Warn that DISABLE_QUERY_AUTH_TOKEN is false only if it's explicitly defined (#28783) (#28868)

GiteaBot · yardenshoham · web-flow · commit e3dfb512d6fe · 2024-01-21T15:21:22.000Z
Backport #28783 by @yardenshoham So we don't warn on default behavior - Fixes #28758 - Follows #28390 Signed-off-by: Yarden Shoham <git@yardenshoham.com> Co-authored-by: Yarden Shoham <git@yardenshoham.com>
diff --git a/modules/setting/security.go b/modules/setting/security.go
@@ -161,10 +161,13 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
 		}
 	}
 
+	sectionHasDisableQueryAuthToken := sec.HasKey("DISABLE_QUERY_AUTH_TOKEN")
+
 	// TODO: default value should be true in future releases
 	DisableQueryAuthToken = sec.Key("DISABLE_QUERY_AUTH_TOKEN").MustBool(false)
 
-	if !DisableQueryAuthToken {
+	// warn if the setting is set to false explicitly
+	if sectionHasDisableQueryAuthToken && !DisableQueryAuthToken {
 		log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.")
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -161,10 +161,13 @@ func loadSecurityFrom(rootCfg ConfigProvider) {`
`161`	`161`	`}`
`162`	`162`	`}`
`163`	`163`
	`164`	`+ sectionHasDisableQueryAuthToken := sec.HasKey("DISABLE_QUERY_AUTH_TOKEN")`
	`165`	`+`
`164`	`166`	`// TODO: default value should be true in future releases`
`165`	`167`	`DisableQueryAuthToken = sec.Key("DISABLE_QUERY_AUTH_TOKEN").MustBool(false)`
`166`	`168`
`167`		`- if !DisableQueryAuthToken {`
	`169`	`+ // warn if the setting is set to false explicitly`
	`170`	`+ if sectionHasDisableQueryAuthToken && !DisableQueryAuthToken {`
`168`	`171`	`log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.")`
`169`	`172`	`}`
`170`	`173`	`}`