update golangci-lint to v2.7.0 (#36079)

- Update and autofix most issues
- Corrected variable names to `cutOk`
- Impossible condition in `services/migrations/onedev_test.go` removed
- `modules/setting/config_env.go:128:3` looks like a false-positive,
added nolint

Makefile

@@ -32,7 +32,7 @@ XGO_VERSION := go-1.25.x
 AIR_PACKAGE ?= github.com/air-verse/air@v1
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.9.2
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.6.0
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.7.0
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.15
 MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/misspell@v0.7.0
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.1

modules/git/attribute/attribute.go

@@ -96,8 +96,8 @@ func (attrs *Attributes) GetGitlabLanguage() optional.Option[string] {
 		// gitlab-language may have additional parameters after the language
 		// ignore them and just use the main language
 		// https://docs.gitlab.com/ee/user/project/highlighting.html#override-syntax-highlighting-for-a-file-type
-		if idx := strings.IndexByte(raw, '?'); idx >= 0 {
-			return optional.Some(raw[:idx])
+		if before, _, ok := strings.Cut(raw, "?"); ok {
+			return optional.Some(before)
 		}
 	}
 	return attrStr

modules/git/foreachref/parser.go

@@ -113,10 +113,10 @@ func (p *Parser) parseRef(refBlock string) (map[string]string, error) {
 
 		var fieldKey string
 		var fieldVal string
-		firstSpace := strings.Index(field, " ")
-		if firstSpace > 0 {
-			fieldKey = field[:firstSpace]
-			fieldVal = field[firstSpace+1:]
+		before, after, ok := strings.Cut(field, " ")
+		if ok {
+			fieldKey = before
+			fieldVal = after
 		} else {
 			// could be the case if the requested field had no value
 			fieldKey = field

modules/git/parse.go

@@ -27,15 +27,15 @@ func parseLsTreeLine(line []byte) (*LsTreeEntry, error) {
 	// <mode> <type> <sha>\t<filename>
 
 	var err error
-	posTab := bytes.IndexByte(line, '\t')
-	if posTab == -1 {
+	before, after, ok := bytes.Cut(line, []byte{'\t'})
+	if !ok {
 		return nil, fmt.Errorf("invalid ls-tree output (no tab): %q", line)
 	}
 
 	entry := new(LsTreeEntry)
 
-	entryAttrs := line[:posTab]
-	entryName := line[posTab+1:]
+	entryAttrs := before
+	entryName := after
 
 	entryMode, entryAttrs, _ := bytes.Cut(entryAttrs, sepSpace)
 	_ /* entryType */, entryAttrs, _ = bytes.Cut(entryAttrs, sepSpace) // the type is not used, the mode is enough to determine the type

modules/highlight/highlight.go

@@ -77,8 +77,8 @@ func Code(fileName, language, code string) (output template.HTML, lexerName stri
 
 		if lexer == nil {
 			// Attempt stripping off the '?'
-			if idx := strings.IndexByte(language, '?'); idx > 0 {
-				lexer = lexers.Get(language[:idx])
+			if before, _, ok := strings.Cut(language, "?"); ok {
+				lexer = lexers.Get(before)
 			}
 		}
 	}

modules/indexer/code/internal/util.go

@@ -17,20 +17,20 @@ func FilenameIndexerID(repoID int64, filename string) string {
 }
 
 func ParseIndexerID(indexerID string) (int64, string) {
-	index := strings.IndexByte(indexerID, '_')
-	if index == -1 {
+	before, after, ok := strings.Cut(indexerID, "_")
+	if !ok {
 		log.Error("Unexpected ID in repo indexer: %s", indexerID)
 	}
-	repoID, _ := internal.ParseBase36(indexerID[:index])
-	return repoID, indexerID[index+1:]
+	repoID, _ := internal.ParseBase36(before)
+	return repoID, after
 }
 
 func FilenameOfIndexerID(indexerID string) string {
-	index := strings.IndexByte(indexerID, '_')
-	if index == -1 {
+	_, after, ok := strings.Cut(indexerID, "_")
+	if !ok {
 		log.Error("Unexpected ID in repo indexer: %s", indexerID)
 	}
-	return indexerID[index+1:]
+	return after
 }
 
