diff options
| author | KN4CK3R <KN4CK3R@users.noreply.github.com> | 2021-04-30 22:21:33 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-30 22:21:33 +0200 |
| commit | 7670c1c99e5ee9e1d6fc1f866c89df2712987bd2 (patch) | |
| tree | 962f96d3268350f116de9d67fd1a1c437415d963 /routers | |
| parent | ee3fb92419338e12a531168b486d3c8f5c2164c0 (diff) | |
| download | gitea-7670c1c99e5ee9e1d6fc1f866c89df2712987bd2.tar.gz gitea-7670c1c99e5ee9e1d6fc1f866c89df2712987bd2.zip | |
Fixed several activation bugs (#15473)
* Removed unneeded form tag.
* Fixed typo.
* Fixed NPE.
* Use better error page.
* Splitted GET and POST.
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/routes/web.go | 3 | ||||
| -rw-r--r-- | routers/user/auth.go | 41 |
2 files changed, 38 insertions, 6 deletions
diff --git a/routers/routes/web.go b/routers/routes/web.go index ceb024249e..72f5c27b6f 100644 --- a/routers/routes/web.go +++ b/routers/routes/web.go @@ -472,7 +472,8 @@ func RegisterRoutes(m *web.Route) { m.Group("/user", func() { // r.Get("/feeds", binding.Bind(auth.FeedsForm{}), user.Feeds) - m.Any("/activate", user.Activate, reqSignIn) + m.Get("/activate", user.Activate, reqSignIn) + m.Post("/activate", user.ActivatePost, reqSignIn) m.Any("/activate_email", user.ActivateEmail) m.Get("/avatar/{username}/{size}", user.Avatar) m.Get("/email2user", user.Email2User) diff --git a/routers/user/auth.go b/routers/user/auth.go index 2ec09cc069..f29e1cc4d0 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -1240,7 +1240,7 @@ func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{ } } - // TODO: probably we should respect 'remeber' user's choice... + // TODO: probably we should respect 'remember' user's choice... linkAccount(ctx, user, *gothUser, true) return // user is already created here, all redirects are handled } else if setting.OAuth2Client.AccountLinking == setting.OAuth2AccountLinkingLogin { @@ -1327,12 +1327,11 @@ func handleUserCreated(ctx *context.Context, u *models.User, gothUser *goth.User // Activate render activate user page func Activate(ctx *context.Context) { code := ctx.Query("code") - password := ctx.Query("password") if len(code) == 0 { ctx.Data["IsActivatePage"] = true - if ctx.User.IsActive { - ctx.Error(http.StatusNotFound) + if ctx.User == nil || ctx.User.IsActive { + ctx.NotFound("invalid user", nil) return } // Resend confirmation email. @@ -1364,6 +1363,34 @@ func Activate(ctx *context.Context) { // if account is local account, verify password if user.LoginSource == 0 { + ctx.Data["Code"] = code + ctx.Data["NeedsPassword"] = true + ctx.HTML(http.StatusOK, TplActivate) + return + } + + handleAccountActivation(ctx, user) +} + +// ActivatePost handles account activation with password check +func ActivatePost(ctx *context.Context) { + code := ctx.Query("code") + if len(code) == 0 { + ctx.Redirect(setting.AppSubURL + "/user/activate") + return + } + + user := models.VerifyUserActiveCode(code) + // if code is wrong + if user == nil { + ctx.Data["IsActivateFailed"] = true + ctx.HTML(http.StatusOK, TplActivate) + return + } + + // if account is local account, verify password + if user.LoginSource == 0 { + password := ctx.Query("password") if len(password) == 0 { ctx.Data["Code"] = code ctx.Data["NeedsPassword"] = true @@ -1377,6 +1404,10 @@ func Activate(ctx *context.Context) { } } + handleAccountActivation(ctx, user) +} + +func handleAccountActivation(ctx *context.Context, user *models.User) { user.IsActive = true var err error if user.Rands, err = models.GetUserSalt(); err != nil { @@ -1385,7 +1416,7 @@ func Activate(ctx *context.Context) { } if err := models.UpdateUserCols(user, "is_active", "rands"); err != nil { if models.IsErrUserNotExist(err) { - ctx.Error(http.StatusNotFound) + ctx.NotFound("UpdateUserCols", err) } else { ctx.ServerError("UpdateUser", err) } |