code.gitea.io/gitea@v1.22.3/tests/integration/api_comment_attachment_test.go (about) 1 // Copyright 2021 The Gitea Authors. All rights reserved. 2 // SPDX-License-Identifier: MIT 3 4 package integration 5 6 import ( 7 "bytes" 8 "fmt" 9 "io" 10 "mime/multipart" 11 "net/http" 12 "testing" 13 14 auth_model "code.gitea.io/gitea/models/auth" 15 "code.gitea.io/gitea/models/db" 16 issues_model "code.gitea.io/gitea/models/issues" 17 repo_model "code.gitea.io/gitea/models/repo" 18 "code.gitea.io/gitea/models/unittest" 19 user_model "code.gitea.io/gitea/models/user" 20 api "code.gitea.io/gitea/modules/structs" 21 "code.gitea.io/gitea/services/convert" 22 "code.gitea.io/gitea/tests" 23 24 "github.com/stretchr/testify/assert" 25 ) 26 27 func TestAPIGetCommentAttachment(t *testing.T) { 28 defer tests.PrepareTestEnv(t)() 29 30 comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 2}) 31 assert.NoError(t, comment.LoadIssue(db.DefaultContext)) 32 assert.NoError(t, comment.LoadAttachments(db.DefaultContext)) 33 attachment := unittest.AssertExistsAndLoadBean(t, &repo_model.Attachment{ID: comment.Attachments[0].ID}) 34 repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: comment.Issue.RepoID}) 35 repoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID}) 36 37 t.Run("UnrelatedCommentID", func(t *testing.T) { 38 repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4}) 39 repoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID}) 40 token := getUserToken(t, repoOwner.Name, auth_model.AccessTokenScopeWriteIssue) 41 req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/issues/comments/%d/assets/%d", repoOwner.Name, repo.Name, comment.ID, attachment.ID). 42 AddTokenAuth(token) 43 MakeRequest(t, req, http.StatusNotFound) 44 }) 45 46 session := loginUser(t, repoOwner.Name) 47 token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue) 48 req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/issues/comments/%d/assets/%d", repoOwner.Name, repo.Name, comment.ID, attachment.ID). 49 AddTokenAuth(token) 50 session.MakeRequest(t, req, http.StatusOK) 51 req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/issues/comments/%d/assets/%d", repoOwner.Name, repo.Name, comment.ID, attachment.ID). 52 AddTokenAuth(token) 53 resp := session.MakeRequest(t, req, http.StatusOK) 54 55 var apiAttachment api.Attachment 56 DecodeJSON(t, resp, &apiAttachment) 57 58 expect := convert.ToAPIAttachment(repo, attachment) 59 assert.Equal(t, expect.ID, apiAttachment.ID) 60 assert.Equal(t, expect.Name, apiAttachment.Name) 61 assert.Equal(t, expect.UUID, apiAttachment.UUID) 62 assert.Equal(t, expect.Created.Unix(), apiAttachment.Created.Unix()) 63 assert.Equal(t, expect.DownloadURL, apiAttachment.DownloadURL) 64 } 65 66 func TestAPIListCommentAttachments(t *testing.T) { 67 defer tests.PrepareTestEnv(t)() 68 69 comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 2}) 70 issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: comment.IssueID}) 71 repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: issue.RepoID}) 72 repoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID}) 73 74 session := loginUser(t, repoOwner.Name) 75 token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue) 76 req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/issues/comments/%d/assets", repoOwner.Name, repo.Name, comment.ID). 77 AddTokenAuth(token) 78 resp := session.MakeRequest(t, req, http.StatusOK) 79 80 var apiAttachments []*api.Attachment 81 DecodeJSON(t, resp, &apiAttachments) 82 expectedCount := unittest.GetCount(t, &repo_model.Attachment{CommentID: comment.ID}) 83 assert.Len(t, apiAttachments, expectedCount) 84 85 unittest.AssertExistsAndLoadBean(t, &repo_model.Attachment{ID: apiAttachments[0].ID, CommentID: comment.ID}) 86 } 87 88 func TestAPICreateCommentAttachment(t *testing.T) { 89 defer tests.PrepareTestEnv(t)() 90 91 comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 2}) 92 issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: comment.IssueID}) 93 repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: issue.RepoID}) 94 repoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID}) 95 96 session := loginUser(t, repoOwner.Name) 97 token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue) 98 99 filename := "image.png" 100 buff := generateImg() 101 body := &bytes.Buffer{} 102 103 // Setup multi-part 104 writer := multipart.NewWriter(body) 105 part, err := writer.CreateFormFile("attachment", filename) 106 assert.NoError(t, err) 107 _, err = io.Copy(part, &buff) 108 assert.NoError(t, err) 109 err = writer.Close() 110 assert.NoError(t, err) 111 112 req := NewRequestWithBody(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/issues/comments/%d/assets", repoOwner.Name, repo.Name, comment.ID), body). 113 AddTokenAuth(token). 114 SetHeader("Content-Type", writer.FormDataContentType()) 115 resp := session.MakeRequest(t, req, http.StatusCreated) 116 117 apiAttachment := new(api.Attachment) 118 DecodeJSON(t, resp, &apiAttachment) 119 120 unittest.AssertExistsAndLoadBean(t, &repo_model.Attachment{ID: apiAttachment.ID, CommentID: comment.ID}) 121 } 122 123 func TestAPICreateCommentAttachmentWithUnallowedFile(t *testing.T) { 124 defer tests.PrepareTestEnv(t)() 125 126 comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 2}) 127 issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: comment.IssueID}) 128 repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: issue.RepoID}) 129 repoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID}) 130 131 session := loginUser(t, repoOwner.Name) 132 token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue) 133 134 filename := "file.bad" 135 body := &bytes.Buffer{} 136 137 // Setup multi-part. 138 writer := multipart.NewWriter(body) 139 _, err := writer.CreateFormFile("attachment", filename) 140 assert.NoError(t, err) 141 err = writer.Close() 142 assert.NoError(t, err) 143 144 req := NewRequestWithBody(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/issues/comments/%d/assets", repoOwner.Name, repo.Name, comment.ID), body). 145 AddTokenAuth(token). 146 SetHeader("Content-Type", writer.FormDataContentType()) 147 148 session.MakeRequest(t, req, http.StatusUnprocessableEntity) 149 } 150 151 func TestAPIEditCommentAttachment(t *testing.T) { 152 defer tests.PrepareTestEnv(t)() 153 154 const newAttachmentName = "newAttachmentName" 155 156 attachment := unittest.AssertExistsAndLoadBean(t, &repo_model.Attachment{ID: 6}) 157 comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: attachment.CommentID}) 158 issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: comment.IssueID}) 159 repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: issue.RepoID}) 160 repoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID}) 161 162 session := loginUser(t, repoOwner.Name) 163 token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue) 164 urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/comments/%d/assets/%d", 165 repoOwner.Name, repo.Name, comment.ID, attachment.ID) 166 req := NewRequestWithValues(t, "PATCH", urlStr, map[string]string{ 167 "name": newAttachmentName, 168 }).AddTokenAuth(token) 169 resp := session.MakeRequest(t, req, http.StatusCreated) 170 apiAttachment := new(api.Attachment) 171 DecodeJSON(t, resp, &apiAttachment) 172 173 unittest.AssertExistsAndLoadBean(t, &repo_model.Attachment{ID: apiAttachment.ID, CommentID: comment.ID, Name: apiAttachment.Name}) 174 } 175 176 func TestAPIDeleteCommentAttachment(t *testing.T) { 177 defer tests.PrepareTestEnv(t)() 178 179 attachment := unittest.AssertExistsAndLoadBean(t, &repo_model.Attachment{ID: 6}) 180 comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: attachment.CommentID}) 181 issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: comment.IssueID}) 182 repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: issue.RepoID}) 183 repoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID}) 184 185 session := loginUser(t, repoOwner.Name) 186 token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue) 187 188 req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/%s/%s/issues/comments/%d/assets/%d", repoOwner.Name, repo.Name, comment.ID, attachment.ID)). 189 AddTokenAuth(token) 190 session.MakeRequest(t, req, http.StatusNoContent) 191 192 unittest.AssertNotExistsBean(t, &repo_model.Attachment{ID: attachment.ID, CommentID: comment.ID}) 193 }