrets API integration tests so #27829 does not happen again 2023-10-31 04:46:09 +01:00			`MakeRequest(t, req, c.ExpectedStatus)`
			`}`
			`})`

			`t.Run("Update", func(t *testing.T) {`
			`name := "update_secret"`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 00:59:59 +01:00			`url := fmt.Sprintf("/api/v1/user/actions/secrets/%s", name)`
Add user secrets API integration tests (#27832) Adds the missing user secrets API integration tests so #27829 does not happen again 2023-10-31 04:46:09 +01:00
			`req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{`
			`Data: "initial",`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 00:59:59 +01:00			`}).AddTokenAuth(token)`
Add user secrets API integration tests (#27832) Adds the missing user secrets API integration tests so #27829 does not happen again 2023-10-31 04:46:09 +01:00			`MakeRequest(t, req, http.StatusCreated)`

			`req = NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{`
			`Data: "changed",`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 00:59:59 +01:00			`}).AddTokenAuth(token)`
Add user secrets API integration tests (#27832) Adds the missing user secrets API integration tests so #27829 does not happen again 2023-10-31 04:46:09 +01:00			`MakeRequest(t, req, http.StatusNoContent)`
			`})`

			`t.Run("Delete", func(t *testing.T) {`
			`name := "delete_secret"`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 00:59:59 +01:00			`url := fmt.Sprintf("/api/v1/user/actions/secrets/%s", name)`
Add user secrets API integration tests (#27832) Adds the missing user secrets API integration tests so #27829 does not happen again 2023-10-31 04:46:09 +01:00
			`req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{`
			`Data: "initial",`
Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 00:59:59 +01:00			`}).AddTokenAuth(token)`
Add user secrets API integration tests (#27832) Adds the missing user secrets API integration tests so #27829 does not happen again 2023-10-31 04:46:09 +01:00			`MakeRequest(t, req, http.StatusCreated)`

Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 00:59:59 +01:00			`req = NewRequest(t, "DELETE", url).`
			`AddTokenAuth(token)`
Add user secrets API integration tests (#27832) Adds the missing user secrets API integration tests so #27829 does not happen again 2023-10-31 04:46:09 +01:00			`MakeRequest(t, req, http.StatusNoContent)`

Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 00:59:59 +01:00			`req = NewRequest(t, "DELETE", url).`
			`AddTokenAuth(token)`
Add user secrets API integration tests (#27832) Adds the missing user secrets API integration tests so #27829 does not happen again 2023-10-31 04:46:09 +01:00			`MakeRequest(t, req, http.StatusNotFound)`

Convert to url auth to header auth in tests (#28484) Related #28390 2023-12-22 00:59:59 +01:00			`req = NewRequest(t, "DELETE", "/api/v1/user/actions/secrets/000").`
			`AddTokenAuth(token)`
Add user secrets API integration tests (#27832) Adds the missing user secrets API integration tests so #27829 does not happen again 2023-10-31 04:46:09 +01:00			`MakeRequest(t, req, http.StatusBadRequest)`
			`})`
			`}`