upstream/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-04-22 14:06:55 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
forgejo/tests/integration/api_org_variables_test.go
zokki eeb47e3340 fix: actions variable and secret names validation (#10682) 
Fixed action variables and secrets according to [Docu](https://forgejo.org/docs/next/user/actions/basic-concepts/#name-constraints):
> Variable names must not start with the FORGEJO_, GITHUB_ or GITEA_ prefix.
This wasn't correctly enforced, so I changed the regex

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10682
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
2026-01-14 04:19:21 +01:00

264 lines
7.9 KiB
Go
Raw Blame History

// Copyright 2025 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: GPL-3.0-or-later
package integration
import (
"fmt"
"net/http"
"testing"
actions_model "forgejo.org/models/actions"
auth_model "forgejo.org/models/auth"
org_model "forgejo.org/models/organization"
"forgejo.org/models/unittest"
api "forgejo.org/modules/structs"
"forgejo.org/tests"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestAPIOrgVariablesCreateOrganizationVariable(t *testing.T) {
defer tests.PrepareTestEnv(t)()
org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{Name: "org3"})
session := loginUser(t, "user2")
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
cases := []struct {
Name string
ExpectedStatus int
}{
{
Name: "-",
ExpectedStatus: http.StatusBadRequest,
},
{
Name: "_",
ExpectedStatus: http.StatusNoContent,
},
{
Name: "TEST_VAR",
ExpectedStatus: http.StatusNoContent,
},
{
Name: "test_var",
ExpectedStatus: http.StatusConflict,
},
{
Name: "ci",
ExpectedStatus: http.StatusBadRequest,
},
{
Name: "123var",
ExpectedStatus: http.StatusBadRequest,
},
{
Name: "var@test",
ExpectedStatus: http.StatusBadRequest,
},
{
Name: "forgejo_var",
ExpectedStatus: http.StatusBadRequest,
},
{
Name: "github_var",
ExpectedStatus: http.StatusBadRequest,
},
{
Name: "gitea_var",
ExpectedStatus: http.StatusBadRequest,
},
}
for _, c := range cases {
requestURL := fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, c.Name)
request := NewRequestWithJSON(t, "POST", requestURL, api.CreateVariableOption{
Value: "value" + c.Name,
})
request.AddTokenAuth(token)
MakeRequest(t, request, c.ExpectedStatus)
if c.ExpectedStatus < 300 {
request = NewRequest(t, "GET", requestURL).
AddTokenAuth(token)
res := MakeRequest(t, request, http.StatusOK)
variable := api.ActionVariable{}
DecodeJSON(t, res, &variable)
assert.Equal(t, variable.Name, c.Name)
assert.Equal(t, variable.Data, "value"+c.Name)
}
}
}
func TestAPIOrgVariablesUpdateOrganizationVariable(t *testing.T) {
defer tests.PrepareTestEnv(t)()
org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{Name: "org3"})
session := loginUser(t, "user2")
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
variableName := "test_update_var"
url := fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, variableName)
request := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{Value: "initial_val"})
request.AddTokenAuth(token)
MakeRequest(t, request, http.StatusNoContent)
cases := []struct {
Name string
UpdateName string
ExpectedStatus int
}{
{
Name: "not_found_var",
ExpectedStatus: http.StatusNotFound,
},
{
Name: variableName,
UpdateName: "1invalid",
ExpectedStatus: http.StatusBadRequest,
},
{
Name: variableName,
UpdateName: "invalid@name",
ExpectedStatus: http.StatusBadRequest,
},
{
Name: variableName,
UpdateName: "ci",
ExpectedStatus: http.StatusBadRequest,
},
{
Name: variableName,
UpdateName: "forgejo_foo",
ExpectedStatus: http.StatusBadRequest,
},
{
Name: variableName,
UpdateName: "updated_var_name",
ExpectedStatus: http.StatusNoContent,
},
{
Name: variableName,
ExpectedStatus: http.StatusNotFound,
},
{
Name: "updated_var_name",
ExpectedStatus: http.StatusNoContent,
},
}
for _, c := range cases {
url := fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, c.Name)
