Merge pull request '[GITEA] Make confirmation clearer for dangerous actions' (#1431) from Gusted/forgejo:forgejo-confirmation-include-ownername into forgejo-dependency
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1431
This commit is contained in:
commit
f1b5449696
4 changed files with 150 additions and 11 deletions
|
@ -667,7 +667,7 @@ func SettingsPost(ctx *context.Context) {
|
||||||
ctx.Error(http.StatusNotFound)
|
ctx.Error(http.StatusNotFound)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if repo.Name != form.RepoName {
|
if repo.FullName() != form.RepoName {
|
||||||
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
|
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -698,7 +698,7 @@ func SettingsPost(ctx *context.Context) {
|
||||||
ctx.ServerError("Convert Fork", err)
|
ctx.ServerError("Convert Fork", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if repo.Name != form.RepoName {
|
if repo.FullName() != form.RepoName {
|
||||||
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
|
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -731,7 +731,7 @@ func SettingsPost(ctx *context.Context) {
|
||||||
ctx.Error(http.StatusNotFound)
|
ctx.Error(http.StatusNotFound)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if repo.Name != form.RepoName {
|
if repo.FullName() != form.RepoName {
|
||||||
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
|
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -813,7 +813,7 @@ func SettingsPost(ctx *context.Context) {
|
||||||
ctx.Error(http.StatusNotFound)
|
ctx.Error(http.StatusNotFound)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if repo.Name != form.RepoName {
|
if repo.FullName() != form.RepoName {
|
||||||
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
|
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -837,7 +837,7 @@ func SettingsPost(ctx *context.Context) {
|
||||||
ctx.Error(http.StatusNotFound)
|
ctx.Error(http.StatusNotFound)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if repo.Name != form.RepoName {
|
if repo.FullName() != form.RepoName {
|
||||||
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
|
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -817,7 +817,7 @@
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<label>
|
<label>
|
||||||
{{.locale.Tr "repo.settings.transfer_form_title"}}
|
{{.locale.Tr "repo.settings.transfer_form_title"}}
|
||||||
<span class="text red">{{.Repository.Name}}</span>
|
<span class="text red">{{.Repository.FullName}}</span>
|
||||||
</label>
|
</label>
|
||||||
</div>
|
</div>
|
||||||
<div class="required field">
|
<div class="required field">
|
||||||
|
@ -848,7 +848,7 @@
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<label>
|
<label>
|
||||||
{{.locale.Tr "repo.settings.transfer_form_title"}}
|
{{.locale.Tr "repo.settings.transfer_form_title"}}
|
||||||
<span class="text red">{{.Repository.Name}}</span>
|
<span class="text red">{{.Repository.FullName}}</span>
|
||||||
</label>
|
</label>
|
||||||
</div>
|
</div>
|
||||||
<div class="required field">
|
<div class="required field">
|
||||||
|
@ -880,7 +880,7 @@
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<label>
|
<label>
|
||||||
{{.locale.Tr "repo.settings.transfer_form_title"}}
|
{{.locale.Tr "repo.settings.transfer_form_title"}}
|
||||||
<span class="text red">{{.Repository.Name}}</span>
|
<span class="text red">{{.Repository.FullName}}</span>
|
||||||
</label>
|
</label>
|
||||||
</div>
|
</div>
|
||||||
<div class="required field">
|
<div class="required field">
|
||||||
|
@ -918,7 +918,7 @@
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<label>
|
<label>
|
||||||
{{.locale.Tr "repo.settings.transfer_form_title"}}
|
{{.locale.Tr "repo.settings.transfer_form_title"}}
|
||||||
<span class="text red">{{.Repository.Name}}</span>
|
<span class="text red">{{.Repository.FullName}}</span>
|
||||||
</label>
|
</label>
|
||||||
</div>
|
</div>
|
||||||
<div class="required field">
|
<div class="required field">
|
||||||
|
@ -950,7 +950,7 @@
|
||||||
<div class="field">
|
<div class="field">
|
||||||
<label>
|
<label>
|
||||||
{{.locale.Tr "repo.settings.transfer_form_title"}}
|
{{.locale.Tr "repo.settings.transfer_form_title"}}
|
||||||
<span class="text red">{{.Repository.Name}}</span>
|
<span class="text red">{{.Repository.FullName}}</span>
|
||||||
</label>
|
</label>
|
||||||
</div>
|
</div>
|
||||||
<div class="required field">
|
<div class="required field">
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
package integration
|
package integration
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
@ -129,7 +130,7 @@ func testDeleteRepository(t *testing.T, session *TestSession, ownerName, repoNam
|
||||||
|
|
||||||
req = NewRequestWithValues(t, "POST", relURL+"?action=delete", map[string]string{
|
req = NewRequestWithValues(t, "POST", relURL+"?action=delete", map[string]string{
|
||||||
"_csrf": htmlDoc.GetCSRF(),
|
"_csrf": htmlDoc.GetCSRF(),
|
||||||
"repo_name": repoName,
|
"repo_name": fmt.Sprintf("%s/%s", ownerName, repoName),
|
||||||
})
|
})
|
||||||
session.MakeRequest(t, req, http.StatusSeeOther)
|
session.MakeRequest(t, req, http.StatusSeeOther)
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,12 +6,15 @@ package integration
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
"path"
|
"path"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
gitea_context "code.gitea.io/gitea/modules/context"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
"code.gitea.io/gitea/modules/translation"
|
||||||
"code.gitea.io/gitea/tests"
|
"code.gitea.io/gitea/tests"
|
||||||
|
|
||||||
"github.com/PuerkitoBio/goquery"
|
"github.com/PuerkitoBio/goquery"
|
||||||
|
@ -548,3 +551,138 @@ func TestRepoHTMLTitle(t *testing.T) {
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestDangerZoneConfirmation(t *testing.T) {
|
||||||
|
defer tests.PrepareTestEnv(t)()
|
||||||
|
mustInvalidRepoName := func(resp *httptest.ResponseRecorder) {
|
||||||
|
t.Helper()
|
||||||
|
|
||||||
|
htmlDoc := NewHTMLParser(t, resp.Body)
|
||||||
|
assert.Contains(t,
|
||||||
|
htmlDoc.doc.Find(".ui.negative.message").Text(),
|
||||||
|
translation.NewLocale("en-US").Tr("form.enterred_invalid_repo_name"),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
t.Run("Transfer ownership", func(t *testing.T) {
|
||||||
|
session := loginUser(t, "user2")
|
||||||
|
|
||||||
|
t.Run("Fail", func(t *testing.T) {
|
||||||
|
defer tests.PrintCurrentTest(t)()
|
||||||
|
|
||||||
|
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
|
||||||
|
"action": "transfer",
|
||||||
|
"repo_name": "repo1",
|
||||||
|
"new_owner_name": "user1",
|
||||||
|
})
|
||||||
|
resp := session.MakeRequest(t, req, http.StatusOK)
|
||||||
|
mustInvalidRepoName(resp)
|
||||||
|
})
|
||||||
|
t.Run("Pass", func(t *testing.T) {
|
||||||
|
defer tests.PrintCurrentTest(t)()
|
||||||
|
|
||||||
|
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
|
||||||
|
"action": "transfer",
|
||||||
|
"repo_name": "user2/repo1",
|
||||||
|
"new_owner_name": "user1",
|
||||||
|
})
|
||||||
|
session.MakeRequest(t, req, http.StatusSeeOther)
|
||||||
|
|
||||||
|
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
|
||||||
|
assert.NotNil(t, flashCookie)
|
||||||
|
assert.EqualValues(t, flashCookie.Value, "success%3DThis%2Brepository%2Bhas%2Bbeen%2Bmarked%2Bfor%2Btransfer%2Band%2Bawaits%2Bconfirmation%2Bfrom%2B%2522User%2BOne%2522")
