Remove dependent on session auth for api/v1 routers (#19321)

* Remove dependent on session auth for api/v1 routers * Remove unnecessary session on API context * remove missed header * fix test * fix missed api/v1
go-gitea · Apr 8, 2022 · 3c3d498 · 3c3d498
1 parent 75f8534
commit 3c3d498
Show file tree

Hide file tree

Showing 22 changed files with 219 additions and 161 deletions.
diff --git a/integrations/api_issue_test.go b/integrations/api_issue_test.go
@@ -168,30 +168,30 @@ func TestAPIEditIssue(t *testing.T) {
 func TestAPISearchIssues(t *testing.T) {
 	defer prepareTestEnv(t)()
 
-	session := loginUser(t, "user2")
-	token := getTokenForLoggedInUser(t, session)
+	token := getUserToken(t, "user2")
 
 	link, _ := url.Parse("/api/v1/repos/issues/search")
-	req := NewRequest(t, "GET", link.String())
-	resp := session.MakeRequest(t, req, http.StatusOK)
+	req := NewRequest(t, "GET", link.String()+"?token="+token)
+	resp := MakeRequest(t, req, http.StatusOK)
 	var apiIssues []*api.Issue
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 10)
 
 	query := url.Values{"token": {token}}
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 10)
 
 	since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801
 	before := time.Unix(999307200, 0).Format(time.RFC3339)
 	query.Add("since", since)
 	query.Add("before", before)
+	query.Add("token", token)
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 8)
 	query.Del("since")
@@ -200,77 +200,76 @@ func TestAPISearchIssues(t *testing.T) {
 	query.Add("state", "closed")
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 2)
 
 	query.Set("state", "all")
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.EqualValues(t, "15", resp.Header().Get("X-Total-Count"))
 	assert.Len(t, apiIssues, 10) // there are more but 10 is page item limit
 
 	query.Add("limit", "20")
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 15)
 
-	query = url.Values{"assigned": {"true"}, "state": {"all"}}
+	query = url.Values{"assigned": {"true"}, "state": {"all"}, "token": {token}}
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 1)
 
-	query = url.Values{"milestones": {"milestone1"}, "state": {"all"}}
+	query = url.Values{"milestones": {"milestone1"}, "state": {"all"}, "token": {token}}
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 1)
 
-	query = url.Values{"milestones": {"milestone1,milestone3"}, "state": {"all"}}
+	query = url.Values{"milestones": {"milestone1,milestone3"}, "state": {"all"}, "token": {token}}
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 2)
 
-	query = url.Values{"owner": {"user2"}} // user
+	query = url.Values{"owner": {"user2"}, "token": {token}} // user
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 6)
 
-	query = url.Values{"owner": {"user3"}} // organization
+	query = url.Values{"owner": {"user3"}, "token": {token}} // organization
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 3)
 
-	query = url.Values{"owner": {"user3"}, "team": {"team1"}} // organization + team
+	query = url.Values{"owner": {"user3"}, "team": {"team1"}, "token": {token}} // organization + team
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 2)
 }
 
 func TestAPISearchIssuesWithLabels(t *testing.T) {
 	defer prepareTestEnv(t)()
 
-	session := loginUser(t, "user1")
-	token := getTokenForLoggedInUser(t, session)
+	token := getUserToken(t, "user1")
 
 	link, _ := url.Parse("/api/v1/repos/issues/search")
-	req := NewRequest(t, "GET", link.String())
-	resp := session.MakeRequest(t, req, http.StatusOK)
+	req := NewRequest(t, "GET", link.String()+"?token="+token)
+	resp := MakeRequest(t, req, http.StatusOK)
 	var apiIssues []*api.Issue
 	DecodeJSON(t, resp, &apiIssues)
 
@@ -280,30 +279,30 @@ func TestAPISearchIssuesWithLabels(t *testing.T) {
 	query.Add("token", token)
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 10)
 
 	query.Add("labels", "label1")
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 2)
 
 	// multiple labels
 	query.Set("labels", "label1,label2")
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 2)
 
 	// an org label
 	query.Set("labels", "orglabel4")
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 1)
 
@@ -312,15 +311,15 @@ func TestAPISearchIssuesWithLabels(t *testing.T) {
 	query.Add("state", "all")
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 2)
 
 	// org and repo label which share the same issue
 	query.Set("labels", "label1,orglabel4")
 	link.RawQuery = query.Encode()
 	req = NewRequest(t, "GET", link.String())
-	resp = session.MakeRequest(t, req, http.StatusOK)
+	resp = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &apiIssues)
 	assert.Len(t, apiIssues, 2)
 }
diff --git a/integrations/api_org_test.go b/integrations/api_org_test.go
@@ -20,9 +20,8 @@ import (
 
 func TestAPIOrgCreate(t *testing.T) {
 	onGiteaRun(t, func(*testing.T, *url.URL) {
-		session := loginUser(t, "user1")
+		token := getUserToken(t, "user1")
 
