1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234 |
- // Copyright 2014 The Gogs Authors. All rights reserved.
- // Copyright 2019 The Gitea Authors. All rights reserved.
- // SPDX-License-Identifier: MIT
-
- package user
-
- import (
- "context"
- "encoding/hex"
- "fmt"
- "net/url"
- "path/filepath"
- "regexp"
- "strings"
- "time"
- "unicode"
-
- _ "image/jpeg" // Needed for jpeg support
-
- "code.gitea.io/gitea/models/auth"
- "code.gitea.io/gitea/models/db"
- "code.gitea.io/gitea/modules/auth/openid"
- "code.gitea.io/gitea/modules/auth/password/hash"
- "code.gitea.io/gitea/modules/base"
- "code.gitea.io/gitea/modules/container"
- "code.gitea.io/gitea/modules/git"
- "code.gitea.io/gitea/modules/log"
- "code.gitea.io/gitea/modules/optional"
- "code.gitea.io/gitea/modules/setting"
- "code.gitea.io/gitea/modules/structs"
- "code.gitea.io/gitea/modules/timeutil"
- "code.gitea.io/gitea/modules/util"
- "code.gitea.io/gitea/modules/validation"
-
- "golang.org/x/text/runes"
- "golang.org/x/text/transform"
- "golang.org/x/text/unicode/norm"
- "xorm.io/builder"
- )
-
- // UserType defines the user type
- type UserType int //revive:disable-line:exported
-
- const (
- // UserTypeIndividual defines an individual user
- UserTypeIndividual UserType = iota // Historic reason to make it starts at 0.
-
- // UserTypeOrganization defines an organization
- UserTypeOrganization
-
- // UserTypeUserReserved reserves a (non-existing) user, i.e. to prevent a spam user from re-registering after being deleted, or to reserve the name until the user is actually created later on
- UserTypeUserReserved
-
- // UserTypeOrganizationReserved reserves a (non-existing) organization, to be used in combination with UserTypeUserReserved
- UserTypeOrganizationReserved
-
- // UserTypeBot defines a bot user
- UserTypeBot
-
- // UserTypeRemoteUser defines a remote user for federated users
- UserTypeRemoteUser
- )
-
- const (
- // EmailNotificationsEnabled indicates that the user would like to receive all email notifications except your own
- EmailNotificationsEnabled = "enabled"
- // EmailNotificationsOnMention indicates that the user would like to be notified via email when mentioned.
- EmailNotificationsOnMention = "onmention"
- // EmailNotificationsDisabled indicates that the user would not like to be notified via email.
- EmailNotificationsDisabled = "disabled"
- // EmailNotificationsAndYourOwn indicates that the user would like to receive all email notifications and your own
- EmailNotificationsAndYourOwn = "andyourown"
- )
-
- // User represents the object of individual and member of organization.
- type User struct {
- ID int64 `xorm:"pk autoincr"`
- LowerName string `xorm:"UNIQUE NOT NULL"`
- Name string `xorm:"UNIQUE NOT NULL"`
- FullName string
- // Email is the primary email address (to be used for communication)
- Email string `xorm:"NOT NULL"`
- KeepEmailPrivate bool
- EmailNotificationsPreference string `xorm:"VARCHAR(20) NOT NULL DEFAULT 'enabled'"`
- Passwd string `xorm:"NOT NULL"`
- PasswdHashAlgo string `xorm:"NOT NULL DEFAULT 'argon2'"`
-
- // MustChangePassword is an attribute that determines if a user
- // is to change their password after registration.
- MustChangePassword bool `xorm:"NOT NULL DEFAULT false"`
-
- LoginType auth.Type
- LoginSource int64 `xorm:"NOT NULL DEFAULT 0"`
- LoginName string
- Type UserType
- Location string
- Website string
- Rands string `xorm:"VARCHAR(32)"`
- Salt string `xorm:"VARCHAR(32)"`
- Language string `xorm:"VARCHAR(5)"`
- Description string
-
- CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
- UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
- LastLoginUnix timeutil.TimeStamp `xorm:"INDEX"`
-
- // Remember visibility choice for convenience, true for private
- LastRepoVisibility bool
- // Maximum repository creation limit, -1 means use global default
- MaxRepoCreation int `xorm:"NOT NULL DEFAULT -1"`
-
- // IsActive true: primary email is activated, user can access Web UI and Git SSH.
- // false: an inactive user can only log in Web UI for account operations (ex: activate the account by email), no other access.
- IsActive bool `xorm:"INDEX"`
- // the user is a Gitea admin, who can access all repositories and the admin pages.
- IsAdmin bool
- // true: the user is only allowed to see organizations/repositories that they has explicit rights to.
- // (ex: in private Gitea instances user won't be allowed to see even organizations/repositories that are set as public)
- IsRestricted bool `xorm:"NOT NULL DEFAULT false"`
-
- AllowGitHook bool
- AllowImportLocal bool // Allow migrate repository by local path
- AllowCreateOrganization bool `xorm:"DEFAULT true"`
-
- // true: the user is not allowed to log in Web UI. Git/SSH access could still be allowed (please refer to Git/SSH access related code/documents)
- ProhibitLogin bool `xorm:"NOT NULL DEFAULT false"`
-
- // Avatar
- Avatar string `xorm:"VARCHAR(2048) NOT NULL"`
- AvatarEmail string `xorm:"NOT NULL"`
- UseCustomAvatar bool
-
- // Counters
- NumFollowers int
- NumFollowing int `xorm:"NOT NULL DEFAULT 0"`
- NumStars int
- NumRepos int
-
- // For organization
- NumTeams int
- NumMembers int
- Visibility structs.VisibleType `xorm:"NOT NULL DEFAULT 0"`
- RepoAdminChangeTeamAccess bool `xorm:"NOT NULL DEFAULT false"`
-
- // Preferences
- DiffViewStyle string `xorm:"NOT NULL DEFAULT ''"`
- Theme string `xorm:"NOT NULL DEFAULT ''"`
- KeepActivityPrivate bool `xorm:"NOT NULL DEFAULT false"`
- }
-
- func init() {
- db.RegisterModel(new(User))
- }
-
- // SearchOrganizationsOptions options to filter organizations
- type SearchOrganizationsOptions struct {
- db.ListOptions
- All bool
- }
-
- func (u *User) LogString() string {
- if u == nil {
- return "<User nil>"
- }
- return fmt.Sprintf("<User %d:%s>", u.ID, u.Name)
- }
-
- // BeforeUpdate is invoked from XORM before updating this object.
- func (u *User) BeforeUpdate() {
- if u.MaxRepoCreation < -1 {
- u.MaxRepoCreation = -1
- }
-
- // Organization does not need email
- u.Email = strings.ToLower(u.Email)
- if !u.IsOrganization() {
- if len(u.AvatarEmail) == 0 {
- u.AvatarEmail = u.Email
- }
- }
-
- u.LowerName = strings.ToLower(u.Name)
- u.Location = base.TruncateString(u.Location, 255)
- u.Website = base.TruncateString(u.Website, 255)
- u.Description = base.TruncateString(u.Description, 255)
- }
-
- // AfterLoad is invoked from XORM after filling all the fields of this object.
- func (u *User) AfterLoad() {
- if u.Theme == "" {
- u.Theme = setting.UI.DefaultTheme
- }
- }
-
- // SetLastLogin set time to last login
- func (u *User) SetLastLogin() {
- u.LastLoginUnix = timeutil.TimeStampNow()
- }
-
- // GetPlaceholderEmail returns an noreply email
- func (u *User) GetPlaceholderEmail() string {
- return fmt.Sprintf("%s@%s", u.LowerName, setting.Service.NoReplyAddress)
- }
-
- // GetEmail returns an noreply email, if the user has set to keep his
- // email address private, otherwise the primary email address.
- func (u *User) GetEmail() string {
- if u.KeepEmailPrivate {
- return u.GetPlaceholderEmail()
- }
- return u.Email
- }
-
- // GetAllUsers returns a slice of all individual users found in DB.
- func GetAllUsers(ctx context.Context) ([]*User, error) {
- users := make([]*User, 0)
- return users, db.GetEngine(ctx).OrderBy("id").Where("type = ?", UserTypeIndividual).Find(&users)
- }
-
- // IsLocal returns true if user login type is LoginPlain.
- func (u *User) IsLocal() bool {
- return u.LoginType <= auth.Plain
- }
-
- // IsOAuth2 returns true if user login type is LoginOAuth2.
- func (u *User) IsOAuth2() bool {
- return u.LoginType == auth.OAuth2
- }
-
- // MaxCreationLimit returns the number of repositories a user is allowed to create
- func (u *User) MaxCreationLimit() int {
- if u.MaxRepoCreation <= -1 {
- return setting.Repository.MaxCreationLimit
- }
- return u.MaxRepoCreation
- }
-
- // CanCreateRepo returns if user login can create a repository
- // NOTE: functions calling this assume a failure due to repository count limit; if new checks are added, those functions should be revised
- func (u *User) CanCreateRepo() bool {
- if u.IsAdmin {
- return true
- }
- if u.MaxRepoCreation <= -1 {
- if setting.Repository.MaxCreationLimit <= -1 {
- return true
- }
- return u.NumRepos < setting.Repository.MaxCreationLimit
- }
- return u.NumRepos < u.MaxRepoCreation
- }
-
- // CanCreateOrganization returns true if user can create organisation.
- func (u *User) CanCreateOrganization() bool {
- return u.IsAdmin || (u.AllowCreateOrganization && !setting.Admin.DisableRegularOrgCreation)
- }
-
- // CanEditGitHook returns true if user can edit Git hooks.
- func (u *User) CanEditGitHook() bool {
- return !setting.DisableGitHooks && (u.IsAdmin || u.AllowGitHook)
- }
-
- // CanForkRepo returns if user login can fork a repository
- // It checks especially that the user can create repos, and potentially more
- func (u *User) CanForkRepo() bool {
- if setting.Repository.AllowForkWithoutMaximumLimit {
- return true
- }
- return u.CanCreateRepo()
- }
-
- // CanImportLocal returns true if user can migrate repository by local path.
- func (u *User) CanImportLocal() bool {
- if !setting.ImportLocalPaths || u == nil {
- return false
- }
- return u.IsAdmin || u.AllowImportLocal
- }
-
- // DashboardLink returns the user dashboard page link.
- func (u *User) DashboardLink() string {
- if u.IsOrganization() {
- return u.OrganisationLink() + "/dashboard"
- }
- return setting.AppSubURL + "/"
- }
-
- // HomeLink returns the user or organization home page link.
- func (u *User) HomeLink() string {
- return setting.AppSubURL + "/" + url.PathEscape(u.Name)
- }
-
- // HTMLURL returns the user or organization's full link.
- func (u *User) HTMLURL() string {
- return setting.AppURL + url.PathEscape(u.Name)
- }
-
- // OrganisationLink returns the organization sub page link.
- func (u *User) OrganisationLink() string {
- return setting.AppSubURL + "/org/" + url.PathEscape(u.Name)
- }
-
- // GenerateEmailActivateCode generates an activate code based on user information and given e-mail.
- func (u *User) GenerateEmailActivateCode(email string) string {
- code := base.CreateTimeLimitCode(
- fmt.Sprintf("%d%s%s%s%s", u.ID, email, u.LowerName, u.Passwd, u.Rands),
- setting.Service.ActiveCodeLives, nil)
-
- // Add tail hex username
- code += hex.EncodeToString([]byte(u.LowerName))
- return code
- }
-
- // GetUserFollowers returns range of user's followers.
- func GetUserFollowers(ctx context.Context, u, viewer *User, listOptions db.ListOptions) ([]*User, int64, error) {
- sess := db.GetEngine(ctx).
- Select("`user`.*").
- Join("LEFT", "follow", "`user`.id=follow.user_id").
- Where("follow.follow_id=?", u.ID).
- And("`user`.type=?", UserTypeIndividual).
- And(isUserVisibleToViewerCond(viewer))
-
- if listOptions.Page != 0 {
- sess = db.SetSessionPagination(sess, &listOptions)
-
- users := make([]*User, 0, listOptions.PageSize)
- count, err := sess.FindAndCount(&users)
- return users, count, err
- }
-
- users := make([]*User, 0, 8)
- count, err := sess.FindAndCount(&users)
- return users, count, err
- }
-
- // GetUserFollowing returns range of user's following.
- func GetUserFollowing(ctx context.Context, u, viewer *User, listOptions db.ListOptions) ([]*User, int64, error) {
- sess := db.GetEngine(ctx).
- Select("`user`.*").
- Join("LEFT", "follow", "`user`.id=follow.follow_id").
- Where("follow.user_id=?", u.ID).
- And("`user`.type IN (?, ?)", UserTypeIndividual, UserTypeOrganization).
- And(isUserVisibleToViewerCond(viewer))
-
- if listOptions.Page != 0 {
- sess = db.SetSessionPagination(sess, &listOptions)
-
- users := make([]*User, 0, listOptions.PageSize)
- count, err := sess.FindAndCount(&users)
- return users, count, err
- }
-
- users := make([]*User, 0, 8)
- count, err := sess.FindAndCount(&users)
- return users, count, err
- }
-
- // NewGitSig generates and returns the signature of given user.
- func (u *User) NewGitSig() *git.Signature {
- return &git.Signature{
- Name: u.GitName(),
- Email: u.GetEmail(),
- When: time.Now(),
- }
- }
-
- // SetPassword hashes a password using the algorithm defined in the config value of PASSWORD_HASH_ALGO
- // change passwd, salt and passwd_hash_algo fields
- func (u *User) SetPassword(passwd string) (err error) {
- if u.Salt, err = GetUserSalt(); err != nil {
- return err
- }
- if u.Passwd, err = hash.Parse(setting.PasswordHashAlgo).Hash(passwd, u.Salt); err != nil {
- return err
- }
- u.PasswdHashAlgo = setting.PasswordHashAlgo
-
- return nil
- }
-
- // ValidatePassword checks if the given password matches the one belonging to the user.
- func (u *User) ValidatePassword(passwd string) bool {
- return hash.Parse(u.PasswdHashAlgo).VerifyPassword(passwd, u.Passwd, u.Salt)
- }
-
- // IsPasswordSet checks if the password is set or left empty
- func (u *User) IsPasswordSet() bool {
- return len(u.Passwd) != 0
- }
-
- // IsOrganization returns true if user is actually a organization.
- func (u *User) IsOrganization() bool {
- return u.Type == UserTypeOrganization
- }
-
- // IsIndividual returns true if user is actually a individual user.
- func (u *User) IsIndividual() bool {
- return u.Type == UserTypeIndividual
- }
-
- // IsBot returns whether or not the user is of type bot
- func (u *User) IsBot() bool {
- return u.Type == UserTypeBot
- }
-
- // DisplayName returns full name if it's not empty,
- // returns username otherwise.
- func (u *User) DisplayName() string {
- trimmed := strings.TrimSpace(u.FullName)
- if len(trimmed) > 0 {
- return trimmed
- }
- return u.Name
- }
-
- // GetDisplayName returns full name if it's not empty and DEFAULT_SHOW_FULL_NAME is set,
- // returns username otherwise.
- func (u *User) GetDisplayName() string {
- if setting.UI.DefaultShowFullName {
- trimmed := strings.TrimSpace(u.FullName)
- if len(trimmed) > 0 {
- return trimmed
- }
- }
- return u.Name
- }
-
- // GetCompleteName returns the full name and username in the form of
- // "Full Name (username)" if full name is not empty, otherwise it returns
- // "username".
- func (u *User) GetCompleteName() string {
- trimmedFullName := strings.TrimSpace(u.FullName)
- if len(trimmedFullName) > 0 {
- return fmt.Sprintf("%s (%s)", trimmedFullName, u.Name)
- }
- return u.Name
- }
-
- func gitSafeName(name string) string {
- return strings.TrimSpace(strings.NewReplacer("\n", "", "<", "", ">", "").Replace(name))
- }
-
- // GitName returns a git safe name
- func (u *User) GitName() string {
- gitName := gitSafeName(u.FullName)
- if len(gitName) > 0 {
- return gitName
- }
- // Although u.Name should be safe if created in our system
- // LDAP users may have bad names
- gitName = gitSafeName(u.Name)
- if len(gitName) > 0 {
- return gitName
- }
- // Totally pathological name so it's got to be:
- return fmt.Sprintf("user-%d", u.ID)
- }
-
- // ShortName ellipses username to length
- func (u *User) ShortName(length int) string {
- if setting.UI.DefaultShowFullName && len(u.FullName) > 0 {
- return base.EllipsisString(u.FullName, length)
- }
- return base.EllipsisString(u.Name, length)
- }
-
- // IsMailable checks if a user is eligible
- // to receive emails.
- func (u *User) IsMailable() bool {
- return u.IsActive
- }
-
- // IsUserExist checks if given user name exist,
- // the user name should be noncased unique.
- // If uid is presented, then check will rule out that one,
- // it is used when update a user name in settings page.
- func IsUserExist(ctx context.Context, uid int64, name string) (bool, error) {
- if len(name) == 0 {
- return false, nil
- }
- return db.GetEngine(ctx).
- Where("id!=?", uid).
- Get(&User{LowerName: strings.ToLower(name)})
- }
-
- // Note: As of the beginning of 2022, it is recommended to use at least
- // 64 bits of salt, but NIST is already recommending to use to 128 bits.
- // (16 bytes = 16 * 8 = 128 bits)
- const SaltByteLength = 16
-
- // GetUserSalt returns a random user salt token.
- func GetUserSalt() (string, error) {
- rBytes, err := util.CryptoRandomBytes(SaltByteLength)
- if err != nil {
- return "", err
- }
- // Returns a 32 bytes long string.
- return hex.EncodeToString(rBytes), nil
- }
-
- // Note: The set of characters here can safely expand without a breaking change,
- // but characters removed from this set can cause user account linking to break
- var (
- customCharsReplacement = strings.NewReplacer("Æ", "AE")
- removeCharsRE = regexp.MustCompile(`['´\x60]`)
- removeDiacriticsTransform = transform.Chain(norm.NFD, runes.Remove(runes.In(unicode.Mn)), norm.NFC)
- replaceCharsHyphenRE = regexp.MustCompile(`[\s~+]`)
- )
-
- // normalizeUserName returns a string with single-quotes and diacritics
- // removed, and any other non-supported username characters replaced with
- // a `-` character
- func NormalizeUserName(s string) (string, error) {
- strDiacriticsRemoved, n, err := transform.String(removeDiacriticsTransform, customCharsReplacement.Replace(s))
- if err != nil {
- return "", fmt.Errorf("Failed to normalize character `%v` in provided username `%v`", s[n], s)
- }
- return replaceCharsHyphenRE.ReplaceAllLiteralString(removeCharsRE.ReplaceAllLiteralString(strDiacriticsRemoved, ""), "-"), nil
- }
-
- var (
- reservedUsernames = []string{
- ".",
- "..",
- ".well-known",
- "admin",
- "api",
- "assets",
- "attachments",
- "avatar",
- "avatars",
- "captcha",
- "commits",
- "debug",
- "error",
- "explore",
- "favicon.ico",
- "ghost",
- "issues",
- "login",
- "manifest.json",
- "metrics",
- "milestones",
- "new",
- "notifications",
- "org",
- "pulls",
- "raw",
- "repo",
- "repo-avatars",
- "robots.txt",
- "search",
- "serviceworker.js",
- "ssh_info",
- "swagger.v1.json",
- "user",
- "v2",
- "gitea-actions",
- }
-
- // DON'T ADD ANY NEW STUFF, WE SOLVE THIS WITH `/user/{obj}` PATHS!
- reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom", "*.png"}
- )
-
- // IsUsableUsername returns an error when a username is reserved
- func IsUsableUsername(name string) error {
- // Validate username make sure it satisfies requirement.
- if !validation.IsValidUsername(name) {
- // Note: usually this error is normally caught up earlier in the UI
- return db.ErrNameCharsNotAllowed{Name: name}
- }
- return db.IsUsableName(reservedUsernames, reservedUserPatterns, name)
- }
-
- // CreateUserOverwriteOptions are an optional options who overwrite system defaults on user creation
- type CreateUserOverwriteOptions struct {
- KeepEmailPrivate optional.Option[bool]
- Visibility *structs.VisibleType
- AllowCreateOrganization optional.Option[bool]
- EmailNotificationsPreference *string
- MaxRepoCreation *int
- Theme *string
- IsRestricted optional.Option[bool]
- IsActive optional.Option[bool]
- }
-
- // CreateUser creates record of a new user.
- func CreateUser(ctx context.Context, u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
- return createUser(ctx, u, false, overwriteDefault...)
- }
-
- // AdminCreateUser is used by admins to manually create users
- func AdminCreateUser(ctx context.Context, u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
- return createUser(ctx, u, true, overwriteDefault...)
- }
-
- // createUser creates record of a new user.
- func createUser(ctx context.Context, u *User, createdByAdmin bool, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
- if err = IsUsableUsername(u.Name); err != nil {
- return err
- }
-
- // set system defaults
- u.KeepEmailPrivate = setting.Service.DefaultKeepEmailPrivate
- u.Visibility = setting.Service.DefaultUserVisibilityMode
- u.AllowCreateOrganization = setting.Service.DefaultAllowCreateOrganization && !setting.Admin.DisableRegularOrgCreation
- u.EmailNotificationsPreference = setting.Admin.DefaultEmailNotification
- u.MaxRepoCreation = -1
- u.Theme = setting.UI.DefaultTheme
- u.IsRestricted = setting.Service.DefaultUserIsRestricted
- u.IsActive = !(setting.Service.RegisterEmailConfirm || setting.Service.RegisterManualConfirm)
-
- // Ensure consistency of the dates.
- if u.UpdatedUnix < u.CreatedUnix {
- u.UpdatedUnix = u.CreatedUnix
- }
-
- // overwrite defaults if set
- if len(overwriteDefault) != 0 && overwriteDefault[0] != nil {
- overwrite := overwriteDefault[0]
- if overwrite.KeepEmailPrivate.Has() {
- u.KeepEmailPrivate = overwrite.KeepEmailPrivate.Value()
- }
- if overwrite.Visibility != nil {
- u.Visibility = *overwrite.Visibility
- }
- if overwrite.AllowCreateOrganization.Has() {
- u.AllowCreateOrganization = overwrite.AllowCreateOrganization.Value()
- }
- if overwrite.EmailNotificationsPreference != nil {
- u.EmailNotificationsPreference = *overwrite.EmailNotificationsPreference
- }
- if overwrite.MaxRepoCreation != nil {
- u.MaxRepoCreation = *overwrite.MaxRepoCreation
- }
- if overwrite.Theme != nil {
- u.Theme = *overwrite.Theme
- }
- if overwrite.IsRestricted.Has() {
- u.IsRestricted = overwrite.IsRestricted.Value()
- }
- if overwrite.IsActive.Has() {
- u.IsActive = overwrite.IsActive.Value()
- }
- }
-
- // validate data
- if err := ValidateUser(u); err != nil {
- return err
- }
-
- if createdByAdmin {
- if err := ValidateEmailForAdmin(u.Email); err != nil {
- return err
- }
- } else {
- if err := ValidateEmail(u.Email); err != nil {
- return err
- }
- }
-
- ctx, committer, err := db.TxContext(ctx)
- if err != nil {
- return err
- }
- defer committer.Close()
-
- isExist, err := IsUserExist(ctx, 0, u.Name)
- if err != nil {
- return err
- } else if isExist {
- return ErrUserAlreadyExist{u.Name}
- }
-
- isExist, err = IsEmailUsed(ctx, u.Email)
- if err != nil {
- return err
- } else if isExist {
- return ErrEmailAlreadyUsed{
- Email: u.Email,
- }
- }
-
- // prepare for database
-
- u.LowerName = strings.ToLower(u.Name)
- u.AvatarEmail = u.Email
- if u.Rands, err = GetUserSalt(); err != nil {
- return err
- }
- if u.Passwd != "" {
- if err = u.SetPassword(u.Passwd); err != nil {
- return err
- }
- } else {
- u.Salt = ""
- u.PasswdHashAlgo = ""
- }
-
- // save changes to database
-
- if err = DeleteUserRedirect(ctx, u.Name); err != nil {
- return err
- }
-
- if u.CreatedUnix == 0 {
- // Caller expects auto-time for creation & update timestamps.
- err = db.Insert(ctx, u)
- } else {
- // Caller sets the timestamps themselves. They are responsible for ensuring
- // both `CreatedUnix` and `UpdatedUnix` are set appropriately.
- _, err = db.GetEngine(ctx).NoAutoTime().Insert(u)
- }
- if err != nil {
- return err
- }
-
- // insert email address
- if err := db.Insert(ctx, &EmailAddress{
- UID: u.ID,
- Email: u.Email,
- LowerEmail: strings.ToLower(u.Email),
- IsActivated: u.IsActive,
- IsPrimary: true,
- }); err != nil {
- return err
- }
-
- return committer.Commit()
- }
-
- // IsLastAdminUser check whether user is the last admin
- func IsLastAdminUser(ctx context.Context, user *User) bool {
- if user.IsAdmin && CountUsers(ctx, &CountUserFilter{IsAdmin: optional.Some(true)}) <= 1 {
- return true
- }
- return false
- }
-
- // CountUserFilter represent optional filters for CountUsers
- type CountUserFilter struct {
- LastLoginSince *int64
- IsAdmin optional.Option[bool]
- }
-
- // CountUsers returns number of users.
