Limit token scope for some repo APIs
This commit is contained in:
harryzcy
parent
0583e79f37
commit
a282f02de6
14 changed files with 86 additions and 78 deletions
|
|
@ -794,74 +794,77 @@ func Routes(ctx gocontext.Context) *web.Route {
|
|||
}, reqToken(""))
|
||||
|
||||
// Repositories
|
||||
m.Post("/org/{org}/repos", reqToken(""), bind(api.CreateRepoOption{}), repo.CreateOrgRepoDeprecated)
|
||||
m.Post("/org/{org}/repos", reqToken("auth_model.AccessTokenScopeAdminOrg"), bind(api.CreateRepoOption{}), repo.CreateOrgRepoDeprecated)
|
||||
|
||||
m.Combo("/repositories/{id}", reqToken("")).Get(repo.GetByID)
|
||||
m.Combo("/repositories/{id}", reqToken(auth_model.AccessTokenScopeRepo)).Get(repo.GetByID)
|
||||
|
||||
m.Group("/repos", func() {
|
||||
m.Get("/search", repo.Search)
|
||||
|
||||
m.Get("/issues/search", repo.SearchIssues)
|
||||
|
||||
m.Post("/migrate", reqToken(""), bind(api.MigrateRepoOptions{}), repo.Migrate)
|
||||
// (repo scope)
|
||||
m.Post("/migrate", reqToken(auth_model.AccessTokenScopeRepo), bind(api.MigrateRepoOptions{}), repo.Migrate)
|
||||
|
||||
m.Group("/{username}/{reponame}", func() {
|
||||
m.Combo("").Get(reqAnyRepoReader(), repo.Get).
|
||||
Delete(reqToken(""), reqOwner(), repo.Delete).
|
||||
Patch(reqToken(""), reqAdmin(), bind(api.EditRepoOption{}), repo.Edit)
|
||||
m.Post("/generate", reqToken(""), reqRepoReader(unit.TypeCode), bind(api.GenerateRepoOption{}), repo.Generate)
|
||||
m.Post("/transfer", reqOwner(), bind(api.TransferRepoOption{}), repo.Transfer)
|
||||
m.Post("/transfer/accept", reqToken(""), repo.AcceptTransfer)
|
||||
m.Post("/transfer/reject", reqToken(""), repo.RejectTransfer)
|
||||
m.Combo("/notifications").
|
||||
Delete(reqToken(auth_model.AccessTokenScopeDeleteRepo), reqOwner(), repo.Delete).
|
||||
Patch(reqToken(auth_model.AccessTokenScopeRepo), reqAdmin(), bind(api.EditRepoOption{}), repo.Edit)
|
||||
m.Post("/generate", reqToken(auth_model.AccessTokenScopeRepo), reqRepoReader(unit.TypeCode), bind(api.GenerateRepoOption{}), repo.Generate)
|
||||
m.Group("/transfer", func() {
|
||||
m.Post("", reqOwner(), bind(api.TransferRepoOption{}), repo.Transfer)
|
||||
m.Post("/accept", repo.AcceptTransfer)
|
||||
m.Post("/reject", repo.RejectTransfer)
|
||||
}, reqToken(auth_model.AccessTokenScopeRepo))
|
||||
m.Combo("/notifications", reqToken(auth_model.AccessTokenScopeNotification)).
|
||||
Get(reqToken(""), notify.ListRepoNotifications).
|
||||
Put(reqToken(""), notify.ReadRepoNotifications)
|
||||
m.Group("/hooks/git", func() {
|
||||
m.Combo("").Get(repo.ListGitHooks)
|
||||
m.Combo("").Get(reqToken(auth_model.AccessTokenScopeReadRepoHook), repo.ListGitHooks)
|
||||
m.Group("/{id}", func() {
|
||||
m.Combo("").Get(repo.GetGitHook).
|
||||
Patch(bind(api.EditGitHookOption{}), repo.EditGitHook).
|
||||
Delete(repo.DeleteGitHook)
|
||||
m.Combo("").Get(reqToken(auth_model.AccessTokenScopeReadRepoHook), repo.GetGitHook).
|
||||
Patch(reqToken(auth_model.AccessTokenScopeWriteRepoHook), bind(api.EditGitHookOption{}), repo.EditGitHook).
