peezy-tech/jojo
2
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-05-20 01:36:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
jojo/tests/integration/api_fork_test.go
forgejo-backport-action 7677c260cd
Some checks failed
/ release (push) Has been cancelled
Details
testing / backend-checks (push) Has been cancelled
Details
testing / frontend-checks (push) Has been cancelled
Details
testing / test-unit (push) Has been cancelled
Details
testing / test-e2e (push) Has been cancelled
Details
testing / test-remote-cacher (redis) (push) Has been cancelled
Details
testing / test-remote-cacher (valkey) (push) Has been cancelled
Details
testing / test-remote-cacher (garnet) (push) Has been cancelled
Details
testing / test-remote-cacher (redict) (push) Has been cancelled
Details
testing / test-mysql (push) Has been cancelled
Details
testing / test-pgsql (push) Has been cancelled
Details
testing / test-sqlite (push) Has been cancelled
Details
testing / security-check (push) Has been cancelled
Details
[v11.0/forgejo] fix: make the fork API respect CanCreateOrgRepo policy (#12578) 
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12442

When a forking target organization was supplied, the API handler only verified
org membership. This is asymmetric with the rest of the codebase, as
CanCreateOrgRepo is used everywhere else.

Co-authored-by: jvoisin <jvoisin@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12578
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-05-15 07:23:57 +02:00

