From 3f280f89e7471a6dcdaefccc64a8d39188970e63 Mon Sep 17 00:00:00 2001 From: KN4CK3R Date: Wed, 23 Mar 2022 05:54:07 +0100 Subject: [PATCH 01/10] Update HTTP status codes to modern codes (#18063) * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect --- cmd/web_acme.go | 2 +- integrations/admin_user_test.go | 2 +- integrations/api_branch_test.go | 6 +-- .../api_helper_for_declarative_test.go | 8 ++-- integrations/api_pull_test.go | 10 ++--- integrations/api_repo_languages_test.go | 2 +- integrations/attachment_test.go | 4 +- integrations/auth_ldap_test.go | 4 +- integrations/change_default_branch_test.go | 2 +- integrations/create_no_session_test.go | 2 +- integrations/delete_user_test.go | 4 +- integrations/editor_test.go | 10 ++--- integrations/git_smart_http_test.go | 14 +++---- integrations/git_test.go | 4 +- integrations/integration_test.go | 4 +- integrations/issue_test.go | 10 ++--- integrations/links_test.go | 2 +- integrations/mirror_push_test.go | 4 +- integrations/nonascii_branches_test.go | 4 +- integrations/oauth_test.go | 41 ++++++++++--------- integrations/privateactivity_test.go | 2 +- integrations/pull_create_test.go | 6 +-- integrations/pull_merge_test.go | 6 +-- integrations/pull_status_test.go | 4 +- integrations/release_test.go | 2 +- integrations/rename_branch_test.go | 4 +- integrations/repo_branch_test.go | 24 +++++------ integrations/repo_fork_test.go | 2 +- integrations/repo_generate_test.go | 2 +- integrations/repo_migrate_test.go | 2 +- integrations/setting_test.go | 6 +-- integrations/signout_test.go | 2 +- integrations/signup_test.go | 6 +-- integrations/user_avatar_test.go | 2 +- integrations/user_test.go | 4 +- integrations/xss_test.go | 2 +- modules/context/api.go | 4 +- modules/context/context.go | 6 +-- modules/context/repo.go | 2 +- modules/lfs/http_client_test.go | 2 +- modules/private/restore_repo.go | 2 +- modules/web/route_test.go | 2 +- routers/api/v1/org/member.go | 4 +- routers/api/v1/repo/issue_tracked_time.go | 2 +- routers/common/middleware.go | 4 +- routers/install/install.go | 2 +- routers/install/routes.go | 6 +-- routers/web/admin/admin.go | 10 ++--- routers/web/admin/notice.go | 4 +- routers/web/auth/oauth.go | 8 ++-- routers/web/auth/webauthn.go | 4 +- routers/web/base.go | 16 ++++---- routers/web/explore/code.go | 2 +- routers/web/goget.go | 2 +- routers/web/metrics.go | 4 +- routers/web/repo/editor.go | 4 +- routers/web/repo/issue.go | 22 +++++----- routers/web/repo/issue_dependency.go | 4 +- routers/web/repo/issue_label_test.go | 6 +-- routers/web/repo/issue_lock.go | 6 +-- routers/web/repo/issue_watch.go | 2 +- routers/web/repo/search.go | 2 +- routers/web/repo/setting_protected_branch.go | 2 +- routers/web/repo/settings_test.go | 22 +++++----- routers/web/repo/webhook.go | 6 +-- routers/web/repo/wiki_test.go | 4 +- routers/web/user/home.go | 6 +-- routers/web/user/setting/account_test.go | 2 +- routers/web/web.go | 8 ++-- services/auth/sspi_windows.go | 2 +- services/lfs/locks.go | 12 +++--- services/migrations/gitea_downloader_test.go | 2 +- services/migrations/gitlab.go | 4 +- services/migrations/gitlab_test.go | 2 +- services/migrations/onedev_test.go | 2 +- templates/swagger/v1_json.tmpl | 2 +- 76 files changed, 211 insertions(+), 212 deletions(-) diff --git a/cmd/web_acme.go b/cmd/web_acme.go index 9a04274db5806..459d4f0a76974 100644 --- a/cmd/web_acme.go +++ b/cmd/web_acme.go @@ -128,5 +128,5 @@ func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) { // URI always contains a leading slash, which would result in a double // slash target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI() - http.Redirect(w, r, target, http.StatusFound) + http.Redirect(w, r, target, http.StatusTemporaryRedirect) } diff --git a/integrations/admin_user_test.go b/integrations/admin_user_test.go index d657f65fa55e4..59adac7ecc65b 100644 --- a/integrations/admin_user_test.go +++ b/integrations/admin_user_test.go @@ -46,7 +46,7 @@ func TestAdminEditUser(t *testing.T) { } func testSuccessfullEdit(t *testing.T, formData user_model.User) { - makeRequest(t, formData, http.StatusFound) + makeRequest(t, formData, http.StatusSeeOther) } func makeRequest(t *testing.T, formData user_model.User, headerCode int) { diff --git a/integrations/api_branch_test.go b/integrations/api_branch_test.go index 54fe4a6edaec6..e137331343f34 100644 --- a/integrations/api_branch_test.go +++ b/integrations/api_branch_test.go @@ -37,7 +37,7 @@ func testAPIGetBranchProtection(t *testing.T, branchName string, expectedHTTPSta req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/branch_protections/%s?token=%s", branchName, token) resp := session.MakeRequest(t, req, expectedHTTPStatus) - if resp.Code == 200 { + if resp.Code == http.StatusOK { var branchProtection api.BranchProtection DecodeJSON(t, resp, &branchProtection) assert.EqualValues(t, branchName, branchProtection.BranchName) @@ -52,7 +52,7 @@ func testAPICreateBranchProtection(t *testing.T, branchName string, expectedHTTP }) resp := session.MakeRequest(t, req, expectedHTTPStatus) - if resp.Code == 201 { + if resp.Code == http.StatusCreated { var branchProtection api.BranchProtection DecodeJSON(t, resp, &branchProtection) assert.EqualValues(t, branchName, branchProtection.BranchName) @@ -65,7 +65,7 @@ func testAPIEditBranchProtection(t *testing.T, branchName string, body *api.Bran req := NewRequestWithJSON(t, "PATCH", "/api/v1/repos/user2/repo1/branch_protections/"+branchName+"?token="+token, body) resp := session.MakeRequest(t, req, expectedHTTPStatus) - if resp.Code == 200 { + if resp.Code == http.StatusOK { var branchProtection api.BranchProtection DecodeJSON(t, resp, &branchProtection) assert.EqualValues(t, branchName, branchProtection.BranchName) diff --git a/integrations/api_helper_for_declarative_test.go b/integrations/api_helper_for_declarative_test.go index 7f2cd787c355f..5da72b7fb15a6 100644 --- a/integrations/api_helper_for_declarative_test.go +++ b/integrations/api_helper_for_declarative_test.go @@ -227,7 +227,7 @@ func doAPICreatePullRequest(ctx APITestContext, owner, repo, baseBranch, headBra Title: fmt.Sprintf("create a pr from %s to %s", headBranch, baseBranch), }) - expected := 201 + expected := http.StatusCreated if ctx.ExpectedCode != 0 { expected = ctx.ExpectedCode } @@ -246,7 +246,7 @@ func doAPIGetPullRequest(ctx APITestContext, owner, repo string, index int64) fu owner, repo, index, ctx.Token) req := NewRequest(t, http.MethodGet, urlStr) - expected := 200 + expected := http.StatusOK if ctx.ExpectedCode != 0 { expected = ctx.ExpectedCode } @@ -287,7 +287,7 @@ func doAPIMergePullRequest(ctx APITestContext, owner, repo string, index int64) expected := ctx.ExpectedCode if expected == 0 { - expected = 200 + expected = http.StatusOK } if !assert.EqualValues(t, expected, resp.Code, @@ -310,7 +310,7 @@ func doAPIManuallyMergePullRequest(ctx APITestContext, owner, repo, commitID str ctx.Session.MakeRequest(t, req, ctx.ExpectedCode) return } - ctx.Session.MakeRequest(t, req, 200) + ctx.Session.MakeRequest(t, req, http.StatusOK) } } diff --git a/integrations/api_pull_test.go b/integrations/api_pull_test.go index b6b8ad873476c..a1c2a4c3e6edb 100644 --- a/integrations/api_pull_test.go +++ b/integrations/api_pull_test.go @@ -77,7 +77,7 @@ func TestAPICreatePullSuccess(t *testing.T) { Base: "master", Title: "create a failure pr", }) - session.MakeRequest(t, req, 201) + session.MakeRequest(t, req, http.StatusCreated) session.MakeRequest(t, req, http.StatusUnprocessableEntity) // second request should fail } @@ -105,7 +105,7 @@ func TestAPICreatePullWithFieldsSuccess(t *testing.T) { req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls?token=%s", owner10.Name, repo10.Name, token), opts) - res := session.MakeRequest(t, req, 201) + res := session.MakeRequest(t, req, http.StatusCreated) pull := new(api.PullRequest) DecodeJSON(t, res, pull) @@ -165,7 +165,7 @@ func TestAPIEditPull(t *testing.T) { Title: "create a success pr", }) pull := new(api.PullRequest) - resp := session.MakeRequest(t, req, 201) + resp := session.MakeRequest(t, req, http.StatusCreated) DecodeJSON(t, resp, pull) assert.EqualValues(t, "master", pull.Base.Name) @@ -173,12 +173,12 @@ func TestAPIEditPull(t *testing.T) { Base: "feature/1", Title: "edit a this pr", }) - resp = session.MakeRequest(t, req, 201) + resp = session.MakeRequest(t, req, http.StatusCreated) DecodeJSON(t, resp, pull) assert.EqualValues(t, "feature/1", pull.Base.Name) req = NewRequestWithJSON(t, http.MethodPatch, fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d?token=%s", owner10.Name, repo10.Name, pull.Index, token), &api.EditPullRequestOption{ Base: "not-exist", }) - session.MakeRequest(t, req, 404) + session.MakeRequest(t, req, http.StatusNotFound) } diff --git a/integrations/api_repo_languages_test.go b/integrations/api_repo_languages_test.go index ea20e6d5428c3..8775d2502998c 100644 --- a/integrations/api_repo_languages_test.go +++ b/integrations/api_repo_languages_test.go @@ -33,7 +33,7 @@ func TestRepoLanguages(t *testing.T) { "content": "package main", "commit_choice": "direct", }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) // let gitea calculate language stats time.Sleep(time.Second) diff --git a/integrations/attachment_test.go b/integrations/attachment_test.go index 25243feb3c2e9..00e5b9de543aa 100644 --- a/integrations/attachment_test.go +++ b/integrations/attachment_test.go @@ -59,7 +59,7 @@ func createAttachment(t *testing.T, session *TestSession, repoURL, filename stri func TestCreateAnonymousAttachment(t *testing.T) { defer prepareTestEnv(t)() session := emptyTestSession(t) - createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusFound) + createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusSeeOther) } func TestCreateIssueAttachment(t *testing.T) { @@ -83,7 +83,7 @@ func TestCreateIssueAttachment(t *testing.T) { } req = NewRequestWithValues(t, "POST", link, postData) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) test.RedirectURL(resp) // check that redirect URL exists // Validate that attachment is available diff --git a/integrations/auth_ldap_test.go b/integrations/auth_ldap_test.go index ef0fafc93de4e..234e7c3ee9291 100644 --- a/integrations/auth_ldap_test.go +++ b/integrations/auth_ldap_test.go @@ -135,7 +135,7 @@ func addAuthSourceLDAP(t *testing.T, sshKeyAttribute string, groupMapParams ...s "group_team_map_removal": groupTeamMapRemoval, "user_uid": "DN", }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) } func TestLDAPUserSignin(t *testing.T) { @@ -202,7 +202,7 @@ func TestLDAPAuthChange(t *testing.T) { "is_sync_enabled": "on", "is_active": "on", }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) req = NewRequest(t, "GET", href) resp = session.MakeRequest(t, req, http.StatusOK) diff --git a/integrations/change_default_branch_test.go b/integrations/change_default_branch_test.go index af5542e0b2d3c..096afa28f46f5 100644 --- a/integrations/change_default_branch_test.go +++ b/integrations/change_default_branch_test.go @@ -28,7 +28,7 @@ func TestChangeDefaultBranch(t *testing.T) { "action": "default_branch", "branch": "DefaultBranch", }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) csrf = GetCSRF(t, session, branchesURL) req = NewRequestWithValues(t, "POST", branchesURL, map[string]string{ diff --git a/integrations/create_no_session_test.go b/integrations/create_no_session_test.go index a76ff1eaafb3d..49234c1e9599c 100644 --- a/integrations/create_no_session_test.go +++ b/integrations/create_no_session_test.go @@ -110,7 +110,7 @@ func TestSessionFileCreation(t *testing.T) { "user_name": "user2", "password": userPassword, }) - resp = MakeRequest(t, req, http.StatusFound) + resp = MakeRequest(t, req, http.StatusSeeOther) sessionID = getSessionID(t, resp) assert.FileExists(t, sessionFile(tmpDir, sessionID)) diff --git a/integrations/delete_user_test.go b/integrations/delete_user_test.go index e44d2e7bd3de1..f24d75065f200 100644 --- a/integrations/delete_user_test.go +++ b/integrations/delete_user_test.go @@ -36,7 +36,7 @@ func TestUserDeleteAccount(t *testing.T) { req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ "_csrf": csrf, }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) assertUserDeleted(t, 8) unittest.CheckConsistencyFor(t, &user_model.User{}) @@ -51,7 +51,7 @@ func TestUserDeleteAccountStillOwnRepos(t *testing.T) { req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ "_csrf": csrf, }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) // user should not have been deleted, because the user still owns repos unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) diff --git a/integrations/editor_test.go b/integrations/editor_test.go index 05892aa90684d..3ed0e510c4af5 100644 --- a/integrations/editor_test.go +++ b/integrations/editor_test.go @@ -34,7 +34,7 @@ func TestCreateFile(t *testing.T) { "content": "Content", "commit_choice": "direct", }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) }) } @@ -48,7 +48,7 @@ func TestCreateFileOnProtectedBranch(t *testing.T) { "_csrf": csrf, "protected": "on", }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) // Check if master branch has been locked successfully flashCookie := session.GetCookie("macaron_flash") assert.NotNil(t, flashCookie) @@ -82,7 +82,7 @@ func TestCreateFileOnProtectedBranch(t *testing.T) { "_csrf": csrf, "protected": "off", }) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) // Check if master branch has been locked successfully flashCookie = session.GetCookie("macaron_flash") assert.NotNil(t, flashCookie) @@ -109,7 +109,7 @@ func testEditFile(t *testing.T, session *TestSession, user, repo, branch, filePa "commit_choice": "direct", }, ) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) // Verify the change req = NewRequest(t, "GET", path.Join(user, repo, "raw/branch", branch, filePath)) @@ -139,7 +139,7 @@ func testEditFileToNewBranch(t *testing.T, session *TestSession, user, repo, bra "new_branch_name": targetBranch, }, ) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) // Verify the change req = NewRequest(t, "GET", path.Join(user, repo, "raw/branch", targetBranch, filePath)) diff --git a/integrations/git_smart_http_test.go b/integrations/git_smart_http_test.go index b6043fe706683..a6baafe374ed0 100644 --- a/integrations/git_smart_http_test.go +++ b/integrations/git_smart_http_test.go @@ -24,31 +24,31 @@ func testGitSmartHTTP(t *testing.T, u *url.URL) { }{ { p: "user2/repo1/info/refs", - code: 200, + code: http.StatusOK, }, { p: "user2/repo1/HEAD", - code: 200, + code: http.StatusOK, }, { p: "user2/repo1/objects/info/alternates", - code: 404, + code: http.StatusNotFound, }, { p: "user2/repo1/objects/info/http-alternates", - code: 404, + code: http.StatusNotFound, }, { p: "user2/repo1/../../custom/conf/app.ini", - code: 404, + code: http.StatusNotFound, }, { p: "user2/repo1/objects/info/../../../../custom/conf/app.ini", - code: 404, + code: http.StatusNotFound, }, { p: `user2/repo1/objects/info/..