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("Convert fork", func(t *testing.T) {
|
||||||
|
session := loginUser(t, "user20")
|
||||||
|
|
||||||
|
t.Run("Fail", func(t *testing.T) {
|
||||||
|
defer tests.PrintCurrentTest(t)()
|
||||||
|
|
||||||
|
req := NewRequestWithValues(t, "POST", "/user20/big_test_public_fork_7/settings", map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, session, "/user20/big_test_public_fork_7/settings"),
|
||||||
|
"action": "convert_fork",
|
||||||
|
"repo_name": "big_test_public_fork_7",
|
||||||
|
})
|
||||||
|
resp := session.MakeRequest(t, req, http.StatusOK)
|
||||||
|
mustInvalidRepoName(resp)
|
||||||
|
})
|
||||||
|
t.Run("Pass", func(t *testing.T) {
|
||||||
|
defer tests.PrintCurrentTest(t)()
|
||||||
|
|
||||||
|
req := NewRequestWithValues(t, "POST", "/user20/big_test_public_fork_7/settings", map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, session, "/user20/big_test_public_fork_7/settings"),
|
||||||
|
"action": "convert_fork",
|
||||||
|
"repo_name": "user20/big_test_public_fork_7",
|
||||||
|
})
|
||||||
|
session.MakeRequest(t, req, http.StatusSeeOther)
|
||||||
|
|
||||||
|
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
|
||||||
|
assert.NotNil(t, flashCookie)
|
||||||
|
assert.EqualValues(t, flashCookie.Value, "success%3DThe%2Bfork%2Bhas%2Bbeen%2Bconverted%2Binto%2Ba%2Bregular%2Brepository.")
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("Delete wiki", func(t *testing.T) {
|
||||||
|
session := loginUser(t, "user2")
|
||||||
|
|
||||||
|
t.Run("Fail", func(t *testing.T) {
|
||||||
|
defer tests.PrintCurrentTest(t)()
|
||||||
|
|
||||||
|
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
|
||||||
|
"action": "delete-wiki",
|
||||||
|
"repo_name": "repo1",
|
||||||
|
})
|
||||||
|
resp := session.MakeRequest(t, req, http.StatusOK)
|
||||||
|
mustInvalidRepoName(resp)
|
||||||
|
})
|
||||||
|
t.Run("Pass", func(t *testing.T) {
|
||||||
|
defer tests.PrintCurrentTest(t)()
|
||||||
|
|
||||||
|
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
|
||||||
|
"action": "delete-wiki",
|
||||||
|
"repo_name": "user2/repo1",
|
||||||
|
})
|
||||||
|
session.MakeRequest(t, req, http.StatusSeeOther)
|
||||||
|
|
||||||
|
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
|
||||||
|
assert.NotNil(t, flashCookie)
|
||||||
|
assert.EqualValues(t, flashCookie.Value, "success%3DThe%2Brepository%2Bwiki%2Bdata%2Bhas%2Bbeen%2Bdeleted.")
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("Delete", func(t *testing.T) {
|
||||||
|
session := loginUser(t, "user2")
|
||||||
|
|
||||||
|
t.Run("Fail", func(t *testing.T) {
|
||||||
|
defer tests.PrintCurrentTest(t)()
|
||||||
|
|
||||||
|
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
|
||||||
|
"action": "delete",
|
||||||
|
"repo_name": "repo1",
|
||||||
|
})
|
||||||
|
resp := session.MakeRequest(t, req, http.StatusOK)
|
||||||
|
mustInvalidRepoName(resp)
|
||||||
|
})
|
||||||
|
t.Run("Pass", func(t *testing.T) {
|
||||||
|
defer tests.PrintCurrentTest(t)()
|
||||||
|
|
||||||
|
req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, session, "/user2/repo1/settings"),
|
||||||
|
"action": "delete",
|
||||||
|
"repo_name": "user2/repo1",
|
||||||
|
})
|
||||||
|
session.MakeRequest(t, req, http.StatusSeeOther)
|
||||||
|
|
||||||
|
flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
|
||||||
|
assert.NotNil(t, flashCookie)
|
||||||
|
assert.EqualValues(t, flashCookie.Value, "success%3DThe%2Brepository%2Bhas%2Bbeen%2Bdeleted.")
|
||||||
|
})
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue