summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
author6543 <6543@obermui.de>2022-03-02 01:24:31 +0100
committerGitHub <noreply@github.com>2022-03-02 01:24:31 +0100
commit1f45d1e1303c5843ceeb473eef343b82491bd706 (patch)
tree53ae94ca03baa68679b1eee2da4d51944ecf9e5e /routers
parent38f63221642815076599954155174aae008c2d20 (diff)
downloadgitea-1f45d1e1303c5843ceeb473eef343b82491bd706.tar.gz
gitea-1f45d1e1303c5843ceeb473eef343b82491bd706.zip
Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that case (#18897)
Diffstat (limited to 'routers')
-rw-r--r--routers/web/admin/users.go35
1 files changed, 25 insertions, 10 deletions
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index 5cb25d8672..4358db89ba 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -217,15 +217,17 @@ func prepareUserInfo(ctx *context.Context) *user_model.User {
}
ctx.Data["Sources"] = sources
- ctx.Data["TwoFactorEnabled"] = true
- _, err = auth.GetTwoFactorByUID(u.ID)
+ hasTOTP, err := auth.HasTwoFactorByUID(u.ID)
if err != nil {
- if !auth.IsErrTwoFactorNotEnrolled(err) {
- ctx.ServerError("IsErrTwoFactorNotEnrolled", err)
- return nil
- }
- ctx.Data["TwoFactorEnabled"] = false
+ ctx.ServerError("auth.HasTwoFactorByUID", err)
+ return nil
+ }
+ hasWebAuthn, err := auth.HasWebAuthnRegistrationsByUID(u.ID)
+ if err != nil {
+ ctx.ServerError("auth.HasWebAuthnRegistrationsByUID", err)
+ return nil
}
+ ctx.Data["TwoFactorEnabled"] = hasTOTP || hasWebAuthn
return u
}
@@ -327,14 +329,27 @@ func EditUserPost(ctx *context.Context) {
if form.Reset2FA {
tf, err := auth.GetTwoFactorByUID(u.ID)
if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {
- ctx.ServerError("GetTwoFactorByUID", err)
+ ctx.ServerError("auth.GetTwoFactorByUID", err)
return
+ } else if tf != nil {
+ if err := auth.DeleteTwoFactorByID(tf.ID, u.ID); err != nil {
+ ctx.ServerError("auth.DeleteTwoFactorByID", err)
+ return
+ }
}
- if err = auth.DeleteTwoFactorByID(tf.ID, u.ID); err != nil {
- ctx.ServerError("DeleteTwoFactorByID", err)
+ wn, err := auth.GetWebAuthnCredentialsByUID(u.ID)
+ if err != nil {
+ ctx.ServerError("auth.GetTwoFactorByUID", err)
return
}
+ for _, cred := range wn {
+ if _, err := auth.DeleteCredential(cred.ID, u.ID); err != nil {
+ ctx.ServerError("auth.DeleteCredential", err)
+ return
+ }
+ }
+
}
u.LoginName = form.LoginName