Skip to content

Commit

Permalink
Remove dependent on session auth for api/v1 routers (go-gitea#19321)
Browse files Browse the repository at this point in the history
* Remove dependent on session auth for api/v1 routers

* Remove unnecessary session on API context

* remove missed header

* fix test

* fix missed api/v1
  • Loading branch information
lunny authored and AbdulrhmnGhanem committed Aug 23, 2022
1 parent b50ea36 commit 9a6790b
Show file tree
Hide file tree
Showing 22 changed files with 219 additions and 161 deletions.
61 changes: 30 additions & 31 deletions integrations/api_issue_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,30 +168,30 @@ func TestAPIEditIssue(t *testing.T) {
func TestAPISearchIssues(t *testing.T) {
defer prepareTestEnv(t)()

session := loginUser(t, "user2")
token := getTokenForLoggedInUser(t, session)
token := getUserToken(t, "user2")

link, _ := url.Parse("/api/v1/repos/issues/search")
req := NewRequest(t, "GET", link.String())
resp := session.MakeRequest(t, req, http.StatusOK)
req := NewRequest(t, "GET", link.String()+"?token="+token)
resp := MakeRequest(t, req, http.StatusOK)
var apiIssues []*api.Issue
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 10)

query := url.Values{"token": {token}}
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 10)

since := "2000-01-01T00%3A50%3A01%2B00%3A00" // 946687801
before := time.Unix(999307200, 0).Format(time.RFC3339)
query.Add("since", since)
query.Add("before", before)
query.Add("token", token)
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 8)
query.Del("since")
Expand All @@ -200,77 +200,76 @@ func TestAPISearchIssues(t *testing.T) {
query.Add("state", "closed")
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 2)

query.Set("state", "all")
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.EqualValues(t, "15", resp.Header().Get("X-Total-Count"))
assert.Len(t, apiIssues, 10) // there are more but 10 is page item limit

query.Add("limit", "20")
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 15)

query = url.Values{"assigned": {"true"}, "state": {"all"}}
query = url.Values{"assigned": {"true"}, "state": {"all"}, "token": {token}}
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 1)

query = url.Values{"milestones": {"milestone1"}, "state": {"all"}}
query = url.Values{"milestones": {"milestone1"}, "state": {"all"}, "token": {token}}
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 1)

query = url.Values{"milestones": {"milestone1,milestone3"}, "state": {"all"}}
query = url.Values{"milestones": {"milestone1,milestone3"}, "state": {"all"}, "token": {token}}
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 2)

query = url.Values{"owner": {"user2"}} // user
query = url.Values{"owner": {"user2"}, "token": {token}} // user
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 6)

query = url.Values{"owner": {"user3"}} // organization
query = url.Values{"owner": {"user3"}, "token": {token}} // organization
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 3)

query = url.Values{"owner": {"user3"}, "team": {"team1"}} // organization + team
query = url.Values{"owner": {"user3"}, "team": {"team1"}, "token": {token}} // organization + team
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 2)
}

func TestAPISearchIssuesWithLabels(t *testing.T) {
defer prepareTestEnv(t)()

session := loginUser(t, "user1")
token := getTokenForLoggedInUser(t, session)
token := getUserToken(t, "user1")

link, _ := url.Parse("/api/v1/repos/issues/search")
req := NewRequest(t, "GET", link.String())
resp := session.MakeRequest(t, req, http.StatusOK)
req := NewRequest(t, "GET", link.String()+"?token="+token)
resp := MakeRequest(t, req, http.StatusOK)
var apiIssues []*api.Issue
DecodeJSON(t, resp, &apiIssues)

Expand All @@ -280,30 +279,30 @@ func TestAPISearchIssuesWithLabels(t *testing.T) {
query.Add("token", token)
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 10)

query.Add("labels", "label1")
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 2)

// multiple labels
query.Set("labels", "label1,label2")
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 2)

// an org label
query.Set("labels", "orglabel4")
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 1)

Expand All @@ -312,15 +311,15 @@ func TestAPISearchIssuesWithLabels(t *testing.T) {
query.Add("state", "all")
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 2)

