repobase/repobase
1
0
Fork 0
Code Issues 8 Pull requests Projects 1 Releases Packages Wiki Activity Actions 4

Fix API leaking Usermail if not logged in (#25097)

Browse source 
The API should only return the real Mail of a User, if the caller is
logged in. The check do to this don't work. This PR fixes this. This not
really a security issue, but can lead to Spam.

---------

Co-authored-by: silverwind <me@silverwind.io>
This commit is contained in:
JakobDev 2023-07-31 03:18:38 +02:00 committed by GitHub
parent 7dc2e50113
commit ea385f5d39
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
services/convert/user.go
View file

@ -51,7 +51,7 @@ func toUser(ctx context.Context, user *user_model.User, signed, authed bool) *ap
ID: user.ID,
UserName: user.Name,
FullName: user.FullName,
Email: user.GetEmail(),
Email: user.GetPlaceholderEmail(),
AvatarURL: user.AvatarLink(ctx),
Created: user.CreatedUnix.AsTime(),
Restricted: user.IsRestricted,