#1127: hide user e-mail when API caller isn't signed in

author: Unknwon <u@gogs.io> 2015-07-14 23:21:34 +0800
committer: Unknwon <u@gogs.io> 2015-07-15 12:59:43 +0800
commit: 4cbbaefd8281354e7e69078ceb52b30c8478642f (patch)
tree: be3c65f18bece90a173de84aa2cad0515f9b7081
parent: ccf17a6ecb8de10eb44f776f8cd2196ddbe3ee31 (diff)
2 files changed, 6 insertions, 0 deletions
diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go
index b2aaae10..8f86b791 100644
--- a/modules/middleware/auth.go
+++ b/modules/middleware/auth.go
@@ -69,6 +69,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 	}
 }
 
+// Contexter middleware already checks token for user sign in process.
 func ApiReqToken() macaron.Handler {
 	return func(ctx *Context) {
 		if !ctx.IsSigned {
diff --git a/routers/api/v1/user.go b/routers/api/v1/user.go
index e9ba615f..a4648297 100644
--- a/routers/api/v1/user.go
+++ b/routers/api/v1/user.go
@@ -68,5 +68,10 @@ func GetUserInfo(ctx *middleware.Context) {
 		}
 		return
 	}
+
+	// Hide user e-mail when API caller isn't signed in.
+	if !ctx.IsSigned {
+		u.Email = ""
+	}
 	ctx.JSON(200, &api.User{u.Id, u.Name, u.FullName, u.Email, u.AvatarLink()})
 }
author	Unknwon <u@gogs.io>	2015-07-14 23:21:34 +0800
committer	Unknwon <u@gogs.io>	2015-07-15 12:59:43 +0800
commit	4cbbaefd8281354e7e69078ceb52b30c8478642f (patch)
tree	be3c65f18bece90a173de84aa2cad0515f9b7081
parent	ccf17a6ecb8de10eb44f776f8cd2196ddbe3ee31 (diff)