* Delete a user's public key via admin api * Test admin ssh endpoint for creating a new ssh key * Adapt public ssh key test to also test the delete operation * Test that deleting a missing key will result in a 404 * Test that a normal user can't delete another user's ssh key * Make DeletePublicKey return err * Update swagger doctokarchuk/v1.17
parent
c7fb6e3087
commit
469ab99e9a
@ -0,0 +1,73 @@ |
||||
// Copyright 2017 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package integrations |
||||
|
||||
import ( |
||||
"fmt" |
||||
"net/http" |
||||
"testing" |
||||
|
||||
"code.gitea.io/gitea/models" |
||||
api "code.gitea.io/sdk/gitea" |
||||
) |
||||
|
||||
func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) { |
||||
prepareTestEnv(t) |
||||
// user1 is an admin user
|
||||
session := loginUser(t, "user1") |
||||
keyOwner := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User) |
||||
|
||||
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", keyOwner.Name) |
||||
req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ |
||||
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n", |
||||
"title": "test-key", |
||||
}) |
||||
resp := session.MakeRequest(t, req, http.StatusCreated) |
||||
|
||||
var newPublicKey api.PublicKey |
||||
DecodeJSON(t, resp, &newPublicKey) |
||||
models.AssertExistsAndLoadBean(t, &models.PublicKey{ |
||||
ID: newPublicKey.ID, |
||||
Name: newPublicKey.Title, |
||||
Content: newPublicKey.Key, |
||||
Fingerprint: newPublicKey.Fingerprint, |
||||
OwnerID: keyOwner.ID, |
||||
}) |
||||
|
||||
req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d", |
||||
keyOwner.Name, newPublicKey.ID) |
||||
session.MakeRequest(t, req, http.StatusNoContent) |
||||
models.AssertNotExistsBean(t, &models.PublicKey{ID: newPublicKey.ID}) |
||||
} |
||||
|
||||
func TestAPIAdminDeleteMissingSSHKey(t *testing.T) { |
||||
prepareTestEnv(t) |
||||
// user1 is an admin user
|
||||
session := loginUser(t, "user1") |
||||
|
||||
req := NewRequestf(t, "DELETE", "/api/v1/admin/users/user1/keys/%d", models.NonexistentID) |
||||
session.MakeRequest(t, req, http.StatusNotFound) |
||||
} |
||||
|
||||
func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) { |
||||
prepareTestEnv(t) |
||||
adminUsername := "user1" |
||||
normalUsername := "user2" |
||||
session := loginUser(t, adminUsername) |
||||
|
||||
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys", adminUsername) |
||||
req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ |
||||
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAu7tvIvX6ZHrRXuZNfkR3XLHSsuCK9Zn3X58lxBcQzuo5xZgB6vRwwm/QtJuF+zZPtY5hsQILBLmF+BZ5WpKZp1jBeSjH2G7lxet9kbcH+kIVj0tPFEoyKI9wvWqIwC4prx/WVk2wLTJjzBAhyNxfEq7C9CeiX9pQEbEqJfkKCQ== nocomment\n", |
||||
"title": "test-key", |
||||
}) |
||||
resp := session.MakeRequest(t, req, http.StatusCreated) |
||||
var newPublicKey api.PublicKey |
||||
DecodeJSON(t, resp, &newPublicKey) |
||||
|
||||
session = loginUser(t, normalUsername) |
||||
req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d", |
||||
adminUsername, newPublicKey.ID) |
||||
session.MakeRequest(t, req, http.StatusForbidden) |
||||
} |
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue