From c53ef4060eec422828e467d8cd30651e3fee2885 Mon Sep 17 00:00:00 2001 From: BeeOnTheGo Date: Sat, 1 Sep 2018 15:24:33 +1000 Subject: [PATCH 01/41] enforce token on api routes --- modules/auth/auth.go | 3 ++- routers/api/v1/api.go | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/auth/auth.go b/modules/auth/auth.go index f3aac5189936e..8391e7de8f906 100644 --- a/modules/auth/auth.go +++ b/modules/auth/auth.go @@ -63,6 +63,7 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 { if err = models.UpdateAccessToken(t); err != nil { log.Error(4, "UpdateAccessToken: %v", err) } + ctx.Data["IsApiToken"] = true return t.UID } } @@ -136,7 +137,7 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool) } return nil, false } - + ctx.Data["IsApiToken"] = true return u, true } } diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 5d47570c5f7b1..cb439e5cfab7b 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -132,7 +132,7 @@ func repoAssignment() macaron.Handler { // Contexter middleware already checks token for user sign in process. func reqToken() macaron.Handler { return func(ctx *context.Context) { - if !ctx.IsSigned { + if !ctx.IsSigned || true != ctx.Data["IsApiToken"] { ctx.Error(401) return } From 94c170875188140e71feebb9ab6f3e395f8b5526 Mon Sep 17 00:00:00 2001 From: BeeOnTheGo Date: Sat, 1 Sep 2018 16:50:16 +1000 Subject: [PATCH 02/41] remove redundant check on signin --- routers/api/v1/api.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index cb439e5cfab7b..5b94699751cf3 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -132,7 +132,7 @@ func repoAssignment() macaron.Handler { // Contexter middleware already checks token for user sign in process. func reqToken() macaron.Handler { return func(ctx *context.Context) { - if !ctx.IsSigned || true != ctx.Data["IsApiToken"] { + if true != ctx.Data["IsApiToken"] { ctx.Error(401) return } From 26eb5da6271eefbd6f477f1398a9be124b391f62 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 15:10:38 -0400 Subject: [PATCH 03/41] add function to get a new token for logged in user --- integrations/integration_test.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index a1e66ffdfdfce..99491bbf39123 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -223,6 +223,24 @@ func loginUserWithPassword(t testing.TB, userName, password string) *TestSession return session } +func getTokenForLoggedInUser(t testing.TB) (*TestSession, string){ + req := NewRequest(t, "GET", "/user/settings/applications") + resp := MakeRequest(t, req, http.StatusOK) + doc := NewHTMLParser(t, resp.Body) + req = NewRequestWithValues(t, "POST", "/user/settings/applications", map[string]string{ + "_csrf": doc.GetCSRF(), + "name": "api-testing-token", + }) + resp = MakeRequest(t, req, http.StatusFound) + htmlDoc := NewHTMLParser(t, resp.Body) + if err != nil { + return t, ""// probably a non-HTML response + } + token := htmlDoc.Find(".ui.info.message p").Text() + + return t, token +} + func NewRequest(t testing.TB, method, urlStr string) *http.Request { return NewRequestWithBody(t, method, urlStr, nil) } From 5a3e4c8a416b243e5e3f6d46543be8a3f42b9c57 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 15:11:24 -0400 Subject: [PATCH 04/41] test api create with token --- integrations/api_comment_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/integrations/api_comment_test.go b/integrations/api_comment_test.go index 423d0f798936a..f114420cff079 100644 --- a/integrations/api_comment_test.go +++ b/integrations/api_comment_test.go @@ -69,8 +69,9 @@ func TestAPICreateComment(t *testing.T) { repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) session := loginUser(t, repoOwner.Name) - urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/comments", - repoOwner.Name, repo.Name, issue.Index) + token, session := getTokenForLoggedInUser(session) + urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/comments?token=%s", + repoOwner.Name, repo.Name, issue.Index, token) req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ "body": commentBody, }) From 14cc933f99132a61f5af0ab78de87bcf8e74e02b Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 15:14:22 -0400 Subject: [PATCH 05/41] make fmt fix --- integrations/integration_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index 99491bbf39123..56308738b541a 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -223,18 +223,18 @@ func loginUserWithPassword(t testing.TB, userName, password string) *TestSession return session } -func getTokenForLoggedInUser(t testing.TB) (*TestSession, string){ +func getTokenForLoggedInUser(t testing.TB) (*TestSession, string) { req := NewRequest(t, "GET", "/user/settings/applications") resp := MakeRequest(t, req, http.StatusOK) doc := NewHTMLParser(t, resp.Body) req = NewRequestWithValues(t, "POST", "/user/settings/applications", map[string]string{ - "_csrf": doc.GetCSRF(), - "name": "api-testing-token", + "_csrf": doc.GetCSRF(), + "name": "api-testing-token", }) resp = MakeRequest(t, req, http.StatusFound) htmlDoc := NewHTMLParser(t, resp.Body) if err != nil { - return t, ""// probably a non-HTML response + return t, "" // probably a non-HTML response } token := htmlDoc.Find(".ui.info.message p").Text() From fe457315b0dea7d854a87d9ea5cb34c9e1c529f0 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 15:23:15 -0400 Subject: [PATCH 06/41] update function --- integrations/integration_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index 56308738b541a..4f37017a94fb0 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -223,22 +223,22 @@ func loginUserWithPassword(t testing.TB, userName, password string) *TestSession return session } -func getTokenForLoggedInUser(t testing.TB) (*TestSession, string) { +func getTokenForLoggedInUser(t testing.TB, session *TestSession) (string) { req := NewRequest(t, "GET", "/user/settings/applications") - resp := MakeRequest(t, req, http.StatusOK) + resp := session.MakeRequest(t, req, http.StatusOK) doc := NewHTMLParser(t, resp.Body) req = NewRequestWithValues(t, "POST", "/user/settings/applications", map[string]string{ "_csrf": doc.GetCSRF(), "name": "api-testing-token", }) - resp = MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusFound) htmlDoc := NewHTMLParser(t, resp.Body) if err != nil { return t, "" // probably a non-HTML response } token := htmlDoc.Find(".ui.info.message p").Text() - return t, token + return token } func NewRequest(t testing.TB, method, urlStr string) *http.Request { From 1c7615a8a897388adb3ce84f59505396e5385aac Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 15:23:38 -0400 Subject: [PATCH 07/41] Update api_comment_test.go --- integrations/api_comment_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integrations/api_comment_test.go b/integrations/api_comment_test.go index f114420cff079..d9d94385ef0d0 100644 --- a/integrations/api_comment_test.go +++ b/integrations/api_comment_test.go @@ -69,7 +69,7 @@ func TestAPICreateComment(t *testing.T) { repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) session := loginUser(t, repoOwner.Name) - token, session := getTokenForLoggedInUser(session) + token := getTokenForLoggedInUser(t, session) urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/comments?token=%s", repoOwner.Name, repo.Name, issue.Index, token) req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ From 3c381279840c03c9c35c3b952182adecf71989ba Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 15:26:41 -0400 Subject: [PATCH 08/41] make fmt fix --- integrations/integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index 4f37017a94fb0..83011d4dfdaff 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -223,7 +223,7 @@ func loginUserWithPassword(t testing.TB, userName, password string) *TestSession return session } -func getTokenForLoggedInUser(t testing.TB, session *TestSession) (string) { +func getTokenForLoggedInUser(t testing.TB, session *TestSession) string { req := NewRequest(t, "GET", "/user/settings/applications") resp := session.MakeRequest(t, req, http.StatusOK) doc := NewHTMLParser(t, resp.Body) From 83f01a8c631e9327c1d62b82582f16269219755f Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 15:33:41 -0400 Subject: [PATCH 09/41] fix build errors --- integrations/integration_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index 83011d4dfdaff..66524338eb328 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -232,9 +232,9 @@ func getTokenForLoggedInUser(t testing.TB, session *TestSession) string { "name": "api-testing-token", }) resp = session.MakeRequest(t, req, http.StatusFound) - htmlDoc := NewHTMLParser(t, resp.Body) + htmlDoc, err := goquery.NewDocumentFromReader(resp.Body) if err != nil { - return t, "" // probably a non-HTML response + return "" // probably a non-HTML response } token := htmlDoc.Find(".ui.info.message p").Text() From 9afd9227c79d434eca5263d46093e40c8397ce8a Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 15:43:37 -0400 Subject: [PATCH 10/41] Update integration_test.go --- integrations/integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index 66524338eb328..33ab2254c0786 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -232,7 +232,7 @@ func getTokenForLoggedInUser(t testing.TB, session *TestSession) string { "name": "api-testing-token", }) resp = session.MakeRequest(t, req, http.StatusFound) - htmlDoc, err := goquery.NewDocumentFromReader(resp.Body) + htmlDoc, err := goquery.NewDocumentFromReader(bytes.NewBuffer(resp.Body.Bytes())) if err != nil { return "" // probably a non-HTML response } From 6420202ee39caf2c4c9654d414472685dae0d517 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 15:51:13 -0400 Subject: [PATCH 11/41] Update integration_test.go --- integrations/integration_test.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index 33ab2254c0786..429672cb04797 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -232,10 +232,7 @@ func getTokenForLoggedInUser(t testing.TB, session *TestSession) string { "name": "api-testing-token", }) resp = session.MakeRequest(t, req, http.StatusFound) - htmlDoc, err := goquery.NewDocumentFromReader(bytes.NewBuffer(resp.Body.Bytes())) - if err != nil { - return "" // probably a non-HTML response - } + htmlDoc := NewHTMLParser(t, resp.Body) token := htmlDoc.Find(".ui.info.message p").Text() return token From dbf3b33d6891e3e755482fdc541439bb260429e4 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 15:56:11 -0400 Subject: [PATCH 12/41] add an extra doc --- integrations/integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index 429672cb04797..c713d6d34f4f8 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -233,7 +233,7 @@ func getTokenForLoggedInUser(t testing.TB, session *TestSession) string { }) resp = session.MakeRequest(t, req, http.StatusFound) htmlDoc := NewHTMLParser(t, resp.Body) - token := htmlDoc.Find(".ui.info.message p").Text() + token := htmlDoc.doc.Find(".ui.info.message p").Text() return token } From 5dbef59d07b3d74e339ba08a488e881e5ce3f564 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 16:01:56 -0400 Subject: [PATCH 13/41] Update integration_test.go --- integrations/integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index c713d6d34f4f8..8fb16e0d62571 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -234,7 +234,7 @@ func getTokenForLoggedInUser(t testing.TB, session *TestSession) string { resp = session.MakeRequest(t, req, http.StatusFound) htmlDoc := NewHTMLParser(t, resp.Body) token := htmlDoc.doc.Find(".ui.info.message p").Text() - + fmt.Println(token) return token } From 5787fd2b14f26cc083cb590a825ace8bb5c61549 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 16:07:08 -0400 Subject: [PATCH 14/41] Update integration_test.go --- integrations/integration_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index 8fb16e0d62571..ec09e4354d074 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -233,7 +233,7 @@ func getTokenForLoggedInUser(t testing.TB, session *TestSession) string { }) resp = session.MakeRequest(t, req, http.StatusFound) htmlDoc := NewHTMLParser(t, resp.Body) - token := htmlDoc.doc.Find(".ui.info.message p").Text() + token := htmlDoc.doc.Find(".ui.info.message").Text() fmt.Println(token) return token } From d112e4308f42ee67435186d43500417080263f38 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 16:18:01 -0400 Subject: [PATCH 15/41] Update integration_test.go --- integrations/integration_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index ec09e4354d074..2033ef6184a96 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -233,8 +233,8 @@ func getTokenForLoggedInUser(t testing.TB, session *TestSession) string { }) resp = session.MakeRequest(t, req, http.StatusFound) htmlDoc := NewHTMLParser(t, resp.Body) - token := htmlDoc.doc.Find(".ui.info.message").Text() - fmt.Println(token) + token := htmlDoc.doc.Find(".ui.info p").Text() + t.Log("Token:", token) return token } From e2f9ac141caccab5e4054bead34a2e4ef7cbbf18 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 16:28:02 -0400 Subject: [PATCH 16/41] get flash --- integrations/integration_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index 2033ef6184a96..d020bb1d3e4ab 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -232,6 +232,8 @@ func getTokenForLoggedInUser(t testing.TB, session *TestSession) string { "name": "api-testing-token", }) resp = session.MakeRequest(t, req, http.StatusFound) + req = NewRequest(t, "GET", "/user/settings/applications") + resp = session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) token := htmlDoc.doc.Find(".ui.info p").Text() t.Log("Token:", token) From 94ba687e140f75ac09cfef117a88813e08b0e846 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 16:47:24 -0400 Subject: [PATCH 17/41] Remove log --- integrations/integration_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/integrations/integration_test.go b/integrations/integration_test.go index d020bb1d3e4ab..ed165f6534d42 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -236,7 +236,6 @@ func getTokenForLoggedInUser(t testing.TB, session *TestSession) string { resp = session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) token := htmlDoc.doc.Find(".ui.info p").Text() - t.Log("Token:", token) return token } From 6f7898dea9177dcfd1120576f3046ae5eb387f02 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 16:51:33 -0400 Subject: [PATCH 18/41] add token to comment api tests --- integrations/api_comment_test.