diff options
author | singuliere <35190819+singuliere@users.noreply.github.com> | 2022-05-05 16:39:26 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-05 11:39:26 -0400 |
commit | b536b65189319544939da9b6537919a4fc838d71 (patch) | |
tree | 038dd21a1f8082aa6020f891c1d8811e522852ea /models | |
parent | 04fc4b7e05bfbfee6cb7aa4f6c30d1af6f2d4d2d (diff) | |
download | gitea-b536b65189319544939da9b6537919a4fc838d71.tar.gz gitea-b536b65189319544939da9b6537919a4fc838d71.zip |
GetFeeds must always discard actions with dangling repo_id (#19598)
* GetFeeds must always discard actions with dangling repo_id
See https://discourse.gitea.io/t/blank-page-after-login/5051/12
for a panic in 1.16.6.
* add comment to explain the dangling ID in the fixture
* loadRepoOwner must not attempt to use a nil action.Repo
* make fmt
Co-authored-by: Loïc Dachary <loic@dachary.org>
Diffstat (limited to 'models')
-rw-r--r-- | models/action.go | 10 | ||||
-rw-r--r-- | models/action_list.go | 3 | ||||
-rw-r--r-- | models/action_test.go | 17 | ||||
-rw-r--r-- | models/fixtures/action.yml | 8 | ||||
-rw-r--r-- | models/unittest/consistency.go | 6 |
5 files changed, 37 insertions, 7 deletions
diff --git a/models/action.go b/models/action.go index 5177616497..efbe243bed 100644 --- a/models/action.go +++ b/models/action.go @@ -340,14 +340,14 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, error) { } e := db.GetEngine(ctx) - sess := e.Where(cond) + sess := e.Where(cond).Join("INNER", "repository", "`repository`.id = `action`.repo_id") opts.SetDefaultValues() sess = db.SetSessionPagination(sess, &opts) actions := make([]*Action, 0, opts.PageSize) - if err := sess.Desc("created_unix").Find(&actions); err != nil { + if err := sess.Desc("`action`.created_unix").Find(&actions); err != nil { return nil, fmt.Errorf("Find: %v", err) } @@ -417,7 +417,7 @@ func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) { } if !opts.IncludePrivate { - cond = cond.And(builder.Eq{"is_private": false}) + cond = cond.And(builder.Eq{"`action`.is_private": false}) } if !opts.IncludeDeleted { cond = cond.And(builder.Eq{"is_deleted": false}) @@ -430,8 +430,8 @@ func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) { } else { dateHigh := dateLow.Add(86399000000000) // 23h59m59s - cond = cond.And(builder.Gte{"created_unix": dateLow.Unix()}) - cond = cond.And(builder.Lte{"created_unix": dateHigh.Unix()}) + cond = cond.And(builder.Gte{"`action`.created_unix": dateLow.Unix()}) + cond = cond.And(builder.Lte{"`action`.created_unix": dateHigh.Unix()}) } } diff --git a/models/action_list.go b/models/action_list.go index c180a82552..5f7b17b9de 100644 --- a/models/action_list.go +++ b/models/action_list.go @@ -80,6 +80,9 @@ func (actions ActionList) loadRepoOwner(e db.Engine, userMap map[int64]*user_mod } for _, action := range actions { + if action.Repo == nil { + continue + } repoOwner, ok := userMap[action.Repo.OwnerID] if !ok { repoOwner, err = user_model.GetUserByID(action.Repo.OwnerID) diff --git a/models/action_test.go b/models/action_test.go index e247a5ec29..fb8a6c2686 100644 --- a/models/action_test.go +++ b/models/action_test.go @@ -211,3 +211,20 @@ func TestNotifyWatchers(t *testing.T) { OpType: action.OpType, }) } + +func TestGetFeedsCorrupted(t *testing.T) { + assert.NoError(t, unittest.PrepareTestDatabase()) + user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User) + unittest.AssertExistsAndLoadBean(t, &Action{ + ID: 8, + RepoID: 1700, + }) + + actions, err := GetFeeds(db.DefaultContext, GetFeedsOptions{ + RequestedUser: user, + Actor: user, + IncludePrivate: true, + }) + assert.NoError(t, err) + assert.Len(t, actions, 0) +} diff --git a/models/fixtures/action.yml b/models/fixtures/action.yml index e283b01db2..a75092feb0 100644 --- a/models/fixtures/action.yml +++ b/models/fixtures/action.yml @@ -56,3 +56,11 @@ repo_id: 8 # public is_private: false created_unix: 1603011540 # grouped with id:7 + +- id: 8 + user_id: 1 + op_type: 12 # close issue + act_user_id: 1 + repo_id: 1700 # dangling intentional + is_private: false + created_unix: 1603011541 diff --git a/models/unittest/consistency.go b/models/unittest/consistency.go index 2645084d3e..af05348868 100644 --- a/models/unittest/consistency.go +++ b/models/unittest/consistency.go @@ -175,8 +175,10 @@ func init() { checkForActionConsistency := func(t assert.TestingT, bean interface{}) { action := reflectionWrap(bean) - repoRow := AssertExistsAndLoadMap(t, "repository", builder.Eq{"id": action.int("RepoID")}) - assert.Equal(t, parseBool(repoRow["is_private"]), action.bool("IsPrivate"), "action: %+v", action) + if action.int("RepoID") != 1700 { // dangling intentional + repoRow := AssertExistsAndLoadMap(t, "repository", builder.Eq{"id": action.int("RepoID")}) + assert.Equal(t, parseBool(repoRow["is_private"]), action.bool("IsPrivate"), "action: %+v", action) + } } consistencyCheckMap["user"] = checkForUserConsistency |