2018-12-09 10:19:50 +08:00
|
|
|
// Copyright 2018 The Gitea Authors. All rights reserved.
|
2022-11-28 02:20:29 +08:00
|
|
|
// SPDX-License-Identifier: MIT
|
2018-12-09 10:19:50 +08:00
|
|
|
|
2022-09-03 03:18:23 +08:00
|
|
|
package integration
|
2018-12-09 10:19:50 +08:00
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
"testing"
|
|
|
|
|
2023-01-18 05:46:03 +08:00
|
|
|
auth_model "code.gitea.io/gitea/models/auth"
|
Add context cache as a request level cache (#22294)
To avoid duplicated load of the same data in an HTTP request, we can set
a context cache to do that. i.e. Some pages may load a user from a
database with the same id in different areas on the same page. But the
code is hidden in two different deep logic. How should we share the
user? As a result of this PR, now if both entry functions accept
`context.Context` as the first parameter and we just need to refactor
`GetUserByID` to reuse the user from the context cache. Then it will not
be loaded twice on an HTTP request.
But of course, sometimes we would like to reload an object from the
database, that's why `RemoveContextData` is also exposed.
The core context cache is here. It defines a new context
```go
type cacheContext struct {
ctx context.Context
data map[any]map[any]any
lock sync.RWMutex
}
var cacheContextKey = struct{}{}
func WithCacheContext(ctx context.Context) context.Context {
return context.WithValue(ctx, cacheContextKey, &cacheContext{
ctx: ctx,
data: make(map[any]map[any]any),
})
}
```
Then you can use the below 4 methods to read/write/del the data within
the same context.
```go
func GetContextData(ctx context.Context, tp, key any) any
func SetContextData(ctx context.Context, tp, key, value any)
func RemoveContextData(ctx context.Context, tp, key any)
func GetWithContextCache[T any](ctx context.Context, cacheGroupKey string, cacheTargetID any, f func() (T, error)) (T, error)
```
Then let's take a look at how `system.GetString` implement it.
```go
func GetSetting(ctx context.Context, key string) (string, error) {
return cache.GetWithContextCache(ctx, contextCacheKey, key, func() (string, error) {
return cache.GetString(genSettingCacheKey(key), func() (string, error) {
res, err := GetSettingNoCache(ctx, key)
if err != nil {
return "", err
}
return res.SettingValue, nil
})
})
}
```
First, it will check if context data include the setting object with the
key. If not, it will query from the global cache which may be memory or
a Redis cache. If not, it will get the object from the database. In the
end, if the object gets from the global cache or database, it will be
set into the context cache.
An object stored in the context cache will only be destroyed after the
context disappeared.
2023-02-15 21:37:34 +08:00
|
|
|
"code.gitea.io/gitea/models/db"
|
2021-11-16 16:53:21 +08:00
|
|
|
"code.gitea.io/gitea/models/unittest"
|
2021-11-24 17:49:20 +08:00
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
2019-05-11 18:21:34 +08:00
|
|
|
api "code.gitea.io/gitea/modules/structs"
|
2022-09-03 03:18:23 +08:00
|
|
|
"code.gitea.io/gitea/tests"
|
2019-01-24 22:12:17 +08:00
|
|
|
|
2018-12-09 10:19:50 +08:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestUserOrgs(t *testing.T) {
|
2022-09-03 03:18:23 +08:00
|
|
|
defer tests.PrepareTestEnv(t)()
|
2018-12-09 10:19:50 +08:00
|
|
|
adminUsername := "user1"
|
|
|
|
normalUsername := "user2"
|
2021-01-29 05:40:41 +08:00
|
|
|
privateMemberUsername := "user4"
|
|
|
|
unrelatedUsername := "user5"
|
2019-01-24 22:12:17 +08:00
|
|
|
|
2021-01-29 05:40:41 +08:00
|
|
|
orgs := getUserOrgs(t, adminUsername, normalUsername)
|
|
|
|
|
2023-09-14 10:59:53 +08:00
|
|
|
