mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5187 Commits
17 Branches
Tree: 8371f94d06
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8371f94d06'
${ noResults }
gitea/routers/user/setting.go

setting.go 22KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package user

  6. 

  7. import (

  8. 	"bytes"

  9. 	"errors"

  10. 	"fmt"

  11. 	"io/ioutil"

  12. 	"strings"

  13. 

  14. 	"github.com/Unknwon/com"

  15. 	"github.com/pquerna/otp"

  16. 	"github.com/pquerna/otp/totp"

  17. 

  18. 	"encoding/base64"

  19. 	"html/template"

  20. 	"image/png"

  21. 

  22. 	"code.gitea.io/gitea/models"

  23. 	"code.gitea.io/gitea/modules/auth"

  24. 	"code.gitea.io/gitea/modules/base"

  25. 	"code.gitea.io/gitea/modules/context"

  26. 	"code.gitea.io/gitea/modules/log"

  27. 	"code.gitea.io/gitea/modules/setting"

  28. )

  29. 

  30. const (

  31. 	tplSettingsProfile      base.TplName = "user/settings/profile"

  32. 	tplSettingsAvatar       base.TplName = "user/settings/avatar"

  33. 	tplSettingsPassword     base.TplName = "user/settings/password"

  34. 	tplSettingsEmails       base.TplName = "user/settings/email"

  35. 	tplSettingsKeys         base.TplName = "user/settings/keys"

  36. 	tplSettingsSocial       base.TplName = "user/settings/social"

  37. 	tplSettingsApplications base.TplName = "user/settings/applications"

  38. 	tplSettingsTwofa        base.TplName = "user/settings/twofa"

  39. 	tplSettingsTwofaEnroll  base.TplName = "user/settings/twofa_enroll"

  40. 	tplSettingsAccountLink  base.TplName = "user/settings/account_link"

  41. 	tplSettingsDelete       base.TplName = "user/settings/delete"

  42. 	tplSecurity             base.TplName = "user/security"

  43. )

  44. 

  45. // Settings render user's profile page

  46. func Settings(ctx *context.Context) {

  47. 	ctx.Data["Title"] = ctx.Tr("settings")

  48. 	ctx.Data["PageIsSettingsProfile"] = true

  49. 	ctx.HTML(200, tplSettingsProfile)

  50. }

  51. 

  52. func handleUsernameChange(ctx *context.Context, newName string) {

  53. 	// Non-local users are not allowed to change their username.

  54. 	if len(newName) == 0 || !ctx.User.IsLocal() {

  55. 		return

  56. 	}

  57. 

  58. 	// Check if user name has been changed

  59. 	if ctx.User.LowerName != strings.ToLower(newName) {

  60. 		if err := models.ChangeUserName(ctx.User, newName); err != nil {

  61. 			switch {

  62. 			case models.IsErrUserAlreadyExist(err):

  63. 				ctx.Flash.Error(ctx.Tr("newName_been_taken"))

  64. 				ctx.Redirect(setting.AppSubURL + "/user/settings")

  65. 			case models.IsErrEmailAlreadyUsed(err):

  66. 				ctx.Flash.Error(ctx.Tr("form.email_been_used"))

  67. 				ctx.Redirect(setting.AppSubURL + "/user/settings")

  68. 			case models.IsErrNameReserved(err):

  69. 				ctx.Flash.Error(ctx.Tr("user.newName_reserved"))

  70. 				ctx.Redirect(setting.AppSubURL + "/user/settings")

  71. 			case models.IsErrNamePatternNotAllowed(err):

  72. 				ctx.Flash.Error(ctx.Tr("user.newName_pattern_not_allowed"))

  73. 				ctx.Redirect(setting.AppSubURL + "/user/settings")

  74. 			default:

  75. 				ctx.Handle(500, "ChangeUserName", err)

  76. 			}

  77. 			return

  78. 		}

  79. 		log.Trace("User name changed: %s -> %s", ctx.User.Name, newName)

  80. 	}

  81. 

  82. 	// In case it's just a case change

  83. 	ctx.User.Name = newName

  84. 	ctx.User.LowerName = strings.ToLower(newName)

  85. }

  86. 

