mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-25 07:37:48 -04:00 
			
		
		
		
	* test: add current attachement responses * refactor: check if attachement is linked and accessible by user * chore: clean TODO * fix: typo attachement -> attachment * revert un-needed go.sum change * refactor: move models logic to models * fix TestCreateIssueAttachment which was wrongly successful * fix unit tests with unittype added * fix unit tests with changes * use a valid uuid format for pgsql int. test * test: add unit test TestLinkedRepository * refactor: allow uploader to access unlinked attachement * add missing blank line * refactor: move to a separate function repo.GetAttachment * typo * test: remove err test return * refactor: use repo perm for access checking generally + 404 for all reject
		
			
				
	
	
		
			138 lines
		
	
	
		
			4.6 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			138 lines
		
	
	
		
			4.6 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2019 The Gitea Authors. All rights reserved.
 | |
| // Use of this source code is governed by a MIT-style
 | |
| // license that can be found in the LICENSE file.
 | |
| 
 | |
| package integrations
 | |
| 
 | |
| import (
 | |
| 	"bytes"
 | |
| 	"image"
 | |
| 	"image/png"
 | |
| 	"io"
 | |
| 	"io/ioutil"
 | |
| 	"mime/multipart"
 | |
| 	"net/http"
 | |
| 	"os"
 | |
| 	"path"
 | |
| 	"testing"
 | |
| 
 | |
| 	"code.gitea.io/gitea/models"
 | |
| 	"code.gitea.io/gitea/modules/test"
 | |
| 
 | |
| 	"github.com/stretchr/testify/assert"
 | |
| )
 | |
| 
 | |
| func generateImg() bytes.Buffer {
 | |
| 	// Generate image
 | |
| 	myImage := image.NewRGBA(image.Rect(0, 0, 32, 32))
 | |
| 	var buff bytes.Buffer
 | |
| 	png.Encode(&buff, myImage)
 | |
| 	return buff
 | |
| }
 | |
| 
 | |
| func createAttachment(t *testing.T, session *TestSession, repoURL, filename string, buff bytes.Buffer, expectedStatus int) string {
 | |
| 	body := &bytes.Buffer{}
 | |
| 
 | |
| 	//Setup multi-part
 | |
| 	writer := multipart.NewWriter(body)
 | |
| 	part, err := writer.CreateFormFile("file", filename)
 | |
| 	assert.NoError(t, err)
 | |
| 	_, err = io.Copy(part, &buff)
 | |
| 	assert.NoError(t, err)
 | |
| 	err = writer.Close()
 | |
| 	assert.NoError(t, err)
 | |
| 
 | |
| 	csrf := GetCSRF(t, session, repoURL)
 | |
| 
 | |
| 	req := NewRequestWithBody(t, "POST", "/attachments", body)
 | |
| 	req.Header.Add("X-Csrf-Token", csrf)
 | |
| 	req.Header.Add("Content-Type", writer.FormDataContentType())
 | |
| 	resp := session.MakeRequest(t, req, expectedStatus)
 | |
| 
 | |
| 	if expectedStatus != http.StatusOK {
 | |
| 		return ""
 | |
| 	}
 | |
| 	var obj map[string]string
 | |
| 	DecodeJSON(t, resp, &obj)
 | |
| 	return obj["uuid"]
 | |
| }
 | |
| 
 | |
| func TestCreateAnonymousAttachment(t *testing.T) {
 | |
| 	prepareTestEnv(t)
 | |
| 	session := emptyTestSession(t)
 | |
| 	createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusFound)
 | |
| }
 | |
| 
 | |
| func TestCreateIssueAttachment(t *testing.T) {
 | |
| 	prepareTestEnv(t)
 | |
| 	const repoURL = "user2/repo1"
 | |
| 	session := loginUser(t, "user2")
 | |
| 	uuid := createAttachment(t, session, repoURL, "image.png", generateImg(), http.StatusOK)
 | |
| 
 | |
| 	req := NewRequest(t, "GET", repoURL+"/issues/new")
 | |
| 	resp := session.MakeRequest(t, req, http.StatusOK)
 | |
| 	htmlDoc := NewHTMLParser(t, resp.Body)
 | |
| 
 | |
