chore: load 2fa status for user search when needed (#6727)

- Don't make an extra database call to gather the 2FA status of the users returned from the search. Only load it for the admin's user list page. - Integration testing added. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6727 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-03-14 15:52:43 +00:00 · 2025-01-29 17:57:55 +00:00 · 2025-01-29 17:57:55 +00:00 · 59dfab2d8b
commit 59dfab2d8b
parent 4cc0320ed0
4 changed files with 33 additions and 7 deletions
--- a/models/user/search.go
+++ b/models/user/search.go
@ -40,6 +40,7 @@ type SearchUserOptions struct {
 	IsProhibitLogin    optional.Option[bool]
 	IncludeReserved    bool

+	Load2FAStatus     bool
 	ExtraParamStrings map[string]string
 }

--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@ -83,6 +83,7 @@ func Users(ctx *context.Context) {
 		IsTwoFactorEnabled: util.OptionalBoolParse(statusFilterMap["is_2fa_enabled"]),
 		IsProhibitLogin:    util.OptionalBoolParse(statusFilterMap["is_prohibit_login"]),
 		IncludeReserved:    true, // administrator needs to list all accounts include reserved, bot, remote ones
+		Load2FAStatus:      true,
 		ExtraParamStrings:  extraParamStrings,
 	}, tplUsers)
 }
--- a/routers/web/explore/user.go
+++ b/routers/web/explore/user.go
@ -114,7 +114,9 @@ func RenderUserSearch(ctx *context.Context, opts *user_model.SearchUserOptions,
 	ctx.Data["Keyword"] = opts.Keyword
 	ctx.Data["Total"] = count
 	ctx.Data["Users"] = users
-	ctx.Data["UsersTwoFaStatus"] = user_model.UserList(users).GetTwoFaStatus(ctx)
+	if opts.Load2FAStatus {
+		ctx.Data["UsersTwoFaStatus"] = user_model.UserList(users).GetTwoFaStatus(ctx)
+	}
 	ctx.Data["ShowUserEmail"] = setting.UI.ShowUserEmail
 	ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled

--- a/tests/integration/admin_user_test.go
+++ b/tests/integration/admin_user_test.go
@ -26,13 +26,35 @@ import (
 func TestAdminViewUsers(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()

-	session := loginUser(t, "user1")
-	req := NewRequest(t, "GET", "/admin/users")
-	session.MakeRequest(t, req, http.StatusOK)
+	t.Run("Admin user", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()

-	session = loginUser(t, "user2")
-	req = NewRequest(t, "GET", "/admin/users")
-	session.MakeRequest(t, req, http.StatusForbidden)
+		session := loginUser(t, "user1")
+		req := NewRequest(t, "GET", "/admin/users")
+		session.MakeRequest(t, req, http.StatusOK)
+
+		req = NewRequest(t, "GET", "/admin/users?status_filter[is_2fa_enabled]=1")
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		// 6th column is the 2FA column.
+		htmlDoc.AssertElement(t, ".admin-setting-content table tbody tr td:nth-child(6) .octicon-check", true)
+	})
+
+	t.Run("Normal user", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		session := loginUser(t, "user2")
+		req := NewRequest(t, "GET", "/admin/users")
+		session.MakeRequest(t, req, http.StatusForbidden)
+	})
+
+	t.Run("Anonymous user", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/admin/users")
+		MakeRequest(t, req, http.StatusSeeOther)
+	})
 }

 func TestAdminViewUser(t *testing.T) {