From 2b1e67e0851ccaf040baf5331f5b66150a550afb Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Tue, 14 Jul 2015 23:21:34 +0800
Subject: [PATCH] #1127: hide user e-mail when API caller isn't signed in

---
 modules/middleware/auth.go | 1 +
 routers/api/v1/user.go     | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/modules/middleware/auth.go b/modules/middleware/auth.go
index b2aaae101d..8f86b79177 100644
--- a/modules/middleware/auth.go
+++ b/modules/middleware/auth.go
@@ -69,6 +69,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 	}
 }
 
+// Contexter middleware already checks token for user sign in process.
 func ApiReqToken() macaron.Handler {
 	return func(ctx *Context) {
 		if !ctx.IsSigned {
diff --git a/routers/api/v1/user.go b/routers/api/v1/user.go
index e9ba615fcb..a4648297b9 100644
--- a/routers/api/v1/user.go
+++ b/routers/api/v1/user.go
@@ -68,5 +68,10 @@ func GetUserInfo(ctx *middleware.Context) {
 		}
 		return
 	}
+
+	// Hide user e-mail when API caller isn't signed in.
+	if !ctx.IsSigned {
+		u.Email = ""
+	}
 	ctx.JSON(200, &api.User{u.Id, u.Name, u.FullName, u.Email, u.AvatarLink()})
 }