oppi.li / perf-test
loading up the forgejo repo on tangled to test page performance
fork atom

fix: add ID check for updating push mirror interval

- Ensure that the specified push mirror ID belongs to the requested
repository, otherwise it is possible to modify the intervals of the push
mirrors that do not belong to the requested repository.
- Integration test added.

authored by Gusted and committed by Earl Warren 786dfc7f 061abe60

options
unified split
Changed files
+86 -9
routers
web
repo
setting
setting.go
tests
integration
mirror_push_test.go
+7 -9
routers/web/repo/setting/setting.go
··· 566 566 // as an error on the UI for this action 567 567 ctx.Data["Err_RepoName"] = nil 568 568 569 + m, err := selectPushMirrorByForm(ctx, form, repo) 570 + if err != nil { 571 + ctx.NotFound("", nil) 572 + return 573 + } 574 + 569 575 interval, err := time.ParseDuration(form.PushMirrorInterval) 570 576 if err != nil || (interval != 0 && interval < setting.Mirror.MinInterval) { 571 577 ctx.RenderWithErr(ctx.Tr("repo.mirror_interval_invalid"), tplSettingsOptions, &forms.RepoSettingForm{}) 572 578 return 573 579 } 574 580 575 - id, err := strconv.ParseInt(form.PushMirrorID, 10, 64) 576 - if err != nil { 577 - ctx.ServerError("UpdatePushMirrorIntervalPushMirrorID", err) 578 - return 579 - } 580 - m := &repo_model.PushMirror{ 581 - ID: id, 582 - Interval: interval, 583 - } 581 + m.Interval = interval 584 582 if err := repo_model.UpdatePushMirrorInterval(ctx, m); err != nil { 585 583 ctx.ServerError("UpdatePushMirrorInterval", err) 586 584 return
+79
tests/integration/mirror_push_test.go
··· 323 323 }) 324 324 }) 325 325 } 326 + 327 + func TestPushMirrorSettings(t *testing.T) { 328 + onGiteaRun(t, func(t *testing.T, u *url.URL) { 329 + defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)() 330 + defer test.MockVariableValue(&setting.Mirror.Enabled, true)() 331 + require.NoError(t, migrations.Init()) 332 + 333 + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) 334 + srcRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2}) 335 + srcRepo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3}) 336 + assert.False(t, srcRepo.HasWiki()) 337 + sess := loginUser(t, user.Name) 338 + pushToRepo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{ 339 + Name: optional.Some("push-mirror-test"), 340 + AutoInit: optional.Some(false), 341 + EnabledUnits: optional.Some([]unit.Type{unit.TypeCode}), 342 + }) 343 + defer f() 344 + 345 + t.Run("Adding", func(t *testing.T) { 346 + defer tests.PrintCurrentTest(t)() 347 + 348 + req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/settings", srcRepo2.FullName()), map[string]string{ 349 + "_csrf": GetCSRF(t, sess, fmt.Sprintf("/%s/settings", srcRepo2.FullName())), 350 + "action": "push-mirror-add", 351 + "push_mirror_address": u.String() + pushToRepo.FullName(), 352 + "push_mirror_interval": "0", 353 + }) 354 + sess.MakeRequest(t, req, http.StatusSeeOther) 355 + 356 + req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/settings", srcRepo.FullName()), map[string]string{ 357 + "_csrf": GetCSRF(t, sess, fmt.Sprintf("/%s/settings", srcRepo.FullName())), 358 + "action": "push-mirror-add", 359 + "push_mirror_address": u.String() + pushToRepo.FullName(), 360 + "push_mirror_interval": "0", 361 + }) 362 + sess.MakeRequest(t, req, http.StatusSeeOther) 363 + 364 + flashCookie := sess.GetCookie(gitea_context.CookieNameFlash) 365 + assert.NotNil(t, flashCookie) 366 + assert.Contains(t, flashCookie.Value, "success") 367 + }) 368 + 369 + mirrors, _, err := repo_model.GetPushMirrorsByRepoID(db.DefaultContext, srcRepo.ID, db.ListOptions{}) 370 + require.NoError(t, err) 371 + assert.Len(t, mirrors, 1) 372 + mirrorID := mirrors[0].ID 373 + 374 + mirrors, _, err = repo_model.GetPushMirrorsByRepoID(db.DefaultContext, srcRepo2.ID, db.ListOptions{}) 375 + require.NoError(t, err) 376 + assert.Len(t, mirrors, 1) 377 + 378 + t.Run("Interval", func(t *testing.T) { 379 + defer tests.PrintCurrentTest(t)() 380 + 381 + unittest.AssertExistsAndLoadBean(t, &repo_model.PushMirror{ID: mirrorID - 1}) 382 + 383 + req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/settings", srcRepo.FullName()), map[string]string{ 384 + "_csrf": GetCSRF(t, sess, fmt.Sprintf("/%s/settings", srcRepo.FullName())), 385 + "action": "push-mirror-update", 386 + "push_mirror_id": strconv.FormatInt(mirrorID-1, 10), 387 + "push_mirror_interval": "10m0s", 388 + }) 389 + sess.MakeRequest(t, req, http.StatusNotFound) 390 + 391 + req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/settings", srcRepo.FullName()), map[string]string{ 392 + "_csrf": GetCSRF(t, sess, fmt.Sprintf("/%s/settings", srcRepo.FullName())), 393 + "action": "push-mirror-update", 394 + "push_mirror_id": strconv.FormatInt(mirrorID, 10), 395 + "push_mirror_interval": "10m0s", 396 + }) 397 + sess.MakeRequest(t, req, http.StatusSeeOther) 398 + 399 + flashCookie := sess.GetCookie(gitea_context.CookieNameFlash) 400 + assert.NotNil(t, flashCookie) 401 + assert.Contains(t, flashCookie.Value, "success") 402 + }) 403 + }) 404 + }