 // FilenameMatchIndexPos returns the boundaries of its first seven lines.

modules/markup/html_link.go

@@ -33,7 +33,7 @@ func shortLinkProcessor(ctx *RenderContext, node *html.Node) {
 		// Of text and link contents
 		sl := strings.SplitSeq(content, "|")
 		for v := range sl {
-			if equalPos := strings.IndexByte(v, '='); equalPos == -1 {
+			if found := strings.Contains(v, "="); !found {
 				// There is no equal in this argument; this is a mandatory arg
 				if props["name"] == "" {
 					if IsFullURLString(v) {
@@ -55,8 +55,8 @@ func shortLinkProcessor(ctx *RenderContext, node *html.Node) {
 			} else {
 				// There is an equal; optional argument.
 
-				sep := strings.IndexByte(v, '=')
-				key, val := v[:sep], html.UnescapeString(v[sep+1:])
+				before, after, _ := strings.Cut(v, "=")
+				key, val := before, html.UnescapeString(after)
 
 				// When parsing HTML, x/net/html will change all quotes which are
 				// not used for syntax into UTF-8 quotes. So checking val[0] won't

modules/setting/config_env.go

@@ -51,10 +51,10 @@ func decodeEnvSectionKey(encoded string) (ok bool, section, key string) {
 	for _, unescapeIdx := range escapeStringIndices {
 		preceding := encoded[last:unescapeIdx[0]]
 		if !inKey {
-			if splitter := strings.Index(preceding, "__"); splitter > -1 {
-				section += preceding[:splitter]
+			if before, after, cutOk := strings.Cut(preceding, "__"); cutOk {
+				section += before
 				inKey = true
-				key += preceding[splitter+2:]
+				key += after
 			} else {
 				section += preceding
 			}
@@ -77,9 +77,9 @@ func decodeEnvSectionKey(encoded string) (ok bool, section, key string) {
 	}
 	remaining := encoded[last:]
 	if !inKey {
-		if splitter := strings.Index(remaining, "__"); splitter > -1 {
-			section += remaining[:splitter]
-			key += remaining[splitter+2:]
+		if before, after, cutOk := strings.Cut(remaining, "__"); cutOk {
+			section += before
+			key += after
 		} else {
 			section += remaining
 		}
@@ -111,21 +111,21 @@ func decodeEnvironmentKey(prefixGitea, suffixFile, envKey string) (ok bool, sect
 
 func EnvironmentToConfig(cfg ConfigProvider, envs []string) (changed bool) {
 	for _, kv := range envs {
-		idx := strings.IndexByte(kv, '=')
-		if idx < 0 {
+		before, after, ok := strings.Cut(kv, "=")
+		if !ok {
 			continue
 		}
 
 		// parse the environment variable to config section name and key name
-		envKey := kv[:idx]
-		envValue := kv[idx+1:]
+		envKey := before
+		envValue := after
 		ok, sectionName, keyName, useFileValue := decodeEnvironmentKey(EnvConfigKeyPrefixGitea, EnvConfigKeySuffixFile, envKey)
 		if !ok {
 			continue
 		}
 
 		// use environment value as config value, or read the file content as value if the key indicates a file
-		keyValue := envValue
+		keyValue := envValue //nolint:staticcheck // false positive
 		if useFileValue {
 			fileContent, err := os.ReadFile(envValue)
 			if err != nil {

modules/validation/binding.go

@@ -215,8 +215,8 @@ func addValidGroupTeamMapRule() {
 }
 
 func portOnly(hostport string) string {
-	colon := strings.IndexByte(hostport, ':')
-	if colon == -1 {
+	_, after, ok := strings.Cut(hostport, ":")
+	if !ok {
 		return ""
 	}
 	if i := strings.Index(hostport, "]:"); i != -1 {
@@ -225,7 +225,7 @@ func portOnly(hostport string) string {
 	if strings.Contains(hostport, "]") {
 		return ""
 	}
-	return hostport[colon+len(":"):]
+	return after
 }
 
