From 0f8c36869e49574aec4f7a56759f7c8265921d4c Mon Sep 17 00:00:00 2001
From: Go MAEDA <maeda@farend.jp>
Date: Tue, 1 Nov 2022 03:28:08 +0000
Subject: [PATCH] Disallow all in /robots.txt if login is required (#37807).

Patch by Holger Just.


git-svn-id: https://svn.redmine.org/redmine/trunk@21940 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/welcome_controller.rb | 2 +-
 app/views/welcome/robots.text.erb     | 4 ++++
 test/integration/welcome_test.rb      | 4 ++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/controllers/welcome_controller.rb b/app/controllers/welcome_controller.rb
index 0807c8232..0499b188e 100644
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@@ -27,7 +27,7 @@ class WelcomeController < ApplicationController
   end
 
   def robots
-    @projects = Project.visible(User.anonymous)
+    @projects = Project.visible(User.anonymous) unless Setting.login_required?
     render :layout => false, :content_type => 'text/plain'
   end
 end
diff --git a/app/views/welcome/robots.text.erb b/app/views/welcome/robots.text.erb
index a13cdc85e..0eabf6cff 100644
--- a/app/views/welcome/robots.text.erb
+++ b/app/views/welcome/robots.text.erb
@@ -1,4 +1,7 @@
 User-agent: *
+<% if Setting.login_required? -%>
+Disallow: /
+<% else -%>
 <% @projects.each do |project| -%>
 <%   [project, project.id].each do |p| -%>
 Disallow: <%= url_for(:controller => 'repositories', :action => :show, :id => p) %>
@@ -18,3 +21,4 @@ Disallow: <%= url_for(projects_path(:trailing_slash => true)) %>*.pdf$
 Disallow: <%= url_for(signin_path) %>
 Disallow: <%= url_for(register_path) %>
 Disallow: <%= url_for(lost_password_path) %>
+<% end -%>
diff --git a/test/integration/welcome_test.rb b/test/integration/welcome_test.rb
index 1f46cd469..5be4e151d 100644
--- a/test/integration/welcome_test.rb
+++ b/test/integration/welcome_test.rb
@@ -48,6 +48,10 @@ class WelcomeTest < Redmine::IntegrationTest
       get '/robots.txt'
       assert_response :success
       assert_equal 'text/plain', @response.media_type
+
+      # Disallow everything if logins are required
+      assert_not @response.body.match(%r{^Disallow: /projects/ecookbook/issues\r?$})
+      assert @response.body.match(%r{^Disallow: /\r?$})
     end
   end
 end
-- 
2.39.5