summaryrefslogtreecommitdiffstats
path: root/tests/integration/api_private_serv_test.go
blob: 3339fc4430dcf15a681b6913df9af759af6bfb9c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
// Copyright 2021 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package integration

import (
	"context"
	"net/url"
	"testing"

	asymkey_model "code.gitea.io/gitea/models/asymkey"
	"code.gitea.io/gitea/models/perm"
	"code.gitea.io/gitea/modules/private"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestAPIPrivateNoServ(t *testing.T) {
	onGiteaRun(t, func(*testing.T, *url.URL) {
		ctx, cancel := context.WithCancel(context.Background())
		defer cancel()
		key, user, err := private.ServNoCommand(ctx, 1)
		require.NoError(t, err)
		assert.Equal(t, int64(2), user.ID)
		assert.Equal(t, "user2", user.Name)
		assert.Equal(t, int64(1), key.ID)
		assert.Equal(t, "user2@localhost", key.Name)

		deployKey, err := asymkey_model.AddDeployKey(ctx, 1, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", false)
		require.NoError(t, err)

		key, user, err = private.ServNoCommand(ctx, deployKey.KeyID)
		require.NoError(t, err)
		assert.Empty(t, user)
		assert.Equal(t, deployKey.KeyID, key.ID)
		assert.Equal(t, "test-deploy", key.Name)
	})
}

func TestAPIPrivateServ(t *testing.T) {
	onGiteaRun(t, func(*testing.T, *url.URL) {
		ctx, cancel := context.WithCancel(context.Background())
		defer cancel()

		// Can push to a repo we own
		results, extra := private.ServCommand(ctx, 1, "user2", "repo1", perm.AccessModeWrite, "git-upload-pack", "")
		require.NoError(t, extra.Error)
		assert.False(t, results.IsWiki)
		assert.Zero(t, results.DeployKeyID)
		assert.Equal(t, int64(1), results.KeyID)
		assert.Equal(t, "user2@localhost", results.KeyName)
		assert.Equal(t, "user2", results.UserName)
		assert.Equal(t, int64(2), results.UserID)
		assert.Equal(t, "user2", results.OwnerName)
		assert.Equal(t, "repo1", results.RepoName)
		assert.Equal(t, int64(1), results.RepoID)

		// Cannot push to a private repo we're not associated with
		results, extra = private.ServCommand(ctx, 1, "user15", "big_test_private_1", perm.AccessModeWrite, "git-upload-pack", "")
		require.Error(t, extra.Error)
		assert.Empty(t, results)

		// Cannot pull from a private repo we're not associated with
		results, extra = private.ServCommand(ctx, 1, "user15", "big_test_private_1", perm.AccessModeRead, "git-upload-pack", "")
		require.Error(t, extra.Error)
		assert.Empty(t, results)

		// Can pull from a public repo we're not associated with
		results, extra = private.ServCommand(ctx, 1, "user15", "big_test_public_1", perm.AccessModeRead, "git-upload-pack", "")
		require.NoError(t, extra.Error)
		assert.False(t, results.IsWiki)
		assert.Zero(t, results.DeployKeyID)
		assert.Equal(t, int64(1), results.KeyID)
		assert.Equal(t, "user2@localhost", results.KeyName)
		assert.Equal(t, "user2", results.UserName)
		assert.Equal(t, int64(2), results.UserID)
		assert.Equal(t, "user15", results.OwnerName)
		assert.Equal(t, "big_test_public_1", results.RepoName)
		assert.Equal(t, int64(17), results.RepoID)

		// Cannot push to a public repo we're not associated with
		results, extra = private.ServCommand(ctx, 1, "user15", "big_test_public_1", perm.AccessModeWrite, "git-upload-pack", "")
		require.Error(t, extra.Error)
		assert.Empty(t, results)

		// Add reading deploy key
		deployKey, err := asymkey_model.AddDeployKey(ctx, 19, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", true)
		require.NoError(t, err)

		// Can pull from repo we're a deploy key for
		results, extra = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_1", perm.AccessModeRead, "git-upload-pack", "")
		require.NoError(t, extra.Error)
		assert.False(t, results.IsWiki)
		assert.NotZero(t, results.DeployKeyID)
		assert.Equal(t, deployKey.KeyID, results.KeyID)
		assert.Equal(t, "test-deploy", results.KeyName)
		assert.Equal(t, "user15", results.UserName)
		assert.Equal(t, int64(15), results.UserID)
		assert.Equal(t, "user15", results.OwnerName)
		assert.Equal(t, "big_test_private_1", results.RepoName)
		assert.Equal(t, int64(19), results.RepoID)

		// Cannot push to a private repo with reading key
		results, extra = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_1", perm.AccessModeWrite, "git-upload-pack", "")
		require.Error(t, extra.Error)
		assert.Empty(t, results)

		// Cannot pull from a private repo we're not associated with
		results, extra = private.ServCommand(ctx, deployKey.ID, "user15", "big_test_private_2", perm.AccessModeRead, "git-upload-pack", "")
		require.Error(t, extra.Error)
		assert.Empty(t, results)

		// Cannot pull from a public repo we're not associated with
		results, extra = private.ServCommand(ctx, deployKey.ID, "user15", "big_test_public_1", perm.AccessModeRead, "git-upload-pack", "")
		require.Error(t, extra.Error)
		assert.Empty(t, results)

		// Add writing deploy key
		deployKey, err = asymkey_model.AddDeployKey(ctx, 20, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", false)
		require.NoError(t, err)

		// Cannot push to a private repo with reading key
		results, extra = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_1", perm.AccessModeWrite, "git-upload-pack", "")
		require.Error(t, extra.Error)
		assert.Empty(t, results)

		// Can pull from repo we're a writing deploy key for
		results, extra = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_2", perm.AccessModeRead, "git-upload-pack", "")
		require.NoError(t, extra.Error)
		assert.False(t, results.IsWiki)
		assert.NotZero(t, results.DeployKeyID)
		assert.Equal(t, deployKey.KeyID, results.KeyID)
		assert.Equal(t, "test-deploy", results.KeyName)
		assert.Equal(t, "user15", results.UserName)
		assert.Equal(t, int64(15), results.UserID)
		assert.Equal(t, "user15", results.OwnerName)
		assert.Equal(t, "big_test_private_2", results.RepoName)
		assert.Equal(t, int64(20), results.RepoID)

		// Can push to repo we're a writing deploy key for
		results, extra = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_2", perm.AccessModeWrite, "git-upload-pack", "")
		require.NoError(t, extra.Error)
		assert.False(t, results.IsWiki)
		assert.NotZero(t, results.DeployKeyID)
		assert.Equal(t, deployKey.KeyID, results.KeyID)
		assert.Equal(t, "test-deploy", results.KeyName)
		assert.Equal(t, "user15", results.UserName)
		assert.Equal(t, int64(15), results.UserID)
		assert.Equal(t, "user15", results.OwnerName)
		assert.Equal(t, "big_test_private_2", results.RepoName)
		assert.Equal(t, int64(20), results.RepoID)
	})
}