From 5a7bacb005b092f41640a4f72bba78d4918a9fb1 Mon Sep 17 00:00:00 2001
From: Yarden Shoham <git@yardenshoham.com>
Date: Sun, 14 Jan 2024 22:20:18 +0200
Subject: [PATCH] Warn that `DISABLE_QUERY_AUTH_TOKEN` is false only if it's
 explicitly defined (#28783)

So we don't warn on default behavior

- Fixes https://github.com/go-gitea/gitea/issues/28758
- Follows https://github.com/go-gitea/gitea/pull/28390

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
---
 modules/setting/security.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/setting/security.go b/modules/setting/security.go
index 4adfe20635..380360a696 100644
--- a/modules/setting/security.go
+++ b/modules/setting/security.go
@@ -159,10 +159,13 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
 		}
 	}
 
+	sectionHasDisableQueryAuthToken := sec.HasKey("DISABLE_QUERY_AUTH_TOKEN")
+
 	// TODO: default value should be true in future releases
 	DisableQueryAuthToken = sec.Key("DISABLE_QUERY_AUTH_TOKEN").MustBool(false)
 
-	if !DisableQueryAuthToken {
+	// warn if the setting is set to false explicitly
+	if sectionHasDisableQueryAuthToken && !DisableQueryAuthToken {
 		log.Warn("Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.")
 	}
 }