2017-12-06 13:27:10 +03:00
// Copyright 2017 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"fmt"
"net/http"
"testing"
"code.gitea.io/gitea/models"
2019-05-11 13:21:34 +03:00
api "code.gitea.io/gitea/modules/structs"
2018-09-13 05:33:48 +03:00
"github.com/stretchr/testify/assert"
2017-12-06 13:27:10 +03:00
)
func TestAPIAdminCreateAndDeleteSSHKey ( t * testing . T ) {
2019-11-26 02:21:37 +03:00
defer prepareTestEnv ( t ) ( )
2017-12-06 13:27:10 +03:00
// user1 is an admin user
session := loginUser ( t , "user1" )
keyOwner := models . AssertExistsAndLoadBean ( t , & models . User { Name : "user2" } ) . ( * models . User )
2018-09-10 19:15:52 +03:00
token := getTokenForLoggedInUser ( t , session )
urlStr := fmt . Sprintf ( "/api/v1/admin/users/%s/keys?token=%s" , keyOwner . Name , token )
2017-12-06 13:27:10 +03:00
req := NewRequestWithValues ( t , "POST" , urlStr , map [ string ] string {
"key" : "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n" ,
"title" : "test-key" ,
} )
resp := session . MakeRequest ( t , req , http . StatusCreated )
var newPublicKey api . PublicKey
DecodeJSON ( t , resp , & newPublicKey )
models . AssertExistsAndLoadBean ( t , & models . PublicKey {
ID : newPublicKey . ID ,
Name : newPublicKey . Title ,
Content : newPublicKey . Key ,
Fingerprint : newPublicKey . Fingerprint ,
OwnerID : keyOwner . ID ,
} )
2018-11-04 04:15:55 +03:00
req = NewRequestf ( t , "DELETE" , "/api/v1/admin/users/%s/keys/%d?token=%s" ,
keyOwner . Name , newPublicKey . ID , token )
2017-12-06 13:27:10 +03:00
session . MakeRequest ( t , req , http . StatusNoContent )
models . AssertNotExistsBean ( t , & models . PublicKey { ID : newPublicKey . ID } )
}
func TestAPIAdminDeleteMissingSSHKey ( t * testing . T ) {
2019-11-26 02:21:37 +03:00
defer prepareTestEnv ( t ) ( )
2017-12-06 13:27:10 +03:00
// user1 is an admin user
session := loginUser ( t , "user1" )
2018-09-10 19:15:52 +03:00
token := getTokenForLoggedInUser ( t , session )
2018-11-04 04:15:55 +03:00
req := NewRequestf ( t , "DELETE" , "/api/v1/admin/users/user1/keys/%d?token=%s" , models . NonexistentID , token )
2017-12-06 13:27:10 +03:00
session . MakeRequest ( t , req , http . StatusNotFound )
}
func TestAPIAdminDeleteUnauthorizedKey ( t * testing . T ) {
2019-11-26 02:21:37 +03:00
defer prepareTestEnv ( t ) ( )
2017-12-06 13:27:10 +03:00
adminUsername := "user1"
normalUsername := "user2"
session := loginUser ( t , adminUsername )
2018-09-10 19:15:52 +03:00
token := getTokenForLoggedInUser ( t , session )
urlStr := fmt . Sprintf ( "/api/v1/admin/users/%s/keys?token=%s" , adminUsername , token )
2017-12-06 13:27:10 +03:00
req := NewRequestWithValues ( t , "POST" , urlStr , map [ string ] string {
"key" : "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n" ,
"title" : "test-key" ,
} )
resp := session . MakeRequest ( t , req , http . StatusCreated )
var newPublicKey api . PublicKey
DecodeJSON ( t , resp , & newPublicKey )
session = loginUser ( t , normalUsername )
2018-09-10 19:15:52 +03:00
token = getTokenForLoggedInUser ( t , session )
2018-11-04 04:15:55 +03:00
req = NewRequestf ( t , "DELETE" , "/api/v1/admin/users/%s/keys/%d?token=%s" ,
adminUsername , newPublicKey . ID , token )
2017-12-06 13:27:10 +03:00
session . MakeRequest ( t , req , http . StatusForbidden )
}
2018-09-07 06:31:29 +03:00
func TestAPISudoUser ( t * testing . T ) {
2019-11-26 02:21:37 +03:00
defer prepareTestEnv ( t ) ( )
2018-09-07 06:31:29 +03:00
adminUsername := "user1"
normalUsername := "user2"
session := loginUser ( t , adminUsername )
2018-09-10 19:15:52 +03:00
token := getTokenForLoggedInUser ( t , session )
2018-09-07 06:31:29 +03:00
2018-09-10 19:15:52 +03:00
urlStr := fmt . Sprintf ( "/api/v1/user?sudo=%s&token=%s" , normalUsername , token )
2018-09-07 06:31:29 +03:00
req := NewRequest ( t , "GET" , urlStr )
resp := session . MakeRequest ( t , req , http . StatusOK )
var user api . User
DecodeJSON ( t , resp , & user )
assert . Equal ( t , normalUsername , user . UserName )
}
func TestAPISudoUserForbidden ( t * testing . T ) {
2019-11-26 02:21:37 +03:00
defer prepareTestEnv ( t ) ( )
2018-09-07 06:31:29 +03:00
adminUsername := "user1"
normalUsername := "user2"
session := loginUser ( t , normalUsername )
2018-09-10 19:15:52 +03:00
token := getTokenForLoggedInUser ( t , session )
2018-09-07 06:31:29 +03:00
2018-09-10 19:15:52 +03:00
urlStr := fmt . Sprintf ( "/api/v1/user?sudo=%s&token=%s" , adminUsername , token )
2018-09-07 06:31:29 +03:00
req := NewRequest ( t , "GET" , urlStr )
session . MakeRequest ( t , req , http . StatusForbidden )
}
2019-04-15 19:36:59 +03:00
func TestAPIListUsers ( t * testing . T ) {
2019-11-26 02:21:37 +03:00
defer prepareTestEnv ( t ) ( )
2019-04-15 19:36:59 +03:00
adminUsername := "user1"
session := loginUser ( t , adminUsername )
token := getTokenForLoggedInUser ( t , session )
urlStr := fmt . Sprintf ( "/api/v1/admin/users?token=%s" , token )
req := NewRequest ( t , "GET" , urlStr )
resp := session . MakeRequest ( t , req , http . StatusOK )
var users [ ] api . User
DecodeJSON ( t , resp , & users )
found := false
for _ , user := range users {
if user . UserName == adminUsername {
found = true
}
}
assert . True ( t , found )
numberOfUsers := models . GetCount ( t , & models . User { } , "type = 0" )
assert . Equal ( t , numberOfUsers , len ( users ) )
}
2019-05-08 22:17:32 +03:00
func TestAPIListUsersNotLoggedIn ( t * testing . T ) {
2019-11-26 02:21:37 +03:00
defer prepareTestEnv ( t ) ( )
2019-05-08 22:17:32 +03:00
req := NewRequest ( t , "GET" , "/api/v1/admin/users" )
MakeRequest ( t , req , http . StatusUnauthorized )
}
func TestAPIListUsersNonAdmin ( t * testing . T ) {
2019-11-26 02:21:37 +03:00
defer prepareTestEnv ( t ) ( )
2019-05-08 22:17:32 +03:00
nonAdminUsername := "user2"
session := loginUser ( t , nonAdminUsername )
token := getTokenForLoggedInUser ( t , session )
req := NewRequestf ( t , "GET" , "/api/v1/admin/users?token=%s" , token )
session . MakeRequest ( t , req , http . StatusForbidden )
}