-		token := getTokenForLoggedInUser(t, session)
 		org := api.CreateOrgOption{
 			UserName:    "user1_org",
 			FullName:    "User1's organization",
@@ -32,7 +31,7 @@ func TestAPIOrgCreate(t *testing.T) {
 			Visibility:  "limited",
 		}
 		req := NewRequestWithJSON(t, "POST", "/api/v1/orgs?token="+token, &org)
-		resp := session.MakeRequest(t, req, http.StatusCreated)
+		resp := MakeRequest(t, req, http.StatusCreated)
 
 		var apiOrg api.Organization
 		DecodeJSON(t, resp, &apiOrg)
@@ -50,22 +49,22 @@ func TestAPIOrgCreate(t *testing.T) {
 			FullName:  org.FullName,
 		})
 
-		req = NewRequestf(t, "GET", "/api/v1/orgs/%s", org.UserName)
-		resp = session.MakeRequest(t, req, http.StatusOK)
+		req = NewRequestf(t, "GET", "/api/v1/orgs/%s?token=%s", org.UserName, token)
+		resp = MakeRequest(t, req, http.StatusOK)
 		DecodeJSON(t, resp, &apiOrg)
 		assert.EqualValues(t, org.UserName, apiOrg.UserName)
 
-		req = NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", org.UserName)
-		resp = session.MakeRequest(t, req, http.StatusOK)
+		req = NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token=%s", org.UserName, token)
+		resp = MakeRequest(t, req, http.StatusOK)
 
 		var repos []*api.Repository
 		DecodeJSON(t, resp, &repos)
 		for _, repo := range repos {
 			assert.False(t, repo.Private)
 		}
 
-		req = NewRequestf(t, "GET", "/api/v1/orgs/%s/members", org.UserName)
-		resp = session.MakeRequest(t, req, http.StatusOK)
+		req = NewRequestf(t, "GET", "/api/v1/orgs/%s/members?token=%s", org.UserName, token)
+		resp = MakeRequest(t, req, http.StatusOK)
 
 		// user1 on this org is public
 		var users []*api.User

diff --git a/integrations/api_releases_test.go b/integrations/api_releases_test.go
@@ -25,12 +25,11 @@ func TestAPIListReleases(t *testing.T) {
 
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1}).(*repo_model.Repository)
 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	session := loginUser(t, user2.LowerName)
-	token := getTokenForLoggedInUser(t, session)
+	token := getUserToken(t, user2.LowerName)
 
 	link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/releases", user2.Name, repo.Name))
 	link.RawQuery = url.Values{"token": {token}}.Encode()
-	resp := session.MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
+	resp := MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
 	var apiReleases []*api.Release
 	DecodeJSON(t, resp, &apiReleases)
 	if assert.Len(t, apiReleases, 3) {
@@ -53,13 +52,11 @@ func TestAPIListReleases(t *testing.T) {
 
 	// test filter
 	testFilterByLen := func(auth bool, query url.Values, expectedLength int, msgAndArgs ...string) {
-		link.RawQuery = query.Encode()
 		if auth {
 			query.Set("token", token)
-			resp = session.MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
-		} else {
-			resp = MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
 		}
+		link.RawQuery = query.Encode()
+		resp = MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
 		DecodeJSON(t, resp, &apiReleases)
 		assert.Len(t, apiReleases, expectedLength, msgAndArgs)
 	}

diff --git a/integrations/api_repo_topic_test.go b/integrations/api_repo_topic_test.go
@@ -59,36 +59,34 @@ func TestAPIRepoTopic(t *testing.T) {
 	repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3}).(*repo_model.Repository)
 
 	// Get user2's token
-	session := loginUser(t, user2.Name)
-	token2 := getTokenForLoggedInUser(t, session)
+	token2 := getUserToken(t, user2.Name)
 
 	// Test read topics using login
 	url := fmt.Sprintf("/api/v1/repos/%s/%s/topics", user2.Name, repo2.Name)
-	req := NewRequest(t, "GET", url)
-	res := session.MakeRequest(t, req, http.StatusOK)
+	req := NewRequest(t, "GET", url+"?token="+token2)
+	res := MakeRequest(t, req, http.StatusOK)
 	var topics *api.TopicName
 	DecodeJSON(t, res, &topics)
 	assert.ElementsMatch(t, []string{"topicname1", "topicname2"}, topics.TopicNames)
 
 	// Log out user2
-	session = emptyTestSession(t)
 	url = fmt.Sprintf("/api/v1/repos/%s/%s/topics?token=%s", user2.Name, repo2.Name, token2)
 