|
||||
Delete(reqToken(auth_model.AccessTokenScopeWriteRepoHook), repo.DeleteGitHook)
|
||||
})
|
||||
}, reqToken(""), reqAdmin(), reqGitHook(), context.ReferencesGitRepo(true))
|
||||
}, reqAdmin(), reqGitHook(), context.ReferencesGitRepo(true))
|
||||
m.Group("/hooks", func() {
|
||||
m.Combo("").Get(repo.ListHooks).
|
||||
Post(bind(api.CreateHookOption{}), repo.CreateHook)
|
||||
m.Combo("").Get(reqToken(auth_model.AccessTokenScopeReadRepoHook), repo.ListHooks).
|
||||
Post(reqToken(auth_model.AccessTokenScopeWriteRepoHook), bind(api.CreateHookOption{}), repo.CreateHook)
|
||||
m.Group("/{id}", func() {
|
||||
m.Combo("").Get(repo.GetHook).
|
||||
Patch(bind(api.EditHookOption{}), repo.EditHook).
|
||||
Delete(repo.DeleteHook)
|
||||
m.Post("/tests", context.ReferencesGitRepo(), context.RepoRefForAPI, repo.TestHook)
|
||||
m.Combo("").Get(reqToken(auth_model.AccessTokenScopeReadRepoHook), repo.GetHook).
|
||||
Patch(reqToken(auth_model.AccessTokenScopeWriteRepoHook), bind(api.EditHookOption{}), repo.EditHook).
|
||||
Delete(reqToken(auth_model.AccessTokenScopeWriteRepoHook), repo.DeleteHook)
|
||||
m.Post("/tests", reqToken(auth_model.AccessTokenScopeReadRepoHook), context.ReferencesGitRepo(), context.RepoRefForAPI, repo.TestHook)
|
||||
})
|
||||
}, reqToken(""), reqAdmin(), reqWebhooksEnabled())
|
||||
}, reqAdmin(), reqWebhooksEnabled())
|
||||
m.Group("/collaborators", func() {
|
||||
m.Get("", reqAnyRepoReader(), repo.ListCollaborators)
|
||||
m.Get("", reqToken(auth_model.AccessTokenScopeRepo), reqAnyRepoReader(), repo.ListCollaborators)
|
||||
m.Group("/{collaborator}", func() {
|
||||
m.Combo("").Get(reqAnyRepoReader(), repo.IsCollaborator).
|
||||
Put(reqAdmin(), bind(api.AddCollaboratorOption{}), repo.AddCollaborator).
|
||||
Delete(reqAdmin(), repo.DeleteCollaborator)
|
||||
m.Get("/permission", repo.GetRepoPermissions)
|
||||
}, reqToken(""))
|
||||
}, reqToken(""))
|
||||
m.Get("/assignees", reqToken(""), reqAnyRepoReader(), repo.GetAssignees)
|
||||
m.Get("/reviewers", reqToken(""), reqAnyRepoReader(), repo.GetReviewers)
|
||||
})
|
||||
}, reqToken(auth_model.AccessTokenScopeRepo))
|
||||
m.Get("/assignees", reqToken(auth_model.AccessTokenScopeRepo), reqAnyRepoReader(), repo.GetAssignees)
|
||||
m.Get("/reviewers", reqToken(auth_model.AccessTokenScopeRepo), reqAnyRepoReader(), repo.GetReviewers)
|
||||
m.Group("/teams", func() {
|
||||
m.Get("", reqAnyRepoReader(), repo.ListTeams)
|
||||
m.Combo("/{team}").Get(reqAnyRepoReader(), repo.IsTeam).
|
||||
Put(reqAdmin(), repo.AddTeam).
|
||||
Delete(reqAdmin(), repo.DeleteTeam)
|
||||
}, reqToken(""))
|
||||
m.Get("/raw/*", context.ReferencesGitRepo(), context.RepoRefForAPI, reqRepoReader(unit.TypeCode), repo.GetRawFile)
|
||||
m.Get("/media/*", context.ReferencesGitRepo(), context.RepoRefForAPI, reqRepoReader(unit.TypeCode), repo.GetRawFileOrLFS)
|
||||
m.Get("/archive/*", reqRepoReader(unit.TypeCode), repo.GetArchive)
|
||||
m.Combo("/forks").Get(repo.ListForks).
