fix: add ID check for updating push mirror interval
- Ensure that the specified push mirror ID belongs to the requested repository, otherwise it is possible to modify the intervals of the push mirrors that do not belong to the requested repository. - Integration test added.
This commit is contained in:
parent
061abe6004
commit
786dfc7fb8
2 changed files with 86 additions and 9 deletions
|
@ -566,21 +566,19 @@ func SettingsPost(ctx *context.Context) {
|
||||||
// as an error on the UI for this action
|
// as an error on the UI for this action
|
||||||
ctx.Data["Err_RepoName"] = nil
|
ctx.Data["Err_RepoName"] = nil
|
||||||
|
|
||||||
|
m, err := selectPushMirrorByForm(ctx, form, repo)
|
||||||
|
if err != nil {
|
||||||
|
ctx.NotFound("", nil)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
interval, err := time.ParseDuration(form.PushMirrorInterval)
|
interval, err := time.ParseDuration(form.PushMirrorInterval)
|
||||||
if err != nil || (interval != 0 && interval < setting.Mirror.MinInterval) {
|
if err != nil || (interval != 0 && interval < setting.Mirror.MinInterval) {
|
||||||
ctx.RenderWithErr(ctx.Tr("repo.mirror_interval_invalid"), tplSettingsOptions, &forms.RepoSettingForm{})
|
ctx.RenderWithErr(ctx.Tr("repo.mirror_interval_invalid"), tplSettingsOptions, &forms.RepoSettingForm{})
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
id, err := strconv.ParseInt(form.PushMirrorID, 10, 64)
|
m.Interval = interval
|
||||||
if err != nil {
|
|
||||||
ctx.ServerError("UpdatePushMirrorIntervalPushMirrorID", err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
m := &repo_model.PushMirror{
|
|
||||||
ID: id,
|
|
||||||
Interval: interval,
|
|
||||||
}
|
|
||||||
if err := repo_model.UpdatePushMirrorInterval(ctx, m); err != nil {
|
if err := repo_model.UpdatePushMirrorInterval(ctx, m); err != nil {
|
||||||
ctx.ServerError("UpdatePushMirrorInterval", err)
|
ctx.ServerError("UpdatePushMirrorInterval", err)
|
||||||
return
|
return
|
||||||
|
|
|
@ -323,3 +323,82 @@ func TestSSHPushMirror(t *testing.T) {
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestPushMirrorSettings(t *testing.T) {
|
||||||
|
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
||||||
|
defer test.MockVariableValue(&setting.Migrations.AllowLocalNetworks, true)()
|
||||||
|
defer test.MockVariableValue(&setting.Mirror.Enabled, true)()
|
||||||
|
require.NoError(t, migrations.Init())
|
||||||
|
|
||||||
|
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
||||||
|
srcRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
|
||||||
|
srcRepo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3})
|
||||||
|
assert.False(t, srcRepo.HasWiki())
|
||||||
|
sess := loginUser(t, user.Name)
|
||||||
|
pushToRepo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
|
||||||
|
Name: optional.Some("push-mirror-test"),
|
||||||
|
AutoInit: optional.Some(false),
|
||||||
|
EnabledUnits: optional.Some([]unit.Type{unit.TypeCode}),
|
||||||
|
})
|
||||||
|
defer f()
|
||||||
|
|
||||||
|
t.Run("Adding", func(t *testing.T) {
|
||||||
|
defer tests.PrintCurrentTest(t)()
|
||||||
|
|
||||||
|
req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/settings", srcRepo2.FullName()), map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, sess, fmt.Sprintf("/%s/settings", srcRepo2.FullName())),
|
||||||
|
"action": "push-mirror-add",
|
||||||
|
"push_mirror_address": u.String() + pushToRepo.FullName(),
|
||||||
|
"push_mirror_interval": "0",
|
||||||
|
})
|
||||||
|
sess.MakeRequest(t, req, http.StatusSeeOther)
|
||||||
|
|
||||||
|
req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/settings", srcRepo.FullName()), map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, sess, fmt.Sprintf("/%s/settings", srcRepo.FullName())),
|
||||||
|
"action": "push-mirror-add",
|
||||||
|
"push_mirror_address": u.String() + pushToRepo.FullName(),
|
||||||
|
"push_mirror_interval": "0",
|
||||||
|
})
|
||||||
|
sess.MakeRequest(t, req, http.StatusSeeOther)
|
||||||
|
|
||||||
|
flashCookie := sess.GetCookie(gitea_context.CookieNameFlash)
|
||||||
|
assert.NotNil(t, flashCookie)
|
||||||
|
assert.Contains(t, flashCookie.Value, "success")
|
||||||
|
})
|
||||||
|
|
||||||
|
mirrors, _, err := repo_model.GetPushMirrorsByRepoID(db.DefaultContext, srcRepo.ID, db.ListOptions{})
|
||||||
|
require.NoError(t, err)
|
||||||
|
assert.Len(t, mirrors, 1)
|
||||||
|
mirrorID := mirrors[0].ID
|
||||||
|
|
||||||
|
mirrors, _, err = repo_model.GetPushMirrorsByRepoID(db.DefaultContext, srcRepo2.ID, db.ListOptions{})
|
||||||
|
require.NoError(t, err)
|
||||||
|
assert.Len(t, mirrors, 1)
|
||||||
|
|
||||||
|
t.Run("Interval", func(t *testing.T) {
|
||||||
|
defer tests.PrintCurrentTest(t)()
|
||||||
|
|
||||||
|
unittest.AssertExistsAndLoadBean(t, &repo_model.PushMirror{ID: mirrorID - 1})
|
||||||
|
|
||||||
|
req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/settings", srcRepo.FullName()), map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, sess, fmt.Sprintf("/%s/settings", srcRepo.FullName())),
|
||||||
|
"action": "push-mirror-update",
|
||||||
|
"push_mirror_id": strconv.FormatInt(mirrorID-1, 10),
|
||||||
|
"push_mirror_interval": "10m0s",
|
||||||
|
})
|
||||||
|
sess.MakeRequest(t, req, http.StatusNotFound)
|
||||||
|
|
||||||
|
req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/settings", srcRepo.FullName()), map[string]string{
|
||||||
|
"_csrf": GetCSRF(t, sess, fmt.Sprintf("/%s/settings", srcRepo.FullName())),
|
||||||
|
"action": "push-mirror-update",
|
||||||
|
"push_mirror_id": strconv.FormatInt(mirrorID, 10),
|
||||||
|
"push_mirror_interval": "10m0s",
|
||||||
|
})
|
||||||
|
sess.MakeRequest(t, req, http.StatusSeeOther)
|
||||||
|
|
||||||
|
flashCookie := sess.GetCookie(gitea_context.CookieNameFlash)
|
||||||
|
assert.NotNil(t, flashCookie)
|
||||||
|
assert.Contains(t, flashCookie.Value, "success")
|
||||||
|
})
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue