TRKJ/gitea
2
0
Fork 0
mirror of https://gitee.com/gitea/gitea synced 2025-11-04 08:30:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

Convert to url auth to header auth in tests (#28484)

Browse Source 
Related #28390
This commit is contained in:
KN4CK3R
2023-12-22 00:59:59 +01:00
committed by GitHub
parent 04b235d094
commit 838db2f891
102 changed files with 1715 additions and 1523 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
tests/integration/api_token_test.go
View File

@@ -35,8 +35,8 @@ func TestAPIDeleteMissingToken(t *testing.T) {
defer tests.PrepareTestEnv(t)()
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
req := NewRequestf(t, "DELETE", "/api/v1/users/user1/tokens/%d", unittest.NonexistentID)
req = AddBasicAuthHeader(req, user.Name)
req := NewRequestf(t, "DELETE", "/api/v1/users/user1/tokens/%d", unittest.NonexistentID).
AddBasicAuth(user.Name)
MakeRequest(t, req, http.StatusNotFound)
}
@@ -46,20 +46,20 @@ func TestAPIGetTokensPermission(t *testing.T) {
// admin can get tokens for other users
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
req := NewRequestf(t, "GET", "/api/v1/users/user2/tokens")
req = AddBasicAuthHeader(req, user.Name)
req := NewRequest(t, "GET", "/api/v1/users/user2/tokens").
AddBasicAuth(user.Name)
MakeRequest(t, req, http.StatusOK)
// non-admin can get tokens for himself
user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
req = NewRequestf(t, "GET", "/api/v1/users/user2/tokens")
req = AddBasicAuthHeader(req, user.Name)
req = NewRequest(t, "GET", "/api/v1/users/user2/tokens").
AddBasicAuth(user.Name)
MakeRequest(t, req, http.StatusOK)
// non-admin can't get tokens for other users
user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
req = NewRequestf(t, "GET", "/api/v1/users/user2/tokens")
req = AddBasicAuthHeader(req, user.Name)
req = NewRequest(t, "GET", "/api/v1/users/user2/tokens").
AddBasicAuth(user.Name)
MakeRequest(t, req, http.StatusForbidden)
}
@@ -73,20 +73,20 @@ func TestAPIDeleteTokensPermission(t *testing.T) {
// admin can delete tokens for other users
createAPIAccessTokenWithoutCleanUp(t, "test-key-1", user2, nil)
req := NewRequestf(t, "DELETE", "/api/v1/users/"+user2.LoginName+"/tokens/test-key-1")
req = AddBasicAuthHeader(req, admin.Name)
req := NewRequest(t, "DELETE", "/api/v1/users/"+user2.LoginName+"/tokens/test-key-1").
AddBasicAuth(admin.Name)
MakeRequest(t, req, http.StatusNoContent)
// non-admin can delete tokens for himself
createAPIAccessTokenWithoutCleanUp(t, "test-key-2", user2, nil)
req = NewRequestf(t, "DELETE", "/api/v1/users/"+user2.LoginName+"/tokens/test-key-2")
req = AddBasicAuthHeader(req, user2.Name)
req = NewRequest(t, "DELETE", "/api/v1/users/"+user2.LoginName+"/tokens/test-key-2").
AddBasicAuth(user2.Name)
MakeRequest(t, req, http.StatusNoContent)
// non-admin can't delete tokens for other users
createAPIAccessTokenWithoutCleanUp(t, "test-key-3", user2, nil)
req = NewRequestf(t, "DELETE", "/api/v1/users/"+user2.LoginName+"/tokens/test-key-3")
req = AddBasicAuthHeader(req, user4.Name)
req = NewRequest(t, "DELETE", "/api/v1/users/"+user2.LoginName+"/tokens/test-key-3").
AddBasicAuth(user4.Name)
MakeRequest(t, req, http.StatusForbidden)
}
@@ -117,9 +117,6 @@ func TestAPIDeniesPermissionBasedOnTokenScope(t *testing.T) {
// from other endpoints and not updated.
//
// Test cases are in alphabetical order by URL.
//
// Note: query parameters are not currently supported since the token is
// appended with `?=token=<token>`.
testCases := []requiredScopeTestCase{
{
"/api/v1/admin/emails",
@@ -526,11 +523,9 @@ func runTestCase(t *testing.T, testCase *requiredScopeTestCase, user *user_model
accessToken := createAPIAccessTokenWithoutCleanUp(t, "test-token", user, &unauthorizedScopes)
defer deleteAPIAccessToken(t, accessToken, user)
// Add API access token to the URL.
url := fmt.Sprintf("%s?token=%s", testCase.url, accessToken.Token)
// Request the endpoint. Verify that permission is denied.
req := NewRequestf(t, testCase.method, url)
req := NewRequest(t, testCase.method, testCase.url).
AddTokenAuth(accessToken.Token)
MakeRequest(t, req, http.StatusForbidden)
})
}
@@ -552,9 +547,8 @@ func createAPIAccessTokenWithoutCleanUp(t *testing.T, tokenName string, user *us
}
}
log.Debug("Requesting creation of token with scopes: %v", scopes)
req := NewRequestWithJSON(t, "POST", "/api/v1/users/"+user.LoginName+"/tokens", payload)
req = AddBasicAuthHeader(req, user.Name)
req := NewRequestWithJSON(t, "POST", "/api/v1/users/"+user.LoginName+"/tokens", payload).
AddBasicAuth(user.Name)
resp := MakeRequest(t, req, http.StatusCreated)
var newAccessToken api.AccessToken
@@ -572,8 +566,8 @@ func createAPIAccessTokenWithoutCleanUp(t *testing.T, tokenName string, user *us
// createAPIAccessTokenWithoutCleanUp Delete an API access token and assert that
// deletion succeeded.
func deleteAPIAccessToken(t *testing.T, accessToken api.AccessToken, user *user_model.User) {
req := NewRequestf(t, "DELETE", "/api/v1/users/"+user.LoginName+"/tokens/%d", accessToken.ID)
req = AddBasicAuthHeader(req, user.Name)
req := NewRequestf(t, "DELETE", "/api/v1/users/"+user.LoginName+"/tokens/%d", accessToken.ID).
AddBasicAuth(user.Name)
MakeRequest(t, req, http.StatusNoContent)
unittest.AssertNotExistsBean(t, &auth_model.AccessToken{ID: accessToken.ID})