forgejo/modules/context
Earl Warren 9d1bf7be15
[GITEA] API commentAssignment() to verify the id belongs
Instead of repeating the tests that verify the ID of a comment
is related to the repository of the API endpoint, add the middleware
function commentAssignment() to assign ctx.Comment if the ID of the
comment is verified to be related to the repository.

There already are integration tests for cases of potential unrelated
comment IDs that cover some of the modified endpoints which covers the
commentAssignment() function logic.

* TestAPICommentReactions - GetIssueCommentReactions
* TestAPICommentReactions - PostIssueCommentReaction
* TestAPICommentReactions - DeleteIssueCommentReaction
* TestAPIEditComment - EditIssueComment
* TestAPIDeleteComment - DeleteIssueComment
* TestAPIGetCommentAttachment - GetIssueCommentAttachment

The other modified endpoints do not have tests to verify cases of
potential unrelated comment IDs. They no longer need to because they
no longer implement the logic to enforce this. They however all have
integration tests that verify the commentAssignment() they now rely on
does not introduce a regression.

* TestAPIGetComment - GetIssueComment
* TestAPIListCommentAttachments - ListIssueCommentAttachments
* TestAPICreateCommentAttachment - CreateIssueCommentAttachment
* TestAPIEditCommentAttachment - EditIssueCommentAttachment
* TestAPIDeleteCommentAttachment - DeleteIssueCommentAttachment

(cherry picked from commit d414376d74)
(cherry picked from commit 09db07aeae)
(cherry picked from commit f44830c3cb)

Conflicts:
	modules/context/api.go
	https://codeberg.org/forgejo/forgejo/pulls/2249
2024-01-28 11:01:04 +01:00
..
access_log.go Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
api.go [GITEA] API commentAssignment() to verify the id belongs 2024-01-28 11:01:04 +01:00
api_org.go
api_test.go
base.go Introduce ctx.PathParamRaw to avoid incorrect unescaping (#26392) 2023-08-09 14:57:45 +08:00
captcha.go Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
context.go Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
context_cookie.go [SECURITY] Rework long-term authentication 2024-01-28 08:19:26 +01:00
context_model.go
context_request.go Decouple the different contexts from each other (#24786) 2023-05-21 09:50:53 +08:00
context_response.go Start using template context function (#26254) 2023-08-08 01:22:47 +00:00
context_template.go Start using template context function (#26254) 2023-08-08 01:22:47 +00:00
context_test.go Use standard HTTP library to serve files (#24693) 2023-05-13 16:04:57 +02:00
csrf.go
org.go Even more db.DefaultContext refactor (#27352) 2023-10-03 10:30:41 +00:00
package.go Prevent anonymous container access if RequireSignInView is enabled (#28877) 2024-01-21 16:31:29 +00:00
pagination.go Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
permission.go Add context parameter to some database functions (#26055) 2023-07-22 22:14:27 +08:00
private.go Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
repo.go Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
response.go Refactor web package and context package (#25298) 2023-06-18 09:59:09 +02:00
utils.go Avoid double-unescaping of form value (#26853) 2023-09-01 12:01:36 +00:00
xsrf.go
xsrf_test.go