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/integrations/api_comment_test.go b/integrations/api_comment_test.go index d9d94385ef0d0..60bb2cfb7b99b 100644 --- a/integrations/api_comment_test.go +++ b/integrations/api_comment_test.go @@ -94,8 +94,9 @@ func TestAPIEditComment(t *testing.T) { repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) session := loginUser(t, repoOwner.Name) - urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/comments/%d", - repoOwner.Name, repo.Name, comment.ID) + token := getTokenForLoggedInUser(t, session) + urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/comments/%d?token=%s", + repoOwner.Name, repo.Name, comment.ID, token) req := NewRequestWithValues(t, "PATCH", urlStr, map[string]string{ "body": newCommentBody, }) @@ -118,8 +119,9 @@ func TestAPIDeleteComment(t *testing.T) { repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) session := loginUser(t, repoOwner.Name) - req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/issues/comments/%d", - repoOwner.Name, repo.Name, comment.ID) + token := getTokenForLoggedInUser(t, session) + req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/issues/comments/%d?token=%s", + repoOwner.Name, repo.Name, comment.ID, token) session.MakeRequest(t, req, http.StatusNoContent) models.AssertNotExistsBean(t, &models.Comment{ID: comment.ID}) From fd42d3fe31c343d0f565c4fa245610f4ac8ae647 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 17:00:45 -0400 Subject: [PATCH 19/41] Update api_admin_test.go --- integrations/api_admin_test.go | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/integrations/api_admin_test.go b/integrations/api_admin_test.go index 37e5fd199ad37..f02ddacb2fd14 100644 --- a/integrations/api_admin_test.go +++ b/integrations/api_admin_test.go @@ -19,7 +19,8 @@ func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) { session := loginUser(t, "user1") keyOwner := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User) - urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", keyOwner.Name) + token := getTokenForLoggedInUser(t, session) + urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", keyOwner.Name, token) req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n", "title": "test-key", @@ -36,8 +37,8 @@ func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) { OwnerID: keyOwner.ID, }) - req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d", - keyOwner.Name, newPublicKey.ID) + req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s", + keyOwner.Name, newPublicKey.ID, token) session.MakeRequest(t, req, http.StatusNoContent) models.AssertNotExistsBean(t, &models.PublicKey{ID: newPublicKey.ID}) } @@ -47,7 +48,8 @@ func TestAPIAdminDeleteMissingSSHKey(t *testing.T) { // user1 is an admin user session := loginUser(t, "user1") - req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d", models.NonexistentID) + token := getTokenForLoggedInUser(t, session) + req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d?token=%s", models.NonexistentID, token) session.MakeRequest(t, req, http.StatusNotFound) } @@ -57,7 +59,8 @@ func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) { normalUsername := "user2" session := loginUser(t, adminUsername) - urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", adminUsername) + token := getTokenForLoggedInUser(t, session) + urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", adminUsername, token) req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n", "title": "test-key", @@ -67,7 +70,7 @@ func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) { DecodeJSON(t, resp, &newPublicKey) session = loginUser(t, normalUsername) - req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d", - adminUsername, newPublicKey.ID) + req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s", + adminUsername, newPublicKey.ID, token) session.MakeRequest(t, req, http.StatusForbidden) } From 635a65a83d80b7c0c3f8e22e0babf267001c97e3 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 17:02:02 -0400 Subject: [PATCH 20/41] Update api_branch_test.go --- integrations/api_branch_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/integrations/api_branch_test.go b/integrations/api_branch_test.go index 5a28c1f494c4e..aff3f223c028d 100644 --- a/integrations/api_branch_test.go +++ b/integrations/api_branch_test.go @@ -17,7 +17,8 @@ func testAPIGetBranch(t *testing.T, branchName string, exists bool) { prepareTestEnv(t) session := loginUser(t, "user2") - req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/branches/%s", branchName) + token := getTokenForLoggedInUser(t, session) + req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/branches/%s?token=%s", branchName, token) resp := session.MakeRequest(t, req, NoExpectedStatus) if !exists { assert.EqualValues(t, http.StatusNotFound, resp.Code) From 800b2d34f716e21367673570de92bd919f500506 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 17:05:00 -0400 Subject: [PATCH 21/41] Update api_gpg_keys_test.go --- integrations/api_gpg_keys_test.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/integrations/api_gpg_keys_test.go b/integrations/api_gpg_keys_test.go index 4d3745d942307..5a8db1fcb49d2 100644 --- a/integrations/api_gpg_keys_test.go +++ b/integrations/api_gpg_keys_test.go @@ -20,6 +20,7 @@ type makeRequestFunc func(testing.TB, *http.Request, int) *httptest.ResponseReco func TestGPGKeys(t *testing.T) { prepareTestEnv(t) session := loginUser(t, "user2") + token := getTokenForLoggedInUser(t, session) tt := []struct { name string @@ -70,7 +71,7 @@ func TestGPGKeys(t *testing.T) { var keys []*api.GPGKey - req := NewRequest(t, "GET", "/api/v1/user/gpg_keys") //GET all keys + req := NewRequest(t, "GET", "/api/v1/user/gpg_keys?token="+token) //GET all keys resp := session.MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &keys) @@ -91,7 +92,7 @@ func TestGPGKeys(t *testing.T) { assert.EqualValues(t, false, primaryKey2.Emails[0].Verified) var key api.GPGKey - req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey1.ID, 10)) //Primary key 1 + req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey1.ID, 10)+"?token="+token) //Primary key 1 resp = session.MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &key) assert.EqualValues(t, "38EA3BCED732982C", key.KeyID) @@ -99,13 +100,13 @@ func TestGPGKeys(t *testing.T) { assert.EqualValues(t, "user2@example.com", key.Emails[0].Email) assert.EqualValues(t, true, key.Emails[0].Verified) - req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(subKey.ID, 10)) //Subkey of 38EA3BCED732982C + req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(subKey.ID, 10)+"?token="+token) //Subkey of 38EA3BCED732982C resp = session.MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &key) assert.EqualValues(t, "70D7C694D17D03AD", key.KeyID) assert.EqualValues(t, 0, len(key.Emails)) - req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey2.ID, 10)) //Primary key 2 + req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey2.ID, 10)+"?token="+token) //Primary key 2 resp = session.MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &key) assert.EqualValues(t, "FABF39739FE1E927", key.KeyID) @@ -119,7 +120,7 @@ func TestGPGKeys(t *testing.T) { t.Run("CheckCommits", func(t *testing.T) { t.Run("NotSigned", func(t *testing.T) { var branch api.Branch - req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/not-signed") + req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/not-signed?token="+token) resp := session.MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &branch) assert.EqualValues(t, false, branch.Commit.Verification.Verified) @@ -127,7 +128,7 @@ func TestGPGKeys(t *testing.T) { t.Run("SignedWithNotValidatedEmail", func(t *testing.T) { var branch api.Branch - req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign-not-yet-validated") + req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign-not-yet-validated?token="+token) resp := session.MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &branch) assert.EqualValues(t, false, branch.Commit.Verification.Verified) @@ -135,7 +136,7 @@ func TestGPGKeys(t *testing.T) { t.Run("SignedWithValidEmail", func(t *testing.T) { var branch api.Branch - req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign") + req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16/branches/good-sign?token="+token) resp := session.MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &branch) assert.EqualValues(t, true, branch.Commit.Verification.Verified) From 7c9233eb67be53f7ea967082b16eb1e9b8398875 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 17:21:19 -0400 Subject: [PATCH 22/41] Update api_gpg_keys_test.go --- integrations/api_gpg_keys_test.go | 57 ++++++++++++++++--------------- 1 file changed, 29 insertions(+), 28 deletions(-) diff --git a/integrations/api_gpg_keys_test.go b/integrations/api_gpg_keys_test.go index 5a8db1fcb49d2..62fa18d349988 100644 --- a/integrations/api_gpg_keys_test.go +++ b/integrations/api_gpg_keys_test.go @@ -25,12 +25,13 @@ func TestGPGKeys(t *testing.T) { tt := []struct { name string makeRequest makeRequestFunc + token string results []int }{ - {name: "NoLogin", makeRequest: MakeRequest, + {name: "NoLogin", makeRequest: MakeRequest, token: token, results: []int{http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized}, }, - {name: "LoggedAsUser2", makeRequest: session.MakeRequest, + {name: "LoggedAsUser2", makeRequest: session.MakeRequest, token: token, results: []int{http.StatusOK, http.StatusOK, http.StatusNotFound, http.StatusNoContent, http.StatusInternalServerError, http.StatusInternalServerError, http.StatusCreated, http.StatusCreated}}, } @@ -39,29 +40,29 @@ func TestGPGKeys(t *testing.T) { //Basic test on result code t.Run(tc.name, func(t *testing.T) { t.Run("ViewOwnGPGKeys", func(t *testing.T) { - testViewOwnGPGKeys(t, tc.makeRequest, tc.results[0]) + testViewOwnGPGKeys(t, tc.makeRequest, tc.token, tc.results[0]) }) t.Run("ViewGPGKeys", func(t *testing.T) { - testViewGPGKeys(t, tc.makeRequest, tc.results[1]) + testViewGPGKeys(t, tc.makeRequest, tc.token, tc.results[1]) }) t.Run("GetGPGKey", func(t *testing.T) { - testGetGPGKey(t, tc.makeRequest, tc.results[2]) + testGetGPGKey(t, tc.makeRequest, tc.token, tc.results[2]) }) t.Run("DeleteGPGKey", func(t *testing.T) { - testDeleteGPGKey(t, tc.makeRequest, tc.results[3]) + testDeleteGPGKey(t, tc.makeRequest, tc.token, tc.results[3]) }) t.Run("CreateInvalidGPGKey", func(t *testing.T) { - testCreateInvalidGPGKey(t, tc.makeRequest, tc.results[4]) + testCreateInvalidGPGKey(t, tc.makeRequest, tc.token, tc.results[4]) }) t.Run("CreateNoneRegistredEmailGPGKey", func(t *testing.T) { - testCreateNoneRegistredEmailGPGKey(t, tc.makeRequest, tc.results[5]) + testCreateNoneRegistredEmailGPGKey(t, tc.makeRequest, tc.token, tc.results[5]) }) t.Run("CreateValidGPGKey", func(t *testing.T) { - testCreateValidGPGKey(t, tc.makeRequest, tc.results[6]) + testCreateValidGPGKey(t, tc.makeRequest, tc.token, tc.results[6]) }) t.Run("CreateValidSecondaryEmailGPGKey", func(t *testing.T) { - testCreateValidSecondaryEmailGPGKey(t, tc.makeRequest, tc.results[7]) + testCreateValidSecondaryEmailGPGKey(t, tc.makeRequest, tc.token, tc.results[7]) }) }) } @@ -144,39 +145,39 @@ func TestGPGKeys(t *testing.T) { }) } -func testViewOwnGPGKeys(t *testing.T, makeRequest makeRequestFunc, expected int) { - req := NewRequest(t, "GET", "/api/v1/user/gpg_keys") +func testViewOwnGPGKeys(t *testing.T, makeRequest makeRequestFunc, token string, expected int) { + req := NewRequest(t, "GET", "/api/v1/user/gpg_keys?token="+token) makeRequest(t, req, expected) } -func testViewGPGKeys(t *testing.T, makeRequest makeRequestFunc, expected int) { - req := NewRequest(t, "GET", "/api/v1/users/user2/gpg_keys") +func testViewGPGKeys(t *testing.T, makeRequest makeRequestFunc, token string, expected int) { + req := NewRequest(t, "GET", "/api/v1/users/user2/gpg_keys?token="+token) makeRequest(t, req, expected) } -func testGetGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int) { - req := NewRequest(t, "GET", "/api/v1/user/gpg_keys/1") +func testGetGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) { + req := NewRequest(t, "GET", "/api/v1/user/gpg_keys/1?token="+token) makeRequest(t, req, expected) } -func testDeleteGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int) { - req := NewRequest(t, "DELETE", "/api/v1/user/gpg_keys/1") +func testDeleteGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) { + req := NewRequest(t, "DELETE", "/api/v1/user/gpg_keys/1?token="+token) makeRequest(t, req, expected) } -func testCreateGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int, publicKey string) { - req := NewRequestWithJSON(t, "POST", "/api/v1/user/gpg_keys", api.CreateGPGKeyOption{ +func testCreateGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int, publicKey string) { + req := NewRequestWithJSON(t, "POST", "/api/v1/user/gpg_keys?token="+token, api.CreateGPGKeyOption{ ArmoredKey: publicKey, }) makeRequest(t, req, expected) } -func testCreateInvalidGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int) { - testCreateGPGKey(t, makeRequest, expected, "invalid_key") +func testCreateInvalidGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) { + testCreateGPGKey(t, makeRequest, expected, token, "invalid_key") } -func testCreateNoneRegistredEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int) { - testCreateGPGKey(t, makeRequest, expected, `-----BEGIN PGP PUBLIC KEY BLOCK----- +func testCreateNoneRegistredEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) { + testCreateGPGKey(t, makeRequest, expected, token, `-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFmGUygBCACjCNbKvMGgp0fd5vyFW9olE1CLCSyyF9gQN2hSuzmZLuAZF2Kh dCMCG2T1UwzUB/yWUFWJ2BtCwSjuaRv+cGohqEy6bhEBV90peGA33lHfjx7wP25O @@ -195,9 +196,9 @@ INx/MmBfmtCq05FqNclvU+sj2R3N1JJOtBOjZrJHQbJhzoILou8AkxeX1A+q9OAz -----END PGP PUBLIC KEY BLOCK-----`) } -func testCreateValidGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int) { +func testCreateValidGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) { //User2 //primary & activated - testCreateGPGKey(t, makeRequest, expected, `-----BEGIN PGP PUBLIC KEY BLOCK----- + testCreateGPGKey(t, makeRequest, expected, token, `-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFmGVsMBCACuxgZ7W7rI9xN08Y4M7B8yx/6/I4Slm94+wXf8YNRvAyqj30dW VJhyBcnfNRDLKSQp5o/hhfDkCgdqBjLa1PnHlGS3PXJc0hP/FyYPD2BFvNMPpCYS @@ -229,9 +230,9 @@ uy6MA3VSB99SK9ducGmE1Jv8mcziREroz2TEGr0zPs6h -----END PGP PUBLIC KEY BLOCK-----`) } -func testCreateValidSecondaryEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, expected int) { +func testCreateValidSecondaryEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) { //User2 //secondary and not activated - testCreateGPGKey(t, makeRequest, expected, `-----BEGIN PGP PUBLIC KEY BLOCK----- + testCreateGPGKey(t, makeRequest, expected, token, `-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFmGWN4BCAC18V4tVGO65VLCV7p14FuXJlUtZ5CuYMvgEkcOqrvRaBSW9ao4 PGESOhJpfWpnW3QgJniYndLzPpsmdHEclEER6aZjiNgReWPOjHD5tykWocZAJqXD From 0da8690029df19877d525811d79b873a16f4dd35 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 17:26:49 -0400 Subject: [PATCH 23/41] Update api_gpg_keys_test.go --- integrations/api_gpg_keys_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/integrations/api_gpg_keys_test.go b/integrations/api_gpg_keys_test.go index 62fa18d349988..a8aa52ee0b253 100644 --- a/integrations/api_gpg_keys_test.go +++ b/integrations/api_gpg_keys_test.go @@ -173,11 +173,11 @@ func testCreateGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, e } func testCreateInvalidGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) { - testCreateGPGKey(t, makeRequest, expected, token, "invalid_key") + testCreateGPGKey(t, makeRequest, token, expected, "invalid_key") } func testCreateNoneRegistredEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) { - testCreateGPGKey(t, makeRequest, expected, token, `-----BEGIN PGP PUBLIC KEY BLOCK----- + testCreateGPGKey(t, makeRequest, token, expected, `-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFmGUygBCACjCNbKvMGgp0fd5vyFW9olE1CLCSyyF9gQN2hSuzmZLuAZF2Kh dCMCG2T1UwzUB/yWUFWJ2BtCwSjuaRv+cGohqEy6bhEBV90peGA33lHfjx7wP25O @@ -198,7 +198,7 @@ INx/MmBfmtCq05FqNclvU+sj2R3N1JJOtBOjZrJHQbJhzoILou8AkxeX1A+q9OAz func testCreateValidGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) { //User2 //primary & activated - testCreateGPGKey(t, makeRequest, expected, token, `-----BEGIN PGP PUBLIC KEY BLOCK----- + testCreateGPGKey(t, makeRequest, token, expected, `-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFmGVsMBCACuxgZ7W7rI9xN08Y4M7B8yx/6/I4Slm94+wXf8YNRvAyqj30dW VJhyBcnfNRDLKSQp5o/hhfDkCgdqBjLa1PnHlGS3PXJc0hP/FyYPD2BFvNMPpCYS @@ -232,7 +232,7 @@ uy6MA3VSB99SK9ducGmE1Jv8mcziREroz2TEGr0zPs6h func testCreateValidSecondaryEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) { //User2 //secondary and not activated - testCreateGPGKey(t, makeRequest, expected, token, `-----BEGIN PGP PUBLIC KEY BLOCK----- + testCreateGPGKey(t, makeRequest, token, expected, `-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFmGWN4BCAC18V4tVGO65VLCV7p14FuXJlUtZ5CuYMvgEkcOqrvRaBSW9ao4 PGESOhJpfWpnW3QgJniYndLzPpsmdHEclEER6aZjiNgReWPOjHD5tykWocZAJqXD From 26f7f00d4a76a1ae996a7ee0a4f1344a5514312f Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 17:39:12 -0400 Subject: [PATCH 24/41] Update api_issue_label_test.go --- integrations/api_issue_label_test.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/integrations/api_issue_label_test.go b/integrations/api_issue_label_test.go index 1bfaa4303e2f5..6b41e3b97bb70 100644 --- a/integrations/api_issue_label_test.go +++ b/integrations/api_issue_label_test.go @@ -23,12 +23,13 @@ func TestAPIAddIssueLabels(t *testing.T) { label := models.AssertExistsAndLoadBean(t, &models.Label{RepoID: repo.ID}).(*models.Label) owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) - urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/labels", - owner.Name, repo.Name, issue.Index) + session := loginUser(t, owner.Name) + token := getTokenForLoggedInUser(t, session) + urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/labels?token=%s", + owner.Name, repo.Name, issue.Index, token) req := NewRequestWithJSON(t, "POST", urlStr, &api.IssueLabelsOption{ Labels: []int64{label.ID}, }) - session := loginUser(t, owner.Name) resp := session.MakeRequest(t, req, http.StatusOK) var apiLabels []*api.Label DecodeJSON(t, resp, &apiLabels) @@ -45,12 +46,13 @@ func TestAPIReplaceIssueLabels(t *testing.T) { label := models.AssertExistsAndLoadBean(t, &models.Label{RepoID: repo.ID}).(*models.Label) owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) - urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/labels", + session := loginUser(t, owner.Name) + token := getTokenForLoggedInUser(t, session) + urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/labels?token=%s", owner.Name, repo.Name, issue.Index) req := NewRequestWithJSON(t, "PUT", urlStr, &api.IssueLabelsOption{ Labels: []int64{label.ID}, }) - session := loginUser(t, owner.Name) resp := session.MakeRequest(t, req, http.StatusOK) var apiLabels []*api.Label DecodeJSON(t, resp, &apiLabels) From eb6be564bca45a4ac3e37f6bd90be09d8d6c8de3 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 17:42:03 -0400 Subject: [PATCH 25/41] Update api_admin_test.go --- integrations/api_admin_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/integrations/api_admin_test.go b/integrations/api_admin_test.go index f02ddacb2fd14..ed222c9e18d77 100644 --- a/integrations/api_admin_test.go +++ b/integrations/api_admin_test.go @@ -37,8 +37,8 @@ func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) { OwnerID: keyOwner.ID, }) - req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s", - keyOwner.Name, newPublicKey.ID, token) + req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token="+token, + keyOwner.Name, newPublicKey.ID) session.MakeRequest(t, req, http.StatusNoContent) models.AssertNotExistsBean(t, &models.PublicKey{ID: newPublicKey.ID}) } @@ -49,7 +49,7 @@ func TestAPIAdminDeleteMissingSSHKey(t *testing.T) { session := loginUser(t, "user1") token := getTokenForLoggedInUser(t, session) - req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d?token=%s", models.NonexistentID, token) + req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d?token="+token, models.NonexistentID) session.MakeRequest(t, req, http.StatusNotFound) } @@ -70,7 +70,7 @@ func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) { DecodeJSON(t, resp, &newPublicKey) session = loginUser(t, normalUsername) - req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s", - adminUsername, newPublicKey.ID, token) + req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token="+token, + adminUsername, newPublicKey.ID) session.MakeRequest(t, req, http.StatusForbidden) } From f60b486537688108192dc624b8d710ae55b9dfc9 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 17:46:34 -0400 Subject: [PATCH 26/41] Update api_issue_label_test.go --- integrations/api_issue_label_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integrations/api_issue_label_test.go b/integrations/api_issue_label_test.go index 6b41e3b97bb70..57ca07337db90 100644 --- a/integrations/api_issue_label_test.go +++ b/integrations/api_issue_label_test.go @@ -49,7 +49,7 @@ func TestAPIReplaceIssueLabels(t *testing.T) { session := loginUser(t, owner.Name) token := getTokenForLoggedInUser(t, session) urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/labels?token=%s", - owner.Name, repo.Name, issue.Index) + owner.Name, repo.Name, issue.Index, token) req := NewRequestWithJSON(t, "PUT", urlStr, &api.IssueLabelsOption{ Labels: []int64{label.ID}, }) From 30c10c9b5245588f63220101451e3ecc8405c42f Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 17:49:14 -0400 Subject: [PATCH 27/41] Update api_issue_test.go --- integrations/api_issue_test.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/integrations/api_issue_test.go b/integrations/api_issue_test.go index 74436ffe9e789..97207f3368e1b 100644 --- a/integrations/api_issue_test.go +++ b/integrations/api_issue_test.go @@ -22,8 +22,9 @@ func TestAPIListIssues(t *testing.T) { owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) session := loginUser(t, owner.Name) - req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/issues?state=all", - owner.Name, repo.Name) + token := getTokenForLoggedInUser(t, session) + req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/issues?state=all&token=%s", + owner.Name, repo.Name, token) resp := session.MakeRequest(t, req, http.StatusOK) var apiIssues []*api.Issue DecodeJSON(t, resp, &apiIssues) @@ -41,8 +42,8 @@ func TestAPICreateIssue(t *testing.T) { owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) session := loginUser(t, owner.Name) - - urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues?state=all", owner.Name, repo.Name) + token := getTokenForLoggedInUser(t, session) + urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues?state=all&token=%s", owner.Name, repo.Name, token) req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateIssueOption{ Body: body, Title: title, From 4e5a2e974c2f8956461f139e00e6a9bf10c18f8e Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 17:50:04 -0400 Subject: [PATCH 28/41] Update api_keys_test.go --- integrations/api_keys_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/integrations/api_keys_test.go b/integrations/api_keys_test.go index b2ae1035ce10e..8c83ae42c5003 100644 --- a/integrations/api_keys_test.go +++ b/integrations/api_keys_test.go @@ -46,8 +46,8 @@ func TestCreateReadOnlyDeployKey(t *testing.T) { repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) session := loginUser(t, repoOwner.Name) - - keysURL := fmt.Sprintf("/api/v1/repos/%s/%s/keys", repoOwner.Name, repo.Name) + token := getTokenForLoggedInUser(t, session) + keysURL := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", repoOwner.Name, repo.Name, token) rawKeyBody := api.CreateKeyOption{ Title: "read-only", Key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n", @@ -72,8 +72,8 @@ func TestCreateReadWriteDeployKey(t *testing.T) { repoOwner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) session := loginUser(t, repoOwner.Name) - - keysURL := fmt.Sprintf("/api/v1/repos/%s/%s/keys", repoOwner.Name, repo.Name) + token := getTokenForLoggedInUser(t, session) + keysURL := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", repoOwner.Name, repo.Name, token) rawKeyBody := api.CreateKeyOption{ Title: "read-write", Key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsufOCrDDlT8DLkodnnJtbq7uGflcPae7euTfM+Laq4So+v4WeSV362Rg0O/+Sje1UthrhN6lQkfRkdWIlCRQEXg+LMqr6RhvDfZquE2Xwqv/itlz7LjbdAUdYoO1iH7rMSmYvQh4WEnC/DAacKGbhdGIM/ZBz0z6tHm7bPgbI9ykEKekTmPwQFP1Qebvf5NYOFMWqQ2sCEAI9dBMVLoojsIpV+KADf+BotiIi8yNfTG2rzmzpxBpW9fYjd1Sy1yd4NSUpoPbEJJYJ1TrjiSWlYOVq9Ar8xW1O87i6gBjL/3zN7ANeoYhaAXupdOS6YL22YOK/yC0tJtXwwdh/eSrh", From cd37ebbe8aa436bc067ad3305fae7e88e9ec6bb2 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 18:19:51 -0400 Subject: [PATCH 29/41] Update api_admin_test.go --- integrations/api_admin_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/integrations/api_admin_test.go b/integrations/api_admin_test.go index ed222c9e18d77..2b9e52a5ad0b5 100644 --- a/integrations/api_admin_test.go +++ b/integrations/api_admin_test.go @@ -70,6 +70,7 @@ func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) { DecodeJSON(t, resp, &newPublicKey) session = loginUser(t, normalUsername) + token = getTokenForLoggedInUser(t, session) req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token="+token, adminUsername, newPublicKey.ID) session.MakeRequest(t, req, http.StatusForbidden) From 759772baff4281a7f9151f4e0758d90c22118b7d Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 18:22:24 -0400 Subject: [PATCH 30/41] Update api_gpg_keys_test.go --- integrations/api_gpg_keys_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integrations/api_gpg_keys_test.go b/integrations/api_gpg_keys_test.go index a8aa52ee0b253..0973fd33a3892 100644 --- a/integrations/api_gpg_keys_test.go +++ b/integrations/api_gpg_keys_test.go @@ -28,7 +28,7 @@ func TestGPGKeys(t *testing.T) { token string results []int }{ - {name: "NoLogin", makeRequest: MakeRequest, token: token, + {name: "NoLogin", makeRequest: MakeRequest, token: "", results: []int{http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized}, }, {name: "LoggedAsUser2", makeRequest: session.MakeRequest, token: token, From 5f823141f3d0e97b9a79ecd403fdda3503e2d1d5 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 18:32:36 -0400 Subject: [PATCH 31/41] Update api_pull_test.go --- integrations/api_pull_test.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/integrations/api_pull_test.go b/integrations/api_pull_test.go index e56b91d8b9384..c416fee8bae45 100644 --- a/integrations/api_pull_test.go +++ b/integrations/api_pull_test.go @@ -23,7 +23,8 @@ func TestAPIViewPulls(t *testing.T) { owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) session := loginUser(t, "user2") - req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls?state=all", owner.Name, repo.Name) + token := getTokenForLoggedInUser(t, session) + req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls?state=all&token="+token, owner.Name, repo.Name) resp := session.MakeRequest(t, req, http.StatusOK) var pulls []*api.PullRequest @@ -47,7 +48,8 @@ func TestAPIMergePullWIP(t *testing.T) { assert.Contains(t, pr.Issue.Title, setting.Repository.PullRequest.WorkInProgressPrefixes[0]) session := loginUser(t, owner.Name) - req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d/merge", owner.Name, repo.Name, pr.Index), &auth.MergePullRequestForm{ + token := getTokenForLoggedInUser(t, session) + req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d/merge?token=%s", owner.Name, repo.Name, pr.Index, token), &auth.MergePullRequestForm{ MergeMessageField: pr.Issue.Title, Do: string(models.MergeStyleMerge), }) From 12324bfe15d235b9568ca24d4ed5e412079dee46 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 18:33:40 -0400 Subject: [PATCH 32/41] Update api_releases_test.go --- integrations/api_releases_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/integrations/api_releases_test.go b/integrations/api_releases_test.go index 678075935c6db..c8bad51c097cd 100644 --- a/integrations/api_releases_test.go +++ b/integrations/api_releases_test.go @@ -22,7 +22,7 @@ func TestAPICreateRelease(t *testing.T) { repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository) owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User) session := loginUser(t, owner.LowerName) - + token := getTokenForLoggedInUser(t, session) gitRepo, err := git.OpenRepository(repo.RepoPath()) assert.NoError(t, err) @@ -32,8 +32,8 @@ func TestAPICreateRelease(t *testing.T) { commitID, err := gitRepo.GetTagCommitID("v0.0.1") assert.NoError(t, err) - urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/releases", - owner.Name, repo.Name) + urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/releases?token=%s", + owner.Name, repo.Name, token) req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateReleaseOption{ TagName: "v0.0.1", Title: "v0.0.1", @@ -53,8 +53,8 @@ func TestAPICreateRelease(t *testing.T) { Note: newRelease.Note, }) - urlStr = fmt.Sprintf("/api/v1/repos/%s/%s/releases/%d", - owner.Name, repo.Name, newRelease.ID) + urlStr = fmt.Sprintf("/api/v1/repos/%s/%s/releases/%d?token=%s", + owner.Name, repo.Name, newRelease.ID, token) req = NewRequest(t, "GET", urlStr) resp = session.MakeRequest(t, req, http.StatusOK) From 85245a8dcf3e59bc8ced5d903a487cc61547fe93 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 18:38:41 -0400 Subject: [PATCH 33/41] Update api_repo_raw_test.go --- integrations/api_repo_raw_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/integrations/api_repo_raw_test.go b/integrations/api_repo_raw_test.go index 7ef930ff3f649..d8da9c831d51d 100644 --- a/integrations/api_repo_raw_test.go +++ b/integrations/api_repo_raw_test.go @@ -16,16 +16,17 @@ func TestAPIReposRaw(t *testing.T) { user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User) // Login as User2. session := loginUser(t, user.Name) + token := getTokenForLoggedInUser(t, session) for _, ref := range [...]string{ "master", // Branch "v1.1", // Tag "65f1bf27bc3bf70f64657658635e66094edbcb4d", // Commit } { - req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/%s/README.md", user.Name, ref) + req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/%s/README.md?token="+token, user.Name, ref) session.MakeRequest(t, req, http.StatusOK) } // Test default branch - req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/README.md", user.Name) + req := NewRequestf(t, "GET", "/api/v1/repos/%s/repo1/raw/README.md?token="+token, user.Name) session.MakeRequest(t, req, http.StatusOK) } From a3a0362fc366a06b43944d4dd4f12a152390199d Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 19:10:13 -0400 Subject: [PATCH 34/41] Update api_repo_test.go --- integrations/api_repo_test.go | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/integrations/api_repo_test.go b/integrations/api_repo_test.go index aec8c8f81bd7d..64352cf3b4075 100644 --- a/integrations/api_repo_test.go +++ b/integrations/api_repo_test.go @@ -76,7 +76,7 @@ func TestAPISearchRepo(t *testing.T) { user: {count: 10}, user2: {count: 10}}, }, - {name: "RepositoriesDefaultMax10", requestURL: "/api/v1/repos/search", expectedResults: expectedResults{ + {name: "RepositoriesDefaultMax10", requestURL: "/api/v1/repos/search?default", expectedResults: expectedResults{ nil: {count: 10}, user: {count: 10}, user2: {count: 10}}, @@ -143,17 +143,20 @@ func TestAPISearchRepo(t *testing.T) { var session *TestSession var testName string var userID int64 + var token string if userToLogin != nil && userToLogin.ID > 0 { testName = fmt.Sprintf("LoggedUser%d", userToLogin.ID) session = loginUser(t, userToLogin.Name) + token = getTokenForLoggedInUser(t, session) userID = userToLogin.ID } else { testName = "AnonymousUser" session = emptyTestSession(t) + } t.Run(testName, func(t *testing.T) { - request := NewRequest(t, "GET", testCase.requestURL) + request := NewRequest(t, "GET", testCase.requestURL+"&token="+token) response := session.MakeRequest(t, request, http.StatusOK) var body api.SearchResults @@ -214,8 +217,8 @@ func TestAPIOrgRepos(t *testing.T) { sourceOrg := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User) // Login as User2. session := loginUser(t, user.Name) - - req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", sourceOrg.Name) + token := getTokenForLoggedInUser(t, session) + req := NewRequestf(t, "GET", "/api/v1/orgs/%s/repos?token="+token, sourceOrg.Name) resp := session.MakeRequest(t, req, http.StatusOK) var apiRepos []*api.Repository @@ -232,7 +235,8 @@ func TestAPIGetRepoByIDUnauthorized(t *testing.T) { prepareTestEnv(t) user := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User) sess := loginUser(t, user.Name) - req := NewRequestf(t, "GET", "/api/v1/repositories/2") + token := getTokenForLoggedInUser(t, session) + req := NewRequestf(t, "GET", "/api/v1/repositories/2?token="+token) sess.MakeRequest(t, req, http.StatusNotFound) } @@ -253,8 +257,8 @@ func TestAPIRepoMigrate(t *testing.T) { for _, testCase := range testCases { user := models.AssertExistsAndLoadBean(t, &models.User{ID: testCase.ctxUserID}).(*models.User) session := loginUser(t, user.Name) - - req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate", &api.MigrateRepoOption{ + token := getTokenForLoggedInUser(t, session) + req := NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate?token="+token, &api.MigrateRepoOption{ CloneAddr: testCase.cloneURL, UID: int(testCase.userID), RepoName: testCase.repoName, @@ -278,8 +282,8 @@ func TestAPIOrgRepoCreate(t *testing.T) { for _, testCase := range testCases { user := models.AssertExistsAndLoadBean(t, &models.User{ID: testCase.ctxUserID}).(*models.User) session := loginUser(t, user.Name) - - req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/org/%s/repos", testCase.orgName), &api.CreateRepoOption{ + token := getTokenForLoggedInUser(t, session) + req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/org/%s/repos?token="+token, testCase.orgName), &api.CreateRepoOption{ Name: testCase.repoName, }) session.MakeRequest(t, req, testCase.expectedStatus) From c35f5dce720700cadc7be937d8c92653932d1718 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 19:10:51 -0400 Subject: [PATCH 35/41] Update api_team_test.go --- integrations/api_team_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/integrations/api_team_test.go b/integrations/api_team_test.go index b8d21be539f05..f59d95c712281 100644 --- a/integrations/api_team_test.go +++ b/integrations/api_team_test.go @@ -21,7 +21,8 @@ func TestAPITeam(t *testing.T) { user := models.AssertExistsAndLoadBean(t, &models.User{ID: teamUser.UID}).