{{if and .CanWriteCode (not .Repository.IsArchived)}}
diff --git a/templates/shared/user/profile_big_avatar.tmpl b/templates/shared/user/profile_big_avatar.tmpl
index 1069209495a..50d707176d5 100644
--- a/templates/shared/user/profile_big_avatar.tmpl
+++ b/templates/shared/user/profile_big_avatar.tmpl
@@ -14,7 +14,7 @@
{{if .ContextUser.FullName}}{{end}}
{{.ContextUser.Name}} {{if .IsAdmin}}
-
+
{{svg "octicon-gear" 18}}
{{end}}
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/GIT_COLA_MSG b/tests/gitea-repositories-meta/org42/search-by-path.git/GIT_COLA_MSG
new file mode 100644
index 00000000000..8b137891791
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/GIT_COLA_MSG
@@ -0,0 +1 @@
+
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/HEAD b/tests/gitea-repositories-meta/org42/search-by-path.git/HEAD
new file mode 100644
index 00000000000..cb089cd89a7
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/HEAD
@@ -0,0 +1 @@
+ref: refs/heads/master
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/config b/tests/gitea-repositories-meta/org42/search-by-path.git/config
new file mode 100644
index 00000000000..07d359d07cf
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/config
@@ -0,0 +1,4 @@
+[core]
+ repositoryformatversion = 0
+ filemode = true
+ bare = true
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/description b/tests/gitea-repositories-meta/org42/search-by-path.git/description
new file mode 100644
index 00000000000..382e2d7f101
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/description
@@ -0,0 +1,8 @@
+This repository will be used to test code search. The snippet below shows its directory structure
+
+.
+├── avocado.md
+├── cucumber.md
+├── ham.md
+└── potato
+ └── ham.md
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/post-receive b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/post-receive
new file mode 100755
index 00000000000..4b3d452abcc
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/post-receive
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+ORI_DIR=`pwd`
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+cd "$ORI_DIR"
+for i in `ls "$SHELL_FOLDER/post-receive.d"`; do
+ sh "$SHELL_FOLDER/post-receive.d/$i"
+done
\ No newline at end of file
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/post-receive.d/gitea b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/post-receive.d/gitea
new file mode 100755
index 00000000000..43a948da3a9
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/post-receive.d/gitea
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$GITEA_ROOT/gitea" hook --config="$GITEA_ROOT/$GITEA_CONF" post-receive
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/pre-receive b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/pre-receive
new file mode 100755
index 00000000000..41270130536
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/pre-receive
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+ORI_DIR=`pwd`
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+cd "$ORI_DIR"
+for i in `ls "$SHELL_FOLDER/pre-receive.d"`; do
+ sh "$SHELL_FOLDER/pre-receive.d/$i"
+done
\ No newline at end of file
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/pre-receive.d/gitea b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/pre-receive.d/gitea
new file mode 100755
index 00000000000..49d09406364
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/pre-receive.d/gitea
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$GITEA_ROOT/gitea" hook --config="$GITEA_ROOT/$GITEA_CONF" pre-receive
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/proc-receive b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/proc-receive
new file mode 100755
index 00000000000..af2808b0370
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/proc-receive
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+ORI_DIR=`pwd`
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+cd "$ORI_DIR"
+for i in `ls "$SHELL_FOLDER/proc-receive.d"`; do
+ sh "$SHELL_FOLDER/proc-receive.d/$i"
+done
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/proc-receive.d/gitea b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/proc-receive.d/gitea
new file mode 100755
index 00000000000..97521c62115
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/proc-receive.d/gitea
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$GITEA_ROOT/gitea" hook --config="$GITEA_ROOT/$GITEA_CONF" proc-receive
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/update b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/update
new file mode 100755
index 00000000000..c186fe4a18b
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/update
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+ORI_DIR=`pwd`
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+cd "$ORI_DIR"
+for i in `ls "$SHELL_FOLDER/update.d"`; do
+ sh "$SHELL_FOLDER/update.d/$i" $1 $2 $3
+done
\ No newline at end of file
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/update.d/gitea b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/update.d/gitea
new file mode 100755
index 00000000000..38101c24266
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/hooks/update.d/gitea
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$GITEA_ROOT/gitea" hook --config="$GITEA_ROOT/$GITEA_CONF" update $1 $2 $3
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/info/exclude b/tests/gitea-repositories-meta/org42/search-by-path.git/info/exclude
new file mode 100644
index 00000000000..a5196d1be8f
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/info/exclude
@@ -0,0 +1,6 @@
+# git ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/info/refs b/tests/gitea-repositories-meta/org42/search-by-path.git/info/refs
new file mode 100644
index 00000000000..6b948c96a83
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/info/refs
@@ -0,0 +1,13 @@
+90c1019714259b24fb81711d4416ac0f18667dfa refs/heads/DefaultBranch
+985f0301dba5e7b34be866819cd15ad3d8f508ee refs/heads/branch2
+65f1bf27bc3bf70f64657658635e66094edbcb4d refs/heads/develop
+65f1bf27bc3bf70f64657658635e66094edbcb4d refs/heads/feature/1
+78fb907e3a3309eae4fe8fef030874cebbf1cd5e refs/heads/home-md-img-check
+3731fe53b763859aaf83e703ee731f6b9447ff1e refs/heads/master
+62fb502a7172d4453f0322a2cc85bddffa57f07a refs/heads/pr-to-update
+4649299398e4d39a5c09eb4f534df6f1e1eb87cc refs/heads/sub-home-md-img-check
+3fa2f829675543ecfc16b2891aebe8bf0608a8f4 refs/notes/commits
+4a357436d925b5c974181ff12a994538ddc5a269 refs/pull/2/head
+5f22f7d0d95d614d25a5b68592adb345a4b5c7fd refs/pull/3/head
+62fb502a7172d4453f0322a2cc85bddffa57f07a refs/pull/5/head
+65f1bf27bc3bf70f64657658635e66094edbcb4d refs/tags/v1.1
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/logs/refs/heads/master b/tests/gitea-repositories-meta/org42/search-by-path.git/logs/refs/heads/master
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/objects/info/commit-graph b/tests/gitea-repositories-meta/org42/search-by-path.git/objects/info/commit-graph
new file mode 100644
index 00000000000..b38715bb92b
Binary files /dev/null and b/tests/gitea-repositories-meta/org42/search-by-path.git/objects/info/commit-graph differ
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/objects/info/packs b/tests/gitea-repositories-meta/org42/search-by-path.git/objects/info/packs
new file mode 100644
index 00000000000..b2af8c8378a
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/objects/info/packs
@@ -0,0 +1,2 @@
+P pack-393dc29256bc27cb2ec73898507df710be7a3cf5.pack
+
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/objects/pack/pack-393dc29256bc27cb2ec73898507df710be7a3cf5.bitmap b/tests/gitea-repositories-meta/org42/search-by-path.git/objects/pack/pack-393dc29256bc27cb2ec73898507df710be7a3cf5.bitmap
new file mode 100644
index 00000000000..1fdef225e83
Binary files /dev/null and b/tests/gitea-repositories-meta/org42/search-by-path.git/objects/pack/pack-393dc29256bc27cb2ec73898507df710be7a3cf5.bitmap differ
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/objects/pack/pack-393dc29256bc27cb2ec73898507df710be7a3cf5.idx b/tests/gitea-repositories-meta/org42/search-by-path.git/objects/pack/pack-393dc29256bc27cb2ec73898507df710be7a3cf5.idx
new file mode 100644
index 00000000000..0d930e7499f
Binary files /dev/null and b/tests/gitea-repositories-meta/org42/search-by-path.git/objects/pack/pack-393dc29256bc27cb2ec73898507df710be7a3cf5.idx differ
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/objects/pack/pack-393dc29256bc27cb2ec73898507df710be7a3cf5.pack b/tests/gitea-repositories-meta/org42/search-by-path.git/objects/pack/pack-393dc29256bc27cb2ec73898507df710be7a3cf5.pack
new file mode 100644
index 00000000000..f1aac1e7404
Binary files /dev/null and b/tests/gitea-repositories-meta/org42/search-by-path.git/objects/pack/pack-393dc29256bc27cb2ec73898507df710be7a3cf5.pack differ
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/objects/pack/pack-393dc29256bc27cb2ec73898507df710be7a3cf5.rev b/tests/gitea-repositories-meta/org42/search-by-path.git/objects/pack/pack-393dc29256bc27cb2ec73898507df710be7a3cf5.rev
new file mode 100644
index 00000000000..869860ba611
Binary files /dev/null and b/tests/gitea-repositories-meta/org42/search-by-path.git/objects/pack/pack-393dc29256bc27cb2ec73898507df710be7a3cf5.rev differ
diff --git a/tests/gitea-repositories-meta/org42/search-by-path.git/packed-refs b/tests/gitea-repositories-meta/org42/search-by-path.git/packed-refs
new file mode 100644
index 00000000000..70e69af1e10
--- /dev/null
+++ b/tests/gitea-repositories-meta/org42/search-by-path.git/packed-refs
@@ -0,0 +1,14 @@
+# pack-refs with: peeled fully-peeled sorted
+90c1019714259b24fb81711d4416ac0f18667dfa refs/heads/DefaultBranch
+985f0301dba5e7b34be866819cd15ad3d8f508ee refs/heads/branch2
+65f1bf27bc3bf70f64657658635e66094edbcb4d refs/heads/develop
+65f1bf27bc3bf70f64657658635e66094edbcb4d refs/heads/feature/1
+78fb907e3a3309eae4fe8fef030874cebbf1cd5e refs/heads/home-md-img-check
+3731fe53b763859aaf83e703ee731f6b9447ff1e refs/heads/master
+62fb502a7172d4453f0322a2cc85bddffa57f07a refs/heads/pr-to-update
+4649299398e4d39a5c09eb4f534df6f1e1eb87cc refs/heads/sub-home-md-img-check
+3fa2f829675543ecfc16b2891aebe8bf0608a8f4 refs/notes/commits
+4a357436d925b5c974181ff12a994538ddc5a269 refs/pull/2/head
+5f22f7d0d95d614d25a5b68592adb345a4b5c7fd refs/pull/3/head
+62fb502a7172d4453f0322a2cc85bddffa57f07a refs/pull/5/head
+65f1bf27bc3bf70f64657658635e66094edbcb4d refs/tags/v1.1
diff --git a/tests/integration/admin_config_test.go b/tests/integration/admin_config_test.go
index 860a92d6a32..eec7e75fd91 100644
--- a/tests/integration/admin_config_test.go
+++ b/tests/integration/admin_config_test.go
@@ -17,7 +17,7 @@ func TestAdminConfig(t *testing.T) {
defer tests.PrepareTestEnv(t)()
session := loginUser(t, "user1")
- req := NewRequest(t, "GET", "/admin/config")
+ req := NewRequest(t, "GET", "/-/admin/config")
resp := session.MakeRequest(t, req, http.StatusOK)
assert.True(t, test.IsNormalPageCompleted(resp.Body.String()))
}
diff --git a/tests/integration/admin_user_test.go b/tests/integration/admin_user_test.go
index 669060c787d..d5d7e70bc7e 100644
--- a/tests/integration/admin_user_test.go
+++ b/tests/integration/admin_user_test.go
@@ -19,11 +19,11 @@ func TestAdminViewUsers(t *testing.T) {
defer tests.PrepareTestEnv(t)()
session := loginUser(t, "user1")
- req := NewRequest(t, "GET", "/admin/users")
+ req := NewRequest(t, "GET", "/-/admin/users")
session.MakeRequest(t, req, http.StatusOK)
session = loginUser(t, "user2")
- req = NewRequest(t, "GET", "/admin/users")
+ req = NewRequest(t, "GET", "/-/admin/users")
session.MakeRequest(t, req, http.StatusForbidden)
}
@@ -31,11 +31,11 @@ func TestAdminViewUser(t *testing.T) {
defer tests.PrepareTestEnv(t)()
session := loginUser(t, "user1")
- req := NewRequest(t, "GET", "/admin/users/1")
+ req := NewRequest(t, "GET", "/-/admin/users/1")
session.MakeRequest(t, req, http.StatusOK)
session = loginUser(t, "user2")
- req = NewRequest(t, "GET", "/admin/users/1")
+ req = NewRequest(t, "GET", "/-/admin/users/1")
session.MakeRequest(t, req, http.StatusForbidden)
}
@@ -51,8 +51,8 @@ func testSuccessfullEdit(t *testing.T, formData user_model.User) {
func makeRequest(t *testing.T, formData user_model.User, headerCode int) {
session := loginUser(t, "user1")
- csrf := GetCSRF(t, session, "/admin/users/"+strconv.Itoa(int(formData.ID))+"/edit")
- req := NewRequestWithValues(t, "POST", "/admin/users/"+strconv.Itoa(int(formData.ID))+"/edit", map[string]string{
+ csrf := GetUserCSRFToken(t, session)
+ req := NewRequestWithValues(t, "POST", "/-/admin/users/"+strconv.Itoa(int(formData.ID))+"/edit", map[string]string{
"_csrf": csrf,
"user_name": formData.Name,
"login_name": formData.LoginName,
@@ -72,8 +72,8 @@ func TestAdminDeleteUser(t *testing.T) {
session := loginUser(t, "user1")
- csrf := GetCSRF(t, session, "/admin/users/8/edit")
- req := NewRequestWithValues(t, "POST", "/admin/users/8/delete", map[string]string{
+ csrf := GetUserCSRFToken(t, session)
+ req := NewRequestWithValues(t, "POST", "/-/admin/users/8/delete", map[string]string{
"_csrf": csrf,
})
session.MakeRequest(t, req, http.StatusSeeOther)
diff --git a/tests/integration/api_httpsig_test.go b/tests/integration/api_httpsig_test.go
index cca477f5e13..b9dc508ad09 100644
--- a/tests/integration/api_httpsig_test.go
+++ b/tests/integration/api_httpsig_test.go
@@ -95,7 +95,7 @@ func TestHTTPSigCert(t *testing.T) {
defer tests.PrepareTestEnv(t)()
session := loginUser(t, "user1")
- csrf := GetCSRF(t, session, "/user/settings/keys")
+ csrf := GetUserCSRFToken(t, session)
req := NewRequestWithValues(t, "POST", "/user/settings/keys", map[string]string{
"_csrf": csrf,
"content": "user1",
diff --git a/tests/integration/api_org_test.go b/tests/integration/api_org_test.go
index 70d3a446f76..fff121490c9 100644
--- a/tests/integration/api_org_test.go
+++ b/tests/integration/api_org_test.go
@@ -177,7 +177,7 @@ func TestAPIGetAll(t *testing.T) {
var apiOrgList []*api.Organization
DecodeJSON(t, resp, &apiOrgList)
- assert.Len(t, apiOrgList, 12)
+ assert.Len(t, apiOrgList, 13)
assert.Equal(t, "Limited Org 36", apiOrgList[1].FullName)
assert.Equal(t, "limited", apiOrgList[1].Visibility)
@@ -186,7 +186,7 @@ func TestAPIGetAll(t *testing.T) {
resp = MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &apiOrgList)
- assert.Len(t, apiOrgList, 8)
+ assert.Len(t, apiOrgList, 9)
assert.Equal(t, "org 17", apiOrgList[0].FullName)
assert.Equal(t, "public", apiOrgList[0].Visibility)
}
diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go
index 409e7513a6e..3905ad1b703 100644
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@@ -784,7 +784,7 @@ func TestPackageContainer(t *testing.T) {
newOwnerName := "newUsername"
req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
