API: enforce sha requirement on POST /repos/{owner}/{repo}/contents (#8139)

Currently the `POST /repos/{owner}/{repo}/contents` API endpoint accepts request without any `ChangeFileOperation.SHA`, unlike stated by the doc: 33eee199cf/modules/structs/repo_file.go (L80-L81) This PR adds: - some more (already passing) tests around this function - a new (failing) test to show this wrong behavior - a fix (note that this is a breaking change for clients exploiting this bug) - an update for all the existing tests  ## Release notes  - Breaking bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/8139): API: enforce sha requirement on `POST /repos/{owner}/{repo}/contents`  Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8139 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>
2025-06-25 18:40:51 +00:00 · 2025-06-12 00:13:39 +02:00 · 2025-06-12 00:13:39 +02:00 · c93eb1f927
commit c93eb1f927
parent d3bc095d0c
13 changed files with 170 additions and 86 deletions
--- a/tests/integration/repofiles_change_test.go
+++ b/tests/integration/repofiles_change_test.go
@ -294,6 +294,30 @@ func TestChangeRepoFiles(t *testing.T) {
 			assert.Equal(t, expectedFileResponse.Commit.Author.Name, filesResponse.Commit.Author.Name)
 		})

+		t.Run("Update with commit ID (without blob sha)", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			opts := getUpdateRepoFilesOptions(repo)
+
+			commit, err := gitRepo.GetBranchCommit(opts.NewBranch)
+			require.NoError(t, err)
+
+			opts.Files[0].SHA = ""
+			opts.LastCommitID = commit.ID.String()
+			filesResponse, err := files_service.ChangeRepoFiles(git.DefaultContext, repo, doer, opts)
+			require.NoError(t, err)
+
+			commit, err = gitRepo.GetBranchCommit(opts.NewBranch)
+			require.NoError(t, err)
+			lastCommit, err := commit.GetCommitByPath(opts.Files[0].TreePath)
+			require.NoError(t, err)
+			expectedFileResponse := getExpectedFileResponseForRepofilesUpdate(commit.ID.String(), opts.Files[0].TreePath, lastCommit.ID.String(), lastCommit.Committer.When)
+			assert.Equal(t, expectedFileResponse.Content, filesResponse.Files[0])
+			assert.Equal(t, expectedFileResponse.Commit.SHA, filesResponse.Commit.SHA)
+			assert.Equal(t, expectedFileResponse.Commit.HTMLURL, filesResponse.Commit.HTMLURL)
+			assert.Equal(t, expectedFileResponse.Commit.Author.Email, filesResponse.Commit.Author.Email)
+			assert.Equal(t, expectedFileResponse.Commit.Author.Name, filesResponse.Commit.Author.Name)
+		})
+
 		t.Run("Update and move", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			opts := getUpdateRepoFilesOptions(repo)
@ -415,6 +439,26 @@ func TestChangeRepoFilesErrors(t *testing.T) {
 			assert.EqualError(t, err, expectedError)
 		})

+		t.Run("missing SHA", func(t *testing.T) {
+			opts := getUpdateRepoFilesOptions(repo)
+			opts.Files[0].SHA = ""
+			filesResponse, err := files_service.ChangeRepoFiles(git.DefaultContext, repo, doer, opts)
+			assert.Nil(t, filesResponse)
+			require.Error(t, err)
+			expectedError := "a SHA or commit ID must be provided when updating a file"
+			assert.EqualError(t, err, expectedError)
+		})
+
+		t.Run("bad last commit ID", func(t *testing.T) {
+			opts := getUpdateRepoFilesOptions(repo)
+			opts.LastCommitID = "bad"
+			filesResponse, err := files_service.ChangeRepoFiles(git.DefaultContext, repo, doer, opts)
+			assert.Nil(t, filesResponse)
+			require.Error(t, err)
+			expectedError := "ConvertToSHA1: Invalid last commit ID: object does not exist [id: bad, rel_path: ]"
+			assert.EqualError(t, err, expectedError)
+		})
+
 		t.Run("new branch already exists", func(t *testing.T) {
 			opts := getUpdateRepoFilesOptions(repo)
 			opts.NewBranch = "develop"