mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9795 Commits
17 Branches
Tree: c5b08f6d5a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c5b08f6d5a'
${ noResults }
gitea/modules/context/auth.go

auth.go 4.1KB
Raw Normal View History

move templateFuncs to one file, add middleware context.
10 years ago
API OTP Context (#6674) * API OTP Context * Update api.go * token * token * fix per discord * copyright header * remove check for token in OTP * Update auth.go * simplify * Update api.go
5 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Rename module: middleware -> context
8 years ago
move templateFuncs to one file, add middleware context.
10 years ago
API OTP Context (#6674) * API OTP Context * Update api.go * token * token * fix per discord * copyright header * remove check for token in OTP * Update auth.go * simplify * Update api.go
5 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
7 years ago
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
5 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
7 years ago
Use gitea forked macaron (#7933) Signed-off-by: Tamal Saha <tamal@appscode.com>
4 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Golint fixed for modules/context
7 years ago
add csrf check
10 years ago
Rename module: middleware -> context
8 years ago
Show owner/poster tags of comments and fix #1312
9 years ago
Golint fixed for modules/context
7 years ago
New UI merge in progress
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
Clean api code
10 years ago
Fixed #209
10 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
7 years ago
Fix install bugs
10 years ago
#2937 able to prohibit user login
8 years ago
Force user to change password (#4489) * redirect to login page after successfully activating account * force users to change password if account was created by an admin * force users to change password if account was created by an admin * fixed build * fixed build * fix pending issues with translation and wrong routes * make sure path check is safe * remove unneccessary newline * make sure users that don't have to view the form get redirected * move route to use /settings prefix so as to make sure unauthenticated users can't view the page * update as per @lafriks review * add necessary comment * remove unrelated changes * support redirecting to location the user actually want to go to before being forced to change his/her password * run make fmt * added tests * improve assertions * add assertion * fix copyright year Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
5 years ago
Fix prohibit login check on authorization (#6106) * fix bug prohibit login not applied on dashboard * fix tests * fix bug user status leak * fix typo * return after render
5 years ago
Force user to change password (#4489) * redirect to login page after successfully activating account * force users to change password if account was created by an admin * force users to change password if account was created by an admin * fixed build * fixed build * fix pending issues with translation and wrong routes * make sure path check is safe * remove unneccessary newline * make sure users that don't have to view the form get redirected * move route to use /settings prefix so as to make sure unauthenticated users can't view the page * update as per @lafriks review * add necessary comment * remove unrelated changes * support redirecting to location the user actually want to go to before being forced to change his/her password * run make fmt * added tests * improve assertions * add assertion * fix copyright year Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
5 years ago
fix display dashboard even if require to change password (#6214) * fix display dashboard even if require to change password * fix comments
5 years ago
When must change password only show Signout (#11600) When "Must Change Password" simplify the navbar header to only show the signout button as all other links will redirect back. This prevents the notifications icon from showing preventing initialization of the event-source and hence preventing redirect_to being set, however in addition do not set the redirect_to cookie if we are looking at the /user/events page. Fix #11554 Signed-off-by: Andrew Thornton <art27@cantab.net>
4 years ago
fix display dashboard even if require to change password (#6214) * fix display dashboard even if require to change password * fix comments
5 years ago
Force user to change password (#4489) * redirect to login page after successfully activating account * force users to change password if account was created by an admin * force users to change password if account was created by an admin * fixed build * fixed build * fix pending issues with translation and wrong routes * make sure path check is safe * remove unneccessary newline * make sure users that don't have to view the form get redirected * move route to use /settings prefix so as to make sure unauthenticated users can't view the page * update as per @lafriks review * add necessary comment * remove unrelated changes * support redirecting to location the user actually want to go to before being forced to change his/her password * run make fmt * added tests * improve assertions * add assertion * fix copyright year Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
5 years ago
#2937 able to prohibit user login
8 years ago
Clean api code
10 years ago
Use Req.URL.RequestURI() to cope with FCGI urls (#9473) * Use Req.URL.RequestURI() to cope with FCGI urls * Add debug logging statement when forbidden in internal API.
4 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
7 years ago
Work on admin
10 years ago
Rename module: middleware -> context
8 years ago
Convert captcha, cache, csrf as middlewares
10 years ago
add csrf check
10 years ago
Rename module: middleware -> context
8 years ago
add csrf check
10 years ago
#1128: API calls are not hidden behind sign in
9 years ago
Convert all API handers to use *context.APIContext
8 years ago
#1128: API calls are not hidden behind sign in
9 years ago
Use Req.URL.RequestURI() to cope with FCGI urls (#9473) * Use Req.URL.RequestURI() to cope with FCGI urls * Add debug logging statement when forbidden in internal API.
4 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
7 years ago
add csrf check
10 years ago
Fixed #209
10 years ago
Finish new reset password, etc.
10 years ago
Fix #425
9 years ago
add csrf check
10 years ago
API OTP Context (#6674) * API OTP Context * Update api.go * token * token * fix per discord * copyright header * remove check for token in OTP * Update auth.go * simplify * Update api.go
5 years ago
add csrf check
10 years ago
Rename module: middleware -> context
8 years ago
#1891 attempt to fix expected invalid CSRF token - Remove unused config settings `[picture] service`
8 years ago
Use Req.URL.RequestURI() to cope with FCGI urls (#9473) * Use Req.URL.RequestURI() to cope with FCGI urls * Add debug logging statement when forbidden in internal API.
4 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
7 years ago
#2748 fix redirect loop with auto-signin
8 years ago
work on #1891
8 years ago
Rename module: middleware -> context
8 years ago
add csrf check
10 years ago
Fix SSH key bug in windows
10 years ago
move templateFuncs to one file, add middleware context.
10 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2019 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package context

  7. 

