Merge pull request '[GITEA] Make confirmation clearer for dangerous actions' (#1431) from Gusted/forgejo:forgejo-confirmation-include-ownername into forgejo-dependency

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1431
2024-11-22 08:42:32 -05:00 · 2023-09-13 18:20:52 +00:00 · 2023-09-13 18:20:52 +00:00 · f1b5449696
commit f1b5449696
parent 4e76879d97 c29b0525de
4 changed files with 150 additions and 11 deletions
--- a/routers/web/repo/setting/setting.go
+++ b/routers/web/repo/setting/setting.go
@ -667,7 +667,7 @@ func SettingsPost(ctx *context.Context) {
 			ctx.Error(http.StatusNotFound)
 			return
 		}
-		if repo.Name != form.RepoName {
+		if repo.FullName() != form.RepoName {
 			ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
 			return
 		}
@ -698,7 +698,7 @@ func SettingsPost(ctx *context.Context) {
 			ctx.ServerError("Convert Fork", err)
 			return
 		}
-		if repo.Name != form.RepoName {
+		if repo.FullName() != form.RepoName {
 			ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
 			return
 		}
@ -731,7 +731,7 @@ func SettingsPost(ctx *context.Context) {
 			ctx.Error(http.StatusNotFound)
 			return
 		}
-		if repo.Name != form.RepoName {
+		if repo.FullName() != form.RepoName {
 			ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
 			return
 		}
@ -813,7 +813,7 @@ func SettingsPost(ctx *context.Context) {
 			ctx.Error(http.StatusNotFound)
 			return
 		}
-		if repo.Name != form.RepoName {
+		if repo.FullName() != form.RepoName {
 			ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
 			return
 		}
@ -837,7 +837,7 @@ func SettingsPost(ctx *context.Context) {
 			ctx.Error(http.StatusNotFound)
 			return
 		}
-		if repo.Name != form.RepoName {
+		if repo.FullName() != form.RepoName {
 			ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_repo_name"), tplSettingsOptions, nil)
 			return
 		}
--- a/templates/repo/settings/options.tmpl
+++ b/templates/repo/settings/options.tmpl
@ -817,7 +817,7 @@
 					<div class="field">
 						<label>
 							{{.locale.Tr "repo.settings.transfer_form_title"}}
-							<span class="text red">{{.Repository.Name}}</span>
+							<span class="text red">{{.Repository.FullName}}</span>
 						</label>
 					</div>
 					<div class="required field">
@ -848,7 +848,7 @@
 					<div class="field">
 						<label>
 							{{.locale.Tr "repo.settings.transfer_form_title"}}
-							<span class="text red">{{.Repository.Name}}</span>
+							<span class="text red">{{.Repository.FullName}}</span>
 						</label>
 					</div>
 					<div class="required field">
@ -880,7 +880,7 @@
 				<div class="field">
 					<label>
 						{{.locale.Tr "repo.settings.transfer_form_title"}}
-						<span class="text red">{{.Repository.Name}}</span>
+						<span class="text red">{{.Repository.FullName}}</span>
 					</label>
 				</div>
 				<div class="required field">
@ -918,7 +918,7 @@
 				<div class="field">
 					<label>
 						{{.locale.Tr "repo.settings.transfer_form_title"}}
-						<span class="text red">{{.Repository.Name}}</span>
+						<span class="text red">{{.Repository.FullName}}</span>
 					</label>
 				</div>
 				<div class="required field">
@ -950,7 +950,7 @@
 				<div class="field">
 					<label>
 						{{.locale.Tr "repo.settings.transfer_form_title"}}
-						<span class="text red">{{.Repository.Name}}</span>
+						<span class="text red">{{.Repository.FullName}}</span>
 					</label>
 				</div>
 				<div class="required field">
--- a/tests/integration/pull_create_test.go
+++ b/tests/integration/pull_create_test.go
@ -4,6 +4,7 @@
 package integration

 import (
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@ -129,7 +130,7 @@ func testDeleteRepository(t *testing.T, session *TestSession, ownerName, repoNam

 	req = NewRequestWithValues(t, "POST", relURL+"?action=delete", map[string]string{
 		"_csrf":     htmlDoc.GetCSRF(),
-		"repo_name": repoName,
+		"repo_name": fmt.Sprintf("%s/%s", ownerName, repoName),
 	})
 	session.MakeRequest(t, req, http.StatusSeeOther)
 }
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@ -6,12 +6,15 @@ package integration
 import (
 	"fmt"
 	"net/http"
+	"net/http/httptest"
 	"path"
 	"strings"
 	"testing"
 	"time"

+	gitea_context "code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/tests"

 	"github.com/PuerkitoBio/goquery"
@ -548,3 +551,138 @@ func TestRepoHTMLTitle(t *testing.T) {
 		})
 	})
 }
+
+func TestDangerZoneConfirmation(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	mustInvalidRepoName := func(resp *httptest.ResponseRecorder) {
+		t.Helper()
+
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		assert.Contains(t,
+			htmlDoc.doc.Find(".ui.negative.message").Text(),
+			translation.NewLocale("en-US").Tr("form.enterred_invalid_repo_name"),
+		)
+	}
+
+	t.Run("Transfer ownership", func(t *testing.T) {
+		session := loginUser(t, "user2")
+
+		t.Run("Fail", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
+				"_csrf":          GetCSRF(t, session, "/user2/repo1/settings"),
+				"action":         "transfer",
+				"repo_name":      "repo1",
+				"new_owner_name": "user1",
+			})
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			mustInvalidRepoName(resp)
+		})
+		t.Run("Pass", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
+				"_csrf":          GetCSRF(t, session, "/user2/repo1/settings"),
+				"action":         "transfer",
+				"repo_name":      "user2/repo1",
+				"new_owner_name": "user1",
+			})
+			session.MakeRequest(t, req, http.StatusSeeOther)
+
+			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.EqualValues(t, flashCookie.Value, "success%3DThis%2Brepository%2Bhas%2Bbeen%2Bmarked%2Bfor%2Btransfer%2Band%2Bawaits%2Bconfirmation%2Bfrom%2B%2522User%2BOne%2522")
+		})
+	})
+
+	t.Run("Convert fork", func(t *testing.T) {
+		session := loginUser(t, "user20")
+
+		t.Run("Fail", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequestWithValues(t, "POST", "/user20/big_test_public_fork_7/settings", map[string]string{
+				"_csrf":     GetCSRF(t, session, "/user20/big_test_public_fork_7/settings"),
+				"action":    "convert_fork",
+				"repo_name": "big_test_public_fork_7",
+			})
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			mustInvalidRepoName(resp)
+		})
+		t.Run("Pass", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequestWithValues(t, "POST", "/user20/big_test_public_fork_7/settings", map[string]string{
+				"_csrf":     GetCSRF(t, session, "/user20/big_test_public_fork_7/settings"),
+				"action":    "convert_fork",
+				"repo_name": "user20/big_test_public_fork_7",
+			})
+			session.MakeRequest(t, req, http.StatusSeeOther)
+
+			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.EqualValues(t, flashCookie.Value, "success%3DThe%2Bfork%2Bhas%2Bbeen%2Bconverted%2Binto%2Ba%2Bregular%2Brepository.")
+		})
+	})
+
+	t.Run("Delete wiki", func(t *testing.T) {
+		session := loginUser(t, "user2")
+
+		t.Run("Fail", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
+				"_csrf":     GetCSRF(t, session, "/user2/repo1/settings"),
+				"action":    "delete-wiki",
+				"repo_name": "repo1",
+			})
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			mustInvalidRepoName(resp)
+		})
+		t.Run("Pass", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
+				"_csrf":     GetCSRF(t, session, "/user2/repo1/settings"),
+				"action":    "delete-wiki",
+				"repo_name": "user2/repo1",
+			})
+			session.MakeRequest(t, req, http.StatusSeeOther)
+
+			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.EqualValues(t, flashCookie.Value, "success%3DThe%2Brepository%2Bwiki%2Bdata%2Bhas%2Bbeen%2Bdeleted.")
+		})
+	})
+
+	t.Run("Delete", func(t *testing.T) {
+		session := loginUser(t, "user2")
+
+		t.Run("Fail", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
+				"_csrf":     GetCSRF(t, session, "/user2/repo1/settings"),
+				"action":    "delete",
+				"repo_name": "repo1",
+			})
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			mustInvalidRepoName(resp)
+		})
+		t.Run("Pass", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
+				"_csrf":     GetCSRF(t, session, "/user2/repo1/settings"),
+				"action":    "delete",
+				"repo_name": "user2/repo1",
+			})
+			session.MakeRequest(t, req, http.StatusSeeOther)
+
+			flashCookie := session.GetCookie(gitea_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.EqualValues(t, flashCookie.Value, "success%3DThe%2Brepository%2Bhas%2Bbeen%2Bdeleted.")
+		})
+	})
+}