123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371 |
- // Copyright 2014 The Gogs Authors. All rights reserved.
- // Copyright 2020 The Gitea Authors.
- // Use of this source code is governed by a MIT-style
- // license that can be found in the LICENSE file.
-
- package admin
-
- import (
- "fmt"
- "net/http"
- "strconv"
- "strings"
-
- "code.gitea.io/gitea/models"
- "code.gitea.io/gitea/modules/base"
- "code.gitea.io/gitea/modules/context"
- auth "code.gitea.io/gitea/modules/forms"
- "code.gitea.io/gitea/modules/log"
- "code.gitea.io/gitea/modules/password"
- "code.gitea.io/gitea/modules/setting"
- "code.gitea.io/gitea/modules/web"
- "code.gitea.io/gitea/routers"
- router_user_setting "code.gitea.io/gitea/routers/user/setting"
- "code.gitea.io/gitea/services/mailer"
- )
-
- const (
- tplUsers base.TplName = "admin/user/list"
- tplUserNew base.TplName = "admin/user/new"
- tplUserEdit base.TplName = "admin/user/edit"
- )
-
- // Users show all the users
- func Users(ctx *context.Context) {
- ctx.Data["Title"] = ctx.Tr("admin.users")
- ctx.Data["PageIsAdmin"] = true
- ctx.Data["PageIsAdminUsers"] = true
-
- routers.RenderUserSearch(ctx, &models.SearchUserOptions{
- Type: models.UserTypeIndividual,
- ListOptions: models.ListOptions{
- PageSize: setting.UI.Admin.UserPagingNum,
- },
- SearchByEmail: true,
- }, tplUsers)
- }
-
- // NewUser render adding a new user page
- func NewUser(ctx *context.Context) {
- ctx.Data["Title"] = ctx.Tr("admin.users.new_account")
- ctx.Data["PageIsAdmin"] = true
- ctx.Data["PageIsAdminUsers"] = true
-
- ctx.Data["login_type"] = "0-0"
-
- sources, err := models.LoginSources()
- if err != nil {
- ctx.ServerError("LoginSources", err)
- return
- }
- ctx.Data["Sources"] = sources
-
- ctx.Data["CanSendEmail"] = setting.MailService != nil
- ctx.HTML(http.StatusOK, tplUserNew)
- }
-
- // NewUserPost response for adding a new user
- func NewUserPost(ctx *context.Context) {
- form := web.GetForm(ctx).(*auth.AdminCreateUserForm)
- ctx.Data["Title"] = ctx.Tr("admin.users.new_account")
- ctx.Data["PageIsAdmin"] = true
- ctx.Data["PageIsAdminUsers"] = true
-
- sources, err := models.LoginSources()
- if err != nil {
- ctx.ServerError("LoginSources", err)
- return
- }
- ctx.Data["Sources"] = sources
-
- ctx.Data["CanSendEmail"] = setting.MailService != nil
-
- if ctx.HasError() {
- ctx.HTML(http.StatusOK, tplUserNew)
- return
- }
-
- u := &models.User{
- Name: form.UserName,
- Email: form.Email,
- Passwd: form.Password,
- IsActive: true,
- LoginType: models.LoginPlain,
- }
-
- if len(form.LoginType) > 0 {
- fields := strings.Split(form.LoginType, "-")
- if len(fields) == 2 {
- lType, _ := strconv.ParseInt(fields[0], 10, 0)
- u.LoginType = models.LoginType(lType)
- u.LoginSource, _ = strconv.ParseInt(fields[1], 10, 64)
- u.LoginName = form.LoginName
- }
- }
- if u.LoginType == models.LoginNoType || u.LoginType == models.LoginPlain {
- if len(form.Password) < setting.MinPasswordLength {
- ctx.Data["Err_Password"] = true
- ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplUserNew, &form)
- return
- }
- if !password.IsComplexEnough(form.Password) {
- ctx.Data["Err_Password"] = true
- ctx.RenderWithErr(password.BuildComplexityError(ctx), tplUserNew, &form)
- return
- }
- pwned, err := password.IsPwned(ctx.Req.Context(), form.Password)
- if pwned {
- ctx.Data["Err_Password"] = true
- errMsg := ctx.Tr("auth.password_pwned")
- if err != nil {
- log.Error(err.Error())
- errMsg = ctx.Tr("auth.password_pwned_err")
- }
- ctx.RenderWithErr(errMsg, tplUserNew, &form)
- return
- }
- u.MustChangePassword = form.MustChangePassword
- }