// org and repo label which share the same issue
query.Set("labels", "label1,orglabel4")
link.RawQuery = query.Encode()
req = NewRequest(t, "GET", link.String())
resp = session.MakeRequest(t, req, http.StatusOK)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiIssues)
assert.Len(t, apiIssues, 2)
}
17 changes: 8 additions & 9 deletions integrations/api_org_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,8 @@ import (

func TestAPIOrgCreate(t *testing.T) {
onGiteaRun(t, func(*testing.T, *url.URL) {
session := loginUser(t, "user1")
token := getUserToken(t, "user1")

token := getTokenForLoggedInUser(t, session)
org := api.CreateOrgOption{
UserName: "user1_org",
FullName: "User1's organization",
Expand All @@ -32,7 +31,7 @@ func TestAPIOrgCreate(t *testing.T) {
Visibility: "limited",
}
req := NewRequestWithJSON(t, "POST", "/api/v1/orgs?token="+token, &org)
resp := session.MakeRequest(t, req, http.StatusCreated)
resp := MakeRequest(t, req, http.StatusCreated)

var apiOrg api.Organization
DecodeJSON(t, resp, &apiOrg)
Expand All @@ -50,22 +49,22 @@ func TestAPIOrgCreate(t *testing.T) {
FullName: org.FullName,
})

req = NewRequestf(t, "GET", "/api/v1/orgs/%s", org.UserName)
resp = session.MakeRequest(t, req, http.StatusOK)
req = NewRequestf(t, "GET", "/api/v1/orgs/%s?token=%s", org.UserName, token)
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiOrg)
assert.EqualValues(t, org.UserName, apiOrg.UserName)

req = NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", org.UserName)
resp = session.MakeRequest(t, req, http.StatusOK)
req = NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token=%s", org.UserName, token)
resp = MakeRequest(t, req, http.StatusOK)

var repos []*api.Repository
DecodeJSON(t, resp, &repos)
for _, repo := range repos {
assert.False(t, repo.Private)
}

req = NewRequestf(t, "GET", "/api/v1/orgs/%s/members", org.UserName)
resp = session.MakeRequest(t, req, http.StatusOK)
req = NewRequestf(t, "GET", "/api/v1/orgs/%s/members?token=%s", org.UserName, token)
resp = MakeRequest(t, req, http.StatusOK)

// user1 on this org is public
var users []*api.User
Expand Down
11 changes: 4 additions & 7 deletions integrations/api_releases_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,11 @@ func TestAPIListReleases(t *testing.T) {

repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1}).(*repo_model.Repository)
user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
session := loginUser(t, user2.LowerName)
token := getTokenForLoggedInUser(t, session)
token := getUserToken(t, user2.LowerName)

link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/releases", user2.Name, repo.Name))
link.RawQuery = url.Values{"token": {token}}.Encode()
resp := session.MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
resp := MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
var apiReleases []*api.Release
DecodeJSON(t, resp, &apiReleases)
if assert.Len(t, apiReleases, 3) {
Expand All @@ -53,13 +52,11 @@ func TestAPIListReleases(t *testing.T) {

// test filter
testFilterByLen := func(auth bool, query url.Values, expectedLength int, msgAndArgs ...string) {
link.RawQuery = query.Encode()
if auth {
query.Set("token", token)
resp = session.MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
} else {
resp = MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
}
link.RawQuery = query.Encode()
resp = MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
DecodeJSON(t, resp, &apiReleases)
assert.Len(t, apiReleases, expectedLength, msgAndArgs)
}
Expand Down
42 changes: 19 additions & 23 deletions integrations/api_repo_topic_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,36 +59,34 @@ func TestAPIRepoTopic(t *testing.T) {
repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3}).(*repo_model.Repository)

// Get user2's token
session := loginUser(t, user2.Name)
token2 := getTokenForLoggedInUser(t, session)
token2 := getUserToken(t, user2.Name)

// Test read topics using login
url := fmt.Sprintf("/api/v1/repos/%s/%s/topics", user2.Name, repo2.Name)
req := NewRequest(t, "GET", url)
res := session.MakeRequest(t, req, http.StatusOK)
req := NewRequest(t, "GET", url+"?token="+token2)
res := MakeRequest(t, req, http.StatusOK)
var topics *api.TopicName
DecodeJSON(t, res, &topics)
assert.ElementsMatch(t, []string{"topicname1", "topicname2"}, topics.TopicNames)

// Log out user2
session = emptyTestSession(t)
url = fmt.Sprintf("/api/v1/repos/%s/%s/topics?token=%s", user2.Name, repo2.Name, token2)

