mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17380 Commits
17 Branches
Tree: e3e6569c5f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e3e6569c5f'
${ noResults }
gitea/routers/web/admin/users.go

users.go 18KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2020 The Gitea Authors.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package admin

  6. 

  7. import (

  8. 	"errors"

  9. 	"net/http"

  10. 	"net/url"

  11. 	"strconv"

  12. 	"strings"

  13. 

  14. 	"code.gitea.io/gitea/models"

  15. 	"code.gitea.io/gitea/models/auth"

  16. 	"code.gitea.io/gitea/models/db"

  17. 	org_model "code.gitea.io/gitea/models/organization"

  18. 	repo_model "code.gitea.io/gitea/models/repo"

  19. 	user_model "code.gitea.io/gitea/models/user"

  20. 	"code.gitea.io/gitea/modules/auth/password"

  21. 	"code.gitea.io/gitea/modules/base"

  22. 	"code.gitea.io/gitea/modules/log"

  23. 	"code.gitea.io/gitea/modules/optional"

  24. 	"code.gitea.io/gitea/modules/setting"

  25. 	"code.gitea.io/gitea/modules/util"

  26. 	"code.gitea.io/gitea/modules/web"

  27. 	"code.gitea.io/gitea/routers/web/explore"

  28. 	user_setting "code.gitea.io/gitea/routers/web/user/setting"

  29. 	"code.gitea.io/gitea/services/context"

  30. 	"code.gitea.io/gitea/services/forms"

  31. 	"code.gitea.io/gitea/services/mailer"

  32. 	user_service "code.gitea.io/gitea/services/user"

  33. )

  34. 

  35. const (

  36. 	tplUsers    base.TplName = "admin/user/list"

  37. 	tplUserNew  base.TplName = "admin/user/new"

  38. 	tplUserView base.TplName = "admin/user/view"

  39. 	tplUserEdit base.TplName = "admin/user/edit"

  40. )

  41. 

  42. // UserSearchDefaultAdminSort is the default sort type for admin view

  43. const UserSearchDefaultAdminSort = "alphabetically"

  44. 

  45. // Users show all the users

  46. func Users(ctx *context.Context) {

  47. 	ctx.Data["Title"] = ctx.Tr("admin.users")

  48. 	ctx.Data["PageIsAdminUsers"] = true

  49. 

  50. 	extraParamStrings := map[string]string{}

  51. 	statusFilterKeys := []string{"is_active", "is_admin", "is_restricted", "is_2fa_enabled", "is_prohibit_login"}

  52. 	statusFilterMap := map[string]string{}

  53. 	for _, filterKey := range statusFilterKeys {

  54. 		paramKey := "status_filter[" + filterKey + "]"

  55. 		paramVal := ctx.FormString(paramKey)

  56. 		statusFilterMap[filterKey] = paramVal

  57. 		if paramVal != "" {

  58. 			extraParamStrings[paramKey] = paramVal

  59. 		}

  60. 	}

  61. 

  62. 	sortType := ctx.FormString("sort")

  63. 	if sortType == "" {

  64. 		sortType = UserSearchDefaultAdminSort

  65. 		ctx.SetFormString("sort", sortType)

  66. 	}

  67. 	ctx.PageData["adminUserListSearchForm"] = map[string]any{

  68. 		"StatusFilterMap": statusFilterMap,

  69. 		"SortType":        sortType,

  70. 	}

  71. 

  72. 	explore.RenderUserSearch(ctx, &user_model.SearchUserOptions{

  73. 		Actor: ctx.Doer,

  74. 		Type:  user_model.UserTypeIndividual,

  75. 		ListOptions: db.ListOptions{

  76. 			PageSize: setting.UI.Admin.UserPagingNum,

  77. 		},

  78. 		SearchByEmail:      true,

  79. 		IsActive:           util.OptionalBoolParse(statusFilterMap["is_active"]),

  80. 		IsAdmin:            util.OptionalBoolParse(statusFilterMap["is_admin"]),

  81. 		IsRestricted:       util.OptionalBoolParse(statusFilterMap["is_restricted"]),

  82. 		IsTwoFactorEnabled: util.OptionalBoolParse(statusFilterMap["is_2fa_enabled"]),

  83. 		IsProhibitLogin:    util.OptionalBoolParse(statusFilterMap["is_prohibit_login"]),

  84. 		IncludeReserved:    true, // administrator needs to list all acounts include reserved, bot, remote ones

  85. 		ExtraParamStrings:  extraParamStrings,

  86. 	}, tplUsers)

  87. }

  88. 

  89. // NewUser render adding a new user page

  90. func NewUser(ctx *context.Context) {

  91. 	ctx.Data["Title"] = ctx.Tr("admin.users.new_account")

  92. 	ctx.Data["PageIsAdminUsers"] = true

  93. 	ctx.Data["DefaultUserVisibilityMode"] = setting.Service.DefaultUserVisibilityMode

  94. 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()

  95. 

  96. 	ctx.Data["login_type"] = "0-0"

  97. 

  98. 	sources, err := db.Find[auth.Source](ctx, auth.FindSourcesOptions{

  99. 		IsActive: optional.Some(true),

  100. 	})

  101. 	if err != nil {

  102. 		ctx.ServerError("auth.Sources", err)

  103. 		return

  104. 	}

  105. 	ctx.Data["Sources"] = sources

  106. 

  107. 	ctx.Data["CanSendEmail"] = setting.MailService != nil

  108. 	ctx.HTML(http.StatusOK, tplUserNew)

  109. }

  110. 

  111. // NewUserPost response for adding a new user

  112. func NewUserPost(ctx *context.Context) {

  113. 	form := web.GetForm(ctx).(*forms.AdminCreateUserForm)

  114. 	ctx.Data["Title"] = ctx.Tr("admin.users.new_account")

  115. 	ctx.Data["PageIsAdminUsers"] = true

  116. 	ctx.Data["DefaultUserVisibilityMode"] = setting.Service.DefaultUserVisibilityMode

  117. 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()

  118. 

  119. 	sources, err := db.Find[auth.Source](ctx, auth.FindSourcesOptions{

  120. 		IsActive: optional.Some(true),

  121. 	})

  122. 	if err != nil {

  123. 		ctx.ServerError("auth.Sources", err)

  124. 		return

  125. 	}

  126. 	ctx.Data["Sources"] = sources

  127. 

  128. 	ctx.Data["CanSendEmail"] = setting.MailService != nil

  129. 

  130. 	if ctx.HasError() {

  131. 		ctx.HTML(http.StatusOK, tplUserNew)

  132. 		return

  133. 	}

  134. 

  135. 	u := &user_model.User{

  136. 		Name:      form.UserName,

  137. 		Email:     form.Email,

  138. 		Passwd:    form.Password,

  139. 		LoginType: auth.Plain,

  140. 	}

  141. 

  142. 	overwriteDefault := &user_model.CreateUserOverwriteOptions{

  143. 		IsActive:   optional.Some(true),

  144. 		Visibility: &form.Visibility,

  145. 	}

  146. 

  147. 	if len(form.LoginType) > 0 {

  148. 		fields := strings.Split(form.LoginType, "-")

  149. 		if len(fields) == 2 {

  150. 			lType, _ := strconv.ParseInt(fields[0], 10, 0)

  151. 			u.LoginType = auth.Type(lType)

  152. 			u.LoginSource, _ = strconv.ParseInt(fields[1], 10, 64)

  153. 			u.LoginName = form.LoginName

  154. 		}

  155. 	}

  156. 	if u.LoginType == auth.NoType || u.LoginType == auth.Plain {

  157. 		if len(form.Password) < setting.MinPasswordLength {

  158. 			ctx.Data["Err_Password"] = true

  159. 			ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplUserNew, &form)

  160. 			return

  161. 		}

  162. 		if !password.IsComplexEnough(form.Password) {

  163. 			ctx.Data["Err_Password"] = true

  164. 			ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplUserNew, &form)

  165. 			return

  166. 		}

  167. 		if err := password.IsPwned(ctx, form.Password); err != nil {

  168. 			ctx.Data["Err_Password"] = true

  169. 			errMsg := ctx.Tr("auth.password_pwned")

  170. 			if password.IsErrIsPwnedRequest(err) {

  171. 				log.Error(err.Error())

  172. 				errMsg = ctx.Tr("auth.password_pwned_err")

  173. 			}

  174. 			ctx.RenderWithErr(errMsg, tplUserNew, &form)

  175. 			return

  176. 		}

  177. 		u.MustChangePassword = form.MustChangePassword

  178. 	}

  179. 