- "_csrf": GetCSRF(t, session, "/user/settings"),
+ "_csrf": GetUserCSRFToken(t, session),
"name": newOwnerName,
"email": "user2@example.com",
"language": "en-US",
@@ -794,7 +794,7 @@ func TestPackageContainer(t *testing.T) {
t.Run(fmt.Sprintf("Catalog[%s]", newOwnerName), checkCatalog(newOwnerName))
req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
- "_csrf": GetCSRF(t, session, "/user/settings"),
+ "_csrf": GetUserCSRFToken(t, session),
"name": user.Name,
"email": "user2@example.com",
"language": "en-US",
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index 716da762e54..93c9ca0920d 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -94,9 +94,9 @@ func TestAPISearchRepo(t *testing.T) {
}{
{
name: "RepositoriesMax50", requestURL: "/api/v1/repos/search?limit=50&private=false", expectedResults: expectedResults{
- nil: {count: 35},
- user: {count: 35},
- user2: {count: 35},
+ nil: {count: 36},
+ user: {count: 36},
+ user2: {count: 36},
},
},
{
diff --git a/tests/integration/attachment_test.go b/tests/integration/attachment_test.go
index 11aa03bb7e7..30c394e9b02 100644
--- a/tests/integration/attachment_test.go
+++ b/tests/integration/attachment_test.go
@@ -57,14 +57,14 @@ func createAttachment(t *testing.T, session *TestSession, csrf, repoURL, filenam
func TestCreateAnonymousAttachment(t *testing.T) {
defer tests.PrepareTestEnv(t)()
session := emptyTestSession(t)
- createAttachment(t, session, GetCSRF(t, session, "/user/login"), "user2/repo1", "image.png", generateImg(), http.StatusSeeOther)
+ createAttachment(t, session, GetAnonymousCSRFToken(t, session), "user2/repo1", "image.png", generateImg(), http.StatusSeeOther)
}
func TestCreateIssueAttachment(t *testing.T) {
defer tests.PrepareTestEnv(t)()
const repoURL = "user2/repo1"
session := loginUser(t, "user2")
- uuid := createAttachment(t, session, GetCSRF(t, session, repoURL), repoURL, "image.png", generateImg(), http.StatusOK)
+ uuid := createAttachment(t, session, GetUserCSRFToken(t, session), repoURL, "image.png", generateImg(), http.StatusOK)
req := NewRequest(t, "GET", repoURL+"/issues/new")
resp := session.MakeRequest(t, req, http.StatusOK)
diff --git a/tests/integration/auth_ldap_test.go b/tests/integration/auth_ldap_test.go
index 317787f4031..8c8b6b02d14 100644
--- a/tests/integration/auth_ldap_test.go
+++ b/tests/integration/auth_ldap_test.go
@@ -156,8 +156,8 @@ func addAuthSourceLDAP(t *testing.T, sshKeyAttribute, groupFilter string, groupM
groupTeamMap = groupMapParams[1]
}
session := loginUser(t, "user1")
- csrf := GetCSRF(t, session, "/admin/auths/new")
- req := NewRequestWithValues(t, "POST", "/admin/auths/new", buildAuthSourceLDAPPayload(csrf, sshKeyAttribute, groupFilter, groupTeamMap, groupTeamMapRemoval))
+ csrf := GetUserCSRFToken(t, session)
+ req := NewRequestWithValues(t, "POST", "/-/admin/auths/new", buildAuthSourceLDAPPayload(csrf, sshKeyAttribute, groupFilter, groupTeamMap, groupTeamMapRemoval))
session.MakeRequest(t, req, http.StatusSeeOther)
}
@@ -187,7 +187,7 @@ func TestLDAPAuthChange(t *testing.T) {
addAuthSourceLDAP(t, "", "")
session := loginUser(t, "user1")
- req := NewRequest(t, "GET", "/admin/auths")
+ req := NewRequest(t, "GET", "/-/admin/auths")
resp := session.MakeRequest(t, req, http.StatusOK)
doc := NewHTMLParser(t, resp.Body)
href, exists := doc.Find("table.table td a").Attr("href")
@@ -252,14 +252,14 @@ func TestLDAPUserSyncWithEmptyUsernameAttribute(t *testing.T) {
defer tests.PrepareTestEnv(t)()
session := loginUser(t, "user1")
- csrf := GetCSRF(t, session, "/admin/auths/new")
+ csrf := GetUserCSRFToken(t, session)
payload := buildAuthSourceLDAPPayload(csrf, "", "", "", "")
payload["attribute_username"] = ""
- req := NewRequestWithValues(t, "POST", "/admin/auths/new", payload)
+ req := NewRequestWithValues(t, "POST", "/-/admin/auths/new", payload)
session.MakeRequest(t, req, http.StatusSeeOther)
for _, u := range gitLDAPUsers {
- req := NewRequest(t, "GET", "/admin/users?q="+u.UserName)
+ req := NewRequest(t, "GET", "/-/admin/users?q="+u.UserName)
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
@@ -487,7 +487,7 @@ func TestLDAPPreventInvalidGroupTeamMap(t *testing.T) {
defer tests.PrepareTestEnv(t)()
session := loginUser(t, "user1")
- csrf := GetCSRF(t, session, "/admin/auths/new")
- req := NewRequestWithValues(t, "POST", "/admin/auths/new", buildAuthSourceLDAPPayload(csrf, "", "", `{"NOT_A_VALID_JSON"["MISSING_DOUBLE_POINT"]}`, "off"))
+ csrf := GetUserCSRFToken(t, session)
+ req := NewRequestWithValues(t, "POST", "/-/admin/auths/new", buildAuthSourceLDAPPayload(csrf, "", "", `{"NOT_A_VALID_JSON"["MISSING_DOUBLE_POINT"]}`, "off"))
session.MakeRequest(t, req, http.StatusOK) // StatusOK = failed, StatusSeeOther = ok
}
diff --git a/tests/integration/change_default_branch_test.go b/tests/integration/change_default_branch_test.go
index 703834b7129..729eb1e4ce6 100644
--- a/tests/integration/change_default_branch_test.go
+++ b/tests/integration/change_default_branch_test.go
@@ -22,7 +22,7 @@ func TestChangeDefaultBranch(t *testing.T) {
session := loginUser(t, owner.Name)
branchesURL := fmt.Sprintf("/%s/%s/settings/branches", owner.Name, repo.Name)
- csrf := GetCSRF(t, session, branchesURL)
+ csrf := GetUserCSRFToken(t, session)
req := NewRequestWithValues(t, "POST", branchesURL, map[string]string{
"_csrf": csrf,
"action": "default_branch",
@@ -30,7 +30,7 @@ func TestChangeDefaultBranch(t *testing.T) {
})
session.MakeRequest(t, req, http.StatusSeeOther)
- csrf = GetCSRF(t, session, branchesURL)
+ csrf = GetUserCSRFToken(t, session)
req = NewRequestWithValues(t, "POST", branchesURL, map[string]string{
"_csrf": csrf,
"action": "default_branch",
diff --git a/tests/integration/delete_user_test.go b/tests/integration/delete_user_test.go
index 806b87dc4ce..ad3c8828820 100644
--- a/tests/integration/delete_user_test.go
+++ b/tests/integration/delete_user_test.go
@@ -33,7 +33,7 @@ func TestUserDeleteAccount(t *testing.T) {
defer tests.PrepareTestEnv(t)()
session := loginUser(t, "user8")
- csrf := GetCSRF(t, session, "/user/settings/account")
+ csrf := GetUserCSRFToken(t, session)
urlStr := fmt.Sprintf("/user/settings/account/delete?password=%s", userPassword)
req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
"_csrf": csrf,
@@ -48,7 +48,7 @@ func TestUserDeleteAccountStillOwnRepos(t *testing.T) {
defer tests.PrepareTestEnv(t)()
session := loginUser(t, "user2")
- csrf := GetCSRF(t, session, "/user/settings/account")
+ csrf := GetUserCSRFToken(t, session)
urlStr := fmt.Sprintf("/user/settings/account/delete?password=%s", userPassword)
req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
"_csrf": csrf,
diff --git a/tests/integration/editor_test.go b/tests/integration/editor_test.go
index f510c79bc6b..f0f71b80d1b 100644
--- a/tests/integration/editor_test.go
+++ b/tests/integration/editor_test.go
@@ -49,7 +49,7 @@ func TestCreateFileOnProtectedBranch(t *testing.T) {
onGiteaRun(t, func(t *testing.T, u *url.URL) {
session := loginUser(t, "user2")
- csrf := GetCSRF(t, session, "/user2/repo1/settings/branches")
+ csrf := GetUserCSRFToken(t, session)
// Change master branch to protected
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/edit", map[string]string{
"_csrf": csrf,
@@ -84,7 +84,7 @@ func TestCreateFileOnProtectedBranch(t *testing.T) {
assert.Contains(t, resp.Body.String(), "Cannot commit to protected branch "master".")
