1
0
Fork 0
forgejo/tests/integration/setting_test.go
Panagiotis "Ivory" Vasilopoulos d03be77665 UI: Hide hidden email from own profile, again
This is a follow-up for 5e1bd8af5f, which
was my first commit to Gitea. It is also a follow up for the
Gitea PR #29300 (https://github.com/go-gitea/gitea/pull/23900) created
by myself, which turned stale.

This change partially restores the behavior of Gitea PR #23747
(https://github.com/go-gitea/gitea/pull/23747) by wxiaoguang, but
maintains the lock.

The original idea was to differentiate things from GitHub and GitLab a
little bit, and show the email address on the profile. The profile is
not only a place where the user chooses to show how they present
themselves on an instance, it is also a place where they can assess
their relationship *with* the instance, as it provides features such
as the Public Activity feed that can be only shown to the user, in
private.

It's, in some way, a dashboard. The email was shown there to remind
the user that this is the primary email that will be used by a supposed
administrator to contact them. There were other motivations behind that
change as well, but, long story short, the idea did not work very well,
as some people (e.g. people livestreaming on the Internet, or 'normal'
users sharing their screens) do not want to put their email address
out there when showing their screen to other people.

Other alternatives, such as blurring the text or only showing the real
email address, were explored, but were rejected because of
browser compatibility and simplicity reasons. The padlock icon that
is shown when showing the email address to other people has been kept.
One viable alternative could be displaying the placeholder email
instead, but that requires some more thought.

Fixes https://codeberg.org/forgejo/forgejo/issues/1950.
2024-05-05 13:08:31 +02:00

157 lines
5 KiB
Go

// Copyright 2017 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package integration
import (
"net/http"
"testing"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/assert"
)
func TestSettingShowUserEmailExplore(t *testing.T) {
defer tests.PrepareTestEnv(t)()
showUserEmail := setting.UI.ShowUserEmail
setting.UI.ShowUserEmail = true
session := loginUser(t, "user2")
req := NewRequest(t, "GET", "/explore/users?sort=alphabetically")
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
assert.Contains(t,
htmlDoc.doc.Find(".explore.users").Text(),
"user34@example.com",
)
setting.UI.ShowUserEmail = false
req = NewRequest(t, "GET", "/explore/users?sort=alphabetically")
resp = session.MakeRequest(t, req, http.StatusOK)
htmlDoc = NewHTMLParser(t, resp.Body)
assert.NotContains(t,
htmlDoc.doc.Find(".explore.users").Text(),
"user34@example.com",
)
setting.UI.ShowUserEmail = showUserEmail
}
func TestSettingShowUserEmailProfile(t *testing.T) {
defer tests.PrepareTestEnv(t)()
showUserEmail := setting.UI.ShowUserEmail
// user1: keep_email_private = false, user2: keep_email_private = true
setting.UI.ShowUserEmail = true
// user1 can see own visible email
session := loginUser(t, "user1")
req := NewRequest(t, "GET", "/user1")
resp := session.MakeRequest(t, req, http.StatusOK)
htmlDoc := NewHTMLParser(t, resp.Body)
assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
// user1 can not see user2's hidden email
req = NewRequest(t, "GET", "/user2")
resp = session.MakeRequest(t, req, http.StatusOK)
htmlDoc = NewHTMLParser(t, resp.Body)
// Should only contain if the user visits their own profile page
assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com")
// user2 can see user1's visible email
session = loginUser(t, "user2")
req = NewRequest(t, "GET", "/user1")
resp = session.MakeRequest(t, req, http.StatusOK)
htmlDoc = NewHTMLParser(t, resp.Body)
assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
// user2 cannot see own hidden email
session = loginUser(t, "user2")
req = NewRequest(t, "GET", "/user2")
resp = session.MakeRequest(t, req, http.StatusOK)
htmlDoc = NewHTMLParser(t, resp.Body)
assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com")
setting.UI.ShowUserEmail = false
// user1 cannot see own (now hidden) email
session = loginUser(t, "user1")
req = NewRequest(t, "GET", "/user1")
resp = session.MakeRequest(t, req, http.StatusOK)
htmlDoc = NewHTMLParser(t, resp.Body)
assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
setting.UI.ShowUserEmail = showUserEmail
}
func TestSettingLandingPage(t *testing.T) {
defer tests.PrepareTestEnv(t)()
landingPage := setting.LandingPageURL
setting.LandingPageURL = setting.LandingPageHome
req := NewRequest(t, "GET", "/")
MakeRequest(t, req, http.StatusOK)
setting.LandingPageURL = setting.LandingPageExplore
req = NewRequest(t, "GET", "/")
resp := MakeRequest(t, req, http.StatusSeeOther)
assert.Equal(t, "/explore", resp.Header().Get("Location"))
setting.LandingPageURL = setting.LandingPageOrganizations
req = NewRequest(t, "GET", "/")
resp = MakeRequest(t, req, http.StatusSeeOther)
assert.Equal(t, "/explore/organizations", resp.Header().Get("Location"))
setting.LandingPageURL = setting.LandingPageLogin
req = NewRequest(t, "GET", "/")
resp = MakeRequest(t, req, http.StatusSeeOther)
assert.Equal(t, "/user/login", resp.Header().Get("Location"))
setting.LandingPageURL = landingPage
}
func TestSettingSecurityAuthSource(t *testing.T) {
defer tests.PrepareTestEnv(t)()
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
active := addAuthSource(t, authSourcePayloadGitLabCustom("gitlab-active"))
activeExternalLoginUser := &user_model.ExternalLoginUser{
ExternalID: "12345",
UserID: user.ID,
LoginSourceID: active.ID,
}
err := user_model.LinkExternalToUser(db.DefaultContext, user, activeExternalLoginUser)
assert.NoError(t, err)
inactive := addAuthSource(t, authSourcePayloadGitLabCustom("gitlab-inactive"))
inactiveExternalLoginUser := &user_model.ExternalLoginUser{
ExternalID: "5678",
UserID: user.ID,
LoginSourceID: inactive.ID,
}
err = user_model.LinkExternalToUser(db.DefaultContext, user, inactiveExternalLoginUser)
assert.NoError(t, err)
// mark the authSource as inactive
inactive.IsActive = false
err = auth_model.UpdateSource(db.DefaultContext, inactive)
assert.NoError(t, err)
session := loginUser(t, "user1")
req := NewRequest(t, "GET", "user/settings/security")
resp := session.MakeRequest(t, req, http.StatusOK)
assert.Contains(t, resp.Body.String(), `gitlab-active`)
assert.Contains(t, resp.Body.String(), `gitlab-inactive`)
}