From f8da6723075d4be836fe732706a07fc5c2504c7e Mon Sep 17 00:00:00 2001
From: Gergely Nagy <forgejo@gergo.csillger.hu>
Date: Fri, 9 Feb 2024 15:57:08 +0100
Subject: [PATCH] [FEAT]: Allow forking without a repo ID

Forking a repository via the web UI currently requires visiting a
`/repo/fork/{{repoid}}` URL. This makes it cumbersome to create a link
that starts a fork, because the repository ID is only available via the
API. While it *is* possible to create a link, doing so requires extra
steps.

To make it easier to have a "Fork me!"-style links, introduce the
`/{username}/{repo}/fork` route, which will start the forking process
based on the repository in context instead.

The old `/repo/fork/{repoid}` route (with a `GET` request) will remain
there for the sake of backwards compatibility, but will redirect to the
new URL instead. It's `POST` handler is removed.

Tests that used the old route are updated to use the new one, and new
tests are introduced to exercise the redirect.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
---
 routers/web/repo/pull.go            |  38 ++++----
 routers/web/web.go                  |   7 +-
 templates/repo/header.tmpl          |   4 +-
 tests/integration/repo_fork_test.go | 129 ++++++++++++++++++++++------
 4 files changed, 130 insertions(+), 48 deletions(-)

diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index 7830c17ced..33aab4e2ce 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -115,21 +115,21 @@ func getRepository(ctx *context.Context, repoID int64) *repo_model.Repository {
 	return repo
 }
 
-func getForkRepository(ctx *context.Context) *repo_model.Repository {
-	forkRepo := getRepository(ctx, ctx.ParamsInt64(":repoid"))
-	if ctx.Written() {
-		return nil
+func updateForkRepositoryInContext(ctx *context.Context, forkRepo *repo_model.Repository) bool {
+	if forkRepo == nil {
+		ctx.NotFound("No repository in context", nil)
+		return false
 	}
 
 	if forkRepo.IsEmpty {
 		log.Trace("Empty repository %-v", forkRepo)
-		ctx.NotFound("getForkRepository", nil)
-		return nil
+		ctx.NotFound("updateForkRepositoryInContext", nil)
+		return false
 	}
 
 	if err := forkRepo.LoadOwner(ctx); err != nil {
 		ctx.ServerError("LoadOwner", err)
-		return nil
+		return false
 	}
 
 	ctx.Data["repo_name"] = forkRepo.Name
@@ -142,7 +142,7 @@ func getForkRepository(ctx *context.Context) *repo_model.Repository {
 	ownedOrgs, err := organization.GetOrgsCanCreateRepoByUserID(ctx, ctx.Doer.ID)
 	if err != nil {
 		ctx.ServerError("GetOrgsCanCreateRepoByUserID", err)
-		return nil
+		return false
 	}
 	var orgs []*organization.Organization
 	for _, org := range ownedOrgs {
@@ -170,7 +170,7 @@ func getForkRepository(ctx *context.Context) *repo_model.Repository {
 		traverseParentRepo, err = repo_model.GetRepositoryByID(ctx, traverseParentRepo.ForkID)
 		if err != nil {
 			ctx.ServerError("GetRepositoryByID", err)
-			return nil
+			return false
 		}
 	}
 
@@ -184,7 +184,7 @@ func getForkRepository(ctx *context.Context) *repo_model.Repository {
 	} else {
 		ctx.Data["CanForkRepo"] = false
 		ctx.Flash.Error(ctx.Tr("repo.fork_no_valid_owners"), true)
-		return nil
+		return false
 	}
 
 	branches, err := git_model.FindBranchNames(ctx, git_model.FindBranchOptions{
@@ -198,14 +198,19 @@ func getForkRepository(ctx *context.Context) *repo_model.Repository {
 	})
 	if err != nil {
 		ctx.ServerError("FindBranchNames", err)
-		return nil
+		return false
 	}
 	ctx.Data["Branches"] = append([]string{ctx.Repo.Repository.DefaultBranch}, branches...)
 
-	return forkRepo
+	return true
 }
 
-// Fork render repository fork page
+// ForkByID redirects (with 301 Moved Permanently) to the repository's `/fork` page
+func ForkByID(ctx *context.Context) {
+	ctx.Redirect(ctx.Repo.Repository.Link()+"/fork", http.StatusMovedPermanently)
+}
+
+// Fork renders the repository fork page
 func Fork(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("new_fork")
 
@@ -217,8 +222,7 @@ func Fork(ctx *context.Context) {
 		ctx.Flash.Error(msg, true)
 	}
 
-	getForkRepository(ctx)
-	if ctx.Written() {
+	if !updateForkRepositoryInContext(ctx, ctx.Repo.Repository) {
 		return
 	}
 
