forgejo/tests/integration/pull_create_test.go

407 lines
15 KiB
Go
Raw Normal View History

// Copyright 2017 The Gitea Authors. All rights reserved.
// Copyright 2024 The Forgejo Authors c/o Codeberg e.V.. All rights reserved.
// SPDX-License-Identifier: MIT
package integration
import (
[SHARED] make confirmation clearer for dangerous actions [GITEA] Fix cancelled migration deletion modal - https://codeberg.org/forgejo/forgejo/pulls/1473 made that dangerous actions such as deletion also would need to type in the owner's name. This was apparently not reflected to the deletion modal for migrations that failed or were cancelled. (cherry picked from commit c38dbd6f889aeb52745eddb276225acd0153cba6) (cherry picked from commit 7c07592d01b086b612195367c6a13560e5539767) (cherry picked from commit 78637af2b6440ae307de5e21b284c08c02dd4d13) [SHARED] make confirmation clearer for dangerous actions - Currently the confirmation for dangerous actions such as transferring the repository or deleting it only requires the user to ~~copy paste~~ type the repository name. - This can be problematic when the user has a fork or another repository with the same name as an organization's repository, and the confirmation doesn't make clear that it could be deleting the wrong repository. While it's mentioned in the dialog, it's better to be on the safe side and also add the owner's name to be an element that has to be typed for these dangerous actions. - Added integration tests. (cherry picked from commit bf679b24dd23c9ed586b9439e293bbd27cc89232) (cherry picked from commit 1963085dd9d1521b7a4aa8558d409bd1a9f2e1da) (cherry picked from commit fb94095d1992c3e47f03e0fccc98a90707a5271b) (cherry picked from commit e1d1e46afee6891becdb6ccd027fc66843b56db9) (cherry picked from commit 93993029e4ec8a20a8bc38d80bb4b801e52ee1b7) (cherry picked from commit df3b058179d8f3e06cc6fb335b287c72c8952821) (cherry picked from commit 8ccc6b9cba46a736665e4b25523da0baf1679702) (cherry picked from commit 9fbe28fca35e3d02c23521e063679775ec0792f8) (cherry picked from commit 4ef2be6dc705c693735e024b28fd7dac3de39d47) https://codeberg.org/forgejo/forgejo/pulls/1873 Moved test from repo_test.go to forgejo_confirmation_repo_test.go to avoid conflicts. (cherry picked from commit 83cae67aa3fe8f9eb732f86020e58b9ea4d8b5ec) (cherry picked from commit 447009ff568a542985f6b3a9bc7237b9de3e3c54) (cherry picked from commit 72c0a6150aee7c3a965c87e7348faa2b48c520de) (cherry picked from commit 8ee9c070b98f64263d63dfef32d54bdad5f0d266) (cherry picked from commit 89aba06403be898adbfff6b2d7bb01aad239a87c) (cherry picked from commit 798407599f3d77bdd8bad5fa7abba81d417cd916) (cherry picked from commit 41c9a2606bd8d7036e7d54ad7ab35af06ec99a34) (cherry picked from commit a57b214e366435240c4a210115c6a3fda0d37f8b) (cherry picked from commit fd287a91349bc7844544f9b6ff88e46157d3dc80)
2023-11-23 20:24:52 +01:00
"fmt"
"net/http"
"net/http/httptest"
2019-05-11 17:29:17 +02:00
"net/url"
"path"
"strings"
"testing"
"code.gitea.io/gitea/models/db"
repo_model "code.gitea.io/gitea/models/repo"
unit_model "code.gitea.io/gitea/models/unit"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/graceful"
"code.gitea.io/gitea/modules/test"
repo_service "code.gitea.io/gitea/services/repository"
files_service "code.gitea.io/gitea/services/repository/files"
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/assert"
)
func testPullCreate(t *testing.T, session *TestSession, user, repo string, toSelf bool, targetBranch, sourceBranch, title string) *httptest.ResponseRecorder {
req := NewRequest(t, "GET", path.Join(user, repo))
resp := session.MakeRequest(t, req, http.StatusOK)
// Click the PR button to create a pull
htmlDoc := NewHTMLParser(t, resp.Body)
2023-04-26 04:53:44 +02:00
link, exists := htmlDoc.doc.Find("#new-pull-request").Attr("href")
assert.True(t, exists, "The template has changed")
