mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-08 15:18:26 -05:00
[GITEA] Fix NPE in UsernameSubRoute
- When the user is not found in `reloadparam`, early return when the user is not found to avoid calling `IsUserVisibleToViewer` which in turn avoids causing a NPE. - This fixes the case that a 500 error and 404 error is shown on the same page. - Add integration test for non-existant user RSS. - Regression byc6366089df
(cherry picked from commitf0e0696278
) (cherry picked from commit75d8066908
) (cherry picked from commit4d0a1e0637
) (cherry picked from commit5f40a485da
) (cherry picked from commitc4cb7812e3
)
This commit is contained in:
parent
5d1856717b
commit
d31ce2f03d
2 changed files with 23 additions and 11 deletions
|
@ -715,12 +715,15 @@ func UsernameSubRoute(ctx *context.Context) {
|
||||||
reloadParam := func(suffix string) (success bool) {
|
reloadParam := func(suffix string) (success bool) {
|
||||||
ctx.SetParams("username", strings.TrimSuffix(username, suffix))
|
ctx.SetParams("username", strings.TrimSuffix(username, suffix))
|
||||||
context_service.UserAssignmentWeb()(ctx)
|
context_service.UserAssignmentWeb()(ctx)
|
||||||
|
if ctx.Written() {
|
||||||
|
return false
|
||||||
|
}
|
||||||
// check view permissions
|
// check view permissions
|
||||||
if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
|
if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
|
||||||
ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name))
|
ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name))
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return !ctx.Written()
|
return true
|
||||||
}
|
}
|
||||||
switch {
|
switch {
|
||||||
case strings.HasSuffix(username, ".png"):
|
case strings.HasSuffix(username, ".png"):
|
||||||
|
|
|
@ -243,16 +243,25 @@ func testExportUserGPGKeys(t *testing.T, user, expected string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestGetUserRss(t *testing.T) {
|
func TestGetUserRss(t *testing.T) {
|
||||||
user34 := "the_34-user.with.all.allowedChars"
|
defer tests.PrepareTestEnv(t)()
|
||||||
req := NewRequestf(t, "GET", "/%s.rss", user34)
|
|
||||||
resp := MakeRequest(t, req, http.StatusOK)
|
t.Run("Normal", func(t *testing.T) {
|
||||||
if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) {
|
user34 := "the_34-user.with.all.allowedChars"
|
||||||
rssDoc := NewHTMLParser(t, resp.Body).Find("channel")
|
req := NewRequestf(t, "GET", "/%s.rss", user34)
|
||||||
title, _ := rssDoc.ChildrenFiltered("title").Html()
|
resp := MakeRequest(t, req, http.StatusOK)
|
||||||
assert.EqualValues(t, "Feed of "the_1-user.with.all.allowedChars"", title)
|
if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) {
|
||||||
description, _ := rssDoc.ChildrenFiltered("description").Html()
|
rssDoc := NewHTMLParser(t, resp.Body).Find("channel")
|
||||||
assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description)
|
title, _ := rssDoc.ChildrenFiltered("title").Html()
|
||||||
}
|
assert.EqualValues(t, "Feed of "the_1-user.with.all.allowedChars"", title)
|
||||||
|
description, _ := rssDoc.ChildrenFiltered("description").Html()
|
||||||
|
assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description)
|
||||||
|
}
|
||||||
|
})
|
||||||
|
t.Run("Non-existent user", func(t *testing.T) {
|
||||||
|
session := loginUser(t, "user2")
|
||||||
|
req := NewRequestf(t, "GET", "/non-existent-user.rss")
|
||||||
|
session.MakeRequest(t, req, http.StatusNotFound)
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestListStopWatches(t *testing.T) {
|
func TestListStopWatches(t *testing.T) {
|
||||||
|
|
Loading…
Reference in a new issue