- func CountUsers(ctx context.Context, opts *CountUserFilter) int64 {
- return countUsers(ctx, opts)
- }
-
- func countUsers(ctx context.Context, opts *CountUserFilter) int64 {
- sess := db.GetEngine(ctx)
- cond := builder.NewCond()
- cond = cond.And(builder.Eq{"type": UserTypeIndividual})
-
- if opts != nil {
- if opts.LastLoginSince != nil {
- cond = cond.And(builder.Gte{"last_login_unix": *opts.LastLoginSince})
- }
-
- if opts.IsAdmin.Has() {
- cond = cond.And(builder.Eq{"is_admin": opts.IsAdmin.Value()})
- }
- }
-
- count, err := sess.Where(cond).Count(new(User))
- if err != nil {
- log.Error("user.countUsers: %v", err)
- }
-
- return count
- }
-
- // GetVerifyUser get user by verify code
- func GetVerifyUser(ctx context.Context, code string) (user *User) {
- if len(code) <= base.TimeLimitCodeLength {
- return nil
- }
-
- // use tail hex username query user
- hexStr := code[base.TimeLimitCodeLength:]
- if b, err := hex.DecodeString(hexStr); err == nil {
- if user, err = GetUserByName(ctx, string(b)); user != nil {
- return user
- }
- log.Error("user.getVerifyUser: %v", err)
- }
-
- return nil
- }
-
- // VerifyUserActiveCode verifies active code when active account
- func VerifyUserActiveCode(ctx context.Context, code string) (user *User) {
- minutes := setting.Service.ActiveCodeLives
-
- if user = GetVerifyUser(ctx, code); user != nil {
- // time limit code
- prefix := code[:base.TimeLimitCodeLength]
- data := fmt.Sprintf("%d%s%s%s%s", user.ID, user.Email, user.LowerName, user.Passwd, user.Rands)
-
- if base.VerifyTimeLimitCode(data, minutes, prefix) {
- return user
- }
- }
- return nil
- }
-
- // ValidateUser check if user is valid to insert / update into database
- func ValidateUser(u *User, cols ...string) error {
- if len(cols) == 0 || util.SliceContainsString(cols, "visibility", true) {
- if !setting.Service.AllowedUserVisibilityModesSlice.IsAllowedVisibility(u.Visibility) && !u.IsOrganization() {
- return fmt.Errorf("visibility Mode not allowed: %s", u.Visibility.String())
- }
- }
-
- return nil
- }
-
- // UpdateUserCols update user according special columns
- func UpdateUserCols(ctx context.Context, u *User, cols ...string) error {
- if err := ValidateUser(u, cols...); err != nil {
- return err
- }
-
- _, err := db.GetEngine(ctx).ID(u.ID).Cols(cols...).Update(u)
- return err
- }
-
- // GetInactiveUsers gets all inactive users
- func GetInactiveUsers(ctx context.Context, olderThan time.Duration) ([]*User, error) {
- var cond builder.Cond = builder.Eq{"is_active": false}
-
- if olderThan > 0 {
- cond = cond.And(builder.Lt{"created_unix": time.Now().Add(-olderThan).Unix()})
- }
-
- users := make([]*User, 0, 10)
- return users, db.GetEngine(ctx).
- Where(cond).
- Find(&users)
- }
-
- // UserPath returns the path absolute path of user repositories.
- func UserPath(userName string) string { //revive:disable-line:exported
- return filepath.Join(setting.RepoRootPath, strings.ToLower(userName))
- }
-
- // GetUserByID returns the user object by given ID if exists.
- func GetUserByID(ctx context.Context, id int64) (*User, error) {
- u := new(User)
- has, err := db.GetEngine(ctx).ID(id).Get(u)
- if err != nil {
- return nil, err
- } else if !has {
- return nil, ErrUserNotExist{UID: id}
- }
- return u, nil
- }
-
- // GetUserByIDs returns the user objects by given IDs if exists.
- func GetUserByIDs(ctx context.Context, ids []int64) ([]*User, error) {
- users := make([]*User, 0, len(ids))
- err := db.GetEngine(ctx).In("id", ids).
- Table("user").
- Find(&users)
- return users, err
- }
-
- // GetPossibleUserByID returns the user if id > 0 or return system usrs if id < 0
- func GetPossibleUserByID(ctx context.Context, id int64) (*User, error) {
- switch id {
- case GhostUserID:
- return NewGhostUser(), nil
- case ActionsUserID:
- return NewActionsUser(), nil
- case 0:
- return nil, ErrUserNotExist{}
- default:
- return GetUserByID(ctx, id)
- }
- }
-
- // GetPossibleUserByIDs returns the users if id > 0 or return system users if id < 0
- func GetPossibleUserByIDs(ctx context.Context, ids []int64) ([]*User, error) {
- uniqueIDs := container.SetOf(ids...)
- users := make([]*User, 0, len(ids))
- _ = uniqueIDs.Remove(0)
- if uniqueIDs.Remove(GhostUserID) {
- users = append(users, NewGhostUser())
- }
- if uniqueIDs.Remove(ActionsUserID) {
- users = append(users, NewActionsUser())
- }
- res, err := GetUserByIDs(ctx, uniqueIDs.Values())
- if err != nil {
- return nil, err
- }
- users = append(users, res...)
- return users, nil
- }
-
- // GetUserByNameCtx returns user by given name.