|
||||
Post(reqToken(""), reqRepoReader(unit.TypeCode), bind(api.CreateForkOption{}), repo.CreateFork)
|
||||
}, reqToken(auth_model.AccessTokenScopeRepo))
|
||||
m.Get("/raw/*", reqToken(auth_model.AccessTokenScopeRepo), context.ReferencesGitRepo(), context.RepoRefForAPI, reqRepoReader(unit.TypeCode), repo.GetRawFile)
|
||||
m.Get("/media/*", reqToken(auth_model.AccessTokenScopeRepo), context.ReferencesGitRepo(), context.RepoRefForAPI, reqRepoReader(unit.TypeCode), repo.GetRawFileOrLFS)
|
||||
m.Get("/archive/*", reqToken(auth_model.AccessTokenScopeRepo), reqRepoReader(unit.TypeCode), repo.GetArchive)
|
||||
m.Combo("/forks", reqToken(auth_model.AccessTokenScopeRepo)).Get(repo.ListForks).
|
||||
Post(reqRepoReader(unit.TypeCode), bind(api.CreateForkOption{}), repo.CreateFork)
|
||||
m.Group("/branches", func() {
|
||||
m.Get("", repo.ListBranches)
|
||||
m.Get("/*", repo.GetBranch)
|
||||
m.Delete("/*", reqRepoWriter(unit.TypeCode), repo.DeleteBranch)
|
||||
m.Post("", reqRepoWriter(unit.TypeCode), bind(api.CreateBranchRepoOption{}), repo.CreateBranch)
|
||||
}, context.ReferencesGitRepo(), reqRepoReader(unit.TypeCode))
|
||||
}, reqToken(auth_model.AccessTokenScopeRepo), context.ReferencesGitRepo(), reqRepoReader(unit.TypeCode))
|
||||
m.Group("/branch_protections", func() {
|
||||
m.Get("", repo.ListBranchProtections)
|
||||
m.Post("", bind(api.CreateBranchProtectionOption{}), repo.CreateBranchProtection)
|
||||
|
|
@ -870,23 +873,23 @@ func Routes(ctx gocontext.Context) *web.Route {
|
|||
m.Patch("", bind(api.EditBranchProtectionOption{}), repo.EditBranchProtection)
|
||||
m.Delete("", repo.DeleteBranchProtection)
|
||||
})
|
||||
}, reqToken(""), reqAdmin())
|
||||
}, reqToken(auth_model.AccessTokenScopeRepo), reqAdmin())
|
||||
m.Group("/tags", func() {
|
||||
m.Get("", repo.ListTags)
|
||||
m.Get("/*", repo.GetTag)
|
||||
m.Post("", reqRepoWriter(unit.TypeCode), bind(api.CreateTagOption{}), repo.CreateTag)
|
||||
m.Delete("/*", repo.DeleteTag)
|
||||
}, reqRepoReader(unit.TypeCode), context.ReferencesGitRepo(true))
|
||||
}, reqToken(auth_model.AccessTokenScopeRepo), reqRepoReader(unit.TypeCode), context.ReferencesGitRepo(true))
|
||||
m.Group("/keys", func() {
|
||||
m.Combo("").Get(repo.ListDeployKeys).
|
||||
Post(bind(api.CreateKeyOption{}), repo.CreateDeployKey)
|
||||
m.Combo("/{id}").Get(repo.GetDeployKey).
|
||||
Delete(repo.DeleteDeploykey)
|
||||
}, reqToken(""), reqAdmin())
|
||||
}, reqToken(auth_model.AccessTokenScopeRepo), reqAdmin())
|
||||
m.Group("/times", func() {
|
||||
m.Combo("").Get(repo.ListTrackedTimesByRepository)
|
||||
m.Combo("/{timetrackingusername}").Get(repo.ListTrackedTimesByUser)
|
||||
}, mustEnableIssues, reqToken(""))
|
||||
}, mustEnableIssues, reqToken(auth_model.AccessTokenScopeRepo))
|
||||
m.Group("/wiki", func() {
|
||||
m.Combo("/page/{pageName}").
|
||||
Get(repo.GetWikiPage).
|
||||
|
|
@ -895,7 +898,9 @@ func Routes(ctx gocontext.Context) *web.Route {
|
|||
m.Get("/revisions/{pageName}", repo.ListPageRevisions)
|
||||
m.Post("/new", mustNotBeArchived, reqRepoWriter(unit.TypeWiki), bind(api.CreateWikiPageOptions{}), repo.NewWikiPage)
|
||||
m.Get("/pages", repo.ListWikiPages)
|
||||
}, mustEnableWiki)
|
||||
}, mustEnableWiki, reqToken(auth_model.AccessTokenScopeRepo))
|
||||
|
||||
// TODO: continue here
|
||||
m.Group("/issues", func() {
|
||||
m.Combo("").Get(repo.ListIssues).
