Skip to content

Commit 732f1f3

Browse files
kdumontnusilverwind
kdumontnu
authored and
silverwind
committed
Disable query token param in integration tests (go-gitea#28592)
Follow up to go-gitea#28484, this PR enables the setting for integration tests and migrates a few additional test queries.
1 parent d6d2089 commit 732f1f3

8 files changed

+45
-52
lines changed

tests/integration/api_issue_test.go

+27-28
Original file line numberDiff line numberDiff line change
@@ -216,20 +216,19 @@ func TestAPIEditIssue(t *testing.T) {
216216
func TestAPISearchIssues(t *testing.T) {
217217
defer tests.PrepareTestEnv(t)()
218218

219-
token := getUserToken(t, "user2", auth_model.AccessTokenScopeReadIssue)
220-
221219
// as this API was used in the frontend, it uses UI page size
222220
expectedIssueCount := 18 // from the fixtures
223221
if expectedIssueCount > setting.UI.IssuePagingNum {
224222
expectedIssueCount = setting.UI.IssuePagingNum
225223
}
226224

227225
link, _ := url.Parse("/api/v1/repos/issues/search")
228-
query := url.Values{"token": {getUserToken(t, "user1", auth_model.AccessTokenScopeReadIssue)}}
226+
token := getUserToken(t, "user1", auth_model.AccessTokenScopeReadIssue)
227+
query := url.Values{}
229228
var apiIssues []*api.Issue
230229

231230
link.RawQuery = query.Encode()
232-
req := NewRequest(t, "GET", link.String())
231+
req := NewRequest(t, "GET", link.String()).AddTokenAuth(token)
233232
resp := MakeRequest(t, req, http.StatusOK)
234233
DecodeJSON(t, resp, &apiIssues)
235234
assert.Len(t, apiIssues, expectedIssueCount)
@@ -238,9 +237,8 @@ func TestAPISearchIssues(t *testing.T) {
238237
before := time.Unix(999307200, 0).Format(time.RFC3339)
239238
query.Add("since", since)
240239
query.Add("before", before)
241-
query.Add("token", token)
242240
link.RawQuery = query.Encode()
243-
req = NewRequest(t, "GET", link.String())
241+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
244242
resp = MakeRequest(t, req, http.StatusOK)
245243
DecodeJSON(t, resp, &apiIssues)
246244
assert.Len(t, apiIssues, 11)
@@ -249,65 +247,65 @@ func TestAPISearchIssues(t *testing.T) {
249247

250248
query.Add("state", "closed")
251249
link.RawQuery = query.Encode()
252-
req = NewRequest(t, "GET", link.String())
250+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
253251
resp = MakeRequest(t, req, http.StatusOK)
254252
DecodeJSON(t, resp, &apiIssues)
255253
assert.Len(t, apiIssues, 2)
256254

257255
query.Set("state", "all")
258256
link.RawQuery = query.Encode()
259-
req = NewRequest(t, "GET", link.String())
257+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
260258
resp = MakeRequest(t, req, http.StatusOK)
261259
DecodeJSON(t, resp, &apiIssues)
262260
assert.EqualValues(t, "20", resp.Header().Get("X-Total-Count"))
263261
assert.Len(t, apiIssues, 20)
264262

265263
query.Add("limit", "10")
266264
link.RawQuery = query.Encode()
267-
req = NewRequest(t, "GET", link.String())
265+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
268266
resp = MakeRequest(t, req, http.StatusOK)
269267
DecodeJSON(t, resp, &apiIssues)
270268
assert.EqualValues(t, "20", resp.Header().Get("X-Total-Count"))
271269
assert.Len(t, apiIssues, 10)
272270

273-
query = url.Values{"assigned": {"true"}, "state": {"all"}, "token": {token}}
271+
query = url.Values{"assigned": {"true"}, "state": {"all"}}
274272
link.RawQuery = query.Encode()
275-
req = NewRequest(t, "GET", link.String())
273+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
276274
resp = MakeRequest(t, req, http.StatusOK)
277275
DecodeJSON(t, resp, &apiIssues)
278276
assert.Len(t, apiIssues, 2)
279277

280-
query = url.Values{"milestones": {"milestone1"}, "state": {"all"}, "token": {token}}
278+
query = url.Values{"milestones": {"milestone1"}, "state": {"all"}}
281279
link.RawQuery = query.Encode()
282-
req = NewRequest(t, "GET", link.String())
280+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
283281
resp = MakeRequest(t, req, http.StatusOK)
284282
DecodeJSON(t, resp, &apiIssues)
285283
assert.Len(t, apiIssues, 1)
286284

