diff options
| author | renothing <261274+renothing@users.noreply.github.com> | 2019-07-27 21:15:30 +0800 |
|---|---|---|
| committer | Lauris BH <lauris@nix.lv> | 2019-07-27 16:15:30 +0300 |
| commit | cbf231a67595feb36fccb68dc00b2bc7607fa882 (patch) | |
| tree | 9f200fb9c89dc79a2f6a6472901668753a742aa3 /routers/api/v1/user | |
| parent | 700cd346fad3a0bed203bfb032f7b4bc9d1f2551 (diff) | |
| download | gitea-cbf231a67595feb36fccb68dc00b2bc7607fa882.tar.gz gitea-cbf231a67595feb36fccb68dc00b2bc7607fa882.zip | |
fix wrong email when use gitea as OAuth2 provider (#7640)
when you use gitea as OAuth2 provider, the /api/v1/user should return
user primary email as identifier, which is unique in OAuth2 clients.
this patch use convert.ToUser replace all u.APIFormat in api requests,
return primary email when caller is yourself or admin.
Diffstat (limited to 'routers/api/v1/user')
| -rw-r--r-- | routers/api/v1/user/follower.go | 3 | ||||
| -rw-r--r-- | routers/api/v1/user/key.go | 4 | ||||
| -rw-r--r-- | routers/api/v1/user/user.go | 8 |
3 files changed, 6 insertions, 9 deletions
diff --git a/routers/api/v1/user/follower.go b/routers/api/v1/user/follower.go index 453f73137d..078f30af3c 100644 --- a/routers/api/v1/user/follower.go +++ b/routers/api/v1/user/follower.go @@ -9,12 +9,13 @@ import ( "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/context" + "code.gitea.io/gitea/routers/api/v1/convert" ) func responseAPIUsers(ctx *context.APIContext, users []*models.User) { apiUsers := make([]*api.User, len(users)) for i := range users { - apiUsers[i] = users[i].APIFormat() + apiUsers[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User != nil && ctx.User.IsAdmin) } ctx.JSON(200, &apiUsers) } diff --git a/routers/api/v1/user/key.go b/routers/api/v1/user/key.go index 286f9ae4c3..e3d7aa4b3e 100644 --- a/routers/api/v1/user/key.go +++ b/routers/api/v1/user/key.go @@ -22,13 +22,13 @@ func appendPrivateInformation(apiKey *api.PublicKey, key *models.PublicKey, defa apiKey.KeyType = "user" if defaultUser.ID == key.OwnerID { - apiKey.Owner = defaultUser.APIFormat() + apiKey.Owner = convert.ToUser(defaultUser, true, true) } else { user, err := models.GetUserByID(key.OwnerID) if err != nil { return apiKey, err } - apiKey.Owner = user.APIFormat() + apiKey.Owner = convert.ToUser(user, true, true) } } else { apiKey.KeyType = "unknown" diff --git a/routers/api/v1/user/user.go b/routers/api/v1/user/user.go index 8d05a67185..fc3b7a8160 100644 --- a/routers/api/v1/user/user.go +++ b/routers/api/v1/user/user.go @@ -104,11 +104,7 @@ func GetInfo(ctx *context.APIContext) { return } - // Hide user e-mail when API caller isn't signed in. - if !ctx.IsSigned { - u.Email = "" - } - ctx.JSON(200, u.APIFormat()) + ctx.JSON(200, convert.ToUser(u, ctx.IsSigned, ctx.User.ID == u.ID || ctx.User.IsAdmin)) } // GetAuthenticatedUser get current user's information @@ -121,7 +117,7 @@ func GetAuthenticatedUser(ctx *context.APIContext) { // responses: // "200": // "$ref": "#/responses/User" - ctx.JSON(200, ctx.User.APIFormat()) + ctx.JSON(200, convert.ToUser(ctx.User, ctx.IsSigned, ctx.User != nil)) } // GetUserHeatmapData is the handler to get a users heatmap |