gitea/services/forms/user_form_test.go

// Copyright 2018 The Gogs Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package forms

import (
	"strconv"
	"testing"

	auth_model "code.gitea.io/gitea/models/auth"
	"code.gitea.io/gitea/modules/setting"

	"github.com/stretchr/testify/assert"
)

func TestRegisterForm_IsDomainAllowed_Empty(t *testing.T) {
	_ = setting.Service

	setting.Service.EmailDomainWhitelist = []string{}

	form := RegisterForm{}

	assert.True(t, form.IsEmailDomainAllowed())
}

func TestRegisterForm_IsDomainAllowed_InvalidEmail(t *testing.T) {
	_ = setting.Service

	setting.Service.EmailDomainWhitelist = []string{"gitea.io"}

	tt := []struct {
		email string
	}{
		{"securitygieqqq"},
		{"hdudhdd"},
	}

	for _, v := range tt {
		form := RegisterForm{Email: v.email}

		assert.False(t, form.IsEmailDomainAllowed())
	}
}

func TestRegisterForm_IsDomainAllowed_WhitelistedEmail(t *testing.T) {
	_ = setting.Service

	setting.Service.EmailDomainWhitelist = []string{"gitea.io"}

	tt := []struct {
		email string
		valid bool
	}{
		{"security@gitea.io", true},
		{"security@gITea.io", true},
		{"hdudhdd", false},
		{"seee@example.com", false},
	}

	for _, v := range tt {
		form := RegisterForm{Email: v.email}

		assert.Equal(t, v.valid, form.IsEmailDomainAllowed())
	}
}

func TestRegisterForm_IsDomainAllowed_BlocklistedEmail(t *testing.T) {
	_ = setting.Service

	setting.Service.EmailDomainWhitelist = []string{}
	setting.Service.EmailDomainBlocklist = []string{"gitea.io"}

	tt := []struct {
		email string
		valid bool
	}{
		{"security@gitea.io", false},
		{"security@gitea.example", true},
		{"hdudhdd", true},
	}

	for _, v := range tt {
		form := RegisterForm{Email: v.email}

		assert.Equal(t, v.valid, form.IsEmailDomainAllowed())
	}
}

func TestNewAccessTokenForm_GetScope(t *testing.T) {
	tests := []struct {
		form        NewAccessTokenForm
		scope       auth_model.AccessTokenScope
		expectedErr error
	}{
		{
			form:  NewAccessTokenForm{Name: "test", Scope: []string{"repo"}},
			scope: "repo",
		},
		{
			form:  NewAccessTokenForm{Name: "test", Scope: []string{"repo", "user"}},
			scope: "repo,user",
		},
	}

	for i, test := range tests {
		t.Run(strconv.Itoa(i), func(t *testing.T) {
			scope, err := test.form.GetScope()
			assert.Equal(t, test.expectedErr, err)
			assert.Equal(t, test.scope, scope)
		})
	}
}
Block registration based on email domain (#5157) * implement email domain whitelist 2018-11-15 02:00:04 +01:00			`// Copyright 2018 The Gogs Authors. All rights reserved.`
Implement FSFE REUSE for golang files (#21840) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com> 2022-11-27 13:20:29 -05:00			`// SPDX-License-Identifier: MIT`
Block registration based on email domain (#5157) * implement email domain whitelist 2018-11-15 02:00:04 +01:00
Move macaron to chi (#14293) Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. BREAK - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. BREAK - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de> 2021-01-26 23:36:53 +08:00			`package forms`
Block registration based on email domain (#5157) * implement email domain whitelist 2018-11-15 02:00:04 +01:00
			`import (`
Support scoped access tokens (#20908) This PR adds the support for scopes of access tokens, mimicking the design of GitHub OAuth scopes. The changes of the core logic are in `models/auth` that `AccessToken` struct will have a `Scope` field. The normalized (no duplication of scope), comma-separated scope string will be stored in `access_token` table in the database. In `services/auth`, the scope will be stored in context, which will be used by `reqToken` middleware in API calls. Only OAuth2 tokens will have granular token scopes, while others like BasicAuth will default to scope `all`. A large amount of work happens in `routers/api/v1/api.go` and the corresponding `tests/integration` tests, that is adding necessary scopes to each of the API calls as they fit. - [x] Add `Scope` field to `AccessToken` - [x] Add access control to all API endpoints - [x] Update frontend & backend for when creating tokens - [x] Add a database migration for `scope` column (enable 'all' access to past tokens) I'm aiming to complete it before Gitea 1.19 release. Fixes #4300 2023-01-17 16:46:03 -05:00			`"strconv"`
Block registration based on email domain (#5157) * implement email domain whitelist 2018-11-15 02:00:04 +01:00			`"testing"`

