mirror of
https://codeberg.org/forgejo/forgejo
synced 2024-12-11 14:01:58 +01:00
d03be77665
This is a follow-up for 5e1bd8af5f
, which
was my first commit to Gitea. It is also a follow up for the
Gitea PR #29300 (https://github.com/go-gitea/gitea/pull/23900) created
by myself, which turned stale.
This change partially restores the behavior of Gitea PR #23747
(https://github.com/go-gitea/gitea/pull/23747) by wxiaoguang, but
maintains the lock.
The original idea was to differentiate things from GitHub and GitLab a
little bit, and show the email address on the profile. The profile is
not only a place where the user chooses to show how they present
themselves on an instance, it is also a place where they can assess
their relationship *with* the instance, as it provides features such
as the Public Activity feed that can be only shown to the user, in
private.
It's, in some way, a dashboard. The email was shown there to remind
the user that this is the primary email that will be used by a supposed
administrator to contact them. There were other motivations behind that
change as well, but, long story short, the idea did not work very well,
as some people (e.g. people livestreaming on the Internet, or 'normal'
users sharing their screens) do not want to put their email address
out there when showing their screen to other people.
Other alternatives, such as blurring the text or only showing the real
email address, were explored, but were rejected because of
browser compatibility and simplicity reasons. The padlock icon that
is shown when showing the email address to other people has been kept.
One viable alternative could be displaying the placeholder email
instead, but that requires some more thought.
Fixes https://codeberg.org/forgejo/forgejo/issues/1950.
157 lines
5 KiB
Go
157 lines
5 KiB
Go
// Copyright 2017 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package integration
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
auth_model "code.gitea.io/gitea/models/auth"
|
|
"code.gitea.io/gitea/models/db"
|
|
"code.gitea.io/gitea/models/unittest"
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
"code.gitea.io/gitea/tests"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestSettingShowUserEmailExplore(t *testing.T) {
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
showUserEmail := setting.UI.ShowUserEmail
|
|
setting.UI.ShowUserEmail = true
|
|
|
|
session := loginUser(t, "user2")
|
|
req := NewRequest(t, "GET", "/explore/users?sort=alphabetically")
|
|
resp := session.MakeRequest(t, req, http.StatusOK)
|
|
htmlDoc := NewHTMLParser(t, resp.Body)
|
|
assert.Contains(t,
|
|
htmlDoc.doc.Find(".explore.users").Text(),
|
|
"user34@example.com",
|
|
)
|
|
|
|
setting.UI.ShowUserEmail = false
|
|
|
|
req = NewRequest(t, "GET", "/explore/users?sort=alphabetically")
|
|
resp = session.MakeRequest(t, req, http.StatusOK)
|
|
htmlDoc = NewHTMLParser(t, resp.Body)
|
|
assert.NotContains(t,
|
|
htmlDoc.doc.Find(".explore.users").Text(),
|
|
"user34@example.com",
|
|
)
|
|
|
|
setting.UI.ShowUserEmail = showUserEmail
|
|
}
|
|
|
|
func TestSettingShowUserEmailProfile(t *testing.T) {
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
showUserEmail := setting.UI.ShowUserEmail
|
|
|
|
// user1: keep_email_private = false, user2: keep_email_private = true
|
|
|
|
setting.UI.ShowUserEmail = true
|
|
|
|
// user1 can see own visible email
|
|
session := loginUser(t, "user1")
|
|
req := NewRequest(t, "GET", "/user1")
|
|
resp := session.MakeRequest(t, req, http.StatusOK)
|
|
htmlDoc := NewHTMLParser(t, resp.Body)
|
|
assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
|
|
|
|
// user1 can not see user2's hidden email
|
|
req = NewRequest(t, "GET", "/user2")
|
|
resp = session.MakeRequest(t, req, http.StatusOK)
|
|
htmlDoc = NewHTMLParser(t, resp.Body)
|
|
// Should only contain if the user visits their own profile page
|
|
assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com")
|
|
|
|
// user2 can see user1's visible email
|
|
session = loginUser(t, "user2")
|
|
req = NewRequest(t, "GET", "/user1")
|
|
resp = session.MakeRequest(t, req, http.StatusOK)
|
|
htmlDoc = NewHTMLParser(t, resp.Body)
|
|
assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
|
|
|
|
// user2 cannot see own hidden email
|
|
session = loginUser(t, "user2")
|
|
req = NewRequest(t, "GET", "/user2")
|
|
resp = session.MakeRequest(t, req, http.StatusOK)
|
|
htmlDoc = NewHTMLParser(t, resp.Body)
|
|
assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com")
|
|
|
|
setting.UI.ShowUserEmail = false
|
|
|
|
// user1 cannot see own (now hidden) email
|
|
session = loginUser(t, "user1")
|
|
req = NewRequest(t, "GET", "/user1")
|
|
resp = session.MakeRequest(t, req, http.StatusOK)
|
|
htmlDoc = NewHTMLParser(t, resp.Body)
|
|
assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
|
|
|
|
setting.UI.ShowUserEmail = showUserEmail
|
|
}
|
|
|
|
func TestSettingLandingPage(t *testing.T) {
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
landingPage := setting.LandingPageURL
|
|
|
|
setting.LandingPageURL = setting.LandingPageHome
|
|
req := NewRequest(t, "GET", "/")
|
|
MakeRequest(t, req, http.StatusOK)
|
|
|
|
setting.LandingPageURL = setting.LandingPageExplore
|
|
req = NewRequest(t, "GET", "/")
|
|
resp := MakeRequest(t, req, http.StatusSeeOther)
|
|
assert.Equal(t, "/explore", resp.Header().Get("Location"))
|
|
|
|
setting.LandingPageURL = setting.LandingPageOrganizations
|
|
req = NewRequest(t, "GET", "/")
|
|
resp = MakeRequest(t, req, http.StatusSeeOther)
|
|
assert.Equal(t, "/explore/organizations", resp.Header().Get("Location"))
|
|
|
|
setting.LandingPageURL = setting.LandingPageLogin
|
|
req = NewRequest(t, "GET", "/")
|
|
resp = MakeRequest(t, req, http.StatusSeeOther)
|
|
assert.Equal(t, "/user/login", resp.Header().Get("Location"))
|
|
|
|
setting.LandingPageURL = landingPage
|
|
}
|
|
|
|
func TestSettingSecurityAuthSource(t *testing.T) {
|
|
defer tests.PrepareTestEnv(t)()
|
|
|
|
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
|
|
|
|
active := addAuthSource(t, authSourcePayloadGitLabCustom("gitlab-active"))
|
|
activeExternalLoginUser := &user_model.ExternalLoginUser{
|
|
ExternalID: "12345",
|
|
UserID: user.ID,
|
|
LoginSourceID: active.ID,
|
|
}
|
|
err := user_model.LinkExternalToUser(db.DefaultContext, user, activeExternalLoginUser)
|
|
assert.NoError(t, err)
|
|
|
|
inactive := addAuthSource(t, authSourcePayloadGitLabCustom("gitlab-inactive"))
|
|
inactiveExternalLoginUser := &user_model.ExternalLoginUser{
|
|
ExternalID: "5678",
|
|
UserID: user.ID,
|
|
LoginSourceID: inactive.ID,
|
|
}
|
|
err = user_model.LinkExternalToUser(db.DefaultContext, user, inactiveExternalLoginUser)
|
|
assert.NoError(t, err)
|
|
|
|
// mark the authSource as inactive
|
|
inactive.IsActive = false
|
|
err = auth_model.UpdateSource(db.DefaultContext, inactive)
|
|
assert.NoError(t, err)
|
|
|
|
session := loginUser(t, "user1")
|
|
req := NewRequest(t, "GET", "user/settings/security")
|
|
resp := session.MakeRequest(t, req, http.StatusOK)
|
|
assert.Contains(t, resp.Body.String(), `gitlab-active`)
|
|
assert.Contains(t, resp.Body.String(), `gitlab-inactive`)
|
|
}
|