 func validPort(p string) bool {

routers/api/v1/admin/user.go

@@ -216,9 +216,12 @@ func EditUser(ctx *context.APIContext) {
 	}
 
 	if form.Email != nil {
-		if err := user_service.AdminAddOrSetPrimaryEmailAddress(ctx, ctx.ContextUser, *form.Email); err != nil {
+		if err := user_service.ReplacePrimaryEmailAddress(ctx, ctx.ContextUser, *form.Email); err != nil {
 			switch {
 			case user_model.IsErrEmailCharIsNotSupported(err), user_model.IsErrEmailInvalid(err):
+				if !user_model.IsEmailDomainAllowed(*form.Email) {
+					err = fmt.Errorf("the domain of user email %s conflicts with EMAIL_DOMAIN_ALLOWLIST or EMAIL_DOMAIN_BLOCKLIST", *form.Email)
+				}
 				ctx.APIError(http.StatusBadRequest, err)
 			case user_model.IsErrEmailAlreadyUsed(err):
 				ctx.APIError(http.StatusBadRequest, err)
@@ -227,10 +230,6 @@ func EditUser(ctx *context.APIContext) {
 			}
 			return
 		}
-
-		if !user_model.IsEmailDomainAllowed(*form.Email) {
-			ctx.Resp.Header().Add("X-Gitea-Warning", fmt.Sprintf("the domain of user email %s conflicts with EMAIL_DOMAIN_ALLOWLIST or EMAIL_DOMAIN_BLOCKLIST", *form.Email))
-		}
 	}
 
 	opts := &user_service.UpdateOptions{

services/auth/source/pam/source_authenticate.go

@@ -35,9 +35,9 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
 	// Allow PAM sources with `@` in their name, like from Active Directory
 	username := pamLogin
 	email := pamLogin
-	idx := strings.Index(pamLogin, "@")
-	if idx > -1 {
-		username = pamLogin[:idx]
+	before, _, ok := strings.Cut(pamLogin, "@")
+	if ok {
+		username = before
 	}
 	if user_model.ValidateEmail(email) != nil {
 		if source.EmailDomain != "" {

services/auth/source/smtp/source_authenticate.go

@@ -21,10 +21,10 @@ import (
 func (source *Source) Authenticate(ctx context.Context, user *user_model.User, userName, password string) (*user_model.User, error) {
 	// Verify allowed domains.
 	if len(source.AllowedDomains) > 0 {
-		idx := strings.Index(userName, "@")
-		if idx == -1 {
+		_, after, ok := strings.Cut(userName, "@")
+		if !ok {
 			return nil, user_model.ErrUserNotExist{Name: userName}
-		} else if !util.SliceContainsString(strings.Split(source.AllowedDomains, ","), userName[idx+1:], true) {
+		} else if !util.SliceContainsString(strings.Split(source.AllowedDomains, ","), after, true) {
 			return nil, user_model.ErrUserNotExist{Name: userName}
 		}
 	}
@@ -61,9 +61,9 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
 	}
 
 	username := userName
-	idx := strings.Index(userName, "@")
-	if idx > -1 {
-		username = userName[:idx]
+	before, _, ok := strings.Cut(userName, "@")
+	if ok {
+		username = before
 	}
 
 	user = &user_model.User{

services/mailer/sender/sendmail.go

@@ -33,7 +33,13 @@ func (s *SendmailSender) Send(from string, to []string, msg io.WriterTo) error {
 
 	args := []string{"-f", envelopeFrom, "-i"}
 	args = append(args, setting.MailService.SendmailArgs...)
-	args = append(args, to...)
+	for _, recipient := range to {
+		smtpTo, err := sanitizeEmailAddress(recipient)
+		if err != nil {
+			return fmt.Errorf("invalid recipient address %q: %w", recipient, err)
+		}
+		args = append(args, smtpTo)
+	}
 	log.Trace("Sending with: %s %v", setting.MailService.SendmailPath, args)
 
 	desc := fmt.Sprintf("SendMail: %s %v", setting.MailService.SendmailPath, args)

services/mailer/sender/smtp.go

@@ -9,13 +9,13 @@ import (
 	"fmt"
 	"io"
 	"net"
+	"net/mail"
+	"net/smtp"
 	"os"
 	"strings"
 
