From 4019b992176bcf0626683e143bf26e9874436d2f Mon Sep 17 00:00:00 2001 From: Gusted Date: Thu, 21 Aug 2025 16:20:05 +0200 Subject: [PATCH] fix: do visibility check for user redirect lookup --- models/user/redirect.go | 12 ++---------- models/user/redirect_test.go | 26 -------------------------- routers/api/v1/api.go | 9 +++++---- routers/api/v1/user/helper.go | 3 ++- services/context/org.go | 5 +++-- services/context/repo.go | 5 +++-- services/context/user.go | 5 +++-- services/redirect/user.go | 30 ++++++++++++++++++++++++++++++ services/user/user_test.go | 3 ++- 9 files changed, 50 insertions(+), 48 deletions(-) delete mode 100644 models/user/redirect_test.go create mode 100644 services/redirect/user.go diff --git a/models/user/redirect.go b/models/user/redirect.go index 75876f17d2..bcb421d4a1 100644 --- a/models/user/redirect.go +++ b/models/user/redirect.go @@ -21,7 +21,8 @@ import ( // ErrUserRedirectNotExist represents a "UserRedirectNotExist" kind of error. type ErrUserRedirectNotExist struct { - Name string + Name string + MissingPermission bool } // IsErrUserRedirectNotExist check if an error is an ErrUserRedirectNotExist. @@ -81,15 +82,6 @@ func GetUserRedirect(ctx context.Context, userName string) (*Redirect, error) { return redirect, nil } -// LookupUserRedirect look up userID if a user has a redirect name -func LookupUserRedirect(ctx context.Context, userName string) (int64, error) { - redirect, err := GetUserRedirect(ctx, userName) - if err != nil { - return 0, err - } - return redirect.RedirectUserID, nil -} - // NewUserRedirect create a new user redirect func NewUserRedirect(ctx context.Context, ID int64, oldUserName, newUserName string) error { oldUserName = strings.ToLower(oldUserName) diff --git a/models/user/redirect_test.go b/models/user/redirect_test.go deleted file mode 100644 index c598fb045f..0000000000 --- a/models/user/redirect_test.go +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright 2020 The Gitea Authors. All rights reserved. -// SPDX-License-Identifier: MIT - -package user_test - -import ( - "testing" - - "forgejo.org/models/db" - "forgejo.org/models/unittest" - user_model "forgejo.org/models/user" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -func TestLookupUserRedirect(t *testing.T) { - require.NoError(t, unittest.PrepareTestDatabase()) - - userID, err := user_model.LookupUserRedirect(db.DefaultContext, "olduser1") - require.NoError(t, err) - assert.EqualValues(t, 1, userID) - - _, err = user_model.LookupUserRedirect(db.DefaultContext, "doesnotexist") - assert.True(t, user_model.IsErrUserRedirectNotExist(err)) -} diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index ca65148a35..31c884fb88 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -99,6 +99,7 @@ import ( "forgejo.org/services/auth" "forgejo.org/services/context" "forgejo.org/services/forms" + redirect_service "forgejo.org/services/redirect" _ "forgejo.org/routers/api/v1/swagger" // for swagger generation @@ -153,12 +154,12 @@ func repoAssignment() func(ctx *context.APIContext) { owner, err = user_model.GetUserByName(ctx, userName) if err != nil { if user_model.IsErrUserNotExist(err) { - if redirectUserID, err := user_model.LookupUserRedirect(ctx, userName); err == nil { + if redirectUserID, err := redirect_service.LookupUserRedirect(ctx, ctx.Doer, userName); err == nil { context.RedirectToUser(ctx.Base, userName, redirectUserID) } else if user_model.IsErrUserRedirectNotExist(err) { ctx.NotFound("GetUserByName", err) } else { - ctx.Error(http.StatusInternalServerError, "LookupUserRedirect", err) + ctx.Error(http.StatusInternalServerError, "LookupRedirect", err) } } else { ctx.Error(http.StatusInternalServerError, "GetUserByName", err) @@ -638,13 +639,13 @@ func orgAssignment(args ...bool) func(ctx *context.APIContext) { ctx.Org.Organization, err = organization.GetOrgByName(ctx, ctx.Params(":org")) if err != nil { if organization.IsErrOrgNotExist(err) { - redirectUserID, err := user_model.LookupUserRedirect(ctx, ctx.Params(":org")) + redirectUserID, err := redirect_service.LookupUserRedirect(ctx, ctx.Doer, ctx.Params(":org")) if err == nil { context.RedirectToUser(ctx.Base, ctx.Params(":org"), redirectUserID) } else if user_model.IsErrUserRedirectNotExist(err) { ctx.NotFound("GetOrgByName", err) } else { - ctx.Error(http.StatusInternalServerError, "LookupUserRedirect", err) + ctx.Error(http.StatusInternalServerError, "LookupRedirect", err) } } else { ctx.Error(http.StatusInternalServerError, "GetOrgByName", err) diff --git a/routers/api/v1/user/helper.go b/routers/api/v1/user/helper.go index fe0943091f..1de4d72161 100644 --- a/routers/api/v1/user/helper.go +++ b/routers/api/v1/user/helper.go @@ -8,6 +8,7 @@ import ( user_model "forgejo.org/models/user" "forgejo.org/services/context" + redirect_service "forgejo.org/services/redirect" ) // GetUserByParamsName get user by name @@ -16,7 +17,7 @@ func GetUserByParamsName(ctx *context.APIContext, name string) *user_model.User user, err := user_model.GetUserByName(ctx, username) if err != nil { if user_model.IsErrUserNotExist(err) { - if redirectUserID, err2 := user_model.LookupUserRedirect(ctx, username); err2 == nil { + if redirectUserID, err2 := redirect_service.LookupUserRedirect(ctx, ctx.Doer, username); err2 == nil { context.RedirectToUser(ctx.Base, username, redirectUserID) } else { ctx.NotFound("GetUserByName", err) diff --git a/services/context/org.go b/services/context/org.go index 3ddc40b6b3..c7d06b9bcc 100644 --- a/services/context/org.go +++ b/services/context/org.go @@ -16,6 +16,7 @@ import ( "forgejo.org/modules/markup/markdown" "forgejo.org/modules/setting" "forgejo.org/modules/structs" + redirect_service "forgejo.org/services/redirect" ) // Organization contains organization context @@ -48,13 +49,13 @@ func GetOrganizationByParams(ctx *Context) { ctx.Org.Organization, err = organization.GetOrgByName(ctx, orgName) if err != nil { if organization.IsErrOrgNotExist(err) { - redirectUserID, err := user_model.LookupUserRedirect(ctx, orgName) + redirectUserID, err := redirect_service.LookupUserRedirect(ctx, ctx.Doer, orgName) if err == nil { RedirectToUser(ctx.Base, orgName, redirectUserID) } else if user_model.IsErrUserRedirectNotExist(err) { ctx.NotFound("GetUserByName", err) } else { - ctx.ServerError("LookupUserRedirect", err) + ctx.ServerError("LookupRedirect", err) } } else { ctx.ServerError("GetUserByName", err) diff --git a/services/context/repo.go b/services/context/repo.go index c8876d7166..72ba25828d 100644 --- a/services/context/repo.go +++ b/services/context/repo.go @@ -35,6 +35,7 @@ import ( "forgejo.org/modules/setting" "forgejo.org/modules/util" asymkey_service "forgejo.org/services/asymkey" + redirect_service "forgejo.org/services/redirect" "github.com/editorconfig/editorconfig-core-go/v2" ) @@ -477,12 +478,12 @@ func RepoAssignment(ctx *Context) context.CancelFunc { return nil } - if redirectUserID, err := user_model.LookupUserRedirect(ctx, userName); err == nil { + if redirectUserID, err := redirect_service.LookupUserRedirect(ctx, ctx.Doer, userName); err == nil { RedirectToUser(ctx.Base, userName, redirectUserID) } else if user_model.IsErrUserRedirectNotExist(err) { ctx.NotFound("GetUserByName", nil) } else { - ctx.ServerError("LookupUserRedirect", err) + ctx.ServerError("LookupRedirect", err) } } else { ctx.ServerError("GetUserByName", err) diff --git a/services/context/user.go b/services/context/user.go index a82c90d7a6..63260a49aa 100644 --- a/services/context/user.go +++ b/services/context/user.go @@ -9,6 +9,7 @@ import ( "strings" user_model "forgejo.org/models/user" + redirect_service "forgejo.org/services/redirect" ) // UserAssignmentWeb returns a middleware to handle context-user assignment for web routes @@ -68,12 +69,12 @@ func userAssignment(ctx *Base, doer *user_model.User, errCb func(int, string, an contextUser, err = user_model.GetUserByName(ctx, username) if err != nil { if user_model.IsErrUserNotExist(err) { - if redirectUserID, err := user_model.LookupUserRedirect(ctx, username); err == nil { + if redirectUserID, err := redirect_service.LookupUserRedirect(ctx, doer, username); err == nil { RedirectToUser(ctx, username, redirectUserID) } else if user_model.IsErrUserRedirectNotExist(err) { errCb(http.StatusNotFound, "GetUserByName", err) } else { - errCb(http.StatusInternalServerError, "LookupUserRedirect", err) + errCb(http.StatusInternalServerError, "LookupRedirect", err) } } else { errCb(http.StatusInternalServerError, "GetUserByName", err) diff --git a/services/redirect/user.go b/services/redirect/user.go new file mode 100644 index 0000000000..2b1d38bbc0 --- /dev/null +++ b/services/redirect/user.go @@ -0,0 +1,30 @@ +// Copyright 2025 The Forgejo Authors. All rights reserved. +// SPDX-License-Identifier: MIT +package redirect + +import ( + "context" + + user_model "forgejo.org/models/user" +) + +// LookupUserRedirect returns the userID if there's a redirect registered for the +// username. It additionally checks if the doer has permission to view the new +// user. +func LookupUserRedirect(ctx context.Context, doer *user_model.User, userName string) (int64, error) { + redirect, err := user_model.GetUserRedirect(ctx, userName) + if err != nil { + return 0, err + } + + redirectUser, err := user_model.GetUserByID(ctx, redirect.RedirectUserID) + if err != nil { + return 0, err + } + + if !user_model.IsUserVisibleToViewer(ctx, redirectUser, doer) { + return 0, user_model.ErrUserRedirectNotExist{Name: userName, MissingPermission: true} + } + + return redirect.RedirectUserID, nil +} diff --git a/services/user/user_test.go b/services/user/user_test.go index 0747833557..7240813411 100644 --- a/services/user/user_test.go +++ b/services/user/user_test.go @@ -26,6 +26,7 @@ import ( "forgejo.org/modules/test" "forgejo.org/modules/timeutil" "forgejo.org/services/auth/source/oauth2" + redirect_service "forgejo.org/services/redirect" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -184,7 +185,7 @@ func TestRenameUser(t *testing.T) { require.NoError(t, RenameUser(db.DefaultContext, user, newUsername)) unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: user.ID, Name: newUsername, LowerName: strings.ToLower(newUsername)}) - redirectUID, err := user_model.LookupUserRedirect(db.DefaultContext, oldUsername) + redirectUID, err := redirect_service.LookupUserRedirect(db.DefaultContext, user, oldUsername) require.NoError(t, err) assert.Equal(t, user.ID, redirectUID)