From 61e8ca8ce020781c6c4685fe8dcc508a08f24bf8 Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Tue, 24 Mar 2015 15:55:12 +0100
Subject: [PATCH] Don't leak private group existence by redirecting from
 namespace controller to group controller.

---
 CHANGELOG                                |  1 +
 app/controllers/namespaces_controller.rb | 18 +++++++++++++-----
 app/models/concerns/mentionable.rb       |  2 +-
 lib/gitlab/markdown.rb                   |  2 +-
 4 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 25936eb1e1d..9f3abc9ba1f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -31,6 +31,7 @@ v 7.10.0 (unreleased)
   - Replace commits calendar with faster contribution calendar that includes issues and merge requests
   - Add inifinite scroll to user page activity
   - Don't show commit comment button when user is not signed in.
+  - Don't leak private group existence by redirecting from namespace controller to group controller.
 
 v 7.9.0
   - Send EmailsOnPush email when branch or tag is created or deleted.
diff --git a/app/controllers/namespaces_controller.rb b/app/controllers/namespaces_controller.rb
index b7a9d8c1291..386d103ee5a 100644
--- a/app/controllers/namespaces_controller.rb
+++ b/app/controllers/namespaces_controller.rb
@@ -4,14 +4,22 @@ class NamespacesController < ApplicationController
   def show
     namespace = Namespace.find_by(path: params[:id])
 
-    unless namespace
-      return render_404
+    if namespace
+      if namespace.is_a?(Group)
+        group = namespace
+      else
+        user = namespace.owner
+      end
     end
 
-    if namespace.type == "Group"
-      redirect_to group_path(namespace)
+    if user
+      redirect_to user_path(user)
+    elsif group && can?(current_user, :read_group, group)
+      redirect_to group_path(group)
+    elsif current_user.nil?
+      authenticate_user!
     else
-      redirect_to user_path(namespace.owner)
+      render_404
     end
   end
 end
diff --git a/app/models/concerns/mentionable.rb b/app/models/concerns/mentionable.rb
index 74900d4675d..d96e07034ec 100644
--- a/app/models/concerns/mentionable.rb
+++ b/app/models/concerns/mentionable.rb
@@ -52,7 +52,7 @@ module Mentionable
       if identifier == "all"
         users.push(*project.team.members.flatten)
       elsif namespace = Namespace.find_by(path: identifier)
-        if namespace.type == "Group"
+        if namespace.is_a?(Group)
           users.push(*namespace.users)
         else
           users << namespace.owner
diff --git a/lib/gitlab/markdown.rb b/lib/gitlab/markdown.rb
index e02e5b9fc3d..79e821d18ea 100644
--- a/lib/gitlab/markdown.rb
+++ b/lib/gitlab/markdown.rb
@@ -221,7 +221,7 @@ module Gitlab
         link_to("@all", namespace_project_url(project.namespace, project), options)
       elsif namespace = Namespace.find_by(path: identifier)
         url =
-          if namespace.type == "Group"
+          if namespace.is_a?(Group)
             group_url(identifier)
           else 
             user_url(identifier)
-- 
GitLab