  180. 	if err := user_model.CreateUser(ctx, u, overwriteDefault); err != nil {

  181. 		switch {

  182. 		case user_model.IsErrUserAlreadyExist(err):

  183. 			ctx.Data["Err_UserName"] = true

  184. 			ctx.RenderWithErr(ctx.Tr("form.username_been_taken"), tplUserNew, &form)

  185. 		case user_model.IsErrEmailAlreadyUsed(err):

  186. 			ctx.Data["Err_Email"] = true

  187. 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplUserNew, &form)

  188. 		case user_model.IsErrEmailInvalid(err), user_model.IsErrEmailCharIsNotSupported(err):

  189. 			ctx.Data["Err_Email"] = true

  190. 			ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplUserNew, &form)

  191. 		case db.IsErrNameReserved(err):

  192. 			ctx.Data["Err_UserName"] = true

  193. 			ctx.RenderWithErr(ctx.Tr("user.form.name_reserved", err.(db.ErrNameReserved).Name), tplUserNew, &form)

  194. 		case db.IsErrNamePatternNotAllowed(err):

  195. 			ctx.Data["Err_UserName"] = true

  196. 			ctx.RenderWithErr(ctx.Tr("user.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), tplUserNew, &form)

  197. 		case db.IsErrNameCharsNotAllowed(err):

  198. 			ctx.Data["Err_UserName"] = true

  199. 			ctx.RenderWithErr(ctx.Tr("user.form.name_chars_not_allowed", err.(db.ErrNameCharsNotAllowed).Name), tplUserNew, &form)

  200. 		default:

  201. 			ctx.ServerError("CreateUser", err)

  202. 		}

  203. 		return

  204. 	}

  205. 	log.Trace("Account created by admin (%s): %s", ctx.Doer.Name, u.Name)

  206. 

  207. 	// Send email notification.

  208. 	if form.SendNotify {

  209. 		mailer.SendRegisterNotifyMail(u)

  210. 	}

  211. 

  212. 	ctx.Flash.Success(ctx.Tr("admin.users.new_success", u.Name))

  213. 	ctx.Redirect(setting.AppSubURL + "/admin/users/" + strconv.FormatInt(u.ID, 10))

  214. }

  215. 

  216. func prepareUserInfo(ctx *context.Context) *user_model.User {

  217. 	u, err := user_model.GetUserByID(ctx, ctx.ParamsInt64(":userid"))

  218. 	if err != nil {

  219. 		if user_model.IsErrUserNotExist(err) {

  220. 			ctx.Redirect(setting.AppSubURL + "/admin/users")

  221. 		} else {

  222. 			ctx.ServerError("GetUserByID", err)

  223. 		}

  224. 		return nil

  225. 	}

  226. 	ctx.Data["User"] = u

  227. 

  228. 	if u.LoginSource > 0 {

  229. 		ctx.Data["LoginSource"], err = auth.GetSourceByID(ctx, u.LoginSource)

  230. 		if err != nil {

  231. 			ctx.ServerError("auth.GetSourceByID", err)

  232. 			return nil

  233. 		}

  234. 	} else {

  235. 		ctx.Data["LoginSource"] = &auth.Source{}

  236. 	}

  237. 

  238. 	sources, err := db.Find[auth.Source](ctx, auth.FindSourcesOptions{})

  239. 	if err != nil {

  240. 		ctx.ServerError("auth.Sources", err)

  241. 		return nil

  242. 	}

  243. 	ctx.Data["Sources"] = sources

  244. 

  245. 	hasTOTP, err := auth.HasTwoFactorByUID(ctx, u.ID)

  246. 	if err != nil {

  247. 		ctx.ServerError("auth.HasTwoFactorByUID", err)

  248. 		return nil

  249. 	}

  250. 	hasWebAuthn, err := auth.HasWebAuthnRegistrationsByUID(ctx, u.ID)

  251. 	if err != nil {

  252. 		ctx.ServerError("auth.HasWebAuthnRegistrationsByUID", err)

  253. 		return nil

  254. 	}

  255. 	ctx.Data["TwoFactorEnabled"] = hasTOTP || hasWebAuthn

  256. 

  257. 	return u

  258. }

  259. 

  260. func ViewUser(ctx *context.Context) {

  261. 	ctx.Data["Title"] = ctx.Tr("admin.users.details")

  262. 	ctx.Data["PageIsAdminUsers"] = true

  263. 	ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation

  264. 	ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations

  265. 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()

  266. 

  267. 	u := prepareUserInfo(ctx)

  268. 	if ctx.Written() {

  269. 		return

  270. 	}

  271. 