  8. import (

  9. 	"code.gitea.io/gitea/models"

  10. 	"code.gitea.io/gitea/modules/auth"

  11. 	"code.gitea.io/gitea/modules/log"

  12. 	"code.gitea.io/gitea/modules/setting"

  13. 

  14. 	"gitea.com/macaron/csrf"

  15. 	"gitea.com/macaron/macaron"

  16. )

  17. 

  18. // ToggleOptions contains required or check options

  19. type ToggleOptions struct {

  20. 	SignInRequired  bool

  21. 	SignOutRequired bool

  22. 	AdminRequired   bool

  23. 	DisableCSRF     bool

  24. }

  25. 

  26. // Toggle returns toggle options as middleware

  27. func Toggle(options *ToggleOptions) macaron.Handler {

  28. 	return func(ctx *Context) {

  29. 		// Cannot view any page before installation.

  30. 		if !setting.InstallLock {

  31. 			ctx.Redirect(setting.AppSubURL + "/install")

  32. 			return

  33. 		}

  34. 

  35. 		// Check prohibit login users.

  36. 		if ctx.IsSigned {

  37. 			if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {

  38. 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")

  39. 				ctx.HTML(200, "user/auth/activate")

  40. 				return

  41. 			} else if !ctx.User.IsActive || ctx.User.ProhibitLogin {

  42. 				log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())

  43. 				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")

  44. 				ctx.HTML(200, "user/auth/prohibit_login")

  45. 				return

  46. 			}

  47. 

  48. 			if ctx.User.MustChangePassword {

  49. 				if ctx.Req.URL.Path != "/user/settings/change_password" {

  50. 					ctx.Data["Title"] = ctx.Tr("auth.must_change_password")

  51. 					ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"

  52. 					if ctx.Req.URL.Path != "/user/events" {

  53. 						ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)

  54. 					}

  55. 					ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")

  56. 					return

  57. 				}

  58. 			} else if ctx.Req.URL.Path == "/user/settings/change_password" {

  59. 				// make sure that the form cannot be accessed by users who don't need this

  60. 				ctx.Redirect(setting.AppSubURL + "/")

  61. 				return

  62. 			}

  63. 		}

  64. 

  65. 		// Redirect to dashboard if user tries to visit any non-login page.

  66. 		if options.SignOutRequired && ctx.IsSigned && ctx.Req.URL.RequestURI() != "/" {

  67. 			ctx.Redirect(setting.AppSubURL + "/")

  68. 			return

  69. 		}

  70. 

  71. 		if !options.SignOutRequired && !options.DisableCSRF && ctx.Req.Method == "POST" && !auth.IsAPIPath(ctx.Req.URL.Path) {

  72. 			csrf.Validate(ctx.Context, ctx.csrf)

  73. 			if ctx.Written() {

  74. 				return

  75. 			}

  76. 		}

  77. 

  78. 		if options.SignInRequired {

  79. 			if !ctx.IsSigned {

  80. 				// Restrict API calls with error message.

  81. 				if auth.IsAPIPath(ctx.Req.URL.Path) {

  82. 					ctx.JSON(403, map[string]string{

  83. 						"message": "Only signed in user is allowed to call APIs.",

  84. 					})

  85. 					return

  86. 				}

  87. 

  88. 				ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)

  89. 				ctx.Redirect(setting.AppSubURL + "/user/login")

  90. 				return

  91. 			} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {

  92. 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")

  93. 				ctx.HTML(200, "user/auth/activate")

  94. 				return

  95. 			}

  96. 			if ctx.IsSigned && auth.IsAPIPath(ctx.Req.URL.Path) && ctx.IsBasicAuth {

  97. 				twofa, err := models.GetTwoFactorByUID(ctx.User.ID)

  98. 				if err != nil {

  99. 					if models.IsErrTwoFactorNotEnrolled(err) {

  100. 						return // No 2FA enrollment for this user

  101. 					}

  102. 					ctx.Error(500)

  103. 					return

  104. 				}

  105. 				otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")

  106. 				ok, err := twofa.ValidateTOTP(otpHeader)

  107. 				if err != nil {

  108. 					ctx.Error(500)

  109. 					return

  110. 				}

  111. 				if !ok {

  112. 					ctx.JSON(403, map[string]string{

  113. 						"message": "Only signed in user is allowed to call APIs.",

  114. 					})

  115. 					return

  116. 				}

  117. 			}

  118. 		}

  119. 

  120. 		// Redirect to log in page if auto-signin info is provided and has not signed in.

  121. 		if !options.SignOutRequired && !ctx.IsSigned && !auth.IsAPIPath(ctx.Req.URL.Path) &&

  122. 			len(ctx.GetCookie(setting.CookieUserName)) > 0 {

  123. 			ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)

  124. 			ctx.Redirect(setting.AppSubURL + "/user/login")

  125. 			return

  126. 		}

  127. 

  128. 		if options.AdminRequired {

  129. 			if !ctx.User.IsAdmin {

  130. 				ctx.Error(403)

  131. 				return

  132. 			}

  133. 			ctx.Data["PageIsAdmin"] = true

  134. 		}

  135. 	}

  136. }