mirror of
				https://github.com/go-gitea/gitea
				synced 2025-10-26 08:58:24 +00:00 
			
		
		
		
	I've heard many reports of users getting scared when they see their own email address for their own profile, as they believe that the email field is also visible to other users. Currently, using Incognito mode or going over the Settings is the only "reasonable" way to verify this from the perspective of the user. A locked padlock should be enough to indicate that the email is not visible to anyone apart from the user and the admins. An unlocked padlock is used if the email address is only shown to authenticated users. Some additional string-related changes in the Settings were introduced as well to ensure consistency, and the comments in the relevant tests were improved so as to allow for easier modifications in the future. --- #### Screenshot (EDIT: Scroll down for more up-to-date screenshots) ***Please remove this section before merging.***  This lock should only appear if the email address is explicitly hidden using the `Hide Email Address` setting. The change was originally tested on top of and designed for the Forgejo fork, but I don't expect any problems to arise from this and I don't think that a documentation-related change is strictly necessary. --------- Co-authored-by: silverwind <me@silverwind.io>
		
			
				
	
	
		
			119 lines
		
	
	
		
			3.6 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			119 lines
		
	
	
		
			3.6 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2017 The Gitea Authors. All rights reserved.
 | |
| // SPDX-License-Identifier: MIT
 | |
| 
 | |
| package integration
 | |
| 
 | |
| import (
 | |
| 	"net/http"
 | |
| 	"testing"
 | |
| 
 | |
| 	"code.gitea.io/gitea/modules/setting"
 | |
| 	"code.gitea.io/gitea/tests"
 | |
| 
 | |
| 	"github.com/stretchr/testify/assert"
 | |
| )
 | |
| 
 | |
| func TestSettingShowUserEmailExplore(t *testing.T) {
 | |
| 	defer tests.PrepareTestEnv(t)()
 | |
| 
 | |
| 	showUserEmail := setting.UI.ShowUserEmail
 | |
| 	setting.UI.ShowUserEmail = true
 | |
| 
 | |
| 	session := loginUser(t, "user2")
 | |
| 	req := NewRequest(t, "GET", "/explore/users")
 | |
| 	resp := session.MakeRequest(t, req, http.StatusOK)
 | |
| 	htmlDoc := NewHTMLParser(t, resp.Body)
 | |
| 	assert.Contains(t,
 | |
| 		htmlDoc.doc.Find(".ui.user.list").Text(),
 | |
| 		"user34@example.com",
 | |
| 	)
 | |
| 
 | |
| 	setting.UI.ShowUserEmail = false
 | |
| 
 | |
| 	req = NewRequest(t, "GET", "/explore/users")
 | |
| 	resp = session.MakeRequest(t, req, http.StatusOK)
 | |
| 	htmlDoc = NewHTMLParser(t, resp.Body)
 | |
| 	assert.NotContains(t,
 | |
| 		htmlDoc.doc.Find(".ui.user.list").Text(),
 | |
| 		"user34@example.com",
 | |
| 	)
 | |
| 
 | |
| 	setting.UI.ShowUserEmail = showUserEmail
 | |
| }
 | |
| 
 | |
| func TestSettingShowUserEmailProfile(t *testing.T) {
 | |
| 	defer tests.PrepareTestEnv(t)()
 | |
| 
 | |
| 	showUserEmail := setting.UI.ShowUserEmail
 | |
| 
 | |
| 	// user1: keep_email_private = false, user2: keep_email_private = true
 | |
| 
 | |
| 	setting.UI.ShowUserEmail = true
 | |
| 
 | |
| 	// user1 can see own visible email
 | |
| 	session := loginUser(t, "user1")
 | |
| 	req := NewRequest(t, "GET", "/user1")
 | |
| 	resp := session.MakeRequest(t, req, http.StatusOK)
 | |
| 	htmlDoc := NewHTMLParser(t, resp.Body)
 | |
| 	assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
 | |
| 
 | |
| 	// user1 can not see user2's hidden email
 | |
| 	req = NewRequest(t, "GET", "/user2")
 | |
| 	resp = session.MakeRequest(t, req, http.StatusOK)
 | |
| 	htmlDoc = NewHTMLParser(t, resp.Body)
 | |
| 	// Should only contain if the user visits their own profile page
 | |
| 	assert.NotContains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com")
 | |
| 
 | |
| 	// user2 can see user1's visible email
 | |
| 	session = loginUser(t, "user2")
 | |
| 	req = NewRequest(t, "GET", "/user1")
 | |
| 	resp = session.MakeRequest(t, req, http.StatusOK)
 | |
| 	htmlDoc = NewHTMLParser(t, resp.Body)
 | |
| 	assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
 | |
| 
 | |
| 	// user2 can see own hidden email
 | |
| 	session = loginUser(t, "user2")
 | |
| 	req = NewRequest(t, "GET", "/user2")
 | |
| 	resp = session.MakeRequest(t, req, http.StatusOK)
 | |
| 	htmlDoc = NewHTMLParser(t, resp.Body)
 | |
| 	assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user2@example.com")
 | |
| 
 | |
| 	setting.UI.ShowUserEmail = false
 | |
| 
 | |
| 	// user1 can see own (now hidden) email
 | |
| 	session = loginUser(t, "user1")
 | |
| 	req = NewRequest(t, "GET", "/user1")
 | |
| 	resp = session.MakeRequest(t, req, http.StatusOK)
 | |
| 	htmlDoc = NewHTMLParser(t, resp.Body)
 | |
| 	assert.Contains(t, htmlDoc.doc.Find(".user.profile").Text(), "user1@example.com")
 | |
| 
 | |
| 	setting.UI.ShowUserEmail = showUserEmail
 | |
| }
 | |
| 
 | |
| func TestSettingLandingPage(t *testing.T) {
 | |
| 	defer tests.PrepareTestEnv(t)()
 | |
| 
 | |
| 	landingPage := setting.LandingPageURL
 | |
| 
 | |
| 	setting.LandingPageURL = setting.LandingPageHome
 | |
| 	req := NewRequest(t, "GET", "/")
 | |
| 	MakeRequest(t, req, http.StatusOK)
 | |
| 
 | |
| 	setting.LandingPageURL = setting.LandingPageExplore
 | |
| 	req = NewRequest(t, "GET", "/")
 | |
| 	resp := MakeRequest(t, req, http.StatusSeeOther)
 | |
| 	assert.Equal(t, "/explore", resp.Header().Get("Location"))
 | |
| 
 | |
| 	setting.LandingPageURL = setting.LandingPageOrganizations
 | |
| 	req = NewRequest(t, "GET", "/")
 | |
| 	resp = MakeRequest(t, req, http.StatusSeeOther)
 | |
| 	assert.Equal(t, "/explore/organizations", resp.Header().Get("Location"))
 | |
| 
 | |
| 	setting.LandingPageURL = setting.LandingPageLogin
 | |
| 	req = NewRequest(t, "GET", "/")
 | |
| 	resp = MakeRequest(t, req, http.StatusSeeOther)
 | |
| 	assert.Equal(t, "/user/login", resp.Header().Get("Location"))
 | |
| 
 | |
| 	setting.LandingPageURL = landingPage
 | |
| }
 |