code.gitea.io/gitea@v1.22.3/tests/integration/download_test.go

code.gitea.io/gitea@v1.22.3/tests/integration/download_test.go (about)

     1  // Copyright 2018 The Gitea Authors. All rights reserved.
     2  // SPDX-License-Identifier: MIT
     3  
     4  package integration
     5  
     6  import (
     7  	"net/http"
     8  	"testing"
     9  
    10  	"code.gitea.io/gitea/modules/setting"
    11  	"code.gitea.io/gitea/tests"
    12  
    13  	"github.com/stretchr/testify/assert"
    14  )
    15  
    16  func TestDownloadByID(t *testing.T) {
    17  	defer tests.PrepareTestEnv(t)()
    18  
    19  	session := loginUser(t, "user2")
    20  
    21  	// Request raw blob
    22  	req := NewRequest(t, "GET", "/user2/repo1/raw/blob/4b4851ad51df6a7d9f25c979345979eaeb5b349f")
    23  	resp := session.MakeRequest(t, req, http.StatusOK)
    24  
    25  	assert.Equal(t, "# repo1\n\nDescription for repo1", resp.Body.String())
    26  }
    27  
    28  func TestDownloadByIDForSVGUsesSecureHeaders(t *testing.T) {
    29  	defer tests.PrepareTestEnv(t)()
    30  
    31  	session := loginUser(t, "user2")
    32  
    33  	// Request raw blob
    34  	req := NewRequest(t, "GET", "/user2/repo2/raw/blob/6395b68e1feebb1e4c657b4f9f6ba2676a283c0b")
    35  	resp := session.MakeRequest(t, req, http.StatusOK)
    36  
    37  	assert.Equal(t, "default-src 'none'; style-src 'unsafe-inline'; sandbox", resp.Header().Get("Content-Security-Policy"))
    38  	assert.Equal(t, "image/svg+xml", resp.Header().Get("Content-Type"))
    39  	assert.Equal(t, "nosniff", resp.Header().Get("X-Content-Type-Options"))
    40  }
    41  
    42  func TestDownloadByIDMedia(t *testing.T) {
    43  	defer tests.PrepareTestEnv(t)()
    44  
    45  	session := loginUser(t, "user2")
    46  
    47  	// Request raw blob
    48  	req := NewRequest(t, "GET", "/user2/repo1/media/blob/4b4851ad51df6a7d9f25c979345979eaeb5b349f")
    49  	resp := session.MakeRequest(t, req, http.StatusOK)
    50  
    51  	assert.Equal(t, "# repo1\n\nDescription for repo1", resp.Body.String())
    52  }
    53  
    54  func TestDownloadByIDMediaForSVGUsesSecureHeaders(t *testing.T) {
    55  	defer tests.PrepareTestEnv(t)()
    56  
    57  	session := loginUser(t, "user2")
    58  
    59  	// Request raw blob
    60  	req := NewRequest(t, "GET", "/user2/repo2/media/blob/6395b68e1feebb1e4c657b4f9f6ba2676a283c0b")
    61  	resp := session.MakeRequest(t, req, http.StatusOK)
    62  
    63  	assert.Equal(t, "default-src 'none'; style-src 'unsafe-inline'; sandbox", resp.Header().Get("Content-Security-Policy"))
    64  	assert.Equal(t, "image/svg+xml", resp.Header().Get("Content-Type"))
    65  	assert.Equal(t, "nosniff", resp.Header().Get("X-Content-Type-Options"))
    66  }
    67  
    68  func TestDownloadRawTextFileWithoutMimeTypeMapping(t *testing.T) {
    69  	defer tests.PrepareTestEnv(t)()
    70  
    71  	session := loginUser(t, "user2")
    72  
    73  	req := NewRequest(t, "GET", "/user2/repo2/raw/branch/master/test.xml")
    74  	resp := session.MakeRequest(t, req, http.StatusOK)
    75  
    76  	assert.Equal(t, "text/plain; charset=utf-8", resp.Header().Get("Content-Type"))
    77  }
    78  
    79  func TestDownloadRawTextFileWithMimeTypeMapping(t *testing.T) {
    80  	defer tests.PrepareTestEnv(t)()
    81  	setting.MimeTypeMap.Map[".xml"] = "text/xml"
    82  	setting.MimeTypeMap.Enabled = true
    83  
    84  	session := loginUser(t, "user2")
    85  
    86  	req := NewRequest(t, "GET", "/user2/repo2/raw/branch/master/test.xml")
    87  	resp := session.MakeRequest(t, req, http.StatusOK)
    88  
    89  	assert.Equal(t, "text/xml; charset=utf-8", resp.Header().Get("Content-Type"))
    90  
    91  	delete(setting.MimeTypeMap.Map, ".xml")
    92  	setting.MimeTypeMap.Enabled = false
    93  }