forgejo/tests/integration/forgejo_confirmation_repo_test.go

185 lines
6.1 KiB
Go
Raw Permalink Normal View History

[SHARED] make confirmation clearer for dangerous actions [GITEA] Fix cancelled migration deletion modal - https://codeberg.org/forgejo/forgejo/pulls/1473 made that dangerous actions such as deletion also would need to type in the owner's name. This was apparently not reflected to the deletion modal for migrations that failed or were cancelled. (cherry picked from commit c38dbd6f889aeb52745eddb276225acd0153cba6) (cherry picked from commit 7c07592d01b086b612195367c6a13560e5539767) (cherry picked from commit 78637af2b6440ae307de5e21b284c08c02dd4d13) [SHARED] make confirmation clearer for dangerous actions - Currently the confirmation for dangerous actions such as transferring the repository or deleting it only requires the user to ~~copy paste~~ type the repository name. - This can be problematic when the user has a fork or another repository with the same name as an organization's repository, and the confirmation doesn't make clear that it could be deleting the wrong repository. While it's mentioned in the dialog, it's better to be on the safe side and also add the owner's name to be an element that has to be typed for these dangerous actions. - Added integration tests. (cherry picked from commit bf679b24dd23c9ed586b9439e293bbd27cc89232) (cherry picked from commit 1963085dd9d1521b7a4aa8558d409bd1a9f2e1da) (cherry picked from commit fb94095d1992c3e47f03e0fccc98a90707a5271b) (cherry picked from commit e1d1e46afee6891becdb6ccd027fc66843b56db9) (cherry picked from commit 93993029e4ec8a20a8bc38d80bb4b801e52ee1b7) (cherry picked from commit df3b058179d8f3e06cc6fb335b287c72c8952821) (cherry picked from commit 8ccc6b9cba46a736665e4b25523da0baf1679702) (cherry picked from commit 9fbe28fca35e3d02c23521e063679775ec0792f8) (cherry picked from commit 4ef2be6dc705c693735e024b28fd7dac3de39d47) https://codeberg.org/forgejo/forgejo/pulls/1873 Moved test from repo_test.go to forgejo_confirmation_repo_test.go to avoid conflicts. (cherry picked from commit 83cae67aa3fe8f9eb732f86020e58b9ea4d8b5ec) (cherry picked from commit 447009ff568a542985f6b3a9bc7237b9de3e3c54) (cherry picked from commit 72c0a6150aee7c3a965c87e7348faa2b48c520de) (cherry picked from commit 8ee9c070b98f64263d63dfef32d54bdad5f0d266) (cherry picked from commit 89aba06403be898adbfff6b2d7bb01aad239a87c) (cherry picked from commit 798407599f3d77bdd8bad5fa7abba81d417cd916) (cherry picked from commit 41c9a2606bd8d7036e7d54ad7ab35af06ec99a34) (cherry picked from commit a57b214e366435240c4a210115c6a3fda0d37f8b) (cherry picked from commit fd287a91349bc7844544f9b6ff88e46157d3dc80)
2023-11-23 20:24:52 +01:00
// Copyright 2017 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package integration
import (
"net/http"
"net/http/httptest"
"testing"
"code.gitea.io/gitea/modules/translation"
gitea_context "code.gitea.io/gitea/services/context"
[SHARED] make confirmation clearer for dangerous actions [GITEA] Fix cancelled migration deletion modal - https://codeberg.org/forgejo/forgejo/pulls/1473 made that dangerous actions such as deletion also would need to type in the owner's name. This was apparently not reflected to the deletion modal for migrations that failed or were cancelled. (cherry picked from commit c38dbd6f889aeb52745eddb276225acd0153cba6) (cherry picked from commit 7c07592d01b086b612195367c6a13560e5539767) (cherry picked from commit 78637af2b6440ae307de5e21b284c08c02dd4d13) [SHARED] make confirmation clearer for dangerous actions - Currently the confirmation for dangerous actions such as transferring the repository or deleting it only requires the user to ~~copy paste~~ type the repository name. - This can be problematic when the user has a fork or another repository with the same name as an organization's repository, and the confirmation doesn't make clear that it could be deleting the wrong repository. While it's mentioned in the dialog, it's better to be on the safe side and also add the owner's name to be an element that has to be typed for these dangerous actions. - Added integration tests. (cherry picked from commit bf679b24dd23c9ed586b9439e293bbd27cc89232) (cherry picked from commit 1963085dd9d1521b7a4aa8558d409bd1a9f2e1da) (cherry picked from commit fb94095d1992c3e47f03e0fccc98a90707a5271b) (cherry picked from commit e1d1e46afee6891becdb6ccd027fc66843b56db9) (cherry picked from commit 93993029e4ec8a20a8bc38d80bb4b801e52ee1b7) (cherry picked from commit df3b058179d8f3e06cc6fb335b287c72c8952821) (cherry picked from commit 8ccc6b9cba46a736665e4b25523da0baf1679702) (cherry picked from commit 9fbe28fca35e3d02c23521e063679775ec0792f8) (cherry picked from