  87. // SettingsPost response for change user's profile

  88. func SettingsPost(ctx *context.Context, form auth.UpdateProfileForm) {

  89. 	ctx.Data["Title"] = ctx.Tr("settings")

  90. 	ctx.Data["PageIsSettingsProfile"] = true

  91. 

  92. 	if ctx.HasError() {

  93. 		ctx.HTML(200, tplSettingsProfile)

  94. 		return

  95. 	}

  96. 

  97. 	handleUsernameChange(ctx, form.Name)

  98. 	if ctx.Written() {

  99. 		return

  100. 	}

  101. 

  102. 	ctx.User.FullName = form.FullName

  103. 	ctx.User.Email = form.Email

  104. 	ctx.User.KeepEmailPrivate = form.KeepEmailPrivate

  105. 	ctx.User.Website = form.Website

  106. 	ctx.User.Location = form.Location

  107. 	if err := models.UpdateUserSetting(ctx.User); err != nil {

  108. 		if _, ok := err.(models.ErrEmailAlreadyUsed); ok {

  109. 			ctx.Flash.Error(ctx.Tr("form.email_been_used"))

  110. 			ctx.Redirect(setting.AppSubURL + "/user/settings")

  111. 			return

  112. 		}

  113. 		ctx.Handle(500, "UpdateUser", err)

  114. 		return

  115. 	}

  116. 

  117. 	log.Trace("User settings updated: %s", ctx.User.Name)

  118. 	ctx.Flash.Success(ctx.Tr("settings.update_profile_success"))

  119. 	ctx.Redirect(setting.AppSubURL + "/user/settings")

  120. }

  121. 

  122. // UpdateAvatarSetting update user's avatar

  123. // FIXME: limit size.

  124. func UpdateAvatarSetting(ctx *context.Context, form auth.AvatarForm, ctxUser *models.User) error {

  125. 	ctxUser.UseCustomAvatar = form.Source == auth.AvatarLocal

  126. 	if len(form.Gravatar) > 0 {

  127. 		ctxUser.Avatar = base.EncodeMD5(form.Gravatar)

  128. 		ctxUser.AvatarEmail = form.Gravatar

  129. 	}

  130. 

  131. 	if form.Avatar != nil {

  132. 		fr, err := form.Avatar.Open()

  133. 		if err != nil {

  134. 			return fmt.Errorf("Avatar.Open: %v", err)

  135. 		}

  136. 		defer fr.Close()

  137. 

  138. 		data, err := ioutil.ReadAll(fr)

  139. 		if err != nil {

  140. 			return fmt.Errorf("ioutil.ReadAll: %v", err)

  141. 		}

  142. 		if !base.IsImageFile(data) {

  143. 			return errors.New(ctx.Tr("settings.uploaded_avatar_not_a_image"))

  144. 		}

  145. 		if err = ctxUser.UploadAvatar(data); err != nil {

  146. 			return fmt.Errorf("UploadAvatar: %v", err)

  147. 		}

  148. 	} else {

  149. 		// No avatar is uploaded but setting has been changed to enable,

  150. 		// generate a random one when needed.

  151. 		if ctxUser.UseCustomAvatar && !com.IsFile(ctxUser.CustomAvatarPath()) {

  152. 			if err := ctxUser.GenerateRandomAvatar(); err != nil {

  153. 				log.Error(4, "GenerateRandomAvatar[%d]: %v", ctxUser.ID, err)

  154. 			}

  155. 		}

  156. 	}

  157. 

  158. 	if err := models.UpdateUser(ctxUser); err != nil {

  159. 		return fmt.Errorf("UpdateUser: %v", err)

  160. 	}

  161. 

  162. 	return nil

  163. }

  164. 

  165. // SettingsAvatar render user avatar page

  166. func SettingsAvatar(ctx *context.Context) {

  167. 	ctx.Data["Title"] = ctx.Tr("settings")

  168. 	ctx.Data["PageIsSettingsAvatar"] = true

  169. 	ctx.HTML(200, tplSettingsAvatar)

  170. }

  171. 

  172. // SettingsAvatarPost response for change user's avatar request

  173. func SettingsAvatarPost(ctx *context.Context, form auth.AvatarForm) {

  174. 	if err := UpdateAvatarSetting(ctx, form, ctx.User); err != nil {

  175. 		ctx.Flash.Error(err.Error())

  176. 	} else {

  177. 		ctx.Flash.Success(ctx.Tr("settings.update_avatar_success"))

  178. 	}

  179. 

  180. 	ctx.Redirect(setting.AppSubURL + "/user/settings/avatar")

  181. }

  182. 

  183. // SettingsDeleteAvatar render delete avatar page

  184. func SettingsDeleteAvatar(ctx *context.Context) {

  185. 	if err := ctx.User.DeleteAvatar(); err != nil {

  186. 		ctx.Flash.Error(err.Error())

  187. 	}

  188. 

  189. 	ctx.Redirect(setting.AppSubURL + "/user/settings/avatar")

  190. }

  191. 

  192. // SettingsPassword render change user's password page

  193. func SettingsPassword(ctx *context.Context) {

  194. 	ctx.Data["Title"] = ctx.Tr("settings")

  195. 	ctx.Data["PageIsSettingsPassword"] = true

  196. 	ctx.Data["Email"] = ctx.User.Email

  197. 	ctx.HTML(200, tplSettingsPassword)

  198. }

  199. 

  200. // SettingsPasswordPost response for change user's password

  201. func SettingsPasswordPost(ctx *context.Context, form auth.ChangePasswordForm) {

  202. 	ctx.Data["Title"] = ctx.Tr("settings")

  203. 	ctx.Data["PageIsSettingsPassword"] = true

  204. 	ctx.Data["PageIsSettingsDelete"] = true

  205. 

  206. 	if ctx.HasError() {

  207. 		ctx.HTML(200, tplSettingsPassword)

  208. 		return

  209. 	}

  210. 

  211. 	if ctx.User.IsPasswordSet() && !ctx.User.ValidatePassword(form.OldPassword) {

  212. 		ctx.Flash.Error(ctx.Tr("settings.password_incorrect"))

  213. 	} else if form.Password != form.Retype {

  214. 		ctx.Flash.Error(ctx.Tr("form.password_not_match"))

  215. 	} else {

  216. 		ctx.User.Passwd = form.Password

  217. 		var err error

  218. 		if ctx.User.Salt, err = models.GetUserSalt(); err != nil {

  219. 			ctx.Handle(500, "UpdateUser", err)

  220. 			return

  221. 		}

  222. 		ctx.User.EncodePasswd()

  223. 		if err := models.UpdateUser(ctx.User); err != nil {

  224. 			ctx.Handle(500, "UpdateUser", err)

  225. 			return

  226. 		}

  227. 		log.Trace("User password updated: %s", ctx.User.Name)

  228. 		ctx.Flash.Success(ctx.Tr("settings.change_password_success"))

  229. 	}

  230. 

  231. 	ctx.Redirect(setting.AppSubURL + "/user/settings/password")

  232. }

  233. 

  234. // SettingsEmails render user's emails page

  235. func SettingsEmails(ctx *context.Context) {

  236. 	ctx.Data["Title"] = ctx.Tr("settings")

  237. 	ctx.Data["PageIsSettingsEmails"] = true

  238. 

  239. 	emails, err := models.GetEmailAddresses(ctx.User.ID)

  240. 	if err != nil {

  241. 		ctx.Handle(500, "GetEmailAddresses", err)

  242. 		return

  243. 	}

  244. 	ctx.Data["Emails"] = emails

  245. 

  246. 	ctx.HTML(200, tplSettingsEmails)

  247. }

  248. 

  249. // SettingsEmailPost response for change user's email

  250. func SettingsEmailPost(ctx *context.Context, form auth.AddEmailForm) {

  251. 	ctx.Data["Title"] = ctx.Tr("settings")

  252. 	ctx.Data["PageIsSettingsEmails"] = true

  253. 

  254. 	// Make emailaddress primary.

  255. 	if ctx.Query("_method") == "PRIMARY" {

  256. 		if err := models.MakeEmailPrimary(&models.EmailAddress{ID: ctx.QueryInt64("id")}); err != nil {

  257. 			ctx.Handle(500, "MakeEmailPrimary", err)

  258. 			return

  259. 		}

  260. 

