[GITEA] Fix NPE in UsernameSubRoute

- When the user is not found in `reloadparam`, early return when the
user is not found to avoid calling `IsUserVisibleToViewer` which in turn
avoids causing a NPE.
- This fixes the case that a 500 error and 404 error is shown on the
same page.
- Add integration test for non-existant user RSS.
- Regression by c6366089df

(cherry picked from commit f0e0696278)
(cherry picked from commit 75d8066908)
(cherry picked from commit 4d0a1e0637)
(cherry picked from commit 5f40a485da)
This commit is contained in:
Gusted 2023-12-18 18:14:04 +01:00 committed by Earl Warren
parent cbecdd618d
commit c4cb7812e3
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
2 changed files with 23 additions and 11 deletions

View file

@ -715,12 +715,15 @@ func UsernameSubRoute(ctx *context.Context) {
reloadParam := func(suffix string) (success bool) { reloadParam := func(suffix string) (success bool) {
ctx.SetParams("username", strings.TrimSuffix(username, suffix)) ctx.SetParams("username", strings.TrimSuffix(username, suffix))
context_service.UserAssignmentWeb()(ctx) context_service.UserAssignmentWeb()(ctx)
if ctx.Written() {
return false
}
// check view permissions // check view permissions
if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) { if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name)) ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name))
return false return false
} }
return !ctx.Written() return true
} }
switch { switch {
case strings.HasSuffix(username, ".png"): case strings.HasSuffix(username, ".png"):

View file

@ -243,16 +243,25 @@ func testExportUserGPGKeys(t *testing.T, user, expected string) {
} }
func TestGetUserRss(t *testing.T) { func TestGetUserRss(t *testing.T) {
user34 := "the_34-user.with.all.allowedChars" defer tests.PrepareTestEnv(t)()
req := NewRequestf(t, "GET", "/%s.rss", user34)
resp := MakeRequest(t, req, http.StatusOK) t.Run("Normal", func(t *testing.T) {
if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) { user34 := "the_34-user.with.all.allowedChars"
rssDoc := NewHTMLParser(t, resp.Body).Find("channel") req := NewRequestf(t, "GET", "/%s.rss", user34)
title, _ := rssDoc.ChildrenFiltered("title").Html() resp := MakeRequest(t, req, http.StatusOK)
assert.EqualValues(t, "Feed of "the_1-user.with.all.allowedChars"", title) if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) {
description, _ := rssDoc.ChildrenFiltered("description").Html() rssDoc := NewHTMLParser(t, resp.Body).Find("channel")
assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description) title, _ := rssDoc.ChildrenFiltered("title").Html()
} assert.EqualValues(t, "Feed of "the_1-user.with.all.allowedChars"", title)
description, _ := rssDoc.ChildrenFiltered("description").Html()
assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description)
}
})
t.Run("Non-existent user", func(t *testing.T) {
session := loginUser(t, "user2")
req := NewRequestf(t, "GET", "/non-existent-user.rss")
session.MakeRequest(t, req, http.StatusNotFound)
})
} }
func TestListStopWatches(t *testing.T) { func TestListStopWatches(t *testing.T) {