aboutsummaryrefslogtreecommitdiffstats
path: root/routers/web/user/auth.go
diff options
context:
space:
mode:
Diffstat (limited to 'routers/web/user/auth.go')
-rw-r--r--routers/web/user/auth.go124
1 files changed, 62 insertions, 62 deletions
diff --git a/routers/web/user/auth.go b/routers/web/user/auth.go
index c5164c4956..02f5afd8ba 100644
--- a/routers/web/user/auth.go
+++ b/routers/web/user/auth.go
@@ -76,9 +76,9 @@ func AutoSignIn(ctx *context.Context) (bool, error) {
}
}()
- u, err := models.GetUserByName(uname)
+ u, err := user_model.GetUserByName(uname)
if err != nil {
- if !models.IsErrUserNotExist(err) {
+ if !user_model.IsErrUserNotExist(err) {
return false, fmt.Errorf("GetUserByName: %v", err)
}
return false, nil
@@ -180,17 +180,17 @@ func SignInPost(ctx *context.Context) {
form := web.GetForm(ctx).(*forms.SignInForm)
u, source, err := auth.UserSignIn(form.UserName, form.Password)
if err != nil {
- if models.IsErrUserNotExist(err) {
+ if user_model.IsErrUserNotExist(err) {
ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form)
log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
} else if user_model.IsErrEmailAlreadyUsed(err) {
ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSignIn, &form)
log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
- } else if models.IsErrUserProhibitLogin(err) {
+ } else if user_model.IsErrUserProhibitLogin(err) {
log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
- } else if models.IsErrUserInactive(err) {
+ } else if user_model.IsErrUserInactive(err) {
if setting.Service.RegisterEmailConfirm {
ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
ctx.HTML(http.StatusOK, TplActivate)
@@ -314,7 +314,7 @@ func TwoFactorPost(ctx *context.Context) {
if ok && twofa.LastUsedPasscode != form.Passcode {
remember := ctx.Session.Get("twofaRemember").(bool)
- u, err := models.GetUserByID(id)
+ u, err := user_model.GetUserByID(id)
if err != nil {
ctx.ServerError("UserSignIn", err)
return
@@ -398,7 +398,7 @@ func TwoFactorScratchPost(ctx *context.Context) {
}
remember := ctx.Session.Get("twofaRemember").(bool)
- u, err := models.GetUserByID(id)
+ u, err := user_model.GetUserByID(id)
if err != nil {
ctx.ServerError("UserSignIn", err)
return
@@ -495,7 +495,7 @@ func U2FSign(ctx *context.Context) {
newCounter, authErr := r.Authenticate(*signResp, *challenge, reg.Counter)
if authErr == nil {
reg.Counter = newCounter
- user, err := models.GetUserByID(id)
+ user, err := user_model.GetUserByID(id)
if err != nil {
ctx.ServerError("UserSignIn", err)
return
@@ -531,11 +531,11 @@ func U2FSign(ctx *context.Context) {
}
// This handles the final part of the sign-in process of the user.
-func handleSignIn(ctx *context.Context, u *models.User, remember bool) {
+func handleSignIn(ctx *context.Context, u *user_model.User, remember bool) {
handleSignInFull(ctx, u, remember, true)
}
-func handleSignInFull(ctx *context.Context, u *models.User, remember bool, obeyRedirect bool) string {
+func handleSignInFull(ctx *context.Context, u *user_model.User, remember bool, obeyRedirect bool) string {
if remember {
days := 86400 * setting.LogInRememberDays
ctx.SetCookie(setting.CookieUserName, u.Name, days)
@@ -565,7 +565,7 @@ func handleSignInFull(ctx *context.Context, u *models.User, remember bool, obeyR
// If the user does not have a locale set, we save the current one.
