THIS IS A TEST INSTANCE ONLY! REPOSITORIES CAN BE DELETED AT ANY TIME!

You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

147 lines
4.8KB

  1. // Copyright 2017 The Gitea Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package integrations
  5. import (
  6. "fmt"
  7. "net/http"
  8. "testing"
  9. "code.gitea.io/gitea/models"
  10. api "code.gitea.io/gitea/modules/structs"
  11. "github.com/stretchr/testify/assert"
  12. )
  13. func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {
  14. prepareTestEnv(t)
  15. // user1 is an admin user
  16. session := loginUser(t, "user1")
  17. keyOwner := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
  18. token := getTokenForLoggedInUser(t, session)
  19. urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", keyOwner.Name, token)
  20. req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
  21. "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n",
  22. "title": "test-key",
  23. })
  24. resp := session.MakeRequest(t, req, http.StatusCreated)
  25. var newPublicKey api.PublicKey
  26. DecodeJSON(t, resp, &newPublicKey)
  27. models.AssertExistsAndLoadBean(t, &models.PublicKey{
  28. ID: newPublicKey.ID,
  29. Name: newPublicKey.Title,
  30. Content: newPublicKey.Key,
  31. Fingerprint: newPublicKey.Fingerprint,
  32. OwnerID: keyOwner.ID,
  33. })
  34. req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s",
  35. keyOwner.Name, newPublicKey.ID, token)
  36. session.MakeRequest(t, req, http.StatusNoContent)
  37. models.AssertNotExistsBean(t, &models.PublicKey{ID: newPublicKey.ID})
  38. }
  39. func TestAPIAdminDeleteMissingSSHKey(t *testing.T) {
  40. prepareTestEnv(t)
  41. // user1 is an admin user
  42. session := loginUser(t, "user1")
  43. token := getTokenForLoggedInUser(t, session)
  44. req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d?token=%s", models.NonexistentID, token)
  45. session.MakeRequest(t, req, http.StatusNotFound)
  46. }
  47. func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) {
  48. prepareTestEnv(t)
  49. adminUsername := "user1"
  50. normalUsername := "user2"
  51. session := loginUser(t, adminUsername)
  52. token := getTokenForLoggedInUser(t, session)
  53. urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", adminUsername, token)
  54. req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
  55. "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n",
  56. "title": "test-key",
  57. })
  58. resp := session.MakeRequest(t, req, http.StatusCreated)
  59. var newPublicKey api.PublicKey
  60. DecodeJSON(t, resp, &newPublicKey)
  61. session = loginUser(t, normalUsername)
  62. token = getTokenForLoggedInUser(t, session)
  63. req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s",
  64. adminUsername, newPublicKey.ID, token)
  65. session.MakeRequest(t, req, http.StatusForbidden)
  66. }
  67. func TestAPISudoUser(t *testing.T) {
  68. prepareTestEnv(t)
  69. adminUsername := "user1"
  70. normalUsername := "user2"
  71. session := loginUser(t, adminUsername)
  72. token := getTokenForLoggedInUser(t, session)
  73. urlStr := fmt.Sprintf("/api/v1/user?sudo=%s&token=%s", normalUsername, token)
  74. req := NewRequest(t, "GET", urlStr)
  75. resp := session.MakeRequest(t, req, http.StatusOK)
  76. var user api.User
  77. DecodeJSON(t, resp, &user)
  78. assert.Equal(t, normalUsername, user.UserName)
  79. }
  80. func TestAPISudoUserForbidden(t *testing.T) {
  81. prepareTestEnv(t)
  82. adminUsername := "user1"
  83. normalUsername := "user2"
  84. session := loginUser(t, normalUsername)
  85. token := getTokenForLoggedInUser(t, session)
  86. urlStr := fmt.Sprintf("/api/v1/user?sudo=%s&token=%s", adminUsername, token)
  87. req := NewRequest(t, "GET", urlStr)
  88. session.MakeRequest(t, req, http.StatusForbidden)
  89. }
  90. func TestAPIListUsers(t *testing.T) {
  91. prepareTestEnv(t)
  92. adminUsername := "user1"
  93. session := loginUser(t, adminUsername)
  94. token := getTokenForLoggedInUser(t, session)
  95. urlStr := fmt.Sprintf("/api/v1/admin/users?token=%s", token)
  96. req := NewRequest(t, "GET", urlStr)
  97. resp := session.MakeRequest(t, req, http.StatusOK)
  98. var users []api.User
  99. DecodeJSON(t, resp, &users)
  100. found := false
  101. for _, user := range users {
  102. if user.UserName == adminUsername {
  103. found = true
  104. }
  105. }
  106. assert.True(t, found)
  107. numberOfUsers := models.GetCount(t, &models.User{}, "type = 0")
  108. assert.Equal(t, numberOfUsers, len(users))
  109. }
  110. func TestAPIListUsersNotLoggedIn(t *testing.T) {
  111. prepareTestEnv(t)
  112. req := NewRequest(t, "GET", "/api/v1/admin/users")
  113. MakeRequest(t, req, http.StatusUnauthorized)
  114. }
  115. func TestAPIListUsersNonAdmin(t *testing.T) {
  116. prepareTestEnv(t)
  117. nonAdminUsername := "user2"
  118. session := loginUser(t, nonAdminUsername)
  119. token := getTokenForLoggedInUser(t, session)
  120. req := NewRequestf(t, "GET", "/api/v1/admin/users?token=%s", token)
  121. session.MakeRequest(t, req, http.StatusForbidden)
  122. }