From 36c43dbf82145c7e4480f207aee4de39b7fe397e Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Mon, 25 Dec 2023 13:50:03 +0100 Subject: [PATCH] [MODERATION] User blocking (squash) do not use token= query param See https://codeberg.org/forgejo/forgejo/commit/33439b733a (cherry picked from commit 82d3e78bf783200b85089a584d83558958e8328d) --- tests/integration/api_block_test.go | 36 ++++++++++++++--------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/tests/integration/api_block_test.go b/tests/integration/api_block_test.go index cbdcb29cf3..a69ee9b74f 100644 --- a/tests/integration/api_block_test.go +++ b/tests/integration/api_block_test.go @@ -28,7 +28,7 @@ func TestAPIUserBlock(t *testing.T) { t.Run("BlockUser", func(t *testing.T) { defer tests.PrintCurrentTest(t)() - req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/block/user2?token=%s", token)) + req := NewRequest(t, "PUT", "/api/v1/user/block/user2").AddTokenAuth(token) MakeRequest(t, req, http.StatusNoContent) unittest.AssertExistsAndLoadBean(t, &user_model.BlockedUser{UserID: 4, BlockID: 2}) @@ -37,7 +37,7 @@ func TestAPIUserBlock(t *testing.T) { t.Run("ListBlocked", func(t *testing.T) { defer tests.PrintCurrentTest(t)() - req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/list_blocked?token=%s", token)) + req := NewRequest(t, "GET", "/api/v1/user/list_blocked").AddTokenAuth(token) resp := MakeRequest(t, req, http.StatusOK) // One user just got blocked and the other one is defined in the fixtures. @@ -53,7 +53,7 @@ func TestAPIUserBlock(t *testing.T) { t.Run("UnblockUser", func(t *testing.T) { defer tests.PrintCurrentTest(t)() - req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/unblock/user2?token=%s", token)) + req := NewRequest(t, "PUT", "/api/v1/user/unblock/user2").AddTokenAuth(token) MakeRequest(t, req, http.StatusNoContent) unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 4, BlockID: 2}) @@ -65,7 +65,7 @@ func TestAPIUserBlock(t *testing.T) { t.Run("Block", func(t *testing.T) { defer tests.PrintCurrentTest(t)() - req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/block/%s?token=%s", org.Name, token)) + req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/block/%s", org.Name)).AddTokenAuth(token) MakeRequest(t, req, http.StatusUnprocessableEntity) unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 4, BlockID: org.ID}) @@ -74,7 +74,7 @@ func TestAPIUserBlock(t *testing.T) { t.Run("Unblock", func(t *testing.T) { defer tests.PrintCurrentTest(t)() - req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/unblock/%s?token=%s", org.Name, token)) + req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/unblock/%s", org.Name)).AddTokenAuth(token) MakeRequest(t, req, http.StatusUnprocessableEntity) }) }) @@ -91,7 +91,7 @@ func TestAPIOrgBlock(t *testing.T) { t.Run("BlockUser", func(t *testing.T) { defer tests.PrintCurrentTest(t)() - req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/block/user2?token=%s", org, token)) + req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/block/user2", org)).AddTokenAuth(token) MakeRequest(t, req, http.StatusNoContent) unittest.AssertExistsAndLoadBean(t, &user_model.BlockedUser{UserID: 6, BlockID: 2}) @@ -100,7 +100,7 @@ func TestAPIOrgBlock(t *testing.T) { t.Run("ListBlocked", func(t *testing.T) { defer tests.PrintCurrentTest(t)() - req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/list_blocked?token=%s", org, token)) + req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/list_blocked", org)).AddTokenAuth(token) resp := MakeRequest(t, req, http.StatusOK) assert.Equal(t, "1", resp.Header().Get("X-Total-Count")) @@ -114,7 +114,7 @@ func TestAPIOrgBlock(t *testing.T) { t.Run("UnblockUser", func(t *testing.T) { defer tests.PrintCurrentTest(t)() - req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/unblock/user2?token=%s", org, token)) + req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/unblock/user2", org)).AddTokenAuth(token) MakeRequest(t, req, http.StatusNoContent) unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 6, BlockID: 2}) @@ -126,7 +126,7 @@ func TestAPIOrgBlock(t *testing.T) { t.Run("Block", func(t *testing.T) { defer