(*models.User) session := loginUser(t, user.Name) - req := NewRequestf(t, "GET", "/api/v1/teams/%d", teamUser.TeamID) + token := getTokenForLoggedInUser(t, session) + req := NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamUser.TeamID) resp := session.MakeRequest(t, req, http.StatusOK) var apiTeam api.Team From 8f7a754b0b8e2b03e9b546a4a43f9d4f6e1b5cd7 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 19:13:24 -0400 Subject: [PATCH 36/41] Update api_repo_test.go --- integrations/api_repo_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/integrations/api_repo_test.go b/integrations/api_repo_test.go index 64352cf3b4075..8b06e689210da 100644 --- a/integrations/api_repo_test.go +++ b/integrations/api_repo_test.go @@ -152,7 +152,6 @@ func TestAPISearchRepo(t *testing.T) { } else { testName = "AnonymousUser" session = emptyTestSession(t) - } t.Run(testName, func(t *testing.T) { From 8f6353a537aa3b2b9c9dcc5fbf23bb9e08c7d972 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 19:18:05 -0400 Subject: [PATCH 37/41] Update api_repo_test.go --- integrations/api_repo_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/integrations/api_repo_test.go b/integrations/api_repo_test.go index 8b06e689210da..3f3ffb63c0703 100644 --- a/integrations/api_repo_test.go +++ b/integrations/api_repo_test.go @@ -233,10 +233,10 @@ func TestAPIOrgRepos(t *testing.T) { func TestAPIGetRepoByIDUnauthorized(t *testing.T) { prepareTestEnv(t) user := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User) - sess := loginUser(t, user.Name) + session := loginUser(t, user.Name) token := getTokenForLoggedInUser(t, session) req := NewRequestf(t, "GET", "/api/v1/repositories/2?token="+token) - sess.MakeRequest(t, req, http.StatusNotFound) + session.MakeRequest(t, req, http.StatusNotFound) } func TestAPIRepoMigrate(t *testing.T) { From 60d407b845ce6f6dfcab4076f5feb5cea4ad08db Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 20:39:37 -0400 Subject: [PATCH 38/41] Update repo_commits_test.go --- integrations/repo_commits_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/integrations/repo_commits_test.go b/integrations/repo_commits_test.go index 94d513370de10..48aac1802bd2a 100644 --- a/integrations/repo_commits_test.go +++ b/integrations/repo_commits_test.go @@ -33,6 +33,7 @@ func doTestRepoCommitWithStatus(t *testing.T, state string, classes ...string) { prepareTestEnv(t) session := loginUser(t, "user2") + token := getTokenForLoggedInUser(t, session) // Request repository commits page req := NewRequest(t, "GET", "/user2/repo1/commits/branch/master") @@ -45,7 +46,7 @@ func doTestRepoCommitWithStatus(t *testing.T, state string, classes ...string) { assert.NotEmpty(t, commitURL) // Call API to add status for commit - req = NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/statuses/"+path.Base(commitURL), + req = NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/statuses/"+path.Base(commitURL)+"?token="+token, api.CreateStatusOption{ State: api.StatusState(state), TargetURL: "http://test.ci/", From 8646332be37cfedd9e930460e9ed521b174fbd15 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 5 Sep 2018 20:41:54 -0400 Subject: [PATCH 39/41] Update git_test.go --- integrations/git_test.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/integrations/git_test.go b/integrations/git_test.go index 49f75c4a4afc8..7ac375dd029d6 100644 --- a/integrations/git_test.go +++ b/integrations/git_test.go @@ -75,7 +75,8 @@ func TestGit(t *testing.T) { t.Run("CreateRepo", func(t *testing.T) { session := loginUser(t, "user2") - req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos", &api.CreateRepoOption{ + token := getTokenForLoggedInUser(t, session) + req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+token, &api.CreateRepoOption{ AutoInit: true, Description: "Temporary repo", Name: "repo-tmp-17", @@ -166,7 +167,8 @@ func TestGit(t *testing.T) { t.Run("Standard", func(t *testing.T) { t.Run("CreateRepo", func(t *testing.T) { session := loginUser(t, "user2") - req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos", &api.CreateRepoOption{ + token := getTokenForLoggedInUser(t, session) + req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+token, &api.CreateRepoOption{ AutoInit: true, Description: "Temporary repo", Name: "repo-tmp-18", From a74435b40ad17294470faaef0591d43ff73d2c90 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 10 Sep 2018 11:23:41 -0400 Subject: [PATCH 40/41] Update api_admin_test.go --- integrations/api_admin_test.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/integrations/api_admin_test.go b/integrations/api_admin_test.go index 45c770dd4c111..2f4cb6a03504c 100644 --- a/integrations/api_admin_test.go +++ b/integrations/api_admin_test.go @@ -83,8 +83,9 @@ func TestAPISudoUser(t *testing.T) { adminUsername := "user1" normalUsername := "user2" session := loginUser(t, adminUsername) + token = getTokenForLoggedInUser(t, session) - urlStr := fmt.Sprintf("/api/v1/user?sudo=%s", normalUsername) + urlStr := fmt.Sprintf("/api/v1/user?sudo=%s&token=%s", normalUsername, token) req := NewRequest(t, "GET", urlStr) resp := session.MakeRequest(t, req, http.StatusOK) var user api.User @@ -99,8 +100,9 @@ func TestAPISudoUserForbidden(t *testing.T) { normalUsername := "user2" session := loginUser(t, normalUsername) + token = getTokenForLoggedInUser(t, session) - urlStr := fmt.Sprintf("/api/v1/user?sudo=%s", adminUsername) + urlStr := fmt.Sprintf("/api/v1/user?sudo=%s&token=%s", adminUsername, token) req := NewRequest(t, "GET", urlStr) session.MakeRequest(t, req, http.StatusForbidden) } From 3d73f40d7310d31d00c5fbe4b36bc8cde7a6dce3 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Mon, 10 Sep 2018 11:38:32 -0400 Subject: [PATCH 41/41] Update api_admin_test.go --- integrations/api_admin_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/integrations/api_admin_test.go b/integrations/api_admin_test.go index 2f4cb6a03504c..f801b08d39e4b 100644 --- a/integrations/api_admin_test.go +++ b/integrations/api_admin_test.go @@ -83,7 +83,7 @@ func TestAPISudoUser(t *testing.T) { adminUsername := "user1" normalUsername := "user2" session := loginUser(t, adminUsername) - token = getTokenForLoggedInUser(t, session) + token := getTokenForLoggedInUser(t, session) urlStr := fmt.Sprintf("/api/v1/user?sudo=%s&token=%s", normalUsername, token) req := NewRequest(t, "GET", urlStr) @@ -100,7 +100,7 @@ func TestAPISudoUserForbidden(t *testing.T) { normalUsername := "user2" session := loginUser(t, normalUsername) - token = getTokenForLoggedInUser(t, session) + token := getTokenForLoggedInUser(t, session) urlStr := fmt.Sprintf("/api/v1/user?sudo=%s&token=%s", adminUsername, token) req := NewRequest(t, "GET", urlStr)