code.gitea.io/gitea@v1.22.3/tests/integration/api_user_block_test.go (about) 1 // Copyright 2024 The Gitea Authors. All rights reserved. 2 // SPDX-License-Identifier: MIT 3 4 package integration 5 6 import ( 7 "fmt" 8 "net/http" 9 "testing" 10 11 "code.gitea.io/gitea/models" 12 auth_model "code.gitea.io/gitea/models/auth" 13 "code.gitea.io/gitea/models/db" 14 issues_model "code.gitea.io/gitea/models/issues" 15 repo_model "code.gitea.io/gitea/models/repo" 16 api "code.gitea.io/gitea/modules/structs" 17 "code.gitea.io/gitea/tests" 18 19 "github.com/stretchr/testify/assert" 20 ) 21 22 func TestBlockUser(t *testing.T) { 23 defer tests.PrepareTestEnv(t)() 24 25 countStars := func(t *testing.T, repoOwnerID, starrerID int64) int64 { 26 count, err := db.Count[repo_model.Repository](db.DefaultContext, &repo_model.StarredReposOptions{ 27 StarrerID: starrerID, 28 RepoOwnerID: repoOwnerID, 29 IncludePrivate: true, 30 }) 31 assert.NoError(t, err) 32 return count 33 } 34 35 countWatches := func(t *testing.T, repoOwnerID, watcherID int64) int64 { 36 count, err := db.Count[repo_model.Repository](db.DefaultContext, &repo_model.WatchedReposOptions{ 37 WatcherID: watcherID, 38 RepoOwnerID: repoOwnerID, 39 }) 40 assert.NoError(t, err) 41 return count 42 } 43 44 countRepositoryTransfers := func(t *testing.T, senderID, recipientID int64) int64 { 45 transfers, err := models.GetPendingRepositoryTransfers(db.DefaultContext, &models.PendingRepositoryTransferOptions{ 46 SenderID: senderID, 47 RecipientID: recipientID, 48 }) 49 assert.NoError(t, err) 50 return int64(len(transfers)) 51 } 52 53 countAssignedIssues := func(t *testing.T, repoOwnerID, assigneeID int64) int64 { 54 _, count, err := issues_model.GetAssignedIssues(db.DefaultContext, &issues_model.AssignedIssuesOptions{ 55 AssigneeID: assigneeID, 56 RepoOwnerID: repoOwnerID, 57 }) 58 assert.NoError(t, err) 59 return count 60 } 61 62 countCollaborations := func(t *testing.T, repoOwnerID, collaboratorID int64) int64 { 63 count, err := db.Count[repo_model.Collaboration](db.DefaultContext, &repo_model.FindCollaborationOptions{ 64 CollaboratorID: collaboratorID, 65 RepoOwnerID: repoOwnerID, 66 }) 67 assert.NoError(t, err) 68 return count 69 } 70 71 t.Run("User", func(t *testing.T) { 72 var blockerID int64 = 16 73 blockerName := "user16" 74 blockerToken := getUserToken(t, blockerName, auth_model.AccessTokenScopeWriteUser) 75 76 var blockeeID int64 = 10 77 blockeeName := "user10" 78 79 t.Run("Block", func(t *testing.T) { 80 req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/blocks/%s", blockeeName)) 81 MakeRequest(t, req, http.StatusUnauthorized) 82 83 assert.EqualValues(t, 1, countStars(t, blockerID, blockeeID)) 84 assert.EqualValues(t, 1, countWatches(t, blockerID, blockeeID)) 85 assert.EqualValues(t, 1, countRepositoryTransfers(t, blockerID, blockeeID)) 86 assert.EqualValues(t, 1, countCollaborations(t, blockerID, blockeeID)) 87 88 req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/blocks/%s", blockeeName)). 89 AddTokenAuth(blockerToken) 90 MakeRequest(t, req, http.StatusNotFound) 91 92 req = NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/blocks/%s?reason=test", blockeeName)). 93 AddTokenAuth(blockerToken) 94 MakeRequest(t, req, http.StatusNoContent) 95 96 assert.EqualValues(t, 0, countStars(t, blockerID, blockeeID)) 97 assert.EqualValues(t, 0, countWatches(t, blockerID, blockeeID)) 98 assert.EqualValues(t, 0, countRepositoryTransfers(t, blockerID, blockeeID)) 99 assert.EqualValues(t, 0, countCollaborations(t, blockerID, blockeeID)) 100 101 req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/blocks/%s", blockeeName)). 102 AddTokenAuth(blockerToken) 103 MakeRequest(t, req, http.StatusNoContent) 104 105 req = NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/blocks/%s", blockeeName)). 106 AddTokenAuth(blockerToken) 107 MakeRequest(t, req, http.StatusBadRequest) // can't block blocked user 108 109 req = NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/blocks/%s", "org3")). 110 AddTokenAuth(blockerToken) 111 MakeRequest(t, req, http.StatusBadRequest) // can't block organization 112 113 req = NewRequest(t, "GET", "/api/v1/user/blocks") 114 MakeRequest(t, req, http.StatusUnauthorized) 115 116 req = NewRequest(t, "GET", "/api/v1/user/blocks"). 117 AddTokenAuth(blockerToken) 118 resp := MakeRequest(t, req, http.StatusOK) 119 120 var users []api.User 121 DecodeJSON(t, resp, &users) 122 123 assert.Len(t, users, 1) 124 assert.Equal(t, blockeeName, users[0].UserName) 125 }) 126 127 t.Run("Unblock", func(t *testing.T) { 128 req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/user/blocks/%s", blockeeName)) 129 MakeRequest(t, req, http.StatusUnauthorized) 130 131 req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/user/blocks/%s", blockeeName)). 