org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org3"})
|
|
|
|
org17 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org17"})
|
2024-05-23 12:14:26 +08:00
|
|
|
org35 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "private_org35"})
|
2018-12-09 10:19:50 +08:00
|
|
|
|
|
|
|
assert.Equal(t, []*api.Organization{
|
2022-08-22 00:24:05 +08:00
|
|
|
{
|
|
|
|
ID: 17,
|
2023-09-14 10:59:53 +08:00
|
|
|
Name: org17.Name,
|
|
|
|
UserName: org17.Name,
|
|
|
|
FullName: org17.FullName,
|
|
|
|
Email: org17.Email,
|
|
|
|
AvatarURL: org17.AvatarLink(db.DefaultContext),
|
2022-08-22 00:24:05 +08:00
|
|
|
Description: "",
|
|
|
|
Website: "",
|
|
|
|
Location: "",
|
|
|
|
Visibility: "public",
|
|
|
|
},
|
2018-12-09 10:19:50 +08:00
|
|
|
{
|
|
|
|
ID: 3,
|
2023-09-14 10:59:53 +08:00
|
|
|
Name: org3.Name,
|
|
|
|
UserName: org3.Name,
|
|
|
|
FullName: org3.FullName,
|
|
|
|
Email: org3.Email,
|
|
|
|
AvatarURL: org3.AvatarLink(db.DefaultContext),
|
2018-12-09 10:19:50 +08:00
|
|
|
Description: "",
|
|
|
|
Website: "",
|
|
|
|
Location: "",
|
2019-05-31 01:57:55 +08:00
|
|
|
Visibility: "public",
|
2018-12-09 10:19:50 +08:00
|
|
|
},
|
2024-05-23 12:14:26 +08:00
|
|
|
{
|
|
|
|
ID: 35,
|
|
|
|
Name: org35.Name,
|
|
|
|
UserName: org35.Name,
|
|
|
|
FullName: org35.FullName,
|
|
|
|
Email: org35.Email,
|
|
|
|
AvatarURL: org35.AvatarLink(db.DefaultContext),
|
|
|
|
Description: "",
|
|
|
|
Website: "",
|
|
|
|
Location: "",
|
|
|
|
Visibility: "private",
|
|
|
|
},
|
2018-12-09 10:19:50 +08:00
|
|
|
}, orgs)
|
2021-01-29 05:40:41 +08:00
|
|
|
|
|
|
|
// user itself should get it's org's he is a member of
|
|
|
|
orgs = getUserOrgs(t, privateMemberUsername, privateMemberUsername)
|
|
|
|
assert.Len(t, orgs, 1)
|
|
|
|
|
|
|
|
// unrelated user should not get private org membership of privateMemberUsername
|
|
|
|
orgs = getUserOrgs(t, unrelatedUsername, privateMemberUsername)
|
|
|
|
assert.Len(t, orgs, 0)
|
|
|
|
|
2023-01-18 05:46:03 +08:00
|
|
|
// not authenticated call should not be allowed
|
|
|
|
testUserOrgsUnauthenticated(t, privateMemberUsername)
|
2021-01-29 05:40:41 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
func getUserOrgs(t *testing.T, userDoer, userCheck string) (orgs []*api.Organization) {
|
2022-01-21 01:46:10 +08:00
|
|
|
token := ""
|
2021-01-29 05:40:41 +08:00
|
|
|
if len(userDoer) != 0 {
|
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
- `activitypub`
- `admin` (hidden if user is not a site admin)
- `misc`
- `notification`
- `organization`
- `package`
- `issue`
- `repository`
- `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
- `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
- `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection
### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">
## tokenRequiresScopes Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error
## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
- _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
- _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
- _This should be addressed in this PR_
- For example:
```go
m.Group("/users/{username}/orgs", func() {
m.Get("", reqToken(), org.ListUserOrgs)
m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
```
## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default
Closes #24501
Closes #24799
Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-05 02:57:16 +08:00
|
|
|
token = getUserToken(t, userDoer, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadUser)
|
2021-01-29 05:40:41 +08:00
|
|
|
}
|
2023-12-22 07:59:59 +08:00
|
|
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/users/%s/orgs", userCheck)).
|
|
|
|
AddTokenAuth(token)
|
2022-12-02 11:39:42 +08:00
|
|
|
resp := MakeRequest(t, req, http.StatusOK)
|
2021-01-29 05:40:41 +08:00
|
|
|
DecodeJSON(t, resp, &orgs)
|
|
|
|
return orgs
|
2018-12-09 10:19:50 +08:00
|
|
|
}
|
|
|
|
|
2023-01-18 05:46:03 +08:00
|
|
|
func testUserOrgsUnauthenticated(t *testing.T, userCheck string) {
|
|
|
|
session := emptyTestSession(t)
|
|
|
|
req := NewRequestf(t, "GET", "/api/v1/users/%s/orgs", userCheck)
|
|
|
|
session.MakeRequest(t, req, http.StatusUnauthorized)
|
|
|
|
}
|
|
|
|
|
2018-12-09 10:19:50 +08:00
|
|
|
func TestMyOrgs(t *testing.T) {
|
2022-09-03 03:18:23 +08:00
|
|
|
defer tests.PrepareTestEnv(t)()
|
2018-12-09 10:19:50 +08:00
|
|
|
|
2021-01-29 05:40:41 +08:00
|
|
|
req := NewRequest(t, "GET", "/api/v1/user/orgs")
|
2022-12-02 11:39:42 +08:00
|
|
|
MakeRequest(t, req, http.StatusUnauthorized)
|
2021-01-29 05:40:41 +08:00
|
|
|
|
2018-12-09 10:19:50 +08:00
|
|
|
normalUsername := "user2"
|
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
- `activitypub`
- `admin` (hidden if user is not a site admin)
- `misc`
- `notification`
- `organization`
- `package`
- `issue`
- `repository`
- `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
- `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
- `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection
### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">
## tokenRequiresScopes Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error
## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
- _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
- _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
- _This should be addressed in this PR_
- For example:
```go
m.Group("/users/{username}/orgs", func() {
m.Get("", reqToken(), org.ListUserOrgs)
m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
```
## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default
Closes #24501
Closes #24799
Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-05 02:57:16 +08:00
|
|
|
token := getUserToken(t, normalUsername, auth_model.AccessTokenScopeReadOrganization, auth_model.AccessTokenScopeReadUser)
|
2023-12-22 07:59:59 +08:00
|
|
|
req = NewRequest(t, "GET", "/api/v1/user/orgs").
|
|
|
|
AddTokenAuth(token)
|
2022-12-02 11:39:42 +08:00
|
|
|
resp := MakeRequest(t, req, http.StatusOK)
|
2018-12-09 10:19:50 +08:00
|
|
|
var orgs []*api.Organization
|
|
|
|
DecodeJSON(t, resp, &orgs)
|
2023-09-14 10:59:53 +08:00
|
|
|
org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org3"})
|
|
|
|
org17 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "org17"})
|
2024-05-23 12:14:26 +08:00
|
|
|
org35 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "private_org35"})
|
2018-12-09 10:19:50 +08:00
|
|
|
|
|
|
|
assert.Equal(t, []*api.Organization{
|
2022-08-22 00:24:05 +08:00
|
|
|
{
|
|
|
|
ID: 17,
|
2023-09-14 10:59:53 +08:00
|
|
|
Name: org17.Name,
|
|
|
|
UserName: org17.Name,
|
|
|
|
FullName: org17.FullName,
|
|
|
|
Email: org17.Email,
|
|
|
|
AvatarURL: org17.AvatarLink(db.DefaultContext),
|
2022-08-22 00:24:05 +08:00
|
|
|
Description: "",
|
|
|
|
Website: "",
|
|
|
|
Location: "",
|
|
|
|
Visibility: "public",
|
|
|
|
},
|
2018-12-09 10:19:50 +08:00
|
|
|
{
|
|
|
|
ID: 3,
|
2023-09-14 10:59:53 +08:00
|
|
|
Name: org3.Name,
|
|
|
|
UserName: org3.Name,
|
|
|
|
FullName: org3.FullName,
|
|
|
|
Email: org3.Email,
|
|
|
|
AvatarURL: org3.AvatarLink(db.DefaultContext),
|
2018-12-09 10:19:50 +08:00
|
|
|
Description: "",
|
|
|
|
Website: "",
|
|
|
|
Location: "",
|
2019-05-31 01:57:55 +08:00
|
|
|
Visibility: "public",
|
2018-12-09 10:19:50 +08:00
|
|
|
},
|
2024-05-23 12:14:26 +08:00
|
|
|
{
|
|
|
|
ID: 35,
|
|
|
|
Name: org35.Name,
|
|
|
|
UserName: org35.Name,
|
|
|
|
FullName: org35.FullName,
|
|
|
|
Email: org35.Email,
|
|
|
|
AvatarURL: org35.AvatarLink(db.DefaultContext),
|
|
|
|
Description: "",
|
|
|
|
Website: "",
|
|
|
|
Location: "",
|
|
|
|
Visibility: "private",
|
|
|
|
},
|
2018-12-09 10:19:50 +08:00
|
|
|
}, orgs)
|
|
|
|
}
|