commit 4ef2be6dc705c693735e024b28fd7dac3de39d47) https://codeberg.org/forgejo/forgejo/pulls/1873 Moved test from repo_test.go to forgejo_confirmation_repo_test.go to avoid conflicts. (cherry picked from commit 83cae67aa3fe8f9eb732f86020e58b9ea4d8b5ec) (cherry picked from commit 447009ff568a542985f6b3a9bc7237b9de3e3c54) (cherry picked from commit 72c0a6150aee7c3a965c87e7348faa2b48c520de) (cherry picked from commit 8ee9c070b98f64263d63dfef32d54bdad5f0d266) (cherry picked from commit 89aba06403be898adbfff6b2d7bb01aad239a87c) (cherry picked from commit 798407599f3d77bdd8bad5fa7abba81d417cd916) (cherry picked from commit 41c9a2606bd8d7036e7d54ad7ab35af06ec99a34) (cherry picked from commit a57b214e366435240c4a210115c6a3fda0d37f8b) (cherry picked from commit fd287a91349bc7844544f9b6ff88e46157d3dc80)
2023-11-23 20:24:52 +01:00
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/assert"
)
func TestDangerZoneConfirmation(t *testing.T) {
defer tests.PrepareTestEnv(t)()
mustInvalidRepoName := func(resp *httptest.ResponseRecorder) {
t.Helper()
htmlDoc := NewHTMLParser(t, resp.Body)
assert.Contains(t,
htmlDoc.doc.Find(".ui.negative.message").Text(),
translation.NewLocale("en-US").Tr("form.enterred_invalid_repo_name"),
)
}
t.Run("Transfer ownership", func(t *testing.T) {
session := loginUser(t, "user2")
t.Run("Fail", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "transfer",
"repo_name": "repo1",
"new_owner_name": "user1",
})
resp := session.MakeRequest(t, req, http.StatusOK)
mustInvalidRepoName(resp)
})
t.Run("Pass", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "transfer",
"repo_name": "user2/repo1",
"new_owner_name": "user1",
})
session.MakeRequest(t, req, http.StatusSeeOther)
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
assert.NotNil(t, flashCookie)
assert.EqualValues(t, flashCookie.Value, "success%3DThis%2Brepository%2Bhas%2Bbeen%2Bmarked%2Bfor%2Btransfer%2Band%2Bawaits%2Bconfirmation%2Bfrom%2B%2522User%2BOne%2522")
})
})
t.Run("Convert fork", func(t *testing.T) {
session := loginUser(t, "user20")
t.Run("Fail", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user20/big_test_public_fork_7/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user20/big_test_public_fork_7/settings"),
"action": "convert_fork",
"repo_name": "big_test_public_fork_7",
})
resp := session.MakeRequest(t, req, http.StatusOK)
mustInvalidRepoName(resp)
})
t.Run("Pass", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user20/big_test_public_fork_7/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user20/big_test_public_fork_7/settings"),
"action": "convert_fork",
"repo_name": "user20/big_test_public_fork_7",
})
session.MakeRequest(t, req, http.StatusSeeOther)
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
assert.NotNil(t, flashCookie)
assert.EqualValues(t, flashCookie.Value, "success%3DThe%2Bfork%2Bhas%2Bbeen%2Bconverted%2Binto%2Ba%2Bregular%2Brepository.")
})
})
[GITEA] Allow changing the repo Wiki branch to main Previously, the repo wiki was hardcoded to use `master` as its branch, this change makes it possible to use `main` (or something else, governed by `[repository].DEFAULT_BRANCH`, a setting that already exists and defaults to `main`). The way it is done is that a new column is added to the `repository` table: `wiki_branch`. The migration will make existing repositories default to `master`, for compatibility's sake, even if they don't have a Wiki (because it's easier to do that). Newly created repositories will default to `[repository].DEFAULT_BRANCH` instead. The Wiki service was updated to use the branch name stored in the database, and fall back to the default if it is empty. Old repositories with Wikis using the older `master` branch will have the option to do a one-time transition to `main`, available via the repository settings in the "Danger Zone". This option will only be available for repositories that have the internal wiki enabled, it is not empty, and the wiki branch is not `[repository].DEFAULT_BRANCH`. When migrating a repository with a Wiki, Forgejo will use the same branch name for the wiki as the source repository did. If that's not the same as the default, the option to normalize it will be available after the migration's done. Additionally, the `/api/v1/{owner}/{repo}` endpoint was updated: it will now include the wiki branch name in `GET` requests, and allow changing the wiki branch via `PATCH`. Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu> (cherry picked from commit d87c526d2a313fa45093ab49b78bb30322b33298)
2024-01-30 12:18:53 +01:00
t.Run("Rename wiki branch", func(t *testing.T) {
session := loginUser(t, "user2")
// NOTE: No need to rename the wiki branch here to make the form appear.