Support scoped access tokens (#20908) This PR adds the support for scopes of access tokens, mimicking the design of GitHub OAuth scopes. The changes of the core logic are in `models/auth` that `AccessToken` struct will have a `Scope` field. The normalized (no duplication of scope), comma-separated scope string will be stored in `access_token` table in the database. In `services/auth`, the scope will be stored in context, which will be used by `reqToken` middleware in API calls. Only OAuth2 tokens will have granular token scopes, while others like BasicAuth will default to scope `all`. A large amount of work happens in `routers/api/v1/api.go` and the corresponding `tests/integration` tests, that is adding necessary scopes to each of the API calls as they fit. - [x] Add `Scope` field to `AccessToken` - [x] Add access control to all API endpoints - [x] Update frontend & backend for when creating tokens - [x] Add a database migration for `scope` column (enable 'all' access to past tokens) I'm aiming to complete it before Gitea 1.19 release. Fixes #4300 2023-01-17 16:46:03 -05:00			`auth_model "code.gitea.io/gitea/models/auth"`
Block registration based on email domain (#5157) * implement email domain whitelist 2018-11-15 02:00:04 +01:00			`"code.gitea.io/gitea/modules/setting"`

			`"github.com/stretchr/testify/assert"`
			`)`

Allow blocking some email domains from registering an account (#14667) Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are forbidden to register an account. The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that. The rationale is that, in my experience of running a Gitea instance, a single email domain is responsible for most of the spam accounts, and for all of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful. close #13628 2021-02-14 23:31:29 +00:00			`func TestRegisterForm_IsDomainAllowed_Empty(t *testing.T) {`
Block registration based on email domain (#5157) * implement email domain whitelist 2018-11-15 02:00:04 +01:00			`_ = setting.Service`

			`setting.Service.EmailDomainWhitelist = []string{}`

			`form := RegisterForm{}`

Allow blocking some email domains from registering an account (#14667) Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are forbidden to register an account. The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that. The rationale is that, in my experience of running a Gitea instance, a single email domain is responsible for most of the spam accounts, and for all of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful. close #13628 2021-02-14 23:31:29 +00:00			`assert.True(t, form.IsEmailDomainAllowed())`
Block registration based on email domain (#5157) * implement email domain whitelist 2018-11-15 02:00:04 +01:00			`}`

Allow blocking some email domains from registering an account (#14667) Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are forbidden to register an account. The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that. The rationale is that, in my experience of running a Gitea instance, a single email domain is responsible for most of the spam accounts, and for all of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful. close #13628 2021-02-14 23:31:29 +00:00			`func TestRegisterForm_IsDomainAllowed_InvalidEmail(t *testing.T) {`
Block registration based on email domain (#5157) * implement email domain whitelist 2018-11-15 02:00:04 +01:00			`_ = setting.Service`

			`setting.Service.EmailDomainWhitelist = []string{"gitea.io"}`

			`tt := []struct {`
			`email string`
			`}{`
			`{"securitygieqqq"},`
			`{"hdudhdd"},`
			`}`

			`for _, v := range tt {`
			`form := RegisterForm{Email: v.email}`

Allow blocking some email domains from registering an account (#14667) Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are forbidden to register an account. The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that. The rationale is that, in my experience of running a Gitea instance, a single email domain is responsible for most of the spam accounts, and for all of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful. close #13628 2021-02-14 23:31:29 +00:00			`assert.False(t, form.IsEmailDomainAllowed())`
Block registration based on email domain (#5157) * implement email domain whitelist 2018-11-15 02:00:04 +01:00			`}`
			`}`

