From 126ba796dcc9ccdf9c25ed7d441786478be2825b Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Thu, 13 Sep 2018 13:04:25 +0100 Subject: Force user to change password (#4489) * redirect to login page after successfully activating account * force users to change password if account was created by an admin * force users to change password if account was created by an admin * fixed build * fixed build * fix pending issues with translation and wrong routes * make sure path check is safe * remove unneccessary newline * make sure users that don't have to view the form get redirected * move route to use /settings prefix so as to make sure unauthenticated users can't view the page * update as per @lafriks review * add necessary comment * remove unrelated changes * support redirecting to location the user actually want to go to before being forced to change his/her password * run make fmt * added tests * improve assertions * add assertion * fix copyright year Signed-off-by: Lanre Adelowo --- models/migrations/migrations.go | 2 ++ models/migrations/v73.go | 19 +++++++++++++++++++ models/user.go | 29 +++++++++++++++++------------ 3 files changed, 38 insertions(+), 12 deletions(-) create mode 100644 models/migrations/v73.go (limited to 'models') diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index 15bb0723c0..6ac5004eb1 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -198,6 +198,8 @@ var migrations = []Migration{ NewMigration("protect each scratch token", addScratchHash), // v72 -> v73 NewMigration("add review", addReview), + // v73 -> v74 + NewMigration("add must_change_password column for users table", addMustChangePassword), } // Migrate database to current version diff --git a/models/migrations/v73.go b/models/migrations/v73.go new file mode 100644 index 0000000000..1265b4519e --- /dev/null +++ b/models/migrations/v73.go @@ -0,0 +1,19 @@ +// Copyright 2018 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package migrations + +import ( + "github.com/go-xorm/xorm" +) + +func addMustChangePassword(x *xorm.Engine) error { + // User see models/user.go + type User struct { + ID int64 `xorm:"pk autoincr"` + MustChangePassword bool `xorm:"NOT NULL DEFAULT false"` + } + + return x.Sync2(new(User)) +} diff --git a/models/user.go b/models/user.go index 11cbdb2f45..01c7f50489 100644 --- a/models/user.go +++ b/models/user.go @@ -83,18 +83,23 @@ type User struct { Email string `xorm:"NOT NULL"` KeepEmailPrivate bool Passwd string `xorm:"NOT NULL"` - LoginType LoginType - LoginSource int64 `xorm:"NOT NULL DEFAULT 0"` - LoginName string - Type UserType - OwnedOrgs []*User `xorm:"-"` - Orgs []*User `xorm:"-"` - Repos []*Repository `xorm:"-"` - Location string - Website string - Rands string `xorm:"VARCHAR(10)"` - Salt string `xorm:"VARCHAR(10)"` - Language string `xorm:"VARCHAR(5)"` + + // MustChangePassword is an attribute that determines if a user + // is to change his/her password after registration. + MustChangePassword bool `xorm:"NOT NULL DEFAULT false"` + + LoginType LoginType + LoginSource int64 `xorm:"NOT NULL DEFAULT 0"` + LoginName string + Type UserType + OwnedOrgs []*User `xorm:"-"` + Orgs []*User `xorm:"-"` + Repos []*Repository `xorm:"-"` + Location string + Website string + Rands string `xorm:"VARCHAR(10)"` + Salt string `xorm:"VARCHAR(10)"` + Language string `xorm:"VARCHAR(5)"` CreatedUnix util.TimeStamp `xorm:"INDEX created"` UpdatedUnix util.TimeStamp `xorm:"INDEX updated"` -- cgit v1.2.3