mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-27 00:23:41 +09:00 
			
		
		
		
	Improve "generate new access token" form (#33730)
Fix: https://github.com/go-gitea/gitea/issues/33519 As discussed in [PR #33614](https://github.com/go-gitea/gitea/pull/33614), the ScopedAccessTokenSelector Vue component is not particularly useful. This PR removes the component and reverts to using HTML templates. It also introduces some (hopefully) useful refactoring. The Vue component was causing the UX bug reported in the linked issue. Required form fields are now properly working, as expected (see screenshot).  --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
		| @@ -76,7 +76,7 @@ func TestAPIAdminOrgCreateNotAdmin(t *testing.T) { | ||||
| 	defer tests.PrepareTestEnv(t)() | ||||
| 	nonAdminUsername := "user2" | ||||
| 	session := loginUser(t, nonAdminUsername) | ||||
| 	token := getTokenForLoggedInUser(t, session) | ||||
| 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeAll) | ||||
| 	org := api.CreateOrgOption{ | ||||
| 		UserName:    "user2_org", | ||||
| 		FullName:    "User2's organization", | ||||
|   | ||||
| @@ -76,7 +76,7 @@ func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) { | ||||
| 	var newPublicKey api.PublicKey | ||||
| 	DecodeJSON(t, resp, &newPublicKey) | ||||
|  | ||||
| 	token = getUserToken(t, normalUsername) | ||||
| 	token = getUserToken(t, normalUsername, auth_model.AccessTokenScopeAll) | ||||
| 	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d", adminUsername, newPublicKey.ID). | ||||
| 		AddTokenAuth(token) | ||||
| 	MakeRequest(t, req, http.StatusForbidden) | ||||
| @@ -139,7 +139,7 @@ func TestAPIListUsersNotLoggedIn(t *testing.T) { | ||||
| func TestAPIListUsersNonAdmin(t *testing.T) { | ||||
| 	defer tests.PrepareTestEnv(t)() | ||||
| 	nonAdminUsername := "user2" | ||||
| 	token := getUserToken(t, nonAdminUsername) | ||||
| 	token := getUserToken(t, nonAdminUsername, auth_model.AccessTokenScopeAll) | ||||
| 	req := NewRequest(t, "GET", "/api/v1/admin/users"). | ||||
| 		AddTokenAuth(token) | ||||
| 	MakeRequest(t, req, http.StatusForbidden) | ||||
|   | ||||
| @@ -33,6 +33,10 @@ type APITestContext struct { | ||||
|  | ||||
| func NewAPITestContext(t *testing.T, username, reponame string, scope ...auth.AccessTokenScope) APITestContext { | ||||
| 	session := loginUser(t, username) | ||||
| 	if len(scope) == 0 { | ||||
| 		// FIXME: legacy logic: no scope means all | ||||
| 		scope = []auth.AccessTokenScope{auth.AccessTokenScopeAll} | ||||
| 	} | ||||
| 	token := getTokenForLoggedInUser(t, session, scope...) | ||||
| 	return APITestContext{ | ||||
| 		Session:  session, | ||||
|   | ||||
| @@ -72,7 +72,7 @@ func TestAPIReposGitBlobs(t *testing.T) { | ||||
|  | ||||
| 	// Login as User4. | ||||
| 	session = loginUser(t, user4.Name) | ||||
| 	token4 := getTokenForLoggedInUser(t, session) | ||||
| 	token4 := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeAll) | ||||
|  | ||||
| 	// Test using org repo "org3/repo3" where user4 is a NOT collaborator | ||||
| 	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/d56a3073c1dbb7b15963110a049d50cdb5db99fc?access=%s", org3.Name, repo3.Name, token4) | ||||
|   | ||||
| @@ -69,7 +69,7 @@ func TestAPIReposGitTrees(t *testing.T) { | ||||
|  | ||||
| 	// Login as User4. | ||||
| 	session = loginUser(t, user4.Name) | ||||
| 	token4 := getTokenForLoggedInUser(t, session) | ||||
| 	token4 := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeAll) | ||||
|  | ||||
| 	// Test using org repo "org3/repo3" where user4 is a NOT collaborator | ||||
| 	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/d56a3073c1dbb7b15963110a049d50cdb5db99fc?access=%s", org3.Name, repo3.Name, token4) | ||||
|   | ||||
| @@ -249,55 +249,19 @@ func loginUserWithPassword(t testing.TB, userName, password string) *TestSession | ||||
| // token has to be unique this counter take care of | ||||
| var tokenCounter int64 | ||||
|  | ||||
| // getTokenForLoggedInUser returns a token for a logged in user. | ||||
| // The scope is an optional list of snake_case strings like the frontend form fields, | ||||
| // but without the "scope_" prefix. | ||||
| // getTokenForLoggedInUser returns a token for a logged-in user. | ||||
| func getTokenForLoggedInUser(t testing.TB, session *TestSession, scopes ...auth.AccessTokenScope) string { | ||||
| 	t.Helper() | ||||
| 	var token string | ||||
| 	req := NewRequest(t, "GET", "/user/settings/applications") | ||||
| 	resp := session.MakeRequest(t, req, http.StatusOK) | ||||
| 	var csrf string | ||||
| 	for _, cookie := range resp.Result().Cookies() { | ||||
| 		if cookie.Name != "_csrf" { | ||||
| 			continue | ||||
| 		} | ||||
| 		csrf = cookie.Value | ||||
| 		break | ||||
| 	} | ||||
| 	if csrf == "" { | ||||
| 		doc := NewHTMLParser(t, resp.Body) | ||||
| 		csrf = doc.GetCSRF() | ||||
| 	} | ||||
| 	assert.NotEmpty(t, csrf) | ||||
| 	urlValues := url.Values{} | ||||
| 	urlValues.Add("_csrf", csrf) | ||||
| 	urlValues.Add("_csrf", GetUserCSRFToken(t, session)) | ||||
| 	urlValues.Add("name", fmt.Sprintf("api-testing-token-%d", atomic.AddInt64(&tokenCounter, 1))) | ||||
| 	for _, scope := range scopes { | ||||
| 		urlValues.Add("scope", string(scope)) | ||||
| 		urlValues.Add("scope-dummy", string(scope)) // it only needs to start with "scope-" to be accepted | ||||
| 	} | ||||
| 	req = NewRequestWithURLValues(t, "POST", "/user/settings/applications", urlValues) | ||||
| 	resp = session.MakeRequest(t, req, http.StatusSeeOther) | ||||
|  | ||||
| 	// Log the flash values on failure | ||||
| 	if !assert.Equal(t, []string{"/user/settings/applications"}, resp.Result().Header["Location"]) { | ||||
| 		for _, cookie := range resp.Result().Cookies() { | ||||
| 			if cookie.Name != gitea_context.CookieNameFlash { | ||||
| 				continue | ||||
| 			} | ||||
| 			flash, _ := url.ParseQuery(cookie.Value) | ||||
| 			for key, value := range flash { | ||||
| 				t.Logf("Flash %q: %q", key, value) | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	req = NewRequest(t, "GET", "/user/settings/applications") | ||||
| 	resp = session.MakeRequest(t, req, http.StatusOK) | ||||
| 	htmlDoc := NewHTMLParser(t, resp.Body) | ||||
| 	token = htmlDoc.doc.Find(".ui.info p").Text() | ||||
| 	assert.NotEmpty(t, token) | ||||
| 	return token | ||||
| 	req := NewRequestWithURLValues(t, "POST", "/user/settings/applications", urlValues) | ||||
| 	session.MakeRequest(t, req, http.StatusSeeOther) | ||||
| 	flashes := session.GetCookieFlashMessage() | ||||
| 	return flashes.InfoMsg | ||||
| } | ||||
|  | ||||
| type RequestWrapper struct { | ||||
|   | ||||
		Reference in New Issue
	
	Block a user