Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Drop "/{username}.png" in favor of "/user/avatar/{username}" #23908

1 change: 1 addition & 0 deletions models/user/user.go
Original file line number Diff line number Diff line change
Expand Up @@ -537,6 +537,7 @@ var (
"gitea-actions",
}

// DON'T ADD ANY NEW STUFF, WE SOLVE THIS WITH `/user/{obj}` PATHS!
reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom"}
)

Expand Down
2 changes: 1 addition & 1 deletion routers/web/web.go
Original file line number Diff line number Diff line change
Expand Up @@ -536,6 +536,7 @@ func RegisterRoutes(m *web.Route) {
m.Get("/activate", auth.Activate)
m.Post("/activate", auth.ActivatePost)
m.Any("/activate_email", auth.ActivateEmail)
m.Get("/avatar/{username}", user.AvatarByUserName)
m.Get("/avatar/{username}/{size}", user.AvatarByUserName)
m.Get("/recover_account", auth.ResetPasswd)
m.Post("/recover_account", auth.ResetPasswdPost)
Expand Down Expand Up @@ -674,7 +675,6 @@ func RegisterRoutes(m *web.Route) {
http.ServeFile(ctx.Resp, ctx.Req, path.Join(setting.StaticRootPath, "public/img/favicon.png"))
})
m.Group("/{username}", func() {
m.Get(".png", user.AvatarByUserName)
m.Get(".keys", user.ShowSSHKeys)
m.Get(".gpg", user.ShowGPGKeys)
m.Get(".rss", feedEnabled, feed.ShowUserFeedRSS)
Expand Down
11 changes: 11 additions & 0 deletions tests/integration/user_avatar_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ package integration

import (
"bytes"
"fmt"
"image/png"
"io"
"mime/multipart"
Expand Down Expand Up @@ -77,6 +78,16 @@ func TestUserAvatar(t *testing.T) {
req = NewRequest(t, "GET", user2.AvatarLinkWithSize(db.DefaultContext, 0))
_ = session.MakeRequest(t, req, http.StatusOK)

testGetAvatarRedirect(t, user2)

// Can't test if the response matches because the image is re-generated on upload but checking that this at least doesn't give a 404 should be enough.
})
}

func testGetAvatarRedirect(t *testing.T, user *user_model.User) {
t.Run(fmt.Sprintf("getAvatarRedirect_%s", user.Name), func(t *testing.T) {
req := NewRequestf(t, "GET", "/user/avatar/%s", user.Name)
resp := MakeRequest(t, req, http.StatusSeeOther)
assert.EqualValues(t, fmt.Sprintf("/avatars/%s", user.Avatar), resp.Header().Get("location"))
})
}