tests.PrintCurrentTest(t)() - req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/block/%s?token=%s", org, targetOrg.Name, token)) + req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/block/%s", org, targetOrg.Name)).AddTokenAuth(token) MakeRequest(t, req, http.StatusUnprocessableEntity) unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 4, BlockID: targetOrg.ID}) @@ -135,7 +135,7 @@ func TestAPIOrgBlock(t *testing.T) { t.Run("Unblock", func(t *testing.T) { defer tests.PrintCurrentTest(t)() - req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/unblock/%s?token=%s", org, targetOrg.Name, token)) + req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/unblock/%s", org, targetOrg.Name)).AddTokenAuth(token) MakeRequest(t, req, http.StatusUnprocessableEntity) }) }) @@ -146,7 +146,7 @@ func TestAPIOrgBlock(t *testing.T) { t.Run("Write action", func(t *testing.T) { defer tests.PrintCurrentTest(t)() - req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/block/user2?token=%s", org, token)) + req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/block/user2", org)).AddTokenAuth(token) MakeRequest(t, req, http.StatusForbidden) unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 6, BlockID: 2}) @@ -155,7 +155,7 @@ func TestAPIOrgBlock(t *testing.T) { t.Run("Read action", func(t *testing.T) { defer tests.PrintCurrentTest(t)() - req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/list_blocked?token=%s", org, token)) + req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/list_blocked", org)).AddTokenAuth(token) MakeRequest(t, req, http.StatusOK) }) }) @@ -170,19 +170,19 @@ func TestAPIOrgBlock(t *testing.T) { token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization) t.Run("Block user", func(t *testing.T) { - req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/block/user2?token=%s", org, token)) + req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/block/user2", org)).AddTokenAuth(token) MakeRequest(t, req, http.StatusForbidden) unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 3, BlockID: 2}) }) t.Run("Unblock user", func(t *testing.T) { - req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/unblock/user2?token=%s", org, token)) + req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/unblock/user2", org)).AddTokenAuth(token) MakeRequest(t, req, http.StatusForbidden) }) t.Run("List blocked users", func(t *testing.T) { - req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/list_blocked?token=%s", org, token)) + req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/orgs/%s/list_blocked", org)).AddTokenAuth(token) MakeRequest(t, req, http.StatusForbidden) }) }) @@ -202,7 +202,7 @@ func TestAPIBlock_AddCollaborator(t *testing.T) { session := loginUser(t, user1) token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteRepository) - req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/block/%s?token=%s", user2, token)) + req := NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/block/%s", user2)).AddTokenAuth(token) MakeRequest(t, req, http.StatusNoContent) unittest.AssertExistsAndLoadBean(t, &user_model.BlockedUser{UserID: 10, BlockID: 2}) @@ -212,7 +212,7 @@ func TestAPIBlock_AddCollaborator(t *testing.T) { session := loginUser(t, user2) token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository) - req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/%s/collaborators/%s?token=%s", user2, repo.Name, user1, token), collabOption) + req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/%s/collaborators/%s", user2, repo.Name, user1), collabOption).AddTokenAuth(token) session.MakeRequest(t, req, http.StatusForbidden) }) @@ -222,7 +222,7 @@ func TestAPIBlock_AddCollaborator(t *testing.T) { session := loginUser(t, user1) token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository) - req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/%s/collaborators/%s?token=%s", user1, repo.Name, user2, token), collabOption) + req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/%s/collaborators/%s", user1, repo.Name, user2), collabOption).AddTokenAuth(token) session.MakeRequest(t, req, http.StatusForbidden) }) }