[BUG 1.21] prevent error 500 on /user/settings/security when SignedUser has a linked account from a deactivated authentication source (#2626)

This should fix #2266. This has apparently be fixed in `main` https://github.com/go-gitea/gitea/pull/27798 (but quite a big PR, which was not backported). I should likely push the test to the main branch as well. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2626 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-03-11 14:10:51 +00:00 · 2024-03-11 14:10:51 +00:00 · d9418651af
parent 84449e9288
commit d9418651af
2 changed files with 43 additions and 4 deletions
--- a/templates/user/settings/security/accountlinks.tmpl
+++ b/templates/user/settings/security/accountlinks.tmpl
@ -27,10 +27,11 @@
 		</div>
 		{{range $loginSource, $provider := .AccountLinks}}
 			<div class="flex-item">
-				{{$providerData := index $.OAuth2Providers $loginSource.Name}}
-				<div class="flex-item-leading">
-					{{$providerData.IconHTML 20}}
-				</div>
+				{{with index $.OAuth2Providers $loginSource.Name}}
+					<div class="flex-item-leading">
+						{{.IconHTML 20}}
+					</div>
+				{{end}}
 				<div class="flex-item-main">
 					<span class="flex-item-title" data-tooltip-content="{{$provider}}">
 						{{$loginSource.Name}}
--- a/tests/integration/setting_test.go
+++ b/tests/integration/setting_test.go
@ -7,6 +7,9 @@ import (
 	"net/http"
 	"testing"

+	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/tests"

@ -116,3 +119,38 @@ func TestSettingLandingPage(t *testing.T) {

 	setting.LandingPageURL = landingPage
 }
+
+func TestSettingSecurityAuthSource(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+
+	active := addAuthSource(t, authSourcePayloadGitLabCustom("gitlab-active"))
+	activeExternalLoginUser := &user_model.ExternalLoginUser{
+		ExternalID:    "12345",
+		UserID:        user.ID,
+		LoginSourceID: active.ID,
+	}
+	err := user_model.LinkExternalToUser(user, activeExternalLoginUser)
+	assert.NoError(t, err)
+
+	inactive := addAuthSource(t, authSourcePayloadGitLabCustom("gitlab-inactive"))
+	inactiveExternalLoginUser := &user_model.ExternalLoginUser{
+		ExternalID:    "5678",
+		UserID:        user.ID,
+		LoginSourceID: inactive.ID,
+	}
+	err = user_model.LinkExternalToUser(user, inactiveExternalLoginUser)
+	assert.NoError(t, err)
+
+	// mark the authSource as inactive
+	inactive.IsActive = false
+	err = auth_model.UpdateSource(inactive)
+	assert.NoError(t, err)
+
+	session := loginUser(t, "user1")
+	req := NewRequest(t, "GET", "user/settings/security")
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	assert.Contains(t, resp.Body.String(), `gitlab-active`)
+	assert.Contains(t, resp.Body.String(), `gitlab-inactive`)
+}