summaryrefslogtreecommitdiffstats
path: root/routers/web/auth
Commit message (Collapse)AuthorAgeFilesLines
* WebAuthn CredentialID field needs to be increased in size (#20530) (#20555)65432022-07-301-2/+1
| | | | | | | | | | | | | | WebAuthn have updated their specification to set the maximum size of the CredentialID to 1023 bytes. This is somewhat larger than our current size and therefore we need to migrate. The PR changes the struct to add CredentialIDBytes and migrates the CredentialID string to the bytes field before another migration drops the old CredentialID field. Another migration renames this field back. Fix #20457 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Catch the error before the response is processed by goth. (#20000) (#20102)SteveTheEngineer2022-06-241-12/+20
| | | | | | | The code introduced by #18185 gets the error from response after it was processed by goth. That is incorrect, as goth (and golang.org/x/oauth) doesn't really care about the error, and it sends a token request with an empty authorization code to the server anyway, which always results in a `oauth2: cannot fetch token: 400 Bad Request` error from goth. It means that unless the "state" parameter is omitted from the error response (which is required to be present, according to [RFC 6749, Section 4.1.2.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1)) or the page is reloaded (makes the session invalid), a 500 Internal Server Error page will be displayed. This fixes it by handling the error before the request is passed to goth.
* Use DisplayName() instead of FullName in Oauth provider (#19991)oGi4i2022-06-162-1/+20
| | | | | Use DisplayName() in Oauth as this provides a fallback if FullName is not set. Closes #19382
* Adding button to link accounts from user settings (#19792)Mai-Lapyst2022-05-291-1/+11
| | | | | * Adding button to link accounts from user settings * Only display button to link user accounts when at least one OAuth2 provider is active
* Prevent NPE when cache service is disabled (#19703)zeripath2022-05-212-9/+15
| | | | | | | | | | | | | | The cache service can be disabled - at which point ctx.Cache will be nil and the use of it will cause an NPE. The main part of this PR is that the cache is used for restricting resending of activation mails and without this we cache we cannot restrict this. Whilst this code could be re-considered to use the db and probably should be, I think we can simply disable this code in the case that the cache is disabled. There are also several bug fixes in the /nodeinfo API endpoint. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move almost all functions' parameter db.Engine to context.Context (#19748)Lunny Xiao2022-05-205-27/+29
| | | | * Move almost all functions' parameter db.Engine to context.Context * remove some unnecessary wrap functions
* Federation: return useful statistic information for nodeinfo (#19561)65432022-05-021-1/+1
| | | Add statistic information for total user count, active user count, issue count and comment count for `/nodeinfo`
* Respect DefaultUserIsRestricted system default when creating new user (#19310)Jimmy Praet2022-04-294-26/+25
| | | | | | | | | | | | | | | | | | | * Apply DefaultUserIsRestricted in CreateUser * Enforce system defaults in CreateUser Allow for overwrites with CreateUserOverwriteOptions * Fix compilation errors * Add "restricted" option to create user command * Add "restricted" option to create user admin api * Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed * Revert "Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed" This reverts commit ee95d3e8dc9e9fff4fa66a5111e4d3930280e033.
* Use a struct as test options (#19393)Lunny Xiao2022-04-141-1/+3
| | | | | | | * Use a struct as test options * Fix name * Fix test
* Refactor CSRF protection modules, make sure CSRF tokens can be up-to-date. ↵wxiaoguang2022-04-082-2/+2
| | | | | | (#19337) Do a refactoring to the CSRF related code, remove most unnecessary functions. Parse the generated token's issue time, regenerate the token every a few minutes.
* Update HTTP status codes to modern codes (#18063)KN4CK3R2022-03-232-6/+6
| | | | | | * 2xx/3xx/4xx/5xx -> http.Status... * http.StatusFound -> http.StatusTemporaryRedirect * http.StatusMovedPermanently -> http.StatusPermanentRedirect
* Use `ctx` instead of `db.DefaultContext` in some ↵wxiaoguang2022-03-223-11/+9
| | | | | | | | | | | | packages(routers/services/modules) (#19163) * Remove `db.DefaultContext` usage in routers, use `ctx` directly * Use `ctx` directly if there is one, remove some `db.DefaultContext` in `services` * Use ctx instead of db.DefaultContext for `cmd` and some `modules` packages * fix incorrect context usage
* Renamed ctx.User to ctx.Doer. (#19161)KN4CK3R2022-03-223-20/+20
| | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Do not send activation email if manual confirm is set (#19119)zeripath2022-03-181-0/+6
| | | | | | | | | | If the mailer is configured then even if Manual confirm is set an activation email is still being sent because `handleUserCreated` is not checking for this case. Fix #17263 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Handle email address not exist. (#19089)KN4CK3R2022-03-151-1/+1
|
* Restrict email address validation (#17688)Lunny Xiao2022-03-141-0/+3
| | | This didn't follow the RFC but it's a subset of that. I think we should narrow the allowed chars at first and discuss more possibility in future PRs.
* Prevent panic on prohibited user login with oauth2 (#18562)zeripath2022-02-031-1/+1
| | | | | | | | | | | There was an unfortunate regression in #17962 where following detection of the UserProhibitLogin error the err is cast to a pointer by mistake. This causes a panic due to an interface error. Fix #18561 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix OAuth Source Edit Page (#18495)zeripath2022-01-311-0/+4
| | | | | | | | * Fix OAuth Source Edit Page to ensure restricted and group settings are set * Also tolerate []interface in the groups Fix #18432 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Use base32 for 2FA scratch token (#18384)wxiaoguang2022-01-261-1/+1
| | | | * Use base32 for 2FA scratch token * rename Secure* to Crypto*, add comments
* Refactor jwt.StandardClaims to RegisteredClaims (#18344)zeripath2022-01-201-14/+10
| | | | | | | | | | | | | | | * Refactor jwt.StandardClaims to RegisteredClaims go-jwt/jwt has deprecated the StandardClaims interface to use RegisteredClaims instead. This PR migrates to use this new format. Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Gusted <williamzijl7@hotmail.com>
* format with gofumpt (#18184)65432022-01-205-11/+6
| | | | | | | | | | | * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
* Enable deprecation error for v1.17.0 (#18341)Gusted2022-01-201-0/+1
| | | Co-authored-by: Andrew Thornton <art27@cantab.net>
* Fix incorrect OAuth message (#18332)wxiaoguang2022-01-191-1/+1
| | | | | As the title, Fix #18327
* Webauthn nits (#18284)zeripath2022-01-151-2/+2
| | | | | | | This contains some additional fixes and small nits related to #17957 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Support webauthn (#17957)Lunny Xiao2022-01-146-155/+192
| | | | | | | Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Show OAuth callback error message (#18185)KN4CK3R2022-01-071-1/+35
| | | | | | | | | | | * Show callback error message. * lint * Use error code to display a message. Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor auth package (#17962)Lunny Xiao2022-01-029-0/+3416
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-23 16:49:39 +0000