- func GetUserByName(ctx context.Context, name string) (*User, error) {
- if len(name) == 0 {
- return nil, ErrUserNotExist{Name: name}
- }
- u := &User{LowerName: strings.ToLower(name), Type: UserTypeIndividual}
- has, err := db.GetEngine(ctx).Get(u)
- if err != nil {
- return nil, err
- } else if !has {
- return nil, ErrUserNotExist{Name: name}
- }
- return u, nil
- }
-
- // GetUserEmailsByNames returns a list of e-mails corresponds to names of users
- // that have their email notifications set to enabled or onmention.
- func GetUserEmailsByNames(ctx context.Context, names []string) []string {
- mails := make([]string, 0, len(names))
- for _, name := range names {
- u, err := GetUserByName(ctx, name)
- if err != nil {
- continue
- }
- if u.IsMailable() && u.EmailNotificationsPreference != EmailNotificationsDisabled {
- mails = append(mails, u.Email)
- }
- }
- return mails
- }
-
- // GetMaileableUsersByIDs gets users from ids, but only if they can receive mails
- func GetMaileableUsersByIDs(ctx context.Context, ids []int64, isMention bool) ([]*User, error) {
- if len(ids) == 0 {
- return nil, nil
- }
- ous := make([]*User, 0, len(ids))
-
- if isMention {
- return ous, db.GetEngine(ctx).
- In("id", ids).
- Where("`type` = ?", UserTypeIndividual).
- And("`prohibit_login` = ?", false).
- And("`is_active` = ?", true).
- In("`email_notifications_preference`", EmailNotificationsEnabled, EmailNotificationsOnMention, EmailNotificationsAndYourOwn).
- Find(&ous)
- }
-
- return ous, db.GetEngine(ctx).
- In("id", ids).
- Where("`type` = ?", UserTypeIndividual).
- And("`prohibit_login` = ?", false).
- And("`is_active` = ?", true).
- In("`email_notifications_preference`", EmailNotificationsEnabled, EmailNotificationsAndYourOwn).
- Find(&ous)
- }
-
- // GetUserNamesByIDs returns usernames for all resolved users from a list of Ids.
- func GetUserNamesByIDs(ctx context.Context, ids []int64) ([]string, error) {
- unames := make([]string, 0, len(ids))
- err := db.GetEngine(ctx).In("id", ids).
- Table("user").
- Asc("name").
- Cols("name").
- Find(&unames)
- return unames, err
- }
-
- // GetUserNameByID returns username for the id
- func GetUserNameByID(ctx context.Context, id int64) (string, error) {
- var name string
- has, err := db.GetEngine(ctx).Table("user").Where("id = ?", id).Cols("name").Get(&name)
- if err != nil {
- return "", err
- }
- if has {
- return name, nil
- }
- return "", nil
- }
-
- // GetUserIDsByNames returns a slice of ids corresponds to names.
- func GetUserIDsByNames(ctx context.Context, names []string, ignoreNonExistent bool) ([]int64, error) {
- ids := make([]int64, 0, len(names))
- for _, name := range names {
- u, err := GetUserByName(ctx, name)
- if err != nil {
- if ignoreNonExistent {
- continue
- } else {
- return nil, err
- }
- }
- ids = append(ids, u.ID)
- }
- return ids, nil
- }
-
- // GetUsersBySource returns a list of Users for a login source
- func GetUsersBySource(ctx context.Context, s *auth.Source) ([]*User, error) {
- var users []*User
- err := db.GetEngine(ctx).Where("login_type = ? AND login_source = ?", s.Type, s.ID).Find(&users)
- return users, err
- }
-
- // UserCommit represents a commit with validation of user.
- type UserCommit struct { //revive:disable-line:exported
- User *User
- *git.Commit
- }
-
- // ValidateCommitWithEmail check if author's e-mail of commit is corresponding to a user.
- func ValidateCommitWithEmail(ctx context.Context, c *git.Commit) *User {
- if c.Author == nil {
- return nil
- }
- u, err := GetUserByEmail(ctx, c.Author.Email)
- if err != nil {
- return nil
- }
- return u
- }
-
- // ValidateCommitsWithEmails checks if authors' e-mails of commits are corresponding to users.
- func ValidateCommitsWithEmails(ctx context.Context, oldCommits []*git.Commit) []*UserCommit {
- var (
- emails = make(map[string]*User)
- newCommits = make([]*UserCommit, 0, len(oldCommits))
- )
- for _, c := range oldCommits {
- var u *User
- if c.Author != nil {
- if v, ok := emails[c.Author.Email]; !ok {
- u, _ = GetUserByEmail(ctx, c.Author.Email)
- emails[c.Author.Email] = u
- } else {
- u = v
- }
- }
-
- newCommits = append(newCommits, &UserCommit{
- User: u,
- Commit: c,
- })
- }
- return newCommits
- }
-
- // GetUserByEmail returns the user object by given e-mail if exists.