287-
query = url.Values{"milestones": {"milestone1,milestone3"}, "state": {"all"}, "token": {token}}
285+
query = url.Values{"milestones": {"milestone1,milestone3"}, "state": {"all"}}
288286
link.RawQuery = query.Encode()
289-
req = NewRequest(t, "GET", link.String())
287+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
290288
resp = MakeRequest(t, req, http.StatusOK)
291289
DecodeJSON(t, resp, &apiIssues)
292290
assert.Len(t, apiIssues, 2)
293291

294-
query = url.Values{"owner": {"user2"}, "token": {token}} // user
292+
query = url.Values{"owner": {"user2"}} // user
295293
link.RawQuery = query.Encode()
296-
req = NewRequest(t, "GET", link.String())
294+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
297295
resp = MakeRequest(t, req, http.StatusOK)
298296
DecodeJSON(t, resp, &apiIssues)
299297
assert.Len(t, apiIssues, 8)
300298

301-
query = url.Values{"owner": {"org3"}, "token": {token}} // organization
299+
query = url.Values{"owner": {"org3"}} // organization
302300
link.RawQuery = query.Encode()
303-
req = NewRequest(t, "GET", link.String())
301+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
304302
resp = MakeRequest(t, req, http.StatusOK)
305303
DecodeJSON(t, resp, &apiIssues)
306304
assert.Len(t, apiIssues, 5)
307305

308-
query = url.Values{"owner": {"org3"}, "team": {"team1"}, "token": {token}} // organization + team
306+
query = url.Values{"owner": {"org3"}, "team": {"team1"}} // organization + team
309307
link.RawQuery = query.Encode()
310-
req = NewRequest(t, "GET", link.String())
308+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
311309
resp = MakeRequest(t, req, http.StatusOK)
312310
DecodeJSON(t, resp, &apiIssues)
313311
assert.Len(t, apiIssues, 2)
@@ -323,34 +321,35 @@ func TestAPISearchIssuesWithLabels(t *testing.T) {
323321
}
324322

325323
link, _ := url.Parse("/api/v1/repos/issues/search")
326-
query := url.Values{"token": {getUserToken(t, "user1", auth_model.AccessTokenScopeReadIssue)}}
324+
token := getUserToken(t, "user1", auth_model.AccessTokenScopeReadIssue)
325+
query := url.Values{}
327326
var apiIssues []*api.Issue
328327

329328
link.RawQuery = query.Encode()
330-
req := NewRequest(t, "GET", link.String())
329+
req := NewRequest(t, "GET", link.String()).AddTokenAuth(token)
331330
resp := MakeRequest(t, req, http.StatusOK)
332331
DecodeJSON(t, resp, &apiIssues)
333332
assert.Len(t, apiIssues, expectedIssueCount)
334333

335334
query.Add("labels", "label1")
336335
link.RawQuery = query.Encode()
337-
req = NewRequest(t, "GET", link.String())
336+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
338337
resp = MakeRequest(t, req, http.StatusOK)
339338
DecodeJSON(t, resp, &apiIssues)
340339
assert.Len(t, apiIssues, 2)
341340

342341
// multiple labels
343342
query.Set("labels", "label1,label2")
344343
link.RawQuery = query.Encode()
345-
req = NewRequest(t, "GET", link.String())
344+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
346345
resp = MakeRequest(t, req, http.StatusOK)
347346
DecodeJSON(t, resp, &apiIssues)
348347
assert.Len(t, apiIssues, 2)
349348

350349
// an org label
351350
query.Set("labels", "orglabel4")
352351
link.RawQuery = query.Encode()
353-
req = NewRequest(t, "GET", link.String())
352+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
354353
resp = MakeRequest(t, req, http.StatusOK)
355354
DecodeJSON(t, resp, &apiIssues)
356355
assert.Len(t, apiIssues, 1)
@@ -359,15 +358,15 @@ func TestAPISearchIssuesWithLabels(t *testing.T) {
359358
query.Set("labels", "label2,orglabel4")
360359
query.Add("state", "all")
361360
link.RawQuery = query.Encode()
362-
req = NewRequest(t, "GET", link.String())
361+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
363362
resp = MakeRequest(t, req, http.StatusOK)
364363
DecodeJSON(t, resp, &apiIssues)
365364
assert.Len(t, apiIssues, 2)
366365

367366
// org and repo label which share the same issue
368367
query.Set("labels", "label1,orglabel4")
369368
link.RawQuery = query.Encode()
370-
req = NewRequest(t, "GET", link.String())
369+
req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
371370
resp = MakeRequest(t, req, http.StatusOK)
372371
DecodeJSON(t, resp, &apiIssues)
373372
assert.Len(t, apiIssues, 2)

tests/integration/api_releases_test.go

+1-2
Original file line numberDiff line numberDiff line change
@@ -32,8 +32,7 @@ func TestAPIListReleases(t *testing.T) {
3232
token := getUserToken(t, user2.LowerName, auth_model.AccessTokenScopeReadRepository)
3333

3434
link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/releases", user2.Name, repo.Name))
35-
link.RawQuery = url.Values{"token": {token}}.Encode()
36-
resp := MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
35+
resp := MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK)
3736
var apiReleases []*api.Release
3837
DecodeJSON(t, resp, &apiReleases)
3938
if assert.Len(t, apiReleases, 3) {

tests/integration/api_repo_archive_test.go

+4-8
Original file line numberDiff line numberDiff line change
@@ -28,27 +28,23 @@ func TestAPIDownloadArchive(t *testing.T) {
2828
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
2929

3030
link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/archive/master.zip", user2.Name, repo.Name))
31-
link.RawQuery = url.Values{"token": {token}}.Encode()
32-
resp := MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
31+
resp := MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK)
3332
bs, err := io.ReadAll(resp.Body)
3433
assert.NoError(t, err)
3534
assert.Len(t, bs, 320)
3635

3736
link, _ = url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/archive/master.tar.gz", user2.Name, repo.Name))
38-
link.RawQuery = url.Values{"token": {token}}.Encode()
39-
resp = MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
37+
resp = MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK)
4038
bs, err = io.ReadAll(resp.Body)
4139
assert.NoError(t, err)
4240
assert.Len(t, bs, 266)
4341

4442
link, _ = url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/archive/master.bundle", user2.Name, repo.Name))
45-
link.RawQuery = url.Values{"token": {token}}.Encode()
46-
resp = MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
43+
resp = MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK)
4744
bs, err = io.ReadAll(resp.Body)
4845
assert.NoError(t, err)
4946
assert.Len(t, bs, 382)
5047

5148
link, _ = url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/archive/master", user2.Name, repo.Name))
52-
link.RawQuery = url.Values{"token": {token}}.Encode()
53-
MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusBadRequest)
49+
MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusBadRequest)
5450
}

tests/integration/api_repo_branch_test.go

+9-14
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) {
3131
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
3232

3333
link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches", repo3.Name)) // a plain repo
34-
link.RawQuery = url.Values{"token": {token}}.Encode()
35-
resp := MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
34+
resp := MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK)
3635
bs, err := io.ReadAll(resp.Body)
3736
assert.NoError(t, err)
3837

@@ -43,15 +42,14 @@ func TestAPIRepoBranchesPlain(t *testing.T) {
4342
assert.EqualValues(t, "master", branches[1].Name)
4443

4544
link2, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch", repo3.Name))
46-
link2.RawQuery = url.Values{"token": {token}}.Encode()
47-
resp = MakeRequest(t, NewRequest(t, "GET", link2.String()), http.StatusOK)
45+
resp = MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(token), http.StatusOK)
4846
bs, err = io.ReadAll(resp.Body)
4947
assert.NoError(t, err)
5048
var branch api.Branch
5149
assert.NoError(t, json.Unmarshal(bs, &branch))
5250
assert.EqualValues(t, "test_branch", branch.Name)
5351

54-
req := NewRequest(t, "POST", link.String())
52+
req := NewRequest(t, "POST", link.String()).AddTokenAuth(token)
5553
req.Header.Add("Content-Type", "application/json")
5654
req.Body = io.NopCloser(bytes.NewBufferString(`{"new_branch_name":"test_branch2", "old_branch_name": "test_branch", "old_ref_name":"refs/heads/test_branch"}`))
5755
resp = MakeRequest(t, req, http.StatusCreated)
@@ -62,7 +60,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) {
6260
assert.EqualValues(t, "test_branch2", branch2.Name)
6361
assert.EqualValues(t, branch.Commit.ID, branch2.Commit.ID)
6462

65-
resp = MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
63+
resp = MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK)
6664
bs, err = io.ReadAll(resp.Body)
6765
assert.NoError(t, err)
6866

@@ -76,8 +74,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) {
7674
link3, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch2", repo3.Name))
7775
MakeRequest(t, NewRequest(t, "DELETE", link3.String()), http.StatusNotFound)
7876

79-
link3.RawQuery = url.Values{"token": {token}}.Encode()
80-
MakeRequest(t, NewRequest(t, "DELETE", link3.String()), http.StatusNoContent)
77+
MakeRequest(t, NewRequest(t, "DELETE", link3.String()).AddTokenAuth(token), http.StatusNoContent)
8178
assert.NoError(t, err)
8279
})
8380
}
@@ -91,8 +88,7 @@ func TestAPIRepoBranchesMirror(t *testing.T) {
9188
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
9289