| 	link, exists := htmlDoc.doc.Find("form").Attr("action")
 | |
| 	assert.True(t, exists, "The template has changed")
 | |
| 
 | |
| 	postData := map[string]string{
 | |
| 		"_csrf":   htmlDoc.GetCSRF(),
 | |
| 		"title":   "New Issue With Attachment",
 | |
| 		"content": "some content",
 | |
| 		"files":   uuid,
 | |
| 	}
 | |
| 
 | |
| 	req = NewRequestWithValues(t, "POST", link, postData)
 | |
| 	resp = session.MakeRequest(t, req, http.StatusFound)
 | |
| 	test.RedirectURL(resp) // check that redirect URL exists
 | |
| 
 | |
| 	//Validate that attachment is available
 | |
| 	req = NewRequest(t, "GET", "/attachments/"+uuid)
 | |
| 	session.MakeRequest(t, req, http.StatusOK)
 | |
| }
 | |
| 
 | |
| func TestGetAttachment(t *testing.T) {
 | |
| 	prepareTestEnv(t)
 | |
| 	adminSession := loginUser(t, "user1")
 | |
| 	user2Session := loginUser(t, "user2")
 | |
| 	user8Session := loginUser(t, "user8")
 | |
| 	emptySession := emptyTestSession(t)
 | |
| 	testCases := []struct {
 | |
| 		name       string
 | |
| 		uuid       string
 | |
| 		createFile bool
 | |
| 		session    *TestSession
 | |
| 		want       int
 | |
| 	}{
 | |
| 		{"LinkedIssueUUID", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11", true, user2Session, http.StatusOK},
 | |
| 		{"LinkedCommentUUID", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a17", true, user2Session, http.StatusOK},
 | |
| 		{"linked_release_uuid", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a19", true, user2Session, http.StatusOK},
 | |
| 		{"NotExistingUUID", "b0eebc99-9c0b-4ef8-bb6d-6bb9bd380a18", false, user2Session, http.StatusNotFound},
 | |
| 		{"FileMissing", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a18", false, user2Session, http.StatusInternalServerError},
 | |
| 		{"NotLinked", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a20", true, user2Session, http.StatusNotFound},
 | |
| 		{"NotLinkedAccessibleByUploader", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a20", true, user8Session, http.StatusOK},
 | |
| 		{"PublicByNonLogged", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11", true, emptySession, http.StatusOK},
 | |
| 		{"PrivateByNonLogged", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, emptySession, http.StatusNotFound},
 | |
| 		{"PrivateAccessibleByAdmin", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, adminSession, http.StatusOK},
 | |
| 		{"PrivateAccessibleByUser", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, user2Session, http.StatusOK},
 | |
| 		{"RepoNotAccessibleByUser", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, user8Session, http.StatusNotFound},
 | |
| 		{"OrgNotAccessibleByUser", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a21", true, user8Session, http.StatusNotFound},
 | |
| 	}
 | |
| 	for _, tc := range testCases {
 | |
| 		t.Run(tc.name, func(t *testing.T) {
 | |
| 			//Write empty file to be available for response
 | |
| 			if tc.createFile {
 | |
| 				localPath := models.AttachmentLocalPath(tc.uuid)
 | |
| 				err := os.MkdirAll(path.Dir(localPath), os.ModePerm)
 | |
| 				assert.NoError(t, err)
 | |
| 				err = ioutil.WriteFile(localPath, []byte("hello world"), 0644)
 | |
| 				assert.NoError(t, err)
 | |
| 			}
 | |
| 			//Actual test
 | |
| 			req := NewRequest(t, "GET", "/attachments/"+tc.uuid)
 | |
| 			tc.session.MakeRequest(t, req, tc.want)
 | |
| 		})
 | |
| 	}
 | |
| }
 |