diff --git a/pkg/database/testing/testing.go b/pkg/database/testing/testing.go index 59bd3263a..3cca73927 100644 --- a/pkg/database/testing/testing.go +++ b/pkg/database/testing/testing.go @@ -115,10 +115,20 @@ func Setup() { Token: "789", GitlabToken: "789", Admin: false} + user4 := User{ + Password: "$2a$10$b8d63QsTL38vx7lj0HEHfOdbu1PCAg6Gfca74UavkXooIBx9YxopS", + Name: "Rick El Toro", + Email: "rick@el.to.ro", + Gravatar: "c2180a539620d90d68eaeb848364f1c2", + Token: "987", + GitlabToken: "987", + Admin: false} + database.SaveUser(&user1) database.SaveUser(&user2) database.SaveUser(&user3) + database.SaveUser(&user4) // create dummy team data team1 := Team{ diff --git a/pkg/database/testing/users_test.go b/pkg/database/testing/users_test.go index 988e4aeb5..7d2385734 100644 --- a/pkg/database/testing/users_test.go +++ b/pkg/database/testing/users_test.go @@ -146,8 +146,8 @@ func TestListUsers(t *testing.T) { } // verify user count - if len(users) != 3 { - t.Errorf("Exepected %d users in database, got %d", 3, len(users)) + if len(users) != 4 { + t.Errorf("Exepected %d users in database, got %d", 4, len(users)) return } diff --git a/pkg/handler/handler.go b/pkg/handler/handler.go index 7adc6ab58..2af9150c9 100644 --- a/pkg/handler/handler.go +++ b/pkg/handler/handler.go @@ -102,7 +102,7 @@ func (h RepoHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // The User must own the repository OR be a member // of the Team that owns the repository OR the repo // must not be private. - if repo.Private == false && user.ID != repo.UserID { + if repo.Private && user.ID != repo.UserID { if member, _ := database.IsMember(user.ID, repo.TeamID); !member { RenderNotFound(w) return diff --git a/pkg/handler/testing/handler_test.go b/pkg/handler/testing/handler_test.go new file mode 100644 index 000000000..9ea71824d --- /dev/null +++ b/pkg/handler/testing/handler_test.go @@ -0,0 +1,68 @@ +package testing + +import ( + "net/http" + "net/http/httptest" + "testing" + + . "github.com/drone/drone/pkg/database/testing" + "github.com/drone/drone/pkg/handler" + . "github.com/drone/drone/pkg/model" + + "github.com/bmizerany/pat" + . "github.com/smartystreets/goconvey/convey" +) + +func TestRepoHandler(t *testing.T) { + Setup() + defer Teardown() + + m := pat.New() + + Convey("Repo Handler", t, func() { + m.Get("/:host/:owner/:name", handler.RepoHandler(dummyUserRepo)) + Convey("Public repo can be viewed without login", func() { + req, err := http.NewRequest("GET", "/bitbucket.org/drone/test", nil) + So(err, ShouldBeNil) + rec := httptest.NewRecorder() + m.ServeHTTP(rec, req) + So(rec.Code, ShouldEqual, 200) + }) + Convey("Public repo can be viewed by another user", func() { + req, err := http.NewRequest("GET", "/bitbucket.org/drone/test", nil) + So(err, ShouldBeNil) + rec := httptest.NewRecorder() + setUserSession(rec, req, "cavepig@gmail.com") + m.ServeHTTP(rec, req) + So(rec.Code, ShouldEqual, 200) + }) + + Convey("Private repo can not be viewed without login", func() { + req, err := http.NewRequest("GET", "/github.com/drone/drone", nil) + So(err, ShouldBeNil) + rec := httptest.NewRecorder() + m.ServeHTTP(rec, req) + So(rec.Code, ShouldEqual, 303) + }) + Convey("Private repo can not be viewed by a non team member", func() { + req, err := http.NewRequest("GET", "/github.com/drone/drone", nil) + So(err, ShouldBeNil) + rec := httptest.NewRecorder() + setUserSession(rec, req, "rick@el.to.ro") + m.ServeHTTP(rec, req) + So(rec.Code, ShouldEqual, 404) + }) + }) +} + +func dummyUserRepo(w http.ResponseWriter, r *http.Request, u *User, repo *Repo) error { + return handler.RenderText(w, http.StatusText(http.StatusOK), http.StatusOK) +} + +func setUserSession(w http.ResponseWriter, r *http.Request, username string) { + handler.SetCookie(w, r, "_sess", username) + resp := http.Response{Header: w.Header()} + for _, v := range resp.Cookies() { + r.AddCookie(v) + } +}