\..\..\..\custom\conf\app.ini`, - code: 400, + code: http.StatusBadRequest, }, } diff --git a/integrations/git_test.go b/integrations/git_test.go index e1df8ac546a4f..675b1879fafc9 100644 --- a/integrations/git_test.go +++ b/integrations/git_test.go @@ -435,7 +435,7 @@ func doProtectBranch(ctx APITestContext, branch, userToWhitelist, unprotectedFil "protected": "on", "unprotected_file_patterns": unprotectedFilePatterns, }) - ctx.Session.MakeRequest(t, req, http.StatusFound) + ctx.Session.MakeRequest(t, req, http.StatusSeeOther) } else { user, err := user_model.GetUserByName(userToWhitelist) assert.NoError(t, err) @@ -448,7 +448,7 @@ func doProtectBranch(ctx APITestContext, branch, userToWhitelist, unprotectedFil "whitelist_users": strconv.FormatInt(user.ID, 10), "unprotected_file_patterns": unprotectedFilePatterns, }) - ctx.Session.MakeRequest(t, req, http.StatusFound) + ctx.Session.MakeRequest(t, req, http.StatusSeeOther) } // Check if master branch has been locked successfully flashCookie := ctx.Session.GetCookie("macaron_flash") diff --git a/integrations/integration_test.go b/integrations/integration_test.go index dfa5bade785e1..c778fb8013459 100644 --- a/integrations/integration_test.go +++ b/integrations/integration_test.go @@ -380,7 +380,7 @@ func loginUserWithPassword(t testing.TB, userName, password string) *TestSession "user_name": userName, "password": password, }) - resp = MakeRequest(t, req, http.StatusFound) + resp = MakeRequest(t, req, http.StatusSeeOther) ch := http.Header{} ch.Add("Cookie", strings.Join(resp.Header()["Set-Cookie"], ";")) @@ -408,7 +408,7 @@ func getTokenForLoggedInUser(t testing.TB, session *TestSession) string { "_csrf": doc.GetCSRF(), "name": fmt.Sprintf("api-testing-token-%d", tokenCounter), }) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) req = NewRequest(t, "GET", "/user/settings/applications") resp = session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) diff --git a/integrations/issue_test.go b/integrations/issue_test.go index 29de774ee4d2d..6a9b48e5a41d6 100644 --- a/integrations/issue_test.go +++ b/integrations/issue_test.go @@ -132,7 +132,7 @@ func testNewIssue(t *testing.T, session *TestSession, user, repo, title, content "title": title, "content": content, }) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) issueURL := test.RedirectURL(resp) req = NewRequest(t, "GET", issueURL) @@ -162,7 +162,7 @@ func testIssueAddComment(t *testing.T, session *TestSession, issueURL, content, "content": content, "status": status, }) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) req = NewRequest(t, "GET", test.RedirectURL(resp)) resp = session.MakeRequest(t, req, http.StatusOK) @@ -334,16 +334,16 @@ func TestIssueRedirect(t *testing.T) { // Test external tracker where style not set (shall default numeric) req := NewRequest(t, "GET", path.Join("org26", "repo_external_tracker", "issues", "1")) - resp := session.MakeRequest(t, req, http.StatusFound) + resp := session.MakeRequest(t, req, http.StatusSeeOther) assert.Equal(t, "https://tracker.com/org26/repo_external_tracker/issues/1", test.RedirectURL(resp)) // Test external tracker with numeric style req = NewRequest(t, "GET", path.Join("org26", "repo_external_tracker_numeric", "issues", "1")) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) assert.Equal(t, "https://tracker.com/org26/repo_external_tracker_numeric/issues/1", test.RedirectURL(resp)) // Test external tracker with alphanumeric style (for a pull request) req = NewRequest(t, "GET", path.Join("org26", "repo_external_tracker_alpha", "issues", "1")) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) assert.Equal(t, "/"+path.Join("org26", "repo_external_tracker_alpha", "pulls", "1"), test.RedirectURL(resp)) } diff --git a/integrations/links_test.go b/integrations/links_test.go index f514aa7757b21..bc87ffad8360a 100644 --- a/integrations/links_test.go +++ b/integrations/links_test.go @@ -59,7 +59,7 @@ func TestRedirectsNoLogin(t *testing.T) { } for link, redirectLink := range redirects { req := NewRequest(t, "GET", link) - resp := MakeRequest(t, req, http.StatusFound) + resp := MakeRequest(t, req, http.StatusSeeOther) assert.EqualValues(t, path.Join(setting.AppSubURL, redirectLink), test.RedirectURL(resp)) } } diff --git a/integrations/mirror_push_test.go b/integrations/mirror_push_test.go index b231b7a91968c..c5f45643ec290 100644 --- a/integrations/mirror_push_test.go +++ b/integrations/mirror_push_test.go @@ -89,7 +89,7 @@ func doCreatePushMirror(ctx APITestContext, address, username, password string) "push_mirror_password": password, "push_mirror_interval": "0", }) - ctx.Session.MakeRequest(t, req, http.StatusFound) + ctx.Session.MakeRequest(t, req, http.StatusSeeOther) flashCookie := ctx.Session.GetCookie("macaron_flash") assert.NotNil(t, flashCookie) @@ -110,7 +110,7 @@ func doRemovePushMirror(ctx APITestContext, address, username, password string, "push_mirror_password": password, "push_mirror_interval": "0", }) - ctx.Session.MakeRequest(t, req, http.StatusFound) + ctx.Session.MakeRequest(t, req, http.StatusSeeOther) flashCookie := ctx.Session.GetCookie("macaron_flash") assert.NotNil(t, flashCookie) diff --git a/integrations/nonascii_branches_test.go b/integrations/nonascii_branches_test.go index f2992ecc1f888..5ab7b8526a988 100644 --- a/integrations/nonascii_branches_test.go +++ b/integrations/nonascii_branches_test.go @@ -18,7 +18,7 @@ func testSrcRouteRedirect(t *testing.T, session *TestSession, user, repo, route, // Make request req := NewRequest(t, "GET", path.Join(prefix, route)) - resp := session.MakeRequest(t, req, http.StatusFound) + resp := session.MakeRequest(t, req, http.StatusSeeOther) // Check Location header location := resp.HeaderMap.Get("Location") @@ -37,7 +37,7 @@ func setDefaultBranch(t *testing.T, session *TestSession, user, repo, branch str "action": "default_branch", "branch": branch, }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) } func TestNonasciiBranches(t *testing.T) { diff --git a/integrations/oauth_test.go b/integrations/oauth_test.go index c36aab652b36f..678dfbae2d486 100644 --- a/integrations/oauth_test.go +++ b/integrations/oauth_test.go @@ -7,6 +7,7 @@ package integrations import ( "bytes" "io" + "net/http" "testing" "code.gitea.io/gitea/modules/json" @@ -21,20 +22,20 @@ func TestNoClientID(t *testing.T) { defer prepareTestEnv(t)() req := NewRequest(t, "GET", "/login/oauth/authorize") ctx := loginUser(t, "user2") - ctx.MakeRequest(t, req, 400) + ctx.MakeRequest(t, req, http.StatusBadRequest) } func TestLoginRedirect(t *testing.T) { defer prepareTestEnv(t)() req := NewRequest(t, "GET", "/login/oauth/authorize") - assert.Contains(t, MakeRequest(t, req, 302).Body.String(), "/user/login") + assert.Contains(t, MakeRequest(t, req, http.StatusSeeOther).Body.String(), "/user/login") } func TestShowAuthorize(t *testing.T) { defer prepareTestEnv(t)() req := NewRequest(t, "GET", defaultAuthorize) ctx := loginUser(t, "user4") - resp := ctx.MakeRequest(t, req, 200) + resp := ctx.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) htmlDoc.AssertElement(t, "#authorize-app", true) @@ -45,7 +46,7 @@ func TestRedirectWithExistingGrant(t *testing.T) { defer prepareTestEnv(t)() req := NewRequest(t, "GET", defaultAuthorize) ctx := loginUser(t, "user1") - resp := ctx.MakeRequest(t, req, 302) + resp := ctx.MakeRequest(t, req, http.StatusSeeOther) u, err := resp.Result().Location() assert.NoError(t, err) assert.Equal(t, "thestate", u.Query().Get("state")) @@ -62,7 +63,7 @@ func TestAccessTokenExchange(t *testing.T) { "code": "authcode", "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally }) - resp := MakeRequest(t, req, 200) + resp := MakeRequest(t, req, http.StatusOK) type response struct { AccessToken string `json:"access_token"` TokenType string `json:"token_type"` @@ -86,7 +87,7 @@ func TestAccessTokenExchangeWithoutPKCE(t *testing.T) { "code": "authcode", "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally }) - resp := MakeRequest(t, req, 200) + resp := MakeRequest(t, req, http.StatusOK) type response struct { AccessToken string `json:"access_token"` TokenType string `json:"token_type"` @@ -109,7 +110,7 @@ func TestAccessTokenExchangeJSON(t *testing.T) { "redirect_uri": "a", "code": "authcode", }) - MakeRequest(t, req, 400) + MakeRequest(t, req, http.StatusBadRequest) } func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) { @@ -123,7 +124,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) { "code": "authcode", "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally }) - MakeRequest(t, req, 400) + MakeRequest(t, req, http.StatusBadRequest) // invalid client secret req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ "grant_type": "authorization_code", @@ -133,7 +134,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) { "code": "authcode", "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally }) - MakeRequest(t, req, 400) + MakeRequest(t, req, http.StatusBadRequest) // invalid redirect uri req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ "grant_type": "authorization_code", @@ -143,7 +144,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) { "code": "authcode", "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally }) - MakeRequest(t, req, 400) + MakeRequest(t, req, http.StatusBadRequest) // invalid authorization code req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ "grant_type": "authorization_code", @@ -153,7 +154,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) { "code": "???", "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally }) - MakeRequest(t, req, 400) + MakeRequest(t, req, http.StatusBadRequest) // invalid grant_type req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ "grant_type": "???", @@ -163,7 +164,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) { "code": "authcode", "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally }) - MakeRequest(t, req, 400) + MakeRequest(t, req, http.StatusBadRequest) } func TestAccessTokenExchangeWithBasicAuth(t *testing.T) { @@ -175,7 +176,7 @@ func TestAccessTokenExchangeWithBasicAuth(t *testing.T) { "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally }) req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OjRNSzhOYTZSNTVzbWRDWTBXdUNDdW1aNmhqUlBuR1k1c2FXVlJISGpKaUE9") - resp := MakeRequest(t, req, 200) + resp := MakeRequest(t, req, http.StatusOK) type response struct { AccessToken string `json:"access_token"` TokenType string `json:"token_type"` @@ -196,7 +197,7 @@ func TestAccessTokenExchangeWithBasicAuth(t *testing.T) { "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally }) req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OmJsYWJsYQ==") - resp = MakeRequest(t, req, 400) + resp = MakeRequest(t, req, http.StatusBadRequest) // missing header req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{ @@ -205,7 +206,7 @@ func TestAccessTokenExchangeWithBasicAuth(t *testing.T) { "code": "authcode", "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally }) - resp = MakeRequest(t, req, 400) + resp = MakeRequest(t, req, http.StatusBadRequest) } func TestRefreshTokenInvalidation(t *testing.T) { @@ -218,7 +219,7 @@ func TestRefreshTokenInvalidation(t *testing.T) { "code": "authcode", "code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt", // test PKCE additionally }) - resp := MakeRequest(t, req, 200) + resp := MakeRequest(t, req, http.StatusOK) type response struct { AccessToken string `json:"access_token"` TokenType string `json:"token_type"` @@ -244,16 +245,16 @@ func TestRefreshTokenInvalidation(t *testing.T) { assert.NoError(t, err) refreshReq.Body = io.NopCloser(bytes.NewReader(bs)) - MakeRequest(t, refreshReq, 200) + MakeRequest(t, refreshReq, http.StatusOK) refreshReq.Body = io.NopCloser(bytes.NewReader(bs)) - MakeRequest(t, refreshReq, 200) + MakeRequest(t, refreshReq, http.StatusOK) // test with invalidation setting.OAuth2.InvalidateRefreshTokens = true refreshReq.Body = io.NopCloser(bytes.NewReader(bs)) - MakeRequest(t, refreshReq, 200) + MakeRequest(t, refreshReq, http.StatusOK) refreshReq.Body = io.NopCloser(bytes.NewReader(bs)) - MakeRequest(t, refreshReq, 400) + MakeRequest(t, refreshReq, http.StatusBadRequest) } diff --git a/integrations/privateactivity_test.go b/integrations/privateactivity_test.go index 44df39b6e004a..c5cdc27d6e078 100644 --- a/integrations/privateactivity_test.go +++ b/integrations/privateactivity_test.go @@ -53,7 +53,7 @@ func testPrivateActivityHelperEnablePrivateActivity(t *testing.T) { "language": "en-US", "keep_activity_private": "1", }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) } func testPrivateActivityHelperHasVisibleActivitiesInHTMLDoc(htmlDoc *HTMLDoc) bool { diff --git a/integrations/pull_create_test.go b/integrations/pull_create_test.go index 948c0b9ce257e..671b5e7551b50 100644 --- a/integrations/pull_create_test.go +++ b/integrations/pull_create_test.go @@ -38,7 +38,7 @@ func testPullCreate(t *testing.T, session *TestSession, user, repo, branch, titl "_csrf": htmlDoc.GetCSRF(), "title": title, }) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) return resp } @@ -130,7 +130,7 @@ func testDeleteRepository(t *testing.T, session *TestSession, ownerName, repoNam "_csrf": htmlDoc.GetCSRF(), "repo_name": repoName, }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) } func TestPullBranchDelete(t *testing.T) { @@ -139,7 +139,7 @@ func TestPullBranchDelete(t *testing.T) { session := loginUser(t, "user1") testRepoFork(t, session, "user2", "repo1", "user1", "repo1") - testCreateBranch(t, session, "user1", "repo1", "branch/master", "master1", http.StatusFound) + testCreateBranch(t, session, "user1", "repo1", "branch/master", "master1", http.StatusSeeOther) testEditFile(t, session, "user1", "repo1", "master1", "README.md", "Hello, World (Edited)\n") resp := testPullCreate(t, session, "user1", "repo1", "master1", "This is a pull title") diff --git a/integrations/pull_merge_test.go b/integrations/pull_merge_test.go index 8aded910d4b25..2e33d7095f050 100644 --- a/integrations/pull_merge_test.go +++ b/integrations/pull_merge_test.go @@ -42,7 +42,7 @@ func testPullMerge(t *testing.T, session *TestSession, user, repo, pullnum strin "_csrf": htmlDoc.GetCSRF(), "do": string(mergeStyle), }) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) return resp } @@ -220,7 +220,7 @@ func TestCantMergeConflict(t *testing.T) { Base: "base", Title: "create a conflicting pr", }) - session.MakeRequest(t, req, 201) + session.MakeRequest(t, req, http.StatusCreated) // Now this PR will be marked conflict - or at least a race will do - so drop down to pure code at this point... user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ @@ -330,7 +330,7 @@ func TestCantMergeUnrelated(t *testing.T) { Base: "base", Title: "create an unrelated pr", }) - session.MakeRequest(t, req, 201) + session.MakeRequest(t, req, http.StatusCreated) // Now this PR could be marked conflict - or at least a race may occur - so drop down to pure code at this point... gitRepo, err := git.OpenRepository(path) diff --git a/integrations/pull_status_test.go b/integrations/pull_status_test.go index f818643005348..07c73ceac6826 100644 --- a/integrations/pull_status_test.go +++ b/integrations/pull_status_test.go @@ -29,7 +29,7 @@ func TestPullCreate_CommitStatus(t *testing.T) { "title": "pull request from status1", }, ) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) req = NewRequest(t, "GET", "/user1/repo1/pulls") resp := session.MakeRequest(t, req, http.StatusOK) @@ -108,7 +108,7 @@ func TestPullCreate_EmptyChangesWithCommits(t *testing.T) { "title": "pull request from status1", }, ) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) req = NewRequest(t, "GET", "/user1/repo1/pulls/1") resp := session.MakeRequest(t, req, http.StatusOK) diff --git a/integrations/release_test.go b/integrations/release_test.go index 28e03477917a3..88591a05e91a6 100644 --- a/integrations/release_test.go +++ b/integrations/release_test.go @@ -43,7 +43,7 @@ func createNewRelease(t *testing.T, session *TestSession, repoURL, tag, title st } req = NewRequestWithValues(t, "POST", link, postData) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) test.RedirectURL(resp) // check that redirect URL exists } diff --git a/integrations/rename_branch_test.go b/integrations/rename_branch_test.go index e856214f3c51b..7760a2d946c41 100644 --- a/integrations/rename_branch_test.go +++ b/integrations/rename_branch_test.go @@ -27,7 +27,7 @@ func TestRenameBranch(t *testing.T) { "to": "main", } req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/rename_branch", postData) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) // check new branch link req = NewRequestWithValues(t, "GET", "/user2/repo1/src/branch/main/README.md", postData) @@ -35,7 +35,7 @@ func TestRenameBranch(t *testing.T) { // check old branch link req = NewRequestWithValues(t, "GET", "/user2/repo1/src/branch/master/README.md", postData) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) location := resp.HeaderMap.Get("Location") assert.Equal(t, "/user2/repo1/src/branch/main/README.md", location) diff --git a/integrations/repo_branch_test.go b/integrations/repo_branch_test.go index aef28515e7ce2..ade5d673b9c9c 100644 --- a/integrations/repo_branch_test.go +++ b/integrations/repo_branch_test.go @@ -30,7 +30,7 @@ func testCreateBranch(t testing.TB, session *TestSession, user, repo, oldRefSubU "new_branch_name": newBranchName, }) resp := session.MakeRequest(t, req, expectedStatus) - if expectedStatus != http.StatusFound { + if expectedStatus != http.StatusSeeOther { return "" } return test.RedirectURL(resp) @@ -51,37 +51,37 @@ func testCreateBranches(t *testing.T, giteaURL *url.URL) { { OldRefSubURL: "branch/master", NewBranch: "feature/test1", - ExpectedStatus: http.StatusFound, + ExpectedStatus: http.StatusSeeOther, FlashMessage: i18n.Tr("en", "repo.branch.create_success", "feature/test1"), }, { OldRefSubURL: "branch/master", NewBranch: "", - ExpectedStatus: http.StatusFound, + ExpectedStatus: http.StatusSeeOther, FlashMessage: i18n.Tr("en", "form.NewBranchName") + i18n.Tr("en", "form.require_error"), }, { OldRefSubURL: "branch/master", NewBranch: "feature=test1", - ExpectedStatus: http.StatusFound, + ExpectedStatus: http.StatusSeeOther, FlashMessage: i18n.Tr("en", "repo.branch.create_success", "feature=test1"), }, { OldRefSubURL: "branch/master", NewBranch: strings.Repeat("b", 101), - ExpectedStatus: http.StatusFound, + ExpectedStatus: http.StatusSeeOther, FlashMessage: i18n.Tr("en", "form.NewBranchName") + i18n.Tr("en", "form.max_size_error", "100"), }, { OldRefSubURL: "branch/master", NewBranch: "master", - ExpectedStatus: http.StatusFound, + ExpectedStatus: http.StatusSeeOther, FlashMessage: i18n.Tr("en", "repo.branch.branch_already_exists", "master"), }, { OldRefSubURL: "branch/master", NewBranch: "master/test", - ExpectedStatus: http.StatusFound, + ExpectedStatus: http.StatusSeeOther, FlashMessage: i18n.Tr("en", "repo.branch.branch_name_conflict", "master/test", "master"), }, { @@ -92,21 +92,21 @@ func testCreateBranches(t *testing.T, giteaURL *url.URL) { { OldRefSubURL: "commit/65f1bf27bc3bf70f64657658635e66094edbcb4d", NewBranch: "feature/test3", - ExpectedStatus: http.StatusFound, + ExpectedStatus: http.StatusSeeOther, FlashMessage: i18n.Tr("en", "repo.branch.create_success", "feature/test3"), }, { OldRefSubURL: "branch/master", NewBranch: "v1.0.0", CreateRelease: "v1.0.0", - ExpectedStatus: http.StatusFound, + ExpectedStatus: http.StatusSeeOther, FlashMessage: i18n.Tr("en", "repo.branch.tag_collision", "v1.0.0"), }, { OldRefSubURL: "tag/v1.0.0", NewBranch: "feature/test4", CreateRelease: "v1.0.1", - ExpectedStatus: http.StatusFound, + ExpectedStatus: http.StatusSeeOther, FlashMessage: i18n.Tr("en", "repo.branch.create_success", "feature/test4"), }, } @@ -116,7 +116,7 @@ func testCreateBranches(t *testing.T, giteaURL *url.URL) { createNewRelease(t, session, "/user2/repo1", test.CreateRelease, test.CreateRelease, false, false) } redirectURL := testCreateBranch(t, session, "user2", "repo1", test.OldRefSubURL, test.NewBranch, test.ExpectedStatus) - if test.ExpectedStatus == http.StatusFound { + if test.ExpectedStatus == http.StatusSeeOther { req := NewRequest(t, "GET", redirectURL) resp := session.MakeRequest(t, req, http.StatusOK) htmlDoc := NewHTMLParser(t, resp.Body) @@ -135,7 +135,7 @@ func TestCreateBranchInvalidCSRF(t *testing.T) { "_csrf": "fake_csrf", "new_branch_name": "test", }) - resp := session.MakeRequest(t, req, http.StatusFound) + resp := session.MakeRequest(t, req, http.StatusSeeOther) loc := resp.Header().Get("Location") assert.Equal(t, setting.AppSubURL+"/", loc) resp = session.MakeRequest(t, NewRequest(t, "GET", loc), http.StatusOK) diff --git a/integrations/repo_fork_test.go b/integrations/repo_fork_test.go index 27b62d264652d..d701850f140e2 100644 --- a/integrations/repo_fork_test.go +++ b/integrations/repo_fork_test.go @@ -45,7 +45,7 @@ func testRepoFork(t *testing.T, session *TestSession, ownerName, repoName, forkO "uid": fmt.Sprintf("%d", forkOwner.ID), "repo_name": forkRepoName, }) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) // Step4: check the existence of the forked repo req = NewRequestf(t, "GET", "/%s/%s", forkOwnerName, forkRepoName) diff --git a/integrations/repo_generate_test.go b/integrations/repo_generate_test.go index b70a4a4797393..4fbbb56c50d93 100644 --- a/integrations/repo_generate_test.go +++ b/integrations/repo_generate_test.go @@ -46,7 +46,7 @@ func testRepoGenerate(t *testing.T, session *TestSession, templateOwnerName, tem "repo_name": generateRepoName, "git_content": "true", }) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) // Step4: check the existence of the generated repo req = NewRequestf(t, "GET", "/%s/%s", generateOwnerName, generateRepoName) diff --git a/integrations/repo_migrate_test.go b/integrations/repo_migrate_test.go index e6ba15b137bd0..4e6923dd6f57e 100644 --- a/integrations/repo_migrate_test.go +++ b/integrations/repo_migrate_test.go @@ -33,7 +33,7 @@ func testRepoMigrate(t testing.TB, session *TestSession, cloneAddr, repoName str "repo_name": repoName, "service": fmt.Sprintf("%d", structs.PlainGitService), }) - resp = session.MakeRequest(t, req, http.StatusFound) + resp = session.MakeRequest(t, req, http.StatusSeeOther) return resp } diff --git a/integrations/setting_test.go b/integrations/setting_test.go index c0455a452023c..3852eb4955aad 100644 --- a/integrations/setting_test.go +++ b/integrations/setting_test.go @@ -90,17 +90,17 @@ func TestSettingLandingPage(t *testing.T) { setting.LandingPageURL = setting.LandingPageExplore req = NewRequest(t, "GET", "/") - resp := MakeRequest(t, req, http.StatusFound) + resp := MakeRequest(t, req, http.StatusSeeOther) assert.Equal(t, "/explore", resp.Header().Get("Location")) setting.LandingPageURL = setting.LandingPageOrganizations req = NewRequest(t, "GET", "/") - resp = MakeRequest(t, req, http.StatusFound) + resp = MakeRequest(t, req, http.StatusSeeOther) assert.Equal(t, "/explore/organizations", resp.Header().Get("Location")) setting.LandingPageURL = setting.LandingPageLogin req = NewRequest(t, "GET", "/") - resp = MakeRequest(t, req, http.StatusFound) + resp = MakeRequest(t, req, http.StatusSeeOther) assert.Equal(t, "/user/login", resp.Header().Get("Location")) setting.LandingPageURL = landingPage diff --git a/integrations/signout_test.go b/integrations/signout_test.go index b54e7ee9eeec4..8ef97e89c5283 100644 --- a/integrations/signout_test.go +++ b/integrations/signout_test.go @@ -15,7 +15,7 @@ func TestSignOut(t *testing.T) { session := loginUser(t, "user2") req := NewRequest(t, "POST", "/user/logout") - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) // try to view a private repo, should fail req = NewRequest(t, "GET", "/user2/repo2") diff --git a/integrations/signup_test.go b/integrations/signup_test.go index 93e384076ffd3..87dea2fbe714e 100644 --- a/integrations/signup_test.go +++ b/integrations/signup_test.go @@ -29,7 +29,7 @@ func TestSignup(t *testing.T) { "password": "examplePassword!1", "retype": "examplePassword!1", }) - MakeRequest(t, req, http.StatusFound) + MakeRequest(t, req, http.StatusSeeOther) // should be able to view new user's page req = NewRequest(t, "GET", "/exampleUser") @@ -48,7 +48,7 @@ func TestSignupAsRestricted(t *testing.T) { "password": "examplePassword!1", "retype": "examplePassword!1", }) - MakeRequest(t, req, http.StatusFound) + MakeRequest(t, req, http.StatusSeeOther) // should be able to view new user's page req = NewRequest(t, "GET", "/restrictedUser") @@ -71,7 +71,7 @@ func TestSignupEmail(t *testing.T) { {"exampleUser@example.com\r\n", http.StatusOK, i18n.Tr("en", "form.email_invalid", nil)}, {"exampleUser@example.com\r", http.StatusOK, i18n.Tr("en", "form.email_invalid", nil)}, {"exampleUser@example.com\n", http.StatusOK, i18n.Tr("en", "form.email_invalid", nil)}, - {"exampleUser@example.com", http.StatusFound, ""}, + {"exampleUser@example.com", http.StatusSeeOther, ""}, } for i, test := range tests { diff --git a/integrations/user_avatar_test.go b/integrations/user_avatar_test.go index 7c2267885aeb0..2bf6fde5ff1d1 100644 --- a/integrations/user_avatar_test.go +++ b/integrations/user_avatar_test.go @@ -70,7 +70,7 @@ func TestUserAvatar(t *testing.T) { req.Header.Add("X-Csrf-Token", csrf) req.Header.Add("Content-Type", writer.FormDataContentType()) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) user2 = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User) // owner of the repo3, is an org diff --git a/integrations/user_test.go b/integrations/user_test.go index 4cfe7700e17f8..24f2a4d6a866b 100644 --- a/integrations/user_test.go +++ b/integrations/user_test.go @@ -33,7 +33,7 @@ func TestRenameUsername(t *testing.T) { "email": "user2@example.com", "language": "en-US", }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "newUsername"}) unittest.AssertNotExistsBean(t, &user_model.User{Name: "user2"}) @@ -103,7 +103,7 @@ func TestRenameReservedUsername(t *testing.T) { "email": "user2@example.com", "language": "en-US", }) - resp := session.MakeRequest(t, req, http.StatusFound) + resp := session.MakeRequest(t, req, http.StatusSeeOther) req = NewRequest(t, "GET", test.RedirectURL(resp)) resp = session.MakeRequest(t, req, http.StatusOK) diff --git a/integrations/xss_test.go b/integrations/xss_test.go index 4c2e60e799b71..1ce25e1bf5c3a 100644 --- a/integrations/xss_test.go +++ b/integrations/xss_test.go @@ -27,7 +27,7 @@ func TestXSSUserFullName(t *testing.T) { "email": user.Email, "language": "en-US", }) - session.MakeRequest(t, req, http.StatusFound) + session.MakeRequest(t, req, http.StatusSeeOther) req = NewRequestf(t, "GET", "/%s", user.Name) resp := session.MakeRequest(t, req, http.StatusOK) diff --git a/modules/context/api.go b/modules/context/api.go index c1b31dcff9500..e847ca35fac9b 100644 --- a/modules/context/api.go +++ b/modules/context/api.go @@ -214,7 +214,7 @@ func (ctx *APIContext) RequireCSRF() { if len(headerToken) > 0 || len(formValueToken) > 0 { Validate(ctx.Context, ctx.csrf) } else { - ctx.Context.Error(401, "Missing CSRF token.") + ctx.Context.Error(http.StatusUnauthorized, "Missing CSRF token.") } } @@ -239,7 +239,7 @@ func (ctx *APIContext) CheckForOTP() { return } if !ok { - ctx.Context.Error(401) + ctx.Context.Error(http.StatusUnauthorized) return } } diff --git a/modules/context/context.go b/modules/context/context.go index 57448907e25ff..61f58eabb2201 100644 --- a/modules/context/context.go +++ b/modules/context/context.go @@ -139,7 +139,7 @@ func RedirectToUser(ctx *Context, userName string, redirectUserID int64) { if ctx.Req.URL.RawQuery != "" { redirectPath += "?" + ctx.Req.URL.RawQuery } - ctx.Redirect(path.Join(setting.AppSubURL, redirectPath)) + ctx.Redirect(path.Join(setting.AppSubURL, redirectPath), http.StatusTemporaryRedirect) } // HasAPIError returns true if error occurs in form validation. @@ -215,7 +215,7 @@ func (ctx *Context) HTML(status int, name base.TplName) { // RenderToString renders the template content to a string func (ctx *Context) RenderToString(name base.TplName, data map[string]interface{}) (string, error) { var buf strings.Builder - err := ctx.Render.HTML(&buf, 200, string(name), data) + err := ctx.Render.HTML(&buf, http.StatusOK, string(name), data) return buf.String(), err } @@ -397,7 +397,7 @@ func (ctx *Context) JSON(status int, content interface{}) { // Redirect redirects the request func (ctx *Context) Redirect(location string, status ...int) { - code := http.StatusFound + code := http.StatusSeeOther if len(status) == 1 { code = status[0] } diff --git a/modules/context/repo.go b/modules/context/repo.go index f8b07ffb05a93..87be2af135800 100644 --- a/modules/context/repo.go +++ b/modules/context/repo.go @@ -335,7 +335,7 @@ func RedirectToRepo(ctx *Context, redirectRepoID int64) { if ctx.Req.URL.RawQuery != "" { redirectPath += "?" + ctx.Req.URL.RawQuery } - ctx.Redirect(path.Join(setting.AppSubURL, redirectPath)) + ctx.Redirect(path.Join(setting.AppSubURL, redirectPath), http.StatusTemporaryRedirect) } func repoAssignment(ctx *Context, repo *repo_model.Repository) { diff --git a/modules/lfs/http_client_test.go b/modules/lfs/http_client_test.go index 0ffe663da58ed..8f6dcb1966c3b 100644 --- a/modules/lfs/http_client_test.go +++ b/modules/lfs/http_client_test.go @@ -81,7 +81,7 @@ func lfsTestRoundtripHandler(req *http.Request) *http.Response { Objects: []*ObjectResponse{ { Error: &ObjectError{ - Code: 404, + Code: http.StatusNotFound, Message: "Object not found", }, }, diff --git a/modules/private/restore_repo.go b/modules/private/restore_repo.go index 347ed5e78a80e..b1561f392bd28 100644 --- a/modules/private/restore_repo.go +++ b/modules/private/restore_repo.go @@ -45,7 +45,7 @@ func RestoreRepo(ctx context.Context, repoDir, ownerName, repoName string, units } defer resp.Body.Close() - if resp.StatusCode != 200 { + if resp.StatusCode != http.StatusOK { ret := struct { Err string `json:"err"` }{} diff --git a/modules/web/route_test.go b/modules/web/route_test.go index a8470fec94f57..801afe92c9252 100644 --- a/modules/web/route_test.go +++ b/modules/web/route_test.go @@ -67,7 +67,7 @@ func TestRoute2(t *testing.T) { route = 1 }) }, func(resp http.ResponseWriter, req *http.Request) { - resp.WriteHeader(200) + resp.WriteHeader(http.StatusOK) }) r.Group("/issues/{index}", func() { diff --git a/routers/api/v1/org/member.go b/routers/api/v1/org/member.go index 7f82f193857ec..9dae15462f3b4 100644 --- a/routers/api/v1/org/member.go +++ b/routers/api/v1/org/member.go @@ -130,7 +130,7 @@ func IsMember(ctx *context.APIContext) { // responses: // "204": // description: user is a member - // "302": + // "303": // description: redirection to /orgs/{org}/public_members/{username} // "404": // description: user is not a member @@ -161,7 +161,7 @@ func IsMember(ctx *context.APIContext) { } redirectURL := setting.AppSubURL + "/api/v1/orgs/" + url.PathEscape(ctx.Org.Organization.Name) + "/public_members/" + url.PathEscape(userToCheck.Name) - ctx.Redirect(redirectURL, 302) + ctx.Redirect(redirectURL) } // IsPublicMember check if a user is a public member of an organization diff --git a/routers/api/v1/repo/issue_tracked_time.go b/routers/api/v1/repo/issue_tracked_time.go index 5cc39becb82bc..19732c101f8c8 100644 --- a/routers/api/v1/repo/issue_tracked_time.go +++ b/routers/api/v1/repo/issue_tracked_time.go @@ -288,7 +288,7 @@ func ResetIssueTime(ctx *context.APIContext) { } return } - ctx.Status(204) + ctx.Status(http.StatusNoContent) } // DeleteTime delete a specific time by id diff --git a/routers/common/middleware.go b/routers/common/middleware.go index 880700969ae6f..591c4cf30e8e9 100644 --- a/routers/common/middleware.go +++ b/routers/common/middleware.go @@ -70,9 +70,9 @@ func Middlewares() []func(http.Handler) http.Handler { combinedErr := fmt.Sprintf("PANIC: %v\n%s", err, log.Stack(2)) log.Error("%v", combinedErr) if setting.IsProd { - http.Error(resp, http.StatusText(500), 500) + http.Error(resp, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } else { - http.Error(resp, combinedErr, 500) + http.Error(resp, combinedErr, http.StatusInternalServerError) } } }() diff --git a/routers/install/install.go b/routers/install/install.go index 98eeb5f8a0ea7..164ce6840565f 100644 --- a/routers/install/install.go +++ b/routers/install/install.go @@ -59,7 +59,7 @@ func Init(next http.Handler) http.Handler { return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { if setting.InstallLock { resp.Header().Add("Refresh", "1; url="+setting.AppURL+"user/login") - _ = rnd.HTML(resp, 200, string(tplPostInstall), nil) + _ = rnd.HTML(resp, http.StatusOK, string(tplPostInstall), nil) return } locale := middleware.Locale(resp, req) diff --git a/routers/install/routes.go b/routers/install/routes.go index f377cd40c9a2b..ef96e99628ef8 100644 --- a/routers/install/routes.go +++ b/routers/install/routes.go @@ -41,9 +41,9 @@ func installRecovery() func(next http.Handler) http.Handler { combinedErr := fmt.Sprintf("PANIC: %v\n%s", err, log.Stack(2)) log.Error("%s", combinedErr) if setting.IsProd { - http.Error(w, http.StatusText(500), 500) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } else { - http.Error(w, combinedErr, 500) + http.Error(w, combinedErr, http.StatusInternalServerError) } } }() @@ -66,7 +66,7 @@ func installRecovery() func(next http.Handler) http.Handler { if !setting.IsProd { store["ErrorMsg"] = combinedErr } - err = rnd.HTML(w, 500, "status/500", templates.BaseVars().Merge(store)) + err = rnd.HTML(w, http.StatusInternalServerError, "status/500", templates.BaseVars().Merge(store)) if err != nil { log.Error("%v", err) } diff --git a/routers/web/admin/admin.go b/routers/web/admin/admin.go index 63bc7de7d7dce..4c700df354400 100644 --- a/routers/web/admin/admin.go +++ b/routers/web/admin/admin.go @@ -346,7 +346,7 @@ func Queue(ctx *context.Context) { qid := ctx.ParamsInt64("qid") mq := queue.GetManager().GetManagedQueue(qid) if mq == nil { - ctx.Status(404) + ctx.Status(http.StatusNotFound) return } ctx.Data["Title"] = ctx.Tr("admin.monitor.queue", mq.Name) @@ -361,7 +361,7 @@ func WorkerCancel(ctx *context.Context) { qid := ctx.ParamsInt64("qid") mq := queue.GetManager().GetManagedQueue(qid) if mq == nil { - ctx.Status(404) + ctx.Status(http.StatusNotFound) return } pid := ctx.ParamsInt64("pid") @@ -377,7 +377,7 @@ func Flush(ctx *context.Context) { qid := ctx.ParamsInt64("qid") mq := queue.GetManager().GetManagedQueue(qid) if mq == nil { - ctx.Status(404) + ctx.Status(http.StatusNotFound) return } timeout, err := time.ParseDuration(ctx.FormString("timeout")) @@ -423,7 +423,7 @@ func AddWorkers(ctx *context.Context) { qid := ctx.ParamsInt64("qid") mq := queue.GetManager().GetManagedQueue(qid) if mq == nil { - ctx.Status(404) + ctx.Status(http.StatusNotFound) return } number := ctx.FormInt("number") @@ -453,7 +453,7 @@ func SetQueueSettings(ctx *context.Context) { qid := ctx.ParamsInt64("qid") mq := queue.GetManager().GetManagedQueue(qid) if mq == nil { - ctx.Status(404) + ctx.Status(http.StatusNotFound) return } if _, ok := mq.Managed.(queue.ManagedPool); !ok { diff --git a/routers/web/admin/notice.go b/routers/web/admin/notice.go index 147e03ba03fda..b50549b80454f 100644 --- a/routers/web/admin/notice.go +++ b/routers/web/admin/notice.go @@ -59,10 +59,10 @@ func DeleteNotices(ctx *context.Context) { if err := admin_model.DeleteNoticesByIDs(ids); err != nil { ctx.Flash.Error("DeleteNoticesByIDs: " + err.Error()) - ctx.Status(500) + ctx.Status(http.StatusInternalServerError) } else { ctx.Flash.Success(ctx.Tr("admin.notices.delete_success")) - ctx.Status(200) + ctx.Status(http.StatusOK) } } diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index 847af52bdbe82..4369c333ac0d5 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -462,7 +462,7 @@ func AuthorizeOAuth(ctx *context.Context) { log.Error("Unable to update nonce: %v", err) } } - ctx.Redirect(redirect.String(), 302) + ctx.Redirect(redirect.String()) return } @@ -544,7 +544,7 @@ func GrantApplicationOAuth(ctx *context.Context) { handleServerError(ctx, form.State, form.RedirectURI) return } - ctx.Redirect(redirect.String(), 302) + ctx.Redirect(redirect.String(), http.StatusSeeOther) } // OIDCWellKnown generates JSON so OIDC clients know Gitea's capabilities @@ -752,7 +752,7 @@ func handleAuthorizeError(ctx *context.Context, authErr AuthorizeError, redirect if redirectURI == "" { log.Warn("Authorization failed: %v", authErr.ErrorDescription) ctx.Data["Error"] = authErr - ctx.HTML(400, tplGrantError) + ctx.HTML(http.StatusBadRequest, tplGrantError) return } redirect, err := url.Parse(redirectURI) @@ -765,7 +765,7 @@ func handleAuthorizeError(ctx *context.Context, authErr AuthorizeError, redirect q.Set("error_description", authErr.ErrorDescription) q.Set("state", authErr.State) redirect.RawQuery = q.Encode() - ctx.Redirect(redirect.String(), 302) + ctx.Redirect(redirect.String(), http.StatusSeeOther) } // SignInOAuth handles the OAuth2 login buttons diff --git a/routers/web/auth/webauthn.go b/routers/web/auth/webauthn.go index bedbe7ddc37b5..c0cf58f3d35e8 100644 --- a/routers/web/auth/webauthn.go +++ b/routers/web/auth/webauthn.go @@ -39,7 +39,7 @@ func WebAuthn(ctx *context.Context) { return } - ctx.HTML(200, tplWebAuthn) + ctx.HTML(http.StatusOK, tplWebAuthn) } // WebAuthnLoginAssertion submits a WebAuthn challenge to the browser @@ -166,5 +166,5 @@ func WebAuthnLoginAssertionPost(ctx *context.Context) { } } - ctx.JSON(200, map[string]string{"redirect": redirect}) + ctx.JSON(http.StatusOK, map[string]string{"redirect": redirect}) } diff --git a/routers/web/base.go b/routers/web/base.go index 3e873c5826d00..938abaef81631 100644 --- a/routers/web/base.go +++ b/routers/web/base.go @@ -50,11 +50,11 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor if err != nil { if os.IsNotExist(err) || errors.Is(err, os.ErrNotExist) { log.Warn("Unable to find %s %s", prefix, rPath) - http.Error(w, "file not found", 404) + http.Error(w, "file not found", http.StatusNotFound) return } log.Error("Error whilst getting URL for %s %s. Error: %v", prefix, rPath, err) - http.Error(w, fmt.Sprintf("Error whilst getting URL for %s %s", prefix, rPath), 500) + http.Error(w, fmt.Sprintf("Error whilst getting URL for %s %s", prefix, rPath), http.StatusInternalServerError) return } @@ -62,7 +62,7 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor w, req, u.String(), - http.StatusMovedPermanently, + http.StatusPermanentRedirect, ) }) } @@ -82,7 +82,7 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor rPath := strings.TrimPrefix(req.URL.Path, "/"+prefix+"/") rPath = path.Clean("/" + strings.ReplaceAll(rPath, "\\", "/"))[1:] if rPath == "" { - http.Error(w, "file not found", 404) + http.Error(w, "file not found", http.StatusNotFound) return } @@ -96,11 +96,11 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor if err != nil { if os.IsNotExist(err) || errors.Is(err, os.ErrNotExist) { log.Warn("Unable to find %s %s", prefix, rPath) - http.Error(w, "file not found", 404) + http.Error(w, "file not found", http.StatusNotFound) return } log.Error("Error whilst opening %s %s. Error: %v", prefix, rPath, err) - http.Error(w, fmt.Sprintf("Error whilst opening %s %s", prefix, rPath), 500) + http.Error(w, fmt.Sprintf("Error whilst opening %s %s", prefix, rPath), http.StatusInternalServerError) return } defer fr.Close() @@ -108,7 +108,7 @@ func storageHandler(storageSetting setting.Storage, prefix string, objStore stor _, err = io.Copy(w, fr) if err != nil { log.Error("Error whilst rendering %s %s. Error: %v", prefix, rPath, err) - http.Error(w, fmt.Sprintf("Error whilst rendering %s %s", prefix, rPath), 500) + http.Error(w, fmt.Sprintf("Error whilst rendering %s %s", prefix, rPath), http.StatusInternalServerError) return } }) @@ -163,7 +163,7 @@ func Recovery() func(next http.Handler) http.Handler { if !setting.IsProd { store["ErrorMsg"] = combinedErr } - err = rnd.HTML(w, 500, "status/500", templates.BaseVars().Merge(store)) + err = rnd.HTML(w, http.StatusInternalServerError, "status/500", templates.BaseVars().Merge(store)) if err != nil { log.Error("%v", err) } diff --git a/routers/web/explore/code.go b/routers/web/explore/code.go index 506d13b59b1d9..28bdc7c9ca596 100644 --- a/routers/web/explore/code.go +++ b/routers/web/explore/code.go @@ -24,7 +24,7 @@ const ( // Code render explore code page func Code(ctx *context.Context) { if !setting.Indexer.RepoIndexerEnabled { - ctx.Redirect(setting.AppSubURL+"/explore", 302) + ctx.Redirect(setting.AppSubURL + "/explore") return } diff --git a/routers/web/goget.go b/routers/web/goget.go index 2843a96c30bd3..4a31fcc2c51cc 100644 --- a/routers/web/goget.go +++ b/routers/web/goget.go @@ -48,7 +48,7 @@ func goGet(ctx *context.Context) { `)) - ctx.Status(400) + ctx.Status(http.StatusBadRequest) return } branchName := setting.Repository.DefaultBranch diff --git a/routers/web/metrics.go b/routers/web/metrics.go index 37558ee337646..c7e01b8faafa3 100644 --- a/routers/web/metrics.go +++ b/routers/web/metrics.go @@ -21,13 +21,13 @@ func Metrics(resp http.ResponseWriter, req *http.Request) { } header := req.Header.Get("Authorization") if header == "" { - http.Error(resp, "", 401) + http.Error(resp, "", http.StatusUnauthorized) return } got := []byte(header) want := []byte("Bearer " + setting.Metrics.Token) if subtle.ConstantTimeCompare(got, want) != 1 { - http.Error(resp, "", 401) + http.Error(resp, "", http.StatusUnauthorized) return } promhttp.Handler().ServeHTTP(resp, req) diff --git a/routers/web/repo/editor.go b/routers/web/repo/editor.go index a2cf070375142..c10162c7595d8 100644 --- a/routers/web/repo/editor.go +++ b/routers/web/repo/editor.go @@ -780,7 +780,7 @@ func UploadFileToServer(ctx *context.Context) { func RemoveUploadFileFromServer(ctx *context.Context) { form := web.GetForm(ctx).(*forms.RemoveUploadFileForm) if len(form.File) == 0 { - ctx.Status(204) + ctx.Status(http.StatusNoContent) return } @@ -790,7 +790,7 @@ func RemoveUploadFileFromServer(ctx *context.Context) { } log.Trace("Upload file removed: %s", form.File) - ctx.Status(204) + ctx.Status(http.StatusNoContent) } // GetUniquePatchBranchName Gets a unique branch name for a new patch branch diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go index adf7e93eac2fe..aeb1f0a020f9e 100644 --- a/routers/web/repo/issue.go +++ b/routers/web/repo/issue.go @@ -1931,7 +1931,7 @@ func UpdatePullReviewRequest(ctx *context.Context) { // TODO: Not support 'clear' now if action != "attach" && action != "detach" { - ctx.Status(403) + ctx.Status(http.StatusForbidden) return } @@ -1946,7 +1946,7 @@ func UpdatePullReviewRequest(ctx *context.Context) { "UpdatePullReviewRequest: refusing to add review request for non-PR issue %-v#%d", issue.Repo, issue.Index, ) - ctx.Status(403) + ctx.Status(http.StatusForbidden) return } if reviewID < 0 { @@ -1961,7 +1961,7 @@ func UpdatePullReviewRequest(ctx *context.Context) { "UpdatePullReviewRequest: refusing to add team review request for %s#%d owned by non organization UID[%d]", issue.Repo.FullName(), issue.Index, issue.Repo.ID, ) - ctx.Status(403) + ctx.Status(http.StatusForbidden) return } @@ -1975,7 +1975,7 @@ func UpdatePullReviewRequest(ctx *context.Context) { log.Warn( "UpdatePullReviewRequest: refusing to add team review request for UID[%d] team %s to %s#%d owned by UID[%d]", team.OrgID, team.Name, issue.Repo.FullName(), issue.Index, issue.Repo.ID) - ctx.Status(403) + ctx.Status(http.StatusForbidden) return } @@ -1987,7 +1987,7 @@ func UpdatePullReviewRequest(ctx *context.Context) { team.OrgID, team.Name, issue.Repo.FullName(), issue.Index, issue.Repo.ID, err, ) - ctx.Status(403) + ctx.Status(http.StatusForbidden) return } ctx.ServerError("IsValidTeamReviewRequest", err) @@ -2010,7 +2010,7 @@ func UpdatePullReviewRequest(ctx *context.Context) { reviewID, issue.Repo, issue.Index, err, ) - ctx.Status(403) + ctx.Status(http.StatusForbidden) return } ctx.ServerError("GetUserByID", err) @@ -2025,7 +2025,7 @@ func UpdatePullReviewRequest(ctx *context.Context) { reviewer, issue.Repo, issue.Index, err, ) - ctx.Status(403) + ctx.Status(http.StatusForbidden) return } ctx.ServerError("isValidReviewRequest", err) @@ -2117,7 +2117,7 @@ func NewComment(ctx *context.Context) { if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin { ctx.Flash.Error(ctx.Tr("repo.issues.comment_on_locked")) - ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther) + ctx.Redirect(issue.HTMLURL()) return } @@ -2170,10 +2170,10 @@ func NewComment(ctx *context.Context) { if models.IsErrDependenciesLeft(err) { if issue.IsPull { ctx.Flash.Error(ctx.Tr("repo.issues.dependency.pr_close_blocked")) - ctx.Redirect(fmt.Sprintf("%s/pulls/%d", ctx.Repo.RepoLink, issue.Index), http.StatusSeeOther) + ctx.Redirect(fmt.Sprintf("%s/pulls/%d", ctx.Repo.RepoLink, issue.Index)) } else { ctx.Flash.Error(ctx.Tr("repo.issues.dependency.issue_close_blocked")) - ctx.Redirect(fmt.Sprintf("%s/issues/%d", ctx.Repo.RepoLink, issue.Index), http.StatusSeeOther) + ctx.Redirect(fmt.Sprintf("%s/issues/%d", ctx.Repo.RepoLink, issue.Index)) } return } @@ -2306,7 +2306,7 @@ func DeleteComment(ctx *context.Context) { return } - ctx.Status(200) + ctx.Status(http.StatusOK) } // ChangeIssueReaction create a reaction for issue diff --git a/routers/web/repo/issue_dependency.go b/routers/web/repo/issue_dependency.go index d9084328ee6bc..d43cb373a2fdb 100644 --- a/routers/web/repo/issue_dependency.go +++ b/routers/web/repo/issue_dependency.go @@ -35,7 +35,7 @@ func AddDependency(ctx *context.Context) { } // Redirect - defer ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther) + defer ctx.Redirect(issue.HTMLURL()) // Dependency dep, err := models.GetIssueByID(depID) @@ -125,5 +125,5 @@ func RemoveDependency(ctx *context.Context) { } // Redirect - ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther) + ctx.Redirect(issue.HTMLURL()) } diff --git a/routers/web/repo/issue_label_test.go b/routers/web/repo/issue_label_test.go index baa34530fabdf..5d7a29ee936d5 100644 --- a/routers/web/repo/issue_label_test.go +++ b/routers/web/repo/issue_label_test.go @@ -36,7 +36,7 @@ func TestInitializeLabels(t *testing.T) { test.LoadRepo(t, ctx, 2) web.SetForm(ctx, &forms.InitializeLabelsForm{TemplateName: "Default"}) InitializeLabels(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) unittest.AssertExistsAndLoadBean(t, &models.Label{ RepoID: 2, Name: "enhancement", @@ -82,7 +82,7 @@ func TestNewLabel(t *testing.T) { Color: "#abcdef", }) NewLabel(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) unittest.AssertExistsAndLoadBean(t, &models.Label{ Name: "newlabel", Color: "#abcdef", @@ -101,7 +101,7 @@ func TestUpdateLabel(t *testing.T) { Color: "#abcdef", }) UpdateLabel(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) unittest.AssertExistsAndLoadBean(t, &models.Label{ ID: 2, Name: "newnameforlabel", diff --git a/routers/web/repo/issue_lock.go b/routers/web/repo/issue_lock.go index b0168186694b8..5ac5cac52e152 100644 --- a/routers/web/repo/issue_lock.go +++ b/routers/web/repo/issue_lock.go @@ -5,8 +5,6 @@ package repo import ( - "net/http" - "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/web" @@ -43,7 +41,7 @@ func LockIssue(ctx *context.Context) { return } - ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther) + ctx.Redirect(issue.HTMLURL()) } // UnlockIssue unlocks a previously locked issue. @@ -67,5 +65,5 @@ func UnlockIssue(ctx *context.Context) { return } - ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther) + ctx.Redirect(issue.HTMLURL()) } diff --git a/routers/web/repo/issue_watch.go b/routers/web/repo/issue_watch.go index 223fc72071e18..53fec11cdcf1d 100644 --- a/routers/web/repo/issue_watch.go +++ b/routers/web/repo/issue_watch.go @@ -53,5 +53,5 @@ func IssueWatch(ctx *context.Context) { return } - ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther) + ctx.Redirect(issue.HTMLURL()) } diff --git a/routers/web/repo/search.go b/routers/web/repo/search.go index e33fe38dea1f3..c230e88d2d90f 100644 --- a/routers/web/repo/search.go +++ b/routers/web/repo/search.go @@ -18,7 +18,7 @@ const tplSearch base.TplName = "repo/search" // Search render repository search page func Search(ctx *context.Context) { if !setting.Indexer.RepoIndexerEnabled { - ctx.Redirect(ctx.Repo.RepoLink, 302) + ctx.Redirect(ctx.Repo.RepoLink) return } language := ctx.FormTrim("l") diff --git a/routers/web/repo/setting_protected_branch.go b/routers/web/repo/setting_protected_branch.go index cd6cf380384b0..dae618a758bce 100644 --- a/routers/web/repo/setting_protected_branch.go +++ b/routers/web/repo/setting_protected_branch.go @@ -73,7 +73,7 @@ func ProtectedBranchPost(ctx *context.Context) { branch := ctx.FormString("branch") if !ctx.Repo.GitRepo.IsBranchExist(branch) { - ctx.Status(404) + ctx.Status(http.StatusNotFound) return } else if repo.DefaultBranch != branch { repo.DefaultBranch = branch diff --git a/routers/web/repo/settings_test.go b/routers/web/repo/settings_test.go index bd29eca195587..db1e905869bf6 100644 --- a/routers/web/repo/settings_test.go +++ b/routers/web/repo/settings_test.go @@ -60,7 +60,7 @@ func TestAddReadOnlyDeployKey(t *testing.T) { } web.SetForm(ctx, &addKeyForm) DeployKeysPost(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) unittest.AssertExistsAndLoadBean(t, &asymkey_model.DeployKey{ Name: addKeyForm.Title, @@ -90,7 +90,7 @@ func TestAddReadWriteOnlyDeployKey(t *testing.T) { } web.SetForm(ctx, &addKeyForm) DeployKeysPost(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) unittest.AssertExistsAndLoadBean(t, &asymkey_model.DeployKey{ Name: addKeyForm.Title, @@ -127,7 +127,7 @@ func TestCollaborationPost(t *testing.T) { CollaborationPost(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) exists, err := models.IsCollaborator(re.ID, 4) assert.NoError(t, err) @@ -153,7 +153,7 @@ func TestCollaborationPost_InactiveUser(t *testing.T) { CollaborationPost(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) assert.NotEmpty(t, ctx.Flash.ErrorMsg) } @@ -185,7 +185,7 @@ func TestCollaborationPost_AddCollaboratorTwice(t *testing.T) { CollaborationPost(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) exists, err := models.IsCollaborator(re.ID, 4) assert.NoError(t, err) @@ -194,7 +194,7 @@ func TestCollaborationPost_AddCollaboratorTwice(t *testing.T) { // Try adding the same collaborator again CollaborationPost(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) assert.NotEmpty(t, ctx.Flash.ErrorMsg) } @@ -216,7 +216,7 @@ func TestCollaborationPost_NonExistentUser(t *testing.T) { CollaborationPost(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) assert.NotEmpty(t, ctx.Flash.ErrorMsg) } @@ -256,7 +256,7 @@ func TestAddTeamPost(t *testing.T) { AddTeamPost(ctx) assert.True(t, team.HasRepository(re.ID)) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) assert.Empty(t, ctx.Flash.ErrorMsg) } @@ -296,7 +296,7 @@ func TestAddTeamPost_NotAllowed(t *testing.T) { AddTeamPost(ctx) assert.False(t, team.HasRepository(re.ID)) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) assert.NotEmpty(t, ctx.Flash.ErrorMsg) } @@ -337,7 +337,7 @@ func TestAddTeamPost_AddTeamTwice(t *testing.T) { AddTeamPost(ctx) assert.True(t, team.HasRepository(re.ID)) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) assert.NotEmpty(t, ctx.Flash.ErrorMsg) } @@ -370,7 +370,7 @@ func TestAddTeamPost_NonExistentTeam(t *testing.T) { ctx.Repo = repo AddTeamPost(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) assert.NotEmpty(t, ctx.Flash.ErrorMsg) } diff --git a/routers/web/repo/webhook.go b/routers/web/repo/webhook.go index 7ffea1724af46..81dab5a3b9c22 100644 --- a/routers/web/repo/webhook.go +++ b/routers/web/repo/webhook.go @@ -1241,7 +1241,7 @@ func TestWebhook(ctx *context.Context) { w, err := webhook.GetWebhookByRepoID(ctx.Repo.Repository.ID, hookID) if err != nil { ctx.Flash.Error("GetWebhookByID: " + err.Error()) - ctx.Status(500) + ctx.Status(http.StatusInternalServerError) return } @@ -1285,10 +1285,10 @@ func TestWebhook(ctx *context.Context) { } if err := webhook_service.PrepareWebhook(w, ctx.Repo.Repository, webhook.HookEventPush, p); err != nil { ctx.Flash.Error("PrepareWebhook: " + err.Error()) - ctx.Status(500) + ctx.Status(http.StatusInternalServerError) } else { ctx.Flash.Info(ctx.Tr("repo.settings.webhook.delivery.success")) - ctx.Status(200) + ctx.Status(http.StatusOK) } } diff --git a/routers/web/repo/wiki_test.go b/routers/web/repo/wiki_test.go index b19c628a9f5b7..41b5c0f8fd23e 100644 --- a/routers/web/repo/wiki_test.go +++ b/routers/web/repo/wiki_test.go @@ -124,7 +124,7 @@ func TestNewWikiPost(t *testing.T) { Message: message, }) NewWikiPost(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) assertWikiExists(t, ctx.Repo.Repository, title) assert.Equal(t, wikiContent(t, ctx.Repo.Repository, title), content) } @@ -176,7 +176,7 @@ func TestEditWikiPost(t *testing.T) { Message: message, }) EditWikiPost(ctx) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) assertWikiExists(t, ctx.Repo.Repository, title) assert.Equal(t, wikiContent(t, ctx.Repo.Repository, title), content) if title != "Home" { diff --git a/routers/web/user/home.go b/routers/web/user/home.go index afdc344b69ea2..0878e8d5286d7 100644 --- a/routers/web/user/home.go +++ b/routers/web/user/home.go @@ -151,7 +151,7 @@ func Dashboard(ctx *context.Context) { func Milestones(ctx *context.Context) { if unit.TypeIssues.UnitGlobalDisabled() && unit.TypePullRequests.UnitGlobalDisabled() { log.Debug("Milestones overview page not available as both issues and pull requests are globally disabled") - ctx.Status(404) + ctx.Status(http.StatusNotFound) return } @@ -323,7 +323,7 @@ func Milestones(ctx *context.Context) { func Pulls(ctx *context.Context) { if unit.TypePullRequests.UnitGlobalDisabled() { log.Debug("Pull request overview page not available as it is globally disabled.") - ctx.Status(404) + ctx.Status(http.StatusNotFound) return } @@ -336,7 +336,7 @@ func Pulls(ctx *context.Context) { func Issues(ctx *context.Context) { if unit.TypeIssues.UnitGlobalDisabled() { log.Debug("Issues overview page not available as it is globally disabled.") - ctx.Status(404) + ctx.Status(http.StatusNotFound) return } diff --git a/routers/web/user/setting/account_test.go b/routers/web/user/setting/account_test.go index a67d09e9edc30..005603e7ac851 100644 --- a/routers/web/user/setting/account_test.go +++ b/routers/web/user/setting/account_test.go @@ -94,6 +94,6 @@ func TestChangePassword(t *testing.T) { AccountPost(ctx) assert.Contains(t, ctx.Flash.ErrorMsg, req.Message) - assert.EqualValues(t, http.StatusFound, ctx.Resp.Status()) + assert.EqualValues(t, http.StatusSeeOther, ctx.Resp.Status()) } } diff --git a/routers/web/web.go b/routers/web/web.go index 6d2fbedacea2b..b40a43058d423 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -96,7 +96,7 @@ func Routes(sessioner func(http.Handler) http.Handler) *web.Route { // this png is very likely to always be below the limit for gzip so it doesn't need to pass through gzip routes.Get("/apple-touch-icon.png", func(w http.ResponseWriter, req *http.Request) { - http.Redirect(w, req, path.Join(setting.StaticURLPrefix, "/assets/img/apple-touch-icon.png"), 301) + http.Redirect(w, req, path.Join(setting.StaticURLPrefix, "/assets/img/apple-touch-icon.png"), http.StatusPermanentRedirect) }) // redirect default favicon to the path of the custom favicon with a default as a fallback @@ -142,17 +142,17 @@ func Routes(sessioner func(http.Handler) http.Handler) *web.Route { routes.Get("/ssh_info", func(rw http.ResponseWriter, req *http.Request) { if !git.SupportProcReceive { - rw.WriteHeader(404) + rw.WriteHeader(http.StatusNotFound) return } rw.Header().Set("content-type", "text/json;charset=UTF-8") _, err := rw.Write([]byte(`{"type":"gitea","version":1}`)) if err != nil { log.Error("fail to write result: err: %v", err) - rw.WriteHeader(500) + rw.WriteHeader(http.StatusInternalServerError) return } - rw.WriteHeader(200) + rw.WriteHeader(http.StatusOK) }) // Removed: toolbox.Toolboxer middleware will provide debug information which seems unnecessary diff --git a/services/auth/sspi_windows.go b/services/auth/sspi_windows.go index cadf72179646f..3a8c8bed443ee 100644 --- a/services/auth/sspi_windows.go +++ b/services/auth/sspi_windows.go @@ -109,7 +109,7 @@ func (s *SSPI) Verify(req *http.Request, w http.ResponseWriter, store DataStore, store.GetData()["EnableOpenIDSignIn"] = setting.Service.EnableOpenIDSignIn store.GetData()["EnableSSPI"] = true - err := s.rnd.HTML(w, 401, string(tplSignIn), templates.BaseVars().Merge(store.GetData())) + err := s.rnd.HTML(w, http.StatusUnauthorized, string(tplSignIn), templates.BaseVars().Merge(store.GetData())) if err != nil { log.Error("%v", err) } diff --git a/services/lfs/locks.go b/services/lfs/locks.go index a96e931fd99e2..fa51470d62626 100644 --- a/services/lfs/locks.go +++ b/services/lfs/locks.go @@ -52,7 +52,7 @@ func GetListLockHandler(ctx *context.Context) { if err != nil { log.Debug("Could not find repository: %s/%s - %s", rv.User, rv.Repo, err) ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs") - ctx.JSON(401, api.LFSLockError{ + ctx.JSON(http.StatusUnauthorized, api.LFSLockError{ Message: "You must have pull access to list locks", }) return @@ -139,7 +139,7 @@ func PostLockHandler(ctx *context.Context) { if err != nil { log.Error("Unable to get repository: %s/%s Error: %v", userName, repoName, err) ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs") - ctx.JSON(401, api.LFSLockError{ + ctx.JSON(http.StatusUnauthorized, api.LFSLockError{ Message: "You must have push access to create locks", }) return @@ -164,7 +164,7 @@ func PostLockHandler(ctx *context.Context) { dec := json.NewDecoder(bodyReader) if err := dec.Decode(&req); err != nil { log.Warn("Failed to decode lock request as json. Error: %v", err) - writeStatus(ctx, 400) + writeStatus(ctx, http.StatusBadRequest) return } @@ -206,7 +206,7 @@ func VerifyLockHandler(ctx *context.Context) { if err != nil { log.Error("Unable to get repository: %s/%s Error: %v", userName, repoName, err) ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs") - ctx.JSON(401, api.LFSLockError{ + ctx.JSON(http.StatusUnauthorized, api.LFSLockError{ Message: "You must have push access to verify locks", }) return @@ -272,7 +272,7 @@ func UnLockHandler(ctx *context.Context) { if err != nil { log.Error("Unable to get repository: %s/%s Error: %v", userName, repoName, err) ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs") - ctx.JSON(401, api.LFSLockError{ + ctx.JSON(http.StatusUnauthorized, api.LFSLockError{ Message: "You must have push access to delete locks", }) return @@ -297,7 +297,7 @@ func UnLockHandler(ctx *context.Context) { dec := json.NewDecoder(bodyReader) if err := dec.Decode(&req); err != nil { log.Warn("Failed to decode lock request as json. Error: %v", err) - writeStatus(ctx, 400) + writeStatus(ctx, http.StatusBadRequest) return } diff --git a/services/migrations/gitea_downloader_test.go b/services/migrations/gitea_downloader_test.go index dc6903e854742..601b0a7c79331 100644 --- a/services/migrations/gitea_downloader_test.go +++ b/services/migrations/gitea_downloader_test.go @@ -25,7 +25,7 @@ func TestGiteaDownloadRepo(t *testing.T) { } resp, err := http.Get("https://gitea.com/gitea") - if err != nil || resp.StatusCode != 200 { + if err != nil || resp.StatusCode != http.StatusOK { t.Skipf("Can't reach https://gitea.com, skipping %s", t.Name()) } diff --git a/services/migrations/gitlab.go b/services/migrations/gitlab.go index d3a034e27c52a..549e3cb659c9a 100644 --- a/services/migrations/gitlab.go +++ b/services/migrations/gitlab.go @@ -91,7 +91,7 @@ func NewGitlabDownloader(ctx context.Context, baseURL, repoPath, username, passw u, _ := url.Parse(baseURL) for len(pathParts) >= 2 { _, resp, err = gitlabClient.Version.GetVersion() - if err == nil || resp != nil && resp.StatusCode == 401 { + if err == nil || resp != nil && resp.StatusCode == http.StatusUnauthorized { err = nil // if no authentication given, this still should work break } @@ -619,7 +619,7 @@ func (g *GitlabDownloader) GetPullRequests(page, perPage int) ([]*base.PullReque func (g *GitlabDownloader) GetReviews(reviewable base.Reviewable) ([]*base.Review, error) { approvals, resp, err := g.client.MergeRequestApprovals.GetConfiguration(g.repoID, int(reviewable.GetForeignIndex()), gitlab.WithContext(g.ctx)) if err != nil { - if resp != nil && resp.StatusCode == 404 { + if resp != nil && resp.StatusCode == http.StatusNotFound { log.Error(fmt.Sprintf("GitlabDownloader: while migrating a error occurred: '%s'", err.Error())) return []*base.Review{}, nil } diff --git a/services/migrations/gitlab_test.go b/services/migrations/gitlab_test.go index 52edb2af8fdfc..e63d674186df6 100644 --- a/services/migrations/gitlab_test.go +++ b/services/migrations/gitlab_test.go @@ -28,7 +28,7 @@ func TestGitlabDownloadRepo(t *testing.T) { } resp, err := http.Get("https://gitlab.com/gitea/test_repo") - if err != nil || resp.StatusCode != 200 { + if err != nil || resp.StatusCode != http.StatusOK { t.Skipf("Can't access test repo, skipping %s", t.Name()) } diff --git a/services/migrations/onedev_test.go b/services/migrations/onedev_test.go index 55ae7da1fcc66..0cf1ab852ca45 100644 --- a/services/migrations/onedev_test.go +++ b/services/migrations/onedev_test.go @@ -19,7 +19,7 @@ import ( func TestOneDevDownloadRepo(t *testing.T) { resp, err := http.Get("https://code.onedev.io/projects/go-gitea-test_repo") - if err != nil || resp.StatusCode != 200 { + if err != nil || resp.StatusCode != http.StatusOK { t.Skipf("Can't access test repo, skipping %s", t.Name()) } diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 3bc6158183e02..4f2e7dbb1a240 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -1474,7 +1474,7 @@ "204": { "description": "user is a member" }, - "302": { + "303": { "description": "redirection to /orgs/{org}/public_members/{username}" }, "404": { From 5248232c44f3819fbb8a6cdac258740afbb94823 Mon Sep 17 00:00:00 2001 From: zeripath Date: Wed, 23 Mar 2022 12:34:20 +0000 Subject: [PATCH 02/10] Try to prevent autolinking of displaynames by email readers (#19169) Unfortunately many email readers will (helpfully) detect url or url-like names and automatically create links to them, even in HTML emails. This is not ideal when usernames can have dots in them. This PR tries to prevent this behaviour by sticking ZWJ characters between dots and also set the meta tag to prevent format detection. Not every email template has been changed in this way - just the activation emails but it may be that we should be setting the above meta tag in all of our emails too. Signed-off-by: Andrew Thornton --- modules/templates/helper.go | 5 +++++ services/mailer/mail.go | 25 ++++++++++++++---------- services/mailer/mail_release.go | 5 +++-- services/mailer/mail_repo.go | 5 +++-- templates/mail/auth/activate.tmpl | 5 +++-- templates/mail/auth/activate_email.tmpl | 5 +++-- templates/mail/auth/register_notify.tmpl | 5 +++-- templates/mail/auth/reset_passwd.tmpl | 5 +++-- 8 files changed, 38 insertions(+), 22 deletions(-) diff --git a/modules/templates/helper.go b/modules/templates/helper.go index 63c165bc8bd24..918a6523ba2a7 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -632,6 +632,11 @@ func JSEscape(raw string) string { return template.JSEscapeString(raw) } +// DotEscape wraps a dots in names with ZWJ [U+200D] in order to prevent autolinkers from detecting these as urls +func DotEscape(raw string) string { + return strings.ReplaceAll(raw, ".", "\u200d.\u200d") +} + // Sha1 returns sha1 sum of string func Sha1(str string) string { return base.EncodeSha1(str) diff --git a/services/mailer/mail.go b/services/mailer/mail.go index 8e04e7e4d2266..1e90deb4c47d3 100644 --- a/services/mailer/mail.go +++ b/services/mailer/mail.go @@ -78,8 +78,9 @@ func sendUserMail(language string, u *user_model.User, tpl base.TplName, code, s "Code": code, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var content bytes.Buffer @@ -128,8 +129,9 @@ func SendActivateEmailMail(u *user_model.User, email *user_model.EmailAddress) { "Email": email.Email, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var content bytes.Buffer @@ -158,8 +160,9 @@ func SendRegisterNotifyMail(u *user_model.User) { "Username": u.Name, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var content bytes.Buffer @@ -191,8 +194,9 @@ func SendCollaboratorMail(u, doer *user_model.User, repo *repo_model.Repository) "Link": repo.HTMLURL(), "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var content bytes.Buffer @@ -275,8 +279,9 @@ func composeIssueCommentMessages(ctx *mailCommentContext, lang string, recipient "ReviewComments": reviewComments, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var mailSubject bytes.Buffer diff --git a/services/mailer/mail_release.go b/services/mailer/mail_release.go index 76dceb2387b40..b6bddeac045c3 100644 --- a/services/mailer/mail_release.go +++ b/services/mailer/mail_release.go @@ -75,8 +75,9 @@ func mailNewRelease(ctx context.Context, lang string, tos []string, rel *models. "Subject": subject, "Language": locale.Language(), // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } var mailBody bytes.Buffer diff --git a/services/mailer/mail_repo.go b/services/mailer/mail_repo.go index 24e6d671f4882..0abc666f1aef3 100644 --- a/services/mailer/mail_repo.go +++ b/services/mailer/mail_repo.go @@ -73,8 +73,9 @@ func sendRepoTransferNotifyMailPerLang(lang string, newOwner, doer *user_model.U "Language": locale.Language(), "Destination": destination, // helper - "i18n": locale, - "Str2html": templates.Str2html, + "i18n": locale, + "Str2html": templates.Str2html, + "DotEscape": templates.DotEscape, } if err := bodyTemplates.ExecuteTemplate(&content, string(mailRepoTransferNotify), data); err != nil { diff --git a/templates/mail/auth/activate.tmpl b/templates/mail/auth/activate.tmpl index 31e9a9688276c..5de3967bc4f1d 100644 --- a/templates/mail/auth/activate.tmpl +++ b/templates/mail/auth/activate.tmpl @@ -2,12 +2,13 @@ - {{.i18n.Tr "mail.activate_account.title" .DisplayName}} + + {{.i18n.Tr "mail.activate_account.title" (.DisplayName|DotEscape)}} {{ $activate_url := printf "%suser/activate?code=%s" AppUrl (QueryEscape .Code)}} -

{{.i18n.Tr "mail.activate_account.text_1" .DisplayName AppName | Str2html}}


+

{{.i18n.Tr "mail.activate_account.text_1" (.DisplayName|DotEscape) AppName | Str2html}}


{{.i18n.Tr "mail.activate_account.text_2" .ActiveCodeLives | Str2html}}

{{$activate_url}}


{{.i18n.Tr "mail.link_not_working_do_paste"}}

diff --git a/templates/mail/auth/activate_email.tmpl b/templates/mail/auth/activate_email.tmpl index 8bd037ae4f685..5c79798821f2b 100644 --- a/templates/mail/auth/activate_email.tmpl +++ b/templates/mail/auth/activate_email.tmpl @@ -2,12 +2,13 @@ - {{.i18n.Tr "mail.activate_email.title" .DisplayName}} + + {{.i18n.Tr "mail.activate_email.title" (.DisplayName|DotEscape)}} {{ $activate_url := printf "%suser/activate_email?code=%s&email=%s" AppUrl (QueryEscape .Code) (QueryEscape .Email)}} -

{{.i18n.Tr "mail.hi_user_x" .DisplayName | Str2html}}


+

{{.i18n.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | Str2html}}


{{.i18n.Tr "mail.activate_email.text" .ActiveCodeLives | Str2html}}

{{$activate_url}}


{{.i18n.Tr "mail.link_not_working_do_paste"}}

diff --git a/templates/mail/auth/register_notify.tmpl b/templates/mail/auth/register_notify.tmpl index 45ca95f2c3e0f..a32d8ce99280b 100644 --- a/templates/mail/auth/register_notify.tmpl +++ b/templates/mail/auth/register_notify.tmpl @@ -2,12 +2,13 @@ - {{.i18n.Tr "mail.register_notify.title" .DisplayName AppName}} + + {{.i18n.Tr "mail.register_notify.title" (.DisplayName|DotEscape) AppName}} {{$set_pwd_url := printf "%[1]suser/forgot_password" AppUrl}} -

{{.i18n.Tr "mail.hi_user_x" .DisplayName | Str2html}}


+

{{.i18n.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | Str2html}}


{{.i18n.Tr "mail.register_notify.text_1" AppName}}


{{.i18n.Tr "mail.register_notify.text_2" .Username}}

{{AppUrl}}user/login


{{.i18n.Tr "mail.register_notify.text_3" ($set_pwd_url | Escape) | Str2html}}


diff --git a/templates/mail/auth/reset_passwd.tmpl b/templates/mail/auth/reset_passwd.tmpl index bf10c1f96787a..028d911a9938b 100644 --- a/templates/mail/auth/reset_passwd.tmpl +++ b/templates/mail/auth/reset_passwd.tmpl @@ -2,12 +2,13 @@ - {{.i18n.Tr "mail.reset_password.title" .DisplayName}} + + {{.i18n.Tr "mail.reset_password.title" (.DisplayName|DotEscape)}} {{ $recover_url := printf "%suser/recover_account?code=%s" AppUrl (QueryEscape .Code)}} -

{{.i18n.Tr "mail.hi_user_x" .DisplayName | Str2html}}


+

{{.i18n.Tr "mail.hi_user_x" (.DisplayName|DotEscape) | Str2html}}


{{.i18n.Tr "mail.reset_password.text" .ResetPwdCodeLives | Str2html}}

{{$recover_url}}


{{.i18n.Tr "mail.link_not_working_do_paste"}}

From d8f578412ebbf5b05de254a717f71cf5d3f5dab1 Mon Sep 17 00:00:00 2001 From: a1012112796 <1012112796@qq.com> Date: Wed, 23 Mar 2022 21:29:18 +0800 Subject: [PATCH 03/10] Redirect .wiki/* ui link to /wiki (#18831) Redirect .wiki/* ui link to /wiki fix #18590 Signed-off-by: a1012112796 <1012112796@qq.com> Signed-off-by: Andrew Thornton Co-authored-by: Andrew Thornton --- modules/context/repo.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/modules/context/repo.go b/modules/context/repo.go index 87be2af135800..b345decf7e115 100644 --- a/modules/context/repo.go +++ b/modules/context/repo.go @@ -441,6 +441,26 @@ func RepoAssignment(ctx *Context) (cancel context.CancelFunc) { ctx.Repo.Owner = owner ctx.Data["Username"] = ctx.Repo.Owner.Name + // redirect link to wiki + if strings.HasSuffix(repoName, ".wiki") { + // ctx.Req.URL.Path does not have the preceding appSubURL - any redirect must have this added + // Now we happen to know that all of our paths are: /:username/:reponame/whatever_else + originalRepoName := ctx.Params(":reponame") + redirectRepoName := strings.TrimSuffix(repoName, ".wiki") + redirectRepoName += originalRepoName[len(redirectRepoName)+5:] + redirectPath := strings.Replace( + ctx.Req.URL.EscapedPath(), + url.PathEscape(userName)+"/"+url.PathEscape(originalRepoName), + url.PathEscape(userName)+"/"+url.PathEscape(redirectRepoName)+"/wiki", + 1, + ) + if ctx.Req.URL.RawQuery != "" { + redirectPath += "?" + ctx.Req.URL.RawQuery + } + ctx.Redirect(path.Join(setting.AppSubURL, redirectPath)) + return + } + // Get repository. repo, err := repo_model.GetRepositoryByName(owner.ID, repoName) if err != nil { From 0eff23dae09f6127a39b53c8c3d82db2cd1ada38 Mon Sep 17 00:00:00 2001 From: a1012112796 <1012112796@qq.com> Date: Wed, 23 Mar 2022 21:40:12 +0800 Subject: [PATCH 04/10] Fix compare link in active feeds for new branch (#19149) When a new branch is pushed the old SHA is always listed as the empty sha and thus the compare link that is created does not work correctly. Therefore when creating the compare link for new branches: 1. Attempt to get the parent of the first commit and use that as the basis for the compare link. 2. If this is not possible make a comparison to the default branch 3. Finally if that is not possible simply do not show a compare link. However, there are multiple broken compare links remaining therefore, in order for these to not break we will simply make the compare link redirect to the default branch. Fix #19144 Signed-off-by: a1012112796 <1012112796@qq.com> Signed-off-by: Andrew Thornton Co-authored-by: Andrew Thornton --- routers/web/repo/compare.go | 7 +++++++ services/repository/push.go | 29 ++++++++++++++++++++++++++++- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/routers/web/repo/compare.go b/routers/web/repo/compare.go index 23ec662cfae5b..902da0c3fe3dc 100644 --- a/routers/web/repo/compare.go +++ b/routers/web/repo/compare.go @@ -298,6 +298,13 @@ func ParseCompareInfo(ctx *context.Context) *CompareInfo { ci.BaseBranch = baseCommit.ID.String() ctx.Data["BaseBranch"] = ci.BaseBranch baseIsCommit = true + } else if ci.BaseBranch == git.EmptySHA { + if isSameRepo { + ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + util.PathEscapeSegments(ci.HeadBranch)) + } else { + ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + util.PathEscapeSegments(ci.HeadRepo.FullName()) + ":" + util.PathEscapeSegments(ci.HeadBranch)) + } + return nil } else { ctx.NotFound("IsRefExist", nil) return nil diff --git a/services/repository/push.go b/services/repository/push.go index 6cdfa1b4c2b5d..8fbd5f5186635 100644 --- a/services/repository/push.go +++ b/services/repository/push.go @@ -222,7 +222,34 @@ func pushUpdates(optsList []*repo_module.PushUpdateOptions) error { if len(commits.Commits) > setting.UI.FeedMaxCommitNum { commits.Commits = commits.Commits[:setting.UI.FeedMaxCommitNum] } - commits.CompareURL = repo.ComposeCompareURL(opts.OldCommitID, opts.NewCommitID) + + oldCommitID := opts.OldCommitID + if oldCommitID == git.EmptySHA && len(commits.Commits) > 0 { + oldCommit, err := gitRepo.GetCommit(commits.Commits[len(commits.Commits)-1].Sha1) + if err != nil && !git.IsErrNotExist(err) { + log.Error("unable to GetCommit %s from %-v: %v", oldCommitID, repo, err) + } + if oldCommit != nil { + for i := 0; i < oldCommit.ParentCount(); i++ { + commitID, _ := oldCommit.ParentID(i) + if !commitID.IsZero() { + oldCommitID = commitID.String() + break + } + } + } + } + + if oldCommitID == git.EmptySHA && repo.DefaultBranch != branch { + oldCommitID = repo.DefaultBranch + } + + if oldCommitID != git.EmptySHA { + commits.CompareURL = repo.ComposeCompareURL(oldCommitID, opts.NewCommitID) + } else { + commits.CompareURL = "" + } + notification.NotifyPushCommits(pusher, repo, opts, commits) if err = models.RemoveDeletedBranchByName(repo.ID, branch); err != nil { From 81b5bef55a10c59e43987ad4df291b104c69d771 Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Wed, 23 Mar 2022 16:08:27 +0000 Subject: [PATCH 05/10] Prevent start panic due to missing DotEscape function Unfortunately #19169 causing a panic at startup in prod mode. This was hidden by dev mode because the templates are compiled dynamically there. The issue is that DotEscape is not in the original FuncMap at the time of compilation which causes a panic. Ref #19169 Signed-off-by: Andrew Thornton --- modules/templates/helper.go | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/templates/helper.go b/modules/templates/helper.go index 918a6523ba2a7..2973b2c93803e 100644 --- a/modules/templates/helper.go +++ b/modules/templates/helper.go @@ -379,6 +379,7 @@ func NewFuncMap() []template.FuncMap { }, "Join": strings.Join, "QueryEscape": url.QueryEscape, + "DotEscape": DotEscape, }} } From 0b1686b67afc7d1113d87f8621a71f709b22320f Mon Sep 17 00:00:00 2001 From: zeripath Date: Wed, 23 Mar 2022 16:12:36 +0000 Subject: [PATCH 06/10] Prevent redirect to Host (2) (#19175) Unhelpfully Locations starting with `/\` will be converted by the browser to `//` because ... well I do not fully understand. Certainly the RFCs and MDN do not indicate that this would be expected. Providing "compatibility" with the (mis)behaviour of a certain proprietary OS is my suspicion. However, we clearly have to protect against this. Therefore we should reject redirection locations that match the regular expression: `^/[\\\\/]+` Reference #9678 Signed-off-by: Andrew Thornton --- modules/context/context.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/context/context.go b/modules/context/context.go index 61f58eabb2201..6cd503984f546 100644 --- a/modules/context/context.go +++ b/modules/context/context.go @@ -181,6 +181,12 @@ func (ctx *Context) RedirectToFirst(location ...string) { continue } + // Unfortunately browsers consider a redirect Location with preceding "//" and "/\" as meaning redirect to "http(s)://REST_OF_PATH" + // Therefore we should ignore these redirect locations to prevent open redirects + if len(loc) > 1 && loc[0] == '/' && (loc[1] == '/' || loc[1] == '\\') { + continue + } + u, err := url.Parse(loc) if err != nil || ((u.Scheme != "" || u.Host != "") && !strings.HasPrefix(strings.ToLower(loc), strings.ToLower(setting.AppURL))) { continue From f7883a6aecb02937b09ac4576a92f7a22c84ac59 Mon Sep 17 00:00:00 2001 From: MeIchthys <10717998+meichthys@users.noreply.github.com> Date: Wed, 23 Mar 2022 12:46:50 -0400 Subject: [PATCH 07/10] Update issue_no_dependencies description (#19112) To be more consistent and concise we could change the issue_no_dependencies from: `This issue currently doesn't have any dependencies. ` to `No dependencies set.` like we do for the due date and others. Co-authored-by: delvh --- options/locale/locale_en-US.ini | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 0627735b64916..b371c047e3629 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -1418,8 +1418,8 @@ issues.due_date_remove = "removed the due date %s %s" issues.due_date_overdue = "Overdue" issues.due_date_invalid = "The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'." issues.dependency.title = Dependencies -issues.dependency.issue_no_dependencies = This issue currently doesn't have any dependencies. -issues.dependency.pr_no_dependencies = This pull request currently doesn't have any dependencies. +issues.dependency.issue_no_dependencies = No dependencies set. +issues.dependency.pr_no_dependencies = No dependencies set. issues.dependency.add = Add dependency… issues.dependency.cancel = Cancel issues.dependency.remove = Remove From a5f289407149e0c75973b7efc8e8cfd239e6dd9d Mon Sep 17 00:00:00 2001 From: Gusted Date: Wed, 23 Mar 2022 23:57:09 +0100 Subject: [PATCH 08/10] Fix showing issues in your repositories (#18916) - Make a restriction on which issues can be shown based on if you the user or team has write permission to the repository. - Fixes a issue whereby you wouldn't see any associated issues with a specific team on a organization if you wasn't a member(fixed by zeroing the User{ID} in the options). - Resolves #18913 --- models/issue.go | 7 +++++- routers/web/user/home.go | 51 ++++++++++++++++++++++++++++++++++++---- 2 files changed, 53 insertions(+), 5 deletions(-) diff --git a/models/issue.go b/models/issue.go index 53ee585dc00e9..79771ce15c241 100644 --- a/models/issue.go +++ b/models/issue.go @@ -1603,6 +1603,7 @@ const ( FilterModeCreate FilterModeMention FilterModeReviewRequested + FilterModeYourRepositories ) func parseCountResult(results []map[string][]byte) int64 { @@ -1747,6 +1748,7 @@ type UserIssueStatsOptions struct { IssueIDs []int64 IsArchived util.OptionalBool LabelIDs []int64 + RepoCond builder.Cond Org *Organization Team *Team } @@ -1764,6 +1766,9 @@ func GetUserIssueStats(opts UserIssueStatsOptions) (*IssueStats, error) { if len(opts.IssueIDs) > 0 { cond = cond.And(builder.In("issue.id", opts.IssueIDs)) } + if opts.RepoCond != nil { + cond = cond.And(opts.RepoCond) + } if opts.UserID > 0 { cond = cond.And(issuePullAccessibleRepoCond("issue.repo_id", opts.UserID, opts.Org, opts.Team, opts.IsPull)) @@ -1785,7 +1790,7 @@ func GetUserIssueStats(opts UserIssueStatsOptions) (*IssueStats, error) { } switch opts.FilterMode { - case FilterModeAll: + case FilterModeAll, FilterModeYourRepositories: stats.OpenCount, err = sess(cond). And("issue.is_closed = ?", false). Count(new(Issue)) diff --git a/routers/web/user/home.go b/routers/web/user/home.go index 0878e8d5286d7..d3810f887d238 100644 --- a/routers/web/user/home.go +++ b/routers/web/user/home.go @@ -362,7 +362,7 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) { var ( viewType string sortType = ctx.FormString("sort") - filterMode = models.FilterModeAll + filterMode int ) // -------------------------------------------------------------------------------- @@ -388,8 +388,10 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) { filterMode = models.FilterModeMention case "review_requested": filterMode = models.FilterModeReviewRequested - case "your_repositories": // filterMode already set to All + case "your_repositories": + fallthrough default: + filterMode = models.FilterModeYourRepositories viewType = "your_repositories" } @@ -419,6 +421,30 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) { User: ctx.Doer, } + // Search all repositories which + // + // As user: + // - Owns the repository. + // - Have collaborator permissions in repository. + // + // As org: + // - Owns the repository. + // + // As team: + // - Team org's owns the repository. + // - Team has read permission to repository. + repoOpts := &models.SearchRepoOptions{ + Actor: ctx.Doer, + OwnerID: ctx.Doer.ID, + Private: true, + AllPublic: false, + AllLimited: false, + } + + if ctxUser.IsOrganization() && ctx.Org.Team != nil { + repoOpts.TeamID = ctx.Org.Team.ID + } + switch filterMode { case models.FilterModeAll: case models.FilterModeAssign: @@ -429,6 +455,19 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) { opts.MentionedID = ctx.Doer.ID case models.FilterModeReviewRequested: opts.ReviewRequestedID = ctx.Doer.ID + case models.FilterModeYourRepositories: + if ctxUser.IsOrganization() && ctx.Org.Team != nil { + // Fixes a issue whereby the user's ID would be used + // to check if it's in the team(which possible isn't the case). + opts.User = nil + } + userRepoIDs, _, err := models.SearchRepositoryIDs(repoOpts) + if err != nil { + ctx.ServerError("models.SearchRepositoryIDs: %v", err) + return + } + + opts.RepoIDs = userRepoIDs } // keyword holds the search term entered into the search field. @@ -560,8 +599,12 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) { Org: org, Team: team, } - if len(repoIDs) > 0 { - statsOpts.RepoIDs = repoIDs + if filterMode == models.FilterModeYourRepositories { + statsOpts.RepoCond = models.SearchRepositoryCondition(repoOpts) + } + // Detect when we only should search by team. + if opts.User == nil { + statsOpts.UserID = 0 } issueStats, err = models.GetUserIssueStats(statsOpts) if err != nil { From 6fc6e14957c9297b2fd44a081af1f8b6b1d401b5 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Thu, 24 Mar 2022 03:04:12 +0100 Subject: [PATCH 09/10] Changelog for 1.16.5 (#19189) (#19192) * Changelog for 1.16.5 (#19189) * bump version --- CHANGELOG.md | 31 +++++++++++++++++++++++++++++++ docs/config.yaml | 2 +- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 69da8dda21006..cfbbc99b10268 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,37 @@ This changelog goes through all the changes that have been made in each release without substantial changes to our git log; to see the highlights of what has been added to each release, please refer to the [blog](https://blog.gitea.io). +## [1.16.5](https://github.com/go-gitea/gitea/releases/tag/v1.16.5) - 2022-03-23 + +* BREAKING + * Bump to build with go1.18 (#19120 et al) (#19127) +* SECURITY + * Prevent redirect to Host (2) (#19175) (#19186) + * Try to prevent autolinking of displaynames by email readers (#19169) (#19183) + * Clean paths when looking in Storage (#19124) (#19179) + * Do not send notification emails to inactive users (#19131) (#19139) + * Do not send activation email if manual confirm is set (#19119) (#19122) +* ENHANCEMENTS + * Use the new/choose link for New Issue on project page (#19172) (#19176) +* BUGFIXES + * Fix showing issues in your repositories (#18916) (#19191) + * Fix compare link in active feeds for new branch (#19149) (#19185) + * Redirect .wiki/* ui link to /wiki (#18831) (#19184) + * Ensure deploy keys with write access can push (#19010) (#19182) + * Ensure that setting.LocalURL always has a trailing slash (#19171) (#19177) + * Cleanup protected branches when deleting users & teams (#19158) (#19174) + * Use IterateBufferSize whilst querying repositories during adoption check (#19140) (#19160) + * Fix NPE /repos/issues/search when not signed in (#19154) (#19155) + * Use custom favicon when viewing static files if it exists (#19130) (#19152) + * Fix the editor height in review box (#19003) (#19147) + * Ensure isSSH is set whenever DISABLE_HTTP_GIT is set (#19028) (#19146) + * Fix wrong scopes caused by empty scope input (#19029) (#19145) + * Make migrations SKIP_TLS_VERIFY apply to git too (#19132) (#19141) + * Handle email address not exist (#19089) (#19121) +* MISC + * Update json-iterator to allow compilation with go1.18 (#18644) (#19100) + * Update golang.org/x/crypto (#19097) (#19098) + ## [1.16.4](https://github.com/go-gitea/gitea/releases/tag/v1.16.4) - 2022-03-14 * SECURITY diff --git a/docs/config.yaml b/docs/config.yaml index c3614e4bc8604..e2180daa272f6 100644 --- a/docs/config.yaml +++ b/docs/config.yaml @@ -18,7 +18,7 @@ params: description: Git with a cup of tea author: The Gitea Authors website: https://docs.gitea.io - version: 1.16.4 + version: 1.16.5 minGoVersion: 1.17 goVersion: 1.18 minNodeVersion: 12.17 From def545676f9612b1138016bb0e5304afd4ac37f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 24 Mar 2022 00:29:55 -0400 Subject: [PATCH 10/10] Bump minimist from 1.2.5 to 1.2.6 (#19194) --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index da212eb839fa1..460062939862d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6829,9 +6829,9 @@ } }, "node_modules/minimist": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", - "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==" + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==" }, "node_modules/minimist-options": { "version": "4.1.0", @@ -14807,9 +14807,9 @@ } }, "minimist": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", - "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==" + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==" }, "minimist-options": { "version": "4.1.0",