From d095e4fdc5ce1f0fb492b2a7b6aa68672048a531 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Dachary?= <loic@dachary.org>
Date: Sun, 12 Nov 2023 22:45:03 +0100
Subject: [PATCH] test GET /api/v1/repos/{owner}/{repo}/keys/{id}

(cherry picked from commit f5ad29dbc77df834a3b5b9a63b19bca680a9f5ed)
---
 tests/integration/api_keys_test.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tests/integration/api_keys_test.go b/tests/integration/api_keys_test.go
index 238c3cb823..03d28c9126 100644
--- a/tests/integration/api_keys_test.go
+++ b/tests/integration/api_keys_test.go
@@ -72,6 +72,17 @@ func TestCreateReadOnlyDeployKey(t *testing.T) {
 		Content: rawKeyBody.Key,
 		Mode:    perm.AccessModeRead,
 	})
+
+	// Using the ID of a key that does not belong to the repository must fail
+	{
+		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/%s/keys/%d?token=%s", repoOwner.Name, repo.Name, newDeployKey.ID, token))
+		MakeRequest(t, req, http.StatusOK)
+
+		session5 := loginUser(t, "user5")
+		token5 := getTokenForLoggedInUser(t, session5, auth_model.AccessTokenScopeWriteRepository)
+		req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user5/repo4/keys/%d?token=%s", newDeployKey.ID, token5))
+		MakeRequest(t, req, http.StatusNotFound)
+	}
 }
 
 func TestCreateReadWriteDeployKey(t *testing.T) {