Move POST /{username}/action/{action} to simply POST /{username} (#18045)

zeripath · web-flow · commit 0ac845042e14 · 2021-12-20T17:18:26.000Z
The current code unfortunately requires that `action` be a reserved repository name as it prevents posts to change the settings for action repositories. However, we can simply change action handler to work on POST /{username} instead. Fix #18037 Signed-off-by: Andrew Thornton <art27@cantab.net>
diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go
@@ -363,15 +363,15 @@ func Action(ctx *context.Context) {
 	}
 
 	var err error
-	switch ctx.Params(":action") {
+	switch ctx.FormString("action") {
 	case "follow":
 		err = user_model.FollowUser(ctx.User.ID, u.ID)
 	case "unfollow":
 		err = user_model.UnfollowUser(ctx.User.ID, u.ID)
 	}
 
 	if err != nil {
-		ctx.ServerError(fmt.Sprintf("Action (%s)", ctx.Params(":action")), err)
+		ctx.ServerError(fmt.Sprintf("Action (%s)", ctx.FormString("action")), err)
 		return
 	}
 	// FIXME: We should check this URL and make sure that it's a valid Gitea URL
diff --git a/routers/web/web.go b/routers/web/web.go
@@ -484,9 +484,7 @@ func RegisterRoutes(m *web.Route) {
 		m.Get("/attachments/{uuid}", repo.GetAttachment)
 	}, ignSignIn)
 
-	m.Group("/{username}", func() {
-		m.Post("/action/{action}", user.Action)
-	}, reqSignIn)
+	m.Post("/{username}", reqSignIn, user.Action)
 
 	if !setting.IsProd {
 		m.Get("/template/*", dev.TemplatePreview)
diff --git a/templates/user/profile.tmpl b/templates/user/profile.tmpl
@@ -66,12 +66,12 @@
 							{{if and .IsSigned (ne .SignedUserName .Owner.Name)}}
 							<li class="follow">
 								{{if $.IsFollowing}}
-									<form method="post" action="{{.Link}}/action/unfollow?redirect_to={{$.Link}}">
+									<form method="post" action="{{.Link}}?action=unfollow&redirect_to={{$.Link}}">
 										{{$.CsrfTokenHtml}}
 										<button type="submit" class="ui basic red button">{{svg "octicon-person"}} {{.i18n.Tr "user.unfollow"}}</button>
 									</form>
 								{{else}}
-									<form method="post" action="{{.Link}}/action/follow?redirect_to={{$.Link}}">
+									<form method="post" action="{{.Link}}?action=follow&redirect_to={{$.Link}}">
 										{{$.CsrfTokenHtml}}
 										<button type="submit" class="ui basic green button">{{svg "octicon-person"}} {{.i18n.Tr "user.follow"}}</button>
 									</form>

Original file line number	Diff line number	Diff line change
`@@ -363,15 +363,15 @@ func Action(ctx *context.Context) {`
`363`	`363`	`}`
`364`	`364`
`365`	`365`	`var err error`
`366`		`- switch ctx.Params(":action") {`
	`366`	`+ switch ctx.FormString("action") {`
`367`	`367`	`case "follow":`
`368`	`368`	`err = user_model.FollowUser(ctx.User.ID, u.ID)`
`369`	`369`	`case "unfollow":`
`370`	`370`	`err = user_model.UnfollowUser(ctx.User.ID, u.ID)`
`371`	`371`	`}`
`372`	`372`
`373`	`373`	`if err != nil {`
`374`		`- ctx.ServerError(fmt.Sprintf("Action (%s)", ctx.Params(":action")), err)`
	`374`	`+ ctx.ServerError(fmt.Sprintf("Action (%s)", ctx.FormString("action")), err)`
`375`	`375`	`return`
`376`	`376`	`}`
`377`	`377`	`// FIXME: We should check this URL and make sure that it's a valid Gitea URL`