  261. 		log.Trace("Email made primary: %s", ctx.User.Name)

  262. 		ctx.Redirect(setting.AppSubURL + "/user/settings/email")

  263. 		return

  264. 	}

  265. 

  266. 	// Add Email address.

  267. 	emails, err := models.GetEmailAddresses(ctx.User.ID)

  268. 	if err != nil {

  269. 		ctx.Handle(500, "GetEmailAddresses", err)

  270. 		return

  271. 	}

  272. 	ctx.Data["Emails"] = emails

  273. 

  274. 	if ctx.HasError() {

  275. 		ctx.HTML(200, tplSettingsEmails)

  276. 		return

  277. 	}

  278. 

  279. 	email := &models.EmailAddress{

  280. 		UID:         ctx.User.ID,

  281. 		Email:       form.Email,

  282. 		IsActivated: !setting.Service.RegisterEmailConfirm,

  283. 	}

  284. 	if err := models.AddEmailAddress(email); err != nil {

  285. 		if models.IsErrEmailAlreadyUsed(err) {

  286. 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSettingsEmails, &form)

  287. 			return

  288. 		}

  289. 		ctx.Handle(500, "AddEmailAddress", err)

  290. 		return

  291. 	}

  292. 

  293. 	// Send confirmation email

  294. 	if setting.Service.RegisterEmailConfirm {

  295. 		models.SendActivateEmailMail(ctx.Context, ctx.User, email)

  296. 

  297. 		if err := ctx.Cache.Put("MailResendLimit_"+ctx.User.LowerName, ctx.User.LowerName, 180); err != nil {

  298. 			log.Error(4, "Set cache(MailResendLimit) fail: %v", err)

  299. 		}

  300. 		ctx.Flash.Info(ctx.Tr("settings.add_email_confirmation_sent", email.Email, setting.Service.ActiveCodeLives/60))

  301. 	} else {

  302. 		ctx.Flash.Success(ctx.Tr("settings.add_email_success"))

  303. 	}

  304. 

  305. 	log.Trace("Email address added: %s", email.Email)

  306. 	ctx.Redirect(setting.AppSubURL + "/user/settings/email")

  307. }

  308. 

  309. // DeleteEmail response for delete user's email

  310. func DeleteEmail(ctx *context.Context) {

  311. 	if err := models.DeleteEmailAddress(&models.EmailAddress{ID: ctx.QueryInt64("id"), UID: ctx.User.ID}); err != nil {

  312. 		ctx.Handle(500, "DeleteEmail", err)

  313. 		return

  314. 	}

  315. 	log.Trace("Email address deleted: %s", ctx.User.Name)

  316. 

  317. 	ctx.Flash.Success(ctx.Tr("settings.email_deletion_success"))

  318. 	ctx.JSON(200, map[string]interface{}{

  319. 		"redirect": setting.AppSubURL + "/user/settings/email",

  320. 	})

  321. }

  322. 

  323. // SettingsKeys render user's SSH/GPG public keys page

  324. func SettingsKeys(ctx *context.Context) {

  325. 	ctx.Data["Title"] = ctx.Tr("settings")

  326. 	ctx.Data["PageIsSettingsKeys"] = true

  327. 

  328. 	keys, err := models.ListPublicKeys(ctx.User.ID)

  329. 	if err != nil {

  330. 		ctx.Handle(500, "ListPublicKeys", err)

  331. 		return

  332. 	}

  333. 	ctx.Data["Keys"] = keys

  334. 

  335. 	gpgkeys, err := models.ListGPGKeys(ctx.User.ID)

  336. 	if err != nil {

  337. 		ctx.Handle(500, "ListGPGKeys", err)

  338. 		return

  339. 	}

  340. 	ctx.Data["GPGKeys"] = gpgkeys

  341. 

  342. 	ctx.HTML(200, tplSettingsKeys)

  343. }

  344. 

  345. // SettingsKeysPost response for change user's SSH/GPG keys

  346. func SettingsKeysPost(ctx *context.Context, form auth.AddKeyForm) {

  347. 	ctx.Data["Title"] = ctx.Tr("settings")

  348. 	ctx.Data["PageIsSettingsKeys"] = true

  349. 

