mirror of
https://codeberg.org/forgejo/forgejo
synced 2025-10-19 02:20:42 +02:00
82ad5189fe
Adds two foreign keys:
- `access.user_id` -> `user`
- `access.repo_id` -> `repository`
Testing:
- Existing automated test suite
- Minor adjustments required to `reverseproxy_test.go`
- Test failures caused a reorganization of delete operations in `DeleteRepositoryDirectly`
- Manually tested
- On "user" and "repo" Collaborator page, added, removed, and changed the access-level of collaborators
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
- [PR](https://codeberg.org/forgejo/forgejo/pulls/9557): <!--number 9557 --><!--line 0 --><!--description YWRkIGZvcmVpZ24ga2V5cyB0byB0aGUgYGFjY2Vzc2AgdGFibGU=-->add foreign keys to the `access` table<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9557
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
193 lines
6.6 KiB
Go
193 lines
6.6 KiB
Go
// Copyright 2024 The Forgejo Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package integration
|
|
|
|
import (
|
|
"fmt"
|
|
"net/url"
|
|
"testing"
|
|
|
|
auth_model "forgejo.org/models/auth"
|
|
"forgejo.org/models/db"
|
|
"forgejo.org/models/unittest"
|
|
user_model "forgejo.org/models/user"
|
|
"forgejo.org/tests"
|
|
|
|
"github.com/go-webauthn/webauthn/webauthn"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func Test_Cmd_AdminUser(t *testing.T) {
|
|
onApplicationRun(t, func(*testing.T, *url.URL) {
|
|
for i, testCase := range []struct {
|
|
name string
|
|
options []string
|
|
mustChangePassword bool
|
|
}{
|
|
{
|
|
name: "default",
|
|
options: []string{},
|
|
mustChangePassword: true,
|
|
},
|
|
{
|
|
name: "--must-change-password=false",
|
|
options: []string{"--must-change-password=false"},
|
|
mustChangePassword: false,
|
|
},
|
|
{
|
|
name: "--must-change-password=true",
|
|
options: []string{"--must-change-password=true"},
|
|
mustChangePassword: true,
|
|
},
|
|
{
|
|
name: "--must-change-password",
|
|
options: []string{"--must-change-password"},
|
|
mustChangePassword: true,
|
|
},
|
|
} {
|
|
t.Run(testCase.name, func(t *testing.T) {
|
|
defer tests.PrintCurrentTest(t)()
|
|
name := fmt.Sprintf("testuser%d", i)
|
|
|
|
options := []string{"user", "create", "--username", name, "--password", "password", "--email", name + "@example.com"}
|
|
options = append(options, testCase.options...)
|
|
output, err := runMainApp("admin", options...)
|
|
require.NoError(t, err)
|
|
assert.Contains(t, output, "has been successfully created")
|
|
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: name})
|
|
assert.Equal(t, testCase.mustChangePassword, user.MustChangePassword)
|
|
|
|
options = []string{"user", "change-password", "--username", name, "--password", "password"}
|
|
options = append(options, testCase.options...)
|
|
output, err = runMainApp("admin", options...)
|
|
require.NoError(t, err)
|
|
assert.Contains(t, output, "has been successfully updated")
|
|
user = unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: name})
|
|
assert.Equal(t, testCase.mustChangePassword, user.MustChangePassword)
|
|
|
|
_, err = runMainApp("admin", "user", "delete", "--username", name)
|
|
require.NoError(t, err)
|
|
unittest.AssertNotExistsBean(t, &user_model.User{Name: name})
|
|
})
|
|
}
|
|
})
|
|
}
|
|
|
|
func Test_Cmd_AdminFirstUser(t *testing.T) {
|
|
onApplicationRun(t, func(*testing.T, *url.URL) {
|
|
for _, testCase := range []struct {
|
|
name string
|
|
options []string
|
|
mustChangePassword bool
|
|
isAdmin bool
|
|
}{
|
|
{
|
|
name: "default",
|
|
options: []string{},
|
|
mustChangePassword: false,
|
|
isAdmin: false,
|
|
},
|
|
{
|
|
name: "--must-change-password=false",
|
|
options: []string{"--must-change-password=false"},
|
|
mustChangePassword: false,
|
|
isAdmin: false,
|
|
},
|
|
{
|
|
name: "--must-change-password=true",
|
|
options: []string{"--must-change-password=true"},
|
|
mustChangePassword: true,
|
|
isAdmin: false,
|
|
},
|
|
{
|
|
name: "--must-change-password",
|
|
options: []string{"--must-change-password"},
|
|
mustChangePassword: true,
|
|
isAdmin: false,
|
|
},
|
|
{
|
|
name: "--admin default",
|
|
options: []string{"--admin"},
|
|
mustChangePassword: false,
|
|
isAdmin: true,
|
|
},
|
|
{
|
|
name: "--admin --must-change-password=false",
|
|
options: []string{"--admin", "--must-change-password=false"},
|
|
mustChangePassword: false,
|
|
isAdmin: true,
|
|
},
|
|
{
|
|
name: "--admin --must-change-password=true",
|
|
options: []string{"--admin", "--must-change-password=true"},
|
|
mustChangePassword: true,
|
|
isAdmin: true,
|
|
},
|
|
{
|
|
name: "--admin --must-change-password",
|
|
options: []string{"--admin", "--must-change-password"},
|
|
mustChangePassword: true,
|
|
isAdmin: true,
|
|
},
|
|
} {
|
|
t.Run(testCase.name, func(t *testing.T) {
|
|
db.GetEngine(db.DefaultContext).Exec("DELETE FROM `stopwatch`")
|
|
db.GetEngine(db.DefaultContext).Exec("DELETE FROM `tracked_time`")
|
|
db.GetEngine(db.DefaultContext).Exec("DELETE FROM `access`")
|
|
db.GetEngine(db.DefaultContext).Exec("DELETE FROM `user`")
|
|
db.GetEngine(db.DefaultContext).Exec("DELETE FROM `email_address`")
|
|
assert.Equal(t, int64(0), user_model.CountUsers(db.DefaultContext, nil))
|
|
name := "testuser"
|
|
|
|
options := []string{"user", "create", "--username", name, "--password", "password", "--email", name + "@example.com"}
|
|
options = append(options, testCase.options...)
|
|
output, err := runMainApp("admin", options...)
|
|
require.NoError(t, err)
|
|
assert.Contains(t, output, "has been successfully created")
|
|
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: name})
|
|
assert.Equal(t, testCase.mustChangePassword, user.MustChangePassword)
|
|
assert.Equal(t, testCase.isAdmin, user.IsAdmin)
|
|
})
|
|
}
|
|
})
|
|
}
|
|
|
|
func Test_Cmd_AdminUserResetMFA(t *testing.T) {
|
|
onApplicationRun(t, func(*testing.T, *url.URL) {
|
|
name := "testuser"
|
|
|
|
options := []string{"user", "create", "--username", name, "--password", "password", "--email", name + "@example.com"}
|
|
output, err := runMainApp("admin", options...)
|
|
require.NoError(t, err)
|
|
assert.Contains(t, output, "has been successfully created")
|
|
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: name})
|
|
|
|
twoFactor := &auth_model.TwoFactor{
|
|
UID: user.ID,
|
|
}
|
|
token := twoFactor.GenerateScratchToken()
|
|
require.NoError(t, auth_model.NewTwoFactor(t.Context(), twoFactor, token))
|
|
twoFactor, err = auth_model.GetTwoFactorByUID(t.Context(), user.ID)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, twoFactor)
|
|
|
|
authn, err := auth_model.CreateCredential(t.Context(), user.ID, "test", &webauthn.Credential{})
|
|
require.NoError(t, err)
|
|
|
|
options = []string{"user", "reset-mfa", "--username", name}
|
|
output, err = runMainApp("admin", options...)
|
|
require.NoError(t, err)
|
|
assert.Contains(t, output, "two-factor authentication settings have been removed")
|
|
|
|
_, err = auth_model.GetTwoFactorByUID(t.Context(), user.ID)
|
|
require.ErrorContains(t, err, "user not enrolled in 2FA")
|
|
|
|
_, err = auth_model.GetWebAuthnCredentialByID(t.Context(), authn.ID)
|
|
require.ErrorContains(t, err, "WebAuthn credential does not exist")
|
|
|
|
_, err = runMainApp("admin", "user", "delete", "--username", name)
|
|
require.NoError(t, err)
|
|
})
|
|
}
|