215 lines
7.3 KiB
Go
Raw Permalink Blame History

// Copyright 2017 The Gogs Authors. All rights reserved.
// Copyright 2024 The Forgejo Authors c/o Codeberg e.V.. All rights reserved.
// SPDX-License-Identifier: MIT
package integration
import (
"fmt"
"net/http"
"testing"
auth_model "forgejo.org/models/auth"
"forgejo.org/models/unittest"
user_model "forgejo.org/models/user"
"forgejo.org/modules/setting"
api "forgejo.org/modules/structs"
"forgejo.org/modules/test"
"forgejo.org/routers"
"forgejo.org/tests"
"github.com/stretchr/testify/assert"
)
func TestAPIForkAsAdminIgnoringLimits(t *testing.T) {
defer tests.PrepareTestEnv(t)()
defer test.MockVariableValue(&setting.Repository.AllowForkWithoutMaximumLimit, false)()
defer test.MockVariableValue(&setting.Repository.MaxCreationLimit, 0)()
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user2"})
userSession := loginUser(t, user.Name)
userToken := getTokenForLoggedInUser(t, userSession, auth_model.AccessTokenScopeWriteRepository)
adminUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{IsAdmin: true})
adminSession := loginUser(t, adminUser.Name)
adminToken := getTokenForLoggedInUser(t, adminSession,
auth_model.AccessTokenScopeWriteRepository,
auth_model.AccessTokenScopeWriteOrganization)
originForkURL := "/api/v1/repos/user12/repo10/forks"
orgName := "fork-org"
// Create an organization
req := NewRequestWithJSON(t, "POST", "/api/v1/orgs", &api.CreateOrgOption{
UserName: orgName,
}).AddTokenAuth(adminToken)
MakeRequest(t, req, http.StatusCreated)
// Create a team
teamToCreate := &api.CreateTeamOption{
Name: "testers",
IncludesAllRepositories: true,
Permission: "write",
Units: []string{"repo.code", "repo.issues"},
CanCreateOrgRepo: true,
}
req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/teams", orgName), &teamToCreate).AddTokenAuth(adminToken)
resp := MakeRequest(t, req, http.StatusCreated)
var team api.Team
DecodeJSON(t, resp, &team)
// Add user2 to the team
req = NewRequestf(t, "PUT", "/api/v1/teams/%d/members/user2", team.ID).AddTokenAuth(adminToken)
MakeRequest(t, req, http.StatusNoContent)
t.Run("forking as regular user", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithJSON(t, "POST", originForkURL, &api.CreateForkOption{
Organization: &orgName,
}).AddTokenAuth(userToken)
MakeRequest(t, req, http.StatusConflict)
})
t.Run("forking as an instance admin", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithJSON(t, "POST", originForkURL, &api.CreateForkOption{
Organization: &orgName,
}).AddTokenAuth(adminToken)
MakeRequest(t, req, http.StatusAccepted)
})
}
func TestCreateForkNoLogin(t *testing.T) {
defer tests.PrepareTestEnv(t)()
req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/forks", &api.CreateForkOption{})
MakeRequest(t, req, http.StatusUnauthorized)
}
func TestAPIForkOrgCanCreateOrgRepoRequired(t *testing.T) {
defer tests.PrepareTestEnv(t)()
// user5 will be the regular org member without repo-creation permission.
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user5"})
userSession := loginUser(t, user.Name)
userToken := getTokenForLoggedInUser(t, userSession,
auth_model.AccessTokenScopeWriteRepository,
auth_model.AccessTokenScopeWriteOrganization)
adminUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{IsAdmin: true})
adminSession := loginUser(t, adminUser.Name)
adminToken := getTokenForLoggedInUser(t, adminSession,
auth_model.AccessTokenScopeWriteRepository,
auth_model.AccessTokenScopeWriteOrganization)
orgName := "fork-cancreaterepo-org"
// Create an organization
req := NewRequestWithJSON(t, "POST", "/api/v1/orgs", &api.CreateOrgOption{
UserName: orgName,
}).AddTokenAuth(adminToken)
MakeRequest(t, req, http.StatusCreated)
// Create a team with CanCreateOrgRepo = false (the default)
req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/teams", orgName), &api.CreateTeamOption{
Name: "no-create-repo",
IncludesAllRepositories: true,
Permission: "write",
Units: []string{"repo.code", "repo.issues"},
// CanCreateOrgRepo is intentionally omitted (defaults to false)
}).AddTokenAuth(adminToken)
resp := MakeRequest(t, req, http.StatusCreated)
var team api.Team
DecodeJSON(t, resp, &team)
assert.False(t, team.CanCreateOrgRepo)
// Add user5 to the team
req = NewRequestf(t, "PUT", "/api/v1/teams/%d/members/%s", team.ID, user.Name).AddTokenAuth(adminToken)
MakeRequest(t, req, http.StatusNoContent)
originForkURL := "/api/v1/repos/user2/repo1/forks"
t.Run("member without CanCreateOrgRepo is rejected", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithJSON(t, "POST", originForkURL, &api.CreateForkOption{
Organization: &orgName,
}).AddTokenAuth(userToken)
resp := MakeRequest(t, req, http.StatusForbidden)
assert.Contains(t, resp.Body.String(), "User is not allowed to create repos in Organisation")
})
t.Run("admin can still fork into the org", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithJSON(t, "POST", originForkURL, &api.CreateForkOption{
Organization: &orgName,
}).AddTokenAuth(adminToken)
MakeRequest(t, req, http.StatusAccepted)
})
}
func TestAPIDisabledForkRepo(t *testing.T) {
defer test.MockVariableValue(&setting.Repository.DisableForks, true)()
defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
defer tests.PrepareTestEnv(t)()
t.Run("fork listing", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1/forks")
MakeRequest(t, req, http.StatusNotFound)
})
t.Run("forking", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
session := loginUser(t, "user5")
token := getTokenForLoggedInUser(t, session)
req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/forks", &api.CreateForkOption{}).AddTokenAuth(token)
session.MakeRequest(t, req, http.StatusNotFound)
})
}
func TestAPIForkListPrivateRepo(t *testing.T) {
defer tests.PrepareTestEnv(t)()
session := loginUser(t, "user5")
token := getTokenForLoggedInUser(t, session,
auth_model.AccessTokenScopeWriteRepository,
auth_model.AccessTokenScopeWriteOrganization)
org23 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 23, Visibility: api.VisibleTypePrivate})
req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/forks", &api.CreateForkOption{
Organization: &org23.Name,
}).AddTokenAuth(token)
MakeRequest(t, req, http.StatusAccepted)
t.Run("Anonymous", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1/forks")
resp := MakeRequest(t, req, http.StatusOK)
var forks []*api.Repository
DecodeJSON(t, resp, &forks)
assert.Empty(t, forks)
assert.EqualValues(t, "0", resp.Header().Get("X-Total-Count"))
})
t.Run("Logged in", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1/forks").AddTokenAuth(token)
resp := MakeRequest(t, req, http.StatusOK)
var forks []*api.Repository
DecodeJSON(t, resp, &forks)
assert.Len(t, forks, 1)
assert.EqualValues(t, "1", resp.Header().Get("X-Total-Count"))
})
}
Reference in a new issue View git blame Copy permalink