if len(u.Language) == 0 {
u.Language = ctx.Locale.Language()
- if err := models.UpdateUserCols(db.DefaultContext, u, "language"); err != nil {
+ if err := user_model.UpdateUserCols(db.DefaultContext, u, "language"); err != nil {
log.Error(fmt.Sprintf("Error updating user language [user: %d, locale: %s]", u.ID, u.Language))
return setting.AppSubURL + "/"
}
@@ -582,7 +582,7 @@ func handleSignInFull(ctx *context.Context, u *models.User, remember bool, obeyR
// Register last login
u.SetLastLogin()
- if err := models.UpdateUserCols(db.DefaultContext, u, "last_login_unix"); err != nil {
+ if err := user_model.UpdateUserCols(db.DefaultContext, u, "last_login_unix"); err != nil {
ctx.ServerError("UpdateUserCols", err)
return setting.AppSubURL + "/"
}
@@ -680,7 +680,7 @@ func SignInOAuthCallback(ctx *context.Context) {
ctx.ServerError("CreateUser", err)
return
}
- u = &models.User{
+ u = &user_model.User{
Name: getUserName(&gothUser),
FullName: gothUser.Name,
Email: gothUser.Email,
@@ -725,7 +725,7 @@ func showLinkingLogin(ctx *context.Context, gothUser goth.User) {
ctx.Redirect(setting.AppSubURL + "/user/link_account")
}
-func updateAvatarIfNeed(url string, u *models.User) {
+func updateAvatarIfNeed(url string, u *user_model.User) {
if setting.OAuth2Client.UpdateAvatar && len(url) > 0 {
resp, err := http.Get(url)
if err == nil {
@@ -743,7 +743,7 @@ func updateAvatarIfNeed(url string, u *models.User) {
}
}
-func handleOAuth2SignIn(ctx *context.Context, source *login.Source, u *models.User, gothUser goth.User) {
+func handleOAuth2SignIn(ctx *context.Context, source *login.Source, u *user_model.User, gothUser goth.User) {
updateAvatarIfNeed(gothUser.AvatarURL, u)
needs2FA := false
@@ -774,7 +774,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *login.Source, u *models.Us
// Register last login
u.SetLastLogin()
- if err := models.UpdateUserCols(db.DefaultContext, u, "last_login_unix"); err != nil {
+ if err := user_model.UpdateUserCols(db.DefaultContext, u, "last_login_unix"); err != nil {
ctx.ServerError("UpdateUserCols", err)
return
}
@@ -817,7 +817,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *login.Source, u *models.Us
// OAuth2UserLoginCallback attempts to handle the callback from the OAuth2 provider and if successful
// login the user
-func oAuth2UserLoginCallback(loginSource *login.Source, request *http.Request, response http.ResponseWriter) (*models.User, goth.User, error) {
+func oAuth2UserLoginCallback(loginSource *login.Source, request *http.Request, response http.ResponseWriter) (*user_model.User, goth.User, error) {
gothUser, err := loginSource.Cfg.(*oauth2.Source).Callback(request, response)
if err != nil {
if err.Error() == "securecookie: the value is too long" || strings.Contains(err.Error(), "Data too long") {
@@ -827,13 +827,13 @@ func oAuth2UserLoginCallback(loginSource *login.Source, request *http.Request, r
return nil, goth.User{}, err
}
- user := &models.User{
+ user := &user_model.User{
LoginName: gothUser.UserID,
LoginType: login.OAuth2,
LoginSource: loginSource.ID,
}
- hasUser, err := models.GetUser(user)
+ hasUser, err := user_model.GetUser(user)
if err != nil {
return nil, goth.User{}, err
}
@@ -852,7 +852,7 @@ func oAuth2UserLoginCallback(loginSource *login.Source, request *http.Request, r
return nil, goth.User{}, err
}
if hasUser {
- user, err = models.GetUserByID(externalLoginUser.UserID)
+ user, err = user_model.GetUserByID(externalLoginUser.UserID)
return user, gothUser, err
}
@@ -893,8 +893,8 @@ func LinkAccount(ctx *context.Context) {
ctx.Data["email"] = email
if len(email) != 0 {
- u, err := models.GetUserByEmail(email)
- if err != nil && !models.IsErrUserNotExist(err) {
+ u, err := user_model.GetUserByEmail(email)
+ if err != nil && !user_model.IsErrUserNotExist(err) {
ctx.ServerError("UserSignIn", err)
return
}
@@ -902,8 +902,8 @@ func LinkAccount(ctx *context.Context) {
ctx.Data["user_exists"] = true
}
} else if len(uname) != 0 {
- u, err := models.GetUserByName(uname)
- if err != nil && !models.IsErrUserNotExist(err) {
+ u, err := user_model.GetUserByName(uname)
+ if err != nil && !user_model.IsErrUserNotExist(err) {
ctx.ServerError("UserSignIn", err)
return
}
@@ -948,7 +948,7 @@ func LinkAccountPostSignIn(ctx *context.Context) {
u, _, err := auth.UserSignIn(signInForm.UserName, signInForm.Password)
if err != nil {
- if models.IsErrUserNotExist(err) {
+ if user_model.IsErrUserNotExist(err) {
ctx.Data["user_exists"] = true
ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplLinkAccount, &signInForm)
} else {
@@ -960,7 +960,7 @@ func LinkAccountPostSignIn(ctx *context.Context) {
linkAccount(ctx, u, gothUser.(goth.User), signInForm.Remember)
}
-func linkAccount(ctx *context.Context, u *models.User, gothUser goth.User, remember bool) {
+func linkAccount(ctx *context.Context, u *user_model.User, gothUser goth.User, remember bool) {
updateAvatarIfNeed(gothUser.AvatarURL, u)
// If this user is enrolled in 2FA, we can't sign the user in just yet.
@@ -1081,7 +1081,7 @@ func LinkAccountPostRegister(ctx *context.Context) {
}
if setting.Service.AllowOnlyExternalRegistration || !setting.Service.RequireExternalRegistrationPassword {
- // In models.User an empty password is classed as not set, so we set form.Password to empty.
+ // In user_model.User an empty password is classed as not set, so we set form.Password to empty.
// Eventually the database should be changed to indicate "Second Factor"-enabled accounts
// (accounts that do not introduce the security vulnerabilities of a password).
// If a user decides to circumvent second-factor security, and purposefully create a password,
@@ -1105,7 +1105,7 @@ func LinkAccountPostRegister(ctx *context.Context) {
ctx.ServerError("CreateUser", err)
}
- u := &models.User{
+ u := &user_model.User{
Name: form.UserName,
Email: form.Email,
Passwd: form.Password,
@@ -1249,7 +1249,7 @@ func SignUpPost(ctx *context.Context) {
return
}
- u := &models.User{
+ u := &user_model.User{
Name: form.UserName,
Email: form.Email,
Passwd: form.Password,
@@ -1268,7 +1268,7 @@ func SignUpPost(ctx *context.Context) {
// createAndHandleCreatedUser calls createUserInContext and
// then handleUserCreated.
-func createAndHandleCreatedUser(ctx *context.Context, tpl base.TplName, form interface{}, u *models.User, gothUser *goth.User, allowLink bool) bool {
+func createAndHandleCreatedUser(ctx *context.Context, tpl base.TplName, form interface{}, u *user_model.User, gothUser *goth.User, allowLink bool) bool {
if !createUserInContext(ctx, tpl, form, u, gothUser, allowLink) {
return false
}
@@ -1277,16 +1277,16 @@ func createAndHandleCreatedUser(ctx *context.Context, tpl base.TplName, form int
// createUserInContext creates a user and handles errors within a given context.
// Optionally a template can be specified.
-func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{}, u *models.User, gothUser *goth.User, allowLink bool) (ok bool) {
- if err := models.CreateUser(u); err != nil {
- if allowLink && (models.IsErrUserAlreadyExist(err) || user_model.IsErrEmailAlreadyUsed(err)) {
+func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{}, u *user_model.User, gothUser *goth.User, allowLink bool) (ok bool) {
+ if err := user_model.CreateUser(u); err != nil {
+ if allowLink && (user_model.IsErrUserAlreadyExist(err) || user_model.IsErrEmailAlreadyUsed(err)) {
if setting.OAuth2Client.AccountLinking == setting.OAuth2AccountLinkingAuto {
- var user *models.User
- user = &models.User{Name: u.Name}
- hasUser, err := models.GetUser(user)
+ var user *user_model.User
+ user = &user_model.User{Name: u.Name}
+ hasUser, err := user_model.GetUser(user)
if !hasUser || err != nil {
- user = &models.User{Email: u.Email}
- hasUser, err = models.GetUser(user)
+ user = &user_model.User{Email: u.Email}
+ hasUser, err = user_model.GetUser(user)
if !hasUser || err != nil {
ctx.ServerError("UserLinkAccount", err)
return
@@ -1310,7 +1310,7 @@ func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{
// handle error with template
switch {
- case models.IsErrUserAlreadyExist(err):
+ case user_model.IsErrUserAlreadyExist(err):
ctx.Data["Err_UserName"] = true
ctx.RenderWithErr(ctx.Tr("form.username_been_taken"), tpl, form)
case user_model.IsErrEmailAlreadyUsed(err):
@@ -1319,15 +1319,15 @@ func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{
case user_model.IsErrEmailInvalid(err):
ctx.Data["Err_Email"] = true
ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tpl, form)
- case models.IsErrNameReserved(err):
+ case db.IsErrNameReserved(err):
ctx.Data["Err_UserName"] = true
- ctx.RenderWithErr(ctx.Tr("user.form.name_reserved", err.(models.ErrNameReserved).Name), tpl, form)
- case models.IsErrNamePatternNotAllowed(err):
+ ctx.RenderWithErr(ctx.Tr("user.form.name_reserved", err.(db.ErrNameReserved).Name), tpl, form)
+ case db.IsErrNamePatternNotAllowed(err):
ctx.Data["Err_UserName"] = true
- ctx.RenderWithErr(ctx.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tpl, form)
- case models.IsErrNameCharsNotAllowed(err):
+ ctx.RenderWithErr(ctx.Tr("user.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), tpl, form)
+ case db.IsErrNameCharsNotAllowed(err):
ctx.Data["Err_UserName"] = true
- ctx.RenderWithErr(ctx.Tr("user.form.name_chars_not_allowed", err.(models.ErrNameCharsNotAllowed).Name), tpl, form)
+ ctx.RenderWithErr(ctx.Tr("user.form.name_chars_not_allowed", err.(db.ErrNameCharsNotAllowed).Name), tpl, form)
default:
ctx.ServerError("CreateUser", err)
}
@@ -1340,13 +1340,13 @@ func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{
// handleUserCreated does additional steps after a new user is created.
// It auto-sets admin for the only user, updates the optional external user and
// sends a confirmation email if required.
-func handleUserCreated(ctx *context.Context, u *models.User, gothUser *goth.User) (ok bool) {
+func handleUserCreated(ctx *context.Context, u *user_model.User, gothUser *goth.User) (ok bool) {
// Auto-set admin for the only user.
- if models.CountUsers() == 1 {
+ if user_model.CountUsers() == 1 {
u.IsAdmin = true
u.IsActive = true
u.SetLastLogin()
- if err := models.UpdateUserCols(db.DefaultContext, u, "is_admin", "is_active", "last_login_unix"); err != nil {
+ if err := user_model.UpdateUserCols(db.DefaultContext, u, "is_admin", "is_active", "last_login_unix"); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
@@ -1406,7 +1406,7 @@ func Activate(ctx *context.Context) {
return
}
- user := models.VerifyUserActiveCode(code)
+ user := user_model.VerifyUserActiveCode(code)
// if code is wrong
if user == nil {
ctx.Data["IsActivateFailed"] = true
@@ -1433,7 +1433,7 @@ func ActivatePost(ctx *context.Context) {
return
}
- user := models.VerifyUserActiveCode(code)
+ user := user_model.VerifyUserActiveCode(code)
// if code is wrong
if user == nil {
ctx.Data["IsActivateFailed"] = true
@@ -1460,15 +1460,15 @@ func ActivatePost(ctx *context.Context) {
handleAccountActivation(ctx, user)
}
-func handleAccountActivation(ctx *context.Context, user *models.User) {
+func handleAccountActivation(ctx *context.Context, user *user_model.User) {
user.IsActive = true
var err error
- if user.Rands, err = models.GetUserSalt(); err != nil {
+ if user.Rands, err = user_model.GetUserSalt(); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
- if err := models.UpdateUserCols(db.DefaultContext, user, "is_active", "rands"); err != nil {
- if models.IsErrUserNotExist(err) {
+ if err := user_model.UpdateUserCols(db.DefaultContext, user, "is_active", "rands"); err != nil {
+ if user_model.IsErrUserNotExist(err) {
ctx.NotFound("UpdateUserCols", err)
} else {
ctx.ServerError("UpdateUser", err)
@@ -1512,7 +1512,7 @@ func ActivateEmail(ctx *context.Context) {
log.Trace("Email activated: %s", email.Email)
ctx.Flash.Success(ctx.Tr("settings.add_email_success"))
- if u, err := models.GetUserByID(email.UID); err != nil {
+ if u, err := user_model.GetUserByID(email.UID); err != nil {
log.Warn("GetUserByID: %d", email.UID)
} else {
// Allow user to validate more emails
@@ -1556,9 +1556,9 @@ func ForgotPasswdPost(ctx *context.Context) {
email := ctx.FormString("email")
ctx.Data["Email"] = email
- u, err := models.GetUserByEmail(email)
+ u, err := user_model.GetUserByEmail(email)
if err != nil {
- if models.IsErrUserNotExist(err) {
+ if user_model.IsErrUserNotExist(err) {
ctx.Data["ResetPwdCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ResetPwdCodeLives, ctx.Locale.Language())
ctx.Data["IsResetSent"] = true
ctx.HTML(http.StatusOK, tplForgotPassword)
@@ -1592,7 +1592,7 @@ func ForgotPasswdPost(ctx *context.Context) {
ctx.HTML(http.StatusOK, tplForgotPassword)
}
-func commonResetPassword(ctx *context.Context) (*models.User, *login.TwoFactor) {
+func commonResetPassword(ctx *context.Context) (*user_model.User, *login.TwoFactor) {
code := ctx.FormString("code")
ctx.Data["Title"] = ctx.Tr("auth.reset_password")
@@ -1608,7 +1608,7 @@ func commonResetPassword(ctx *context.Context) (*models.User, *login.TwoFactor)
}
// Fail early, don't frustrate the user
- u := models.VerifyUserActiveCode(code)
+ u := user_model.VerifyUserActiveCode(code)
if u == nil {
ctx.Flash.Error(ctx.Tr("auth.invalid_code"))
return nil, nil
@@ -1718,7 +1718,7 @@ func ResetPasswdPost(ctx *context.Context) {
}
}
var err error
- if u.Rands, err = models.GetUserSalt(); err != nil {
+ if u.Rands, err = user_model.GetUserSalt(); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
@@ -1727,7 +1727,7 @@ func ResetPasswdPost(ctx *context.Context) {
return
}
u.MustChangePassword = false
- if err := models.UpdateUserCols(db.DefaultContext, u, "must_change_password", "passwd", "passwd_hash_algo", "rands", "salt"); err != nil {
+ if err := user_model.UpdateUserCols(db.DefaultContext, u, "must_change_password", "passwd", "passwd_hash_algo", "rands", "salt"); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
@@ -1803,7 +1803,7 @@ func MustChangePasswordPost(ctx *context.Context) {
u.MustChangePassword = false
- if err := models.UpdateUserCols(db.DefaultContext, u, "must_change_password", "passwd", "passwd_hash_algo", "salt"); err != nil {
+ if err := user_model.UpdateUserCols(db.DefaultContext, u, "must_change_password", "passwd", "passwd_hash_algo", "salt"); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-09 11:52:24 +0000