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/wneessen/go-mail/smtp"
 )
 
 // SMTPSender Sender SMTP mail sender
@@ -108,7 +108,7 @@ func (s *SMTPSender) Send(from string, to []string, msg io.WriterTo) error {
 		if strings.Contains(options, "CRAM-MD5") {
 			auth = smtp.CRAMMD5Auth(opts.User, opts.Passwd)
 		} else if strings.Contains(options, "PLAIN") {
-			auth = smtp.PlainAuth("", opts.User, opts.Passwd, host, false)
+			auth = smtp.PlainAuth("", opts.User, opts.Passwd, host)
 		} else if strings.Contains(options, "LOGIN") {
 			// Patch for AUTH LOGIN
 			auth = LoginAuth(opts.User, opts.Passwd)
@@ -123,18 +123,24 @@ func (s *SMTPSender) Send(from string, to []string, msg io.WriterTo) error {
 		}
 	}
 
-	if opts.OverrideEnvelopeFrom {
-		if err = client.Mail(opts.EnvelopeFrom); err != nil {
-			return fmt.Errorf("failed to issue MAIL command: %w", err)
-		}
-	} else {
-		if err = client.Mail(fmt.Sprintf("<%s>", from)); err != nil {
-			return fmt.Errorf("failed to issue MAIL command: %w", err)
-		}
+	fromAddr := from
+	if opts.OverrideEnvelopeFrom && opts.EnvelopeFrom != "" {
+		fromAddr = opts.EnvelopeFrom
+	}
+	smtpFrom, err := sanitizeEmailAddress(fromAddr)
+	if err != nil {
+		return fmt.Errorf("invalid envelope from address: %w", err)
+	}
+	if err = client.Mail(smtpFrom); err != nil {
+		return fmt.Errorf("failed to issue MAIL command: %w", err)
 	}
 
 	for _, rec := range to {
-		if err = client.Rcpt(rec); err != nil {
+		smtpTo, err := sanitizeEmailAddress(rec)
+		if err != nil {
+			return fmt.Errorf("invalid recipient address %q: %w", rec, err)
+		}
+		if err = client.Rcpt(smtpTo); err != nil {
 			return fmt.Errorf("failed to issue RCPT command: %w", err)
 		}
 	}
@@ -155,3 +161,11 @@ func (s *SMTPSender) Send(from string, to []string, msg io.WriterTo) error {
 
 	return nil
 }
+
+func sanitizeEmailAddress(raw string) (string, error) {
+	addr, err := mail.ParseAddress(strings.TrimSpace(strings.Trim(raw, "<>")))
+	if err != nil {
+		return "", err
+	}
+	return addr.Address, nil
+}

services/mailer/sender/smtp_auth.go

@@ -6,9 +6,9 @@ package sender
 import (
 	"errors"
 	"fmt"
+	"net/smtp"
 
 	"github.com/Azure/go-ntlmssp"
-	"github.com/wneessen/go-mail/smtp"
 )
 
 type loginAuth struct {

services/mailer/sender/smtp_test.go

@@ -0,0 +1,30 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package sender
+
+import "testing"
+
+func TestSanitizeEmailAddress(t *testing.T) {
+	tests := []struct {
+		input    string
+		expected string
+		hasError bool
+	}{
+		{"abc@gitea.com", "abc@gitea.com", false},
+		{"<abc@gitea.com>", "abc@gitea.com", false},
+		{"ssss.com", "", true},
+		{"<invalid-email>", "", true},
+	}
+
+	for _, tt := range tests {
+		result, err := sanitizeEmailAddress(tt.input)
+		if (err != nil) != tt.hasError {
+			t.Errorf("sanitizeEmailAddress(%q) unexpected error status: got %v, want error: %v", tt.input, err != nil, tt.hasError)
+			continue
+		}
+		if result != tt.expected {
+			t.Errorf("sanitizeEmailAddress(%q) = %q; want %q", tt.input, result, tt.expected)
+		}
+	}
+}