// remove the protected branch
- csrf = GetCSRF(t, session, "/user2/repo1/settings/branches")
+ csrf = GetUserCSRFToken(t, session)
// Change master branch to protected
req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/1/delete", map[string]string{
diff --git a/tests/integration/empty_repo_test.go b/tests/integration/empty_repo_test.go
index 002aa5600e0..630a3c03af8 100644
--- a/tests/integration/empty_repo_test.go
+++ b/tests/integration/empty_repo_test.go
@@ -29,7 +29,7 @@ import (
func testAPINewFile(t *testing.T, session *TestSession, user, repo, branch, treePath, content string) *httptest.ResponseRecorder {
url := fmt.Sprintf("/%s/%s/_new/%s", user, repo, branch)
req := NewRequestWithValues(t, "POST", url, map[string]string{
- "_csrf": GetCSRF(t, session, "/user/settings"),
+ "_csrf": GetUserCSRFToken(t, session),
"commit_choice": "direct",
"tree_path": treePath,
"content": content,
@@ -63,7 +63,7 @@ func TestEmptyRepoAddFile(t *testing.T) {
doc := NewHTMLParser(t, resp.Body).Find(`input[name="commit_choice"]`)
assert.Empty(t, doc.AttrOr("checked", "_no_"))
req = NewRequestWithValues(t, "POST", "/user30/empty/_new/"+setting.Repository.DefaultBranch, map[string]string{
- "_csrf": GetCSRF(t, session, "/user/settings"),
+ "_csrf": GetUserCSRFToken(t, session),
"commit_choice": "direct",
"tree_path": "test-file.md",
"content": "newly-added-test-file",
@@ -89,7 +89,7 @@ func TestEmptyRepoUploadFile(t *testing.T) {
body := &bytes.Buffer{}
mpForm := multipart.NewWriter(body)
- _ = mpForm.WriteField("_csrf", GetCSRF(t, session, "/user/settings"))
+ _ = mpForm.WriteField("_csrf", GetUserCSRFToken(t, session))
file, _ := mpForm.CreateFormFile("file", "uploaded-file.txt")
_, _ = io.Copy(file, bytes.NewBufferString("newly-uploaded-test-file"))
_ = mpForm.Close()
@@ -101,7 +101,7 @@ func TestEmptyRepoUploadFile(t *testing.T) {
assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), &respMap))
req = NewRequestWithValues(t, "POST", "/user30/empty/_upload/"+setting.Repository.DefaultBranch, map[string]string{
- "_csrf": GetCSRF(t, session, "/user/settings"),
+ "_csrf": GetUserCSRFToken(t, session),
"commit_choice": "direct",
"files": respMap["uuid"],
"tree_path": "",
diff --git a/tests/integration/git_test.go b/tests/integration/git_test.go
index ac56cffe5e6..76db3c69324 100644
--- a/tests/integration/git_test.go
+++ b/tests/integration/git_test.go
@@ -5,6 +5,7 @@ package integration
import (
"bytes"
+ "context"
"crypto/rand"
"encoding/hex"
"fmt"
@@ -462,7 +463,7 @@ func doBranchProtectPRMerge(baseCtx *APITestContext, dstPath string) func(t *tes
func doProtectBranch(ctx APITestContext, branch, userToWhitelistPush, userToWhitelistForcePush, unprotectedFilePatterns string) func(t *testing.T) {
// We are going to just use the owner to set the protection.
return func(t *testing.T) {
- csrf := GetCSRF(t, ctx.Session, fmt.Sprintf("/%s/%s/settings/branches", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame)))
+ csrf := GetUserCSRFToken(t, ctx.Session)
formData := map[string]string{
"_csrf": csrf,
@@ -644,7 +645,7 @@ func doPushCreate(ctx APITestContext, u *url.URL) func(t *testing.T) {
func doBranchDelete(ctx APITestContext, owner, repo, branch string) func(*testing.T) {
return func(t *testing.T) {
- csrf := GetCSRF(t, ctx.Session, fmt.Sprintf("/%s/%s/branches", url.PathEscape(owner), url.PathEscape(repo)))
+ csrf := GetUserCSRFToken(t, ctx.Session)
req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/branches/delete?name=%s", url.PathEscape(owner), url.PathEscape(repo), url.QueryEscape(branch)), map[string]string{
"_csrf": csrf,
@@ -943,3 +944,59 @@ func TestDataAsync_Issue29101(t *testing.T) {
defer r2.Close()
})
}
+
+func TestAgitPullPush(t *testing.T) {
+ onGiteaRun(t, func(t *testing.T, u *url.URL) {
+ baseAPITestContext := NewAPITestContext(t, "user2", "repo1", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+
+ u.Path = baseAPITestContext.GitPath()
+ u.User = url.UserPassword("user2", userPassword)
+
+ dstPath := t.TempDir()
+ doGitClone(dstPath, u)(t)
+
+ gitRepo, err := git.OpenRepository(context.Background(), dstPath)
+ assert.NoError(t, err)
+ defer gitRepo.Close()
+
+ doGitCreateBranch(dstPath, "test-agit-push")
+
+ // commit 1
+ _, err = generateCommitWithNewData(littleSize, dstPath, "user2@example.com", "User Two", "branch-data-file-")
+ assert.NoError(t, err)
+
+ // push to create an agit pull request
+ err = git.NewCommand(git.DefaultContext, "push", "origin",
+ "-o", "title=test-title", "-o", "description=test-description",
+ "HEAD:refs/for/master/test-agit-push",
+ ).Run(&git.RunOpts{Dir: dstPath})
+ assert.NoError(t, err)
+
+ // check pull request exist
+ pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{BaseRepoID: 1, Flow: issues_model.PullRequestFlowAGit, HeadBranch: "user2/test-agit-push"})
+ assert.NoError(t, pr.LoadIssue(db.DefaultContext))
+ assert.Equal(t, "test-title", pr.Issue.Title)
+ assert.Equal(t, "test-description", pr.Issue.Content)
+
+ // commit 2
+ _, err = generateCommitWithNewData(littleSize, dstPath, "user2@example.com", "User Two", "branch-data-file-2-")
+ assert.NoError(t, err)
+
+ // push 2
+ err = git.NewCommand(git.DefaultContext, "push", "origin", "HEAD:refs/for/master/test-agit-push").Run(&git.RunOpts{Dir: dstPath})
+ assert.NoError(t, err)
+
+ // reset to first commit
+ err = git.NewCommand(git.DefaultContext, "reset", "--hard", "HEAD~1").Run(&git.RunOpts{Dir: dstPath})
+ assert.NoError(t, err)
+
+ // test force push without confirm
+ _, stderr, err := git.NewCommand(git.DefaultContext, "push", "origin", "HEAD:refs/for/master/test-agit-push").RunStdString(&git.RunOpts{Dir: dstPath})
+ assert.Error(t, err)
+ assert.Contains(t, stderr, "[remote rejected] HEAD -> refs/for/master/test-agit-push (request `force-push` push option)")
+
+ // test force push with confirm
+ err = git.NewCommand(git.DefaultContext, "push", "origin", "HEAD:refs/for/master/test-agit-push", "-o", "force-push").Run(&git.RunOpts{Dir: dstPath})
+ assert.NoError(t, err)
+ })
+}
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index 1f12430fcfb..f72ac5f51c3 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -486,23 +486,19 @@ func VerifyJSONSchema(t testing.TB, resp *httptest.ResponseRecorder, schemaFile
assert.True(t, result.Valid())
}
-// GetCSRF returns CSRF token from body
-// If it fails, it means the CSRF token is not found in the response body returned by the url with the given session.
-// In this case, you should find a better url to get it.
-func GetCSRF(t testing.TB, session *TestSession, urlStr string) string {
+// GetUserCSRFToken returns CSRF token for current user
+func GetUserCSRFToken(t testing.TB, session *TestSession) string {
t.Helper()
- req := NewRequest(t, "GET", urlStr)
- resp := session.MakeRequest(t, req, http.StatusOK)
- doc := NewHTMLParser(t, resp.Body)
- csrf := doc.GetCSRF()
- require.NotEmpty(t, csrf)
- return csrf
+ cookie := session.GetCookie("_csrf")
+ require.NotEmpty(t, cookie)
+ return cookie.Value
}
-// GetCSRFFrom returns CSRF token from body
-func GetCSRFFromCookie(t testing.TB, session *TestSession, urlStr string) string {
+// GetUserCSRFToken returns CSRF token for anonymous user (not logged in)
+func GetAnonymousCSRFToken(t testing.TB, session *TestSession) string {
t.Helper()
- req := NewRequest(t, "GET", urlStr)
- session.MakeRequest(t, req, http.StatusOK)
- return session.GetCookie("_csrf").Value
+ resp := session.MakeRequest(t, NewRequest(t, "GET", "/user/login"), http.StatusOK)
+ csrfToken := NewHTMLParser(t, resp.Body).GetCSRF()
+ require.NotEmpty(t, csrfToken)
+ return csrfToken
}
diff --git a/tests/integration/issue_test.go b/tests/integration/issue_test.go
index 308b82d4b95..df45da84a55 100644
--- a/tests/integration/issue_test.go
+++ b/tests/integration/issue_test.go
@@ -197,21 +197,21 @@ func TestEditIssue(t *testing.T) {
issueURL := testNewIssue(t, session, "user2", "repo1", "Title", "Description")
req := NewRequestWithValues(t, "POST", fmt.Sprintf("%s/content", issueURL), map[string]string{
- "_csrf": GetCSRF(t, session, issueURL),
+ "_csrf": GetUserCSRFToken(t, session),
"content": "modified content",
"context": fmt.Sprintf("/%s/%s", "user2", "repo1"),
})
session.MakeRequest(t, req, http.StatusOK)
req = NewRequestWithValues(t, "POST", fmt.Sprintf("%s/content", issueURL), map[string]string{
- "_csrf": GetCSRF(t, session, issueURL),
+ "_csrf": GetUserCSRFToken(t, session),
"content": "modified content",
"context": fmt.Sprintf("/%s/%s", "user2", "repo1"),
})
session.MakeRequest(t, req, http.StatusBadRequest)
req = NewRequestWithValues(t, "POST", fmt.Sprintf("%s/content", issueURL), map[string]string{
- "_csrf": GetCSRF(t, session, issueURL),
+ "_csrf": GetUserCSRFToken(t, session),
"content": "modified content",
"content_version": "1",
"context": fmt.Sprintf("/%s/%s", "user2", "repo1"),
@@ -246,11 +246,11 @@ func TestIssueCommentDelete(t *testing.T) {
// Using the ID of a comment that does not belong to the repository must fail
req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d/delete", "user5", "repo4", commentID), map[string]string{
- "_csrf": GetCSRF(t, session, issueURL),
+ "_csrf": GetUserCSRFToken(t, session),
})
session.MakeRequest(t, req, http.StatusNotFound)
req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d/delete", "user2", "repo1", commentID), map[string]string{
- "_csrf": GetCSRF(t, session, issueURL),
+ "_csrf": GetUserCSRFToken(t, session),
})
session.MakeRequest(t, req, http.StatusOK)
unittest.AssertNotExistsBean(t, &issues_model.Comment{ID: commentID})
@@ -270,13 +270,13 @@ func TestIssueCommentUpdate(t *testing.T) {
// Using the ID of a comment that does not belong to the repository must fail
req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d", "user5", "repo4", commentID), map[string]string{
- "_csrf": GetCSRF(t, session, issueURL),
+ "_csrf": GetUserCSRFToken(t, session),
"content": modifiedContent,
})
session.MakeRequest(t, req, http.StatusNotFound)
req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d", "user2", "repo1", commentID), map[string]string{
- "_csrf": GetCSRF(t, session, issueURL),
+ "_csrf": GetUserCSRFToken(t, session),
"content": modifiedContent,
})
session.MakeRequest(t, req, http.StatusOK)
@@ -298,7 +298,7 @@ func TestIssueCommentUpdateSimultaneously(t *testing.T) {
modifiedContent := comment.Content + "MODIFIED"
req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d", "user2", "repo1", commentID), map[string]string{
- "_csrf": GetCSRF(t, session, issueURL),
+ "_csrf": GetUserCSRFToken(t, session),
"content": modifiedContent,
})
session.MakeRequest(t, req, http.StatusOK)
@@ -306,13 +306,13 @@ func TestIssueCommentUpdateSimultaneously(t *testing.T) {
modifiedContent = comment.Content + "2"
req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d", "user2", "repo1", commentID), map[string]string{
- "_csrf": GetCSRF(t, session, issueURL),
+ "_csrf": GetUserCSRFToken(t, session),
"content": modifiedContent,
})
session.MakeRequest(t, req, http.StatusBadRequest)
req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d", "user2", "repo1", commentID), map[string]string{
- "_csrf": GetCSRF(t, session, issueURL),
+ "_csrf": GetUserCSRFToken(t, session),
"content": modifiedContent,
"content_version": "1",
})
diff --git a/tests/integration/mirror_push_test.go b/tests/integration/mirror_push_test.go
index 1c262b33496..6b1c808cf46 100644
--- a/tests/integration/mirror_push_test.go
+++ b/tests/integration/mirror_push_test.go
@@ -81,7 +81,7 @@ func testMirrorPush(t *testing.T, u *url.URL) {
func doCreatePushMirror(ctx APITestContext, address, username, password string) func(t *testing.T) {
return func(t *testing.T) {
- csrf := GetCSRF(t, ctx.Session, fmt.Sprintf("/%s/%s/settings", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame)))
+ csrf := GetUserCSRFToken(t, ctx.Session)
req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame)), map[string]string{
"_csrf": csrf,
@@ -101,7 +101,7 @@ func doCreatePushMirror(ctx APITestContext, address, username, password string)
func doRemovePushMirror(ctx APITestContext, address, username, password string, pushMirrorID int) func(t *testing.T) {
return func(t *testing.T) {
- csrf := GetCSRF(t, ctx.Session, fmt.Sprintf("/%s/%s/settings", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame)))
+ csrf := GetUserCSRFToken(t, ctx.Session)
req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame)), map[string]string{
"_csrf": csrf,
diff --git a/tests/integration/nonascii_branches_test.go b/tests/integration/nonascii_branches_test.go
index a189273eacd..e5934a148d8 100644
--- a/tests/integration/nonascii_branches_test.go
+++ b/tests/integration/nonascii_branches_test.go
@@ -17,7 +17,7 @@ import (
func setDefaultBranch(t *testing.T, session *TestSession, user, repo, branch string) {
location := path.Join("/", user, repo, "settings/branches")
- csrf := GetCSRF(t, session, location)
+ csrf := GetUserCSRFToken(t, session)
