Skip to content

Commit 3df7358

Browse files
committed
ensure we return a 404 on account page when it's not usable
add integration tests for navbar and all disabled user settings
1 parent 9f5b21d commit 3df7358

File tree

3 files changed

+406
-1
lines changed

3 files changed

+406
-1
lines changed

routers/web/user/setting/account.go

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,11 @@ const (
3434

3535
// Account renders change user's password, user's email and user suicide page
3636
func Account(ctx *context.Context) {
37+
if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageCredentials, setting.UserFeatureDeletion) && !setting.Service.EnableNotifyMail {
38+
ctx.NotFound("Not Found", fmt.Errorf("account setting are not allowed to be changed"))
39+
return
40+
}
41+
3742
ctx.Data["Title"] = ctx.Tr("settings.account")
3843
ctx.Data["PageIsSettingsAccount"] = true
3944
ctx.Data["Email"] = ctx.Doer.Email
@@ -54,6 +59,8 @@ func AccountPost(ctx *context.Context) {
5459
form := web.GetForm(ctx).(*forms.ChangePasswordForm)
5560
ctx.Data["Title"] = ctx.Tr("settings")
5661
ctx.Data["PageIsSettingsAccount"] = true
62+
ctx.Data["Email"] = ctx.Doer.Email
63+
ctx.Data["EnableNotifyMail"] = setting.Service.EnableNotifyMail
5764

5865
if ctx.HasError() {
5966
loadAccountData(ctx)
@@ -103,6 +110,8 @@ func EmailPost(ctx *context.Context) {
103110
form := web.GetForm(ctx).(*forms.AddEmailForm)
104111
ctx.Data["Title"] = ctx.Tr("settings")
105112
ctx.Data["PageIsSettingsAccount"] = true
113+
ctx.Data["Email"] = ctx.Doer.Email
114+
ctx.Data["EnableNotifyMail"] = setting.Service.EnableNotifyMail
106115

107116
// Make email address primary.
108117
if ctx.FormString("_method") == "PRIMARY" {
@@ -256,6 +265,8 @@ func DeleteAccount(ctx *context.Context) {
256265

257266
ctx.Data["Title"] = ctx.Tr("settings")
258267
ctx.Data["PageIsSettingsAccount"] = true
268+
ctx.Data["Email"] = ctx.Doer.Email
269+
ctx.Data["EnableNotifyMail"] = setting.Service.EnableNotifyMail
259270

260271
if _, _, err := auth.UserSignIn(ctx, ctx.Doer.Name, ctx.FormString("password")); err != nil {
261272
switch {

templates/user/settings/navbar.tmpl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
<a class="{{if .PageIsSettingsProfile}}active {{end}}item" href="{{AppSubUrl}}/user/settings">
55
{{ctx.Locale.Tr "settings.profile"}}
66
</a>
7-
{{if not (and ($.UserDisabledFeatures.Contains "manage_credentials") (not $.EnablenNotifyMail))}}
7+
{{if not (and ($.UserDisabledFeatures.Contains "manage_credentials" "deletion") (not $.EnableNotifyMail))}}
88
<a class="{{if .PageIsSettingsAccount}}active {{end}}item" href="{{AppSubUrl}}/user/settings/account">
99
{{ctx.Locale.Tr "settings.account"}}
1010
</a>

0 commit comments

Comments
 (0)