summaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
authorKamil DomaƄski <kamil@domanski.co>2021-11-08 23:47:19 +0100
committerGitHub <noreply@github.com>2021-11-08 23:47:19 +0100
commit021df29623bb0155b5a2ccad0e5f90fb348c8f4e (patch)
treec720bc34bd29620028c51d35c6d98044af89101e /models
parenta3f9e9234cbb099b821a6ea9c575927be18948de (diff)
downloadgitea-021df29623bb0155b5a2ccad0e5f90fb348c8f4e.tar.gz
gitea-021df29623bb0155b5a2ccad0e5f90fb348c8f4e.zip
Allow U2F 2FA without TOTP (#11573)
This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495
Diffstat (limited to 'models')
-rw-r--r--models/fixtures/u2f_registration.yml2
-rw-r--r--models/fixtures/user.yml16
-rw-r--r--models/login/twofactor.go6
-rw-r--r--models/login/u2f.go5
-rw-r--r--models/login/u2f_test.go2
-rw-r--r--models/user_test.go4
6 files changed, 31 insertions, 4 deletions
diff --git a/models/fixtures/u2f_registration.yml b/models/fixtures/u2f_registration.yml
index 4a9d1d9624..60555c43f1 100644
--- a/models/fixtures/u2f_registration.yml
+++ b/models/fixtures/u2f_registration.yml
@@ -1,7 +1,7 @@
-
id: 1
name: "U2F Key"
- user_id: 1
+ user_id: 32
counter: 0
created_unix: 946684800
updated_unix: 946684800
diff --git a/models/fixtures/user.yml b/models/fixtures/user.yml
index c49fe1b656..cf07542eed 100644
--- a/models/fixtures/user.yml
+++ b/models/fixtures/user.yml
@@ -542,3 +542,19 @@
avatar_email: user31@example.com
num_repos: 0
is_active: true
+
+-
+ id: 32
+ lower_name: user32
+ name: user32
+ full_name: User 32 (U2F test)
+ email: user32@example.com
+ passwd: 7d93daa0d1e6f2305cc8fa496847d61dc7320bb16262f9c55dd753480207234cdd96a93194e408341971742f4701772a025a # password
+ type: 0 # individual
+ salt: ZogKvWdyEx
+ is_admin: false
+ is_restricted: false
+ avatar: avatar32
+ avatar_email: user30@example.com
+ num_repos: 0
+ is_active: true
diff --git a/models/login/twofactor.go b/models/login/twofactor.go
index 1c4d2734fc..acb5e1b2d5 100644
--- a/models/login/twofactor.go
+++ b/models/login/twofactor.go
@@ -136,6 +136,12 @@ func GetTwoFactorByUID(uid int64) (*TwoFactor, error) {
return twofa, nil
}
+// HasTwoFactorByUID returns the two-factor authentication token associated with
+// the user, if any.
+func HasTwoFactorByUID(uid int64) (bool, error) {
+ return db.GetEngine(db.DefaultContext).Where("uid=?", uid).Exist(&TwoFactor{})
+}
+
// DeleteTwoFactorByID deletes two-factor authentication token by given ID.
func DeleteTwoFactorByID(id, userID int64) error {
cnt, err := db.GetEngine(db.DefaultContext).ID(id).Delete(&TwoFactor{
diff --git a/models/login/u2f.go b/models/login/u2f.go
index 05d39cc05e..8cea98463f 100644
--- a/models/login/u2f.go
+++ b/models/login/u2f.go
@@ -115,6 +115,11 @@ func GetU2FRegistrationsByUID(uid int64) (U2FRegistrationList, error) {
return getU2FRegistrationsByUID(db.GetEngine(db.DefaultContext), uid)
}
+// HasU2FRegistrationsByUID returns whether a given user has U2F registrations
+func HasU2FRegistrationsByUID(uid int64) (bool, error) {
+ return db.GetEngine(db.DefaultContext).Where("user_id = ?", uid).Exist(&U2FRegistration{})
+}
+
func createRegistration(e db.Engine, userID int64, name string, reg *u2f.Registration) (*U2FRegistration, error) {
raw, err := reg.MarshalBinary()
if err != nil {
diff --git a/models/login/u2f_test.go b/models/login/u2f_test.go
index 32505b62a6..8f5cea6150 100644
--- a/models/login/u2f_test.go
+++ b/models/login/u2f_test.go
@@ -29,7 +29,7 @@ func TestGetU2FRegistrationByID(t *testing.T) {
func TestGetU2FRegistrationsByUID(t *testing.T) {
assert.NoError(t, db.PrepareTestDatabase())
- res, err := GetU2FRegistrationsByUID(1)
+ res, err := GetU2FRegistrationsByUID(32)
assert.NoError(t, err)
assert.Len(t, res, 1)
diff --git a/models/user_test.go b/models/user_test.go
index 2dcca20346..3f3536dafa 100644
--- a/models/user_test.go
+++ b/models/user_test.go
@@ -147,13 +147,13 @@ func TestSearchUsers(t *testing.T) {
}
testUserSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}},
- []int64{1, 2, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30})
+ []int64{1, 2, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 27, 28, 29, 30, 32})
testUserSuccess(&SearchUserOptions{ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolFalse},
[]int64{9})
testUserSuccess(&SearchUserOptions{OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
- []int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 28, 29, 30})
+ []int64{1, 2, 4, 5, 8, 10, 11, 12, 13, 14, 15, 16, 18, 20, 21, 24, 28, 29, 30, 32})
testUserSuccess(&SearchUserOptions{Keyword: "user1", OrderBy: "id ASC", ListOptions: db.ListOptions{Page: 1}, IsActive: util.OptionalBoolTrue},
[]int64{1, 10, 11, 12, 13, 14, 15, 16, 18})