0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-01-25 07:39:04 -05:00

[GITEA] Fix NPE in UsernameSubRoute

- When the user is not found in `reloadparam`, early return when the
user is not found to avoid calling `IsUserVisibleToViewer` which in turn
avoids causing a NPE.
- This fixes the case that a 500 error and 404 error is shown on the
same page.
- Add integration test for non-existant user RSS.
- Regression by c6366089df

(cherry picked from commit f0e0696278)
(cherry picked from commit 75d8066908)
(cherry picked from commit 4d0a1e0637)
This commit is contained in:
Gusted 2023-12-18 18:14:04 +01:00 committed by Earl Warren
parent 07b8887031
commit 5f40a485da
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
2 changed files with 23 additions and 11 deletions

View file

@ -710,12 +710,15 @@ func UsernameSubRoute(ctx *context.Context) {
reloadParam := func(suffix string) (success bool) { reloadParam := func(suffix string) (success bool) {
ctx.SetParams("username", strings.TrimSuffix(username, suffix)) ctx.SetParams("username", strings.TrimSuffix(username, suffix))
context_service.UserAssignmentWeb()(ctx) context_service.UserAssignmentWeb()(ctx)
if ctx.Written() {
return false
}
// check view permissions // check view permissions
if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) { if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name)) ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name))
return false return false
} }
return !ctx.Written() return true
} }
switch { switch {
case strings.HasSuffix(username, ".png"): case strings.HasSuffix(username, ".png"):

View file

@ -243,6 +243,9 @@ func testExportUserGPGKeys(t *testing.T, user, expected string) {
} }
func TestGetUserRss(t *testing.T) { func TestGetUserRss(t *testing.T) {
defer tests.PrepareTestEnv(t)()
t.Run("Normal", func(t *testing.T) {
user34 := "the_34-user.with.all.allowedChars" user34 := "the_34-user.with.all.allowedChars"
req := NewRequestf(t, "GET", "/%s.rss", user34) req := NewRequestf(t, "GET", "/%s.rss", user34)
resp := MakeRequest(t, req, http.StatusOK) resp := MakeRequest(t, req, http.StatusOK)
@ -253,6 +256,12 @@ func TestGetUserRss(t *testing.T) {
description, _ := rssDoc.ChildrenFiltered("description").Html() description, _ := rssDoc.ChildrenFiltered("description").Html()
assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description) assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description)
} }
})
t.Run("Non-existent user", func(t *testing.T) {
session := loginUser(t, "user2")
req := NewRequestf(t, "GET", "/non-existent-user.rss")
session.MakeRequest(t, req, http.StatusNotFound)
})
} }
func TestListStopWatches(t *testing.T) { func TestListStopWatches(t *testing.T) {