diff options
author | 6543 <6543@obermui.de> | 2022-03-02 01:24:31 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-02 01:24:31 +0100 |
commit | 1f45d1e1303c5843ceeb473eef343b82491bd706 (patch) | |
tree | 53ae94ca03baa68679b1eee2da4d51944ecf9e5e /routers | |
parent | 38f63221642815076599954155174aae008c2d20 (diff) | |
download | gitea-1f45d1e1303c5843ceeb473eef343b82491bd706.tar.gz gitea-1f45d1e1303c5843ceeb473eef343b82491bd706.zip |
Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that case (#18897)
Diffstat (limited to 'routers')
-rw-r--r-- | routers/web/admin/users.go | 35 |
1 files changed, 25 insertions, 10 deletions
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go index 5cb25d8672..4358db89ba 100644 --- a/routers/web/admin/users.go +++ b/routers/web/admin/users.go @@ -217,15 +217,17 @@ func prepareUserInfo(ctx *context.Context) *user_model.User { } ctx.Data["Sources"] = sources - ctx.Data["TwoFactorEnabled"] = true - _, err = auth.GetTwoFactorByUID(u.ID) + hasTOTP, err := auth.HasTwoFactorByUID(u.ID) if err != nil { - if !auth.IsErrTwoFactorNotEnrolled(err) { - ctx.ServerError("IsErrTwoFactorNotEnrolled", err) - return nil - } - ctx.Data["TwoFactorEnabled"] = false + ctx.ServerError("auth.HasTwoFactorByUID", err) + return nil + } + hasWebAuthn, err := auth.HasWebAuthnRegistrationsByUID(u.ID) + if err != nil { + ctx.ServerError("auth.HasWebAuthnRegistrationsByUID", err) + return nil } + ctx.Data["TwoFactorEnabled"] = hasTOTP || hasWebAuthn return u } @@ -327,14 +329,27 @@ func EditUserPost(ctx *context.Context) { if form.Reset2FA { tf, err := auth.GetTwoFactorByUID(u.ID) if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) { - ctx.ServerError("GetTwoFactorByUID", err) + ctx.ServerError("auth.GetTwoFactorByUID", err) return + } else if tf != nil { + if err := auth.DeleteTwoFactorByID(tf.ID, u.ID); err != nil { + ctx.ServerError("auth.DeleteTwoFactorByID", err) + return + } } - if err = auth.DeleteTwoFactorByID(tf.ID, u.ID); err != nil { - ctx.ServerError("DeleteTwoFactorByID", err) + wn, err := auth.GetWebAuthnCredentialsByUID(u.ID) + if err != nil { + ctx.ServerError("auth.GetTwoFactorByUID", err) return } + for _, cred := range wn { + if _, err := auth.DeleteCredential(cred.ID, u.ID); err != nil { + ctx.ServerError("auth.DeleteCredential", err) + return + } + } + } u.LoginName = form.LoginName |