diff options
| author | Kamil DomaĆski <kamil@domanski.co> | 2021-11-08 23:47:19 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-08 23:47:19 +0100 |
| commit | 021df29623bb0155b5a2ccad0e5f90fb348c8f4e (patch) | |
| tree | c720bc34bd29620028c51d35c6d98044af89101e /models | |
| parent | a3f9e9234cbb099b821a6ea9c575927be18948de (diff) | |
| download | gitea-021df29623bb0155b5a2ccad0e5f90fb348c8f4e.tar.gz gitea-021df29623bb0155b5a2ccad0e5f90fb348c8f4e.zip | |
Allow U2F 2FA without TOTP (#11573)
This change enables the usage of U2F without being forced to enroll an TOTP authenticator.
The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled.
Fixes #5410
Fixes #17495
Diffstat (limited to 'models')
| -rw-r--r-- | models/fixtures/u2f_registration.yml | 2 | ||||
| -rw-r--r-- | models/fixtures/user.yml | 16 | ||||
| -rw-r--r-- | models/login/twofactor.go | 6 | ||||
| -rw-r--r-- | models/login/u2f.go | 5 | ||||
| -rw-r--r-- | models/login/u2f_test.go | 2 | ||||
| -rw-r--r-- | models/user_test.go | 4 |
6 files changed, 31 insertions, 4 deletions
diff --git a/models/fixtures/u2f_registration.yml b/models/fixtures/u2f_registration.yml index 4a9d1d9624..60555c43f1 100644 --- a/models/fixtures/u2f_registration.yml +++ b/models/fixtures/u2f_registration.yml @@ -1,7 +1,7 @@ - id: 1 name: "U2F Key" - user_id: 1 + user_id: 32 counter: 0 created_unix: 946684800 updated_unix: 946684800 diff --git a/models/fixtures/user.yml b/models/fixtures/user.yml index c49fe1b656..cf07542eed 100644 --- a/models/fixtures/user.yml +++ b/models/fixtures/user.yml @@ -542,3 +542,19 @@ avatar_email: user31@example.com num_repos: 0 is_active: true + +- + id: 32 + lower_name: user32 + name: user32 + full_name: User 32 (U2F test) + email: user32@example.com + passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password + type: 0 # individual + salt: ZogKvWdyEx + is_admin: false + is_restricted: false + avatar: avatar32 + avatar_email: user30@example.com + num_repos: 0 + is_active: true diff --git a/models/login/twofactor.go b/models/login/twofactor.go index 1c4d2734fc..acb5e1b2d5 100644 --- a/models/login/twofactor.go +++ b/models/login/twofactor.go @@ -136,6 +136,12 @@ func GetTwoFactorByUID(uid int64) (*TwoFactor, error) { return twofa, nil } +// HasTwoFactorByUID returns the two-factor authentication token associated with +// the user, if any. +func HasTwoFactorByUID(uid int64) (bool, error) { + return db.GetEngine(db.DefaultContext).Where("uid=?", uid).Exist(&TwoFactor{}) +} + // DeleteTwoFactorByID deletes two-factor authentication token by given ID. func DeleteTwoFactorByID(id, userID int64) error { cnt, err := db.GetEngine(db.DefaultContext).ID(id).Delete(&TwoFactor{ diff --git a/models/login/u2f.go b/models/login/u2f.go index 05d39cc05e..8cea98463f 100644 --- a/models/login/u2f.go +++ b/models/login/u2f.go @@ -115,6 +115,11 @@ func GetU2FRegistrationsByUID(uid int64) (U2FRegistrationList, error) { return getU2FRegistrationsByUID(db.GetEngine(db.DefaultContext), uid) } +// HasU2FRegistrationsByUID returns whether a given user has U2F registrations +func HasU2FRegistrationsByUID(uid int64) (bool, error) { + return db.GetEngine(db.DefaultContext).Where("user_id = ?", uid).Exist(&U2FRegistration{}) +} + func createRegistration(e db.Engine, userID int64, name string, reg *u2f.Registration) (*U2FRegistration, error) { raw, err := reg.MarshalBinary() if err != nil { diff --git a/models/login/u2f_test.go b/models/login/u2f_test.go index 32505b62a6..8f5cea6150 100644 --- a/models/login/u2f_test.go +++ b/models/login/u2f_test.go @@ -29,7 +29,7 @@ func TestGetU2FRegistrationByID(t *testing.T) { func TestGetU2FRegistrationsByUID(t *testing.T) { assert.NoError(t, db.PrepareTestDatabase()) - res, err := GetU2FRegistrationsByUID(1) + res, err := GetU2FRegistrationsByUID(32) assert.NoError(t, err) assert.Len(t, res, 1) diff --git a/models/user_test.go b/models/user_test.go index 2dcca20346..3f3536dafa 100644 --- a/models/user_test.go +++ b/models/user_test.go @@ -147,13 +147,13 @@ func TestSearchUsers(t *testing.T) { } testUserSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}}, - []int64{1, 2, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30}) + []int64{1, 2, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30, 32}) testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolFalse}, []int64{9}) testUserSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue}, - []int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 28, 29, 30}) + []int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 28, 29, 30, 32}) testUserSuccess(&SearchUserOptions{Keyword: "user1", OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue}, []int64{1, 10, 11, 12, 13, 14, 15, 16, 18}) |