Fix RepoHandler

2024-07-02 20:16:01 +00:00 · 2014-04-29 19:48:45 +07:00 · 2014-04-29 19:48:45 +07:00 · 27c770e097
parent c5ce7fa86a
commit 27c770e097
3 changed files with 79 additions and 1 deletions
--- a/pkg/database/testing/testing.go
+++ b/pkg/database/testing/testing.go
@ -115,10 +115,20 @@ func Setup() {
 		Token:       "789",
 		GitlabToken: "789",
 		Admin:       false}
+	user4 := User{
+		Password:    "$2a$10$b8d63QsTL38vx7lj0HEHfOdbu1PCAg6Gfca74UavkXooIBx9YxopS",
+		Name:        "Rick El Toro",
+		Email:       "rick@el.to.ro",
+		Gravatar:    "c2180a539620d90d68eaeb848364f1c2",
+		Token:       "987",
+		GitlabToken: "987",
+		Admin:       false}
+

 	database.SaveUser(&user1)
 	database.SaveUser(&user2)
 	database.SaveUser(&user3)
+	database.SaveUser(&user4)

 	// create dummy team data
 	team1 := Team{
--- a/pkg/handler/handler.go
+++ b/pkg/handler/handler.go
@ -102,7 +102,7 @@ func (h RepoHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// The User must own the repository OR be a member
 	// of the Team that owns the repository OR the repo
 	// must not be private.
-	if repo.Private == false && user.ID != repo.UserID {
+	if repo.Private && user.ID != repo.UserID {
 		if member, _ := database.IsMember(user.ID, repo.TeamID); !member {
 			RenderNotFound(w)
 			return
--- a/pkg/handler/testing/handler_test.go
+++ b/pkg/handler/testing/handler_test.go
@ -0,0 +1,68 @@
+package testing
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	. "github.com/drone/drone/pkg/database/testing"
+	"github.com/drone/drone/pkg/handler"
+	. "github.com/drone/drone/pkg/model"
+
+	"github.com/bmizerany/pat"
+	. "github.com/smartystreets/goconvey/convey"
+)
+
+func TestRepoHandler(t *testing.T) {
+	Setup()
+	defer Teardown()
+
+	m := pat.New()
+
+	Convey("Repo Handler", t, func() {
+		m.Get("/:host/:owner/:name", handler.RepoHandler(dummyUserRepo))
+		Convey("Public repo can be viewed without login", func() {
+			req, err := http.NewRequest("GET", "/bitbucket.org/drone/test", nil)
+			So(err, ShouldBeNil)
+			rec := httptest.NewRecorder()
+			m.ServeHTTP(rec, req)
+			So(rec.Code, ShouldEqual, 200)
+		})
+		Convey("Public repo can be viewed by another user", func() {
+			req, err := http.NewRequest("GET", "/bitbucket.org/drone/test", nil)
+			So(err, ShouldBeNil)
+			rec := httptest.NewRecorder()
+			setUserSession(rec, req, "cavepig@gmail.com")
+			m.ServeHTTP(rec, req)
+			So(rec.Code, ShouldEqual, 200)
+		})
+
+		Convey("Private repo can not be viewed without login", func() {
+			req, err := http.NewRequest("GET", "/github.com/drone/drone", nil)
+			So(err, ShouldBeNil)
+			rec := httptest.NewRecorder()
+			m.ServeHTTP(rec, req)
+			So(rec.Code, ShouldEqual, 303)
+		})
+		Convey("Private repo can not be viewed by a non team member", func() {
+			req,  err := http.NewRequest("GET", "/github.com/drone/drone", nil)
+			So(err, ShouldBeNil)
+			rec := httptest.NewRecorder()
+			setUserSession(rec, req, "rick@el.to.ro")
+			m.ServeHTTP(rec, req)
+			So(rec.Code, ShouldEqual, 404)
+		})
+	})
+}
+
+func dummyUserRepo(w http.ResponseWriter, r *http.Request, u *User, repo *Repo) error {
+	return handler.RenderText(w, http.StatusText(http.StatusOK), http.StatusOK)
+}
+
+func setUserSession(w http.ResponseWriter, r *http.Request, username string) {
+	handler.SetCookie(w, r, "_sess", username)
+	resp := http.Response{Header: w.Header()} 
+	for _, v := range resp.Cookies() {
+		r.AddCookie(v)
+	}
+}