Allow blocking some email domains from registering an account (#14667) Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are forbidden to register an account. The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that. The rationale is that, in my experience of running a Gitea instance, a single email domain is responsible for most of the spam accounts, and for all of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful. close #13628 2021-02-14 23:31:29 +00:00			`func TestRegisterForm_IsDomainAllowed_WhitelistedEmail(t *testing.T) {`
Block registration based on email domain (#5157) * implement email domain whitelist 2018-11-15 02:00:04 +01:00			`_ = setting.Service`

			`setting.Service.EmailDomainWhitelist = []string{"gitea.io"}`

			`tt := []struct {`
			`email string`
			`valid bool`
			`}{`
			`{"security@gitea.io", true},`
			`{"security@gITea.io", true},`
			`{"hdudhdd", false},`
			`{"seee@example.com", false},`
			`}`

			`for _, v := range tt {`
			`form := RegisterForm{Email: v.email}`

Allow blocking some email domains from registering an account (#14667) Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are forbidden to register an account. The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that. The rationale is that, in my experience of running a Gitea instance, a single email domain is responsible for most of the spam accounts, and for all of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful. close #13628 2021-02-14 23:31:29 +00:00			`assert.Equal(t, v.valid, form.IsEmailDomainAllowed())`
			`}`
			`}`

			`func TestRegisterForm_IsDomainAllowed_BlocklistedEmail(t *testing.T) {`
			`_ = setting.Service`

			`setting.Service.EmailDomainWhitelist = []string{}`
			`setting.Service.EmailDomainBlocklist = []string{"gitea.io"}`

			`tt := []struct {`
			`email string`
			`valid bool`
			`}{`
			`{"security@gitea.io", false},`
			`{"security@gitea.example", true},`
			`{"hdudhdd", true},`
			`}`

			`for _, v := range tt {`
			`form := RegisterForm{Email: v.email}`

			`assert.Equal(t, v.valid, form.IsEmailDomainAllowed())`
Block registration based on email domain (#5157) * implement email domain whitelist 2018-11-15 02:00:04 +01:00			`}`
			`}`
Support scoped access tokens (#20908) This PR adds the support for scopes of access tokens, mimicking the design of GitHub OAuth scopes. The changes of the core logic are in `models/auth` that `AccessToken` struct will have a `Scope` field. The normalized (no duplication of scope), comma-separated scope string will be stored in `access_token` table in the database. In `services/auth`, the scope will be stored in context, which will be used by `reqToken` middleware in API calls. Only OAuth2 tokens will have granular token scopes, while others like BasicAuth will default to scope `all`. A large amount of work happens in `routers/api/v1/api.go` and the corresponding `tests/integration` tests, that is adding necessary scopes to each of the API calls as they fit. - [x] Add `Scope` field to `AccessToken` - [x] Add access control to all API endpoints - [x] Update frontend & backend for when creating tokens - [x] Add a database migration for `scope` column (enable 'all' access to past tokens) I'm aiming to complete it before Gitea 1.19 release. Fixes #4300 2023-01-17 16:46:03 -05:00
			`func TestNewAccessTokenForm_GetScope(t *testing.T) {`
			`tests := []struct {`
			`form NewAccessTokenForm`
			`scope auth_model.AccessTokenScope`
			`expectedErr error`
			`}{`
			`{`
			`form: NewAccessTokenForm{Name: "test", Scope: []string{"repo"}},`
			`scope: "repo",`
			`},`
			`{`
			`form: NewAccessTokenForm{Name: "test", Scope: []string{"repo", "user"}},`
			`scope: "repo,user",`
			`},`
			`}`

			`for i, test := range tests {`
			`t.Run(strconv.Itoa(i), func(t *testing.T) {`
			`scope, err := test.form.GetScope()`
			`assert.Equal(t, test.expectedErr, err)`
			`assert.Equal(t, test.scope, scope)`
			`})`
			`}`
			`}`