// Copyright 2017 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. package models import ( "fmt" "math/rand" "strings" "testing" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/util" "github.com/stretchr/testify/assert" ) func TestUserIsPublicMember(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) tt := []struct { uid int64 orgid int64 expected bool }{ {2, 3, true}, {4, 3, false}, {5, 6, true}, {5, 7, false}, } for _, v := range tt { t.Run(fmt.Sprintf("UserId%dIsPublicMemberOf%d", v.uid, v.orgid), func(t *testing.T) { testUserIsPublicMember(t, v.uid, v.orgid, v.expected) }) } } func testUserIsPublicMember(t *testing.T, uid int64, orgID int64, expected bool) { user, err := GetUserByID(uid) assert.NoError(t, err) assert.Equal(t, expected, user.IsPublicMember(orgID)) } func TestIsUserOrgOwner(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) tt := []struct { uid int64 orgid int64 expected bool }{ {2, 3, true}, {4, 3, false}, {5, 6, true}, {5, 7, true}, } for _, v := range tt { t.Run(fmt.Sprintf("UserId%dIsOrgOwnerOf%d", v.uid, v.orgid), func(t *testing.T) { testIsUserOrgOwner(t, v.uid, v.orgid, v.expected) }) } } func testIsUserOrgOwner(t *testing.T, uid int64, orgID int64, expected bool) { user, err := GetUserByID(uid) assert.NoError(t, err) assert.Equal(t, expected, user.IsUserOrgOwner(orgID)) } func TestGetUserEmailsByNames(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) // ignore none active user email assert.Equal(t, []string{"user8@example.com"}, GetUserEmailsByNames([]string{"user8", "user9"})) assert.Equal(t, []string{"user8@example.com", "user5@example.com"}, GetUserEmailsByNames([]string{"user8", "user5"})) assert.Equal(t, []string{"user8@example.com"}, GetUserEmailsByNames([]string{"user8", "user7"})) } func TestUser_APIFormat(t *testing.T) { user, err := GetUserByID(1) assert.NoError(t, err) assert.True(t, user.IsAdmin) apiUser := user.APIFormat() assert.True(t, apiUser.IsAdmin) user, err = GetUserByID(2) assert.NoError(t, err) assert.False(t, user.IsAdmin) apiUser = user.APIFormat() assert.False(t, apiUser.IsAdmin) } func TestCanCreateOrganization(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) admin := AssertExistsAndLoadBean(t, &User{ID: 1}).(*User) assert.True(t, admin.CanCreateOrganization()) user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User) assert.True(t, user.CanCreateOrganization()) // Disable user create organization permission. user.AllowCreateOrganization = false assert.False(t, user.CanCreateOrganization()) setting.Admin.DisableRegularOrgCreation = true user.AllowCreateOrganization = true assert.True(t, admin.CanCreateOrganization()) assert.False(t, user.CanCreateOrganization()) } func TestSearchUsers(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) testSuccess := func(opts *SearchUserOptions, expectedUserOrOrgIDs []int64) { users, _, err := SearchUsers(opts) assert.NoError(t, err) if assert.Len(t, users, len(expectedUserOrOrgIDs)) { for i, expectedID := range expectedUserOrOrgIDs { assert.EqualValues(t, expectedID, users[i].ID) } } } // test orgs testOrgSuccess := func(opts *SearchUserOptions, expectedOrgIDs []int64) { opts.Type = UserTypeOrganization testSuccess(opts, expectedOrgIDs) } testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: ListOptions{Page: 1, PageSize: 2}}, []int64{3, 6}) testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: ListOptions{Page: 2, PageSize: 2}}, []int64{7, 17}) testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: ListOptions{Page: 3, PageSize: 2}}, []int64{19, 25}) testOrgSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: ListOptions{Page: 4, PageSize: 2}}, []int64{26}) testOrgSuccess(&SearchUserOptions{ListOptions: ListOptions{Page: 5, PageSize: 2}}, []int64{}) // test users testUserSuccess := func(opts *SearchUserOptions, expectedUserIDs []int64) { opts.Type = UserTypeIndividual testSuccess(opts, expectedUserIDs) } testUserSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: ListOptions{Page: 1}}, []int64{1, 2, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29}) testUserSuccess(&SearchUserOptions{ListOptions: ListOptions{Page: 1}, IsActive: util.OptionalBoolFalse}, []int64{9}) testUserSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue}, []int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 28, 29}) testUserSuccess(&SearchUserOptions{Keyword: "user1", OrderBy: "id ASC", ListOptions: ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue}, []int64{1, 10, 11, 12, 13, 14, 15, 16, 18}) // order by name asc default testUserSuccess(&SearchUserOptions{Keyword: "user1", ListOptions: ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue}, []int64{1, 10, 11, 12, 13, 14, 15, 16, 18}) } func TestDeleteUser(t *testing.T) { test := func(userID int64) { assert.NoError(t, PrepareTestDatabase()) user := AssertExistsAndLoadBean(t, &User{ID: userID}).(*User) ownedRepos := make([]*Repository, 0, 10) assert.NoError(t, x.Find(&ownedRepos, &Repository{OwnerID: userID})) if len(ownedRepos) > 0 { err := DeleteUser(user) assert.Error(t, err) assert.True(t, IsErrUserOwnRepos(err)) return } orgUsers := make([]*OrgUser, 0, 10) assert.NoError(t, x.Find(&orgUsers, &OrgUser{UID: userID})) for _, orgUser := range orgUsers { if err := RemoveOrgUser(orgUser.OrgID, orgUser.UID); err != nil { assert.True(t, IsErrLastOrgOwner(err)) return } } assert.NoError(t, DeleteUser(user)) AssertNotExistsBean(t, &User{ID: userID}) CheckConsistencyFor(t, &User{}, &Repository{}) } test(2) test(4) test(8) test(11) org := AssertExistsAndLoadBean(t, &User{ID: 3}).(*User) assert.Error(t, DeleteUser(org)) } func TestEmailNotificationPreferences(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) for _, test := range []struct { expected string userID int64 }{ {EmailNotificationsEnabled, 1}, {EmailNotificationsEnabled, 2}, {EmailNotificationsOnMention, 3}, {EmailNotificationsOnMention, 4}, {EmailNotificationsEnabled, 5}, {EmailNotificationsEnabled, 6}, {EmailNotificationsDisabled, 7}, {EmailNotificationsEnabled, 8}, {EmailNotificationsOnMention, 9}, } { user := AssertExistsAndLoadBean(t, &User{ID: test.userID}).(*User) assert.Equal(t, test.expected, user.EmailNotifications()) // Try all possible settings assert.NoError(t, user.SetEmailNotifications(EmailNotificationsEnabled)) assert.Equal(t, EmailNotificationsEnabled, user.EmailNotifications()) assert.NoError(t, user.SetEmailNotifications(EmailNotificationsOnMention)) assert.Equal(t, EmailNotificationsOnMention, user.EmailNotifications()) assert.NoError(t, user.SetEmailNotifications(EmailNotificationsDisabled)) assert.Equal(t, EmailNotificationsDisabled, user.EmailNotifications()) } } func TestHashPasswordDeterministic(t *testing.T) { b := make([]byte, 16) rand.Read(b) u := &User{Salt: string(b)} algos := []string{"argon2", "pbkdf2", "scrypt", "bcrypt"} for j := 0; j < len(algos); j++ { u.PasswdHashAlgo = algos[j] for i := 0; i < 50; i++ { // generate a random password rand.Read(b) pass := string(b) // save the current password in the user - hash it and store the result u.HashPassword(pass) r1 := u.Passwd // run again u.HashPassword(pass) r2 := u.Passwd // assert equal (given the same salt+pass, the same result is produced) except bcrypt if u.PasswdHashAlgo == "bcrypt" { assert.NotEqual(t, r1, r2) } else { assert.Equal(t, r1, r2) } } } } func BenchmarkHashPassword(b *testing.B) { // BenchmarkHashPassword ensures that it takes a reasonable amount of time // to hash a password - in order to protect from brute-force attacks. pass := "password1337" bs := make([]byte, 16) rand.Read(bs) u := &User{Salt: string(bs), Passwd: pass} b.ResetTimer() for i := 0; i < b.N; i++ { u.HashPassword(pass) } } func TestGetOrgRepositoryIDs(t *testing.T) { assert.NoError(t, PrepareTestDatabase()) user2 := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User) user4 := AssertExistsAndLoadBean(t, &User{ID: 4}).