Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix login error when user has an unsupported visibility type #23496

Closed
wants to merge 4 commits into from
Closed

Fix login error when user has an unsupported visibility type #23496

wants to merge 4 commits into from

Conversation

lunny
Copy link
Member

@lunny lunny commented Mar 15, 2023
edited
Loading

Validated user methods should not always check user's visibility type because users maybe have a visibility type which not allowed in a later configuration change.

Fix #23211

@lunny lunny added type/bug outdated/backport/v1.18 This PR should be backported to Gitea 1.18 outdated/backport/v1.19 This PR should be backported to Gitea 1.19 labels Mar 15, 2023
@lunny lunny added this to the 1.20.0 milestone Mar 15, 2023
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Mar 16, 2023
@wolfogre
Copy link
Member

Need make generate-swagger

wxiaoguang
wxiaoguang reviewed Mar 25, 2023
View reviewed changes
models/user/user.go
func UpdateUser(ctx context.Context, u *User, changePrimaryEmail bool, cols ...string) error {
err := validateUser(u)
func UpdateUser(ctx context.Context, u *User, changePrimaryEmail, visibilityChanged bool, cols ...string) error {
err := validateUser(u, visibilityChanged)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It confuses me, why visibilityChanged means checkVisibility? Even if it is correct, it's hard to understand.

As a quick patch, this PR might work.

But I think it reduces maintainability, I can't imagine what does UpdateUser(ctx, u, false, false) or UpdateUser(ctx, u, false, true) do without reading all related code.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about add an error handling after calling validateUser instead of add checkVisibility to validateUser?

if err := validateUser(u); err != nil {
  if !(ignoreVisibilityNotAllowed && IsVisibilityNotAllowed(err)) {
    return err
  }
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It confuses me, why visibilityChanged means checkVisibility? Even if it is correct, it's hard to understand.

As a quick patch, this PR might work.

But I think it reduces maintainability, I can't imagine what does UpdateUser(ctx, u, false, false) or UpdateUser(ctx, u, false, true) do without reading all related code.

That means the previous value which have stored in database should not be checked, only changed values need to be checked .

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can understand after I spend much time on reading code, while I do not think it is a good design.

Now we have (..., true, false), do we want to have (..., true, false, true) in the future?

@lunny lunny removed the outdated/backport/v1.18 This PR should be backported to Gitea 1.18 label Apr 10, 2023
@lunny lunny mentioned this pull request May 23, 2023
Merged
@lunny
Copy link
Member Author

lunny commented May 23, 2023

replaced by #24867

@lunny lunny closed this May 23, 2023
@GiteaBot GiteaBot removed this from the 1.20.0 milestone May 23, 2023
@lunny lunny deleted the lunny/fix_visibility_types branch May 23, 2023 01:49
lunny added a commit that referenced this pull request May 24, 2023
@lunny
Only validate changed columns when update user (#24867)
a523bd5 
Fix #23211
Replace #23496
@GiteaBot GiteaBot mentioned this pull request May 24, 2023
Merged
GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request May 24, 2023
@lunny @GiteaBot
Only validate changed columns when update user (go-gitea#24867)
531f868 
Fix go-gitea#23211
Replace go-gitea#23496
lunny added a commit that referenced this pull request May 24, 2023
@GiteaBot @lunny
Only validate changed columns when update user (#24867) (#24903)
275abd6 
Backport #24867 by @lunny

Fix #23211
Replace #23496

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Codeberg-org pushed a commit to Codeberg-org/gitea that referenced this pull request Jun 3, 2023
@GiteaBot @earl-warren
Only validate changed columns when update user (go-gitea#24867) (go-g…
75122ed 
…itea#24903)

Backport go-gitea#24867 by @lunny

Fix go-gitea#23211
Replace go-gitea#23496

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 275abd6)
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Aug 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wxiaoguang wxiaoguang wxiaoguang left review comments

@yp05327 yp05327 yp05327 left review comments

@wolfogre wolfogre wolfogre approved these changes

Assignees
No one assigned
Labels
lgtm/need 1 This PR needs approval from one additional maintainer to be merged. outdated/backport/v1.19 This PR should be backported to Gitea 1.19 type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

500 Server Error after login if User has no allowed visibility mode
5 participants
@lunny @wolfogre @wxiaoguang @yp05327 @GiteaBot