  350. 	keys, err := models.ListPublicKeys(ctx.User.ID)

  351. 	if err != nil {

  352. 		ctx.Handle(500, "ListPublicKeys", err)

  353. 		return

  354. 	}

  355. 	ctx.Data["Keys"] = keys

  356. 

  357. 	gpgkeys, err := models.ListGPGKeys(ctx.User.ID)

  358. 	if err != nil {

  359. 		ctx.Handle(500, "ListGPGKeys", err)

  360. 		return

  361. 	}

  362. 	ctx.Data["GPGKeys"] = gpgkeys

  363. 

  364. 	if ctx.HasError() {

  365. 		ctx.HTML(200, tplSettingsKeys)

  366. 		return

  367. 	}

  368. 	switch form.Type {

  369. 	case "gpg":

  370. 		key, err := models.AddGPGKey(ctx.User.ID, form.Content)

  371. 		if err != nil {

  372. 			ctx.Data["HasGPGError"] = true

  373. 			switch {

  374. 			case models.IsErrGPGKeyParsing(err):

  375. 				ctx.Flash.Error(ctx.Tr("form.invalid_gpg_key", err.Error()))

  376. 				ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  377. 			case models.IsErrGPGKeyIDAlreadyUsed(err):

  378. 				ctx.Data["Err_Content"] = true

  379. 				ctx.RenderWithErr(ctx.Tr("settings.gpg_key_id_used"), tplSettingsKeys, &form)

  380. 			case models.IsErrGPGEmailNotFound(err):

  381. 				ctx.Data["Err_Content"] = true

  382. 				ctx.RenderWithErr(ctx.Tr("settings.gpg_key_email_not_found", err.(models.ErrGPGEmailNotFound).Email), tplSettingsKeys, &form)

  383. 			default:

  384. 				ctx.Handle(500, "AddPublicKey", err)

  385. 			}

  386. 			return

  387. 		}

  388. 		ctx.Flash.Success(ctx.Tr("settings.add_gpg_key_success", key.KeyID))

  389. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  390. 	case "ssh":

  391. 		content, err := models.CheckPublicKeyString(form.Content)

  392. 		if err != nil {

  393. 			if models.IsErrKeyUnableVerify(err) {

  394. 				ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))

  395. 			} else {

  396. 				ctx.Flash.Error(ctx.Tr("form.invalid_ssh_key", err.Error()))

  397. 				ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  398. 				return

  399. 			}

  400. 		}

  401. 

  402. 		if _, err = models.AddPublicKey(ctx.User.ID, form.Title, content); err != nil {

  403. 			ctx.Data["HasSSHError"] = true

  404. 			switch {

  405. 			case models.IsErrKeyAlreadyExist(err):

  406. 				ctx.Data["Err_Content"] = true

  407. 				ctx.RenderWithErr(ctx.Tr("settings.ssh_key_been_used"), tplSettingsKeys, &form)

  408. 			case models.IsErrKeyNameAlreadyUsed(err):

  409. 				ctx.Data["Err_Title"] = true

  410. 				ctx.RenderWithErr(ctx.Tr("settings.ssh_key_name_used"), tplSettingsKeys, &form)

  411. 			default:

  412. 				ctx.Handle(500, "AddPublicKey", err)

  413. 			}

  414. 			return

  415. 		}

  416. 		ctx.Flash.Success(ctx.Tr("settings.add_key_success", form.Title))

  417. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  418. 

  419. 	default:

  420. 		ctx.Flash.Warning("Function not implemented")

  421. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  422. 	}

  423. 

  424. }

  425. 

  426. // DeleteKey response for delete user's SSH/GPG key

  427. func DeleteKey(ctx *context.Context) {

  428. 

  429. 	switch ctx.Query("type") {

  430. 	case "gpg":

  431. 		if err := models.DeleteGPGKey(ctx.User, ctx.QueryInt64("id")); err != nil {

  432. 			ctx.Flash.Error("DeleteGPGKey: " + err.Error())

  433. 		} else {

  434. 			ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success"))

  435. 		}

  436. 	case "ssh":

  437. 		if err := models.DeletePublicKey(ctx.User, ctx.QueryInt64("id")); err != nil {

  438. 			ctx.Flash.Error("DeletePublicKey: " + err.Error())

  439. 		} else {

  440. 			ctx.Flash.Success(ctx.Tr("settings.ssh_key_deletion_success"))

  441. 		}

  442. 	default:

  443. 		ctx.Flash.Warning("Function not implemented")

  444. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  445. 	}

  446. 	ctx.JSON(200, map[string]interface{}{

  447. 		"redirect": setting.AppSubURL + "/user/settings/keys",

  448. 	})

  449. }

  450. 