// We can submit it anyway, even if it doesn't appear on the web.
t.Run("Fail", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "rename-wiki-branch",
"repo_name": "repo1",
})
resp := session.MakeRequest(t, req, http.StatusOK)
mustInvalidRepoName(resp)
})
t.Run("Pass", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "rename-wiki-branch",
"repo_name": "user2/repo1",
})
session.MakeRequest(t, req, http.StatusSeeOther)
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
assert.NotNil(t, flashCookie)
assert.EqualValues(t, "success%3DThe%2Brepository%2Bwiki%2527s%2Bbranch%2Bname%2Bhas%2Bbeen%2Bsuccessfully%2Bnormalized.", flashCookie.Value)
})
})
[SHARED] make confirmation clearer for dangerous actions [GITEA] Fix cancelled migration deletion modal - https://codeberg.org/forgejo/forgejo/pulls/1473 made that dangerous actions such as deletion also would need to type in the owner's name. This was apparently not reflected to the deletion modal for migrations that failed or were cancelled. (cherry picked from commit c38dbd6f889aeb52745eddb276225acd0153cba6) (cherry picked from commit 7c07592d01b086b612195367c6a13560e5539767) (cherry picked from commit 78637af2b6440ae307de5e21b284c08c02dd4d13) [SHARED] make confirmation clearer for dangerous actions - Currently the confirmation for dangerous actions such as transferring the repository or deleting it only requires the user to ~~copy paste~~ type the repository name. - This can be problematic when the user has a fork or another repository with the same name as an organization's repository, and the confirmation doesn't make clear that it could be deleting the wrong repository. While it's mentioned in the dialog, it's better to be on the safe side and also add the owner's name to be an element that has to be typed for these dangerous actions. - Added integration tests. (cherry picked from commit bf679b24dd23c9ed586b9439e293bbd27cc89232) (cherry picked from commit 1963085dd9d1521b7a4aa8558d409bd1a9f2e1da) (cherry picked from commit fb94095d1992c3e47f03e0fccc98a90707a5271b) (cherry picked from commit e1d1e46afee6891becdb6ccd027fc66843b56db9) (cherry picked from commit 93993029e4ec8a20a8bc38d80bb4b801e52ee1b7) (cherry picked from commit df3b058179d8f3e06cc6fb335b287c72c8952821) (cherry picked from commit 8ccc6b9cba46a736665e4b25523da0baf1679702) (cherry picked from commit 9fbe28fca35e3d02c23521e063679775ec0792f8) (cherry picked from commit 4ef2be6dc705c693735e024b28fd7dac3de39d47) https://codeberg.org/forgejo/forgejo/pulls/1873 Moved test from repo_test.go to forgejo_confirmation_repo_test.go to avoid conflicts. (cherry picked from commit 83cae67aa3fe8f9eb732f86020e58b9ea4d8b5ec) (cherry picked from commit 447009ff568a542985f6b3a9bc7237b9de3e3c54) (cherry picked from commit 72c0a6150aee7c3a965c87e7348faa2b48c520de) (cherry picked from commit 8ee9c070b98f64263d63dfef32d54bdad5f0d266) (cherry picked from commit 89aba06403be898adbfff6b2d7bb01aad239a87c) (cherry picked from commit 798407599f3d77bdd8bad5fa7abba81d417cd916) (cherry picked from commit 41c9a2606bd8d7036e7d54ad7ab35af06ec99a34) (cherry picked from commit a57b214e366435240c4a210115c6a3fda0d37f8b) (cherry picked from commit fd287a91349bc7844544f9b6ff88e46157d3dc80)
2023-11-23 20:24:52 +01:00
t.Run("Delete wiki", func(t *testing.T) {
session := loginUser(t, "user2")
t.Run("Fail", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "delete-wiki",
"repo_name": "repo1",
})
resp := session.MakeRequest(t, req, http.StatusOK)
mustInvalidRepoName(resp)
})
t.Run("Pass", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "delete-wiki",
"repo_name": "user2/repo1",
})
session.MakeRequest(t, req, http.StatusSeeOther)
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
assert.NotNil(t, flashCookie)
assert.EqualValues(t, flashCookie.Value, "success%3DThe%2Brepository%2Bwiki%2Bdata%2Bhas%2Bbeen%2Bdeleted.")
})
})
t.Run("Delete", func(t *testing.T) {
session := loginUser(t, "user2")
t.Run("Fail", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "delete",
"repo_name": "repo1",
})
resp := session.MakeRequest(t, req, http.StatusOK)
mustInvalidRepoName(resp)
})
t.Run("Pass", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "delete",
"repo_name": "user2/repo1",
})
session.MakeRequest(t, req, http.StatusSeeOther)
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
assert.NotNil(t, flashCookie)
assert.EqualValues(t, flashCookie.Value, "success%3DThe%2Brepository%2Bhas%2Bbeen%2Bdeleted.")
})
})
}