9390
link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches", repo5.Name)) // a mirror repo
94-
link.RawQuery = url.Values{"token": {token}}.Encode()
95-
resp := MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK)
91+
resp := MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK)
9692
bs, err := io.ReadAll(resp.Body)
9793
assert.NoError(t, err)
9894

@@ -103,23 +99,22 @@ func TestAPIRepoBranchesMirror(t *testing.T) {
10399
assert.EqualValues(t, "master", branches[1].Name)
104100

105101
link2, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch", repo5.Name))
106-
link2.RawQuery = url.Values{"token": {token}}.Encode()
107-
resp = MakeRequest(t, NewRequest(t, "GET", link2.String()), http.StatusOK)
102+
resp = MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(token), http.StatusOK)
108103
bs, err = io.ReadAll(resp.Body)
109104
assert.NoError(t, err)
110105
var branch api.Branch
111106
assert.NoError(t, json.Unmarshal(bs, &branch))
112107
assert.EqualValues(t, "test_branch", branch.Name)
113108

114-
req := NewRequest(t, "POST", link.String())
109+
req := NewRequest(t, "POST", link.String()).AddTokenAuth(token)
115110
req.Header.Add("Content-Type", "application/json")
116111
req.Body = io.NopCloser(bytes.NewBufferString(`{"new_branch_name":"test_branch2", "old_branch_name": "test_branch", "old_ref_name":"refs/heads/test_branch"}`))
117112
resp = MakeRequest(t, req, http.StatusForbidden)
118113
bs, err = io.ReadAll(resp.Body)
119114
assert.NoError(t, err)
120115
assert.EqualValues(t, "{\"message\":\"Git Repository is a mirror.\",\"url\":\""+setting.AppURL+"api/swagger\"}\n", string(bs))
121116

122-
resp = MakeRequest(t, NewRequest(t, "DELETE", link2.String()), http.StatusForbidden)
117+
resp = MakeRequest(t, NewRequest(t, "DELETE", link2.String()).AddTokenAuth(token), http.StatusForbidden)
123118
bs, err = io.ReadAll(resp.Body)
124119
assert.NoError(t, err)
125120
assert.EqualValues(t, "{\"message\":\"Git Repository is a mirror.\",\"url\":\""+setting.AppURL+"api/swagger\"}\n", string(bs))

tests/mssql.ini.tmpl

+1
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,7 @@ DISABLE_GIT_HOOKS = false
100100
INSTALL_LOCK = true
101101
SECRET_KEY = 9pCviYTWSb
102102
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTU1NTE2MTh9.hhSVGOANkaKk3vfCd2jDOIww4pUk0xtg9JRde5UogyQ
103+
DISABLE_QUERY_AUTH_TOKEN = true
103104

104105
[lfs]
105106
PATH = tests/{{TEST_TYPE}}/gitea-{{TEST_TYPE}}-mssql/data/lfs

tests/mysql.ini.tmpl

+1
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,7 @@ DISABLE_GIT_HOOKS = false
9898
INSTALL_LOCK = true
9999
SECRET_KEY = 9pCviYTWSb
100100
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTU1NTE2MTh9.hhSVGOANkaKk3vfCd2jDOIww4pUk0xtg9JRde5UogyQ
101+
DISABLE_QUERY_AUTH_TOKEN = true
101102

102103
[lfs]
103104
PATH = tests/{{TEST_TYPE}}/gitea-{{TEST_TYPE}}-mysql/data/lfs

tests/pgsql.ini.tmpl

+1
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,7 @@ DISABLE_GIT_HOOKS = false
101101
INSTALL_LOCK = true
102102
SECRET_KEY = 9pCviYTWSb
103103
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTU1NTE2MTh9.hhSVGOANkaKk3vfCd2jDOIww4pUk0xtg9JRde5UogyQ
104+
DISABLE_QUERY_AUTH_TOKEN = true
104105

105106
[lfs]
106107
MINIO_BASE_PATH = lfs/

tests/sqlite.ini.tmpl

+1
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,7 @@ DISABLE_GIT_HOOKS = false
9797
INSTALL_LOCK = true
9898
SECRET_KEY = 9pCviYTWSb
9999
INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTI3OTU5ODN9.OQkH5UmzID2XBdwQ9TAI6Jj2t1X-wElVTjbE7aoN4I8
100+
DISABLE_QUERY_AUTH_TOKEN = true
100101

101102
[oauth2]
102103
JWT_SECRET = KZb_QLUd4fYVyxetjxC4eZkrBgWM2SndOOWDNtgUUko

0 commit comments

Comments
 (0)