@@ -236,8 +240,8 @@ func ForkPost(ctx *context.Context) {
 		return
 	}
 
-	forkRepo := getForkRepository(ctx)
-	if ctx.Written() {
+	forkRepo := ctx.Repo.Repository
+	if !updateForkRepositoryInContext(ctx, forkRepo) {
 		return
 	}
 
diff --git a/routers/web/web.go b/routers/web/web.go
index 1744ddb83a..a89d1aa3c3 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -967,10 +967,7 @@ func registerRoutes(m *web.Route) {
 		m.Post("/create", web.Bind(forms.CreateRepoForm{}), repo.CreatePost)
 		m.Get("/migrate", repo.Migrate)
 		m.Post("/migrate", web.Bind(forms.MigrateRepoForm{}), repo.MigratePost)
-		m.Group("/fork", func() {
-			m.Combo("/{repoid}").Get(repo.Fork).
-				Post(web.Bind(forms.CreateRepoForm{}), repo.ForkPost)
-		}, context.RepoIDAssignment(), context.UnitTypes(), reqRepoCodeReader)
+		m.Get("/fork/{repoid}", context.RepoIDAssignment(), context.UnitTypes(), reqRepoCodeReader, repo.ForkByID)
 		m.Get("/search", repo.SearchRepo)
 	}, reqSignIn)
 
@@ -1148,6 +1145,8 @@ func registerRoutes(m *web.Route) {
 
 	// Grouping for those endpoints that do require authentication
 	m.Group("/{username}/{reponame}", func() {
+		m.Combo("/fork", reqRepoCodeReader).Get(repo.Fork).
+			Post(web.Bind(forms.CreateRepoForm{}), repo.ForkPost)
 		m.Group("/issues", func() {
 			m.Group("/new", func() {
 				m.Combo("").Get(context.RepoRef(), repo.NewIssue).
diff --git a/templates/repo/header.tmpl b/templates/repo/header.tmpl
index ef3e40eea8..3e29f1f29e 100644
--- a/templates/repo/header.tmpl
+++ b/templates/repo/header.tmpl
@@ -82,7 +82,7 @@
 									{{/*else is not required here, because the button shouldn't link to any site if you can't create a fork*/}}
 									{{end}}
 								{{else if not $.UserAndOrgForks}}
-									href="{{AppSubUrl}}/repo/fork/{{.ID}}"
+									href="{{$.RepoLink}}/fork"
 								{{else}}
 									data-modal="#fork-repo-modal"
 								{{end}}
@@ -103,7 +103,7 @@
 									</div>
 									{{if $.CanSignedUserFork}}
 									<div class="divider"></div>
-									<a href="{{AppSubUrl}}/repo/fork/{{.ID}}">{{ctx.Locale.Tr "repo.fork_to_different_account"}}</a>
+									<a href="{{$.RepoLink}}/fork">{{ctx.Locale.Tr "repo.fork_to_different_account"}}</a>
 									{{end}}
 								</div>
 							</div>
diff --git a/tests/integration/repo_fork_test.go b/tests/integration/repo_fork_test.go
index 594fba6796..c6e3fed7a9 100644
--- a/tests/integration/repo_fork_test.go
+++ b/tests/integration/repo_fork_test.go
@@ -7,36 +7,36 @@ import (
 	"fmt"
 	"net/http"
 	"net/http/httptest"
+	"net/url"
 	"testing"
 
+	"code.gitea.io/gitea/models/db"
+	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+	repo_service "code.gitea.io/gitea/services/repository"
 	"code.gitea.io/gitea/tests"
 
 	"github.com/stretchr/testify/assert"
 )
 
 func testRepoFork(t *testing.T, session *TestSession, ownerName, repoName, forkOwnerName, forkRepoName string) *httptest.ResponseRecorder {
+	t.Helper()
+
 	forkOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: forkOwnerName})
 
 	// Step0: check the existence of the to-fork repo
 	req := NewRequestf(t, "GET", "/%s/%s", forkOwnerName, forkRepoName)
 	session.MakeRequest(t, req, http.StatusNotFound)
 
-	// Step1: go to the main page of repo
-	req = NewRequestf(t, "GET", "/%s/%s", ownerName, repoName)
+	// Step1: visit the /fork page
+	forkURL := fmt.Sprintf("/%s/%s/fork", ownerName, repoName)
+	req = NewRequest(t, "GET", forkURL)
 	resp := session.MakeRequest(t, req, http.StatusOK)
 
-	// Step2: click the fork button
+	// Step2: fill the form of the forking
 	htmlDoc := NewHTMLParser(t, resp.Body)
-	link, exists := htmlDoc.doc.Find("a.ui.button[href^=\"/repo/fork/\"]").Attr("href")
-	assert.True(t, exists, "The template has changed")
-	req = NewRequest(t, "GET", link)
-	resp = session.MakeRequest(t, req, http.StatusOK)
-
-	// Step3: fill the form of the forking
-	htmlDoc = NewHTMLParser(t, resp.Body)
-	link, exists = htmlDoc.doc.Find("form.ui.form[action^=\"/repo/fork/\"]").Attr("action")
+	link, exists := htmlDoc.doc.Find(fmt.Sprintf("form.ui.form[action=\"%s\"]", forkURL)).Attr("action")
 	assert.True(t, exists, "The template has changed")
 	_, exists = htmlDoc.doc.Find(fmt.Sprintf(".owner.dropdown .item[data-value=\"%d\"]", forkOwner.ID)).Attr("data-value")
 	assert.True(t, exists, fmt.Sprintf("Fork owner '%s' is not present in select box", forkOwnerName))
@@ -47,29 +47,108 @@ func testRepoFork(t *testing.T, session *TestSession, ownerName, repoName, forkO
 	})
 	session.MakeRequest(t, req, http.StatusSeeOther)
 
-	// Step4: check the existence of the forked repo
+	// Step3: check the existence of the forked repo
 	req = NewRequestf(t, "GET", "/%s/%s", forkOwnerName, forkRepoName)
 	resp = session.MakeRequest(t, req, http.StatusOK)
 
 	return resp
 }
 
+func testRepoForkLegacyRedirect(t *testing.T, session *TestSession, ownerName, repoName string) {
+	t.Helper()
+
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: ownerName})
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerID: owner.ID, Name: repoName})
+
+	// Visit the /repo/fork/:id url
+	req := NewRequestf(t, "GET", "/repo/fork/%d", repo.ID)
+	resp := session.MakeRequest(t, req, http.StatusMovedPermanently)
+
+	assert.Equal(t, repo.Link()+"/fork", resp.Header().Get("Location"))
+}
+
 func TestRepoFork(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-	session := loginUser(t, "user1")
-	testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user5"})
+		session := loginUser(t, user5.Name)
+
+		t.Run("by name", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			defer func() {
+				repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerID: user5.ID, Name: "repo1"})
+				repo_service.DeleteRepository(db.DefaultContext, user5, repo, false)
+			}()
+			testRepoFork(t, session, "user2", "repo1", "user5", "repo1")
+		})
+
+		t.Run("legacy redirect", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			testRepoForkLegacyRedirect(t, session, "user2", "repo1")
+
+			t.Run("private 404", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				// Make sure the repo we try to fork is private
+				repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 31, IsPrivate: true})
+
+				// user5 does not have access to user2/repo20
+				req := NewRequestf(t, "GET", "/repo/fork/%d", repo.ID) // user2/repo20
+				session.MakeRequest(t, req, http.StatusNotFound)
+			})
+			t.Run("authenticated private redirect", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				// Make sure the repo we try to fork is private
+				repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 31, IsPrivate: true})
+
+				// user1 has access to user2/repo20
+				session := loginUser(t, "user1")
+				req := NewRequestf(t, "GET", "/repo/fork/%d", repo.ID) // user2/repo20
+				session.MakeRequest(t, req, http.StatusMovedPermanently)
+			})
+			t.Run("no code unit", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				// Make sure the repo we try to fork is private.
+				// We're also choosing user15/big_test_private_2, becase it has the Code unit disabled.
+				repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 20, IsPrivate: true})
+
+				// user1, even though an admin, can't fork a repo without a code unit.
+				session := loginUser(t, "user1")
+				req := NewRequestf(t, "GET", "/repo/fork/%d", repo.ID) // user15/big_test_private_2
+				session.MakeRequest(t, req, http.StatusNotFound)
+			})
+		})
+	})
 }
 
 func TestRepoForkToOrg(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-	session := loginUser(t, "user2")
-	testRepoFork(t, session, "user2", "repo1", "org3", "repo1")
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		session := loginUser(t, "user2")
+		org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org3"})
 
-	// Check that no more forking is allowed as user2 owns repository
-	//  and org3 organization that owner user2 is also now has forked this repository
-	req := NewRequest(t, "GET", "/user2/repo1")
-	resp := session.MakeRequest(t, req, http.StatusOK)
-	htmlDoc := NewHTMLParser(t, resp.Body)
-	_, exists := htmlDoc.doc.Find("a.ui.button[href^=\"/repo/fork/\"]").Attr("href")
-	assert.False(t, exists, "Forking should not be allowed anymore")
+		t.Run("by name", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			defer func() {
+				repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerID: org3.ID, Name: "repo1"})
+				repo_service.DeleteRepository(db.DefaultContext, org3, repo, false)
+			}()
+
+			testRepoFork(t, session, "user2", "repo1", "org3", "repo1")
+
+			// Check that no more forking is allowed as user2 owns repository
+			//  and org3 organization that owner user2 is also now has forked this repository
+			req := NewRequest(t, "GET", "/user2/repo1")
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			_, exists := htmlDoc.doc.Find("a.ui.button[href^=\"/fork\"]").Attr("href")
+			assert.False(t, exists, "Forking should not be allowed anymore")
+		})
+
+		t.Run("legacy redirect", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			testRepoForkLegacyRedirect(t, session, "user2", "repo1")
+		})
+	})
 }