forgejo/tests/integration/api_user_variables_test.go

// Copyright 2024 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package integration

import (
	"fmt"
	"net/http"
	"testing"

	actions_model "forgejo.org/models/actions"
	auth_model "forgejo.org/models/auth"
	"forgejo.org/models/unittest"
	user_model "forgejo.org/models/user"
	api "forgejo.org/modules/structs"
	"forgejo.org/tests"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func TestAPIUserVariablesCreateUserVariable(t *testing.T) {
	defer tests.PrepareTestEnv(t)()

	user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})

	session := loginUser(t, user1.Name)
	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)

	cases := []struct {
		Name           string
		ExpectedStatus int
	}{
		{
			Name:           "-",
			ExpectedStatus: http.StatusBadRequest,
		},
		{
			Name:           "_",
			ExpectedStatus: http.StatusNoContent,
		},
		{
			Name:           "TEST_VAR",
			ExpectedStatus: http.StatusNoContent,
		},
		{
			Name:           "test_var",
			ExpectedStatus: http.StatusConflict,
		},
		{
			Name:           "ci",
			ExpectedStatus: http.StatusBadRequest,
		},
		{
			Name:           "123var",
			ExpectedStatus: http.StatusBadRequest,
		},
		{
			Name:           "var@test",
			ExpectedStatus: http.StatusBadRequest,
		},
		{
			Name:           "forgejo_var",
			ExpectedStatus: http.StatusBadRequest,
		},
		{
			Name:           "github_var",
			ExpectedStatus: http.StatusBadRequest,
		},
		{
			Name:           "gitea_var",
			ExpectedStatus: http.StatusBadRequest,
		},
	}

	for _, c := range cases {
		url := fmt.Sprintf("/api/v1/user/actions/variables/%s", c.Name)

		req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{
			Value: "  \tvalüé\r\n" + c.Name + "  \r\n",
		})
		req.AddTokenAuth(token)
		MakeRequest(t, req, c.ExpectedStatus)

		if c.ExpectedStatus < 300 {
			req = NewRequest(t, "GET", url)
			req.AddTokenAuth(token)
			res := MakeRequest(t, req, http.StatusOK)

			variable := api.ActionVariable{}
			DecodeJSON(t, res, &variable)

			assert.Equal(t, variable.Name, c.Name)
			assert.Equal(t, variable.Data, "  \tvalüé\n"+c.Name+"  \n")
		}
	}
}

func TestAPIUserVariablesUpdateUserVariable(t *testing.T) {
	defer tests.PrepareTestEnv(t)()

	user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})

	session := loginUser(t, user1.Name)
	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)

	variableName := "test_update_var"
	url := fmt.Sprintf("/api/v1/user/actions/variables/%s", variableName)
	req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{
		Value: "initial_val",
	}).AddTokenAuth(token)
	MakeRequest(t, req, http.StatusNoContent)

	t.Run("Accepts only valid names", func(t *testing.T) {
		cases := []struct {
			Name           string
			UpdateName     string
			ExpectedStatus int
		}{
			{
				Name:           "not_found_var",
				ExpectedStatus: http.StatusNotFound,
			},
			{
				Name:           variableName,
				UpdateName:     "1invalid",
				ExpectedStatus: http.StatusBadRequest,
			},
			{
				Name:           variableName,
				UpdateName:     "invalid@name",
				ExpectedStatus: http.StatusBadRequest,
			},
			{
				Name:           variableName,
				UpdateName:     "ci",
				ExpectedStatus: http.StatusBadRequest,
			},
			{
				Name:           variableName,
				UpdateName:     "forgejo_foo",
				ExpectedStatus: http.StatusBadRequest,
			},
			{
				Name:           variableName,
				UpdateName:     "updated_var_name",
				ExpectedStatus: http.StatusNoContent,
			},
			{
				Name:           variableName,
				ExpectedStatus: http.StatusNotFound,
			},
			{
				Name:           "updated_var_name",
				ExpectedStatus: http.StatusNoContent,
			},
		}

		for _, c := range cases {
			url := fmt.Sprintf("/api/v1/user/actions/variables/%s", c.Name)
			req := NewRequestWithJSON(t, "PUT", url, api.UpdateVariableOption{
				Name:  c.UpdateName,
				Value: "updated_val",
			})
			req.AddTokenAuth(token)
			MakeRequest(t, req, c.ExpectedStatus)
		}
	})

	t.Run("Retains special characters", func(t *testing.T) {
		variableName := "special_characters"
		url := fmt.Sprintf("/api/v1/user/actions/variables/%s", variableName)

		req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{Value: "initial_value"})
		req.AddTokenAuth(token)
		MakeRequest(t, req, http.StatusNoContent)

