Improve the maintainblity of the reserved username list (#32229)

(cherry picked from commit 6029d78ab5006e8fb4f42adb5a8c491f19fa7b0a)

Conflicts:
  models/user/user.go
	services/user/user_test.go
    trivial context conflict
	tests/integration/user_test.go
    discarded entirely because dot may be allowed in Forgejo under
    some conditions
This commit is contained in:
Earl Warren 2024-10-13 10:13:04 +03:00
parent eff28911d3
commit 7855e4bb56
No known key found for this signature in database
GPG Key ID: 0579CB2928A78A00
3 changed files with 39 additions and 46 deletions

View File

@ -586,44 +586,46 @@ var (
".",
"..",
".well-known",
"admin",
"api",
"assets",
"attachments",
"avatar",
"avatars",
"captcha",
"commits",
"debug",
"devtest",
"error",
"explore",
"favicon.ico",
"ghost",
"issues",
"login",
"manifest.json",
"metrics",
"milestones",
"new",
"notifications",
"org",
"pulls",
"raw",
"repo",
"api", // gitea api
"metrics", // prometheus metrics api
"v2", // container registry api
"assets", // static asset files
"attachments", // issue attachments
"avatar", // avatar by email hash
"avatars", // user avatars by file name
"repo-avatars",
"robots.txt",
"search",
"serviceworker.js",
"ssh_info",
"captcha",
"login", // oauth2 login
"org", // org create/manage, or "/org/{org}", BUT if an org is named as "invite" then it goes wrong
"repo", // repo create/migrate, etc
"user", // user login/activate/settings, etc
"admin",
"devtest",
"explore",
"issues",
"pulls",
"milestones",
"notifications",
"favicon.ico",
"manifest.json", // web app manifests
"robots.txt", // search engine robots
"sitemap.xml", // search engine sitemap
"ssh_info", // agit info
"swagger.v1.json",
"user",
"v2",
"gitea-actions",
"forgejo-actions",
"ghost", // reserved name for deleted users (id: -1)
"gitea-actions", // gitea builtin user (id: -2)
"forgejo-actions", // forgejo builtin user (id: -2)
}
// DON'T ADD ANY NEW STUFF, WE SOLVE THIS WITH `/user/{obj}` PATHS!
// These names are reserved for user accounts: user's keys, user's rss feed, user's avatar, etc.
// DO NOT add any new stuff! The paths with these names are processed by `/{username}` handler (UsernameSubRoute) manually.
reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom", "*.png"}
)

View File

@ -114,12 +114,10 @@ func TestRenameUser(t *testing.T) {
})
t.Run("Non usable username", func(t *testing.T) {
usernames := []string{"--diff", "aa.png", ".well-known", "search", "aaa.atom"}
usernames := []string{"--diff", ".well-known", "gitea-actions", "aaa.atom", "aa.png"}
for _, username := range usernames {
t.Run(username, func(t *testing.T) {
require.Error(t, user_model.IsUsableUsername(username))
require.Error(t, RenameUser(db.DefaultContext, user, username))
})
require.Error(t, user_model.IsUsableUsername(username), "non-usable username: %s", username)
require.Error(t, RenameUser(db.DefaultContext, user, username), "non-usable username: %s", username)
}
})

View File

@ -114,10 +114,7 @@ func TestRenameReservedUsername(t *testing.T) {
"avatar",
"avatars",
"captcha",
"commits",
"debug",
"devtest",
"error",
"explore",
"favicon.ico",
"ghost",
@ -126,16 +123,12 @@ func TestRenameReservedUsername(t *testing.T) {
"manifest.json",
"metrics",
"milestones",
"new",
"notifications",
"org",
"pulls",
"raw",
"repo",
"repo-avatars",
"robots.txt",
"search",
"serviceworker.js",
"ssh_info",
"swagger.v1.json",
"user",