services/migrations/onedev_test.go

@@ -23,9 +23,6 @@ func TestOneDevDownloadRepo(t *testing.T) {
 	u, _ := url.Parse("https://code.onedev.io")
 	ctx := t.Context()
 	downloader := NewOneDevDownloader(ctx, u, "", "", "go-gitea-test_repo")
-	if err != nil {
-		t.Fatalf("NewOneDevDownloader is nil: %v", err)
-	}
 	repo, err := downloader.GetRepoInfo(ctx)
 	assert.NoError(t, err)
 	assertRepositoryEqual(t, &base.Repository{

services/repository/gitgraph/graph_test.go

@@ -238,8 +238,8 @@ func TestCommitStringParsing(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.testName, func(t *testing.T) {
 			testString := fmt.Sprintf("%s%s", dataFirstPart, test.commitMessage)
-			idx := strings.Index(testString, "DATA:")
-			commit, err := NewCommit(0, 0, []byte(testString[idx+5:]))
+			_, after, _ := strings.Cut(testString, "DATA:")
+			commit, err := NewCommit(0, 0, []byte(after))
 			if err != nil && test.shouldPass {
 				t.Errorf("Could not parse %s", testString)
 				return

services/repository/gitgraph/parser.go

@@ -44,11 +44,11 @@ func (parser *Parser) Reset() {
 
 // AddLineToGraph adds the line as a row to the graph
 func (parser *Parser) AddLineToGraph(graph *Graph, row int, line []byte) error {
-	idx := bytes.Index(line, []byte("DATA:"))
-	if idx < 0 {
+	before, after, ok := bytes.Cut(line, []byte("DATA:"))
+	if !ok {
 		parser.ParseGlyphs(line)
 	} else {
-		parser.ParseGlyphs(line[:idx])
+		parser.ParseGlyphs(before)
 	}
 
 	var err error
@@ -72,7 +72,7 @@ func (parser *Parser) AddLineToGraph(graph *Graph, row int, line []byte) error {
 				}
 			}
 			commitDone = true
-			if idx < 0 {
+			if !ok {
 				if err != nil {
 					err = fmt.Errorf("missing data section on line %d with commit: %s. %w", row, string(line), err)
 				} else {
@@ -80,7 +80,7 @@ func (parser *Parser) AddLineToGraph(graph *Graph, row int, line []byte) error {
 				}
 				continue
 			}
-			err2 := graph.AddCommit(row, column, flowID, line[idx+5:])
+			err2 := graph.AddCommit(row, column, flowID, after)
 			if err != nil && err2 != nil {
 				err = fmt.Errorf("%v %w", err2, err)
 				continue

services/user/email.go

@@ -14,60 +14,6 @@ import (
 	"code.gitea.io/gitea/modules/util"
 )
 
-// AdminAddOrSetPrimaryEmailAddress is used by admins to add or set a user's primary email address
-func AdminAddOrSetPrimaryEmailAddress(ctx context.Context, u *user_model.User, emailStr string) error {
-	if strings.EqualFold(u.Email, emailStr) {
-		return nil
-	}
-
-	if err := user_model.ValidateEmailForAdmin(emailStr); err != nil {
-		return err
-	}
-
-	// Check if address exists already
-	email, err := user_model.GetEmailAddressByEmail(ctx, emailStr)
-	if err != nil && !errors.Is(err, util.ErrNotExist) {
-		return err
-	}
-	if email != nil && email.UID != u.ID {
-		return user_model.ErrEmailAlreadyUsed{Email: emailStr}
-	}
-
-	// Update old primary address
-	primary, err := user_model.GetPrimaryEmailAddressOfUser(ctx, u.ID)
-	if err != nil {
-		return err
-	}
-
-	primary.IsPrimary = false
-	if err := user_model.UpdateEmailAddress(ctx, primary); err != nil {
-		return err
-	}
-
-	// Insert new or update existing address
-	if email != nil {
-		email.IsPrimary = true
-		email.IsActivated = true
-		if err := user_model.UpdateEmailAddress(ctx, email); err != nil {
-			return err
-		}
-	} else {
-		email = &user_model.EmailAddress{
-			UID:         u.ID,
-			Email:       emailStr,
-			IsActivated: true,
-			IsPrimary:   true,
-		}
-		if _, err := user_model.InsertEmailAddress(ctx, email); err != nil {
-			return err
-		}
-	}
-
-	u.Email = emailStr
-
-	return user_model.UpdateUserCols(ctx, u, "email")
-}
-
 func ReplacePrimaryEmailAddress(ctx context.Context, u *user_model.User, emailStr string) error {
 	if strings.EqualFold(u.Email, emailStr) {
 		return nil