// Test delete a topic
req = NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/topics/%s?token=%s", user2.Name, repo2.Name, "Topicname1", token2)
session.MakeRequest(t, req, http.StatusNoContent)
MakeRequest(t, req, http.StatusNoContent)

// Test add an existing topic
req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/%s?token=%s", user2.Name, repo2.Name, "Golang", token2)
session.MakeRequest(t, req, http.StatusNoContent)
MakeRequest(t, req, http.StatusNoContent)

// Test add a topic
req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/%s?token=%s", user2.Name, repo2.Name, "topicName3", token2)
session.MakeRequest(t, req, http.StatusNoContent)
MakeRequest(t, req, http.StatusNoContent)

// Test read topics using token
req = NewRequest(t, "GET", url)
res = session.MakeRequest(t, req, http.StatusOK)
res = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, res, &topics)
assert.ElementsMatch(t, []string{"topicname2", "golang", "topicname3"}, topics.TopicNames)

Expand All @@ -97,9 +95,9 @@ func TestAPIRepoTopic(t *testing.T) {
req = NewRequestWithJSON(t, "PUT", url, &api.RepoTopicOptions{
Topics: newTopics,
})
session.MakeRequest(t, req, http.StatusNoContent)
MakeRequest(t, req, http.StatusNoContent)
req = NewRequest(t, "GET", url)
res = session.MakeRequest(t, req, http.StatusOK)
res = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, res, &topics)
assert.ElementsMatch(t, []string{"windows", "mac"}, topics.TopicNames)

Expand All @@ -108,9 +106,9 @@ func TestAPIRepoTopic(t *testing.T) {
req = NewRequestWithJSON(t, "PUT", url, &api.RepoTopicOptions{
Topics: newTopics,
})
session.MakeRequest(t, req, http.StatusUnprocessableEntity)
MakeRequest(t, req, http.StatusUnprocessableEntity)
req = NewRequest(t, "GET", url)
res = session.MakeRequest(t, req, http.StatusOK)
res = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, res, &topics)
assert.ElementsMatch(t, []string{"windows", "mac"}, topics.TopicNames)

Expand All @@ -119,9 +117,9 @@ func TestAPIRepoTopic(t *testing.T) {
req = NewRequestWithJSON(t, "PUT", url, &api.RepoTopicOptions{
Topics: newTopics,
})
session.MakeRequest(t, req, http.StatusNoContent)
MakeRequest(t, req, http.StatusNoContent)
req = NewRequest(t, "GET", url)
res = session.MakeRequest(t, req, http.StatusOK)
res = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, res, &topics)
assert.Len(t, topics.TopicNames, 25)

Expand All @@ -130,29 +128,27 @@ func TestAPIRepoTopic(t *testing.T) {
req = NewRequestWithJSON(t, "PUT", url, &api.RepoTopicOptions{
Topics: newTopics,
})
session.MakeRequest(t, req, http.StatusUnprocessableEntity)
MakeRequest(t, req, http.StatusUnprocessableEntity)

// Test add a topic when there is already maximum
req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/%s?token=%s", user2.Name, repo2.Name, "t26", token2)
session.MakeRequest(t, req, http.StatusUnprocessableEntity)
MakeRequest(t, req, http.StatusUnprocessableEntity)

// Test delete a topic that repo doesn't have
req = NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/topics/%s?token=%s", user2.Name, repo2.Name, "Topicname1", token2)
session.MakeRequest(t, req, http.StatusNotFound)
MakeRequest(t, req, http.StatusNotFound)

// Get user4's token
session = loginUser(t, user4.Name)
token4 := getTokenForLoggedInUser(t, session)
session = emptyTestSession(t)
token4 := getUserToken(t, user4.Name)

// Test read topics with write access
url = fmt.Sprintf("/api/v1/repos/%s/%s/topics?token=%s", user3.Name, repo3.Name, token4)
req = NewRequest(t, "GET", url)
res = session.MakeRequest(t, req, http.StatusOK)
res = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, res, &topics)
assert.Empty(t, topics.TopicNames)

// Test add a topic to repo with write access (requires repo admin access)
req = NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/%s?token=%s", user3.Name, repo3.Name, "topicName", token4)
session.MakeRequest(t, req, http.StatusForbidden)
MakeRequest(t, req, http.StatusForbidden)
}
Loading

0 comments on commit 9a6790b

Please sign in to comment.