Do not allow commiting to protected branch from online editor (#1502)
* Do not allow commiting to protected branch from online editor * Add editor integration tests for adding new file and not allowing to add new file to protected branchrelease/v1.2
parent
3ebbdfaa75
commit
0144817971
@ -0,0 +1,106 @@
|
||||
// Copyright 2017 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package integrations
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestCreateFile(t *testing.T) {
|
||||
prepareTestEnv(t)
|
||||
|
||||
session := loginUser(t, "user2", "password")
|
||||
|
||||
// Request editor page
|
||||
req, err := http.NewRequest("GET", "/user2/repo1/_new/master/", nil)
|
||||
assert.NoError(t, err)
|
||||
resp := session.MakeRequest(t, req)
|
||||
assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
|
||||
|
||||
doc, err := NewHtmlParser(resp.Body)
|
||||
assert.NoError(t, err)
|
||||
lastCommit := doc.GetInputValueByName("last_commit")
|
||||
assert.NotEmpty(t, lastCommit)
|
||||
|
||||
// Save new file to master branch
|
||||
req, err = http.NewRequest("POST", "/user2/repo1/_new/master/",
|
||||
bytes.NewBufferString(url.Values{
|
||||
"_csrf": []string{doc.GetInputValueByName("_csrf")},
|
||||
"last_commit": []string{lastCommit},
|
||||
"tree_path": []string{"test.txt"},
|
||||
"content": []string{"Content"},
|
||||
"commit_choice": []string{"direct"},
|
||||
}.Encode()),
|
||||
)
|
||||
assert.NoError(t, err)
|
||||
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
||||
resp = session.MakeRequest(t, req)
|
||||
assert.EqualValues(t, http.StatusFound, resp.HeaderCode)
|
||||
}
|
||||
|
||||
func TestCreateFileOnProtectedBranch(t *testing.T) {
|
||||
prepareTestEnv(t)
|
||||
|
||||
session := loginUser(t, "user2", "password")
|
||||
|
||||
// Open repository branch settings
|
||||
req, err := http.NewRequest("GET", "/user2/repo1/settings/branches", nil)
|
||||
assert.NoError(t, err)
|
||||
resp := session.MakeRequest(t, req)
|
||||
assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
|
||||
|
||||
doc, err := NewHtmlParser(resp.Body)
|
||||
assert.NoError(t, err)
|
||||
|
||||
// Change master branch to protected
|
||||
req, err = http.NewRequest("POST", "/user2/repo1/settings/branches?action=protected_branch",
|
||||
bytes.NewBufferString(url.Values{
|
||||
"_csrf": []string{doc.GetInputValueByName("_csrf")},
|
||||
"branchName": []string{"master"},
|
||||
"canPush": []string{"true"},
|
||||
}.Encode()),
|
||||
)
|
||||
assert.NoError(t, err)
|
||||
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
||||
resp = session.MakeRequest(t, req)
|
||||
assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
|
||||
// Check if master branch has been locked successfully
|
||||
flashCookie := session.GetCookie("macaron_flash")
|
||||
assert.NotNil(t, flashCookie)
|
||||
assert.EqualValues(t, flashCookie.Value, "success%3Dmaster%2BLocked%2Bsuccessfully")
|
||||
|
||||
// Request editor page
|
||||
req, err = http.NewRequest("GET", "/user2/repo1/_new/master/", nil)
|
||||
assert.NoError(t, err)
|
||||
resp = session.MakeRequest(t, req)
|
||||
assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
|
||||
|
||||
doc, err = NewHtmlParser(resp.Body)
|
||||
assert.NoError(t, err)
|
||||
lastCommit := doc.GetInputValueByName("last_commit")
|
||||
assert.NotEmpty(t, lastCommit)
|
||||
|
||||
// Save new file to master branch
|
||||
req, err = http.NewRequest("POST", "/user2/repo1/_new/master/",
|
||||
bytes.NewBufferString(url.Values{
|
||||
"_csrf": []string{doc.GetInputValueByName("_csrf")},
|
||||
"last_commit": []string{lastCommit},
|
||||
"tree_path": []string{"test.txt"},
|
||||
"content": []string{"Content"},
|
||||
"commit_choice": []string{"direct"},
|
||||
}.Encode()),
|
||||
)
|
||||
assert.NoError(t, err)
|
||||
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
||||
resp = session.MakeRequest(t, req)
|
||||
assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
|
||||
// Check body for error message
|
||||
assert.Contains(t, string(resp.Body), "Can not commit to protected branch 'master'.")
