gitea/opengist
0
0
Fork 0
mirror of https://github.com/thomiceli/opengist.git synced 2025-06-13 13:57:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add a setting to allow anonymous access to individual gists while still RequireLogin everywhere else (#229)

Browse Source 
* Add a setting to allow accessing individual gists without auth

This is a middle ground between the existing setting "Require Login",
which requires login to do anything at all, and having it off, which
shows a public list of gists and more generally allows discovering info
about the users/gists of the instance without login.

The idea of this setting is that it is "require login" for everything
except individual gists.

Fixes #228.


Co-authored-by: Thomas Miceli <tho.miceli@gmail.com>
This commit is contained in:
Jade Lovelace
2024-05-12 14:40:11 -07:00
committed by GitHub
parent 2fd053a077
commit 22052bd38f
20 changed files with 187 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
internal/web/test/auth_test.go
View File

@ -89,3 +89,61 @@ func login(t *testing.T, s *testServer, user db.UserDTO) {
err := s.request("POST", "/login", user, 302)
require.NoError(t, err)
}
type settingSet struct {
key string `form:"key"`
value string `form:"value"`
}
func TestAnonymous(t *testing.T) {
setup(t)
s, err := newTestServer()
require.NoError(t, err, "Failed to create test server")
defer teardown(t, s)
user := db.UserDTO{Username: "thomas", Password: "azeaze"}
register(t, s, user)
err = s.request("PUT", "/admin-panel/set-config", settingSet{"require-login", "1"}, 200)
require.NoError(t, err)
gist1 := db.GistDTO{
Title: "gist1",
Description: "my first gist",
VisibilityDTO: db.VisibilityDTO{
Private: 0,
},
Name: []string{"gist1.txt", "gist2.txt", "gist3.txt"},
Content: []string{"yeah", "yeah\ncool", "yeah\ncool gist actually"},
}
err = s.request("POST", "/", gist1, 302)
require.NoError(t, err)
gist1db, err := db.GetGistByID("1")
require.NoError(t, err)
err = s.request("GET", "/all", nil, 200)
require.NoError(t, err)
cookie := s.sessionCookie
s.sessionCookie = ""
err = s.request("GET", "/all", nil, 302)
require.NoError(t, err)
// Should redirect to login if RequireLogin
err = s.request("GET", "/"+gist1db.User.Username+"/"+gist1db.Uuid, nil, 302)
require.NoError(t, err)
s.sessionCookie = cookie
err = s.request("PUT", "/admin-panel/set-config", settingSet{"allow-gists-without-login", "1"}, 200)
require.NoError(t, err)
s.sessionCookie = ""
// Should return results
err = s.request("GET", "/"+gist1db.User.Username+"/"+gist1db.Uuid, nil, 200)
require.NoError(t, err)
}