Skip to content

Make LoginName optional for admin edit user API #28834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Make LoginName optional for admin edit user API #28834

wants to merge 8 commits into from

Conversation

me-heer
Copy link
Contributor

@me-heer me-heer commented Jan 17, 2024
edited
Loading

Fixes #18935
Related #28733

  • Remove required doc comment for EditUserOption.LoginName
  • Add check in EditUser to only update LoginName when provided
  • Modify TestAPIEditUser to load bean using LowerName instead of LoginName
  • Add case in TestAPIEditUser to check LoginName is updated when passed

@me-heer
Make LoginName optional for admin edit user
85039b5 
- Modify TestAPIEditUser to load bean using LowerName instead of LoginName
- Add case in TestAPIEditUser to check LoginName is updated when passed
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jan 17, 2024
@github-actions github-actions bot added the modifies/api This PR adds API routes or modifies them label Jan 17, 2024
@KN4CK3R
Copy link
Member

KN4CK3R commented Jan 18, 2024

LoginName should be required if LoginSource is set. So maybe make LoginSource optional too. (related: #28733)

@me-heer
Copy link
Contributor Author

me-heer commented Jan 18, 2024

@KN4CK3R I didn't get you, LoginSource is not used in this API

@KN4CK3R
Copy link
Member

KN4CK3R commented Jan 19, 2024 

type EditUserOption struct {
	// required: true
	SourceID  int64  `json:"source_id"`

There it is.

KN4CK3R
KN4CK3R reviewed Jan 19, 2024
View reviewed changes
Copy link
Member

@KN4CK3R KN4CK3R left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now you made both optional but I meant that if one was set, the other must be set too.

routers/api/v1/admin/user.go Outdated
Comment on lines 232 to 234
if len(form.LoginName) != 0 {
ctx.ContextUser.LoginName = form.LoginName
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LoginName gets set from parseAuthSource too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, should there be a validation for it? or should we simply return from parseAuthSource if (sourceID == 0 || len(form.LoginName) == 0)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would remove the lines 232-234 and add the check to the (faulty) if sourceID == 0 in parseAuthSource. Don't make it too beautiful because that part will be replaced with #28733 anyway.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did add the check in parseAuthSource, but we can't remove 232-234 otherwise users will only be able to update LoginName when sourceId != 0
(See failing test when 232-234 is removed)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As I said, the sourceId != 0 is just wrong. 0 is the valid id of the default database login. With the admin api it's currently not possible to set a user login source to "use database".

gitea/models/auth/source.go

Lines 276 to 284 in 5574968

func GetSourceByID(ctx context.Context, id int64) (*Source, error) {
source := new(Source)
if id == 0 {
source.Cfg = registeredConfigs[NoType]()
// Set this source to active
// FIXME: allow disabling of db based password authentication in future
source.IsActive = true
return source, nil
}

I think that check is there because if you don't provide a value in the request, it defaults to 0. Therefore you can't distinguish between "not set" and "set to 0". Other fields in the EditUserOption form use pointers which can be tested for nil to have a "is set" check. As LoginName is optional too now, both fields should be pointers too. You may need to change other tests then too and util.ToPointer will be your friend. 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this helped.
The fix for this case became messy, so I'll convert this to a draft for now, I'll pick it up once #28733 is merged.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you take a look at it now, please?

@me-heer me-heer force-pushed the edit_user_login_name_optional branch from 8aed0f6 to 9e3009e Compare January 20, 2024 14:06
@me-heer me-heer marked this pull request as draft January 21, 2024 11:41
@me-heer me-heer marked this pull request as ready for review January 26, 2024 09:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KN4CK3R KN4CK3R KN4CK3R left review comments

Assignees
No one assigned
Labels
lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. modifies/api This PR adds API routes or modifies them
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unnecessary required parameter in api
4 participants
@me-heer @KN4CK3R @techknowlogick @GiteaBot