  272. 	repos, count, err := repo_model.SearchRepository(ctx, &repo_model.SearchRepoOptions{

  273. 		ListOptions: db.ListOptions{

  274. 			ListAll: true,

  275. 		},

  276. 		OwnerID:     u.ID,

  277. 		OrderBy:     db.SearchOrderByAlphabetically,

  278. 		Private:     true,

  279. 		Collaborate: optional.Some(false),

  280. 	})

  281. 	if err != nil {

  282. 		ctx.ServerError("SearchRepository", err)

  283. 		return

  284. 	}

  285. 

  286. 	ctx.Data["Repos"] = repos

  287. 	ctx.Data["ReposTotal"] = int(count)

  288. 

  289. 	emails, err := user_model.GetEmailAddresses(ctx, u.ID)

  290. 	if err != nil {

  291. 		ctx.ServerError("GetEmailAddresses", err)

  292. 		return

  293. 	}

  294. 	ctx.Data["Emails"] = emails

  295. 	ctx.Data["EmailsTotal"] = len(emails)

  296. 

  297. 	orgs, err := db.Find[org_model.Organization](ctx, org_model.FindOrgOptions{

  298. 		ListOptions: db.ListOptions{

  299. 			ListAll: true,

  300. 		},

  301. 		UserID:         u.ID,

  302. 		IncludePrivate: true,

  303. 	})

  304. 	if err != nil {

  305. 		ctx.ServerError("FindOrgs", err)

  306. 		return

  307. 	}

  308. 

  309. 	ctx.Data["Users"] = orgs // needed to be able to use explore/user_list template

  310. 	ctx.Data["OrgsTotal"] = len(orgs)

  311. 

  312. 	ctx.HTML(http.StatusOK, tplUserView)

  313. }

  314. 

  315. func editUserCommon(ctx *context.Context) {

  316. 	ctx.Data["Title"] = ctx.Tr("admin.users.edit_account")

  317. 	ctx.Data["PageIsAdminUsers"] = true

  318. 	ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation

  319. 	ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations

  320. 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()

  321. 	ctx.Data["DisableGravatar"] = setting.Config().Picture.DisableGravatar.Value(ctx)

  322. }

  323. 

  324. // EditUser show editing user page

  325. func EditUser(ctx *context.Context) {

  326. 	editUserCommon(ctx)

  327. 	prepareUserInfo(ctx)

  328. 	if ctx.Written() {

  329. 		return

  330. 	}

  331. 

  332. 	ctx.HTML(http.StatusOK, tplUserEdit)

  333. }

  334. 

  335. // EditUserPost response for editing user

  336. func EditUserPost(ctx *context.Context) {

  337. 	editUserCommon(ctx)

  338. 	u := prepareUserInfo(ctx)

  339. 	if ctx.Written() {

  340. 		return

  341. 	}

  342. 

  343. 	form := web.GetForm(ctx).(*forms.AdminEditUserForm)

  344. 	if ctx.HasError() {

  345. 		ctx.HTML(http.StatusOK, tplUserEdit)

  346. 		return

  347. 	}

  348. 

  349. 	if form.UserName != "" {

  350. 		if err := user_service.RenameUser(ctx, u, form.UserName); err != nil {

  351. 			switch {

  352. 			case user_model.IsErrUserIsNotLocal(err):

  353. 				ctx.Data["Err_UserName"] = true

  354. 				ctx.RenderWithErr(ctx.Tr("form.username_change_not_local_user"), tplUserEdit, &form)

  355. 			case user_model.IsErrUserAlreadyExist(err):

  356. 				ctx.Data["Err_UserName"] = true

  357. 				ctx.RenderWithErr(ctx.Tr("form.username_been_taken"), tplUserEdit, &form)

  358. 			case db.IsErrNameReserved(err):

  359. 				ctx.Data["Err_UserName"] = true

  360. 				ctx.RenderWithErr(ctx.Tr("user.form.name_reserved", form.UserName), tplUserEdit, &form)

  361. 			case db.IsErrNamePatternNotAllowed(err):

  362. 				ctx.Data["Err_UserName"] = true

  363. 				ctx.RenderWithErr(ctx.Tr("user.form.name_pattern_not_allowed", form.UserName), tplUserEdit, &form)

  364. 			case db.IsErrNameCharsNotAllowed(err):

  365. 				ctx.Data["Err_UserName"] = true

  366. 				ctx.RenderWithErr(ctx.Tr("user.form.name_chars_not_allowed", form.UserName), tplUserEdit, &form)

  367. 			default:

  368. 				ctx.ServerError("RenameUser", err)

  369. 			}

  370. 			return

  371. 		}

  372. 	}

  373. 

