summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--modules/context/auth.go24
-rw-r--r--routers/home.go6
2 files changed, 16 insertions, 14 deletions
diff --git a/modules/context/auth.go b/modules/context/auth.go
index 5a4d351dc4..9d9bd81c75 100644
--- a/modules/context/auth.go
+++ b/modules/context/auth.go
@@ -44,21 +44,17 @@ func Toggle(options *ToggleOptions) macaron.Handler {
return
}
- // prevent infinite redirection
- // also make sure that the form cannot be accessed by
- // users who don't need this
- if ctx.Req.URL.Path == "/user/settings/change_password" {
- if !ctx.User.MustChangePassword {
- ctx.Redirect(setting.AppSubURL + "/")
- }
- return
- }
-
if ctx.User.MustChangePassword {
- ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
- ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
- ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
- ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
+ if ctx.Req.URL.Path != "/user/settings/change_password" {
+ ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
+ ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
+ ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
+ ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
+ return
+ }
+ } else if ctx.Req.URL.Path == "/user/settings/change_password" {
+ // make sure that the form cannot be accessed by users who don't need this
+ ctx.Redirect(setting.AppSubURL + "/")
return
}
}
diff --git a/routers/home.go b/routers/home.go
index bea0139111..437c569a79 100644
--- a/routers/home.go
+++ b/routers/home.go
@@ -7,6 +7,7 @@ package routers
import (
"bytes"
+ "net/url"
"strings"
"code.gitea.io/gitea/models"
@@ -44,6 +45,11 @@ func Home(ctx *context.Context) {
log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
ctx.HTML(200, "user/auth/prohibit_login")
+ } else if ctx.User.MustChangePassword {
+ ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
+ ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
+ ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
+ ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
} else {
user.Dashboard(ctx)
}