132 AddTokenAuth(blockerToken) 133 MakeRequest(t, req, http.StatusNoContent) 134 135 req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/user/blocks/%s", blockeeName)). 136 AddTokenAuth(blockerToken) 137 MakeRequest(t, req, http.StatusBadRequest) 138 139 req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/user/blocks/%s", "org3")). 140 AddTokenAuth(blockerToken) 141 MakeRequest(t, req, http.StatusBadRequest) 142 143 req = NewRequest(t, "GET", "/api/v1/user/blocks"). 144 AddTokenAuth(blockerToken) 145 resp := MakeRequest(t, req, http.StatusOK) 146 147 var users []api.User 148 DecodeJSON(t, resp, &users) 149 150 assert.Empty(t, users) 151 }) 152 }) 153 154 t.Run("Organization", func(t *testing.T) { 155 var blockerID int64 = 3 156 blockerName := "org3" 157 158 doerToken := getUserToken(t, "user2", auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteOrganization) 159 160 var blockeeID int64 = 10 161 blockeeName := "user10" 162 163 t.Run("Block", func(t *testing.T) { 164 req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/blocks/%s", blockerName, blockeeName)) 165 MakeRequest(t, req, http.StatusUnauthorized) 166 167 req = NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/blocks/%s", blockerName, "user4")). 168 AddTokenAuth(doerToken) 169 MakeRequest(t, req, http.StatusBadRequest) // can't block member 170 171 assert.EqualValues(t, 1, countStars(t, blockerID, blockeeID)) 172 assert.EqualValues(t, 1, countWatches(t, blockerID, blockeeID)) 173 assert.EqualValues(t, 1, countRepositoryTransfers(t, blockerID, blockeeID)) 174 assert.EqualValues(t, 1, countAssignedIssues(t, blockerID, blockeeID)) 175 assert.EqualValues(t, 1, countCollaborations(t, blockerID, blockeeID)) 176 177 req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/blocks/%s", blockerName, blockeeName)). 178 AddTokenAuth(doerToken) 179 MakeRequest(t, req, http.StatusNotFound) 180 181 req = NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/blocks/%s?reason=test", blockerName, blockeeName)). 182 AddTokenAuth(doerToken) 183 MakeRequest(t, req, http.StatusNoContent) 184 185 assert.EqualValues(t, 0, countStars(t, blockerID, blockeeID)) 186 assert.EqualValues(t, 0, countWatches(t, blockerID, blockeeID)) 187 assert.EqualValues(t, 0, countRepositoryTransfers(t, blockerID, blockeeID)) 188 assert.EqualValues(t, 0, countAssignedIssues(t, blockerID, blockeeID)) 189 assert.EqualValues(t, 0, countCollaborations(t, blockerID, blockeeID)) 190 191 req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/blocks/%s", blockerName, blockeeName)). 192 AddTokenAuth(doerToken) 193 MakeRequest(t, req, http.StatusNoContent) 194 195 req = NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/blocks/%s", blockerName, blockeeName)). 196 AddTokenAuth(doerToken) 197 MakeRequest(t, req, http.StatusBadRequest) // can't block blocked user 198 199 req = NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/blocks/%s", blockerName, "org3")). 200 AddTokenAuth(doerToken) 201 MakeRequest(t, req, http.StatusBadRequest) // can't block organization 202 203 req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/blocks", blockerName)) 204 MakeRequest(t, req, http.StatusUnauthorized) 205 206 req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/blocks", blockerName)). 207 AddTokenAuth(doerToken) 208 resp := MakeRequest(t, req, http.StatusOK) 209 210 var users []api.User 211 DecodeJSON(t, resp, &users) 212 213 assert.Len(t, users, 1) 214 assert.Equal(t, blockeeName, users[0].UserName) 215 }) 216 217 t.Run("Unblock", func(t *testing.T) { 218 req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/%s/blocks/%s", blockerName, blockeeName)) 219 MakeRequest(t, req, http.StatusUnauthorized) 220 221 req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/%s/blocks/%s", blockerName, blockeeName)). 222 AddTokenAuth(doerToken) 223 MakeRequest(t, req, http.StatusNoContent) 224 225 req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/%s/blocks/%s", blockerName, blockeeName)). 226 AddTokenAuth(doerToken) 227 MakeRequest(t, req, http.StatusBadRequest) 228 229 req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/orgs/%s/blocks/%s", blockerName, "org3")). 230 AddTokenAuth(doerToken) 231 MakeRequest(t, req, http.StatusBadRequest) 232 233 req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/blocks", blockerName)). 234 AddTokenAuth(doerToken) 235 resp := MakeRequest(t, req, http.StatusOK) 236 237 var users []api.User 238 DecodeJSON(t, resp, &users) 239 240 assert.Empty(t, users) 241 }) 242 }) 243 }