aboutsummaryrefslogtreecommitdiffstats
path: root/models/user/user.go
diff options
context:
space:
mode:
authorwxiaoguang <wxiaoguang@gmail.com>2024-05-20 23:12:50 +0800
committerGitHub <noreply@github.com>2024-05-20 15:12:50 +0000
commitfb1ad920b769799aa1287441289d15477d9878c5 (patch)
tree45734a3e7c7c5f15e9c62e06d134e7dee0262c4a /models/user/user.go
parentf1d9f18d96050d89a4085c961f572f07b1e653d1 (diff)
downloadgitea-fb1ad920b769799aa1287441289d15477d9878c5.tar.gz
gitea-fb1ad920b769799aa1287441289d15477d9878c5.zip
Refactor sha1 and time-limited code (#31023)
Remove "EncodeSha1", it shouldn't be used as a general purpose hasher (just like we have removed "EncodeMD5" in #28622) Rewrite the "time-limited code" related code and write better tests, the old code doesn't seem quite right.
Diffstat (limited to 'models/user/user.go')
-rw-r--r--models/user/user.go7
1 files changed, 2 insertions, 5 deletions
diff --git a/models/user/user.go b/models/user/user.go
index a5a5b5bdf6..6848d1be95 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -304,7 +304,7 @@ func (u *User) OrganisationLink() string {
func (u *User) GenerateEmailActivateCode(email string) string {
code := base.CreateTimeLimitCode(
fmt.Sprintf("%d%s%s%s%s", u.ID, email, u.LowerName, u.Passwd, u.Rands),
- setting.Service.ActiveCodeLives, nil)
+ setting.Service.ActiveCodeLives, time.Now(), nil)
// Add tail hex username
code += hex.EncodeToString([]byte(u.LowerName))
@@ -791,14 +791,11 @@ func GetVerifyUser(ctx context.Context, code string) (user *User) {
// VerifyUserActiveCode verifies active code when active account
func VerifyUserActiveCode(ctx context.Context, code string) (user *User) {
- minutes := setting.Service.ActiveCodeLives
-
if user = GetVerifyUser(ctx, code); user != nil {
// time limit code
prefix := code[:base.TimeLimitCodeLength]
data := fmt.Sprintf("%d%s%s%s%s", user.ID, user.Email, user.LowerName, user.Passwd, user.Rands)
-
- if base.VerifyTimeLimitCode(data, minutes, prefix) {
+ if base.VerifyTimeLimitCode(time.Now(), data, setting.Service.ActiveCodeLives, prefix) {
return user
}
}