Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-24 02:36:10 +01:00

Compare commits

..

No commits in common. "7203a5c86ae5d4afe2426fcb029323cd069e9374" and "e71a5f77c17767bf67d4ca71493b3683dd6ba1f7" have entirely different histories.

12 changed files with 91 additions and 294 deletions

View file

@ -84,3 +84,20 @@ jobs:
ref_name: '${{ github.ref_name }}' ref_name: '${{ github.ref_name }}'
image: 'codeberg.org/forgejo-experimental/forgejo' image: 'codeberg.org/forgejo-experimental/forgejo'
tag_suffix: '-rootless' tag_suffix: '-rootless'
- name: set up go for the DNS update below
if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != ''
uses: https://code.forgejo.org/actions/setup-go@v5
with:
go-version-file: "go.mod"
- name: update the _release.experimental DNS record
if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != ''
uses: https://code.forgejo.org/actions/ovh-dns-update@v1
with:
subdomain: _release.experimental
domain: forgejo.com # there is a CNAME from .org to .com (for security reasons)
record-id: 5283602601
value: v=${{ github.ref_name }}
ovh-app-key: ${{ secrets.OVH_APP_KEY }}
ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}
ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}

View file

@ -139,38 +139,6 @@ func GetPrimaryEmailAddressOfUser(ctx context.Context, uid int64) (*EmailAddress
return ea, nil return ea, nil
} }
// Deletes the primary email address of the user
// This is only allowed if the user is a organization
func DeletePrimaryEmailAddressOfUser(ctx context.Context, uid int64) error {
user, err := GetUserByID(ctx, uid)
if err != nil {
return err
}
if user.Type != UserTypeOrganization {
return fmt.Errorf("%s is not a organization", user.Name)
}
ctx, committer, err := db.TxContext(ctx)
if err != nil {
return err
}
defer committer.Close()
_, err = db.GetEngine(ctx).Exec("DELETE FROM email_address WHERE uid = ? AND is_primary = true", uid)
if err != nil {
return err
}
user.Email = ""
err = UpdateUserCols(ctx, user, "email")
if err != nil {
return err
}
return committer.Commit()
}
// GetEmailAddresses returns all email addresses belongs to given user. // GetEmailAddresses returns all email addresses belongs to given user.
func GetEmailAddresses(ctx context.Context, uid int64) ([]*EmailAddress, error) { func GetEmailAddresses(ctx context.Context, uid int64) ([]*EmailAddress, error) {
emails := make([]*EmailAddress, 0, 5) emails := make([]*EmailAddress, 0, 5)

View file

@ -129,7 +129,6 @@ func TestListEmails(t *testing.T) {
assert.Len(t, emails, 5) assert.Len(t, emails, 5)
assert.Greater(t, count, int64(len(emails))) assert.Greater(t, count, int64(len(emails)))
} }
func TestGetActivatedEmailAddresses(t *testing.T) { func TestGetActivatedEmailAddresses(t *testing.T) {
require.NoError(t, unittest.PrepareTestDatabase()) require.NoError(t, unittest.PrepareTestDatabase())
@ -163,21 +162,3 @@ func TestGetActivatedEmailAddresses(t *testing.T) {
}) })
} }
} }
func TestDeletePrimaryEmailAddressOfUser(t *testing.T) {
require.NoError(t, unittest.PrepareTestDatabase())
user, err := user_model.GetUserByName(db.DefaultContext, "org3")
require.NoError(t, err)
assert.Equal(t, "org3@example.com", user.Email)
require.NoError(t, user_model.DeletePrimaryEmailAddressOfUser(db.DefaultContext, user.ID))
user, err = user_model.GetUserByName(db.DefaultContext, "org3")
require.NoError(t, err)
assert.Empty(t, user.Email)
email, err := user_model.GetPrimaryEmailAddressOfUser(db.DefaultContext, user.ID)
assert.True(t, user_model.IsErrEmailAddressNotExist(err))
assert.Nil(t, email)
}

View file

@ -324,6 +324,7 @@ func TestCreateUserInvalidEmail(t *testing.T) {
err := user_model.CreateUser(db.DefaultContext, user) err := user_model.CreateUser(db.DefaultContext, user)
require.Error(t, err) require.Error(t, err)
assert.True(t, validation.IsErrEmailCharIsNotSupported(err)) assert.True(t, validation.IsErrEmailCharIsNotSupported(err))
} }
@ -606,6 +607,69 @@ func Test_ValidateUser(t *testing.T) {
} }
} }
func TestGenerateEmailAuthorizationCode(t *testing.T) {
defer test.MockVariableValue(&setting.Service.ActiveCodeLives, 2)()
require.NoError(t, unittest.PrepareTestDatabase())
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
code, err := user.GenerateEmailAuthorizationCode(db.DefaultContext, auth.UserActivation)
require.NoError(t, err)
lookupKey, validator, ok := strings.Cut(code, ":")
assert.True(t, ok)
rawValidator, err := hex.DecodeString(validator)
require.NoError(t, err)
authToken, err := auth.FindAuthToken(db.DefaultContext, lookupKey, auth.UserActivation)
require.NoError(t, err)
assert.False(t, authToken.IsExpired())
assert.EqualValues(t, authToken.HashedValidator, auth.HashValidator(rawValidator))
authToken.Expiry = authToken.Expiry.Add(-int64(setting.Service.ActiveCodeLives) * 60)
assert.True(t, authToken.IsExpired())
}
func TestVerifyUserAuthorizationToken(t *testing.T) {
defer test.MockVariableValue(&setting.Service.ActiveCodeLives, 2)()
require.NoError(t, unittest.PrepareTestDatabase())
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
code, err := user.GenerateEmailAuthorizationCode(db.DefaultContext, auth.UserActivation)
require.NoError(t, err)
lookupKey, _, ok := strings.Cut(code, ":")
assert.True(t, ok)
t.Run("Wrong purpose", func(t *testing.T) {
u, err := user_model.VerifyUserAuthorizationToken(db.DefaultContext, code, auth.PasswordReset, false)
require.NoError(t, err)
assert.Nil(t, u)
})
t.Run("No delete", func(t *testing.T) {
u, err := user_model.VerifyUserAuthorizationToken(db.DefaultContext, code, auth.UserActivation, false)
require.NoError(t, err)
assert.EqualValues(t, user.ID, u.ID)
authToken, err := auth.FindAuthToken(db.DefaultContext, lookupKey, auth.UserActivation)
require.NoError(t, err)
assert.NotNil(t, authToken)
})
t.Run("Delete", func(t *testing.T) {
u, err := user_model.VerifyUserAuthorizationToken(db.DefaultContext, code, auth.UserActivation, true)
require.NoError(t, err)
assert.EqualValues(t, user.ID, u.ID)
authToken, err := auth.FindAuthToken(db.DefaultContext, lookupKey, auth.UserActivation)
require.ErrorIs(t, err, util.ErrNotExist)
assert.Nil(t, authToken)
})
}
func Test_NormalizeUserFromEmail(t *testing.T) { func Test_NormalizeUserFromEmail(t *testing.T) {
oldSetting := setting.Service.AllowDotsInUsernames oldSetting := setting.Service.AllowDotsInUsernames
defer func() { defer func() {
@ -703,66 +767,3 @@ func TestDisabledUserFeatures(t *testing.T) {
assert.True(t, user_model.IsFeatureDisabledWithLoginType(user, f)) assert.True(t, user_model.IsFeatureDisabledWithLoginType(user, f))
} }
} }
func TestGenerateEmailAuthorizationCode(t *testing.T) {
defer test.MockVariableValue(&setting.Service.ActiveCodeLives, 2)()
require.NoError(t, unittest.PrepareTestDatabase())
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
code, err := user.GenerateEmailAuthorizationCode(db.DefaultContext, auth.UserActivation)
require.NoError(t, err)
lookupKey, validator, ok := strings.Cut(code, ":")
assert.True(t, ok)
rawValidator, err := hex.DecodeString(validator)
require.NoError(t, err)
authToken, err := auth.FindAuthToken(db.DefaultContext, lookupKey, auth.UserActivation)
require.NoError(t, err)
assert.False(t, authToken.IsExpired())
assert.EqualValues(t, authToken.HashedValidator, auth.HashValidator(rawValidator))
authToken.Expiry = authToken.Expiry.Add(-int64(setting.Service.ActiveCodeLives) * 60)
assert.True(t, authToken.IsExpired())
}
func TestVerifyUserAuthorizationToken(t *testing.T) {
defer test.MockVariableValue(&setting.Service.ActiveCodeLives, 2)()
require.NoError(t, unittest.PrepareTestDatabase())
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
code, err := user.GenerateEmailAuthorizationCode(db.DefaultContext, auth.UserActivation)
require.NoError(t, err)
lookupKey, _, ok := strings.Cut(code, ":")
assert.True(t, ok)
t.Run("Wrong purpose", func(t *testing.T) {
u, err := user_model.VerifyUserAuthorizationToken(db.DefaultContext, code, auth.PasswordReset, false)
require.NoError(t, err)
assert.Nil(t, u)
})
t.Run("No delete", func(t *testing.T) {
u, err := user_model.VerifyUserAuthorizationToken(db.DefaultContext, code, auth.UserActivation, false)
require.NoError(t, err)
assert.EqualValues(t, user.ID, u.ID)
authToken, err := auth.FindAuthToken(db.DefaultContext, lookupKey, auth.UserActivation)
require.NoError(t, err)
assert.NotNil(t, authToken)
})
t.Run("Delete", func(t *testing.T) {
u, err := user_model.VerifyUserAuthorizationToken(db.DefaultContext, code, auth.UserActivation, true)
require.NoError(t, err)
assert.EqualValues(t, user.ID, u.ID)
authToken, err := auth.FindAuthToken(db.DefaultContext, lookupKey, auth.UserActivation)
require.ErrorIs(t, err, util.ErrNotExist)
assert.Nil(t, authToken)
})
}

View file

@ -48,7 +48,7 @@ type CreateOrgOption struct {
// EditOrgOption options for editing an organization // EditOrgOption options for editing an organization
type EditOrgOption struct { type EditOrgOption struct {
FullName string `json:"full_name" binding:"MaxSize(100)"` FullName string `json:"full_name" binding:"MaxSize(100)"`
Email *string `json:"email" binding:"MaxSize(255)"` Email string `json:"email" binding:"MaxSize(255)"`
Description string `json:"description" binding:"MaxSize(255)"` Description string `json:"description" binding:"MaxSize(255)"`
Website string `json:"website" binding:"ValidUrl;MaxSize(255)"` Website string `json:"website" binding:"ValidUrl;MaxSize(255)"`
Location string `json:"location" binding:"MaxSize(50)"` Location string `json:"location" binding:"MaxSize(50)"`

View file

@ -1,6 +1,5 @@
// Copyright 2016 The Gogs Authors. All rights reserved. // Copyright 2016 The Gogs Authors. All rights reserved.
// Copyright 2020 The Gitea Authors. All rights reserved. // Copyright 2020 The Gitea Authors. All rights reserved.
// Copyright 2024 The Forgejo Authors. All rights reserved
// SPDX-License-Identifier: MIT // SPDX-License-Identifier: MIT
package validation package validation

View file

@ -1,5 +1,4 @@
// Copyright 2017 The Gitea Authors. All rights reserved. // Copyright 2017 The Gitea Authors. All rights reserved.
// Copyright 2024 The Forgejo Authors. All rights reserved
// SPDX-License-Identifier: MIT // SPDX-License-Identifier: MIT
package validation package validation

View file

@ -15,7 +15,6 @@ import (
user_model "code.gitea.io/gitea/models/user" user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/optional" "code.gitea.io/gitea/modules/optional"
api "code.gitea.io/gitea/modules/structs" api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/validation"
"code.gitea.io/gitea/modules/web" "code.gitea.io/gitea/modules/web"
"code.gitea.io/gitea/routers/api/v1/user" "code.gitea.io/gitea/routers/api/v1/user"
"code.gitea.io/gitea/routers/api/v1/utils" "code.gitea.io/gitea/routers/api/v1/utils"
@ -341,30 +340,15 @@ func Edit(ctx *context.APIContext) {
// "$ref": "#/responses/Organization" // "$ref": "#/responses/Organization"
// "404": // "404":
// "$ref": "#/responses/notFound" // "$ref": "#/responses/notFound"
// "422":
// "$ref": "#/responses/error"
form := web.GetForm(ctx).(*api.EditOrgOption) form := web.GetForm(ctx).(*api.EditOrgOption)
if form.Email != nil { if form.Email != "" {
if *form.Email == "" { if err := user_service.ReplacePrimaryEmailAddress(ctx, ctx.Org.Organization.AsUser(), form.Email); err != nil {
err := user_model.DeletePrimaryEmailAddressOfUser(ctx, ctx.Org.Organization.ID)
if err != nil {
ctx.Error(http.StatusInternalServerError, "DeletePrimaryEmailAddressOfUser", err)
return
}
ctx.Org.Organization.Email = ""
} else {
if err := user_service.ReplacePrimaryEmailAddress(ctx, ctx.Org.Organization.AsUser(), *form.Email); err != nil {
if validation.IsErrEmailInvalid(err) || validation.IsErrEmailCharIsNotSupported(err) {
ctx.Error(http.StatusUnprocessableEntity, "ReplacePrimaryEmailAddress", err)
} else {
ctx.Error(http.StatusInternalServerError, "ReplacePrimaryEmailAddress", err) ctx.Error(http.StatusInternalServerError, "ReplacePrimaryEmailAddress", err)
}
return return
} }
} }
}
opts := &user_service.UpdateOptions{ opts := &user_service.UpdateOptions{
FullName: optional.Some(form.FullName), FullName: optional.Some(form.FullName),

View file

@ -93,13 +93,7 @@ func SettingsPost(ctx *context.Context) {
ctx.Org.OrgLink = setting.AppSubURL + "/org/" + url.PathEscape(org.Name) ctx.Org.OrgLink = setting.AppSubURL + "/org/" + url.PathEscape(org.Name)
} }
if form.Email == "" { if form.Email != "" {
err := user_model.DeletePrimaryEmailAddressOfUser(ctx, org.ID)
if err != nil {
ctx.ServerError("DeletePrimaryEmailAddressOfUser", err)
return
}
} else {
if err := user_service.ReplacePrimaryEmailAddress(ctx, org.AsUser(), form.Email); err != nil { if err := user_service.ReplacePrimaryEmailAddress(ctx, org.AsUser(), form.Email); err != nil {
ctx.Data["Err_Email"] = true ctx.Data["Err_Email"] = true
ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplSettingsOptions, &form) ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplSettingsOptions, &form)

View file

@ -2263,9 +2263,6 @@
}, },
"404": { "404": {
"$ref": "#/responses/notFound" "$ref": "#/responses/notFound"
},
"422": {
"$ref": "#/responses/error"
} }
} }
} }

View file

@ -218,57 +218,3 @@ func TestAPIOrgSearchEmptyTeam(t *testing.T) {
assert.EqualValues(t, "Empty", data.Data[0].Name) assert.EqualValues(t, "Empty", data.Data[0].Name)
} }
} }
func TestAPIOrgChangeEmail(t *testing.T) {
defer tests.PrepareTestEnv(t)()
session := loginUser(t, "user1")
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
t.Run("Invalid", func(t *testing.T) {
newMail := "invalid"
settings := api.EditOrgOption{Email: &newMail}
resp := MakeRequest(t, NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &settings).AddTokenAuth(token), http.StatusUnprocessableEntity)
var org *api.Organization
DecodeJSON(t, resp, &org)
assert.Empty(t, org.Email)
})
t.Run("Valid", func(t *testing.T) {
newMail := "example@example.com"
settings := api.EditOrgOption{Email: &newMail}
resp := MakeRequest(t, NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &settings).AddTokenAuth(token), http.StatusOK)
var org *api.Organization
DecodeJSON(t, resp, &org)
assert.Equal(t, "example@example.com", org.Email)
})
t.Run("NoChange", func(t *testing.T) {
settings := api.EditOrgOption{}
resp := MakeRequest(t, NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &settings).AddTokenAuth(token), http.StatusOK)
var org *api.Organization
DecodeJSON(t, resp, &org)
assert.Equal(t, "example@example.com", org.Email)
})
t.Run("Empty", func(t *testing.T) {
newMail := ""
settings := api.EditOrgOption{Email: &newMail}
resp := MakeRequest(t, NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &settings).AddTokenAuth(token), http.StatusOK)
var org *api.Organization
DecodeJSON(t, resp, &org)
assert.Empty(t, org.Email)
})
}

View file

@ -1,89 +0,0 @@
// Copyright 2024 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package integration
import (
"fmt"
"net/http"
"testing"
auth_model "code.gitea.io/gitea/models/auth"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/assert"
)
func getOrgSettingsFormData(t *testing.T, session *TestSession, orgName string) map[string]string {
return map[string]string{
"_csrf": GetCSRF(t, session, fmt.Sprintf("/org/%s/settings", orgName)),
"name": orgName,
"full_name": "",
"email": "",
"description": "",
"website": "",
"location": "",
"visibility": "0",
"repo_admin_change_team_access": "on",
"max_repo_creation": "-1",
}
}
func getOrgSettings(t *testing.T, token, orgName string) *api.Organization {
t.Helper()
req := NewRequestf(t, "GET", "/api/v1/orgs/%s", orgName).AddTokenAuth(token)
resp := MakeRequest(t, req, http.StatusOK)
var org *api.Organization
DecodeJSON(t, resp, &org)
return org
}
func TestOrgSettingsChangeEmail(t *testing.T) {
defer tests.PrepareTestEnv(t)()
const orgName = "org3"
settingsURL := fmt.Sprintf("/org/%s/settings", orgName)
session := loginUser(t, "user1")
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)
t.Run("Invalid", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
settings := getOrgSettingsFormData(t, session, orgName)
settings["email"] = "invalid"
session.MakeRequest(t, NewRequestWithValues(t, "POST", settingsURL, settings), http.StatusOK)
org := getOrgSettings(t, token, orgName)
assert.Equal(t, "org3@example.com", org.Email)
})
t.Run("Valid", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
settings := getOrgSettingsFormData(t, session, orgName)
settings["email"] = "example@example.com"
session.MakeRequest(t, NewRequestWithValues(t, "POST", settingsURL, settings), http.StatusSeeOther)
org := getOrgSettings(t, token, orgName)
assert.Equal(t, "example@example.com", org.Email)
})
t.Run("Empty", func(t *testing.T) {
defer tests.PrintCurrentTest(t)()
settings := getOrgSettingsFormData(t, session, orgName)
settings["email"] = ""
session.MakeRequest(t, NewRequestWithValues(t, "POST", settingsURL, settings), http.StatusSeeOther)
org := getOrgSettings(t, token, orgName)
assert.Empty(t, org.Email)
})
}