mirror of
https://github.com/go-gitea/gitea.git
synced 2024-11-22 11:45:56 +08:00
Improve the maintainblity of the reserved username list (#32229)
This commit is contained in:
parent
c2217670dd
commit
6029d78ab5
|
@ -565,41 +565,43 @@ var (
|
||||||
".",
|
".",
|
||||||
"..",
|
"..",
|
||||||
".well-known",
|
".well-known",
|
||||||
"api",
|
|
||||||
"assets",
|
"api", // gitea api
|
||||||
"attachments",
|
"metrics", // prometheus metrics api
|
||||||
"avatar",
|
"v2", // container registry api
|
||||||
"avatars",
|
|
||||||
"captcha",
|
"assets", // static asset files
|
||||||
"commits",
|
"attachments", // issue attachments
|
||||||
"debug",
|
|
||||||
"error",
|
"avatar", // avatar by email hash
|
||||||
"explore",
|
"avatars", // user avatars by file name
|
||||||
"favicon.ico",
|
|
||||||
"ghost",
|
|
||||||
"issues",
|
|
||||||
"login",
|
|
||||||
"manifest.json",
|
|
||||||
"metrics",
|
|
||||||
"milestones",
|
|
||||||
"new",
|
|
||||||
"notifications",
|
|
||||||
"org",
|
|
||||||
"pulls",
|
|
||||||
"raw",
|
|
||||||
"repo",
|
|
||||||
"repo-avatars",
|
"repo-avatars",
|
||||||
"robots.txt",
|
|
||||||
"search",
|
"captcha",
|
||||||
"serviceworker.js",
|
"login", // oauth2 login
|
||||||
"ssh_info",
|
"org", // org create/manage, or "/org/{org}", BUT if an org is named as "invite" then it goes wrong
|
||||||
|
"repo", // repo create/migrate, etc
|
||||||
|
"user", // user login/activate/settings, etc
|
||||||
|
|
||||||
|
"explore",
|
||||||
|
"issues",
|
||||||
|
"pulls",
|
||||||
|
"milestones",
|
||||||
|
"notifications",
|
||||||
|
|
||||||
|
"favicon.ico",
|
||||||
|
"manifest.json", // web app manifests
|
||||||
|
"robots.txt", // search engine robots
|
||||||
|
"sitemap.xml", // search engine sitemap
|
||||||
|
"ssh_info", // agit info
|
||||||
"swagger.v1.json",
|
"swagger.v1.json",
|
||||||
"user",
|
|
||||||
"v2",
|
"ghost", // reserved name for deleted users (id: -1)
|
||||||
"gitea-actions",
|
"gitea-actions", // gitea builtin user (id: -2)
|
||||||
}
|
}
|
||||||
|
|
||||||
// DON'T ADD ANY NEW STUFF, WE SOLVE THIS WITH `/user/{obj}` PATHS!
|
// These names are reserved for user accounts: user's keys, user's rss feed, user's avatar, etc.
|
||||||
|
// DO NOT add any new stuff! The paths with these names are processed by `/{username}` handler (UsernameSubRoute) manually.
|
||||||
reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom", "*.png"}
|
reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom", "*.png"}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -114,12 +114,10 @@ func TestRenameUser(t *testing.T) {
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("Non usable username", func(t *testing.T) {
|
t.Run("Non usable username", func(t *testing.T) {
|
||||||
usernames := []string{"--diff", "aa.png", ".well-known", "search", "aaa.atom"}
|
usernames := []string{"--diff", ".well-known", "gitea-actions", "aaa.atom", "aa.png"}
|
||||||
for _, username := range usernames {
|
for _, username := range usernames {
|
||||||
t.Run(username, func(t *testing.T) {
|
assert.Error(t, user_model.IsUsableUsername(username), "non-usable username: %s", username)
|
||||||
assert.Error(t, user_model.IsUsableUsername(username))
|
assert.Error(t, RenameUser(db.DefaultContext, user, username), "non-usable username: %s", username)
|
||||||
assert.Error(t, RenameUser(db.DefaultContext, user, username))
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,7 @@ package integration
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
auth_model "code.gitea.io/gitea/models/auth"
|
auth_model "code.gitea.io/gitea/models/auth"
|
||||||
|
@ -98,41 +99,12 @@ func TestRenameReservedUsername(t *testing.T) {
|
||||||
reservedUsernames := []string{
|
reservedUsernames := []string{
|
||||||
// ".", "..", ".well-known", // The names are not only reserved but also invalid
|
// ".", "..", ".well-known", // The names are not only reserved but also invalid
|
||||||
"api",
|
"api",
|
||||||
"assets",
|
"name.keys",
|
||||||
"attachments",
|
|
||||||
"avatar",
|
|
||||||
"avatars",
|
|
||||||
"captcha",
|
|
||||||
"commits",
|
|
||||||
"debug",
|
|
||||||
"error",
|
|
||||||
"explore",
|
|
||||||
"favicon.ico",
|
|
||||||
"ghost",
|
|
||||||
"issues",
|
|
||||||
"login",
|
|
||||||
"manifest.json",
|
|
||||||
"metrics",
|
|
||||||
"milestones",
|
|
||||||
"new",
|
|
||||||
"notifications",
|
|
||||||
"org",
|
|
||||||
"pulls",
|
|
||||||
"raw",
|
|
||||||
"repo",
|
|
||||||
"repo-avatars",
|
|
||||||
"robots.txt",
|
|
||||||
"search",
|
|
||||||
"serviceworker.js",
|
|
||||||
"ssh_info",
|
|
||||||
"swagger.v1.json",
|
|
||||||
"user",
|
|
||||||
"v2",
|
|
||||||
}
|
}
|
||||||
|
|
||||||
session := loginUser(t, "user2")
|
session := loginUser(t, "user2")
|
||||||
|
locale := translation.NewLocale("en-US")
|
||||||
for _, reservedUsername := range reservedUsernames {
|
for _, reservedUsername := range reservedUsernames {
|
||||||
t.Logf("Testing username %s", reservedUsername)
|
|
||||||
req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
|
req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{
|
||||||
"_csrf": GetUserCSRFToken(t, session),
|
"_csrf": GetUserCSRFToken(t, session),
|
||||||
"name": reservedUsername,
|
"name": reservedUsername,
|
||||||
|
@ -144,11 +116,12 @@ func TestRenameReservedUsername(t *testing.T) {
|
||||||
req = NewRequest(t, "GET", test.RedirectURL(resp))
|
req = NewRequest(t, "GET", test.RedirectURL(resp))
|
||||||
resp = session.MakeRequest(t, req, http.StatusOK)
|
resp = session.MakeRequest(t, req, http.StatusOK)
|
||||||
htmlDoc := NewHTMLParser(t, resp.Body)
|
htmlDoc := NewHTMLParser(t, resp.Body)
|
||||||
assert.Contains(t,
|
actualMsg := strings.TrimSpace(htmlDoc.doc.Find(".ui.negative.message").Text())
|
||||||
htmlDoc.doc.Find(".ui.negative.message").Text(),
|
expectedMsg := locale.TrString("user.form.name_reserved", reservedUsername)
|
||||||
translation.NewLocale("en-US").TrString("user.form.name_reserved", reservedUsername),
|
if strings.Contains(reservedUsername, ".") {
|
||||||
)
|
expectedMsg = locale.TrString("user.form.name_pattern_not_allowed", reservedUsername)
|
||||||
|
}
|
||||||
|
assert.Equal(t, expectedMsg, actualMsg)
|
||||||
unittest.AssertNotExistsBean(t, &user_model.User{Name: reservedUsername})
|
unittest.AssertNotExistsBean(t, &user_model.User{Name: reservedUsername})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user