req := NewRequestWithValues(t, "POST", location, map[string]string{
"_csrf": csrf,
"action": "default_branch",
diff --git a/tests/integration/org_project_test.go b/tests/integration/org_project_test.go
index 31d10f16ff1..c3894fd7afd 100644
--- a/tests/integration/org_project_test.go
+++ b/tests/integration/org_project_test.go
@@ -34,7 +34,7 @@ func TestOrgProjectAccess(t *testing.T) {
// change the org's visibility to private
session := loginUser(t, "user2")
req = NewRequestWithValues(t, "POST", "/org/org3/settings", map[string]string{
- "_csrf": GetCSRF(t, session, "/org3/-/projects"),
+ "_csrf": GetUserCSRFToken(t, session),
"name": "org3",
"visibility": "2",
})
@@ -48,7 +48,7 @@ func TestOrgProjectAccess(t *testing.T) {
// disable team1's project unit
session = loginUser(t, "user2")
req = NewRequestWithValues(t, "POST", "/org/org3/teams/team1/edit", map[string]string{
- "_csrf": GetCSRF(t, session, "/org3/-/projects"),
+ "_csrf": GetUserCSRFToken(t, session),
"team_name": "team1",
"repo_access": "specific",
"permission": "read",
diff --git a/tests/integration/org_team_invite_test.go b/tests/integration/org_team_invite_test.go
index 919769a61a2..274fde40850 100644
--- a/tests/integration/org_team_invite_test.go
+++ b/tests/integration/org_team_invite_test.go
@@ -40,7 +40,7 @@ func TestOrgTeamEmailInvite(t *testing.T) {
session := loginUser(t, "user1")
teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name)
- csrf := GetCSRF(t, session, teamURL)
+ csrf := GetUserCSRFToken(t, session)
req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{
"_csrf": csrf,
"uid": "1",
@@ -59,7 +59,7 @@ func TestOrgTeamEmailInvite(t *testing.T) {
// join the team
inviteURL := fmt.Sprintf("/org/invite/%s", invites[0].Token)
- csrf = GetCSRF(t, session, inviteURL)
+ csrf = GetUserCSRFToken(t, session)
req = NewRequestWithValues(t, "POST", inviteURL, map[string]string{
"_csrf": csrf,
})
@@ -94,7 +94,7 @@ func TestOrgTeamEmailInviteRedirectsExistingUser(t *testing.T) {
teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name)
req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{
- "_csrf": GetCSRF(t, session, teamURL),
+ "_csrf": GetUserCSRFToken(t, session),
"uid": "1",
"uname": user.Email,
})
@@ -137,7 +137,7 @@ func TestOrgTeamEmailInviteRedirectsExistingUser(t *testing.T) {
// make the request
req = NewRequestWithValues(t, "POST", test.RedirectURL(resp), map[string]string{
- "_csrf": GetCSRF(t, session, test.RedirectURL(resp)),
+ "_csrf": GetUserCSRFToken(t, session),
})
resp = session.MakeRequest(t, req, http.StatusSeeOther)
req = NewRequest(t, "GET", test.RedirectURL(resp))
@@ -165,7 +165,7 @@ func TestOrgTeamEmailInviteRedirectsNewUser(t *testing.T) {
teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name)
req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{
- "_csrf": GetCSRF(t, session, teamURL),
+ "_csrf": GetUserCSRFToken(t, session),
"uid": "1",
"uname": "doesnotexist@example.com",
})
@@ -210,7 +210,7 @@ func TestOrgTeamEmailInviteRedirectsNewUser(t *testing.T) {
// make the redirected request
req = NewRequestWithValues(t, "POST", test.RedirectURL(resp), map[string]string{
- "_csrf": GetCSRF(t, session, test.RedirectURL(resp)),
+ "_csrf": GetUserCSRFToken(t, session),
})
resp = session.MakeRequest(t, req, http.StatusSeeOther)
req = NewRequest(t, "GET", test.RedirectURL(resp))
@@ -233,22 +233,18 @@ func TestOrgTeamEmailInviteRedirectsNewUserWithActivation(t *testing.T) {
}
// enable email confirmation temporarily
- defer func(prevVal bool) {
- setting.Service.RegisterEmailConfirm = prevVal
- }(setting.Service.RegisterEmailConfirm)
- setting.Service.RegisterEmailConfirm = true
-
+ defer test.MockVariableValue(&setting.Service.RegisterEmailConfirm, true)()
defer tests.PrepareTestEnv(t)()
org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})
team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2})
- // create the invite
+ // user1: create the invite
session := loginUser(t, "user1")
teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name)
req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{
- "_csrf": GetCSRF(t, session, teamURL),
+ "_csrf": GetUserCSRFToken(t, session),
"uid": "1",
"uname": "doesnotexist@example.com",
})
@@ -261,53 +257,34 @@ func TestOrgTeamEmailInviteRedirectsNewUserWithActivation(t *testing.T) {
assert.NoError(t, err)
assert.Len(t, invites, 1)
- // accept the invite
+ // new user: accept the invite
+ session = emptyTestSession(t)
+
inviteURL := fmt.Sprintf("/org/invite/%s", invites[0].Token)
req = NewRequest(t, "GET", fmt.Sprintf("/user/sign_up?redirect_to=%s", url.QueryEscape(inviteURL)))
- inviteResp := MakeRequest(t, req, http.StatusOK)
-
- doc := NewHTMLParser(t, resp.Body)
+ session.MakeRequest(t, req, http.StatusOK)
req = NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
- "_csrf": doc.GetCSRF(),
"user_name": "doesnotexist",
"email": "doesnotexist@example.com",
"password": "examplePassword!1",
"retype": "examplePassword!1",
})
- for _, c := range inviteResp.Result().Cookies() {
- req.AddCookie(c)
- }
-
- resp = MakeRequest(t, req, http.StatusOK)
+ session.MakeRequest(t, req, http.StatusOK)
user, err := user_model.GetUserByName(db.DefaultContext, "doesnotexist")
assert.NoError(t, err)
- ch := http.Header{}
- ch.Add("Cookie", strings.Join(resp.Header()["Set-Cookie"], ";"))
- cr := http.Request{Header: ch}
-
- session = emptyTestSession(t)
- baseURL, err := url.Parse(setting.AppURL)
- assert.NoError(t, err)
- session.jar.SetCookies(baseURL, cr.Cookies())
-
activateURL := fmt.Sprintf("/user/activate?code=%s", user.GenerateEmailActivateCode("doesnotexist@example.com"))
req = NewRequestWithValues(t, "POST", activateURL, map[string]string{
"password": "examplePassword!1",
})
- // use the cookies set by the signup request
- for _, c := range inviteResp.Result().Cookies() {
- req.AddCookie(c)
- }
-
resp = session.MakeRequest(t, req, http.StatusSeeOther)
// should be redirected to accept the invite
assert.Equal(t, inviteURL, test.RedirectURL(resp))
req = NewRequestWithValues(t, "POST", test.RedirectURL(resp), map[string]string{
- "_csrf": GetCSRF(t, session, test.RedirectURL(resp)),
+ "_csrf": GetUserCSRFToken(t, session),
})
resp = session.MakeRequest(t, req, http.StatusSeeOther)
req = NewRequest(t, "GET", test.RedirectURL(resp))
@@ -342,7 +319,7 @@ func TestOrgTeamEmailInviteRedirectsExistingUserWithLogin(t *testing.T) {
teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name)
req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{
- "_csrf": GetCSRF(t, session, teamURL),
+ "_csrf": GetUserCSRFToken(t, session),
"uid": "1",
"uname": user.Email,
})
@@ -366,7 +343,7 @@ func TestOrgTeamEmailInviteRedirectsExistingUserWithLogin(t *testing.T) {
// make the request
req = NewRequestWithValues(t, "POST", test.RedirectURL(resp), map[string]string{
- "_csrf": GetCSRF(t, session, test.RedirectURL(resp)),
+ "_csrf": GetUserCSRFToken(t, session),
})
resp = session.MakeRequest(t, req, http.StatusSeeOther)
req = NewRequest(t, "GET", test.RedirectURL(resp))
diff --git a/tests/integration/privateactivity_test.go b/tests/integration/privateactivity_test.go
index 5362462f7df..a1fbadec99e 100644
--- a/tests/integration/privateactivity_test.go
+++ b/tests/integration/privateactivity_test.go
@@ -48,7 +48,7 @@ func testPrivateActivityDoSomethingForActionEntries(t *testing.T) {
func testPrivateActivityHelperEnablePrivateActivity(t *testing.T) {
session := loginUser(t, privateActivityTestUser)
req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
- "_csrf": GetCSRF(t, session, "/user/settings"),
+ "_csrf": GetUserCSRFToken(t, session),
"name": privateActivityTestUser,
"email": privateActivityTestUser + "@example.com",
"language": "en-US",
diff --git a/tests/integration/pull_compare_test.go b/tests/integration/pull_compare_test.go
index aed699fd200..def6506253f 100644
--- a/tests/integration/pull_compare_test.go
+++ b/tests/integration/pull_compare_test.go
@@ -14,6 +14,7 @@ import (
repo_model "code.gitea.io/gitea/models/repo"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
+ "code.gitea.io/gitea/modules/test"
repo_service "code.gitea.io/gitea/services/repository"
"code.gitea.io/gitea/tests"
@@ -73,3 +74,80 @@ func TestPullCompare(t *testing.T) {
assert.EqualValues(t, editButtonCount, 0, "Expected not to find a button to edit a file in the PR diff view because head repository has been deleted")
})
}
+
+func TestPullCompare_EnableAllowEditsFromMaintainer(t *testing.T) {
+ onGiteaRun(t, func(t *testing.T, u *url.URL) {
+ // repo3 is private
+ repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3})
+ assert.True(t, repo3.IsPrivate)
+
+ // user4 forks repo3
+ user4Session := loginUser(t, "user4")
+ forkedRepoName := "user4-forked-repo3"
+ testRepoFork(t, user4Session, repo3.OwnerName, repo3.Name, "user4", forkedRepoName, "")
+ forkedRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerName: "user4", Name: forkedRepoName})
+ assert.True(t, forkedRepo.IsPrivate)
+
+ // user4 creates a new branch and a PR
+ testEditFileToNewBranch(t, user4Session, "user4", forkedRepoName, "master", "user4/update-readme", "README.md", "Hello, World\n(Edited by user4)\n")
+ resp := testPullCreateDirectly(t, user4Session, repo3.OwnerName, repo3.Name, "master", "user4", forkedRepoName, "user4/update-readme", "PR for user4 forked repo3")
+ prURL := test.RedirectURL(resp)
+
+ // user2 (admin of repo3) goes to the PR files page
+ user2Session := loginUser(t, "user2")
+ resp = user2Session.MakeRequest(t, NewRequest(t, "GET", fmt.Sprintf("%s/files", prURL)), http.StatusOK)
+ htmlDoc := NewHTMLParser(t, resp.Body)
+ nodes := htmlDoc.doc.Find(".diff-file-box[data-new-filename=\"README.md\"] .diff-file-header-actions .dropdown .menu a")
+ if assert.Equal(t, 1, nodes.Length()) {
+ // there is only "View File" button, no "Edit File" button
+ assert.Equal(t, "View File", nodes.First().Text())
+ viewFileLink, exists := nodes.First().Attr("href")
+ if assert.True(t, exists) {
+ user2Session.MakeRequest(t, NewRequest(t, "GET", viewFileLink), http.StatusOK)
+ }
+ }
+
+ // user4 goes to the PR page and enable "Allow maintainers to edit"
+ resp = user4Session.MakeRequest(t, NewRequest(t, "GET", prURL), http.StatusOK)
+ htmlDoc = NewHTMLParser(t, resp.Body)
+ dataURL, exists := htmlDoc.doc.Find("#allow-edits-from-maintainers").Attr("data-url")
+ assert.True(t, exists)
+ req := NewRequestWithValues(t, "POST", fmt.Sprintf("%s/set_allow_maintainer_edit", dataURL), map[string]string{
+ "_csrf": htmlDoc.GetCSRF(),
+ "allow_maintainer_edit": "true",
+ })
+ user4Session.MakeRequest(t, req, http.StatusOK)
+
+ // user2 (admin of repo3) goes to the PR files page again
+ resp = user2Session.MakeRequest(t, NewRequest(t, "GET", fmt.Sprintf("%s/files", prURL)), http.StatusOK)
+ htmlDoc = NewHTMLParser(t, resp.Body)
+ nodes = htmlDoc.doc.Find(".diff-file-box[data-new-filename=\"README.md\"] .diff-file-header-actions .dropdown .menu a")
+ if assert.Equal(t, 2, nodes.Length()) {
+ // there are "View File" button and "Edit File" button
+ assert.Equal(t, "View File", nodes.First().Text())
+ viewFileLink, exists := nodes.First().Attr("href")
+ if assert.True(t, exists) {
+ user2Session.MakeRequest(t, NewRequest(t, "GET", viewFileLink), http.StatusOK)
+ }
+
+ assert.Equal(t, "Edit File", nodes.Last().Text())
+ editFileLink, exists := nodes.Last().Attr("href")
+ if assert.True(t, exists) {
+ // edit the file
+ resp := user2Session.MakeRequest(t, NewRequest(t, "GET", editFileLink), http.StatusOK)
+ htmlDoc := NewHTMLParser(t, resp.Body)
+ lastCommit := htmlDoc.GetInputValueByName("last_commit")
+ assert.NotEmpty(t, lastCommit)
+ req := NewRequestWithValues(t, "POST", editFileLink, map[string]string{
+ "_csrf": htmlDoc.GetCSRF(),
+ "last_commit": lastCommit,
+ "tree_path": "README.md",
+ "content": "File is edited by the maintainer user2",
+ "commit_summary": "user2 updated the file",
+ "commit_choice": "direct",
+ })
+ user2Session.MakeRequest(t, req, http.StatusSeeOther)
+ }
+ }
+ })
+}
diff --git a/tests/integration/pull_merge_test.go b/tests/integration/pull_merge_test.go
index 9a412329a1c..c1c8a8bf4e8 100644
--- a/tests/integration/pull_merge_test.go
+++ b/tests/integration/pull_merge_test.go
@@ -694,7 +694,7 @@ func TestPullAutoMergeAfterCommitStatusSucceed(t *testing.T) {
})
// add protected branch for commit status
- csrf := GetCSRF(t, session, "/user2/repo1/settings/branches")
+ csrf := GetUserCSRFToken(t, session)
// Change master branch to protected
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/edit", map[string]string{
"_csrf": csrf,
@@ -777,7 +777,7 @@ func TestPullAutoMergeAfterCommitStatusSucceedAndApproval(t *testing.T) {
})
// add protected branch for commit status
- csrf := GetCSRF(t, session, "/user2/repo1/settings/branches")
+ csrf := GetUserCSRFToken(t, session)
// Change master branch to protected
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/edit", map[string]string{
"_csrf": csrf,
@@ -905,7 +905,7 @@ func TestPullAutoMergeAfterCommitStatusSucceedAndApprovalForAgitFlow(t *testing.
session := loginUser(t, "user1")
// add protected branch for commit status
- csrf := GetCSRF(t, session, "/user2/repo1/settings/branches")
+ csrf := GetUserCSRFToken(t, session)
// Change master branch to protected
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/edit", map[string]string{
"_csrf": csrf,
diff --git a/tests/integration/pull_status_test.go b/tests/integration/pull_status_test.go
index 26e1baeb113..ac9036ca962 100644
--- a/tests/integration/pull_status_test.go
+++ b/tests/integration/pull_status_test.go
@@ -29,7 +29,7 @@ func TestPullCreate_CommitStatus(t *testing.T) {
url := path.Join("user1", "repo1", "compare", "master...status1")
req := NewRequestWithValues(t, "POST", url,
map[string]string{
- "_csrf": GetCSRF(t, session, url),
+ "_csrf": GetUserCSRFToken(t, session),
"title": "pull request from status1",
},
)
@@ -129,7 +129,7 @@ func TestPullCreate_EmptyChangesWithDifferentCommits(t *testing.T) {
url := path.Join("user1", "repo1", "compare", "master...status1")
req := NewRequestWithValues(t, "POST", url,
map[string]string{
- "_csrf": GetCSRF(t, session, url),
+ "_csrf": GetUserCSRFToken(t, session),
"title": "pull request from status1",
},
)
@@ -152,7 +152,7 @@ func TestPullCreate_EmptyChangesWithSameCommits(t *testing.T) {
url := path.Join("user1", "repo1", "compare", "master...status1")
req := NewRequestWithValues(t, "POST", url,
map[string]string{
- "_csrf": GetCSRF(t, session, url),
+ "_csrf": GetUserCSRFToken(t, session),
"title": "pull request from status1",
},
)
diff --git a/tests/integration/rename_branch_test.go b/tests/integration/rename_branch_test.go
index 71bfb6b6cb2..576264ba951 100644
--- a/tests/integration/rename_branch_test.go
+++ b/tests/integration/rename_branch_test.go
@@ -54,7 +54,7 @@ func testRenameBranch(t *testing.T, u *url.URL) {
assert.Equal(t, "main", repo1.DefaultBranch)
// create branch1
- csrf := GetCSRF(t, session, "/user2/repo1/src/branch/main")
+ csrf := GetUserCSRFToken(t, session)
req = NewRequestWithValues(t, "POST", "/user2/repo1/branches/_new/branch/main", map[string]string{
"_csrf": csrf,
diff --git a/tests/integration/repo_branch_test.go b/tests/integration/repo_branch_test.go
index f5217374b00..6d1cc8afcf1 100644
--- a/tests/integration/repo_branch_test.go
+++ b/tests/integration/repo_branch_test.go
@@ -27,14 +27,7 @@ import (
)
func testCreateBranch(t testing.TB, session *TestSession, user, repo, oldRefSubURL, newBranchName string, expectedStatus int) string {
- var csrf string
- if expectedStatus == http.StatusNotFound {
- // src/branch/branch_name may not container "_csrf" input,
- // so we need to get it from cookies not from body
- csrf = GetCSRFFromCookie(t, session, path.Join(user, repo, "src/branch/master"))
- } else {
- csrf = GetCSRFFromCookie(t, session, path.Join(user, repo, "src", oldRefSubURL))
- }
+ csrf := GetUserCSRFToken(t, session)
req := NewRequestWithValues(t, "POST", path.Join(user, repo, "branches/_new", oldRefSubURL), map[string]string{
"_csrf": csrf,
"new_branch_name": newBranchName,
diff --git a/tests/integration/signin_test.go b/tests/integration/signin_test.go
index 77e19bba963..886d4a82593 100644
--- a/tests/integration/signin_test.go
+++ b/tests/integration/signin_test.go
@@ -21,7 +21,6 @@ import (
func testLoginFailed(t *testing.T, username, password, message string) {
session := emptyTestSession(t)
req := NewRequestWithValues(t, "POST", "/user/login", map[string]string{
- "_csrf": GetCSRF(t, session, "/user/login"),
"user_name": username,
"password": password,
})
@@ -68,7 +67,6 @@ func TestSigninWithRememberMe(t *testing.T) {
session := emptyTestSession(t)
req := NewRequestWithValues(t, "POST", "/user/login", map[string]string{
- "_csrf": GetCSRF(t, session, "/user/login"),
"user_name": user.Name,
"password": userPassword,
"remember": "on",
diff --git a/tests/integration/user_avatar_test.go b/tests/integration/user_avatar_test.go
index ec5813df0d5..caca9a3e560 100644
--- a/tests/integration/user_avatar_test.go
+++ b/tests/integration/user_avatar_test.go
@@ -37,7 +37,7 @@ func TestUserAvatar(t *testing.T) {
}
session := loginUser(t, "user2")
- csrf := GetCSRF(t, session, "/user/settings")
+ csrf := GetUserCSRFToken(t, session)
imgData := &bytes.Buffer{}
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
index c4544f37aa3..99e413c6d95 100644
--- a/tests/integration/user_test.go
+++ b/tests/integration/user_test.go
@@ -5,6 +5,7 @@ package integration
import (
"net/http"
+ "strings"
"testing"
auth_model "code.gitea.io/gitea/models/auth"
@@ -33,7 +34,7 @@ func TestRenameUsername(t *testing.T) {
session := loginUser(t, "user2")
req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
- "_csrf": GetCSRF(t, session, "/user/settings"),
+ "_csrf": GetUserCSRFToken(t, session),
"name": "newUsername",
"email": "user2@example.com",
"language": "en-US",
@@ -77,7 +78,7 @@ func TestRenameInvalidUsername(t *testing.T) {
t.Logf("Testing username %s", invalidUsername)
req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
- "_csrf": GetCSRF(t, session, "/user/settings"),
+ "_csrf": GetUserCSRFToken(t, session),
"name": invalidUsername,
"email": "user2@example.com",
})
@@ -97,45 +98,15 @@ func TestRenameReservedUsername(t *testing.T) {
reservedUsernames := []string{
// ".", "..", ".well-known", // The names are not only reserved but also invalid
- "admin",
"api",
- "assets",
- "attachments",
- "avatar",
- "avatars",
- "captcha",
- "commits",
- "debug",
- "error",
- "explore",
- "favicon.ico",
- "ghost",
- "issues",
- "login",
- "manifest.json",
- "metrics",
- "milestones",
- "new",
- "notifications",
- "org",
- "pulls",
- "raw",
- "repo",
- "repo-avatars",
- "robots.txt",
- "search",
- "serviceworker.js",
- "ssh_info",
- "swagger.v1.json",
- "user",
- "v2",
+ "name.keys",
}
session := loginUser(t, "user2")
+ locale := translation.NewLocale("en-US")
for _, reservedUsername := range reservedUsernames {
- t.Logf("Testing username %s", reservedUsername)
req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
- "_csrf": GetCSRF(t, session, "/user/settings"),
+ "_csrf": GetUserCSRFToken(t, session),
"name": reservedUsername,
"email": "user2@example.com",
"language": "en-US",
@@ -145,11 +116,12 @@ func TestRenameReservedUsername(t *testing.T) {
req = NewRequest(t, "GET", test.RedirectURL(resp))
resp = session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
- assert.Contains(t,
- htmlDoc.doc.Find(".ui.negative.message").Text(),
- translation.NewLocale("en-US").TrString("user.form.name_reserved", reservedUsername),
- )
-
+ actualMsg := strings.TrimSpace(htmlDoc.doc.Find(".ui.negative.message").Text())
+ expectedMsg := locale.TrString("user.form.name_reserved", reservedUsername)
+ if strings.Contains(reservedUsername, ".") {
+ expectedMsg = locale.TrString("user.form.name_pattern_not_allowed", reservedUsername)
+ }
+ assert.Equal(t, expectedMsg, actualMsg)
unittest.AssertNotExistsBean(t, &user_model.User{Name: reservedUsername})
}
}
@@ -293,7 +265,7 @@ func TestUserLocationMapLink(t *testing.T) {
session := loginUser(t, "user2")
req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
- "_csrf": GetCSRF(t, session, "/user/settings"),
+ "_csrf": GetUserCSRFToken(t, session),
"name": "user2",
"email": "user@example.com",
"language": "en-US",
diff --git a/tests/integration/xss_test.go b/tests/integration/xss_test.go
index e575ed3990c..a8eaa5fc624 100644
--- a/tests/integration/xss_test.go
+++ b/tests/integration/xss_test.go
@@ -21,7 +21,7 @@ func TestXSSUserFullName(t *testing.T) {
session := loginUser(t, user.Name)
req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
- "_csrf": GetCSRF(t, session, "/user/settings"),
+ "_csrf": GetUserCSRFToken(t, session),
"name": user.Name,
"full_name": fullName,
"email": user.Email,
diff --git a/web_src/js/components/DashboardRepoList.vue b/web_src/js/components/DashboardRepoList.vue
index ce165b1b3df..986fcc11814 100644
--- a/web_src/js/components/DashboardRepoList.vue
+++ b/web_src/js/components/DashboardRepoList.vue
@@ -362,9 +362,9 @@ export default sfc; // activate the IDE's Vue plugin