- if err := models.CreateUser(u); err != nil {
- switch {
- case models.IsErrUserAlreadyExist(err):
- ctx.Data["Err_UserName"] = true
- ctx.RenderWithErr(ctx.Tr("form.username_been_taken"), tplUserNew, &form)
- case models.IsErrEmailAlreadyUsed(err):
- ctx.Data["Err_Email"] = true
- ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplUserNew, &form)
- case models.IsErrEmailInvalid(err):
- ctx.Data["Err_Email"] = true
- ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplUserNew, &form)
- case models.IsErrNameReserved(err):
- ctx.Data["Err_UserName"] = true
- ctx.RenderWithErr(ctx.Tr("user.form.name_reserved", err.(models.ErrNameReserved).Name), tplUserNew, &form)
- case models.IsErrNamePatternNotAllowed(err):
- ctx.Data["Err_UserName"] = true
- ctx.RenderWithErr(ctx.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tplUserNew, &form)
- case models.IsErrNameCharsNotAllowed(err):
- ctx.Data["Err_UserName"] = true
- ctx.RenderWithErr(ctx.Tr("user.form.name_chars_not_allowed", err.(models.ErrNameCharsNotAllowed).Name), tplUserNew, &form)
- default:
- ctx.ServerError("CreateUser", err)
- }
- return
- }
- log.Trace("Account created by admin (%s): %s", ctx.User.Name, u.Name)
-
- // Send email notification.
- if form.SendNotify {
- mailer.SendRegisterNotifyMail(u)
- }
-
- ctx.Flash.Success(ctx.Tr("admin.users.new_success", u.Name))
- ctx.Redirect(setting.AppSubURL + "/admin/users/" + fmt.Sprint(u.ID))
- }
-
- func prepareUserInfo(ctx *context.Context) *models.User {
- u, err := models.GetUserByID(ctx.ParamsInt64(":userid"))
- if err != nil {
- ctx.ServerError("GetUserByID", err)
- return nil
- }
- ctx.Data["User"] = u
-
- if u.LoginSource > 0 {
- ctx.Data["LoginSource"], err = models.GetLoginSourceByID(u.LoginSource)
- if err != nil {
- ctx.ServerError("GetLoginSourceByID", err)
- return nil
- }
- } else {
- ctx.Data["LoginSource"] = &models.LoginSource{}
- }
-
- sources, err := models.LoginSources()
- if err != nil {
- ctx.ServerError("LoginSources", err)
- return nil
- }
- ctx.Data["Sources"] = sources
-
- ctx.Data["TwoFactorEnabled"] = true
- _, err = models.GetTwoFactorByUID(u.ID)
- if err != nil {
- if !models.IsErrTwoFactorNotEnrolled(err) {
- ctx.ServerError("IsErrTwoFactorNotEnrolled", err)
- return nil
- }
- ctx.Data["TwoFactorEnabled"] = false
- }
-
- return u
- }
-
- // EditUser show editting user page
- func EditUser(ctx *context.Context) {
- ctx.Data["Title"] = ctx.Tr("admin.users.edit_account")
- ctx.Data["PageIsAdmin"] = true
- ctx.Data["PageIsAdminUsers"] = true
- ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation
- ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations
-
- prepareUserInfo(ctx)
- if ctx.Written() {
- return
- }
-
- ctx.HTML(http.StatusOK, tplUserEdit)
- }
-
- // EditUserPost response for editting user
- func EditUserPost(ctx *context.Context) {
- form := web.GetForm(ctx).(*auth.AdminEditUserForm)
- ctx.Data["Title"] = ctx.Tr("admin.users.edit_account")
- ctx.Data["PageIsAdmin"] = true
- ctx.Data["PageIsAdminUsers"] = true
- ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations
-
- u := prepareUserInfo(ctx)
- if ctx.Written() {
- return
- }
-
- if ctx.HasError() {
- ctx.HTML(http.StatusOK, tplUserEdit)
- return
- }
-
- fields := strings.Split(form.LoginType, "-")
- if len(fields) == 2 {
- loginType, _ := strconv.ParseInt(fields[0], 10, 0)
- loginSource, _ := strconv.ParseInt(fields[1], 10, 64)
-
- if u.LoginSource != loginSource {
- u.LoginSource = loginSource
- u.LoginType = models.LoginType(loginType)
- }
- }
-
- if len(form.Password) > 0 && (u.IsLocal() || u.IsOAuth2()) {
- var err error
- if len(form.Password) < setting.MinPasswordLength {
- ctx.Data["Err_Password"] = true
- ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplUserEdit, &form)
- return
- }
- if !password.IsComplexEnough(form.Password) {
- ctx.RenderWithErr(password.BuildComplexityError(ctx), tplUserEdit, &form)
- return
- }
- pwned, err := password.IsPwned(ctx.Req.Context(), form.Password)
- if pwned {
- ctx.Data["Err_Password"] = true
- errMsg := ctx.Tr("auth.password_pwned")
- if err != nil {
- log.Error(err.Error())
- errMsg = ctx.Tr("auth.password_pwned_err")
- }
- ctx.RenderWithErr(errMsg, tplUserNew, &form)
- return
- }
- if u.Salt, err = models.GetUserSalt(); err != nil {
- ctx.ServerError("UpdateUser", err)
- return
- }
- if err = u.SetPassword(form.Password); err != nil {
- ctx.ServerError("SetPassword", err)
- return
- }
- }
-
- if len(form.UserName) != 0 && u.Name != form.UserName {
- if err := router_user_setting.HandleUsernameChange(ctx, u, form.UserName); err != nil {
- ctx.Redirect(setting.AppSubURL + "/admin/users")
- return
- }
- u.Name = form.UserName
- u.LowerName = strings.ToLower(form.UserName)
- }
-
- if form.Reset2FA {
- tf, err := models.GetTwoFactorByUID(u.ID)
- if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {
- ctx.ServerError("GetTwoFactorByUID", err)
- return
- }
-
- if err = models.DeleteTwoFactorByID(tf.ID, u.ID); err != nil {
- ctx.ServerError("DeleteTwoFactorByID", err)
- return
- }
- }
-
- u.LoginName = form.LoginName
- u.FullName = form.FullName
- u.Email = form.Email
- u.Website = form.Website
- u.Location = form.Location
- u.MaxRepoCreation = form.MaxRepoCreation
- u.IsActive = form.Active
- u.IsAdmin = form.Admin
- u.IsRestricted = form.Restricted
- u.AllowGitHook = form.AllowGitHook
- u.AllowImportLocal = form.AllowImportLocal
- u.AllowCreateOrganization = form.AllowCreateOrganization
-
- // skip self Prohibit Login
- if ctx.User.ID == u.ID {
- u.ProhibitLogin = false
- } else {
- u.ProhibitLogin = form.ProhibitLogin
- }
-
- if err := models.UpdateUser(u); err != nil {
- if models.IsErrEmailAlreadyUsed(err) {
- ctx.Data["Err_Email"] = true
- ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplUserEdit, &form)
- } else if models.IsErrEmailInvalid(err) {
- ctx.Data["Err_Email"] = true
- ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplUserEdit, &form)
- } else {
- ctx.ServerError("UpdateUser", err)
- }
- return
- }
- log.Trace("Account profile updated by admin (%s): %s", ctx.User.Name, u.Name)
-
- ctx.Flash.Success(ctx.Tr("admin.users.update_profile_success"))
- ctx.Redirect(setting.AppSubURL + "/admin/users/" + ctx.Params(":userid"))
- }
-
- // DeleteUser response for deleting a user
- func DeleteUser(ctx *context.Context) {
- u, err := models.GetUserByID(ctx.ParamsInt64(":userid"))
- if err != nil {
- ctx.ServerError("GetUserByID", err)
- return
- }
-
- if err = models.DeleteUser(u); err != nil {
- switch {
- case models.IsErrUserOwnRepos(err):
- ctx.Flash.Error(ctx.Tr("admin.users.still_own_repo"))
- ctx.JSON(http.StatusOK, map[string]interface{}{
- "redirect": setting.AppSubURL + "/admin/users/" + ctx.Params(":userid"),
- })
- case models.IsErrUserHasOrgs(err):
- ctx.Flash.Error(ctx.Tr("admin.users.still_has_org"))
- ctx.JSON(http.StatusOK, map[string]interface{}{
- "redirect": setting.AppSubURL + "/admin/users/" + ctx.Params(":userid"),
- })
- default:
- ctx.ServerError("DeleteUser", err)
- }
- return
- }
- log.Trace("Account deleted by admin (%s): %s", ctx.User.Name, u.Name)
-
- ctx.Flash.Success(ctx.Tr("admin.users.deletion_success"))
- ctx.JSON(http.StatusOK, map[string]interface{}{
- "redirect": setting.AppSubURL + "/admin/users",
- })
- }
|