2017-03-11 15:30:29 +01:00
|
|
|
// Copyright 2017 The Gitea Authors. All rights reserved.
|
2022-11-27 19:20:29 +01:00
|
|
|
// SPDX-License-Identifier: MIT
|
2017-03-11 15:30:29 +01:00
|
|
|
|
2022-09-02 21:18:23 +02:00
|
|
|
package integration
|
2017-03-11 15:30:29 +01:00
|
|
|
|
|
|
|
import (
|
2020-11-14 17:53:43 +01:00
|
|
|
"fmt"
|
2017-04-25 09:24:51 +02:00
|
|
|
"net/http"
|
2020-11-14 17:53:43 +01:00
|
|
|
"strings"
|
2017-03-11 15:30:29 +01:00
|
|
|
"testing"
|
|
|
|
|
2024-12-27 12:16:23 +01:00
|
|
|
"code.gitea.io/gitea/models/db"
|
2021-11-16 09:53:21 +01:00
|
|
|
"code.gitea.io/gitea/models/unittest"
|
2021-11-24 10:49:20 +01:00
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
2017-04-25 09:24:51 +02:00
|
|
|
"code.gitea.io/gitea/modules/setting"
|
2024-02-25 22:55:00 +01:00
|
|
|
"code.gitea.io/gitea/modules/test"
|
2022-06-26 16:19:22 +02:00
|
|
|
"code.gitea.io/gitea/modules/translation"
|
2022-09-02 21:18:23 +02:00
|
|
|
"code.gitea.io/gitea/tests"
|
2021-11-17 13:34:35 +01:00
|
|
|
|
2020-11-14 17:53:43 +01:00
|
|
|
"github.com/stretchr/testify/assert"
|
2017-04-25 09:24:51 +02:00
|
|
|
)
|
2017-03-11 15:30:29 +01:00
|
|
|
|
|
|
|
func TestSignup(t *testing.T) {
|
2022-09-02 21:18:23 +02:00
|
|
|
defer tests.PrepareTestEnv(t)()
|
2017-04-28 15:23:28 +02:00
|
|
|
|
2017-04-25 09:24:51 +02:00
|
|
|
setting.Service.EnableCaptcha = false
|
|
|
|
|
2017-06-17 06:49:45 +02:00
|
|
|
req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
|
|
|
|
"user_name": "exampleUser",
|
|
|
|
"email": "exampleUser@example.com",
|
2019-11-09 04:40:37 +01:00
|
|
|
"password": "examplePassword!1",
|
|
|
|
"retype": "examplePassword!1",
|
2017-06-17 06:49:45 +02:00
|
|
|
})
|
2022-03-23 05:54:07 +01:00
|
|
|
MakeRequest(t, req, http.StatusSeeOther)
|
2017-03-11 15:30:29 +01:00
|
|
|
|
2017-04-25 09:24:51 +02:00
|
|
|
// should be able to view new user's page
|
2017-06-10 02:41:36 +02:00
|
|
|
req = NewRequest(t, "GET", "/exampleUser")
|
2017-07-07 21:36:47 +02:00
|
|
|
MakeRequest(t, req, http.StatusOK)
|
2017-03-11 15:30:29 +01:00
|
|
|
}
|
2020-11-14 17:53:43 +01:00
|
|
|
|
2021-07-15 21:19:48 +02:00
|
|
|
func TestSignupAsRestricted(t *testing.T) {
|
2022-09-02 21:18:23 +02:00
|
|
|
defer tests.PrepareTestEnv(t)()
|
2021-07-15 21:19:48 +02:00
|
|
|
|
|
|
|
setting.Service.EnableCaptcha = false
|
|
|
|
setting.Service.DefaultUserIsRestricted = true
|
|
|
|
|
|
|
|
req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
|
|
|
|
"user_name": "restrictedUser",
|
|
|
|
"email": "restrictedUser@example.com",
|
|
|
|
"password": "examplePassword!1",
|
|
|
|
"retype": "examplePassword!1",
|
|
|
|
})
|
2022-03-23 05:54:07 +01:00
|
|
|
MakeRequest(t, req, http.StatusSeeOther)
|
2021-07-15 21:19:48 +02:00
|
|
|
|
|
|
|
// should be able to view new user's page
|
|
|
|
req = NewRequest(t, "GET", "/restrictedUser")
|
|
|
|
MakeRequest(t, req, http.StatusOK)
|
|
|
|
|
2022-08-16 04:22:25 +02:00
|
|
|
user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "restrictedUser"})
|
2021-07-15 21:19:48 +02:00
|
|
|
assert.True(t, user2.IsRestricted)
|
|
|
|
}
|
|
|
|
|
2024-02-25 22:55:00 +01:00
|
|
|
func TestSignupEmailValidation(t *testing.T) {
|
2022-09-02 21:18:23 +02:00
|
|
|
defer tests.PrepareTestEnv(t)()
|
2020-11-14 17:53:43 +01:00
|
|
|
|
|
|
|
setting.Service.EnableCaptcha = false
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
email string
|
|
|
|
wantStatus int
|
|
|
|
wantMsg string
|
|
|
|
}{
|
2024-02-14 22:48:45 +01:00
|
|
|
{"exampleUser@example.com\r\n", http.StatusOK, translation.NewLocale("en-US").TrString("form.email_invalid")},
|
|
|
|
{"exampleUser@example.com\r", http.StatusOK, translation.NewLocale("en-US").TrString("form.email_invalid")},
|
|
|
|
{"exampleUser@example.com\n", http.StatusOK, translation.NewLocale("en-US").TrString("form.email_invalid")},
|
2022-03-23 05:54:07 +01:00
|
|
|
{"exampleUser@example.com", http.StatusSeeOther, ""},
|
2020-11-14 17:53:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
for i, test := range tests {
|
|
|
|
req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
|
|
|
|
"user_name": fmt.Sprintf("exampleUser%d", i),
|
|
|
|
"email": test.email,
|
|
|
|
"password": "examplePassword!1",
|
|
|
|
"retype": "examplePassword!1",
|
|
|
|
})
|
|
|
|
resp := MakeRequest(t, req, test.wantStatus)
|
|
|
|
if test.wantMsg != "" {
|
|
|
|
htmlDoc := NewHTMLParser(t, resp.Body)
|
|
|
|
assert.Equal(t,
|
|
|
|
test.wantMsg,
|
|
|
|
strings.TrimSpace(htmlDoc.doc.Find(".ui.message").Text()),
|
|
|
|
)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2024-02-25 22:55:00 +01:00
|
|
|
|
|
|
|
func TestSignupEmailActive(t *testing.T) {
|
|
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
defer test.MockVariableValue(&setting.Service.RegisterEmailConfirm, true)()
|
|
|
|
|
|
|
|
// try to sign up and send the activation email
|
|
|
|
req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
|
2024-12-27 12:16:23 +01:00
|
|
|
"user_name": "Test-User-1",
|
|
|
|
"email": "EmAiL-1@example.com",
|
2024-02-25 22:55:00 +01:00
|
|
|
"password": "password1",
|
|
|
|
"retype": "password1",
|
|
|
|
})
|
|
|
|
resp := MakeRequest(t, req, http.StatusOK)
|
2024-12-27 12:16:23 +01:00
|
|
|
assert.Contains(t, resp.Body.String(), `A new confirmation email has been sent to <b>EmAiL-1@example.com</b>.`)
|
2024-02-25 22:55:00 +01:00
|
|
|
|
2024-02-27 11:55:13 +01:00
|
|
|
// access "user/activate" means trying to re-send the activation email
|
2024-02-25 22:55:00 +01:00
|
|
|
session := loginUserWithPassword(t, "test-user-1", "password1")
|
|
|
|
resp = session.MakeRequest(t, NewRequest(t, "GET", "/user/activate"), http.StatusOK)
|
|
|
|
assert.Contains(t, resp.Body.String(), "You have already requested an activation email recently")
|
|
|
|
|
2024-12-27 12:16:23 +01:00
|
|
|
// access anywhere else will see an "Activate Your Account" prompt, and there is a chance to change email
|
