public/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-05-06 04:01:05 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
762154cbd793823aed438d72fbd82f31658f47bb
gitea/tests/integration/api_user_search_test.go
Myers Carpenter 9e031eb3df Serve OpenAPI 3.0 spec at /openapi.v1.json (#37038) 
Add a build-time conversion step that transforms the existing Swagger
2.0 spec into an OpenAPI 3.0 spec. The OAS3 spec is served alongside the
existing Swagger 2.0 spec, enabling API clients that require OAS3 to
generate code directly from Gitea's API.

This is not to be an answer to how gitea handles OAS3 long term,
but a way to use what we have to move a step forward.

---------

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-04-29 20:47:52 +08:00

154 lines
4.9 KiB
Go
Raw Blame History

// Copyright 2019 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package integration
import (
"net/http"
"testing"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/assert"
)
type SearchResults struct {
OK bool `json:"ok"`
Data []*api.User `json:"data"`
}
func TestAPIUserSearchLoggedIn(t *testing.T) {
defer tests.PrepareTestEnv(t)()
adminUsername := "user1"
session := loginUser(t, adminUsername)
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
query := "user2"
req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query).
AddTokenAuth(token)
resp := MakeRequest(t, req, http.StatusOK)
results := DecodeJSON(t, resp, &SearchResults{})
assert.NotEmpty(t, results.Data)
for _, user := range results.Data {
assert.Contains(t, user.UserName, query)
assert.NotEmpty(t, user.Email)
}
publicToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopePublicOnly)
req = NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query).
AddTokenAuth(publicToken)
resp = MakeRequest(t, req, http.StatusOK)
results = DecodeJSON(t, resp, &SearchResults{})
assert.NotEmpty(t, results.Data)
for _, user := range results.Data {
assert.Contains(t, user.UserName, query)
assert.NotEmpty(t, user.Email)
assert.Equal(t, api.UserVisibilityPublic, user.Visibility)
}
}
func TestAPIUserSearchNotLoggedIn(t *testing.T) {
defer tests.PrepareTestEnv(t)()
query := "user2"
req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query)
resp := MakeRequest(t, req, http.StatusOK)
results := DecodeJSON(t, resp, &SearchResults{})
assert.NotEmpty(t, results.Data)
var modelUser *user_model.User
for _, user := range results.Data {
assert.Contains(t, user.UserName, query)
modelUser = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: user.ID})
assert.Equal(t, modelUser.GetPlaceholderEmail(), user.Email)
}
}
func TestAPIUserSearchSystemUsers(t *testing.T) {
defer tests.PrepareTestEnv(t)()
for _, systemUser := range []*user_model.User{
user_model.NewGhostUser(),
user_model.NewActionsUser(),
} {
t.Run(systemUser.Name, func(t *testing.T) {
req := NewRequestf(t, "GET", "/api/v1/users/search?uid=%d", systemUser.ID)
resp := MakeRequest(t, req, http.StatusOK)
results := DecodeJSON(t, resp, &SearchResults{})
assert.NotEmpty(t, results.Data)
if assert.Len(t, results.Data, 1) {
user := results.Data[0]
assert.Equal(t, user.UserName, systemUser.Name)
assert.Equal(t, user.ID, systemUser.ID)
}
})
}
}
func TestAPIUserSearchAdminLoggedInUserHidden(t *testing.T) {
defer tests.PrepareTestEnv(t)()
adminUsername := "user1"
session := loginUser(t, adminUsername)
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
query := "user31"
req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query).
AddTokenAuth(token)
resp := MakeRequest(t, req, http.StatusOK)
results := DecodeJSON(t, resp, &SearchResults{})
assert.NotEmpty(t, results.Data)
for _, user := range results.Data {
assert.Contains(t, user.UserName, query)
assert.NotEmpty(t, user.Email)
assert.Equal(t, api.UserVisibilityPrivate, user.Visibility)
}
}
func TestAPIUserSearchNotLoggedInUserHidden(t *testing.T) {
defer tests.PrepareTestEnv(t)()
query := "user31"
req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query)
resp := MakeRequest(t, req, http.StatusOK)
results := DecodeJSON(t, resp, &SearchResults{})
assert.Empty(t, results.Data)
}
func TestAPIUserSearchByEmail(t *testing.T) {
defer tests.PrepareTestEnv(t)()
// admin can search user with private email
adminUsername := "user1"
session := loginUser(t, adminUsername)
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
query := "user2@example.com"
req := NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query).
AddTokenAuth(token)
resp := MakeRequest(t, req, http.StatusOK)
results := DecodeJSON(t, resp, &SearchResults{})
assert.Len(t, results.Data, 1)
assert.Equal(t, query, results.Data[0].Email)
// no login user can not search user with private email
req = NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query)
resp = MakeRequest(t, req, http.StatusOK)
results = DecodeJSON(t, resp, &SearchResults{})
assert.Empty(t, results.Data)
// user can search self with private email
user2 := "user2"
session = loginUser(t, user2)
token = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
req = NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query).
AddTokenAuth(token)
resp = MakeRequest(t, req, http.StatusOK)
results = DecodeJSON(t, resp, &SearchResults{})
assert.Len(t, results.Data, 1)
assert.Equal(t, query, results.Data[0].Email)
}
Reference in New Issue View Git Blame Copy Permalink