|
||||
}
|
@ -0,0 +1,110 @@
|
||||
// Copyright 2017 The Gitea Authors. All rights reserved.
|
||||
// Use of this source code is governed by a MIT-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package integrations
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
|
||||
"golang.org/x/net/html"
|
||||
)
|
||||
|
||||
type HtmlDoc struct {
|
||||
doc *html.Node
|
||||
body *html.Node
|
||||
}
|
||||
|
||||
func NewHtmlParser(content []byte) (*HtmlDoc, error) {
|
||||
doc, err := html.Parse(bytes.NewReader(content))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return &HtmlDoc{doc: doc}, nil
|
||||
}
|
||||
|
||||
func (doc *HtmlDoc) GetBody() *html.Node {
|
||||
if doc.body == nil {
|
||||
var b *html.Node
|
||||
var f func(*html.Node)
|
||||
f = func(n *html.Node) {
|
||||
if n.Type == html.ElementNode && n.Data == "body" {
|
||||
b = n
|
||||
return
|
||||
}
|
||||
for c := n.FirstChild; c != nil; c = c.NextSibling {
|
||||
f(c)
|
||||
}
|
||||
}
|
||||
f(doc.doc)
|
||||
if b != nil {
|
||||
doc.body = b
|
||||
} else {
|
||||
doc.body = doc.doc
|
||||
}
|
||||
}
|
||||
return doc.body
|
||||
}
|
||||
|
||||
func (doc *HtmlDoc) GetAttribute(n *html.Node, key string) (string, bool) {
|
||||
for _, attr := range n.Attr {
|
||||
if attr.Key == key {
|
||||
return attr.Val, true
|
||||
}
|
||||
}
|
||||
return "", false
|
||||
}
|
||||
|
||||
func (doc *HtmlDoc) checkAttr(n *html.Node, attr, val string) bool {
|
||||
if n.Type == html.ElementNode {
|
||||
s, ok := doc.GetAttribute(n, attr)
|
||||
if ok && s == val {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (doc *HtmlDoc) traverse(n *html.Node, attr, val string) *html.Node {
|
||||
if doc.checkAttr(n, attr, val) {
|
||||
return n
|
||||
}
|
||||
|
||||
for c := n.FirstChild; c != nil; c = c.NextSibling {
|
||||
result := doc.traverse(c, attr, val)
|
||||
if result != nil {
|
||||
return result
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (doc *HtmlDoc) GetElementById(id string) *html.Node {
|
||||
return doc.traverse(doc.GetBody(), "id", id)
|
||||
}
|
||||
|
||||
func (doc *HtmlDoc) GetInputValueById(id string) string {
|
||||
inp := doc.GetElementById(id)
|
||||
if inp == nil {
|
||||
return ""
|
||||
}
|
||||
|
||||
val, _ := doc.GetAttribute(inp, "value")
|
||||
return val
|
||||
}
|
||||
|
||||
func (doc *HtmlDoc) GetElementByName(name string) *html.Node {
|
||||
return doc.traverse(doc.GetBody(), "name", name)
|
||||
}
|
||||
|
||||
func (doc *HtmlDoc) GetInputValueByName(name string) string {
|
||||
inp := doc.GetElementByName(name)
|
||||
if inp == nil {
|
||||
return ""
|
||||
}
|
||||
|
||||
val, _ := doc.GetAttribute(inp, "value")
|
||||
return val
|
||||
}
|
Loading…
Reference in new issue