mirror of
1
Fork 0

[GITEA] Fix NPE in `UsernameSubRoute`

- When the user is not found in `reloadparam`, early return when the
user is not found to avoid calling `IsUserVisibleToViewer` which in turn
avoids causing a NPE.
- This fixes the case that a 500 error and 404 error is shown on the
same page.
- Add integration test for non-existant user RSS.
- Regression by c6366089df

(cherry picked from commit f0e0696278)
(cherry picked from commit 75d8066908)
(cherry picked from commit 4d0a1e0637)
(cherry picked from commit 5f40a485da)
(cherry picked from commit c4cb7812e3)
(cherry picked from commit d31ce2f03d)
(cherry picked from commit cfebef4f82)
This commit is contained in:
Gusted 2023-12-18 18:14:04 +01:00 committed by Earl Warren
parent 447aa3e499
commit 33b1dec846
No known key found for this signature in database
GPG Key ID: 0579CB2928A78A00
2 changed files with 23 additions and 11 deletions

View File

@ -715,12 +715,15 @@ func UsernameSubRoute(ctx *context.Context) {
reloadParam := func(suffix string) (success bool) { reloadParam := func(suffix string) (success bool) {
ctx.SetParams("username", strings.TrimSuffix(username, suffix)) ctx.SetParams("username", strings.TrimSuffix(username, suffix))
context_service.UserAssignmentWeb()(ctx) context_service.UserAssignmentWeb()(ctx)
if ctx.Written() {
return false
}
// check view permissions // check view permissions
if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) { if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name)) ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name))
return false return false
} }
return !ctx.Written() return true
} }
switch { switch {
case strings.HasSuffix(username, ".png"): case strings.HasSuffix(username, ".png"):

View File

@ -243,16 +243,25 @@ func testExportUserGPGKeys(t *testing.T, user, expected string) {
} }
func TestGetUserRss(t *testing.T) { func TestGetUserRss(t *testing.T) {
user34 := "the_34-user.with.all.allowedChars" defer tests.PrepareTestEnv(t)()
req := NewRequestf(t, "GET", "/%s.rss", user34)
resp := MakeRequest(t, req, http.StatusOK) t.Run("Normal", func(t *testing.T) {
if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) { user34 := "the_34-user.with.all.allowedChars"
rssDoc := NewHTMLParser(t, resp.Body).Find("channel") req := NewRequestf(t, "GET", "/%s.rss", user34)
title, _ := rssDoc.ChildrenFiltered("title").Html() resp := MakeRequest(t, req, http.StatusOK)
assert.EqualValues(t, "Feed of "the_1-user.with.all.allowedChars"", title) if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) {
description, _ := rssDoc.ChildrenFiltered("description").Html() rssDoc := NewHTMLParser(t, resp.Body).Find("channel")
assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description) title, _ := rssDoc.ChildrenFiltered("title").Html()
} assert.EqualValues(t, "Feed of "the_1-user.with.all.allowedChars"", title)
description, _ := rssDoc.ChildrenFiltered("description").Html()
assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description)
}
})
t.Run("Non-existent user", func(t *testing.T) {
session := loginUser(t, "user2")
req := NewRequestf(t, "GET", "/non-existent-user.rss")
session.MakeRequest(t, req, http.StatusNotFound)
})
} }
func TestListStopWatches(t *testing.T) { func TestListStopWatches(t *testing.T) {