 	// Test delete a topic
 	req = NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/topics/%s?token=%s", user2.Name, repo2.Name, "Topicname1", token2)
-	session.MakeRequest(t, req, http.StatusNoContent)
+	MakeRequest(t, req, http.StatusNoContent)
 
 	// Test add an existing topic
 	req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/%s?token=%s", user2.Name, repo2.Name, "Golang", token2)
-	session.MakeRequest(t, req, http.StatusNoContent)
+	MakeRequest(t, req, http.StatusNoContent)
 
 	// Test add a topic
 	req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/%s?token=%s", user2.Name, repo2.Name, "topicName3", token2)
-	session.MakeRequest(t, req, http.StatusNoContent)
+	MakeRequest(t, req, http.StatusNoContent)
 
 	// Test read topics using token
 	req = NewRequest(t, "GET", url)
-	res = session.MakeRequest(t, req, http.StatusOK)
+	res = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, res, &topics)
 	assert.ElementsMatch(t, []string{"topicname2", "golang", "topicname3"}, topics.TopicNames)
 
@@ -97,9 +95,9 @@ func TestAPIRepoTopic(t *testing.T) {
 	req = NewRequestWithJSON(t, "PUT", url, &api.RepoTopicOptions{
 		Topics: newTopics,
 	})
-	session.MakeRequest(t, req, http.StatusNoContent)
+	MakeRequest(t, req, http.StatusNoContent)
 	req = NewRequest(t, "GET", url)
-	res = session.MakeRequest(t, req, http.StatusOK)
+	res = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, res, &topics)
 	assert.ElementsMatch(t, []string{"windows", "mac"}, topics.TopicNames)
 
@@ -108,9 +106,9 @@ func TestAPIRepoTopic(t *testing.T) {
 	req = NewRequestWithJSON(t, "PUT", url, &api.RepoTopicOptions{
 		Topics: newTopics,
 	})
-	session.MakeRequest(t, req, http.StatusUnprocessableEntity)
+	MakeRequest(t, req, http.StatusUnprocessableEntity)
 	req = NewRequest(t, "GET", url)
-	res = session.MakeRequest(t, req, http.StatusOK)
+	res = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, res, &topics)
 	assert.ElementsMatch(t, []string{"windows", "mac"}, topics.TopicNames)
 
@@ -119,9 +117,9 @@ func TestAPIRepoTopic(t *testing.T) {
 	req = NewRequestWithJSON(t, "PUT", url, &api.RepoTopicOptions{
 		Topics: newTopics,
 	})
-	session.MakeRequest(t, req, http.StatusNoContent)
+	MakeRequest(t, req, http.StatusNoContent)
 	req = NewRequest(t, "GET", url)
-	res = session.MakeRequest(t, req, http.StatusOK)
+	res = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, res, &topics)
 	assert.Len(t, topics.TopicNames, 25)
 
@@ -130,29 +128,27 @@ func TestAPIRepoTopic(t *testing.T) {
 	req = NewRequestWithJSON(t, "PUT", url, &api.RepoTopicOptions{
 		Topics: newTopics,
 	})
-	session.MakeRequest(t, req, http.StatusUnprocessableEntity)
+	MakeRequest(t, req, http.StatusUnprocessableEntity)
 
 	// Test add a topic when there is already maximum
 	req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/%s?token=%s", user2.Name, repo2.Name, "t26", token2)
-	session.MakeRequest(t, req, http.StatusUnprocessableEntity)
+	MakeRequest(t, req, http.StatusUnprocessableEntity)
 
 	// Test delete a topic that repo doesn't have
 	req = NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/topics/%s?token=%s", user2.Name, repo2.Name, "Topicname1", token2)
-	session.MakeRequest(t, req, http.StatusNotFound)
+	MakeRequest(t, req, http.StatusNotFound)
 
 	// Get user4's token
-	session = loginUser(t, user4.Name)
-	token4 := getTokenForLoggedInUser(t, session)
-	session = emptyTestSession(t)
+	token4 := getUserToken(t, user4.Name)
 
 	// Test read topics with write access
 	url = fmt.Sprintf("/api/v1/repos/%s/%s/topics?token=%s", user3.Name, repo3.Name, token4)
 	req = NewRequest(t, "GET", url)
-	res = session.MakeRequest(t, req, http.StatusOK)
+	res = MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, res, &topics)
 	assert.Empty(t, topics.TopicNames)
 
 	// Test add a topic to repo with write access (requires repo admin access)
 	req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/%s?token=%s", user3.Name, repo3.Name, "topicName", token4)
-	session.MakeRequest(t, req, http.StatusForbidden)
+	MakeRequest(t, req, http.StatusForbidden)
 }