|
||||
Post(reqToken(""), mustNotBeArchived, bind(api.CreateIssueOption{}), repo.CreateIssue)
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ func TestCreateReadOnlyDeployKey(t *testing.T) {
|
|||
repoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
|
||||
|
||||
session := loginUser(t, repoOwner.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
keysURL := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", repoOwner.Name, repo.Name, token)
|
||||
rawKeyBody := api.CreateKeyOption{
|
||||
Title: "read-only",
|
||||
|
|
@ -80,7 +80,7 @@ func TestCreateReadWriteDeployKey(t *testing.T) {
|
|||
repoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
|
||||
|
||||
session := loginUser(t, repoOwner.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
keysURL := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", repoOwner.Name, repo.Name, token)
|
||||
rawKeyBody := api.CreateKeyOption{
|
||||
Title: "read-write",
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ func TestAPIDeleteReleaseByTagName(t *testing.T) {
|
|||
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
|
||||
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
|
||||
session := loginUser(t, owner.LowerName)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
|
||||
createNewReleaseUsingAPI(t, session, token, owner, repo, "release-tag", "", "Release Tag", "test")
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ func TestAPIDownloadArchive(t *testing.T) {
|
|||
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
|
||||
user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
||||
session := loginUser(t, user2.LowerName)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
|
||||
link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/archive/master.zip", user2.Name, repo.Name))
|
||||
link.RawQuery = url.Values{"token": {token}}.Encode()
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ func TestAPIRepoCollaboratorPermission(t *testing.T) {
|
|||
user11 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 11})
|
||||
|
||||
session := loginUser(t, repo2Owner.Name)
|
||||
testCtx := NewAPITestContext(t, repo2Owner.Name, repo2.Name)
|
||||
testCtx := NewAPITestContext(t, repo2Owner.Name, repo2.Name, "repo")
|
||||
|
||||
t.Run("RepoOwnerShouldBeOwner", func(t *testing.T) {
|
||||
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission?token=%s", repo2Owner.Name, repo2.Name, repo2Owner.Name, testCtx.Token)
|
||||
|
|
@ -86,7 +86,7 @@ func TestAPIRepoCollaboratorPermission(t *testing.T) {
|
|||
t.Run("AddUserAsCollaboratorWithReadAccess", doAPIAddCollaborator(testCtx, user5.Name, perm.AccessModeRead))
|
||||
|
||||
_session := loginUser(t, user5.Name)
|
||||
_testCtx := NewAPITestContext(t, user5.Name, repo2.Name)
|
||||
_testCtx := NewAPITestContext(t, user5.Name, repo2.Name, "repo")
|
||||
|
||||
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission?token=%s", repo2Owner.Name, repo2.Name, user5.Name, _testCtx.Token)
|
||||
resp := _session.MakeRequest(t, req, http.StatusOK)
|
||||
|
|
@ -101,7 +101,7 @@ func TestAPIRepoCollaboratorPermission(t *testing.T) {
|
|||
t.Run("AddUserAsCollaboratorWithReadAccess", doAPIAddCollaborator(testCtx, user5.Name, perm.AccessModeRead))
|
||||
|
||||
_session := loginUser(t, user5.Name)
|
||||
_testCtx := NewAPITestContext(t, user5.Name, repo2.Name)
|
||||
_testCtx := NewAPITestContext(t, user5.Name, repo2.Name, "repo")
|
||||
|
||||
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission?token=%s", repo2Owner.Name, repo2.Name, user5.Name, _testCtx.Token)
|
||||
resp := _session.MakeRequest(t, req, http.StatusOK)
|
||||
|
|
@ -117,7 +117,7 @@ func TestAPIRepoCollaboratorPermission(t *testing.T) {
|
|||
t.Run("AddUserAsCollaboratorWithReadAccess", doAPIAddCollaborator(testCtx, user11.Name, perm.AccessModeRead))
|
||||
|
||||
_session := loginUser(t, user10.Name)
|
||||
_testCtx := NewAPITestContext(t, user10.Name, repo2.Name)
|
||||
_testCtx := NewAPITestContext(t, user10.Name, repo2.Name, "repo")
|
||||
|
||||
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/collaborators/%s/permission?token=%s", repo2Owner.Name, repo2.Name, user11.Name, _testCtx.Token)
|
||||
resp := _session.MakeRequest(t, req, http.StatusOK)
|
||||
|
|
|
|||
|
|
@ -146,10 +146,10 @@ func TestAPIRepoEdit(t *testing.T) {
|
|||
|
||||
// Get user2's token
|
||||
session := loginUser(t, user2.Name)
|
||||
token2 := getTokenForLoggedInUser(t, session)
|
||||
token2 := getTokenForLoggedInUser(t, session, "repo")
|
||||
// Get user4's token
|
||||
session = loginUser(t, user4.Name)
|
||||
token4 := getTokenForLoggedInUser(t, session)
|
||||
