chore: add integration test

Demonstrate that the it's not possible to migrate or add a push mirror
from a URL that contains credentials.

tests/integration/mirror_push_test.go

@@ -30,6 +30,7 @@ import (
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
+	"forgejo.org/modules/translation"
 	gitea_context "forgejo.org/services/context"
 	doctor "forgejo.org/services/doctor"
 	"forgejo.org/services/migrations"
@@ -42,6 +43,46 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+func TestPushMirrorRedactCredential(t *testing.T) {
+	defer test.MockVariableValue(&setting.Mirror.Enabled, true)()
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user2")
+	cloneAddr := "https://:TOKEN@example.com/example/example.git"
+
+	t.Run("Web route", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		resp := session.MakeRequest(t, NewRequestWithValues(t, "POST", "/user2/repo1/settings", map[string]string{
+			"_csrf":                GetCSRF(t, session, "/user2/repo1/settings"),
+			"action":               "push-mirror-add",
+			"push_mirror_address":  cloneAddr,
+			"push_mirror_interval": "0",
+		}), http.StatusOK)
+
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		assert.Contains(t,
+			htmlDoc.doc.Find(".ui.negative.message").Text(),
+			translation.NewLocale("en-US").Tr("migrate.form.error.url_credentials"),
+		)
+	})
+
+	t.Run("API route", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+		resp := MakeRequest(t, NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/push_mirrors", &api.CreatePushMirrorOption{
+			RemoteAddress: cloneAddr,
+			Interval:      "0",
+		}).AddTokenAuth(token), http.StatusBadRequest)
+
+		var respBody map[string]any
+		DecodeJSON(t, resp, &respBody)
+
+		assert.Equal(t, "The URL contains credentials", respBody["message"])
+	})
+}
+
 func TestMirrorPush(t *testing.T) {
 	onGiteaRun(t, testMirrorPush)
 }