mirror of
https://github.com/go-gitea/gitea.git
synced 2025-11-25 21:02:34 +01:00
62d750eadb
Permission & protection check:
- Fix Delete Release permission check
- Fix Update Pull Request with rebase branch protection check
- Fix Issue Dependency permission check
- Fix Delete Comment History ID check
Information leaking:
- Show unified message for non-existing user and invalid password
- Fix #35984
- Don't expose release draft to non-writer users.
- Make API returns signature's email address instead of the user
profile's.
Auth & Login:
- Avoid GCM OAuth2 attempt when OAuth2 is disabled
- Fix #35510
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
33 lines
1.1 KiB
Go
33 lines
1.1 KiB
Go
// Copyright 2025 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package integration
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
"code.gitea.io/gitea/tests"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestAPIAuth(t *testing.T) {
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
req := NewRequestf(t, "GET", "/api/v1/user").AddBasicAuth("user2")
|
|
MakeRequest(t, req, http.StatusOK)
|
|
|
|
req = NewRequestf(t, "GET", "/api/v1/user").AddBasicAuth("user2", "wrong-password")
|
|
resp := MakeRequest(t, req, http.StatusUnauthorized)
|
|
assert.Contains(t, resp.Body.String(), `{"message":"invalid username, password or token"`)
|
|
|
|
req = NewRequestf(t, "GET", "/api/v1/user").AddBasicAuth("user-not-exist")
|
|
resp = MakeRequest(t, req, http.StatusUnauthorized)
|
|
assert.Contains(t, resp.Body.String(), `{"message":"invalid username, password or token"`)
|
|
|
|
req = NewRequestf(t, "GET", "/api/v1/users/user2/repos").AddTokenAuth("Bearer wrong_token")
|
|
resp = MakeRequest(t, req, http.StatusUnauthorized)
|
|
assert.Contains(t, resp.Body.String(), `{"message":"invalid username, password or token"`)
|
|
}
|