mirror of
https://github.com/go-gitea/gitea.git
synced 2025-12-06 13:20:14 +01:00
20cf4b7849
Backport #36002 Permission & protection check: - Fix Delete Release permission check - Fix Update Pull Request with rebase branch protection check - Fix Issue Dependency permission check - Fix Delete Comment History ID check Information leaking: - Show unified message for non-existing user and invalid password - Fix #35984 - Don't expose release draft to non-writer users. - Make API returns signature's email address instead of the user profile's. Auth & Login: - Avoid GCM OAuth2 attempt when OAuth2 is disabled - Fix #35510 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
33 lines
1.1 KiB
Go
33 lines
1.1 KiB
Go
// Copyright 2025 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package integration
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
"code.gitea.io/gitea/tests"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestAPIAuth(t *testing.T) {
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
req := NewRequestf(t, "GET", "/api/v1/user").AddBasicAuth("user2")
|
|
MakeRequest(t, req, http.StatusOK)
|
|
|
|
req = NewRequestf(t, "GET", "/api/v1/user").AddBasicAuth("user2", "wrong-password")
|
|
resp := MakeRequest(t, req, http.StatusUnauthorized)
|
|
assert.Contains(t, resp.Body.String(), `{"message":"invalid username, password or token"`)
|
|
|
|
req = NewRequestf(t, "GET", "/api/v1/user").AddBasicAuth("user-not-exist")
|
|
resp = MakeRequest(t, req, http.StatusUnauthorized)
|
|
assert.Contains(t, resp.Body.String(), `{"message":"invalid username, password or token"`)
|
|
|
|
req = NewRequestf(t, "GET", "/api/v1/users/user2/repos").AddTokenAuth("Bearer wrong_token")
|
|
resp = MakeRequest(t, req, http.StatusUnauthorized)
|
|
assert.Contains(t, resp.Body.String(), `{"message":"invalid username, password or token"`)
|
|
}
|