diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/auth/user_form.go | 12 | ||||
| -rw-r--r-- | modules/context/auth.go | 29 |
2 files changed, 37 insertions, 4 deletions
diff --git a/modules/auth/user_form.go b/modules/auth/user_form.go index 959a8ac417..43ddb29c76 100644 --- a/modules/auth/user_form.go +++ b/modules/auth/user_form.go @@ -84,6 +84,18 @@ func (f *RegisterForm) Validate(ctx *macaron.Context, errs binding.Errors) bindi return validate(errs, ctx.Data, f, ctx.Locale) } +// MustChangePasswordForm form for updating your password after account creation +// by an admin +type MustChangePasswordForm struct { + Password string `binding:"Required;MaxSize(255)"` + Retype string +} + +// Validate valideates the fields +func (f *MustChangePasswordForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors { + return validate(errs, ctx.Data, f, ctx.Locale) +} + // SignInForm form for signing in with user/password type SignInForm struct { UserName string `binding:"Required;MaxSize(254)"` diff --git a/modules/context/auth.go b/modules/context/auth.go index c38cc3948d..110122cb66 100644 --- a/modules/context/auth.go +++ b/modules/context/auth.go @@ -31,10 +31,31 @@ func Toggle(options *ToggleOptions) macaron.Handler { } // Check prohibit login users. - if ctx.IsSigned && ctx.User.ProhibitLogin { - ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") - ctx.HTML(200, "user/auth/prohibit_login") - return + if ctx.IsSigned { + + if ctx.User.ProhibitLogin { + ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") + ctx.HTML(200, "user/auth/prohibit_login") + return + } + + // prevent infinite redirection + // also make sure that the form cannot be accessed by + // users who don't need this + if ctx.Req.URL.Path == setting.AppSubURL+"/user/settings/change_password" { + if !ctx.User.MustChangePassword { + ctx.Redirect(setting.AppSubURL + "/") + } + return + } + + if ctx.User.MustChangePassword { + ctx.Data["Title"] = ctx.Tr("auth.must_change_password") + ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" + ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL) + ctx.Redirect(setting.AppSubURL + "/user/settings/change_password") + return + } } // Redirect to dashboard if user tries to visit any non-login page. |