From 7855e4bb56e2379c96e981ab179aec1b9a9ac9fc Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sun, 13 Oct 2024 10:13:04 +0300 Subject: [PATCH] Improve the maintainblity of the reserved username list (#32229) (cherry picked from commit 6029d78ab5006e8fb4f42adb5a8c491f19fa7b0a) Conflicts: models/user/user.go services/user/user_test.go trivial context conflict tests/integration/user_test.go discarded entirely because dot may be allowed in Forgejo under some conditions --- models/user/user.go | 70 +++++++++++++++++----------------- services/user/user_test.go | 8 ++-- tests/integration/user_test.go | 7 ---- 3 files changed, 39 insertions(+), 46 deletions(-) diff --git a/models/user/user.go b/models/user/user.go index 382c6955f7..c538d56ed1 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -586,44 +586,46 @@ var ( ".", "..", ".well-known", - "admin", - "api", - "assets", - "attachments", - "avatar", - "avatars", - "captcha", - "commits", - "debug", - "devtest", - "error", - "explore", - "favicon.ico", - "ghost", - "issues", - "login", - "manifest.json", - "metrics", - "milestones", - "new", - "notifications", - "org", - "pulls", - "raw", - "repo", + + "api", // gitea api + "metrics", // prometheus metrics api + "v2", // container registry api + + "assets", // static asset files + "attachments", // issue attachments + + "avatar", // avatar by email hash + "avatars", // user avatars by file name "repo-avatars", - "robots.txt", - "search", - "serviceworker.js", - "ssh_info", + + "captcha", + "login", // oauth2 login + "org", // org create/manage, or "/org/{org}", BUT if an org is named as "invite" then it goes wrong + "repo", // repo create/migrate, etc + "user", // user login/activate/settings, etc + + "admin", + "devtest", + "explore", + "issues", + "pulls", + "milestones", + "notifications", + + "favicon.ico", + "manifest.json", // web app manifests + "robots.txt", // search engine robots + "sitemap.xml", // search engine sitemap + "ssh_info", // agit info "swagger.v1.json", - "user", - "v2", - "gitea-actions", - "forgejo-actions", + + "ghost", // reserved name for deleted users (id: -1) + "gitea-actions", // gitea builtin user (id: -2) + "forgejo-actions", // forgejo builtin user (id: -2) } - // DON'T ADD ANY NEW STUFF, WE SOLVE THIS WITH `/user/{obj}` PATHS! + // These names are reserved for user accounts: user's keys, user's rss feed, user's avatar, etc. + // DO NOT add any new stuff! The paths with these names are processed by `/{username}` handler (UsernameSubRoute) manually. reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom", "*.png"} ) diff --git a/services/user/user_test.go b/services/user/user_test.go index 45bf1e6993..edd8d5020c 100644 --- a/services/user/user_test.go +++ b/services/user/user_test.go @@ -114,12 +114,10 @@ func TestRenameUser(t *testing.T) { }) t.Run("Non usable username", func(t *testing.T) { - usernames := []string{"--diff", "aa.png", ".well-known", "search", "aaa.atom"} + usernames := []string{"--diff", ".well-known", "gitea-actions", "aaa.atom", "aa.png"} for _, username := range usernames { - t.Run(username, func(t *testing.T) { - require.Error(t, user_model.IsUsableUsername(username)) - require.Error(t, RenameUser(db.DefaultContext, user, username)) - }) + require.Error(t, user_model.IsUsableUsername(username), "non-usable username: %s", username) + require.Error(t, RenameUser(db.DefaultContext, user, username), "non-usable username: %s", username) } }) diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go index 73976b9a35..3ea2761d11 100644 --- a/tests/integration/user_test.go +++ b/tests/integration/user_test.go @@ -114,10 +114,7 @@ func TestRenameReservedUsername(t *testing.T) { "avatar", "avatars", "captcha", - "commits", - "debug", "devtest", - "error", "explore", "favicon.ico", "ghost", @@ -126,16 +123,12 @@ func TestRenameReservedUsername(t *testing.T) { "manifest.json", "metrics", "milestones", - "new", "notifications", "org", "pulls", - "raw", "repo", "repo-avatars", "robots.txt", - "search", - "serviceworker.js", "ssh_info", "swagger.v1.json", "user",