From 5046a10aecb044661398ca49518556fee6baaa33 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 25 Jan 2025 12:16:04 +0100
Subject: [PATCH] fix(sec): add tests for web route delete runner
Exhaustively test each combination of deleting and updating a action
runner via the web route. Although updating an action runner was not
impacted, its good to have a test nonetheless.
---
.../TestRunnerModification/action_runner.yml | 31 +++++
tests/integration/runner_test.go | 130 ++++++++++++++++++
2 files changed, 161 insertions(+)
create mode 100644 tests/integration/fixtures/TestRunnerModification/action_runner.yml
create mode 100644 tests/integration/runner_test.go
diff --git a/tests/integration/fixtures/TestRunnerModification/action_runner.yml b/tests/integration/fixtures/TestRunnerModification/action_runner.yml
new file mode 100644
index 0000000000..95599b19bd
--- /dev/null
+++ b/tests/integration/fixtures/TestRunnerModification/action_runner.yml
@@ -0,0 +1,31 @@
+-
+ id: 1001
+ uuid: "43b5d4d3-401b-42f9-94df-a9d45b447b82"
+ name: "User runner"
+ owner_id: 2
+ repo_id: 0
+ deleted: 0
+
+-
+ id: 1002
+ uuid: "bdc77f4f-2b2b-442d-bd44-e808f4306347"
+ name: "Organisation runner"
+ owner_id: 3
+ repo_id: 0
+ deleted: 0
+
+-
+ id: 1003
+ uuid: "9268bc8c-efbf-4dbe-aeb5-945733cdd098"
+ name: "Repository runner"
+ owner_id: 0
+ repo_id: 1
+ deleted: 0
+
+-
+ id: 1004
+ uuid: "fb857e63-c0ce-4571-a6c9-fde26c128073"
+ name: "Global runner"
+ owner_id: 0
+ repo_id: 0
+ deleted: 0
diff --git a/tests/integration/runner_test.go b/tests/integration/runner_test.go
new file mode 100644
index 0000000000..bab2a67230
--- /dev/null
+++ b/tests/integration/runner_test.go
@@ -0,0 +1,130 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+ "fmt"
+ "net/http"
+ "testing"
+
+ actions_model "code.gitea.io/gitea/models/actions"
+ repo_model "code.gitea.io/gitea/models/repo"
+ "code.gitea.io/gitea/models/unittest"
+ user_model "code.gitea.io/gitea/models/user"
+ forgejo_context "code.gitea.io/gitea/services/context"
+ "code.gitea.io/gitea/tests"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestRunnerModification(t *testing.T) {
+ defer tests.AddFixtures("tests/integration/fixtures/TestRunnerModification")()
+ defer tests.PrepareTestEnv(t)()
+
+ user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+ userRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 1001, OwnerID: user.ID})
+ userURL := "/user/settings/actions/runners"
+ org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
+ orgRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 1002, OwnerID: org.ID})
+ orgURL := "/org/" + org.Name + "/settings/actions/runners"
+ repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user.ID})
+ repoRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 1003, RepoID: repo.ID})
+ repoURL := "/" + repo.FullName() + "/settings/actions/runners"
+ admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{IsAdmin: true})
+ globalRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 1004}, "owner_id = 0 AND repo_id = 0")
+ adminURL := "/admin/actions/runners"
+
+ adminSess := loginUser(t, admin.Name)
+ adminCSRF := GetCSRF(t, adminSess, "/")
+ sess := loginUser(t, user.Name)
+ csrf := GetCSRF(t, sess, "/")
+
+ test := func(t *testing.T, fail bool, baseURL string, id int64) {
+ defer tests.PrintCurrentTest(t, 1)()
+ t.Helper()
+
+ sess := sess
+ csrf := csrf
+ if baseURL == adminURL {
+ sess = adminSess
+ csrf = adminCSRF
+ }
+
+ req := NewRequestWithValues(t, "POST", baseURL+fmt.Sprintf("/%d", id), map[string]string{
+ "_csrf": csrf,
+ "description": "New Description",
+ })
+ if fail {
+ sess.MakeRequest(t, req, http.StatusNotFound)
+ } else {
+ sess.MakeRequest(t, req, http.StatusSeeOther)
+ flashCookie := sess.GetCookie(forgejo_context.CookieNameFlash)
+ assert.NotNil(t, flashCookie)
+ assert.EqualValues(t, "success%3DRunner%2Bupdated%2Bsuccessfully", flashCookie.Value)
+ }
+
+ req = NewRequestWithValues(t, "POST", baseURL+fmt.Sprintf("/%d/delete", id), map[string]string{
+ "_csrf": csrf,
+ })
+ if fail {
+ sess.MakeRequest(t, req, http.StatusNotFound)
+ } else {
+ sess.MakeRequest(t, req, http.StatusOK)
+ flashCookie := sess.GetCookie(forgejo_context.CookieNameFlash)
+ assert.NotNil(t, flashCookie)
+ assert.EqualValues(t, "success%3DRunner%2Bdeleted%2Bsuccessfully", flashCookie.Value)
+ }
+ }
+
+ t.Run("User runner", func(t *testing.T) {
+ t.Run("Organisation", func(t *testing.T) {
+ test(t, true, orgURL, userRunner.ID)
+ })
+ t.Run("Repository", func(t *testing.T) {
+ test(t, true, repoURL, userRunner.ID)
+ })
+ t.Run("User", func(t *testing.T) {
+ test(t, false, userURL, userRunner.ID)
+ })
+ })
+
+ t.Run("Organisation runner", func(t *testing.T) {
+ t.Run("Repository", func(t *testing.T) {
+ test(t, true, repoURL, orgRunner.ID)
+ })
+ t.Run("User", func(t *testing.T) {
+ test(t, true, userURL, orgRunner.ID)
+ })
+ t.Run("Organisation", func(t *testing.T) {
+ test(t, false, orgURL, orgRunner.ID)
+ })
+ })
+
+ t.Run("Repository runner", func(t *testing.T) {
+ t.Run("Organisation", func(t *testing.T) {
+ test(t, true, orgURL, repoRunner.ID)
+ })
+ t.Run("User", func(t *testing.T) {
+ test(t, true, userURL, repoRunner.ID)
+ })
+ t.Run("Repository", func(t *testing.T) {
+ test(t, false, repoURL, repoRunner.ID)
+ })
+ })
+
+ t.Run("Global runner", func(t *testing.T) {
+ t.Run("Organisation", func(t *testing.T) {
+ test(t, true, orgURL, globalRunner.ID)
+ })
+ t.Run("User", func(t *testing.T) {
+ test(t, true, userURL, globalRunner.ID)
+ })
+ t.Run("Repository", func(t *testing.T) {
+ test(t, true, repoURL, globalRunner.ID)
+ })
+ t.Run("Admin", func(t *testing.T) {
+ test(t, false, adminURL, globalRunner.ID)
+ })
+ })
+}