domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Do not require login_name & source_id for /admin/user/{username}

Browse source 
When editing a user via the API, do not require setting `login_name` or
`source_id`: for local accounts, these do not matter. However, when
editing a non-local account, require *both*, as before.

Fixes #1861.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
This commit is contained in:
Gergely Nagy 2024-04-17 01:25:20 +02:00
parent 787bc6ed94
commit d07c8c821c
No known key found for this signature in database
5 changed files with 56 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

59
tests/integration/api_admin_test.go
View file

@ -196,19 +196,13 @@ func TestAPIEditUser(t *testing.T) {
urlStr := fmt.Sprintf("/api/v1/admin/users/%s", "user2")
req := NewRequestWithValues(t, "PATCH", urlStr, map[string]string{
// required
"login_name": "user2",
"source_id": "0",
// to change
"full_name": "Full Name User 2",
}).AddTokenAuth(token)
MakeRequest(t, req, http.StatusOK)
empty := ""
req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
LoginName: "user2",
SourceID: 0,
Email: &empty,
Email: &empty,
}).AddTokenAuth(token)
resp := MakeRequest(t, req, http.StatusBadRequest)
@ -220,10 +214,6 @@ func TestAPIEditUser(t *testing.T) {
assert.False(t, user2.IsRestricted)
bTrue := true
req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
// required
LoginName: "user2",
SourceID: 0,
// to change
Restricted: &bTrue,
}).AddTokenAuth(token)
MakeRequest(t, req, http.StatusOK)
@ -231,6 +221,45 @@ func TestAPIEditUser(t *testing.T) {
assert.True(t, user2.IsRestricted)
}
func TestAPIEditUserWithLoginName(t *testing.T) {
defer tests.PrepareTestEnv(t)()
adminUsername := "user1"
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
urlStr := fmt.Sprintf("/api/v1/admin/users/%s", "user2")
loginName := "user2"
loginSource := int64(0)
t.Run("login_name only", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
LoginName: &loginName,
}).AddTokenAuth(token)
MakeRequest(t, req, http.StatusUnprocessableEntity)
})
t.Run("source_id only", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
SourceID: &loginSource,
}).AddTokenAuth(token)
MakeRequest(t, req, http.StatusUnprocessableEntity)
})
t.Run("login_name & source_id", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
LoginName: &loginName,
SourceID: &loginSource,
}).AddTokenAuth(token)
MakeRequest(t, req, http.StatusOK)
})
}
func TestAPICreateRepoForUser(t *testing.T) {
defer tests.PrepareTestEnv(t)()
adminUsername := "user1"
@ -375,18 +404,14 @@ func TestAPIEditUser_NotAllowedEmailDomain(t *testing.T) {
newEmail := "user2@example1.com"
req := NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
LoginName: "user2",
SourceID: 0,
Email: &newEmail,
Email: &newEmail,
}).AddTokenAuth(token)
resp := MakeRequest(t, req, http.StatusOK)
assert.Equal(t, "the domain of user email user2@example1.com conflicts with EMAIL_DOMAIN_ALLOWLIST or EMAIL_DOMAIN_BLOCKLIST", resp.Header().Get("X-Gitea-Warning"))
originalEmail := "user2@example.com"
req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
LoginName: "user2",
SourceID: 0,
Email: &originalEmail,
Email: &originalEmail,
}).AddTokenAuth(token)
MakeRequest(t, req, http.StatusOK)
}