token4 := getTokenForLoggedInUser(t, session, "repo")
|
||||
session = emptyTestSession(t)
|
||||
|
||||
// Test editing a repo1 which user2 owns, changing name and many properties
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ func TestAPIListGitHooks(t *testing.T) {
|
|||
|
||||
// user1 is an admin user
|
||||
session := loginUser(t, "user1")
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "read_repo_hook")
|
||||
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git?token=%s",
|
||||
owner.Name, repo.Name, token)
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
|
|
@ -57,7 +57,7 @@ func TestAPIListGitHooksNoHooks(t *testing.T) {
|
|||
|
||||
// user1 is an admin user
|
||||
session := loginUser(t, "user1")
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "read_repo_hook")
|
||||
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git?token=%s",
|
||||
owner.Name, repo.Name, token)
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
|
|
@ -77,7 +77,7 @@ func TestAPIListGitHooksNoAccess(t *testing.T) {
|
|||
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
|
||||
|
||||
session := loginUser(t, owner.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "read_repo_hook")
|
||||
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git?token=%s",
|
||||
owner.Name, repo.Name, token)
|
||||
MakeRequest(t, req, http.StatusForbidden)
|
||||
|
|
@ -91,7 +91,7 @@ func TestAPIGetGitHook(t *testing.T) {
|
|||
|
||||
// user1 is an admin user
|
||||
session := loginUser(t, "user1")
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "read_repo_hook")
|
||||
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
|
||||
owner.Name, repo.Name, token)
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
|
|
@ -108,7 +108,7 @@ func TestAPIGetGitHookNoAccess(t *testing.T) {
|
|||
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
|
||||
|
||||
session := loginUser(t, owner.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "read_repo_hook")
|
||||
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
|
||||
owner.Name, repo.Name, token)
|
||||
MakeRequest(t, req, http.StatusForbidden)
|
||||
|
|
@ -122,7 +122,7 @@ func TestAPIEditGitHook(t *testing.T) {
|
|||
|
||||
// user1 is an admin user
|
||||
session := loginUser(t, "user1")
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "write_repo_hook")
|
||||
|
||||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
|
||||
owner.Name, repo.Name, token)
|
||||
|
|
@ -151,7 +151,7 @@ func TestAPIEditGitHookNoAccess(t *testing.T) {
|
|||
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
|
||||
|
||||
session := loginUser(t, owner.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "write_repo_hook")
|
||||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
|
||||
owner.Name, repo.Name, token)
|
||||
req := NewRequestWithJSON(t, "PATCH", urlStr, &api.EditGitHookOption{
|
||||
|
|
@ -168,7 +168,7 @@ func TestAPIDeleteGitHook(t *testing.T) {
|
|||
|
||||
// user1 is an admin user
|
||||
session := loginUser(t, "user1")
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "write_repo_hook")
|
||||
|
||||
req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
|
||||
owner.Name, repo.Name, token)
|
||||
|
|
@ -190,7 +190,7 @@ func TestAPIDeleteGitHookNoAccess(t *testing.T) {
|
|||
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
|
||||
|
||||
session := loginUser(t, owner.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "write_repo_hook")
|
||||
req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
|
||||
owner.Name, repo.Name, token)
|
||||
MakeRequest(t, req, http.StatusForbidden)
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ func TestAPIDeleteTagByName(t *testing.T) {
|
|||
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
|
||||
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
|
||||
session := loginUser(t, owner.LowerName)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
|
||||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/tags/delete-tag?token=%s",
|
||||
owner.Name, repo.Name, token)
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ func TestAPIRepoLFSMigrateLocal(t *testing.T) {
|
|||
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
|
||||
session := loginUser(t, user.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
|
||||
req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate?token="+token, &api.MigrateRepoOptions{
|
||||
CloneAddr: path.Join(setting.RepoRootPath, "migration/lfs-test.git"),
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ func TestAPIRepoTags(t *testing.T) {
|
|||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
||||
// Login as User2.
