luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-05-31 20:02:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Remove dependent on session auth for api/v1 routers (#19321)

Browse source 
* Remove dependent on session auth for api/v1 routers

* Remove unnecessary session on API context

* remove missed header

* fix test

* fix missed api/v1
This commit is contained in:
Lunny Xiao 2022-04-08 12:22:10 +08:00 committed by GitHub
parent 75f8534c3a
commit 3c3d49899f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
22 changed files with 219 additions and 161 deletions
Download patch file Download diff file Expand all files Collapse all files

17
integrations/api_team_test.go
View file

@ -224,11 +224,9 @@ func TestAPITeamSearch(t *testing.T) {
var results TeamSearchResults
session := loginUser(t, user.Name)
csrf := GetCSRF(t, session, "/"+org.Name)
req := NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s", org.Name, "_team")
req.Header.Add("X-Csrf-Token", csrf)
resp := session.MakeRequest(t, req, http.StatusOK)
token := getUserToken(t, user.Name)
req := NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s&token=%s", org.Name, "_team", token)
resp := MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &results)
assert.NotEmpty(t, results.Data)
assert.Len(t, results.Data, 1)
@ -236,9 +234,8 @@ func TestAPITeamSearch(t *testing.T) {
// no access if not organization member
user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}).(*user_model.User)
session = loginUser(t, user5.Name)
csrf = GetCSRF(t, session, "/"+org.Name)
req = NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s", org.Name, "team")
req.Header.Add("X-Csrf-Token", csrf)
session.MakeRequest(t, req, http.StatusForbidden)
token5 := getUserToken(t, user5.Name)
req = NewRequestf(t, "GET", "/api/v1/orgs/%s/teams/search?q=%s&token=%s", org.Name, "team", token5)
MakeRequest(t, req, http.StatusForbidden)
}