summaryrefslogtreecommitdiffstats
path: root/routers
diff options
context:
space:
mode:
authorDenis Denisov <denji@users.noreply.github.com>2016-12-20 14:32:02 +0200
committerThomas Boerger <thomas@webhippie.de>2016-12-20 13:32:02 +0100
commit380e32e129d7a8868b9853e92e208a97e3ac125f (patch)
tree3b7ffc74a7f28f9c165ee4a780e52053d9f749fd /routers
parent952587dbae987e05fb36f0ff56bf5eff92ae1080 (diff)
downloadgitea-380e32e129d7a8868b9853e92e208a97e3ac125f.tar.gz
gitea-380e32e129d7a8868b9853e92e208a97e3ac125f.zip
Fix random string generator (#384)
* Remove unused custom-alphabet feature of random string generator Fix random string generator Random string generator should return error if it fails to read random data via crypto/rand * Fixes variable (un)initialization mixed assign Update test GetRandomString
Diffstat (limited to 'routers')
-rw-r--r--routers/admin/users.go6
-rw-r--r--routers/api/v1/admin/user.go6
-rw-r--r--routers/install.go28
-rw-r--r--routers/user/auth.go17
-rw-r--r--routers/user/setting.go6
5 files changed, 46 insertions, 17 deletions
diff --git a/routers/admin/users.go b/routers/admin/users.go
index c95aba7729..fa61a46938 100644
--- a/routers/admin/users.go
+++ b/routers/admin/users.go
@@ -197,7 +197,11 @@ func EditUserPost(ctx *context.Context, form auth.AdminEditUserForm) {
if len(form.Password) > 0 {
u.Passwd = form.Password
- u.Salt = models.GetUserSalt()
+ var err error
+ if u.Salt, err = models.GetUserSalt(); err != nil {
+ ctx.Handle(500, "UpdateUser", err)
+ return
+ }
u.EncodePasswd()
}
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index 0a6dc5d456..36fea14f11 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -87,7 +87,11 @@ func EditUser(ctx *context.APIContext, form api.EditUserOption) {
if len(form.Password) > 0 {
u.Passwd = form.Password
- u.Salt = models.GetUserSalt()
+ var err error
+ if u.Salt, err = models.GetUserSalt(); err != nil {
+ ctx.Error(500, "UpdateUser", err)
+ return
+ }
u.EncodePasswd()
}
diff --git a/routers/install.go b/routers/install.go
index 84f07e1e69..f18a8dbca3 100644
--- a/routers/install.go
+++ b/routers/install.go
@@ -115,6 +115,7 @@ func Install(ctx *context.Context) {
// InstallPost response for submit install items
func InstallPost(ctx *context.Context, form auth.InstallForm) {
+ var err error
ctx.Data["CurDbOption"] = form.DbType
if ctx.HasError() {
@@ -131,7 +132,7 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) {
return
}
- if _, err := exec.LookPath("git"); err != nil {
+ if _, err = exec.LookPath("git"); err != nil {
ctx.RenderWithErr(ctx.Tr("install.test_git_failed", err), tplInstall, &form)
return
}
@@ -161,7 +162,7 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) {
// Set test engine.
var x *xorm.Engine
- if err := models.NewTestEngine(x); err != nil {
+ if err = models.NewTestEngine(x); err != nil {
if strings.Contains(err.Error(), `Unknown database type: sqlite3`) {
ctx.Data["Err_DbType"] = true
ctx.RenderWithErr(ctx.Tr("install.sqlite3_not_available", "https://docs.gitea.io/installation/install_from_binary.html"), tplInstall, &form)
@@ -174,7 +175,7 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) {
// Test repository root path.
form.RepoRootPath = strings.Replace(form.RepoRootPath, "\\", "/", -1)
- if err := os.MkdirAll(form.RepoRootPath, os.ModePerm); err != nil {
+ if err = os.MkdirAll(form.RepoRootPath, os.ModePerm); err != nil {
ctx.Data["Err_RepoRootPath"] = true
ctx.RenderWithErr(ctx.Tr("install.invalid_repo_path", err), tplInstall, &form)
return
@@ -182,7 +183,7 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) {
// Test log root path.
form.LogRootPath = strings.Replace(form.LogRootPath, "\\", "/", -1)
- if err := os.MkdirAll(form.LogRootPath, os.ModePerm); err != nil {
+ if err = os.MkdirAll(form.LogRootPath, os.ModePerm); err != nil {
ctx.Data["Err_LogRootPath"] = true
ctx.RenderWithErr(ctx.Tr("install.invalid_log_root_path", err), tplInstall, &form)
return
@@ -225,7 +226,7 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) {
cfg := ini.Empty()
if com.IsFile(setting.CustomConf) {
// Keeps custom settings if there is already something.
- if err := cfg.Append(setting.CustomConf); err != nil {
+ if err = cfg.Append(setting.CustomConf); err != nil {
log.Error(4, "Fail to load custom conf '%s': %v", setting.CustomConf, err)
}
}
@@ -279,15 +280,20 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) {
cfg.Section("log").Key("ROOT_PATH").SetValue(form.LogRootPath)
cfg.Section("security").Key("INSTALL_LOCK").SetValue("true")
- cfg.Section("security").Key("SECRET_KEY").SetValue(base.GetRandomString(15))
+ var secretKey string
+ if secretKey, err = base.GetRandomString(10); err != nil {
+ ctx.RenderWithErr(ctx.Tr("install.secret_key_failed", err), tplInstall, &form)
+ return
+ }
+ cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey)
- err := os.MkdirAll(filepath.Dir(setting.CustomConf), os.ModePerm)
+ err = os.MkdirAll(filepath.Dir(setting.CustomConf), os.ModePerm)
if err != nil {
ctx.RenderWithErr(ctx.Tr("install.save_config_failed", err), tplInstall, &form)
return
}
- if err := cfg.SaveTo(setting.CustomConf); err != nil {
+ if err = cfg.SaveTo(setting.CustomConf); err != nil {
ctx.RenderWithErr(ctx.Tr("install.save_config_failed", err), tplInstall, &form)
return
}
@@ -303,7 +309,7 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) {
IsAdmin: true,
IsActive: true,
}
- if err := models.CreateUser(u); err != nil {
+ if err = models.CreateUser(u); err != nil {
if !models.IsErrUserAlreadyExist(err) {
setting.InstallLock = false
ctx.Data["Err_AdminName"] = true
@@ -316,11 +322,11 @@ func InstallPost(ctx *context.Context, form auth.InstallForm) {
}
// Auto-login for admin
- if err := ctx.Session.Set("uid", u.ID); err != nil {
+ if err = ctx.Session.Set("uid", u.ID); err != nil {
ctx.RenderWithErr(ctx.Tr("install.save_config_failed", err), tplInstall, &form)
return
}
- if err := ctx.Session.Set("uname", u.Name); err != nil {
+ if err = ctx.Session.Set("uname", u.Name); err != nil {
ctx.RenderWithErr(ctx.Tr("install.save_config_failed", err), tplInstall, &form)
return
}
diff --git a/routers/user/auth.go b/routers/user/auth.go
index eecb5e051f..bb14ad5a5f 100644
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -289,7 +289,11 @@ func Activate(ctx *context.Context) {
// Verify code.
if user := models.VerifyUserActiveCode(code); user != nil {
user.IsActive = true
- user.Rands = models.GetUserSalt()
+ var err error
+ if user.Rands, err = models.GetUserSalt(); err != nil {
+ ctx.Handle(500, "UpdateUser", err)
+ return
+ }
if err := models.UpdateUser(user); err != nil {
if models.IsErrUserNotExist(err) {
ctx.Error(404)
@@ -428,8 +432,15 @@ func ResetPasswdPost(ctx *context.Context) {
}
u.Passwd = passwd
- u.Rands = models.GetUserSalt()
- u.Salt = models.GetUserSalt()
+ var err error
+ if u.Rands, err = models.GetUserSalt(); err != nil {
+ ctx.Handle(500, "UpdateUser", err)
+ return
+ }
+ if u.Salt, err = models.GetUserSalt(); err != nil {
+ ctx.Handle(500, "UpdateUser", err)
+ return
+ }
u.EncodePasswd()
if err := models.UpdateUser(u); err != nil {
ctx.Handle(500, "UpdateUser", err)
diff --git a/routers/user/setting.go b/routers/user/setting.go
index bbb4d99c02..e078f8c17a 100644
--- a/routers/user/setting.go
+++ b/routers/user/setting.go
@@ -197,7 +197,11 @@ func SettingsPasswordPost(ctx *context.Context, form auth.ChangePasswordForm) {
ctx.Flash.Error(ctx.Tr("form.password_not_match"))
} else {
ctx.User.Passwd = form.Password
- ctx.User.Salt = models.GetUserSalt()
+ var err error
+ if ctx.User.Salt, err = models.GetUserSalt(); err != nil {
+ ctx.Handle(500, "UpdateUser", err)
+ return
+ }
ctx.User.EncodePasswd()
if err := models.UpdateUser(ctx.User); err != nil {
ctx.Handle(500, "UpdateUser", err)