targetUser := strings.Split(link, "/")[1]
if toSelf && targetUser != user {
link = strings.Replace(link, targetUser, user, 1)
}
if targetBranch != "master" {
link = strings.Replace(link, "master...", targetBranch+"...", 1)
}
if sourceBranch != "master" {
if targetUser == user {
link = strings.Replace(link, "...master", "..."+sourceBranch, 1)
} else {
link = strings.Replace(link, ":master", ":"+sourceBranch, 1)
}
}
req = NewRequest(t, "GET", link)
resp = session.MakeRequest(t, req, http.StatusOK)
// Submit the form for creating the pull
htmlDoc = NewHTMLParser(t, resp.Body)
link, exists = htmlDoc.doc.Find("form.ui.form").Attr("action")
assert.True(t, exists, "The template has changed")
req = NewRequestWithValues(t, "POST", link, map[string]string{
"_csrf": htmlDoc.GetCSRF(),
"title": title,
})
resp = session.MakeRequest(t, req, http.StatusOK)
return resp
}
func TestPullCreate(t *testing.T) {
2019-05-11 17:29:17 +02:00
onGiteaRun(t, func(t *testing.T, u *url.URL) {
session := loginUser(t, "user1")
testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n")
resp := testPullCreate(t, session, "user1", "repo1", false, "master", "master", "This is a pull title")
2019-05-11 17:29:17 +02:00
// check the redirected URL
url := test.RedirectURL(resp)
2019-05-11 17:29:17 +02:00
assert.Regexp(t, "^/user2/repo1/pulls/[0-9]*$", url)
// check .diff can be accessed and matches performed change
req := NewRequest(t, "GET", url+".diff")
resp = session.MakeRequest(t, req, http.StatusOK)
assert.Regexp(t, `\+Hello, World \(Edited\)`, resp.Body)
assert.Regexp(t, "^diff", resp.Body)
assert.NotRegexp(t, "diff.*diff", resp.Body) // not two diffs, just one
// check .patch can be accessed and matches performed change
req = NewRequest(t, "GET", url+".patch")
resp = session.MakeRequest(t, req, http.StatusOK)
assert.Regexp(t, `\+Hello, World \(Edited\)`, resp.Body)
assert.Regexp(t, "diff", resp.Body)
assert.Regexp(t, `Subject: \[PATCH\] Update README.md`, resp.Body)
2019-05-11 17:29:17 +02:00
assert.NotRegexp(t, "diff.*diff", resp.Body) // not two diffs, just one
})
}
func TestPullCreate_TitleEscape(t *testing.T) {
2019-05-11 17:29:17 +02:00
onGiteaRun(t, func(t *testing.T, u *url.URL) {
session := loginUser(t, "user1")
testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n")
resp := testPullCreate(t, session, "user1", "repo1", false, "master", "master", "<i>XSS PR</i>")
2019-05-11 17:29:17 +02:00
// check the redirected URL
url := test.RedirectURL(resp)
2019-05-11 17:29:17 +02:00
assert.Regexp(t, "^/user2/repo1/pulls/[0-9]*$", url)
// Edit title
req := NewRequest(t, "GET", url)
resp = session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
editTestTitleURL, exists := htmlDoc.doc.Find("#save-edit-title").First().Attr("data-update-url")
assert.True(t, exists, "The template has changed")
req = NewRequestWithValues(t, "POST", editTestTitleURL, map[string]string{
"_csrf": htmlDoc.GetCSRF(),
"title": "<u>XSS PR</u>",
})
session.MakeRequest(t, req, http.StatusOK)
req = NewRequest(t, "GET", url)
resp = session.MakeRequest(t, req, http.StatusOK)
htmlDoc = NewHTMLParser(t, resp.Body)
titleHTML, err := htmlDoc.doc.Find(".comment-list .timeline-item.event .text b").First().Html()
2019-05-11 17:29:17 +02:00
assert.NoError(t, err)
assert.Equal(t, "<strike>&lt;i&gt;XSS PR&lt;/i&gt;</strike>", titleHTML)
titleHTML, err = htmlDoc.doc.Find(".comment-list .timeline-item.event .text b").Next().Html()
2019-05-11 17:29:17 +02:00
assert.NoError(t, err)
assert.Equal(t, "&lt;u&gt;XSS PR&lt;/u&gt;", titleHTML)
})
}
func testUIDeleteBranch(t *testing.T, session *TestSession, ownerName, repoName, branchName string) {
relURL := "/" + path.Join(ownerName, repoName, "branches")
req := NewRequest(t, "GET", relURL)
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
req = NewRequestWithValues(t, "POST", relURL+"/delete", map[string]string{
"_csrf": htmlDoc.GetCSRF(),
