From d9418651af8c8a3276ebc40a516109c0f33139b0 Mon Sep 17 00:00:00 2001 From: oliverpool Date: Mon, 11 Mar 2024 14:10:51 +0000 Subject: [PATCH] [BUG 1.21] prevent error 500 on /user/settings/security when SignedUser has a linked account from a deactivated authentication source (#2626) This should fix #2266. This has apparently be fixed in `main` https://github.com/go-gitea/gitea/pull/27798 (but quite a big PR, which was not backported). I should likely push the test to the main branch as well. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2626 Reviewed-by: Earl Warren Co-authored-by: oliverpool Co-committed-by: oliverpool --- .../user/settings/security/accountlinks.tmpl | 9 +++-- tests/integration/setting_test.go | 38 +++++++++++++++++++ 2 files changed, 43 insertions(+), 4 deletions(-) diff --git a/templates/user/settings/security/accountlinks.tmpl b/templates/user/settings/security/accountlinks.tmpl index 0820844547..77a525f4f6 100644 --- a/templates/user/settings/security/accountlinks.tmpl +++ b/templates/user/settings/security/accountlinks.tmpl @@ -27,10 +27,11 @@ {{range $loginSource, $provider := .AccountLinks}}
- {{$providerData := index $.OAuth2Providers $loginSource.Name}} -
- {{$providerData.IconHTML 20}} -
+ {{with index $.OAuth2Providers $loginSource.Name}} +
+ {{.IconHTML 20}} +
+ {{end}}
{{$loginSource.Name}} diff --git a/tests/integration/setting_test.go b/tests/integration/setting_test.go index 9dad9ca716..53c1c75c44 100644 --- a/tests/integration/setting_test.go +++ b/tests/integration/setting_test.go @@ -7,6 +7,9 @@ import ( "net/http" "testing" + auth_model "code.gitea.io/gitea/models/auth" + "code.gitea.io/gitea/models/unittest" + user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/tests" @@ -116,3 +119,38 @@ func TestSettingLandingPage(t *testing.T) { setting.LandingPageURL = landingPage } + +func TestSettingSecurityAuthSource(t *testing.T) { + defer tests.PrepareTestEnv(t)() + + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) + + active := addAuthSource(t, authSourcePayloadGitLabCustom("gitlab-active")) + activeExternalLoginUser := &user_model.ExternalLoginUser{ + ExternalID: "12345", + UserID: user.ID, + LoginSourceID: active.ID, + } + err := user_model.LinkExternalToUser(user, activeExternalLoginUser) + assert.NoError(t, err) + + inactive := addAuthSource(t, authSourcePayloadGitLabCustom("gitlab-inactive")) + inactiveExternalLoginUser := &user_model.ExternalLoginUser{ + ExternalID: "5678", + UserID: user.ID, + LoginSourceID: inactive.ID, + } + err = user_model.LinkExternalToUser(user, inactiveExternalLoginUser) + assert.NoError(t, err) + + // mark the authSource as inactive + inactive.IsActive = false + err = auth_model.UpdateSource(inactive) + assert.NoError(t, err) + + session := loginUser(t, "user1") + req := NewRequest(t, "GET", "user/settings/security") + resp := session.MakeRequest(t, req, http.StatusOK) + assert.Contains(t, resp.Body.String(), `gitlab-active`) + assert.Contains(t, resp.Body.String(), `gitlab-inactive`) +}