From 8d1cc79f841472aa2b251d184017e3770f73a0f2 Mon Sep 17 00:00:00 2001
From: 6543 <6543@obermui.de>
Date: Tue, 4 Apr 2023 06:13:57 +0200
Subject: [PATCH] drop "/{username}.png" in fafour of "/user/avatar/{username}"

---
 models/user/user.go                   |  1 +
 routers/web/web.go                    |  2 +-
 tests/integration/user_avatar_test.go | 11 +++++++++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/models/user/user.go b/models/user/user.go
index 82c2d3b6cdc1..b3c24958449a 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -537,6 +537,7 @@ var (
 		"gitea-actions",
 	}
 
+	// DON'T ADD ANY NEW STUFF, WE SOLVE THIS WITH `/user/{obj}` PATHS!
 	reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom"}
 )
 
diff --git a/routers/web/web.go b/routers/web/web.go
index 6b62ff6f8372..8fb0146caa05 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -536,6 +536,7 @@ func RegisterRoutes(m *web.Route) {
 		m.Get("/activate", auth.Activate)
 		m.Post("/activate", auth.ActivatePost)
 		m.Any("/activate_email", auth.ActivateEmail)
+		m.Get("/avatar/{username}", user.AvatarByUserName)
 		m.Get("/avatar/{username}/{size}", user.AvatarByUserName)
 		m.Get("/recover_account", auth.ResetPasswd)
 		m.Post("/recover_account", auth.ResetPasswdPost)
@@ -674,7 +675,6 @@ func RegisterRoutes(m *web.Route) {
 			http.ServeFile(ctx.Resp, ctx.Req, path.Join(setting.StaticRootPath, "public/img/favicon.png"))
 		})
 		m.Group("/{username}", func() {
-			m.Get(".png", user.AvatarByUserName)
 			m.Get(".keys", user.ShowSSHKeys)
 			m.Get(".gpg", user.ShowGPGKeys)
 			m.Get(".rss", feedEnabled, feed.ShowUserFeedRSS)
diff --git a/tests/integration/user_avatar_test.go b/tests/integration/user_avatar_test.go
index 7aeba6a334cf..7bfd2dcff599 100644
--- a/tests/integration/user_avatar_test.go
+++ b/tests/integration/user_avatar_test.go
@@ -5,6 +5,7 @@ package integration
 
 import (
 	"bytes"
+	"fmt"
 	"image/png"
 	"io"
 	"mime/multipart"
@@ -77,6 +78,16 @@ func TestUserAvatar(t *testing.T) {
 		req = NewRequest(t, "GET", user2.AvatarLinkWithSize(db.DefaultContext, 0))
 		_ = session.MakeRequest(t, req, http.StatusOK)
 
+		testGetAvatarRedirect(t, user2)
+
 		// Can't test if the response matches because the image is re-generated on upload but checking that this at least doesn't give a 404 should be enough.
 	})
 }
+
+func testGetAvatarRedirect(t *testing.T, user *user_model.User) {
+	t.Run(fmt.Sprintf("getAvatarRedirect_%s", user.Name), func(t *testing.T) {
+		req := NewRequestf(t, "GET", "/user/avatar/%s", user.Name)
+		resp := MakeRequest(t, req, http.StatusSeeOther)
+		assert.EqualValues(t, fmt.Sprintf("/avatars/%s", user.Avatar), resp.Header().Get("location"))
+	})
+}