fix: Allow Organisations to remove the Email Address (#5517)

It is possible to set a Email for a Organization. This Email is optional and only used to be displayed on the profile page. However, once you set an EMail, you can no longer remove it. This PR fixes that. While working on the tests, I found out, that the API returns a 500 when trying to set an invalid EMail. I fixed that too. It returns a 422 now. Fixes #4567 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5517 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: Otto <otto@codeberg.org> Co-authored-by: JakobDev <jakobdev@gmx.de> Co-committed-by: JakobDev <jakobdev@gmx.de>
2024-11-20 12:31:34 +00:00 · 2024-11-20 12:31:34 +00:00 · 45fa9e5ae9
commit 45fa9e5ae9
parent 1316f4d338
8 changed files with 228 additions and 10 deletions
--- a/tests/integration/api_org_test.go
+++ b/tests/integration/api_org_test.go
@ -218,3 +218,57 @@ func TestAPIOrgSearchEmptyTeam(t *testing.T) {
 		assert.EqualValues(t, "Empty", data.Data[0].Name)
 	}
 }
+
+func TestAPIOrgChangeEmail(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
+
+	t.Run("Invalid", func(t *testing.T) {
+		newMail := "invalid"
+		settings := api.EditOrgOption{Email: &newMail}
+
+		resp := MakeRequest(t, NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &settings).AddTokenAuth(token), http.StatusUnprocessableEntity)
+
+		var org *api.Organization
+		DecodeJSON(t, resp, &org)
+
+		assert.Empty(t, org.Email)
+	})
+
+	t.Run("Valid", func(t *testing.T) {
+		newMail := "example@example.com"
+		settings := api.EditOrgOption{Email: &newMail}
+
+		resp := MakeRequest(t, NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &settings).AddTokenAuth(token), http.StatusOK)
+
+		var org *api.Organization
+		DecodeJSON(t, resp, &org)
+
+		assert.Equal(t, "example@example.com", org.Email)
+	})
+
+	t.Run("NoChange", func(t *testing.T) {
+		settings := api.EditOrgOption{}
+
+		resp := MakeRequest(t, NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &settings).AddTokenAuth(token), http.StatusOK)
+
+		var org *api.Organization
+		DecodeJSON(t, resp, &org)
+
+		assert.Equal(t, "example@example.com", org.Email)
+	})
+
+	t.Run("Empty", func(t *testing.T) {
+		newMail := ""
+		settings := api.EditOrgOption{Email: &newMail}
+
+		resp := MakeRequest(t, NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &settings).AddTokenAuth(token), http.StatusOK)
+
+		var org *api.Organization
+		DecodeJSON(t, resp, &org)
+
+		assert.Empty(t, org.Email)
+	})
+}
--- a/tests/integration/org_settings_test.go
+++ b/tests/integration/org_settings_test.go
@ -0,0 +1,89 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	auth_model "code.gitea.io/gitea/models/auth"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func getOrgSettingsFormData(t *testing.T, session *TestSession, orgName string) map[string]string {
+	return map[string]string{
+		"_csrf":                         GetCSRF(t, session, fmt.Sprintf("/org/%s/settings", orgName)),
+		"name":                          orgName,
+		"full_name":                     "",
+		"email":                         "",
+		"description":                   "",
+		"website":                       "",
+		"location":                      "",
+		"visibility":                    "0",
+		"repo_admin_change_team_access": "on",
+		"max_repo_creation":             "-1",
+	}
+}
+
+func getOrgSettings(t *testing.T, token, orgName string) *api.Organization {
+	t.Helper()
+
+	req := NewRequestf(t, "GET", "/api/v1/orgs/%s", orgName).AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+
+	var org *api.Organization
+	DecodeJSON(t, resp, &org)
+
+	return org
+}
+
+func TestOrgSettingsChangeEmail(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	const orgName = "org3"
+	settingsURL := fmt.Sprintf("/org/%s/settings", orgName)
+
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)
+
+	t.Run("Invalid", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		settings := getOrgSettingsFormData(t, session, orgName)
+
+		settings["email"] = "invalid"
+		session.MakeRequest(t, NewRequestWithValues(t, "POST", settingsURL, settings), http.StatusOK)
+
+		org := getOrgSettings(t, token, orgName)
+		assert.Equal(t, "org3@example.com", org.Email)
+	})
+
+	t.Run("Valid", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		settings := getOrgSettingsFormData(t, session, orgName)
+
+		settings["email"] = "example@example.com"
+		session.MakeRequest(t, NewRequestWithValues(t, "POST", settingsURL, settings), http.StatusSeeOther)
+
+		org := getOrgSettings(t, token, orgName)
+		assert.Equal(t, "example@example.com", org.Email)
+	})
+
+	t.Run("Empty", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		settings := getOrgSettingsFormData(t, session, orgName)
+
+		settings["email"] = ""
+		session.MakeRequest(t, NewRequestWithValues(t, "POST", settingsURL, settings), http.StatusSeeOther)
+
+		org := getOrgSettings(t, token, orgName)
+		assert.Empty(t, org.Email)
+	})
+}