summaryrefslogtreecommitdiffstats
path: root/tests/integration/attachment_test.go
diff options
context:
space:
mode:
authorDaniel Baumann <daniel@debian.org>2024-10-18 20:33:49 +0200
committerDaniel Baumann <daniel@debian.org>2024-10-18 20:33:49 +0200
commitdd136858f1ea40ad3c94191d647487fa4f31926c (patch)
tree58fec94a7b2a12510c9664b21793f1ed560c6518 /tests/integration/attachment_test.go
parentInitial commit. (diff)
downloadforgejo-dd136858f1ea40ad3c94191d647487fa4f31926c.tar.xz
forgejo-dd136858f1ea40ad3c94191d647487fa4f31926c.zip
Adding upstream version 9.0.0.
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to '')
-rw-r--r--tests/integration/attachment_test.go138
1 files changed, 138 insertions, 0 deletions
diff --git a/tests/integration/attachment_test.go b/tests/integration/attachment_test.go
new file mode 100644
index 0000000..7cbc254
--- /dev/null
+++ b/tests/integration/attachment_test.go
@@ -0,0 +1,138 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+ "bytes"
+ "image"
+ "image/png"
+ "io"
+ "mime/multipart"
+ "net/http"
+ "strings"
+ "testing"
+
+ repo_model "code.gitea.io/gitea/models/repo"
+ "code.gitea.io/gitea/modules/storage"
+ "code.gitea.io/gitea/modules/test"
+ "code.gitea.io/gitea/tests"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+func generateImg() bytes.Buffer {
+ // Generate image
+ myImage := image.NewRGBA(image.Rect(0, 0, 32, 32))
+ var buff bytes.Buffer
+ png.Encode(&buff, myImage)
+ return buff
+}
+
+func createAttachment(t *testing.T, session *TestSession, repoURL, filename string, buff bytes.Buffer, expectedStatus int) string {
+ body := &bytes.Buffer{}
+
+ // Setup multi-part
+ writer := multipart.NewWriter(body)
+ part, err := writer.CreateFormFile("file", filename)
+ require.NoError(t, err)
+ _, err = io.Copy(part, &buff)
+ require.NoError(t, err)
+ err = writer.Close()
+ require.NoError(t, err)
+
+ csrf := GetCSRF(t, session, repoURL)
+
+ req := NewRequestWithBody(t, "POST", repoURL+"/issues/attachments", body)
+ req.Header.Add("X-Csrf-Token", csrf)
+ req.Header.Add("Content-Type", writer.FormDataContentType())
+ resp := session.MakeRequest(t, req, expectedStatus)
+
+ if expectedStatus != http.StatusOK {
+ return ""
+ }
+ var obj map[string]string
+ DecodeJSON(t, resp, &obj)
+ return obj["uuid"]
+}
+
+func TestCreateAnonymousAttachment(t *testing.T) {
+ defer tests.PrepareTestEnv(t)()
+ session := emptyTestSession(t)
+ // this test is not right because it just doesn't pass the CSRF validation
+ createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusBadRequest)
+}
+
+func TestCreateIssueAttachment(t *testing.T) {
+ defer tests.PrepareTestEnv(t)()
+ const repoURL = "user2/repo1"
+ session := loginUser(t, "user2")
+ uuid := createAttachment(t, session, repoURL, "image.png", generateImg(), http.StatusOK)
+
+ req := NewRequest(t, "GET", repoURL+"/issues/new")
+ resp := session.MakeRequest(t, req, http.StatusOK)
+ htmlDoc := NewHTMLParser(t, resp.Body)
+
+ link, exists := htmlDoc.doc.Find("form#new-issue").Attr("action")
+ assert.True(t, exists, "The template has changed")
+
+ postData := map[string]string{
+ "_csrf": htmlDoc.GetCSRF(),
+ "title": "New Issue With Attachment",
+ "content": "some content",
+ "files": uuid,
+ }
+
+ req = NewRequestWithValues(t, "POST", link, postData)
+ resp = session.MakeRequest(t, req, http.StatusOK)
+ test.RedirectURL(resp) // check that redirect URL exists
+
+ // Validate that attachment is available
+ req = NewRequest(t, "GET", "/attachments/"+uuid)
+ session.MakeRequest(t, req, http.StatusOK)
+
+ // anonymous visit should be allowed because user2/repo1 is a public repository
+ MakeRequest(t, req, http.StatusOK)
+}
+
+func TestGetAttachment(t *testing.T) {
+ defer tests.PrepareTestEnv(t)()
+ adminSession := loginUser(t, "user1")
+ user2Session := loginUser(t, "user2")
+ user8Session := loginUser(t, "user8")
+ emptySession := emptyTestSession(t)
+ testCases := []struct {
+ name string
+ uuid string
+ createFile bool
+ session *TestSession
+ want int
+ }{
+ {"LinkedIssueUUID", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11", true, user2Session, http.StatusOK},
+ {"LinkedCommentUUID", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a17", true, user2Session, http.StatusOK},
+ {"linked_release_uuid", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a19", true, user2Session, http.StatusOK},
+ {"NotExistingUUID", "b0eebc99-9c0b-4ef8-bb6d-6bb9bd380a18", false, user2Session, http.StatusNotFound},
+ {"FileMissing", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a18", false, user2Session, http.StatusInternalServerError},
+ {"NotLinked", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a20", true, user2Session, http.StatusNotFound},
+ {"NotLinkedAccessibleByUploader", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a20", true, user8Session, http.StatusOK},
+ {"PublicByNonLogged", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11", true, emptySession, http.StatusOK},
+ {"PrivateByNonLogged", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, emptySession, http.StatusNotFound},
+ {"PrivateAccessibleByAdmin", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, adminSession, http.StatusOK},
+ {"PrivateAccessibleByUser", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, user2Session, http.StatusOK},
+ {"RepoNotAccessibleByUser", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12", true, user8Session, http.StatusNotFound},
+ {"OrgNotAccessibleByUser", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a21", true, user8Session, http.StatusNotFound},
+ }
+ for _, tc := range testCases {
+ t.Run(tc.name, func(t *testing.T) {
+ // Write empty file to be available for response
+ if tc.createFile {
+ _, err := storage.Attachments.Save(repo_model.AttachmentRelativePath(tc.uuid), strings.NewReader("hello world"), -1)
+ require.NoError(t, err)
+ }
+ // Actual test
+ req := NewRequest(t, "GET", "/attachments/"+tc.uuid)
+ tc.session.MakeRequest(t, req, tc.want)
+ })
+ }
+}