oppi.li / perf-test
loading up the forgejo repo on tangled to test page performance
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix: listing tokens must not require basic auth (#6633)

When the change is reverted, the test fails as follows:

```sh
=== TestAPIGetTokens (tests/integration/api_token_test.go:34)
--- FAIL: TestAPIGetTokens (0.17s)
testlogger.go:405: 2025/01/20 14:05:22 ...les/storage/local.go:33:NewLocalStorage() [I] Creating new Local Storage at /home/earl-warren/software/forgejo/tests/gitea-lfs-meta
testlogger.go:405: 2025/01/20 14:05:22 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/v1/users/user2/tokens for test-mock:12345, 200 OK in 2.5ms @ user/app.go:24(user.ListAccessTokens)
testlogger.go:405: 2025/01/20 14:05:22 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/v1/users/user1/tokens for test-mock:12345, 201 Created in 4.7ms @ user/app.go:75(user.CreateAccessToken)
testlogger.go:405: 2025/01/20 14:05:22 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/v1/users/user2/tokens for test-mock:12345, 401 Unauthorized in 4.9ms @ v1/api.go:413(v1.Routes.func2.5.1.reqBasicOrRevProxyAuth.6)
api_token_test.go:46:
Error Trace: /home/earl-warren/software/forgejo/tests/integration/integration_test.go:556
/home/earl-warren/software/forgejo/tests/integration/api_token_test.go:46
Error: Not equal:
expected: 200
actual : 401
Test: TestAPIGetTokens
Messages: Request: GET /api/v1/users/user2/tokens
api_token_test.go:46: Response: {"message":"auth required","url":"http://localhost:3003/api/swagger"}

testlogger.go:405: 2025/01/20 14:05:22 ...eb/routing/logger.go:102:func1() [I] router: completed DELETE /api/v1/users/user1/tokens/94 for test-mock:12345, 204 No Content in 1.4ms @ user/app.go:145(user.DeleteAccessToken)
```

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/6633): <!--number 6633 --><!--line 0 --><!--description bGlzdGluZyB0b2tlbnMgbXVzdCBub3QgcmVxdWlyZSBiYXNpYyBhdXRo-->listing tokens must not require basic auth<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6633
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>

authored by

Earl Warren
Earl Warren and committed by
Earl Warren 8a9da6ab 966b845e

+20 -3
+3 -3
routers/api/v1/api.go
··· 908 908 m.Get("/repos", tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository), reqExploreSignIn(), user.ListUserRepos) 909 909 m.Group("/tokens", func() { 910 910 m.Combo("").Get(user.ListAccessTokens). 911 - Post(bind(api.CreateAccessTokenOption{}), reqToken(), user.CreateAccessToken) 912 - m.Combo("/{id}").Delete(reqToken(), user.DeleteAccessToken) 913 - }, reqSelfOrAdmin(), reqBasicOrRevProxyAuth()) 911 + Post(bind(api.CreateAccessTokenOption{}), reqBasicOrRevProxyAuth(), reqToken(), user.CreateAccessToken) 912 + m.Combo("/{id}").Delete(reqBasicOrRevProxyAuth(), reqToken(), user.DeleteAccessToken) 913 + }, reqSelfOrAdmin()) 914 914 915 915 m.Get("/activities/feeds", user.ListUserActivityFeeds) 916 916 }, context.UserAssignmentAPI(), checkTokenPublicOnly(), individualPermsChecker)
+17
tests/integration/api_token_test.go
··· 30 30 deleteAPIAccessToken(t, newAccessToken, user) 31 31 } 32 32 33 + func TestAPIGetTokens(t *testing.T) { 34 + defer tests.PrepareTestEnv(t)() 35 + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) 36 + 37 + // with basic auth... 38 + req := NewRequest(t, "GET", "/api/v1/users/user2/tokens"). 39 + AddBasicAuth(user.Name) 40 + MakeRequest(t, req, http.StatusOK) 41 + 42 + // ... or with a token. 43 + newAccessToken := createAPIAccessTokenWithoutCleanUp(t, "test-key-1", user, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll}) 44 + req = NewRequest(t, "GET", "/api/v1/users/user2/tokens"). 45 + AddTokenAuth(newAccessToken.Token) 46 + MakeRequest(t, req, http.StatusOK) 47 + deleteAPIAccessToken(t, newAccessToken, user) 48 + } 49 + 33 50 // TestAPIDeleteMissingToken ensures that error is thrown when token not found 34 51 func TestAPIDeleteMissingToken(t *testing.T) { 35 52 defer tests.PrepareTestEnv(t)()