|
||||
session := loginUser(t, user.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
|
||||
repoName := "repo1"
|
||||
|
||||
|
|
|
|||
|
|
@ -349,7 +349,7 @@ func TestAPIRepoMigrate(t *testing.T) {
|
|||
for _, testCase := range testCases {
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: testCase.ctxUserID})
|
||||
session := loginUser(t, user.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate?token="+token, &api.MigrateRepoOptions{
|
||||
CloneAddr: testCase.cloneURL,
|
||||
RepoOwnerID: testCase.userID,
|
||||
|
|
@ -528,7 +528,7 @@ func TestAPIRepoTransfer(t *testing.T) {
|
|||
user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: testCase.ctxUserID})
|
||||
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: apiRepo.ID})
|
||||
session = loginUser(t, user.Name)
|
||||
token = getTokenForLoggedInUser(t, session)
|
||||
token = getTokenForLoggedInUser(t, session, "repo")
|
||||
req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer?token=%s", repo.OwnerName, repo.Name, token), &api.TransferRepoOption{
|
||||
NewOwner: testCase.newOwner,
|
||||
TeamIDs: testCase.teams,
|
||||
|
|
@ -575,7 +575,7 @@ func TestAPIAcceptTransfer(t *testing.T) {
|
|||
|
||||
// try to accept with not authorized user
|
||||
session := loginUser(t, "user2")
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
req := NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/reject?token=%s", repo.OwnerName, repo.Name, token))
|
||||
session.MakeRequest(t, req, http.StatusForbidden)
|
||||
|
||||
|
|
@ -601,7 +601,7 @@ func TestAPIRejectTransfer(t *testing.T) {
|
|||
|
||||
// try to reject with not authorized user
|
||||
session := loginUser(t, "user2")
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
req := NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/reject?token=%s", repo.OwnerName, repo.Name, token))
|
||||
session.MakeRequest(t, req, http.StatusForbidden)
|
||||
|
||||
|
|
@ -611,7 +611,7 @@ func TestAPIRejectTransfer(t *testing.T) {
|
|||
|
||||
// reject transfer
|
||||
session = loginUser(t, "user4")
|
||||
token = getTokenForLoggedInUser(t, session)
|
||||
token = getTokenForLoggedInUser(t, session, "repo")
|
||||
|
||||
req = NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer/reject?token=%s", repo.OwnerName, repo.Name, token))
|
||||
resp := session.MakeRequest(t, req, http.StatusOK)
|
||||
|
|
@ -625,7 +625,7 @@ func TestAPIGenerateRepo(t *testing.T) {
|
|||
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
|
||||
session := loginUser(t, user.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
|
||||
templateRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 44})
|
||||
|
||||
|
|
@ -661,7 +661,7 @@ func TestAPIRepoGetReviewers(t *testing.T) {
|
|||
defer tests.PrepareTestEnv(t)()
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
||||
session := loginUser(t, user.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
|
||||
|
||||
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/reviewers?token=%s", user.Name, repo.Name, token)
|
||||
|
|
@ -675,7 +675,7 @@ func TestAPIRepoGetAssignees(t *testing.T) {
|
|||
defer tests.PrepareTestEnv(t)()
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
||||
session := loginUser(t, user.Name)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
|
||||
|
||||
req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/assignees?token=%s", user.Name, repo.Name, token)
|
||||
|
|
|
|||
|
|
@ -21,8 +21,9 @@ func TestAPIGetWikiPage(t *testing.T) {
|
|||
|
||||
username := "user2"
|
||||
session := loginUser(t, username)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
|
||||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/wiki/page/Home", username, "repo1")
|
||||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/wiki/page/Home?token=%s", username, "repo1", token)
|
||||
|
||||
req := NewRequest(t, "GET", urlStr)