		requestData := api.UpdateVariableOption{
			Value: "\r\n    \tüpdåtéd\r\n   \r\n",
		}
		req = NewRequestWithJSON(t, "PUT", url, requestData)
		req.AddTokenAuth(token)
		MakeRequest(t, req, http.StatusNoContent)

		req = NewRequest(t, "GET", url)
		req.AddTokenAuth(token)
		res := MakeRequest(t, req, http.StatusOK)

		variable := api.ActionVariable{}
		DecodeJSON(t, res, &variable)

		assert.Equal(t, "SPECIAL_CHARACTERS", variable.Name)
		assert.Equal(t, "\n    \tüpdåtéd\n   \n", variable.Data)
	})
}

func TestAPIUserVariablesDeleteUserVariable(t *testing.T) {
	defer tests.PrepareTestEnv(t)()

	user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})
	variable, err := actions_model.InsertVariable(t.Context(), user1.ID, 0, "FORGEJO_FORBIDDEN", "illegal")
	require.NoError(t, err)

	session := loginUser(t, user1.Name)
	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)

	variableName := "test_delete_var"
	url := fmt.Sprintf("/api/v1/user/actions/variables/%s", variableName)

	req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{
		Value: "initial_val",
	}).AddTokenAuth(token)
	MakeRequest(t, req, http.StatusNoContent)

	req = NewRequest(t, "DELETE", url).AddTokenAuth(token)
	MakeRequest(t, req, http.StatusNoContent)

	req = NewRequest(t, "DELETE", url).AddTokenAuth(token)
	MakeRequest(t, req, http.StatusNotFound)

	// deleting of forbidden names should still be possible
	url = fmt.Sprintf("/api/v1/user/actions/variables/%s", variable.Name)
	req = NewRequest(t, "DELETE", url).AddTokenAuth(token)
	MakeRequest(t, req, http.StatusNoContent)

	req = NewRequest(t, "DELETE", url).AddTokenAuth(token)
	MakeRequest(t, req, http.StatusNotFound)
}

func TestAPIUserVariablesGetSingleUserVariable(t *testing.T) {
	defer tests.PrepareTestEnv(t)()

	user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})

	session := loginUser(t, user1.Name)
	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)

	createURL := fmt.Sprintf("/api/v1/user/actions/variables/%s", "some_variable")

	createRequest := NewRequestWithJSON(t, "POST", createURL, api.CreateVariableOption{Value: "true"})
	createRequest.AddTokenAuth(token)

	MakeRequest(t, createRequest, http.StatusNoContent)

	variableRequest := NewRequest(t, "GET", "/api/v1/user/actions/variables/some_variable")
	variableRequest.AddTokenAuth(token)

	variableResponse := MakeRequest(t, variableRequest, http.StatusOK)

	var actionVariable api.ActionVariable
	DecodeJSON(t, variableResponse, &actionVariable)

	assert.NotNil(t, actionVariable)

	assert.Equal(t, user1.ID, actionVariable.OwnerID)
	assert.Equal(t, int64(0), actionVariable.RepoID)
	assert.Equal(t, "SOME_VARIABLE", actionVariable.Name)
	assert.Equal(t, "true", actionVariable.Data)
}

func TestAPIUserVariablesGetAllUserVariables(t *testing.T) {
	defer tests.PrepareTestEnv(t)()

	user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})

	session := loginUser(t, user1.Name)
	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)

	variables := map[string]string{"second": "Dolor sit amet", "first": "Lorem ipsum"}
	for name, value := range variables {
		createURL := fmt.Sprintf("/api/v1/user/actions/variables/%s", name)

		createRequest := NewRequestWithJSON(t, "POST", createURL, api.CreateVariableOption{Value: value})
		createRequest.AddTokenAuth(token)

		MakeRequest(t, createRequest, http.StatusNoContent)
	}

	listRequest := NewRequest(t, "GET", "/api/v1/user/actions/variables")
	listRequest.AddTokenAuth(token)

	listResponse := MakeRequest(t, listRequest, http.StatusOK)

	var actionVariables []api.ActionVariable
	DecodeJSON(t, listResponse, &actionVariables)

	assert.Len(t, actionVariables, len(variables))

	assert.Equal(t, user1.ID, actionVariables[0].OwnerID)
	assert.Equal(t, int64(0), actionVariables[0].RepoID)
	assert.Equal(t, "FIRST", actionVariables[0].Name)
	assert.Equal(t, "Lorem ipsum", actionVariables[0].Data)

	assert.Equal(t, user1.ID, actionVariables[1].OwnerID)
	assert.Equal(t, int64(0), actionVariables[1].RepoID)
	assert.Equal(t, "SECOND", actionVariables[1].Name)
	assert.Equal(t, "Dolor sit amet", actionVariables[1].Data)
}