services/user/email_test.go

@@ -9,61 +9,10 @@ import (
 	organization_model "code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/glob"
-	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/stretchr/testify/assert"
 )
 
-func TestAdminAddOrSetPrimaryEmailAddress(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 27})
-
-	emails, err := user_model.GetEmailAddresses(t.Context(), user.ID)
-	assert.NoError(t, err)
-	assert.Len(t, emails, 1)
-
-	primary, err := user_model.GetPrimaryEmailAddressOfUser(t.Context(), user.ID)
-	assert.NoError(t, err)
-	assert.NotEqual(t, "new-primary@example.com", primary.Email)
-	assert.Equal(t, user.Email, primary.Email)
-
-	assert.NoError(t, AdminAddOrSetPrimaryEmailAddress(t.Context(), user, "new-primary@example.com"))
-
-	primary, err = user_model.GetPrimaryEmailAddressOfUser(t.Context(), user.ID)
-	assert.NoError(t, err)
-	assert.Equal(t, "new-primary@example.com", primary.Email)
-	assert.Equal(t, user.Email, primary.Email)
-
-	emails, err = user_model.GetEmailAddresses(t.Context(), user.ID)
-	assert.NoError(t, err)
-	assert.Len(t, emails, 2)
-
-	setting.Service.EmailDomainAllowList = []glob.Glob{glob.MustCompile("example.org")}
-	defer func() {
-		setting.Service.EmailDomainAllowList = []glob.Glob{}
-	}()
-
-	assert.NoError(t, AdminAddOrSetPrimaryEmailAddress(t.Context(), user, "new-primary2@example2.com"))
-
-	primary, err = user_model.GetPrimaryEmailAddressOfUser(t.Context(), user.ID)
-	assert.NoError(t, err)
-	assert.Equal(t, "new-primary2@example2.com", primary.Email)
-	assert.Equal(t, user.Email, primary.Email)
-
-	assert.NoError(t, AdminAddOrSetPrimaryEmailAddress(t.Context(), user, "user27@example.com"))
-
-	primary, err = user_model.GetPrimaryEmailAddressOfUser(t.Context(), user.ID)
-	assert.NoError(t, err)
-	assert.Equal(t, "user27@example.com", primary.Email)
-	assert.Equal(t, user.Email, primary.Email)
-
-	emails, err = user_model.GetEmailAddresses(t.Context(), user.ID)
-	assert.NoError(t, err)
-	assert.Len(t, emails, 3)
-}
-
 func TestReplacePrimaryEmailAddress(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
 

tests/integration/api_admin_test.go

@@ -382,10 +382,12 @@ func TestAPIEditUser_NotAllowedEmailDomain(t *testing.T) {
 		SourceID:  0,
 		Email:     &newEmail,
 	}).AddTokenAuth(token)
-	resp := MakeRequest(t, req, http.StatusOK)
-	assert.Equal(t, "the domain of user email user2@example1.com conflicts with EMAIL_DOMAIN_ALLOWLIST or EMAIL_DOMAIN_BLOCKLIST", resp.Header().Get("X-Gitea-Warning"))
+	resp := MakeRequest(t, req, http.StatusBadRequest)
+	errMap := make(map[string]string)
+	assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), &errMap))
+	assert.Equal(t, "the domain of user email user2@example1.com conflicts with EMAIL_DOMAIN_ALLOWLIST or EMAIL_DOMAIN_BLOCKLIST", errMap["message"])
 
-	originalEmail := "user2@example.com"
+	originalEmail := "user2@example.org"
 	req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
 		LoginName: "user2",
 		SourceID:  0,