1
0
Fork 0

Merge pull request '[GITEA] Make confirmation clearer for dangerous actions' (#1431) from Gusted/forgejo:forgejo-confirmation-include-ownername into forgejo-dependency

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1431
This commit is contained in:
Gusted 2023-09-13 18:20:52 +00:00
commit f1b5449696
4 changed files with 150 additions and 11 deletions

View file

@ -667,7 +667,7 @@ func SettingsPost(ctx *context.Context) {
ctx.Error(http.StatusNotFound)
return
}
if repo.Name != form.RepoName {
if repo.FullName() != form.RepoName {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
return
}
@ -698,7 +698,7 @@ func SettingsPost(ctx *context.Context) {
ctx.ServerError("Convert Fork", err)
return
}
if repo.Name != form.RepoName {
if repo.FullName() != form.RepoName {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
return
}
@ -731,7 +731,7 @@ func SettingsPost(ctx *context.Context) {
ctx.Error(http.StatusNotFound)
return
}
if repo.Name != form.RepoName {
if repo.FullName() != form.RepoName {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
return
}
@ -813,7 +813,7 @@ func SettingsPost(ctx *context.Context) {
ctx.Error(http.StatusNotFound)
return
}
if repo.Name != form.RepoName {
if repo.FullName() != form.RepoName {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
return
}
@ -837,7 +837,7 @@ func SettingsPost(ctx *context.Context) {
ctx.Error(http.StatusNotFound)
return
}
if repo.Name != form.RepoName {
if repo.FullName() != form.RepoName {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
return
}

View file

@ -817,7 +817,7 @@
<div class="field">
<label>
{{.locale.Tr "repo.settings.transfer_form_title"}}
<span class="text red">{{.Repository.Name}}</span>
<span class="text red">{{.Repository.FullName}}</span>
</label>
</div>
<div class="required field">
@ -848,7 +848,7 @@
<div class="field">
<label>
{{.locale.Tr "repo.settings.transfer_form_title"}}
<span class="text red">{{.Repository.Name}}</span>
<span class="text red">{{.Repository.FullName}}</span>
</label>
</div>
<div class="required field">
@ -880,7 +880,7 @@
<div class="field">
<label>
{{.locale.Tr "repo.settings.transfer_form_title"}}
<span class="text red">{{.Repository.Name}}</span>
<span class="text red">{{.Repository.FullName}}</span>
</label>
</div>
<div class="required field">
@ -918,7 +918,7 @@
<div class="field">
<label>
{{.locale.Tr "repo.settings.transfer_form_title"}}
<span class="text red">{{.Repository.Name}}</span>
<span class="text red">{{.Repository.FullName}}</span>
</label>
</div>
<div class="required field">
@ -950,7 +950,7 @@
<div class="field">
<label>
{{.locale.Tr "repo.settings.transfer_form_title"}}
<span class="text red">{{.Repository.Name}}</span>
<span class="text red">{{.Repository.FullName}}</span>
</label>
</div>
<div class="required field">

View file

@ -4,6 +4,7 @@
package integration
import (
"fmt"
"net/http"
"net/http/httptest"
"net/url"
@ -129,7 +130,7 @@ func testDeleteRepository(t *testing.T, session *TestSession, ownerName, repoNam
req = NewRequestWithValues(t, "POST", relURL+"?action=delete", map[string]string{
"_csrf": htmlDoc.GetCSRF(),
"repo_name": repoName,
"repo_name": fmt.Sprintf("%s/%s", ownerName, repoName),
})
session.MakeRequest(t, req, http.StatusSeeOther)
}

View file

@ -6,12 +6,15 @@ package integration
import (
"fmt"
"net/http"
"net/http/httptest"
"path"
"strings"
"testing"
"time"
gitea_context "code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/translation"
"code.gitea.io/gitea/tests"
"github.com/PuerkitoBio/goquery"
@ -548,3 +551,138 @@ func TestRepoHTMLTitle(t *testing.T) {
})
})
}
func TestDangerZoneConfirmation(t *testing.T) {
defer tests.PrepareTestEnv(t)()
mustInvalidRepoName := func(resp *httptest.ResponseRecorder) {
t.Helper()
htmlDoc := NewHTMLParser(t, resp.Body)
assert.Contains(t,
htmlDoc.doc.Find(".ui.negative.message").Text(),
translation.NewLocale("en-US").Tr("form.enterred_invalid_repo_name"),
)
}
t.Run("Transfer ownership", func(t *testing.T) {
session := loginUser(t, "user2")
t.Run("Fail", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "transfer",
"repo_name": "repo1",
"new_owner_name": "user1",
})
resp := session.MakeRequest(t, req, http.StatusOK)
mustInvalidRepoName(resp)
})
t.Run("Pass", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "transfer",
"repo_name": "user2/repo1",
"new_owner_name": "user1",
})
session.MakeRequest(t, req, http.StatusSeeOther)
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
assert.NotNil(t, flashCookie)
assert.EqualValues(t, flashCookie.Value, "success%3DThis%2Brepository%2Bhas%2Bbeen%2Bmarked%2Bfor%2Btransfer%2Band%2Bawaits%2Bconfirmation%2Bfrom%2B%2522User%2BOne%2522")
})
})
t.Run("Convert fork", func(t *testing.T) {
session := loginUser(t, "user20")
t.Run("Fail", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user20/big_test_public_fork_7/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user20/big_test_public_fork_7/settings"),
"action": "convert_fork",
"repo_name": "big_test_public_fork_7",
})
resp := session.MakeRequest(t, req, http.StatusOK)
mustInvalidRepoName(resp)
})
t.Run("Pass", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user20/big_test_public_fork_7/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user20/big_test_public_fork_7/settings"),
"action": "convert_fork",
"repo_name": "user20/big_test_public_fork_7",
})
session.MakeRequest(t, req, http.StatusSeeOther)
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
assert.NotNil(t, flashCookie)
assert.EqualValues(t, flashCookie.Value, "success%3DThe%2Bfork%2Bhas%2Bbeen%2Bconverted%2Binto%2Ba%2Bregular%2Brepository.")
})
})
t.Run("Delete wiki", func(t *testing.T) {
session := loginUser(t, "user2")
t.Run("Fail", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "delete-wiki",
"repo_name": "repo1",
})
resp := session.MakeRequest(t, req, http.StatusOK)
mustInvalidRepoName(resp)
})
t.Run("Pass", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "delete-wiki",
"repo_name": "user2/repo1",
})
session.MakeRequest(t, req, http.StatusSeeOther)
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
assert.NotNil(t, flashCookie)
assert.EqualValues(t, flashCookie.Value, "success%3DThe%2Brepository%2Bwiki%2Bdata%2Bhas%2Bbeen%2Bdeleted.")
})
})
t.Run("Delete", func(t *testing.T) {
session := loginUser(t, "user2")
t.Run("Fail", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "delete",
"repo_name": "repo1",
})
resp := session.MakeRequest(t, req, http.StatusOK)
mustInvalidRepoName(resp)
})
t.Run("Pass", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
"action": "delete",
"repo_name": "user2/repo1",
})
session.MakeRequest(t, req, http.StatusSeeOther)
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
assert.NotNil(t, flashCookie)
assert.EqualValues(t, flashCookie.Value, "success%3DThe%2Brepository%2Bhas%2Bbeen%2Bdeleted.")
})
})
}