mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-11-27 20:26:09 +01:00
Compare commits
7 commits
e71a5f77c1
...
7203a5c86a
Author | SHA1 | Date | |
---|---|---|---|
7203a5c86a | |||
7afaf481df | |||
75a95e1b8f | |||
89cf1e41f4 | |||
7015bdfa48 | |||
a69943085a | |||
45fa9e5ae9 |
|
@ -84,20 +84,3 @@ jobs:
|
|||
ref_name: '${{ github.ref_name }}'
|
||||
image: 'codeberg.org/forgejo-experimental/forgejo'
|
||||
tag_suffix: '-rootless'
|
||||
|
||||
- name: set up go for the DNS update below
|
||||
if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != ''
|
||||
uses: https://code.forgejo.org/actions/setup-go@v5
|
||||
with:
|
||||
go-version-file: "go.mod"
|
||||
- name: update the _release.experimental DNS record
|
||||
if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != ''
|
||||
uses: https://code.forgejo.org/actions/ovh-dns-update@v1
|
||||
with:
|
||||
subdomain: _release.experimental
|
||||
domain: forgejo.com # there is a CNAME from .org to .com (for security reasons)
|
||||
record-id: 5283602601
|
||||
value: v=${{ github.ref_name }}
|
||||
ovh-app-key: ${{ secrets.OVH_APP_KEY }}
|
||||
ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}
|
||||
ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}
|
||||
|
|
|
@ -139,6 +139,38 @@ func GetPrimaryEmailAddressOfUser(ctx context.Context, uid int64) (*EmailAddress
|
|||
return ea, nil
|
||||
}
|
||||
|
||||
// Deletes the primary email address of the user
|
||||
// This is only allowed if the user is a organization
|
||||
func DeletePrimaryEmailAddressOfUser(ctx context.Context, uid int64) error {
|
||||
user, err := GetUserByID(ctx, uid)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if user.Type != UserTypeOrganization {
|
||||
return fmt.Errorf("%s is not a organization", user.Name)
|
||||
}
|
||||
|
||||
ctx, committer, err := db.TxContext(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer committer.Close()
|
||||
|
||||
_, err = db.GetEngine(ctx).Exec("DELETE FROM email_address WHERE uid = ? AND is_primary = true", uid)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
user.Email = ""
|
||||
err = UpdateUserCols(ctx, user, "email")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return committer.Commit()
|
||||
}
|
||||
|
||||
// GetEmailAddresses returns all email addresses belongs to given user.
|
||||
func GetEmailAddresses(ctx context.Context, uid int64) ([]*EmailAddress, error) {
|
||||
emails := make([]*EmailAddress, 0, 5)
|
||||
|
|
|
@ -129,6 +129,7 @@ func TestListEmails(t *testing.T) {
|
|||
assert.Len(t, emails, 5)
|
||||
assert.Greater(t, count, int64(len(emails)))
|
||||
}
|
||||
|
||||
func TestGetActivatedEmailAddresses(t *testing.T) {
|
||||
require.NoError(t, unittest.PrepareTestDatabase())
|
||||
|
||||
|
@ -162,3 +163,21 @@ func TestGetActivatedEmailAddresses(t *testing.T) {
|
|||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestDeletePrimaryEmailAddressOfUser(t *testing.T) {
|
||||
require.NoError(t, unittest.PrepareTestDatabase())
|
||||
|
||||
user, err := user_model.GetUserByName(db.DefaultContext, "org3")
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, "org3@example.com", user.Email)
|
||||
|
||||
require.NoError(t, user_model.DeletePrimaryEmailAddressOfUser(db.DefaultContext, user.ID))
|
||||
|
||||
user, err = user_model.GetUserByName(db.DefaultContext, "org3")
|
||||
require.NoError(t, err)
|
||||
assert.Empty(t, user.Email)
|
||||
|
||||
email, err := user_model.GetPrimaryEmailAddressOfUser(db.DefaultContext, user.ID)
|
||||
assert.True(t, user_model.IsErrEmailAddressNotExist(err))
|
||||
assert.Nil(t, email)
|
||||
}
|
