mirror of
				https://codeberg.org/forgejo/forgejo.git
				synced 2025-10-26 20:11:02 +00:00 
			
		
		
		
	[GITEA] Fix NPE in UsernameSubRoute
		
	- When the user is not found in `reloadparam`, early return when the user is not found to avoid calling `IsUserVisibleToViewer` which in turn avoids causing a NPE. - This fixes the case that a 500 error and 404 error is shown on the same page. - Add integration test for non-existant user RSS. - Regression byc6366089df(cherry picked from commitf0e0696278) (cherry picked from commit75d8066908) (cherry picked from commit4d0a1e0637) (cherry picked from commit5f40a485da)
This commit is contained in:
		
					parent
					
						
							
								cbecdd618d
							
						
					
				
			
			
				commit
				
					
						c4cb7812e3
					
				
			
		
					 2 changed files with 23 additions and 11 deletions
				
			
		|  | @ -715,12 +715,15 @@ func UsernameSubRoute(ctx *context.Context) { | ||||||
| 	reloadParam := func(suffix string) (success bool) { | 	reloadParam := func(suffix string) (success bool) { | ||||||
| 		ctx.SetParams("username", strings.TrimSuffix(username, suffix)) | 		ctx.SetParams("username", strings.TrimSuffix(username, suffix)) | ||||||
| 		context_service.UserAssignmentWeb()(ctx) | 		context_service.UserAssignmentWeb()(ctx) | ||||||
|  | 		if ctx.Written() { | ||||||
|  | 			return false | ||||||
|  | 		} | ||||||
| 		// check view permissions | 		// check view permissions | ||||||
| 		if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) { | 		if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) { | ||||||
| 			ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name)) | 			ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name)) | ||||||
| 			return false | 			return false | ||||||
| 		} | 		} | ||||||
| 		return !ctx.Written() | 		return true | ||||||
| 	} | 	} | ||||||
| 	switch { | 	switch { | ||||||
| 	case strings.HasSuffix(username, ".png"): | 	case strings.HasSuffix(username, ".png"): | ||||||
|  |  | ||||||
|  | @ -243,16 +243,25 @@ func testExportUserGPGKeys(t *testing.T, user, expected string) { | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func TestGetUserRss(t *testing.T) { | func TestGetUserRss(t *testing.T) { | ||||||
| 	user34 := "the_34-user.with.all.allowedChars" | 	defer tests.PrepareTestEnv(t)() | ||||||
| 	req := NewRequestf(t, "GET", "/%s.rss", user34) | 
 | ||||||
| 	resp := MakeRequest(t, req, http.StatusOK) | 	t.Run("Normal", func(t *testing.T) { | ||||||
| 	if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) { | 		user34 := "the_34-user.with.all.allowedChars" | ||||||
| 		rssDoc := NewHTMLParser(t, resp.Body).Find("channel") | 		req := NewRequestf(t, "GET", "/%s.rss", user34) | ||||||
| 		title, _ := rssDoc.ChildrenFiltered("title").Html() | 		resp := MakeRequest(t, req, http.StatusOK) | ||||||
| 		assert.EqualValues(t, "Feed of "the_1-user.with.all.allowedChars"", title) | 		if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) { | ||||||
| 		description, _ := rssDoc.ChildrenFiltered("description").Html() | 			rssDoc := NewHTMLParser(t, resp.Body).Find("channel") | ||||||
| 		assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description) | 			title, _ := rssDoc.ChildrenFiltered("title").Html() | ||||||
| 	} | 			assert.EqualValues(t, "Feed of "the_1-user.with.all.allowedChars"", title) | ||||||
|  | 			description, _ := rssDoc.ChildrenFiltered("description").Html() | ||||||
|  | 			assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description) | ||||||
|  | 		} | ||||||
|  | 	}) | ||||||
|  | 	t.Run("Non-existent user", func(t *testing.T) { | ||||||
|  | 		session := loginUser(t, "user2") | ||||||
|  | 		req := NewRequestf(t, "GET", "/non-existent-user.rss") | ||||||
|  | 		session.MakeRequest(t, req, http.StatusNotFound) | ||||||
|  | 	}) | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| func TestListStopWatches(t *testing.T) { | func TestListStopWatches(t *testing.T) { | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue