Improve the maintainblity of the reserved username list (#32229)
(cherry picked from commit 6029d78ab5006e8fb4f42adb5a8c491f19fa7b0a) Conflicts: models/user/user.go services/user/user_test.go trivial context conflict tests/integration/user_test.go discarded entirely because dot may be allowed in Forgejo under some conditions
This commit is contained in:
parent
eff28911d3
commit
7855e4bb56
3 changed files with 39 additions and 46 deletions
|
@ -586,44 +586,46 @@ var (
|
|||
".",
|
||||
"..",
|
||||
".well-known",
|
||||
"admin",
|
||||
"api",
|
||||
"assets",
|
||||
"attachments",
|
||||
"avatar",
|
||||
"avatars",
|
||||
"captcha",
|
||||
"commits",
|
||||
"debug",
|
||||
"devtest",
|
||||
"error",
|
||||
"explore",
|
||||
"favicon.ico",
|
||||
"ghost",
|
||||
"issues",
|
||||
"login",
|
||||
"manifest.json",
|
||||
"metrics",
|
||||
"milestones",
|
||||
"new",
|
||||
"notifications",
|
||||
"org",
|
||||
"pulls",
|
||||
"raw",
|
||||
"repo",
|
||||
|
||||
"api", // gitea api
|
||||
"metrics", // prometheus metrics api
|
||||
"v2", // container registry api
|
||||
|
||||
"assets", // static asset files
|
||||
"attachments", // issue attachments
|
||||
|
||||
"avatar", // avatar by email hash
|
||||
"avatars", // user avatars by file name
|
||||
"repo-avatars",
|
||||
"robots.txt",
|
||||
"search",
|
||||
"serviceworker.js",
|
||||
"ssh_info",
|
||||
|
||||
"captcha",
|
||||
"login", // oauth2 login
|
||||
"org", // org create/manage, or "/org/{org}", BUT if an org is named as "invite" then it goes wrong
|
||||
"repo", // repo create/migrate, etc
|
||||
"user", // user login/activate/settings, etc
|
||||
|
||||
"admin",
|
||||
"devtest",
|
||||
"explore",
|
||||
"issues",
|
||||
"pulls",
|
||||
"milestones",
|
||||
"notifications",
|
||||
|
||||
"favicon.ico",
|
||||
"manifest.json", // web app manifests
|
||||
"robots.txt", // search engine robots
|
||||
"sitemap.xml", // search engine sitemap
|
||||
"ssh_info", // agit info
|
||||
"swagger.v1.json",
|
||||
"user",
|
||||
"v2",
|
||||
"gitea-actions",
|
||||
"forgejo-actions",
|
||||
|
||||
"ghost", // reserved name for deleted users (id: -1)
|
||||
"gitea-actions", // gitea builtin user (id: -2)
|
||||
"forgejo-actions", // forgejo builtin user (id: -2)
|
||||
}
|
||||
|
||||
// DON'T ADD ANY NEW STUFF, WE SOLVE THIS WITH `/user/{obj}` PATHS!
|
||||
// These names are reserved for user accounts: user's keys, user's rss feed, user's avatar, etc.
|
||||
// DO NOT add any new stuff! The paths with these names are processed by `/{username}` handler (UsernameSubRoute) manually.
|
||||
reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom", "*.png"}
|
||||
)
|
||||
|
||||
|
|
|
@ -114,12 +114,10 @@ func TestRenameUser(t *testing.T) {
|
|||
})
|
||||
|
||||
t.Run("Non usable username", func(t *testing.T) {
|
||||
usernames := []string{"--diff", "aa.png", ".well-known", "search", "aaa.atom"}
|
||||
usernames := []string{"--diff", ".well-known", "gitea-actions", "aaa.atom", "aa.png"}
|
||||
for _, username := range usernames {
|
||||
t.Run(username, func(t *testing.T) {
|
||||
require.Error(t, user_model.IsUsableUsername(username))
|
||||
require.Error(t, RenameUser(db.DefaultContext, user, username))
|
||||
})
|
||||
require.Error(t, user_model.IsUsableUsername(username), "non-usable username: %s", username)
|
||||
require.Error(t, RenameUser(db.DefaultContext, user, username), "non-usable username: %s", username)
|
||||
}
|
||||
})
|
||||
|
||||
|
|
|
@ -114,10 +114,7 @@ func TestRenameReservedUsername(t *testing.T) {
|
|||
"avatar",
|
||||
"avatars",
|
||||
"captcha",
|
||||
"commits",
|
||||
"debug",
|
||||
"devtest",
|
||||
"error",
|
||||
"explore",
|
||||
"favicon.ico",
|
||||
"ghost",
|
||||
|
@ -126,16 +123,12 @@ func TestRenameReservedUsername(t *testing.T) {
|
|||
"manifest.json",
|
||||
"metrics",
|
||||
"milestones",
|
||||
"new",
|
||||
"notifications",
|
||||
"org",
|
||||
"pulls",
|
||||
"raw",
|
||||
"repo",
|
||||
"repo-avatars",
|
||||
"robots.txt",
|
||||
"search",
|
||||
"serviceworker.js",
|
||||
"ssh_info",
|
||||
"swagger.v1.json",
|
||||
"user",
|
||||
|
|
Loading…
Reference in a new issue