forgejo/models/actions/forgejo_test.go
TheFox0x7 4de909747b
Some checks are pending
/ release (push) Waiting to run
testing / test-remote-cacher (map[image:redis:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:registry.redict.io/redict:7.3.0-scratch port:6379]) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/valkey/valkey:7.2.5-alpine3.19 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:ghcr.io/microsoft/garnet-alpine:1.0.14 port:6379]) (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
Add testifylint to lint checks (#4535)
go-require lint is ignored for now

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4535
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-07-30 19:41:10 +00:00

178 lines
6.9 KiB
Go

// SPDX-License-Identifier: MIT
package actions
import (
"crypto/subtle"
"testing"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/unittest"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestActions_RegisterRunner_Token(t *testing.T) {
require.NoError(t, unittest.PrepareTestDatabase())
ownerID := int64(0)
repoID := int64(0)
token := "0123456789012345678901234567890123456789"
labels := []string{}
name := "runner"
version := "v1.2.3"
runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, &labels, name, version)
require.NoError(t, err)
assert.EqualValues(t, name, runner.Name)
assert.EqualValues(t, 1, subtle.ConstantTimeCompare([]byte(runner.TokenHash), []byte(auth_model.HashToken(token, runner.TokenSalt))), "the token cannot be verified with the same method as routers/api/actions/runner/interceptor.go as of 8228751c55d6a4263f0fec2932ca16181c09c97d")
}
// TestActions_RegisterRunner_TokenUpdate tests that a token's secret is updated
// when a runner already exists and RegisterRunner is called with a token
// parameter whose first 16 bytes match that record but where the last 24 bytes
// do not match.
func TestActions_RegisterRunner_TokenUpdate(t *testing.T) {
const recordID = 12345678
oldToken := "7e577e577e577e57feedfacefeedfacefeedface"
newToken := "7e577e577e577e57deadbeefdeadbeefdeadbeef"
require.NoError(t, unittest.PrepareTestDatabase())
before := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
require.Equal(t,
before.TokenHash, auth_model.HashToken(oldToken, before.TokenSalt),
"the initial token should match the runner's secret",
)
RegisterRunner(db.DefaultContext, before.OwnerID, before.RepoID, newToken, nil, before.Name, before.Version)
after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
assert.Equal(t, before.UUID, after.UUID)
assert.NotEqual(t,
after.TokenHash, auth_model.HashToken(oldToken, after.TokenSalt),
"the old token can still be verified",
)
assert.Equal(t,
after.TokenHash, auth_model.HashToken(newToken, after.TokenSalt),
"the new token cannot be verified",
)
}
func TestActions_RegisterRunner_CreateWithLabels(t *testing.T) {
require.NoError(t, unittest.PrepareTestDatabase())
ownerID := int64(0)
repoID := int64(0)
token := "0123456789012345678901234567890123456789"
name := "runner"
version := "v1.2.3"
labels := []string{"woop", "doop"}
labelsCopy := labels // labels may be affected by the tested function so we copy them
runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, &labels, name, version)
require.NoError(t, err)
// Check that the returned record has been updated, except for the labels
assert.EqualValues(t, ownerID, runner.OwnerID)
assert.EqualValues(t, repoID, runner.RepoID)
assert.EqualValues(t, name, runner.Name)
assert.EqualValues(t, version, runner.Version)
assert.EqualValues(t, labelsCopy, runner.AgentLabels)
// Check that whatever is in the DB has been updated, except for the labels
after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: runner.ID})
assert.EqualValues(t, ownerID, after.OwnerID)
assert.EqualValues(t, repoID, after.RepoID)
assert.EqualValues(t, name, after.Name)
assert.EqualValues(t, version, after.Version)
assert.EqualValues(t, labelsCopy, after.AgentLabels)
}
func TestActions_RegisterRunner_CreateWithoutLabels(t *testing.T) {
require.NoError(t, unittest.PrepareTestDatabase())
ownerID := int64(0)
repoID := int64(0)
token := "0123456789012345678901234567890123456789"
name := "runner"
version := "v1.2.3"
runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, nil, name, version)
require.NoError(t, err)
// Check that the returned record has been updated, except for the labels
assert.EqualValues(t, ownerID, runner.OwnerID)
assert.EqualValues(t, repoID, runner.RepoID)
assert.EqualValues(t, name, runner.Name)
assert.EqualValues(t, version, runner.Version)
assert.EqualValues(t, []string{}, runner.AgentLabels)
// Check that whatever is in the DB has been updated, except for the labels
after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: runner.ID})
assert.EqualValues(t, ownerID, after.OwnerID)
assert.EqualValues(t, repoID, after.RepoID)
assert.EqualValues(t, name, after.Name)
assert.EqualValues(t, version, after.Version)
assert.EqualValues(t, []string{}, after.AgentLabels)
}
func TestActions_RegisterRunner_UpdateWithLabels(t *testing.T) {
const recordID = 12345678
token := "7e577e577e577e57feedfacefeedfacefeedface"
require.NoError(t, unittest.PrepareTestDatabase())
unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
newOwnerID := int64(1)
newRepoID := int64(1)
newName := "rennur"
newVersion := "v4.5.6"
newLabels := []string{"warp", "darp"}
labelsCopy := newLabels // labels may be affected by the tested function so we copy them
runner, err := RegisterRunner(db.DefaultContext, newOwnerID, newRepoID, token, &newLabels, newName, newVersion)
require.NoError(t, err)
// Check that the returned record has been updated
assert.EqualValues(t, newOwnerID, runner.OwnerID)
assert.EqualValues(t, newRepoID, runner.RepoID)
assert.EqualValues(t, newName, runner.Name)
assert.EqualValues(t, newVersion, runner.Version)
assert.EqualValues(t, labelsCopy, runner.AgentLabels)
// Check that whatever is in the DB has been updated
after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
assert.EqualValues(t, newOwnerID, after.OwnerID)
assert.EqualValues(t, newRepoID, after.RepoID)
assert.EqualValues(t, newName, after.Name)
assert.EqualValues(t, newVersion, after.Version)
assert.EqualValues(t, labelsCopy, after.AgentLabels)
}
func TestActions_RegisterRunner_UpdateWithoutLabels(t *testing.T) {
const recordID = 12345678
token := "7e577e577e577e57feedfacefeedfacefeedface"
require.NoError(t, unittest.PrepareTestDatabase())
before := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
newOwnerID := int64(1)
newRepoID := int64(1)
newName := "rennur"
newVersion := "v4.5.6"
runner, err := RegisterRunner(db.DefaultContext, newOwnerID, newRepoID, token, nil, newName, newVersion)
require.NoError(t, err)
// Check that the returned record has been updated, except for the labels
assert.EqualValues(t, newOwnerID, runner.OwnerID)
assert.EqualValues(t, newRepoID, runner.RepoID)
assert.EqualValues(t, newName, runner.Name)
assert.EqualValues(t, newVersion, runner.Version)
assert.EqualValues(t, before.AgentLabels, runner.AgentLabels)
// Check that whatever is in the DB has been updated, except for the labels
after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
assert.EqualValues(t, newOwnerID, after.OwnerID)
assert.EqualValues(t, newRepoID, after.RepoID)
assert.EqualValues(t, newName, after.Name)
assert.EqualValues(t, newVersion, after.Version)
assert.EqualValues(t, before.AgentLabels, after.AgentLabels)
}