From 75d806690875a4fc38eb1e3c904096be34657011 Mon Sep 17 00:00:00 2001 From: Gusted Date: Mon, 18 Dec 2023 18:14:04 +0100 Subject: [PATCH] [GITEA] Fix NPE in `UsernameSubRoute` - When the user is not found in `reloadparam`, early return when the user is not found to avoid calling `IsUserVisibleToViewer` which in turn avoids causing a NPE. - This fixes the case that a 500 error and 404 error is shown on the same page. - Add integration test for non-existant user RSS. - Regression by c6366089df8390bc1f017006caaf4d4c69825880 (cherry picked from commit f0e06962786ef8c417b0c6f07940c1909d3b91ba) --- routers/web/user/home.go | 5 ++++- tests/integration/user_test.go | 29 +++++++++++++++++++---------- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/routers/web/user/home.go b/routers/web/user/home.go index 204d4adbd4..ddb74443f1 100644 --- a/routers/web/user/home.go +++ b/routers/web/user/home.go @@ -710,12 +710,15 @@ func UsernameSubRoute(ctx *context.Context) { reloadParam := func(suffix string) (success bool) { ctx.SetParams("username", strings.TrimSuffix(username, suffix)) context_service.UserAssignmentWeb()(ctx) + if ctx.Written() { + return false + } // check view permissions if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) { ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name)) return false } - return !ctx.Written() + return true } switch { case strings.HasSuffix(username, ".png"): diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go index d8e4c64e85..0defa109ae 100644 --- a/tests/integration/user_test.go +++ b/tests/integration/user_test.go @@ -243,16 +243,25 @@ func testExportUserGPGKeys(t *testing.T, user, expected string) { } func TestGetUserRss(t *testing.T) { - user34 := "the_34-user.with.all.allowedChars" - req := NewRequestf(t, "GET", "/%s.rss", user34) - resp := MakeRequest(t, req, http.StatusOK) - if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) { - rssDoc := NewHTMLParser(t, resp.Body).Find("channel") - title, _ := rssDoc.ChildrenFiltered("title").Html() - assert.EqualValues(t, "Feed of "the_1-user.with.all.allowedChars"", title) - description, _ := rssDoc.ChildrenFiltered("description").Html() - assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description) - } + defer tests.PrepareTestEnv(t)() + + t.Run("Normal", func(t *testing.T) { + user34 := "the_34-user.with.all.allowedChars" + req := NewRequestf(t, "GET", "/%s.rss", user34) + resp := MakeRequest(t, req, http.StatusOK) + if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) { + rssDoc := NewHTMLParser(t, resp.Body).Find("channel") + title, _ := rssDoc.ChildrenFiltered("title").Html() + assert.EqualValues(t, "Feed of "the_1-user.with.all.allowedChars"", title) + description, _ := rssDoc.ChildrenFiltered("description").Html() + assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description) + } + }) + t.Run("Non-existent user", func(t *testing.T) { + session := loginUser(t, "user2") + req := NewRequestf(t, "GET", "/non-existent-user.rss") + session.MakeRequest(t, req, http.StatusNotFound) + }) } func TestListStopWatches(t *testing.T) {