// Copyright 2017 The Gitea Authors. All rights reserved. // Copyright 2024 The Forgejo Authors c/o Codeberg e.V.. All rights reserved. // SPDX-License-Identifier: MIT package integration import ( "fmt" "net/http" "net/http/httptest" "net/url" "path" "strings" "testing" "code.gitea.io/gitea/models/db" repo_model "code.gitea.io/gitea/models/repo" unit_model "code.gitea.io/gitea/models/unit" "code.gitea.io/gitea/models/unittest" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/git" "code.gitea.io/gitea/modules/graceful" "code.gitea.io/gitea/modules/test" repo_service "code.gitea.io/gitea/services/repository" files_service "code.gitea.io/gitea/services/repository/files" "code.gitea.io/gitea/tests" "github.com/stretchr/testify/assert" ) func testPullCreate(t *testing.T, session *TestSession, user, repo string, toSelf bool, targetBranch, sourceBranch, title string) *httptest.ResponseRecorder { req := NewRequest(t, "GET", path.Join(user, repo)) resp := session.MakeRequest(t, req, http.StatusOK) // Click the PR button to create a pull htmlDoc := NewHTMLParser(t, resp.Body) link, exists := htmlDoc.doc.Find("#new-pull-request").Attr("href") assert.True(t, exists, "The template has changed") targetUser := strings.Split(link, "/")[1] if toSelf && targetUser != user { link = strings.Replace(link, targetUser, user, 1) } if targetBranch != "master" { link = strings.Replace(link, "master...", targetBranch+"...", 1) } if sourceBranch != "master" { if targetUser == user { link = strings.Replace(link, "...master", "..."+sourceBranch, 1) } else { link = strings.Replace(link, ":master", ":"+sourceBranch, 1) } } req = NewRequest(t, "GET", link) resp = session.MakeRequest(t, req, http.StatusOK) // Submit the form for creating the pull htmlDoc = NewHTMLParser(t, resp.Body) link, exists = htmlDoc.doc.Find("form.ui.form").Attr("action") assert.True(t, exists, "The template has changed") req = NewRequestWithValues(t, "POST", link, map[string]string{ "_csrf": htmlDoc.GetCSRF(), "title": title, }) resp = session.MakeRequest(t, req, http.StatusOK) return resp } func TestPullCreate(t *testing.T) { onGiteaRun(t, func(t *testing.T, u *url.URL) { session := loginUser(t, "user1") testRepoFork(t, session, "user2", "repo1", "user1", "repo1") testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n") resp := testPullCreate(t, session, "user1", "repo1", false, "master", "master", "This is a pull title") // check the redirected URL url := test.RedirectURL(resp) assert.Regexp(t, "^/user2/repo1/pulls/[0-9]*$", url) // check .diff can be accessed and matches performed change req := NewRequest(t, "GET", url+".diff") resp = session.MakeRequest(t, req, http.StatusOK) assert.Regexp(t, `\+Hello, World \(Edited\)`, resp.Body) assert.Regexp(t, "^diff", resp.Body) assert.NotRegexp(t, "diff.*diff", resp.Body) // not two diffs, just one // check .patch can be accessed and matches performed change req = NewRequest(t, "GET", url+".patch") resp = session.MakeRequest(t, req, http.StatusOK) assert.Regexp(t, `\+Hello, World \(Edited\)`, resp.Body) assert.Regexp(t, "diff", resp.Body) assert.Regexp(t, `Subject: \[PATCH\] Update README.md`, resp.Body) assert.NotRegexp(t, "diff.*diff", resp.Body) // not two diffs, just one }) } func TestPullCreate_TitleEscape(t *testing.T) { onGiteaRun(t, func(t *testing.T, u *url.URL) { session := loginUser(t, "user1") testRepoFork(t, session, "user2", "repo1", "user1", "repo1") testEditFile(t, session, "user1", "repo1", "master", "README.md", "Hello, World (Edited)\n") resp := testPullCreate(t, session, "user1", "repo1", false, "master", "master", "<i>XSS PR</i>") // check the redirected URL url := test.RedirectURL(resp) assert.Regexp(t, "^/user2/repo1/pulls/[0-9]*$", url) // Edit title req := NewRequest(t, "GET", url) resp = session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) editTestTitleURL, exists := htmlDoc.doc.Find("#save-edit-title").First().Attr("data-update-url") assert.True(t, exists, "The template has changed") req = NewRequestWithValues(t, "POST", editTestTitleURL, map[string]string{ "_csrf": htmlDoc.GetCSRF(), "title": "<u>XSS PR</u>", }) session.MakeRequest(t, req, http.StatusOK) req = NewRequest(t, "GET", url) resp = session.MakeRequest(t, req, http.StatusOK) htmlDoc = NewHTMLParser(t, resp.Body) titleHTML, err := htmlDoc.doc.Find(".comment-list .timeline-item.event .text b").First().Html() assert.NoError(t, err) assert.Equal(t, "<strike><i>XSS PR</i></strike>", titleHTML) titleHTML, err = htmlDoc.doc.Find(".comment-list .timeline-item.event .text b").Next().Html() assert.NoError(t, err) assert.Equal(t, "<u>XSS PR</u>", titleHTML) }) } func testUIDeleteBranch(t *testing.T, session *TestSession, ownerName, repoName, branchName string) { relURL := "/" + path.Join(ownerName, repoName, "branches") req := NewRequest(t, "GET", relURL) resp := session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) req = NewRequestWithValues(t, "POST", relURL+"/delete", map[string]string{ "_csrf": htmlDoc.GetCSRF(), "name": branchName, }) session.MakeRequest(t, req, http.StatusOK) } func testDeleteRepository(t *testing.T, session *TestSession, ownerName, repoName string) { relURL := "/" + path.Join(ownerName, repoName, "settings") req := NewRequest(t, "GET", relURL) resp := session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) req = NewRequestWithValues(t, "POST", relURL+"?action=delete", map[string]string{ "_csrf": htmlDoc.GetCSRF(), "repo_name": fmt.Sprintf("%s/%s", ownerName, repoName), }) session.MakeRequest(t, req, http.StatusSeeOther) } func TestPullBranchDelete(t *testing.T) { onGiteaRun(t, func(t *testing.T, u *url.URL) { defer tests.PrepareTestEnv(t)() session := loginUser(t, "user1") testRepoFork(t, session, "user2", "repo1", "user1", "repo1") testCreateBranch(t, session, "user1", "repo1", "branch/master", "master1", http.StatusSeeOther) testEditFile(t, session, "user1", "repo1", "master1", "README.md", "Hello, World (Edited)\n") resp := testPullCreate(t, session, "user1", "repo1", false, "master", "master1", "This is a pull title") // check the redirected URL url := test.RedirectURL(resp) assert.Regexp(t, "^/user2/repo1/pulls/[0-9]*$", url) req := NewRequest(t, "GET", url) session.MakeRequest(t, req, http.StatusOK) // delete head branch and confirm pull page is ok testUIDeleteBranch(t, session, "user1", "repo1", "master1") req = NewRequest(t, "GET", url) session.MakeRequest(t, req, http.StatusOK) // delete head repository and confirm pull page is ok testDeleteRepository(t, session, "user1", "repo1") req = NewRequest(t, "GET", url) session.MakeRequest(t, req, http.StatusOK) }) } func TestRecentlyPushed(t *testing.T) { onGiteaRun(t, func(t *testing.T, u *url.URL) { session := loginUser(t, "user1") testRepoFork(t, session, "user2", "repo1", "user1", "repo1") testCreateBranch(t, session, "user1", "repo1", "branch/master", "recent-push", http.StatusSeeOther) testEditFile(t, session, "user1", "repo1", "recent-push", "README.md", "Hello recently!\n") testCreateBranch(t, session, "user2", "repo1", "branch/master", "recent-push-base", http.StatusSeeOther) testEditFile(t, session, "user2", "repo1", "recent-push-base", "README.md", "Hello, recently, from base!\n") baseRepo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, "user2", "repo1") assert.NoError(t, err) repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, "user1", "repo1") assert.NoError(t, err) enablePRs := func(t *testing.T, repo *repo_model.Repository) { t.Helper() err := repo_service.UpdateRepositoryUnits(db.DefaultContext, repo, []repo_model.RepoUnit{{ RepoID: repo.ID, Type: unit_model.TypePullRequests, }}, nil) assert.NoError(t, err) } disablePRs := func(t *testing.T, repo *repo_model.Repository) { t.Helper() err := repo_service.UpdateRepositoryUnits(db.DefaultContext, repo, nil, []unit_model.Type{unit_model.TypePullRequests}) assert.NoError(t, err) } testBanner := func(t *testing.T) { t.Helper() req := NewRequest(t, "GET", "/user1/repo1") resp := session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) message := strings.TrimSpace(htmlDoc.Find(".ui.message").Text()) link, _ := htmlDoc.Find(".ui.message a").Attr("href") expectedMessage := "You pushed on branch recent-push" assert.Contains(t, message, expectedMessage) assert.Equal(t, "/user1/repo1/src/branch/recent-push", link) } // Test that there's a recently pushed branches banner, and it contains // a link to the branch. t.Run("recently-pushed-banner", func(t *testing.T) { defer tests.PrintCurrentTest(t)() testBanner(t) }) // Test that it is still there if the fork has PRs disabled, but the // base repo still has them enabled. t.Run("with-fork-prs-disabled", func(t *testing.T) { defer tests.PrintCurrentTest(t)() defer func() { enablePRs(t, repo) }() disablePRs(t, repo) testBanner(t) }) // Test that it is still there if the fork has PRs enabled, but the base // repo does not. t.Run("with-base-prs-disabled", func(t *testing.T) { defer tests.PrintCurrentTest(t)() defer func() { enablePRs(t, baseRepo) }() disablePRs(t, baseRepo) testBanner(t) }) // Test that the banner is not present if both the base and current // repo have PRs disabled. t.Run("with-prs-disabled", func(t *testing.T) { defer tests.PrintCurrentTest(t)() defer func() { enablePRs(t, baseRepo) enablePRs(t, repo) }() disablePRs(t, repo) disablePRs(t, baseRepo) req := NewRequest(t, "GET", "/user1/repo1") resp := session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) htmlDoc.AssertElement(t, ".ui.message", false) }) // Test that visiting the base repo has the banner too, and includes // recent push notifications from both the fork, and the base repo. t.Run("on the base repo", func(t *testing.T) { defer tests.PrintCurrentTest(t)() // Count recently pushed branches on the fork req := NewRequest(t, "GET", "/user1/repo1") resp := session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) htmlDoc.AssertElement(t, ".ui.message", true) // Count recently pushed branches on the base repo req = NewRequest(t, "GET", "/user2/repo1") resp = session.MakeRequest(t, req, http.StatusOK) htmlDoc = NewHTMLParser(t, resp.Body) messageCountOnBase := htmlDoc.Find(".ui.message").Length() // We have two messages on the base: one from the fork, one on the // base itself. assert.Equal(t, 2, messageCountOnBase) }) // Test that the banner's links point to the right repos t.Run("link validity", func(t *testing.T) { defer tests.PrintCurrentTest(t)() // We're testing against the origin repo, because that has both // local branches, and another from a fork, so we can test both in // one test! req := NewRequest(t, "GET", "/user2/repo1") resp := session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) messages := htmlDoc.Find(".ui.message") prButtons := messages.Find("a[role='button']") branchLinks := messages.Find("a[href*='/src/branch/']") // ** base repo tests ** basePRLink, _ := prButtons.First().Attr("href") baseBranchLink, _ := branchLinks.First().Attr("href") baseBranchName := branchLinks.First().Text() // branch in the same repo does not have a `user/repo:` qualifier. assert.Equal(t, "recent-push-base", baseBranchName) // branch link points to the same repo assert.Equal(t, "/user2/repo1/src/branch/recent-push-base", baseBranchLink) // PR link compares against the correct rep, and unqualified branch name assert.Equal(t, "/user2/repo1/compare/master...recent-push-base", basePRLink) // ** forked repo tests ** forkPRLink, _ := prButtons.Last().Attr("href") forkBranchLink, _ := branchLinks.Last().Attr("href") forkBranchName := branchLinks.Last().Text() // branch in the forked repo has a `user/repo:` qualifier. assert.Equal(t, "user1/repo1:recent-push", forkBranchName) // branch link points to the forked repo assert.Equal(t, "/user1/repo1/src/branch/recent-push", forkBranchLink) // PR link compares against the correct rep, and qualified branch name assert.Equal(t, "/user2/repo1/compare/master...user1/repo1:recent-push", forkPRLink) }) t.Run("unrelated branches are not shown", func(t *testing.T) { defer tests.PrintCurrentTest(t)() adminUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{IsAdmin: true}) // Create a new branch with no relation to the default branch. // 1. Create a new Tree object cmd := git.NewCommand(db.DefaultContext, "write-tree") treeID, _, gitErr := cmd.RunStdString(&git.RunOpts{Dir: repo.RepoPath()}) assert.NoError(t, gitErr) treeID = strings.TrimSpace(treeID) // 2. Create a new (empty) commit cmd = git.NewCommand(db.DefaultContext, "commit-tree", "-m", "Initial orphan commit").AddDynamicArguments(treeID) commitID, _, gitErr := cmd.RunStdString(&git.RunOpts{Dir: repo.RepoPath()}) assert.NoError(t, gitErr) commitID = strings.TrimSpace(commitID) // 3. Create a new ref pointing to the orphaned commit cmd = git.NewCommand(db.DefaultContext, "update-ref", "refs/heads/orphan1").AddDynamicArguments(commitID) _, _, gitErr = cmd.RunStdString(&git.RunOpts{Dir: repo.RepoPath()}) assert.NoError(t, gitErr) // 4. Sync the git repo to the database syncErr := repo_service.AddAllRepoBranchesToSyncQueue(graceful.GetManager().ShutdownContext(), adminUser.ID) assert.NoError(t, syncErr) // 5. Add a fresh commit, so that FindRecentlyPushedBranches has // something to find. owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"}) changeResp, err := files_service.ChangeRepoFiles(git.DefaultContext, repo, owner, &files_service.ChangeRepoFilesOptions{ Files: []*files_service.ChangeRepoFile{ { Operation: "create", TreePath: "README.md", ContentReader: strings.NewReader("a readme file"), }, }, Message: "Add README.md", OldBranch: "orphan1", NewBranch: "orphan1", }) assert.NoError(t, err) assert.NotEmpty(t, changeResp) // Check that we only have 1 message on the main repo, the orphaned // one is not shown. req := NewRequest(t, "GET", "/user1/repo1") resp := session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) htmlDoc.AssertElement(t, ".ui.message", true) link, _ := htmlDoc.Find(".ui.message a[href*='/src/branch/']").Attr("href") assert.Equal(t, "/user1/repo1/src/branch/recent-push", link) }) }) }