SessionUser protection against nil pointer dereference (#21358)

`SessionUser` should be protected against passing `sess` = `nil` to avoid ``` PANIC: runtime error: invalid memory address or nil pointer dereference ``` in https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69 after upgrade from gitea v1.16 to v1.17. Related: https://github.com/go-gitea/gitea/pull/18452 Author-Change-Id: IB#1126459
author: Paweł Bogusławski <pawel.boguslawski@ib.pl> 2022-10-06 22:50:38 +0200
committer: GitHub <noreply@github.com> 2022-10-06 21:50:38 +0100
commit: 2d3b52c24458df9ac0986546810e54aa36c2d196 (patch)
tree: 6c532583f046b6947ab113f3ac72bd4e19871c12 /services/auth
parent: b001812df41fcf86f17a90f9fead2c27bf544e63 (diff)
download: gitea-2d3b52c24458df9ac0986546810e54aa36c2d196.tar.gz
gitea-2d3b52c24458df9ac0986546810e54aa36c2d196.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/services/auth/session.go b/services/auth/session.go
index 6a23a17665..1ec94aa0af 100644
--- a/services/auth/session.go
+++ b/services/auth/session.go
@@ -39,6 +39,10 @@ func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataSto
 
 // SessionUser returns the user object corresponding to the "uid" session variable.
 func SessionUser(sess SessionStore) *user_model.User {
+	if sess == nil {
+		return nil
+	}
+
 	// Get user ID
 	uid := sess.Get("uid")
 	if uid == nil {
author	Paweł Bogusławski <pawel.boguslawski@ib.pl>	2022-10-06 22:50:38 +0200
committer	GitHub <noreply@github.com>	2022-10-06 21:50:38 +0100
commit	2d3b52c24458df9ac0986546810e54aa36c2d196 (patch)
tree	6c532583f046b6947ab113f3ac72bd4e19871c12 /services/auth
parent	b001812df41fcf86f17a90f9fead2c27bf544e63 (diff)
download	gitea-2d3b52c24458df9ac0986546810e54aa36c2d196.tar.gz gitea-2d3b52c24458df9ac0986546810e54aa36c2d196.zip