From 0ecd9d968202d1766e5867dfbee13277e4683791 Mon Sep 17 00:00:00 2001 From: Gusted Date: Wed, 2 Jul 2025 13:04:22 +0200 Subject: [PATCH 1/3] fix: user activation with uppercase email address (#8367) - Right before the call to user email activation, the user is updated [^1]. This causes the email to be lowered, which in turn makes the call to activate the user activation fail (on database where collation is case sensitive, which is the recommend collation by Forgejo). - The code in `BeforeUpdate` is quite confusing, the comment has become slightly out of date and was reworded to reflect reality and its purpose. The code is also slightly reworked to only lower the email for the `AvatarEmail` field to avoid causing side-effect. - Added unit test. - Resolves forgejo/forgejo#8354 [^1]: https://codeberg.org/forgejo/forgejo/src/commit/4927d4ee3d53ad79fe88dfe862c33339c0a9cdc6/routers/web/auth/auth.go#L785 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8367 Reviewed-by: Otto Co-authored-by: Gusted Co-committed-by: Gusted --- .../TestActivateUserEmail/email_address.yml | 7 +++++++ models/fixtures/TestActivateUserEmail/user.yml | 12 ++++++++++++ models/user/email_address_test.go | 17 +++++++++++++++++ models/user/user.go | 6 +++--- 4 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 models/fixtures/TestActivateUserEmail/email_address.yml create mode 100644 models/fixtures/TestActivateUserEmail/user.yml diff --git a/models/fixtures/TestActivateUserEmail/email_address.yml b/models/fixtures/TestActivateUserEmail/email_address.yml new file mode 100644 index 0000000000..cf41ff8241 --- /dev/null +++ b/models/fixtures/TestActivateUserEmail/email_address.yml @@ -0,0 +1,7 @@ +- + id: 1001 + uid: 1001 + email: AnotherTestUserWithUpperCaseEmail@otto.splvs.net + lower_email: anothertestuserwithuppercaseemail@otto.splvs.net + is_activated: false + is_primary: true diff --git a/models/fixtures/TestActivateUserEmail/user.yml b/models/fixtures/TestActivateUserEmail/user.yml new file mode 100644 index 0000000000..0a68e70a4a --- /dev/null +++ b/models/fixtures/TestActivateUserEmail/user.yml @@ -0,0 +1,12 @@ +- + id: 1001 + lower_name: user1001 + name: user1001 + full_name: User That loves Upper Cases + email: AnotherTestUserWithUpperCaseEmail@otto.splvs.net + passwd: ZogKvWdyEx:password + passwd_hash_algo: dummy + avatar: '' + avatar_email: anothertestuserwithuppercaseemail@otto.splvs.net + login_name: user1 + created_unix: 1672578000 diff --git a/models/user/email_address_test.go b/models/user/email_address_test.go index 1801f57a23..85f5b16c65 100644 --- a/models/user/email_address_test.go +++ b/models/user/email_address_test.go @@ -181,3 +181,20 @@ func TestDeletePrimaryEmailAddressOfUser(t *testing.T) { assert.True(t, user_model.IsErrEmailAddressNotExist(err)) assert.Nil(t, email) } + +func TestActivateUserEmail(t *testing.T) { + defer unittest.OverrideFixtures("models/fixtures/TestActivateUserEmail")() + require.NoError(t, unittest.PrepareTestDatabase()) + + t.Run("Activate email", func(t *testing.T) { + require.NoError(t, user_model.ActivateUserEmail(t.Context(), 1001, "AnotherTestUserWithUpperCaseEmail@otto.splvs.net", true)) + + unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{UID: 1001}, "is_activated = true") + }) + + t.Run("Deactivate email", func(t *testing.T) { + require.NoError(t, user_model.ActivateUserEmail(t.Context(), 1001, "AnotherTestUserWithUpperCaseEmail@otto.splvs.net", false)) + + unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{UID: 1001}, "is_activated = false") + }) +} diff --git a/models/user/user.go b/models/user/user.go index eedd1db80e..b124572bb6 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -182,11 +182,11 @@ func (u *User) BeforeUpdate() { u.MaxRepoCreation = -1 } - // Organization does not need email - u.Email = strings.ToLower(u.Email) + // Ensure AvatarEmail is set for non-organization users, because organization + // are not required to have a email set. if !u.IsOrganization() { if len(u.AvatarEmail) == 0 { - u.AvatarEmail = u.Email + u.AvatarEmail = strings.ToLower(u.Email) } } From abb95c8c92318c9a98910b36e78c9a60672930a7 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 2 Jul 2025 16:34:56 +0200 Subject: [PATCH 2/3] Update dependency globals to v16.3.0 (forgejo) (#8381) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8381 Reviewed-by: Michael Kriese Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 18e007e5a6..4555b299bf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -86,7 +86,7 @@ "eslint-plugin-vue": "10.2.0", "eslint-plugin-vue-scoped-css": "2.10.0", "eslint-plugin-wc": "3.0.1", - "globals": "16.1.0", + "globals": "16.3.0", "happy-dom": "18.0.1", "license-checker-rseidelsohn": "4.4.2", "markdownlint-cli": "0.45.0", @@ -8440,9 +8440,9 @@ } }, "node_modules/globals": { - "version": "16.1.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-16.1.0.tgz", - "integrity": "sha512-aibexHNbb/jiUSObBgpHLj+sIuUmJnYcgXBlrfsiDZ9rt4aF2TFRbyLgZ2iFQuVZ1K5Mx3FVkbKRSgKrbK3K2g==", + "version": "16.3.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-16.3.0.tgz", + "integrity": "sha512-bqWEnJ1Nt3neqx2q5SFfGS8r/ahumIakg3HcwtNlrVlwXIeNumWn/c7Pn/wKzGhf6SaW6H6uWXLqC30STCMchQ==", "dev": true, "license": "MIT", "engines": { diff --git a/package.json b/package.json index c6e96d68ec..3623c143e0 100644 --- a/package.json +++ b/package.json @@ -85,7 +85,7 @@ "eslint-plugin-vue": "10.2.0", "eslint-plugin-vue-scoped-css": "2.10.0", "eslint-plugin-wc": "3.0.1", - "globals": "16.1.0", + "globals": "16.3.0", "happy-dom": "18.0.1", "license-checker-rseidelsohn": "4.4.2", "markdownlint-cli": "0.45.0", From bcde3aea4fa66e6e64ec1eebf8fd6de9b7f33b53 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 2 Jul 2025 16:40:48 +0200 Subject: [PATCH 3/3] Update module github.com/go-chi/cors to v1.2.2 (forgejo) (#8380) Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8380 Reviewed-by: Gusted Co-authored-by: Renovate Bot Co-committed-by: Renovate Bot --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 70db6ef875..1602f1ef19 100644 --- a/go.mod +++ b/go.mod @@ -42,7 +42,7 @@ require ( github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9 github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73 github.com/go-chi/chi/v5 v5.2.2 - github.com/go-chi/cors v1.2.1 + github.com/go-chi/cors v1.2.2 github.com/go-co-op/gocron v1.37.0 github.com/go-enry/go-enry/v2 v2.9.2 github.com/go-git/go-git/v5 v5.13.2 diff --git a/go.sum b/go.sum index e9cf6413cd..1aa2380161 100644 --- a/go.sum +++ b/go.sum @@ -215,8 +215,8 @@ github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkPro github.com/go-chi/chi/v5 v5.0.1/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= github.com/go-chi/chi/v5 v5.2.2 h1:CMwsvRVTbXVytCk1Wd72Zy1LAsAh9GxMmSNWLHCG618= github.com/go-chi/chi/v5 v5.2.2/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops= -github.com/go-chi/cors v1.2.1 h1:xEC8UT3Rlp2QuWNEr4Fs/c2EAGVKBwy/1vHx3bppil4= -github.com/go-chi/cors v1.2.1/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58= +github.com/go-chi/cors v1.2.2 h1:Jmey33TE+b+rB7fT8MUy1u0I4L+NARQlK6LhzKPSyQE= +github.com/go-chi/cors v1.2.2/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58= github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0= github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY= github.com/go-enry/go-enry/v2 v2.9.2 h1:giOQAtCgBX08kosrX818DCQJTCNtKwoPBGu0qb6nKTY=