- func GetUserByEmail(ctx context.Context, email string) (*User, error) {
- if len(email) == 0 {
- return nil, ErrUserNotExist{Name: email}
- }
-
- email = strings.ToLower(email)
- // Otherwise, check in alternative list for activated email addresses
- emailAddress := &EmailAddress{LowerEmail: email, IsActivated: true}
- has, err := db.GetEngine(ctx).Get(emailAddress)
- if err != nil {
- return nil, err
- }
- if has {
- return GetUserByID(ctx, emailAddress.UID)
- }
-
- // Finally, if email address is the protected email address:
- if strings.HasSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress)) {
- username := strings.TrimSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress))
- user := &User{}
- has, err := db.GetEngine(ctx).Where("lower_name=?", username).Get(user)
- if err != nil {
- return nil, err
- }
- if has {
- return user, nil
- }
- }
-
- return nil, ErrUserNotExist{Name: email}
- }
-
- // GetUser checks if a user already exists
- func GetUser(ctx context.Context, user *User) (bool, error) {
- return db.GetEngine(ctx).Get(user)
- }
-
- // GetUserByOpenID returns the user object by given OpenID if exists.
- func GetUserByOpenID(ctx context.Context, uri string) (*User, error) {
- if len(uri) == 0 {
- return nil, ErrUserNotExist{Name: uri}
- }
-
- uri, err := openid.Normalize(uri)
- if err != nil {
- return nil, err
- }
-
- log.Trace("Normalized OpenID URI: " + uri)
-
- // Otherwise, check in openid table
- oid := &UserOpenID{}
- has, err := db.GetEngine(ctx).Where("uri=?", uri).Get(oid)
- if err != nil {
- return nil, err
- }
- if has {
- return GetUserByID(ctx, oid.UID)
- }
-
- return nil, ErrUserNotExist{Name: uri}
- }
-
- // GetAdminUser returns the first administrator
- func GetAdminUser(ctx context.Context) (*User, error) {
- var admin User
- has, err := db.GetEngine(ctx).
- Where("is_admin=?", true).
- Asc("id"). // Reliably get the admin with the lowest ID.
- Get(&admin)
- if err != nil {
- return nil, err
- } else if !has {
- return nil, ErrUserNotExist{}
- }
-
- return &admin, nil
- }
-
- func isUserVisibleToViewerCond(viewer *User) builder.Cond {
- if viewer != nil && viewer.IsAdmin {
- return builder.NewCond()
- }
-
- if viewer == nil || viewer.IsRestricted {
- return builder.Eq{
- "`user`.visibility": structs.VisibleTypePublic,
- }
- }
-
- return builder.Neq{
- "`user`.visibility": structs.VisibleTypePrivate,
- }.Or(
- // viewer self
- builder.Eq{"`user`.id": viewer.ID},
- // viewer's following
- builder.In("`user`.id",
- builder.
- Select("`follow`.user_id").
- From("follow").
- Where(builder.Eq{"`follow`.follow_id": viewer.ID})),
- // viewer's org user
- builder.In("`user`.id",
- builder.
- Select("`team_user`.uid").
- From("team_user").
- Join("INNER", "`team_user` AS t2", "`team_user`.org_id = `t2`.org_id").
- Where(builder.Eq{"`t2`.uid": viewer.ID})),
- // viewer's org
- builder.In("`user`.id",
- builder.
- Select("`team_user`.org_id").
- From("team_user").
- Where(builder.Eq{"`team_user`.uid": viewer.ID})))
- }
-
- // IsUserVisibleToViewer check if viewer is able to see user profile
- func IsUserVisibleToViewer(ctx context.Context, u, viewer *User) bool {
- if viewer != nil && (viewer.IsAdmin || viewer.ID == u.ID) {
- return true
- }
-
- switch u.Visibility {
- case structs.VisibleTypePublic:
- return true
- case structs.VisibleTypeLimited:
- if viewer == nil || viewer.IsRestricted {
- return false
- }
- return true
- case structs.VisibleTypePrivate:
- if viewer == nil || viewer.IsRestricted {
- return false
- }
-
- // If they follow - they see each other
- follower := IsFollowing(ctx, u.ID, viewer.ID)
- if follower {
- return true
- }
-
- // Now we need to check if they in some organization together
- count, err := db.GetEngine(ctx).Table("team_user").
- Where(
- builder.And(
- builder.Eq{"uid": viewer.ID},
- builder.Or(
- builder.Eq{"org_id": u.ID},
- builder.In("org_id",
- builder.Select("org_id").
- From("team_user", "t2").
- Where(builder.Eq{"uid": u.ID}))))).
- Count()
- if err != nil {
- return false
- }
-
- if count == 0 {
- // No common organization
- return false
- }
-
- // they are in an organization together
- return true
- }
- return false
- }
-
- // CountWrongUserType count OrgUser who have wrong type
- func CountWrongUserType(ctx context.Context) (int64, error) {
- return db.GetEngine(ctx).Where(builder.Eq{"type": 0}.And(builder.Neq{"num_teams": 0})).Count(new(User))
- }
-
- // FixWrongUserType fix OrgUser who have wrong type
- func FixWrongUserType(ctx context.Context) (int64, error) {
- return db.GetEngine(ctx).Where(builder.Eq{"type": 0}.And(builder.Neq{"num_teams": 0})).Cols("type").NoAutoTime().Update(&User{Type: 1})
- }
-
- func GetOrderByName() string {
- if setting.UI.DefaultShowFullName {
- return "full_name, name"
- }
- return "name"
- }
|