||||
|
|
|
@ -324,7 +324,6 @@ func TestCreateUserInvalidEmail(t *testing.T) {
|
|||
|
||||
err := user_model.CreateUser(db.DefaultContext, user)
|
||||
require.Error(t, err)
|
||||
|
||||
assert.True(t, validation.IsErrEmailCharIsNotSupported(err))
|
||||
}
|
||||
|
||||
|
@ -607,69 +606,6 @@ func Test_ValidateUser(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestGenerateEmailAuthorizationCode(t *testing.T) {
|
||||
defer test.MockVariableValue(&setting.Service.ActiveCodeLives, 2)()
|
||||
require.NoError(t, unittest.PrepareTestDatabase())
|
||||
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
||||
|
||||
code, err := user.GenerateEmailAuthorizationCode(db.DefaultContext, auth.UserActivation)
|
||||
require.NoError(t, err)
|
||||
|
||||
lookupKey, validator, ok := strings.Cut(code, ":")
|
||||
assert.True(t, ok)
|
||||
|
||||
rawValidator, err := hex.DecodeString(validator)
|
||||
require.NoError(t, err)
|
||||
|
||||
authToken, err := auth.FindAuthToken(db.DefaultContext, lookupKey, auth.UserActivation)
|
||||
require.NoError(t, err)
|
||||
assert.False(t, authToken.IsExpired())
|
||||
assert.EqualValues(t, authToken.HashedValidator, auth.HashValidator(rawValidator))
|
||||
|
||||
authToken.Expiry = authToken.Expiry.Add(-int64(setting.Service.ActiveCodeLives) * 60)
|
||||
assert.True(t, authToken.IsExpired())
|
||||
}
|
||||
|
||||
func TestVerifyUserAuthorizationToken(t *testing.T) {
|
||||
defer test.MockVariableValue(&setting.Service.ActiveCodeLives, 2)()
|
||||
require.NoError(t, unittest.PrepareTestDatabase())
|
||||
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
||||
|
||||
code, err := user.GenerateEmailAuthorizationCode(db.DefaultContext, auth.UserActivation)
|
||||
require.NoError(t, err)
|
||||
|
||||
lookupKey, _, ok := strings.Cut(code, ":")
|
||||
assert.True(t, ok)
|
||||
|
||||
t.Run("Wrong purpose", func(t *testing.T) {
|
||||
u, err := user_model.VerifyUserAuthorizationToken(db.DefaultContext, code, auth.PasswordReset, false)
|
||||
require.NoError(t, err)
|
||||
assert.Nil(t, u)
|
||||
})
|
||||
|
||||
t.Run("No delete", func(t *testing.T) {
|
||||
u, err := user_model.VerifyUserAuthorizationToken(db.DefaultContext, code, auth.UserActivation, false)
|
||||
require.NoError(t, err)
|
||||
assert.EqualValues(t, user.ID, u.ID)
|
||||
|
||||
authToken, err := auth.FindAuthToken(db.DefaultContext, lookupKey, auth.UserActivation)
|
||||
require.NoError(t, err)
|
||||
assert.NotNil(t, authToken)
|
||||
})
|
||||
|
||||
t.Run("Delete", func(t *testing.T) {
|
||||
u, err := user_model.VerifyUserAuthorizationToken(db.DefaultContext, code, auth.UserActivation, true)
|
||||
require.NoError(t, err)
|
||||
assert.EqualValues(t, user.ID, u.ID)
|
||||
|
||||
authToken, err := auth.FindAuthToken(db.DefaultContext, lookupKey, auth.UserActivation)
|
||||
require.ErrorIs(t, err, util.ErrNotExist)
|
||||
assert.Nil(t, authToken)
|
||||
})
|
||||
}
|
||||
|
||||
func Test_NormalizeUserFromEmail(t *testing.T) {
|
||||
oldSetting := setting.Service.AllowDotsInUsernames
|
||||
defer func() {
|
||||
|
@ -767,3 +703,66 @@ func TestDisabledUserFeatures(t *testing.T) {
|
|||
assert.True(t, user_model.IsFeatureDisabledWithLoginType(user, f))
|
||||
}
|
||||
}
|
||||
|
||||
func TestGenerateEmailAuthorizationCode(t *testing.T) {
|
||||
defer test.MockVariableValue(&setting.Service.ActiveCodeLives, 2)()
|
||||
require.NoError(t, unittest.PrepareTestDatabase())
|
||||
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
||||
|
||||
code, err := user.GenerateEmailAuthorizationCode(db.DefaultContext, auth.UserActivation)
|
||||
require.NoError(t, err)
