Skip to content

Commit efa4c45

Browse files
marcellmarsmarcellmars
committed
make old tests work with granular scopes
- this PR asks for more granular approach to tokens - the good approximate is to look for the route/path and address every subpath (e.g. /user/repos requires both read|write:user AND read|write:repository)
1 parent cc61cc0 commit efa4c45

File tree

10 files changed

+23
-23
lines changed

10 files changed

+23
-23
lines changed

tests/integration/api_admin_org_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ import (
2121
func TestAPIAdminOrgCreate(t *testing.T) {
2222
onGiteaRun(t, func(*testing.T, *url.URL) {
2323
session := loginUser(t, "user1")
24-
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteAdmin)
24+
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteOrganization)
2525

2626
org := api.CreateOrgOption{
2727
UserName: "user2_org",
@@ -56,7 +56,7 @@ func TestAPIAdminOrgCreate(t *testing.T) {
5656
func TestAPIAdminOrgCreateBadVisibility(t *testing.T) {
5757
onGiteaRun(t, func(*testing.T, *url.URL) {
5858
session := loginUser(t, "user1")
59-
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteAdmin)
59+
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteOrganization)
6060

6161
org := api.CreateOrgOption{
6262
UserName: "user2_org",

tests/integration/api_admin_test.go

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {
2828
session := loginUser(t, "user1")
2929
keyOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user2"})
3030

31-
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteAdmin)
31+
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeWriteUser)
3232
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", keyOwner.Name)
3333
req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
3434
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",
@@ -55,7 +55,7 @@ func TestAPIAdminDeleteMissingSSHKey(t *testing.T) {
5555
defer tests.PrepareTestEnv(t)()
5656

5757
// user1 is an admin user
58-
token := getUserToken(t, "user1", auth_model.AccessTokenScopeWriteAdmin)
58+
token := getUserToken(t, "user1", auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeWriteUser)
5959
req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d", unittest.NonexistentID).
6060
AddTokenAuth(token)
6161
MakeRequest(t, req, http.StatusNotFound)
@@ -65,7 +65,7 @@ func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) {
6565
defer tests.PrepareTestEnv(t)()
6666
adminUsername := "user1"
6767
normalUsername := "user2"
68-
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
68+
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeWriteUser)
6969

7070
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", adminUsername)
7171
req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
@@ -111,7 +111,7 @@ func TestAPISudoUserForbidden(t *testing.T) {
111111
func TestAPIListUsers(t *testing.T) {
112112
defer tests.PrepareTestEnv(t)()
113113
adminUsername := "user1"
114-
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeReadAdmin)
114+
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeReadAdmin, auth_model.AccessTokenScopeReadUser)
115115

116116
req := NewRequest(t, "GET", "/api/v1/admin/users").
117117
AddTokenAuth(token)
@@ -148,7 +148,7 @@ func TestAPIListUsersNonAdmin(t *testing.T) {
148148
func TestAPICreateUserInvalidEmail(t *testing.T) {
149149
defer tests.PrepareTestEnv(t)()
150150
adminUsername := "user1"
151-
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
151+
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeReadAdmin, auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeWriteUser)
152152
req := NewRequestWithValues(t, "POST", "/api/v1/admin/users", map[string]string{
153153
"email": "[email protected]\r\n",
154154
"full_name": "invalid user",
@@ -165,7 +165,7 @@ func TestAPICreateUserInvalidEmail(t *testing.T) {
165165
func TestAPICreateAndDeleteUser(t *testing.T) {
166166
defer tests.PrepareTestEnv(t)()
167167
adminUsername := "user1"
168-
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
168+
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeWriteUser)
169169

170170
req := NewRequestWithValues(
171171
t,
@@ -192,7 +192,7 @@ func TestAPICreateAndDeleteUser(t *testing.T) {
192192
func TestAPIEditUser(t *testing.T) {
193193
defer tests.PrepareTestEnv(t)()
194194
adminUsername := "user1"
195-
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
195+
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeReadAdmin, auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeWriteUser)
196196
urlStr := fmt.Sprintf("/api/v1/admin/users/%s", "user2")
197197

198198
fullNameToChange := "Full Name User 2"
@@ -237,7 +237,7 @@ func TestAPIEditUser(t *testing.T) {
237237
func TestAPICreateRepoForUser(t *testing.T) {
238238
defer tests.PrepareTestEnv(t)()
239239
adminUsername := "user1"
240-
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
240+
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteRepository)
241241

242242
req := NewRequestWithJSON(
243243
t,
@@ -253,7 +253,7 @@ func TestAPICreateRepoForUser(t *testing.T) {
253253
func TestAPIRenameUser(t *testing.T) {
254254
defer tests.PrepareTestEnv(t)()
255255
adminUsername := "user1"
256-
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
256+
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeWriteUser)
257257
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/rename", "user2")
258258
req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
259259
// required
@@ -348,7 +348,7 @@ func TestAPICreateUser_NotAllowedEmailDomain(t *testing.T) {
348348
}()
349349

350350
adminUsername := "user1"
351-
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
351+
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeReadAdmin, auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeWriteUser)
352352

353353
req := NewRequestWithValues(t, "POST", "/api/v1/admin/users", map[string]string{
354354
"email": "[email protected]",
@@ -373,7 +373,7 @@ func TestAPIEditUser_NotAllowedEmailDomain(t *testing.T) {
373373
}()
374374

375375
adminUsername := "user1"
376-
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
376+
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeReadAdmin, auth_model.AccessTokenScopeWriteAdmin, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeWriteUser)
377377
urlStr := fmt.Sprintf("/api/v1/admin/users/%s", "user2")
378378

379379
newEmail := "[email protected]"

tests/integration/api_branch_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ func TestAPICreateBranch(t *testing.T) {
111111

112112
func testAPICreateBranches(t *testing.T, giteaURL *url.URL) {
113113
username := "user2"
114-
ctx := NewAPITestContext(t, username, "my-noo-repo", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
114+
ctx := NewAPITestContext(t, username, "my-noo-repo", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeReadUser)
115115
giteaURL.Path = ctx.GitPath()
116116

117117
t.Run("CreateRepo", doAPICreateRepository(ctx, false))
@@ -168,7 +168,7 @@ func testAPICreateBranches(t *testing.T, giteaURL *url.URL) {
168168
}
169169

170170
func testAPICreateBranch(t testing.TB, session *TestSession, user, repo, oldBranch, newBranch string, status int) bool {
171-
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
171+
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository, auth_model.AccessTokenScopeWriteRepository)
172172
req := NewRequestWithJSON(t, "POST", "/api/v1/repos/"+user+"/"+repo+"/branches", &api.CreateBranchRepoOption{
173173
BranchName: newBranch,
174174
OldBranchName: oldBranch,

tests/integration/api_httpsig_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ func TestHTTPSigPubKey(t *testing.T) {
7171
keyID := ssh.FingerprintSHA256(sshSigner.PublicKey())
7272

7373
// create the request
74-
token = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadAdmin)
74+
token = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadAdmin, auth_model.AccessTokenScopeReadUser)
7575
req = NewRequest(t, "GET", "/api/v1/admin/users").
7676
AddTokenAuth(token)
7777

tests/integration/api_org_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ import (
2626

2727
func TestAPIOrgCreate(t *testing.T) {
2828
onGiteaRun(t, func(*testing.T, *url.URL) {
29-
token := getUserToken(t, "user1", auth_model.AccessTokenScopeWriteOrganization)
29+
token := getUserToken(t, "user1", auth_model.AccessTokenScopeWriteOrganization, auth_model.AccessTokenScopeReadRepository)
3030

3131
org := api.CreateOrgOption{
3232
UserName: "user1_org",

tests/integration/api_repo_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -308,7 +308,7 @@ func TestAPIOrgRepos(t *testing.T) {
308308
for userToLogin, expected := range expectedResults {
309309
testName := fmt.Sprintf("LoggedUser%d", userToLogin.ID)
310310
session := loginUser(t, userToLogin.Name)
311-
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)
311+
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadRepository)
312312

313313
t.Run(testName, func(t *testing.T) {
314314
req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", sourceOrg.Name).
@@ -343,7 +343,7 @@ func TestAPIOrgReposWithCodeUnitDisabled(t *testing.T) {
343343
assert.False(t, repo21.UnitEnabled(db.DefaultContext, unit_model.TypeCode))
344344

345345
session := loginUser(t, "user2")
346-
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)
346+
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadRepository)
347347

348348
req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", org3.Name).
349349
AddTokenAuth(token)

tests/integration/api_team_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -303,7 +303,7 @@ func TestAPIGetTeamRepo(t *testing.T) {
303303

304304
var results api.Repository
305305

306-
token := getUserToken(t, user.Name, auth_model.AccessTokenScopeReadOrganization)
306+
token := getUserToken(t, user.Name, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadRepository)
307307
req := NewRequestf(t, "GET", "/api/v1/teams/%d/repos/%s/", team.ID, teamRepo.FullName()).
308308
AddTokenAuth(token)
309309
resp := MakeRequest(t, req, http.StatusOK)

tests/integration/api_user_star_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ func TestAPIStar(t *testing.T) {
2424
repo := "user2/repo1"
2525

2626
session := loginUser(t, user)
27-
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
27+
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadRepository)
2828
tokenWithUserScope := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteRepository)
2929

3030
t.Run("Star", func(t *testing.T) {

tests/integration/api_user_watch_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ func TestAPIWatch(t *testing.T) {
2424
repo := "user2/repo1"
2525

2626
session := loginUser(t, user)
27-
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
27+
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadRepository)
2828
tokenWithRepoScope := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeReadUser)
2929

3030
t.Run("Watch", func(t *testing.T) {

tests/integration/org_count_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ func testOrgCounts(t *testing.T, u *url.URL) {
2626
orgOwner := "user2"
2727
orgName := "testOrg"
2828
orgCollaborator := "user4"
29-
ctx := NewAPITestContext(t, orgOwner, "repo1", auth_model.AccessTokenScopeWriteOrganization)
29+
ctx := NewAPITestContext(t, orgOwner, "repo1", auth_model.AccessTokenScopeWriteOrganization, auth_model.AccessTokenScopeWriteRepository)
3030

3131
var ownerCountRepos map[string]int
3232
var collabCountRepos map[string]int

0 commit comments

Comments
 (0)