request := NewRequestWithJSON(t, "PUT", url, api.UpdateVariableOption{Name: c.UpdateName, Value: "updated_val"})
request.AddTokenAuth(token)
MakeRequest(t, request, c.ExpectedStatus)
}
}
func TestAPIOrgVariablesDeleteOrganizationVariable(t *testing.T) {
defer tests.PrepareTestEnv(t)()
org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{Name: "org3"})
variable, err := actions_model.InsertVariable(t.Context(), org.ID, 0, "FORGEJO_FORBIDDEN", "illegal")
require.NoError(t, err)
session := loginUser(t, "user2")
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
variableName := "test_delete_var"
url := fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, variableName)
request := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{Value: "initial_val"})
request.AddTokenAuth(token)
MakeRequest(t, request, http.StatusNoContent)
request = NewRequest(t, "DELETE", url).AddTokenAuth(token)
MakeRequest(t, request, http.StatusNoContent)
request = NewRequest(t, "DELETE", url).AddTokenAuth(token)
MakeRequest(t, request, http.StatusNotFound)
// deleting of forbidden names should still be possible
url = fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, variable.Name)
request = NewRequest(t, "DELETE", url).AddTokenAuth(token)
MakeRequest(t, request, http.StatusNoContent)
request = NewRequest(t, "DELETE", url).AddTokenAuth(token)
MakeRequest(t, request, http.StatusNotFound)
}
func TestAPIOrgVariablesGetSingleOrganizationVariable(t *testing.T) {
defer tests.PrepareTestEnv(t)()
org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{Name: "org3"})
session := loginUser(t, "user2")
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
name := "some_variable"
value := "false"
createURL := fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, name)
createRequest := NewRequestWithJSON(t, "POST", createURL, api.CreateVariableOption{Value: value})
createRequest.AddTokenAuth(token)
MakeRequest(t, createRequest, http.StatusNoContent)
getURL := fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, name)
getRequest := NewRequest(t, "GET", getURL)
getRequest.AddTokenAuth(token)
getResponse := MakeRequest(t, getRequest, http.StatusOK)
var actionVariable api.ActionVariable
DecodeJSON(t, getResponse, &actionVariable)
assert.NotNil(t, actionVariable)
assert.Equal(t, org.ID, actionVariable.OwnerID)
assert.Equal(t, int64(0), actionVariable.RepoID)
assert.Equal(t, "SOME_VARIABLE", actionVariable.Name)
assert.Equal(t, value, actionVariable.Data)
}
func TestAPIOrgVariablesGetAllOrganizationVariables(t *testing.T) {
defer tests.PrepareTestEnv(t)()
org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{Name: "org3"})
session := loginUser(t, "user2")
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
variables := map[string]string{"second": "Dolor sit amet", "first": "Lorem ipsum"}
for name, value := range variables {
createURL := fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, name)
createRequest := NewRequestWithJSON(t, "POST", createURL, api.CreateVariableOption{Value: value})
createRequest.AddTokenAuth(token)
MakeRequest(t, createRequest, http.StatusNoContent)
}
getURL := fmt.Sprintf("/api/v1/orgs/%s/actions/variables", org.Name)
getRequest := NewRequest(t, "GET", getURL)
getRequest.AddTokenAuth(token)
getResponse := MakeRequest(t, getRequest, http.StatusOK)
var actionVariables []api.ActionVariable
DecodeJSON(t, getResponse, &actionVariables)
assert.Len(t, actionVariables, len(variables))
assert.Equal(t, org.ID, actionVariables[0].OwnerID)
assert.Equal(t, int64(0), actionVariables[0].RepoID)
assert.Equal(t, "FIRST", actionVariables[0].Name)
assert.Equal(t, "Lorem ipsum", actionVariables[0].Data)
assert.Equal(t, org.ID, actionVariables[1].OwnerID)
assert.Equal(t, int64(0), actionVariables[1].RepoID)
assert.Equal(t, "SECOND", actionVariables[1].Name)
assert.Equal(t, "Dolor sit amet", actionVariables[1].Data)
}
Reference in a new issue View git blame Copy permalink