|
||||
|
||||
lookupKey, validator, ok := strings.Cut(code, ":")
|
||||
assert.True(t, ok)
|
||||
|
||||
rawValidator, err := hex.DecodeString(validator)
|
||||
require.NoError(t, err)
|
||||
|
||||
authToken, err := auth.FindAuthToken(db.DefaultContext, lookupKey, auth.UserActivation)
|
||||
require.NoError(t, err)
|
||||
assert.False(t, authToken.IsExpired())
|
||||
assert.EqualValues(t, authToken.HashedValidator, auth.HashValidator(rawValidator))
|
||||
|
||||
authToken.Expiry = authToken.Expiry.Add(-int64(setting.Service.ActiveCodeLives) * 60)
|
||||
assert.True(t, authToken.IsExpired())
|
||||
}
|
||||
|
||||
func TestVerifyUserAuthorizationToken(t *testing.T) {
|
||||
defer test.MockVariableValue(&setting.Service.ActiveCodeLives, 2)()
|
||||
require.NoError(t, unittest.PrepareTestDatabase())
|
||||
|
||||
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
|
||||
|
||||
code, err := user.GenerateEmailAuthorizationCode(db.DefaultContext, auth.UserActivation)
|
||||
require.NoError(t, err)
|
||||
|
||||
lookupKey, _, ok := strings.Cut(code, ":")
|
||||
assert.True(t, ok)
|
||||
|
||||
t.Run("Wrong purpose", func(t *testing.T) {
|
||||
u, err := user_model.VerifyUserAuthorizationToken(db.DefaultContext, code, auth.PasswordReset, false)
|
||||
require.NoError(t, err)
|
||||
assert.Nil(t, u)
|
||||
})
|
||||
|
||||
t.Run("No delete", func(t *testing.T) {
|
||||
u, err := user_model.VerifyUserAuthorizationToken(db.DefaultContext, code, auth.UserActivation, false)
|
||||
require.NoError(t, err)
|
||||
assert.EqualValues(t, user.ID, u.ID)
|
||||
|
||||
authToken, err := auth.FindAuthToken(db.DefaultContext, lookupKey, auth.UserActivation)
|
||||
require.NoError(t, err)
|
||||
assert.NotNil(t, authToken)
|
||||
})
|
||||
|
||||
t.Run("Delete", func(t *testing.T) {
|
||||
u, err := user_model.VerifyUserAuthorizationToken(db.DefaultContext, code, auth.UserActivation, true)
|
||||
require.NoError(t, err)
|
||||
assert.EqualValues(t, user.ID, u.ID)
|
||||
|
||||
authToken, err := auth.FindAuthToken(db.DefaultContext, lookupKey, auth.UserActivation)
|
||||
require.ErrorIs(t, err, util.ErrNotExist)
|
||||
assert.Nil(t, authToken)
|
||||
})
|
||||
}
|
||||
|
|
|
@ -47,11 +47,11 @@ type CreateOrgOption struct {
|
|||
|
||||
// EditOrgOption options for editing an organization
|
||||
type EditOrgOption struct {
|
||||
FullName string `json:"full_name" binding:"MaxSize(100)"`
|
||||
Email string `json:"email" binding:"MaxSize(255)"`
|
||||
Description string `json:"description" binding:"MaxSize(255)"`
|
||||
Website string `json:"website" binding:"ValidUrl;MaxSize(255)"`
|
||||
Location string `json:"location" binding:"MaxSize(50)"`
|
||||
FullName string `json:"full_name" binding:"MaxSize(100)"`
|
||||
Email *string `json:"email" binding:"MaxSize(255)"`
|
||||
Description string `json:"description" binding:"MaxSize(255)"`
|
||||
Website string `json:"website" binding:"ValidUrl;MaxSize(255)"`
|
||||
Location string `json:"location" binding:"MaxSize(50)"`
|
||||
// possible values are `public`, `limited` or `private`
|
||||
// enum: ["public", "limited", "private"]
|
||||
Visibility string `json:"visibility" binding:"In(,public,limited,private)"`
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
// Copyright 2016 The Gogs Authors. All rights reserved.
|
||||
// Copyright 2020 The Gitea Authors. All rights reserved.
|
||||
// Copyright 2024 The Forgejo Authors. All rights reserved
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package validation
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
// Copyright 2017 The Gitea Authors. All rights reserved.
|
||||
// Copyright 2024 The Forgejo Authors. All rights reserved
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package validation
|
||||
|
|
|
@ -15,6 +15,7 @@ import (
|
|||
user_model "code.gitea.io/gitea/models/user"
|
||||
"code.gitea.io/gitea/modules/optional"
|
||||
api "code.gitea.io/gitea/modules/structs"
|
||||
"code.gitea.io/gitea/modules/validation"
|
||||
"code.gitea.io/gitea/modules/web"
|
||||
"code.gitea.io/gitea/routers/api/v1/user"
|
||||
"code.gitea.io/gitea/routers/api/v1/utils"
|
||||
|
@ -340,13 +341,28 @@ func Edit(ctx *context.APIContext) {
|
|||
// "$ref": "#/responses/Organization"
|
||||
// "404":
|
||||
// "$ref": "#/responses/notFound"
|
||||
// "422":
|
||||
// "$ref": "#/responses/error"
|
||||
|
||||
form := web.GetForm(ctx).(*api.EditOrgOption)
|
||||
|
||||
if form.Email != "" {
|
||||
if err := user_service.ReplacePrimaryEmailAddress(ctx, ctx.Org.Organization.AsUser(), form.Email); err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "ReplacePrimaryEmailAddress", err)
|
||||
return
|
||||
if form.Email != nil {
|
||||
if *form.Email == "" {
|
||||
err := user_model.DeletePrimaryEmailAddressOfUser(ctx, ctx.Org.Organization.ID)
|
||||
if err != nil {
|
||||
ctx.Error(http.StatusInternalServerError, "DeletePrimaryEmailAddressOfUser", err)
|
||||
return
|
||||
}
|
||||
ctx.Org.Organization.Email = ""
|
||||
} else {
|
||||
if err := user_service.ReplacePrimaryEmailAddress(ctx, ctx.Org.Organization.AsUser(), *form.Email); err != nil {
|
||||
if validation.IsErrEmailInvalid(err) || validation.IsErrEmailCharIsNotSupported(err) {
|
||||
ctx.Error(http.StatusUnprocessableEntity, "ReplacePrimaryEmailAddress", err)
|
||||
} else {
|
||||
ctx.Error(http.StatusInternalServerError, "ReplacePrimaryEmailAddress", err)
|
||||
}
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -93,7 +93,13 @@ func SettingsPost(ctx *context.Context) {
|
|||
ctx.Org.OrgLink = setting.AppSubURL + "/org/" + url.PathEscape(org.Name)
|
||||
}
|
||||
|
||||
if form.Email != "" {
|
||||
if form.Email == "" {
|
||||
err := user_model.DeletePrimaryEmailAddressOfUser(ctx, org.ID)
|
||||
if err != nil {
|
||||
ctx.ServerError("DeletePrimaryEmailAddressOfUser", err)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
if err := user_service.ReplacePrimaryEmailAddress(ctx, org.AsUser(), form.Email); err != nil {
|
||||
ctx.Data["Err_Email"] = true
|
||||
ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplSettingsOptions, &form)
|
||||
|
|
3
templates/swagger/v1_json.tmpl
generated
3
templates/swagger/v1_json.tmpl
generated
|
@ -2263,6 +2263,9 @@
|
|||
},
|
||||
"404": {
|
||||
"$ref": "#/responses/notFound"
|
||||
},
|
||||
"422": {
|
||||
"$ref": "#/responses/error"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -218,3 +218,57 @@ func TestAPIOrgSearchEmptyTeam(t *testing.T) {
|
|||
assert.EqualValues(t, "Empty", data.Data[0].Name)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAPIOrgChangeEmail(t *testing.T) {
|
||||
defer tests.PrepareTestEnv(t)()
|
||||
|
||||
session := loginUser(t, "user1")
|
||||
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
|
||||
|
||||
t.Run("Invalid", func(t *testing.T) {
|
||||
newMail := "invalid"
|
||||
settings := api.EditOrgOption{Email: &newMail}
|
||||
|
||||
resp := MakeRequest(t, NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &settings).AddTokenAuth(token), http.StatusUnprocessableEntity)
|
||||
|
||||
var org *api.Organization
|
||||
DecodeJSON(t, resp, &org)
|
||||
|
||||
assert.Empty(t, org.Email)
|
||||
})
|
||||
|
||||
t.Run("Valid", func(t *testing.T) {
|
||||
newMail := "example@example.com"
|
||||
settings := api.EditOrgOption{Email: &newMail}
|
||||
|
||||
resp := MakeRequest(t, NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &settings).AddTokenAuth(token), http.StatusOK)
|
||||
|
||||
var org *api.Organization
|
||||
DecodeJSON(t, resp, &org)
|
||||
|
||||
assert.Equal(t, "example@example.com", org.Email)
|
||||
})
|
||||
|
||||
t.Run("NoChange", func(t *testing.T) {
|
||||
settings := api.EditOrgOption{}
|
||||
|
||||
resp := MakeRequest(t, NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &settings).AddTokenAuth(token), http.StatusOK)
|
||||
|
||||
var org *api.Organization
|
||||
DecodeJSON(t, resp, &org)
|
||||
|
||||
assert.Equal(t, "example@example.com", org.Email)
|
||||
})
|
||||
|
||||
t.Run("Empty", func(t *testing.T) {
|
||||
newMail := ""
|
||||
settings := api.EditOrgOption{Email: &newMail}
|
||||
|
||||
resp := MakeRequest(t, NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/org3", &settings).AddTokenAuth(token), http.StatusOK)
|
||||
|
||||
var org *api.Organization
|
||||
DecodeJSON(t, resp, &org)
|
||||
|
||||
assert.Empty(t, org.Email)
|
||||
})
|
||||
}
|
||||
|
|
89
tests/integration/org_settings_test.go
Normal file
89
tests/integration/org_settings_test.go
Normal file
|
@ -0,0 +1,89 @@
|
|||
// Copyright 2024 The Forgejo Authors. All rights reserved.
|
||||
// SPDX-License-Identifier: MIT
|
||||
|
||||
package integration
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"testing"
|
||||
|
||||
auth_model "code.gitea.io/gitea/models/auth"
|
||||
api "code.gitea.io/gitea/modules/structs"
|
||||
"code.gitea.io/gitea/tests"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func getOrgSettingsFormData(t *testing.T, session *TestSession, orgName string) map[string]string {
|
||||
return map[string]string{
|
||||
"_csrf": GetCSRF(t, session, fmt.Sprintf("/org/%s/settings", orgName)),
|
||||
"name": orgName,
|
||||
"full_name": "",
|
||||
"email": "",
|
||||
"description": "",
|
||||
"website": "",
|
||||
"location": "",
|
||||
"visibility": "0",
|
||||
"repo_admin_change_team_access": "on",
|
||||
"max_repo_creation": "-1",
|
||||
}
|
||||
}
|
||||
|
||||
func getOrgSettings(t *testing.T, token, orgName string) *api.Organization {
|
||||
t.Helper()
|
||||
|
||||
req := NewRequestf(t, "GET", "/api/v1/orgs/%s", orgName).AddTokenAuth(token)
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
|
||||
var org *api.Organization
|
||||
DecodeJSON(t, resp, &org)
|
||||
|
||||
return org
|
||||
}
|
||||
|
||||
func TestOrgSettingsChangeEmail(t *testing.T) {
|
||||
defer tests.PrepareTestEnv(t)()
|
||||
|
||||
const orgName = "org3"
|
||||
settingsURL := fmt.Sprintf("/org/%s/settings", orgName)
|
||||
|
||||
session := loginUser(t, "user1")
|
||||
token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)
|
||||
|
||||
t.Run("Invalid", func(t *testing.T) {
|
||||
defer tests.PrintCurrentTest(t)()
|
||||
|
||||
settings := getOrgSettingsFormData(t, session, orgName)
|
||||
|
||||
settings["email"] = "invalid"
|
||||
session.MakeRequest(t, NewRequestWithValues(t, "POST", settingsURL, settings), http.StatusOK)
|
||||
|
||||
org := getOrgSettings(t, token, orgName)
|
||||
assert.Equal(t, "org3@example.com", org.Email)
|
||||
})
|
||||
|
||||
t.Run("Valid", func(t *testing.T) {
|
||||
defer tests.PrintCurrentTest(t)()
|
||||
|
||||
settings := getOrgSettingsFormData(t, session, orgName)
|
||||
|
||||
settings["email"] = "example@example.com"
|
||||
session.MakeRequest(t, NewRequestWithValues(t, "POST", settingsURL, settings), http.StatusSeeOther)
|
||||
|
||||
org := getOrgSettings(t, token, orgName)
|
||||
assert.Equal(t, "example@example.com", org.Email)
|
||||
})
|
||||
|
||||
t.Run("Empty", func(t *testing.T) {
|
||||
defer tests.PrintCurrentTest(t)()
|
||||
|
||||
settings := getOrgSettingsFormData(t, session, orgName)
|
||||
|
||||
settings["email"] = ""
|
||||
session.MakeRequest(t, NewRequestWithValues(t, "POST", settingsURL, settings), http.StatusSeeOther)
|
||||
|
||||
org := getOrgSettings(t, token, orgName)
|
||||
assert.Empty(t, org.Email)
|
||||
})
|
||||
}
|
Loading…
Reference in a new issue