"name": branchName,
})
session.MakeRequest(t, req, http.StatusOK)
}
func testDeleteRepository(t *testing.T, session *TestSession, ownerName, repoName string) {
relURL := "/" + path.Join(ownerName, repoName, "settings")
req := NewRequest(t, "GET", relURL)
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
req = NewRequestWithValues(t, "POST", relURL+"?action=delete", map[string]string{
"_csrf": htmlDoc.GetCSRF(),
[SHARED] make confirmation clearer for dangerous actions [GITEA] Fix cancelled migration deletion modal - https://codeberg.org/forgejo/forgejo/pulls/1473 made that dangerous actions such as deletion also would need to type in the owner's name. This was apparently not reflected to the deletion modal for migrations that failed or were cancelled. (cherry picked from commit c38dbd6f889aeb52745eddb276225acd0153cba6) (cherry picked from commit 7c07592d01b086b612195367c6a13560e5539767) (cherry picked from commit 78637af2b6440ae307de5e21b284c08c02dd4d13) [SHARED] make confirmation clearer for dangerous actions - Currently the confirmation for dangerous actions such as transferring the repository or deleting it only requires the user to ~~copy paste~~ type the repository name. - This can be problematic when the user has a fork or another repository with the same name as an organization's repository, and the confirmation doesn't make clear that it could be deleting the wrong repository. While it's mentioned in the dialog, it's better to be on the safe side and also add the owner's name to be an element that has to be typed for these dangerous actions. - Added integration tests. (cherry picked from commit bf679b24dd23c9ed586b9439e293bbd27cc89232) (cherry picked from commit 1963085dd9d1521b7a4aa8558d409bd1a9f2e1da) (cherry picked from commit fb94095d1992c3e47f03e0fccc98a90707a5271b) (cherry picked from commit e1d1e46afee6891becdb6ccd027fc66843b56db9) (cherry picked from commit 93993029e4ec8a20a8bc38d80bb4b801e52ee1b7) (cherry picked from commit df3b058179d8f3e06cc6fb335b287c72c8952821) (cherry picked from commit 8ccc6b9cba46a736665e4b25523da0baf1679702) (cherry picked from commit 9fbe28fca35e3d02c23521e063679775ec0792f8) (cherry picked from commit 4ef2be6dc705c693735e024b28fd7dac3de39d47) https://codeberg.org/forgejo/forgejo/pulls/1873 Moved test from repo_test.go to forgejo_confirmation_repo_test.go to avoid conflicts. (cherry picked from commit 83cae67aa3fe8f9eb732f86020e58b9ea4d8b5ec) (cherry picked from commit 447009ff568a542985f6b3a9bc7237b9de3e3c54) (cherry picked from commit 72c0a6150aee7c3a965c87e7348faa2b48c520de) (cherry picked from commit 8ee9c070b98f64263d63dfef32d54bdad5f0d266) (cherry picked from commit 89aba06403be898adbfff6b2d7bb01aad239a87c) (cherry picked from commit 798407599f3d77bdd8bad5fa7abba81d417cd916) (cherry picked from commit 41c9a2606bd8d7036e7d54ad7ab35af06ec99a34) (cherry picked from commit a57b214e366435240c4a210115c6a3fda0d37f8b) (cherry picked from commit fd287a91349bc7844544f9b6ff88e46157d3dc80)
2023-11-23 20:24:52 +01:00
"repo_name": fmt.Sprintf("%s/%s", ownerName, repoName),
})
session.MakeRequest(t, req, http.StatusSeeOther)
}
func TestPullBranchDelete(t *testing.T) {
onGiteaRun(t, func(t *testing.T, u *url.URL) {
defer tests.PrepareTestEnv(t)()
session := loginUser(t, "user1")
testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
testCreateBranch(t, session, "user1", "repo1", "branch/master", "master1", http.StatusSeeOther)
testEditFile(t, session, "user1", "repo1", "master1", "README.md", "Hello, World (Edited)\n")
resp := testPullCreate(t, session, "user1", "repo1", false, "master", "master1", "This is a pull title")
// check the redirected URL
url := test.RedirectURL(resp)
assert.Regexp(t, "^/user2/repo1/pulls/[0-9]*$", url)
req := NewRequest(t, "GET", url)
session.MakeRequest(t, req, http.StatusOK)
// delete head branch and confirm pull page is ok
testUIDeleteBranch(t, session, "user1", "repo1", "master1")
req = NewRequest(t, "GET", url)
session.MakeRequest(t, req, http.StatusOK)
// delete head repository and confirm pull page is ok
testDeleteRepository(t, session, "user1", "repo1")
req = NewRequest(t, "GET", url)
session.MakeRequest(t, req, http.StatusOK)
})
}
func TestRecentlyPushed(t *testing.T) {
onGiteaRun(t, func(t *testing.T, u *url.URL) {
session := loginUser(t, "user1")
testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
testCreateBranch(t, session, "user1", "repo1", "branch/master", "recent-push", http.StatusSeeOther)
testEditFile(t, session, "user1", "repo1", "recent-push", "README.md", "Hello recently!\n")
testCreateBranch(t, session, "user2", "repo1", "branch/master", "recent-push-base", http.StatusSeeOther)
testEditFile(t, session, "user2", "repo1", "recent-push-base", "README.md", "Hello, recently, from base!\n")
baseRepo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, "user2", "repo1")
assert.NoError(t, err)
repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, "user1", "repo1")
assert.NoError(t, err)
enablePRs := func(t *testing.T, repo *repo_model.Repository) {
t.Helper()
err := repo_service.UpdateRepositoryUnits(db.DefaultContext, repo,
[]repo_model.RepoUnit{{
RepoID: repo.ID,
Type: unit_model.TypePullRequests,
}},
nil)
assert.NoError(t, err)
}
disablePRs := func(t *testing.T, repo *repo_model.Repository) {
t.Helper()
err := repo_service.UpdateRepositoryUnits(db.DefaultContext, repo, nil,
[]unit_model.Type{unit_model.TypePullRequests})
assert.NoError(t, err)
}
testBanner := func(t *testing.T) {
t.Helper()
req := NewRequest(t, "GET", "/user1/repo1")
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
message := strings.TrimSpace(htmlDoc.Find(".ui.message").Text())
link, _ := htmlDoc.Find(".ui.message a").Attr("href")
expectedMessage := "You pushed on branch recent-push"
assert.Contains(t, message, expectedMessage)
assert.Equal(t, "/user1/repo1/src/branch/recent-push", link)
}
// Test that there's a recently pushed branches banner, and it contains
// a link to the branch.
t.Run("recently-pushed-banner", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
testBanner(t)
})
// Test that it is still there if the fork has PRs disabled, but the
// base repo still has them enabled.
t.Run("with-fork-prs-disabled", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
defer func() {
enablePRs(t, repo)
}()
disablePRs(t, repo)
testBanner(t)
})
// Test that it is still there if the fork has PRs enabled, but the base
// repo does not.
t.Run("with-base-prs-disabled", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
defer func() {
enablePRs(t, baseRepo)
}()
disablePRs(t, baseRepo)
testBanner(t)
})
// Test that the banner is not present if both the base and current
// repo have PRs disabled.
t.Run("with-prs-disabled", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
defer func() {
enablePRs(t, baseRepo)
enablePRs(t, repo)
}()
disablePRs(t, repo)
disablePRs(t, baseRepo)
req := NewRequest(t, "GET", "/user1/repo1")
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
htmlDoc.AssertElement(t, ".ui.message", false)
})
// Test that visiting the base repo has the banner too, and includes
// recent push notifications from both the fork, and the base repo.
t.Run("on the base repo", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
// Count recently pushed branches on the fork
req := NewRequest(t, "GET", "/user1/repo1")
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
htmlDoc.AssertElement(t, ".ui.message", true)
// Count recently pushed branches on the base repo
req = NewRequest(t, "GET", "/user2/repo1")
resp = session.MakeRequest(t, req, http.StatusOK)
htmlDoc = NewHTMLParser(t, resp.Body)
messageCountOnBase := htmlDoc.Find(".ui.message").Length()
// We have two messages on the base: one from the fork, one on the
// base itself.