|
||||
resp := session.MakeRequest(t, req, http.StatusOK)
|
||||
|
|
@ -67,8 +68,9 @@ func TestAPIListWikiPages(t *testing.T) {
|
|||
|
||||
username := "user2"
|
||||
session := loginUser(t, username)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
|
||||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/wiki/pages", username, "repo1")
|
||||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/wiki/pages?token=%s", username, "repo1", token)
|
||||
|
||||
req := NewRequest(t, "GET", urlStr)
|
||||
resp := session.MakeRequest(t, req, http.StatusOK)
|
||||
|
|
@ -182,7 +184,7 @@ func TestAPINewWikiPage(t *testing.T) {
|
|||
defer tests.PrepareTestEnv(t)()
|
||||
username := "user2"
|
||||
session := loginUser(t, username)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
|
||||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/wiki/new?token=%s", username, "repo1", token)
|
||||
|
||||
|
|
@ -199,7 +201,7 @@ func TestAPIEditWikiPage(t *testing.T) {
|
|||
defer tests.PrepareTestEnv(t)()
|
||||
username := "user2"
|
||||
session := loginUser(t, username)
|
||||
token := getTokenForLoggedInUser(t, session)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
|
||||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/wiki/page/Page-With-Spaced-Name?token=%s", username, "repo1", token)
|
||||
|
||||
|
|
@ -215,8 +217,9 @@ func TestAPIListPageRevisions(t *testing.T) {
|
|||
defer tests.PrepareTestEnv(t)()
|
||||
username := "user2"
|
||||
session := loginUser(t, username)
|
||||
token := getTokenForLoggedInUser(t, session, "repo")
|
||||
|
||||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/wiki/revisions/Home", username, "repo1")
|
||||
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/wiki/revisions/Home>token=%s", username, "repo1", token)
|
||||
|
||||
req := NewRequest(t, "GET", urlStr)
|
||||
resp := session.MakeRequest(t, req, http.StatusOK)
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ func TestGit(t *testing.T) {
|
|||
|
||||
func testGit(t *testing.T, u *url.URL) {
|
||||
username := "user2"
|
||||
baseAPITestContext := NewAPITestContext(t, username, "repo1", "write_public_key")
|
||||
baseAPITestContext := NewAPITestContext(t, username, "repo1", "repo", "write_public_key")
|
||||
|
||||
u.Path = baseAPITestContext.GitPath()
|
||||
|
||||
|
|
|
|||
|
|
@ -264,7 +264,7 @@ func TestGPGGit(t *testing.T) {
|
|||
|
||||
t.Run("UnsignedMerging", func(t *testing.T) {
|
||||
defer tests.PrintCurrentTest(t)()
|
||||
testCtx := NewAPITestContext(t, username, "initial-unsigned")
|
||||
testCtx := NewAPITestContext(t, username, "initial-unsigned", "repo")
|
||||
var err error
|
||||
t.Run("CreatePullRequest", func(t *testing.T) {
|
||||
pr, err = doAPICreatePullRequest(testCtx, testCtx.Username, testCtx.Reponame, "master", "never2")(t)
|
||||
|
|
@ -285,7 +285,7 @@ func TestGPGGit(t *testing.T) {
|
|||
|
||||
t.Run("BaseSignedMerging", func(t *testing.T) {
|
||||
defer tests.PrintCurrentTest(t)()
|
||||
testCtx := NewAPITestContext(t, username, "initial-unsigned")
|
||||
testCtx := NewAPITestContext(t, username, "initial-unsigned", "repo")
|
||||
var err error
|
||||
t.Run("CreatePullRequest", func(t *testing.T) {
|
||||
pr, err = doAPICreatePullRequest(testCtx, testCtx.Username, testCtx.Reponame, "master", "parentsigned2")(t)
|
||||
|
|
@ -306,7 +306,7 @@ func TestGPGGit(t *testing.T) {
|
|||
|
||||
t.Run("CommitsSignedMerging", func(t *testing.T) {
|
||||
defer tests.PrintCurrentTest(t)()
|
||||
testCtx := NewAPITestContext(t, username, "initial-unsigned")
|
||||
testCtx := NewAPITestContext(t, username, "initial-unsigned", "repo")
|
||||
var err error
|
||||
t.Run("CreatePullRequest", func(t *testing.T) {
|
||||
pr, err = doAPICreatePullRequest(testCtx, testCtx.Username, testCtx.Reponame, "master", "always-parentsigned")(t)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue