Prevent git operations for inactive users (#13527)

author Lunny Xiao <xiaolunwen@gmail.com>

Thu, 12 Nov 2020 23:29:11 +0000 (07:29 +0800)

committer GitHub <noreply@github.com>

Thu, 12 Nov 2020 23:29:11 +0000 (01:29 +0200)
author Lunny Xiao <xiaolunwen@gmail.com>
Thu, 12 Nov 2020 23:29:11 +0000 (07:29 +0800)
committer GitHub <noreply@github.com>
Thu, 12 Nov 2020 23:29:11 +0000 (01:29 +0200)
diff --git a/routers/private/serv.go b/routers/private/serv.go

index 79683c2826dec8ec5cab43b9afd7b9fde23aa507..2697666b87faa2f6f12a156232697b4d11d33e94 100644 (file)
--- a/routers/private/serv.go
+++ b/routers/private/serv.go
@@ -61,6 +61,12 @@ func ServNoCommand(ctx *macaron.Context) {
                         })
                         return
                 }
+               if !user.IsActive || user.ProhibitLogin {
+                       ctx.JSON(http.StatusForbidden, map[string]interface{}{
+                               "err": "Your account is disabled.",
+                       })
+                       return
+               }
                 results.Owner = user
         }
         ctx.JSON(http.StatusOK, &results)
@@ -98,9 +104,28 @@ func ServCommand(ctx *macaron.Context) {
                 results.RepoName = repoName[:len(repoName)-5]
         }
  
+       owner, err := models.GetUserByName(results.OwnerName)
+       if err != nil {
+               log.Error("Unable to get repository owner: %s/%s Error: %v", results.OwnerName, results.RepoName, err)
+               ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
+                       "results": results,
+                       "type":    "InternalServerError",
+                       "err":     fmt.Sprintf("Unable to get repository owner: %s/%s %v", results.OwnerName, results.RepoName, err),
+               })
+               return
+       }
+       if !owner.IsActive {
+               ctx.JSON(http.StatusForbidden, map[string]interface{}{
+                       "results": results,
+                       "type":    "ForbiddenError",
+                       "err":     "Repository cannot be accessed, you could retry it later",
+               })
+               return
+       }
+
         // Now get the Repository and set the results section
         repoExist := true
-       repo, err := models.GetRepositoryByOwnerAndName(results.OwnerName, results.RepoName)
+       repo, err := models.GetRepositoryByName(owner.ID, results.RepoName)
         if err != nil {
                 if models.IsErrRepoNotExist(err) {
                         repoExist = false
@@ -127,6 +152,7 @@ func ServCommand(ctx *macaron.Context) {
         }
  
         if repoExist {
+               repo.Owner = owner
                 repo.OwnerName = ownerName
                 results.RepoID = repo.ID
  
@@ -217,15 +243,6 @@ func ServCommand(ctx *macaron.Context) {
                 // so for now use the owner of the repository
                 results.UserName = results.OwnerName
                 results.UserID = repo.OwnerID
-               if err = repo.GetOwner(); err != nil {
-                       log.Error("Unable to get owner for repo %-v. Error: %v", repo, err)
-                       ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
-                               "results": results,
-                               "type":    "InternalServerError",
-                               "err":     fmt.Sprintf("Unable to get owner for repo: %s/%s.", results.OwnerName, results.RepoName),
-                       })
-                       return
-               }
                 if !repo.Owner.KeepEmailPrivate {
                         results.UserEmail = repo.Owner.Email
                 }
@@ -250,6 +267,14 @@ func ServCommand(ctx *macaron.Context) {
                         })
                         return
                 }
+
+               if !user.IsActive || user.ProhibitLogin {
+                       ctx.JSON(http.StatusForbidden, map[string]interface{}{
+                               "err": "Your account is disabled.",
+                       })
+                       return
+               }
+
                 results.UserName = user.Name
                 if !user.KeepEmailPrivate {
                         results.UserEmail = user.Email
diff --git a/routers/repo/http.go b/routers/repo/http.go

index c7523c7932a6670a7ac1025ba3c41ef8f0fc1d29..9e94d28eab12e5060e03478d21f15409c95a456b 100644 (file)
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -105,6 +105,10 @@ func HTTP(ctx *context.Context) {
                 ctx.NotFoundOrServerError("GetUserByName", models.IsErrUserNotExist, err)
                 return
         }
+       if !owner.IsActive {
+               ctx.HandleText(http.StatusForbidden, "Repository cannot be accessed. You cannot push or open issues/pull-requests.")
+               return
+       }
  
         repoExist := true
         repo, err := models.GetRepositoryByName(owner.ID, reponame)
@@ -244,6 +248,11 @@ func HTTP(ctx *context.Context) {
                         }
                 }
  
+               if !authUser.IsActive || authUser.ProhibitLogin {
+                       ctx.HandleText(http.StatusForbidden, "Your account is disabled.")
+                       return
+               }
+
                 if repoExist {
                         perm, err := models.GetUserRepoPermission(repo, authUser)
                         if err != nil {
author	Lunny Xiao <xiaolunwen@gmail.com>
	Thu, 12 Nov 2020 23:29:11 +0000 (07:29 +0800)
committer	GitHub <noreply@github.com>
	Thu, 12 Nov 2020 23:29:11 +0000 (01:29 +0200)
routers/private/serv.go		patch \| blob \| history
routers/repo/http.go		patch \| blob \| history