code.gitea.io/gitea@v1.22.3/tests/integration/api_repo_git_blobs_test.go (about) 1 // Copyright 2019 The Gitea Authors. All rights reserved. 2 // SPDX-License-Identifier: MIT 3 4 package integration 5 6 import ( 7 "net/http" 8 "testing" 9 10 auth_model "code.gitea.io/gitea/models/auth" 11 repo_model "code.gitea.io/gitea/models/repo" 12 "code.gitea.io/gitea/models/unittest" 13 user_model "code.gitea.io/gitea/models/user" 14 api "code.gitea.io/gitea/modules/structs" 15 "code.gitea.io/gitea/tests" 16 17 "github.com/stretchr/testify/assert" 18 ) 19 20 func TestAPIReposGitBlobs(t *testing.T) { 21 defer tests.PrepareTestEnv(t)() 22 user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) // owner of the repo1 & repo16 23 org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3}) // owner of the repo3 24 user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4}) // owner of neither repos 25 repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1}) // public repo 26 repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3}) // public repo 27 repo16 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 16}) // private repo 28 repo1ReadmeSHA := "65f1bf27bc3bf70f64657658635e66094edbcb4d" 29 repo3ReadmeSHA := "d56a3073c1dbb7b15963110a049d50cdb5db99fc" 30 repo16ReadmeSHA := "f90451c72ef61a7645293d17b47be7a8e983da57" 31 badSHA := "0000000000000000000000000000000000000000" 32 33 // Login as User2. 34 session := loginUser(t, user2.Name) 35 token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository) 36 37 // Test a public repo that anyone can GET the blob of 38 req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo1.Name, repo1ReadmeSHA) 39 resp := MakeRequest(t, req, http.StatusOK) 40 var gitBlobResponse api.GitBlobResponse 41 DecodeJSON(t, resp, &gitBlobResponse) 42 assert.NotNil(t, gitBlobResponse) 43 expectedContent := "dHJlZSAyYTJmMWQ0NjcwNzI4YTJlMTAwNDllMzQ1YmQ3YTI3NjQ2OGJlYWI2CmF1dGhvciB1c2VyMSA8YWRkcmVzczFAZXhhbXBsZS5jb20+IDE0ODk5NTY0NzkgLTA0MDAKY29tbWl0dGVyIEV0aGFuIEtvZW5pZyA8ZXRoYW50a29lbmlnQGdtYWlsLmNvbT4gMTQ4OTk1NjQ3OSAtMDQwMAoKSW5pdGlhbCBjb21taXQK" 44 assert.Equal(t, expectedContent, gitBlobResponse.Content) 45 46 // Tests a private repo with no token so will fail 47 req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo16.Name, repo16ReadmeSHA) 48 MakeRequest(t, req, http.StatusNotFound) 49 50 // Test using access token for a private repo that the user of the token owns 51 req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo16.Name, repo16ReadmeSHA). 52 AddTokenAuth(token) 53 MakeRequest(t, req, http.StatusOK) 54 55 // Test using bad sha 56 req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo1.Name, badSHA) 57 MakeRequest(t, req, http.StatusBadRequest) 58 59 // Test using org repo "org3/repo3" where user2 is a collaborator 60 req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", org3.Name, repo3.Name, repo3ReadmeSHA). 61 AddTokenAuth(token) 62 MakeRequest(t, req, http.StatusOK) 63 64 // Test using org repo "org3/repo3" where user2 is a collaborator 65 req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", org3.Name, repo3.Name, repo3ReadmeSHA). 66 AddTokenAuth(token) 67 MakeRequest(t, req, http.StatusOK) 68 69 // Test using org repo "org3/repo3" with no user token 70 req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", org3.Name, repo3ReadmeSHA, repo3.Name) 71 MakeRequest(t, req, http.StatusNotFound) 72 73 // Login as User4. 74 session = loginUser(t, user4.Name) 75 token4 := getTokenForLoggedInUser(t, session) 76 77 // Test using org repo "org3/repo3" where user4 is a NOT collaborator 78 req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/d56a3073c1dbb7b15963110a049d50cdb5db99fc?access=%s", org3.Name, repo3.Name, token4) 79 MakeRequest(t, req, http.StatusNotFound) 80 }