  374. 	authOpts := &user_service.UpdateAuthOptions{

  375. 		Password:  optional.FromNonDefault(form.Password),

  376. 		LoginName: optional.Some(form.LoginName),

  377. 	}

  378. 

  379. 	// skip self Prohibit Login

  380. 	if ctx.Doer.ID == u.ID {

  381. 		authOpts.ProhibitLogin = optional.Some(false)

  382. 	} else {

  383. 		authOpts.ProhibitLogin = optional.Some(form.ProhibitLogin)

  384. 	}

  385. 

  386. 	fields := strings.Split(form.LoginType, "-")

  387. 	if len(fields) == 2 {

  388. 		authSource, _ := strconv.ParseInt(fields[1], 10, 64)

  389. 

  390. 		authOpts.LoginSource = optional.Some(authSource)

  391. 	}

  392. 

  393. 	if err := user_service.UpdateAuth(ctx, u, authOpts); err != nil {

  394. 		switch {

  395. 		case errors.Is(err, password.ErrMinLength):

  396. 			ctx.Data["Err_Password"] = true

  397. 			ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplUserEdit, &form)

  398. 		case errors.Is(err, password.ErrComplexity):

  399. 			ctx.Data["Err_Password"] = true

  400. 			ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplUserEdit, &form)

  401. 		case errors.Is(err, password.ErrIsPwned):

  402. 			ctx.Data["Err_Password"] = true

  403. 			ctx.RenderWithErr(ctx.Tr("auth.password_pwned"), tplUserEdit, &form)

  404. 		case password.IsErrIsPwnedRequest(err):

  405. 			log.Error("%s", err.Error())

  406. 			ctx.Data["Err_Password"] = true

  407. 			ctx.RenderWithErr(ctx.Tr("auth.password_pwned_err"), tplUserEdit, &form)

  408. 		default:

  409. 			ctx.ServerError("UpdateUser", err)

  410. 		}

  411. 		return

  412. 	}

  413. 

  414. 	if form.Email != "" {

  415. 		if err := user_service.AddOrSetPrimaryEmailAddress(ctx, u, form.Email); err != nil {

  416. 			switch {

  417. 			case user_model.IsErrEmailCharIsNotSupported(err), user_model.IsErrEmailInvalid(err):

  418. 				ctx.Data["Err_Email"] = true

  419. 				ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplUserEdit, &form)

  420. 			case user_model.IsErrEmailAlreadyUsed(err):

  421. 				ctx.Data["Err_Email"] = true

  422. 				ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplUserEdit, &form)

  423. 			default:

  424. 				ctx.ServerError("AddOrSetPrimaryEmailAddress", err)

  425. 			}

  426. 			return

  427. 		}

  428. 	}

  429. 

  430. 	opts := &user_service.UpdateOptions{

  431. 		FullName:                optional.Some(form.FullName),

  432. 		Website:                 optional.Some(form.Website),

  433. 		Location:                optional.Some(form.Location),

  434. 		IsActive:                optional.Some(form.Active),

  435. 		IsAdmin:                 optional.Some(form.Admin),

  436. 		AllowGitHook:            optional.Some(form.AllowGitHook),

  437. 		AllowImportLocal:        optional.Some(form.AllowImportLocal),

  438. 		MaxRepoCreation:         optional.Some(form.MaxRepoCreation),

  439. 		AllowCreateOrganization: optional.Some(form.AllowCreateOrganization),

  440. 		IsRestricted:            optional.Some(form.Restricted),

  441. 		Visibility:              optional.Some(form.Visibility),

  442. 		Language:                optional.Some(form.Language),

  443. 	}

  444. 

  445. 	if err := user_service.UpdateUser(ctx, u, opts); err != nil {

  446. 		if models.IsErrDeleteLastAdminUser(err) {

  447. 			ctx.RenderWithErr(ctx.Tr("auth.last_admin"), tplUserEdit, &form)

  448. 		} else {

  449. 			ctx.ServerError("UpdateUser", err)

  450. 		}

  451. 		return

  452. 	}

  453. 	log.Trace("Account profile updated by admin (%s): %s", ctx.Doer.Name, u.Name)

  454. 

  455. 	if form.Reset2FA {

  456. 		tf, err := auth.GetTwoFactorByUID(ctx, u.ID)

  457. 		if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {

  458. 			ctx.ServerError("auth.GetTwoFactorByUID", err)

  459. 			return

  460. 		} else if tf != nil {

  461. 			if err := auth.DeleteTwoFactorByID(ctx, tf.ID, u.ID); err != nil {

  462. 				ctx.ServerError("auth.DeleteTwoFactorByID", err)

  463. 				return

  464. 			}

  465. 		}

  466. 

  467. 		wn, err := auth.GetWebAuthnCredentialsByUID(ctx, u.ID)

  468. 		if err != nil {

  469. 			ctx.ServerError("auth.GetTwoFactorByUID", err)

  470. 			return

  471. 		}

  472. 		for _, cred := range wn {

  473. 			if _, err := auth.DeleteCredential(ctx, cred.ID, u.ID); err != nil {

  474. 				ctx.ServerError("auth.DeleteCredential", err)

  475. 				return

  476. 			}

  477. 		}

  478. 	}

  479. 

  480. 	ctx.Flash.Success(ctx.Tr("admin.users.update_profile_success"))

  481. 	ctx.Redirect(setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")))

  482. }

  483. 

  484. // DeleteUser response for deleting a user

  485. func DeleteUser(ctx *context.Context) {

  486. 	u, err := user_model.GetUserByID(ctx, ctx.ParamsInt64(":userid"))

  487. 	if err != nil {

  488. 		ctx.ServerError("GetUserByID", err)

  489. 		return

  490. 	}

  491. 

  492. 	// admin should not delete themself

  493. 	if u.ID == ctx.Doer.ID {

  494. 		ctx.Flash.Error(ctx.Tr("admin.users.cannot_delete_self"))

  495. 		ctx.Redirect(setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")))

  496. 		return

  497. 	}

  498. 

  499. 	if err = user_service.DeleteUser(ctx, u, ctx.FormBool("purge")); err != nil {

  500. 		switch {

  501. 		case models.IsErrUserOwnRepos(err):

  502. 			ctx.Flash.Error(ctx.Tr("admin.users.still_own_repo"))

  503. 			ctx.Redirect(setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")))

  504. 		case models.IsErrUserHasOrgs(err):

  505. 			ctx.Flash.Error(ctx.Tr("admin.users.still_has_org"))

  506. 			ctx.Redirect(setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")))

  507. 		case models.IsErrUserOwnPackages(err):

  508. 			ctx.Flash.Error(ctx.Tr("admin.users.still_own_packages"))

  509. 			ctx.Redirect(setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")))

  510. 		case models.IsErrDeleteLastAdminUser(err):

  511. 			ctx.Flash.Error(ctx.Tr("auth.last_admin"))

  512. 			ctx.Redirect(setting.AppSubURL + "/admin/users/" + url.PathEscape(ctx.Params(":userid")))

  513. 		default:

  514. 			ctx.ServerError("DeleteUser", err)

  515. 		}

  516. 		return

  517. 	}

  518. 	log.Trace("Account deleted by admin (%s): %s", ctx.Doer.Name, u.Name)

  519. 

  520. 	ctx.Flash.Success(ctx.Tr("admin.users.deletion_success"))

  521. 	ctx.Redirect(setting.AppSubURL + "/admin/users")

  522. }

  523. 

  524. // AvatarPost response for change user's avatar request

  525. func AvatarPost(ctx *context.Context) {

  526. 	u := prepareUserInfo(ctx)

  527. 	if ctx.Written() {

  528. 		return

  529. 	}

  530. 

  531. 	form := web.GetForm(ctx).(*forms.AvatarForm)

  532. 	if err := user_setting.UpdateAvatarSetting(ctx, form, u); err != nil {

  533. 		ctx.Flash.Error(err.Error())

  534. 	} else {

  535. 		ctx.Flash.Success(ctx.Tr("settings.update_user_avatar_success"))

  536. 	}

  537. 

  538. 	ctx.Redirect(setting.AppSubURL + "/admin/users/" + strconv.FormatInt(u.ID, 10))

  539. }

  540. 

  541. // DeleteAvatar render delete avatar page

  542. func DeleteAvatar(ctx *context.Context) {

  543. 	u := prepareUserInfo(ctx)

  544. 	if ctx.Written() {

  545. 		return

  546. 	}

  547. 

  548. 	if err := user_service.DeleteAvatar(ctx, u); err != nil {

  549. 		ctx.Flash.Error(err.Error())

  550. 	}

  551. 

  552. 	ctx.JSONRedirect(setting.AppSubURL + "/admin/users/" + strconv.FormatInt(u.ID, 10))

  553. }