assert.Equal(t, 2, messageCountOnBase)
})
// Test that the banner's links point to the right repos
t.Run("link validity", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
// We're testing against the origin repo, because that has both
// local branches, and another from a fork, so we can test both in
// one test!
req := NewRequest(t, "GET", "/user2/repo1")
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
messages := htmlDoc.Find(".ui.message")
prButtons := messages.Find("a[role='button']")
branchLinks := messages.Find("a[href*='/src/branch/']")
// ** base repo tests **
basePRLink, _ := prButtons.First().Attr("href")
baseBranchLink, _ := branchLinks.First().Attr("href")
baseBranchName := branchLinks.First().Text()
// branch in the same repo does not have a `user/repo:` qualifier.
assert.Equal(t, "recent-push-base", baseBranchName)
// branch link points to the same repo
assert.Equal(t, "/user2/repo1/src/branch/recent-push-base", baseBranchLink)
// PR link compares against the correct rep, and unqualified branch name
assert.Equal(t, "/user2/repo1/compare/master...recent-push-base", basePRLink)
// ** forked repo tests **
forkPRLink, _ := prButtons.Last().Attr("href")
forkBranchLink, _ := branchLinks.Last().Attr("href")
forkBranchName := branchLinks.Last().Text()
// branch in the forked repo has a `user/repo:` qualifier.
assert.Equal(t, "user1/repo1:recent-push", forkBranchName)
// branch link points to the forked repo
assert.Equal(t, "/user1/repo1/src/branch/recent-push", forkBranchLink)
// PR link compares against the correct rep, and qualified branch name
assert.Equal(t, "/user2/repo1/compare/master...user1/repo1:recent-push", forkPRLink)
})
t.Run("unrelated branches are not shown", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
adminUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{IsAdmin: true})
// Create a new branch with no relation to the default branch.
// 1. Create a new Tree object
cmd := git.NewCommand(db.DefaultContext, "write-tree")
treeID, _, gitErr := cmd.RunStdString(&git.RunOpts{Dir: repo.RepoPath()})
assert.NoError(t, gitErr)
treeID = strings.TrimSpace(treeID)
// 2. Create a new (empty) commit
cmd = git.NewCommand(db.DefaultContext, "commit-tree", "-m", "Initial orphan commit").AddDynamicArguments(treeID)
commitID, _, gitErr := cmd.RunStdString(&git.RunOpts{Dir: repo.RepoPath()})
assert.NoError(t, gitErr)
commitID = strings.TrimSpace(commitID)
// 3. Create a new ref pointing to the orphaned commit
cmd = git.NewCommand(db.DefaultContext, "update-ref", "refs/heads/orphan1").AddDynamicArguments(commitID)
_, _, gitErr = cmd.RunStdString(&git.RunOpts{Dir: repo.RepoPath()})
assert.NoError(t, gitErr)
// 4. Sync the git repo to the database
syncErr := repo_service.AddAllRepoBranchesToSyncQueue(graceful.GetManager().ShutdownContext(), adminUser.ID)
assert.NoError(t, syncErr)
// 5. Add a fresh commit, so that FindRecentlyPushedBranches has
// something to find.
owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})
changeResp, err := files_service.ChangeRepoFiles(git.DefaultContext, repo, owner,
&files_service.ChangeRepoFilesOptions{
Files: []*files_service.ChangeRepoFile{
{
Operation: "create",
TreePath: "README.md",
ContentReader: strings.NewReader("a readme file"),
},
},
Message: "Add README.md",
OldBranch: "orphan1",
NewBranch: "orphan1",
})
assert.NoError(t, err)
assert.NotEmpty(t, changeResp)
// Check that we only have 1 message on the main repo, the orphaned
// one is not shown.
req := NewRequest(t, "GET", "/user1/repo1")
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
htmlDoc.AssertElement(t, ".ui.message", true)
link, _ := htmlDoc.Find(".ui.message a[href*='/src/branch/']").Attr("href")
assert.Equal(t, "/user1/repo1/src/branch/recent-push", link)
})
})
}