2024-02-27 11:55:13 +01:00
|
|
|
resp = session.MakeRequest(t, NewRequest(t, "GET", "/user/issues"), http.StatusOK)
|
|
|
|
assert.Contains(t, resp.Body.String(), `<input id="change-email" name="change_email" `)
|
|
|
|
|
|
|
|
// post to "user/activate" with a new email
|
|
|
|
session.MakeRequest(t, NewRequestWithValues(t, "POST", "/user/activate", map[string]string{"change_email": "email-changed@example.com"}), http.StatusSeeOther)
|
2024-12-27 12:16:23 +01:00
|
|
|
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "Test-User-1"})
|
2024-02-27 11:55:13 +01:00
|
|
|
assert.Equal(t, "email-changed@example.com", user.Email)
|
|
|
|
email := unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{Email: "email-changed@example.com"})
|
|
|
|
assert.False(t, email.IsActivated)
|
|
|
|
assert.True(t, email.IsPrimary)
|
|
|
|
|
2024-12-27 12:16:23 +01:00
|
|
|
// generate an activation code from lower-cased email
|
|
|
|
activationCode := user_model.GenerateUserTimeLimitCode(&user_model.TimeLimitCodeOptions{Purpose: user_model.TimeLimitCodeActivateAccount}, user)
|
|
|
|
// and update the user email to case-sensitive, it shouldn't affect the verification later
|
|
|
|
_, _ = db.Exec(db.DefaultContext, "UPDATE `user` SET email=? WHERE id=?", "EmAiL-changed@example.com", user.ID)
|
|
|
|
user = unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "Test-User-1"})
|
|
|
|
assert.Equal(t, "EmAiL-changed@example.com", user.Email)
|
|
|
|
|
2024-02-27 11:55:13 +01:00
|
|
|
// access "user/activate" with a valid activation code, then get the "verify password" page
|
2024-02-25 22:55:00 +01:00
|
|
|
resp = session.MakeRequest(t, NewRequest(t, "GET", "/user/activate?code="+activationCode), http.StatusOK)
|
|
|
|
assert.Contains(t, resp.Body.String(), `<input id="verify-password"`)
|
|
|
|
|
|
|
|
// try to use a wrong password, it should fail
|
|
|
|
req = NewRequestWithValues(t, "POST", "/user/activate", map[string]string{
|
|
|
|
"code": activationCode,
|
|
|
|
"password": "password-wrong",
|
|
|
|
})
|
|
|
|
resp = session.MakeRequest(t, req, http.StatusOK)
|
|
|
|
assert.Contains(t, resp.Body.String(), `Your password does not match`)
|
|
|
|
assert.Contains(t, resp.Body.String(), `<input id="verify-password"`)
|
2024-12-27 12:16:23 +01:00
|
|
|
user = unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "Test-User-1"})
|
2024-02-25 22:55:00 +01:00
|
|
|
assert.False(t, user.IsActive)
|
|
|
|
|
|
|
|
// then use a correct password, the user should be activated
|
|
|
|
req = NewRequestWithValues(t, "POST", "/user/activate", map[string]string{
|
|
|
|
"code": activationCode,
|
|
|
|
"password": "password1",
|
|
|
|
})
|
|
|
|
resp = session.MakeRequest(t, req, http.StatusSeeOther)
|
|
|
|
assert.Equal(t, "/", test.RedirectURL(resp))
|
2024-12-27 12:16:23 +01:00
|
|
|
user = unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "Test-User-1"})
|
2024-02-25 22:55:00 +01:00
|
|
|
assert.True(t, user.IsActive)
|
|
|
|
}
|