(*User) user5 := AssertExistsAndLoadBean(t, &User{ID: 5}).(*User) accessibleRepos, err := user2.GetOrgRepositoryIDs() assert.NoError(t, err) // User 2's team has access to private repos 3, 5, repo 32 is a public repo of the organization assert.Equal(t, []int64{3, 5, 23, 24, 32}, accessibleRepos) accessibleRepos, err = user4.GetOrgRepositoryIDs() assert.NoError(t, err) // User 4's team has access to private repo 3, repo 32 is a public repo of the organization assert.Equal(t, []int64{3, 32}, accessibleRepos) accessibleRepos, err = user5.GetOrgRepositoryIDs() assert.NoError(t, err) // User 5's team has no access to any repo assert.Len(t, accessibleRepos, 0) } func TestNewGitSig(t *testing.T) { users := make([]*User, 0, 20) sess := x.NewSession() defer sess.Close() sess.Find(&users) for _, user := range users { sig := user.NewGitSig() assert.NotContains(t, sig.Name, "<") assert.NotContains(t, sig.Name, ">") assert.NotContains(t, sig.Name, "\n") assert.NotEqual(t, len(strings.TrimSpace(sig.Name)), 0) } } func TestDisplayName(t *testing.T) { users := make([]*User, 0, 20) sess := x.NewSession() defer sess.Close() sess.Find(&users) for _, user := range users { displayName := user.DisplayName() assert.Equal(t, strings.TrimSpace(displayName), displayName) if len(strings.TrimSpace(user.FullName)) == 0 { assert.Equal(t, user.Name, displayName) } assert.NotEqual(t, len(strings.TrimSpace(displayName)), 0) } } func TestCreateUser(t *testing.T) { user := &User{ Name: "GiteaBot", Email: "GiteaBot@gitea.io", Passwd: ";p['////..-++']", IsAdmin: false, Theme: setting.UI.DefaultTheme, MustChangePassword: false, } assert.NoError(t, CreateUser(user)) assert.NoError(t, DeleteUser(user)) } func TestCreateUser_Issue5882(t *testing.T) { // Init settings _ = setting.Admin passwd := ".//.;1;;//.,-=_" tt := []struct { user *User disableOrgCreation bool }{ {&User{Name: "GiteaBot", Email: "GiteaBot@gitea.io", Passwd: passwd, MustChangePassword: false}, false}, {&User{Name: "GiteaBot2", Email: "GiteaBot2@gitea.io", Passwd: passwd, MustChangePassword: false}, true}, } setting.Service.DefaultAllowCreateOrganization = true for _, v := range tt { setting.Admin.DisableRegularOrgCreation = v.disableOrgCreation assert.NoError(t, CreateUser(v.user)) u, err := GetUserByEmail(v.user.Email) assert.NoError(t, err) assert.Equal(t, !u.AllowCreateOrganization, v.disableOrgCreation) assert.NoError(t, DeleteUser(v.user)) } } func TestGetUserIDsByNames(t *testing.T) { //ignore non existing IDs, err := GetUserIDsByNames([]string{"user1", "user2", "none_existing_user"}, true) assert.NoError(t, err) assert.Equal(t, []int64{1, 2}, IDs) //ignore non existing IDs, err = GetUserIDsByNames([]string{"user1", "do_not_exist"}, false) assert.Error(t, err) assert.Equal(t, []int64(nil), IDs) } func TestGetMaileableUsersByIDs(t *testing.T) { results, err := GetMaileableUsersByIDs([]int64{1, 4}, false) assert.NoError(t, err) assert.Equal(t, 1, len(results)) if len(results) > 1 { assert.Equal(t, results[0].ID, 1) } results, err = GetMaileableUsersByIDs([]int64{1, 4}, true) assert.NoError(t, err) assert.Equal(t, 2, len(results)) if len(results) > 2 { assert.Equal(t, results[0].ID, 1) assert.Equal(t, results[1].ID, 4) } }