  451. // SettingsApplications render user's access tokens page

  452. func SettingsApplications(ctx *context.Context) {

  453. 	ctx.Data["Title"] = ctx.Tr("settings")

  454. 	ctx.Data["PageIsSettingsApplications"] = true

  455. 

  456. 	tokens, err := models.ListAccessTokens(ctx.User.ID)

  457. 	if err != nil {

  458. 		ctx.Handle(500, "ListAccessTokens", err)

  459. 		return

  460. 	}

  461. 	ctx.Data["Tokens"] = tokens

  462. 

  463. 	ctx.HTML(200, tplSettingsApplications)

  464. }

  465. 

  466. // SettingsApplicationsPost response for add user's access token

  467. func SettingsApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm) {

  468. 	ctx.Data["Title"] = ctx.Tr("settings")

  469. 	ctx.Data["PageIsSettingsApplications"] = true

  470. 

  471. 	if ctx.HasError() {

  472. 		tokens, err := models.ListAccessTokens(ctx.User.ID)

  473. 		if err != nil {

  474. 			ctx.Handle(500, "ListAccessTokens", err)

  475. 			return

  476. 		}

  477. 		ctx.Data["Tokens"] = tokens

  478. 		ctx.HTML(200, tplSettingsApplications)

  479. 		return

  480. 	}

  481. 

  482. 	t := &models.AccessToken{

  483. 		UID:  ctx.User.ID,

  484. 		Name: form.Name,

  485. 	}

  486. 	if err := models.NewAccessToken(t); err != nil {

  487. 		ctx.Handle(500, "NewAccessToken", err)

  488. 		return

  489. 	}

  490. 

  491. 	ctx.Flash.Success(ctx.Tr("settings.generate_token_succees"))

  492. 	ctx.Flash.Info(t.Sha1)

  493. 

  494. 	ctx.Redirect(setting.AppSubURL + "/user/settings/applications")

  495. }

  496. 

  497. // SettingsDeleteApplication response for delete user access token

  498. func SettingsDeleteApplication(ctx *context.Context) {

  499. 	if err := models.DeleteAccessTokenByID(ctx.QueryInt64("id"), ctx.User.ID); err != nil {

  500. 		ctx.Flash.Error("DeleteAccessTokenByID: " + err.Error())

  501. 	} else {

  502. 		ctx.Flash.Success(ctx.Tr("settings.delete_token_success"))

  503. 	}

  504. 

  505. 	ctx.JSON(200, map[string]interface{}{

  506. 		"redirect": setting.AppSubURL + "/user/settings/applications",

  507. 	})

  508. }

  509. 

  510. // SettingsTwoFactor renders the 2FA page.

  511. func SettingsTwoFactor(ctx *context.Context) {

  512. 	ctx.Data["Title"] = ctx.Tr("settings")

  513. 	ctx.Data["PageIsSettingsTwofa"] = true

  514. 

  515. 	enrolled := true

  516. 	_, err := models.GetTwoFactorByUID(ctx.User.ID)

  517. 	if err != nil {

  518. 		if models.IsErrTwoFactorNotEnrolled(err) {

  519. 			enrolled = false

  520. 		} else {

  521. 			ctx.Handle(500, "SettingsTwoFactor", err)

  522. 			return

  523. 		}

  524. 	}

  525. 

  526. 	ctx.Data["TwofaEnrolled"] = enrolled

  527. 	ctx.HTML(200, tplSettingsTwofa)

  528. }

  529. 

  530. // SettingsTwoFactorRegenerateScratch regenerates the user's 2FA scratch code.

  531. func SettingsTwoFactorRegenerateScratch(ctx *context.Context) {

  532. 	ctx.Data["Title"] = ctx.Tr("settings")

  533. 	ctx.Data["PageIsSettingsTwofa"] = true

  534. 

  535. 	t, err := models.GetTwoFactorByUID(ctx.User.ID)

  536. 	if err != nil {

  537. 		ctx.Handle(500, "SettingsTwoFactor", err)

  538. 		return

  539. 	}

  540. 

  541. 	if err = t.GenerateScratchToken(); err != nil {

  542. 		ctx.Handle(500, "SettingsTwoFactor", err)

  543. 		return

  544. 	}

  545. 

  546. 	if err = models.UpdateTwoFactor(t); err != nil {

  547. 		ctx.Handle(500, "SettingsTwoFactor", err)

  548. 		return

  549. 	}

  550. 

  551. 	ctx.Flash.Success(ctx.Tr("settings.twofa_scratch_token_regenerated", t.ScratchToken))

  552. 	ctx.Redirect(setting.AppSubURL + "/user/settings/two_factor")

  553. }

  554. 

  555. // SettingsTwoFactorDisable deletes the user's 2FA settings.

  556. func SettingsTwoFactorDisable(ctx *context.Context) {

  557. 	ctx.Data["Title"] = ctx.Tr("settings")

  558. 	ctx.Data["PageIsSettingsTwofa"] = true

  559. 

  560. 	t, err := models.GetTwoFactorByUID(ctx.User.ID)

  561. 	if err != nil {

  562. 		ctx.Handle(500, "SettingsTwoFactor", err)

  563. 		return

  564. 	}

  565. 

  566. 	if err = models.DeleteTwoFactorByID(t.ID, ctx.User.ID); err != nil {

  567. 		ctx.Handle(500, "SettingsTwoFactor", err)

  568. 		return

  569. 	}

  570. 

  571. 	ctx.Flash.Success(ctx.Tr("settings.twofa_disabled"))

  572. 	ctx.Redirect(setting.AppSubURL + "/user/settings/two_factor")

  573. }

  574. 

  575. func twofaGenerateSecretAndQr(ctx *context.Context) bool {

  576. 	var otpKey *otp.Key

  577. 	var err error

  578. 	uri := ctx.Session.Get("twofaUri")

  579. 	if uri != nil {

  580. 		otpKey, err = otp.NewKeyFromURL(uri.(string))

  581. 	}

  582. 	if otpKey == nil {

  583. 		err = nil // clear the error, in case the URL was invalid

  584. 		otpKey, err = totp.Generate(totp.GenerateOpts{

  585. 			Issuer:      setting.AppName,

  586. 			AccountName: ctx.User.Name,

  587. 		})

  588. 		if err != nil {

  589. 			ctx.Handle(500, "SettingsTwoFactor", err)

  590. 			return false

  591. 		}

  592. 	}

  593. 

  594. 	ctx.Data["TwofaSecret"] = otpKey.Secret()

  595. 	img, err := otpKey.Image(320, 240)

  596. 	if err != nil {

  597. 		ctx.Handle(500, "SettingsTwoFactor", err)

  598. 		return false

  599. 	}

  600. 

  601. 	var imgBytes bytes.Buffer

  602. 	if err = png.Encode(&imgBytes, img); err != nil {

  603. 		ctx.Handle(500, "SettingsTwoFactor", err)

  604. 		return false

  605. 	}

  606. 

  607. 	ctx.Data["QrUri"] = template.URL("data:image/png;base64," + base64.StdEncoding.EncodeToString(imgBytes.Bytes()))

  608. 	ctx.Session.Set("twofaSecret", otpKey.Secret())

  609. 	ctx.Session.Set("twofaUri", otpKey.String())

  610. 	return true

  611. }

  612. 

  613. // SettingsTwoFactorEnroll shows the page where the user can enroll into 2FA.

  614. func SettingsTwoFactorEnroll(ctx *context.Context) {

  615. 	ctx.Data["Title"] = ctx.Tr("settings")

  616. 	ctx.Data["PageIsSettingsTwofa"] = true

  617. 

  618. 	t, err := models.GetTwoFactorByUID(ctx.User.ID)

  619. 	if t != nil {

  620. 		// already enrolled

  621. 		ctx.Handle(500, "SettingsTwoFactor", err)

  622. 		return

  623. 	}

  624. 	if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {

  625. 		ctx.Handle(500, "SettingsTwoFactor", err)

  626. 		return

  627. 	}

  628. 

  629. 	if !twofaGenerateSecretAndQr(ctx) {

  630. 		return

  631. 	}

  632. 

  633. 	ctx.HTML(200, tplSettingsTwofaEnroll)

  634. }

  635. 

  636. // SettingsTwoFactorEnrollPost handles enrolling the user into 2FA.

  637. func SettingsTwoFactorEnrollPost(ctx *context.Context, form auth.TwoFactorAuthForm) {

  638. 	ctx.Data["Title"] = ctx.Tr("settings")

  639. 	ctx.Data["PageIsSettingsTwofa"] = true

  640. 

  641. 	t, err := models.GetTwoFactorByUID(ctx.User.ID)

  642. 	if t != nil {

  643. 		// already enrolled

  644. 		ctx.Handle(500, "SettingsTwoFactor", err)

  645. 		return

  646. 	}

  647. 	if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {

  648. 		ctx.Handle(500, "SettingsTwoFactor", err)

  649. 		return

  650. 	}

  651. 

  652. 	if ctx.HasError() {

  653. 		if !twofaGenerateSecretAndQr(ctx) {

  654. 			return

  655. 		}

  656. 		ctx.HTML(200, tplSettingsTwofaEnroll)

  657. 		return

  658. 	}

  659. 

  660. 	secret := ctx.Session.Get("twofaSecret").(string)

  661. 	if !totp.Validate(form.Passcode, secret) {

  662. 		if !twofaGenerateSecretAndQr(ctx) {

  663. 			return

  664. 		}

  665. 		ctx.Flash.Error(ctx.Tr("settings.passcode_invalid"))

  666. 		ctx.HTML(200, tplSettingsTwofaEnroll)

  667. 		return

  668. 	}

  669. 

  670. 	t = &models.TwoFactor{

  671. 		UID: ctx.User.ID,

  672. 	}

  673. 	err = t.SetSecret(secret)

  674. 	if err != nil {

  675. 		ctx.Handle(500, "SettingsTwoFactor", err)

  676. 		return

  677. 	}

  678. 	err = t.GenerateScratchToken()

  679. 	if err != nil {

  680. 		ctx.Handle(500, "SettingsTwoFactor", err)

  681. 		return

  682. 	}

  683. 

  684. 	if err = models.NewTwoFactor(t); err != nil {

  685. 		ctx.Handle(500, "SettingsTwoFactor", err)

  686. 		return

  687. 	}

  688. 

  689. 	ctx.Session.Delete("twofaSecret")

  690. 	ctx.Session.Delete("twofaUri")

  691. 	ctx.Flash.Success(ctx.Tr("settings.twofa_enrolled", t.ScratchToken))

  692. 	ctx.Redirect(setting.AppSubURL + "/user/settings/two_factor")

  693. }

  694. 

  695. // SettingsAccountLinks render the account links settings page

  696. func SettingsAccountLinks(ctx *context.Context) {

  697. 	ctx.Data["Title"] = ctx.Tr("settings")

  698. 	ctx.Data["PageIsSettingsAccountLink"] = true

  699. 

  700. 	accountLinks, err := models.ListAccountLinks(ctx.User)

  701. 	if err != nil {

  702. 		ctx.Handle(500, "ListAccountLinks", err)

  703. 		return

  704. 	}

  705. 

  706. 	// map the provider display name with the LoginSource

  707. 	sources := make(map[*models.LoginSource]string)

  708. 	for _, externalAccount := range accountLinks {

  709. 		if loginSource, err := models.GetLoginSourceByID(externalAccount.LoginSourceID); err == nil {

  710. 			var providerDisplayName string

  711. 			if loginSource.IsOAuth2() {

  712. 				providerTechnicalName := loginSource.OAuth2().Provider

  713. 				providerDisplayName = models.OAuth2Providers[providerTechnicalName].DisplayName

  714. 			} else {

  715. 				providerDisplayName = loginSource.Name

  716. 			}

  717. 			sources[loginSource] = providerDisplayName

  718. 		}

  719. 	}

  720. 	ctx.Data["AccountLinks"] = sources

  721. 

  722. 	ctx.HTML(200, tplSettingsAccountLink)

  723. }

  724. 

  725. // SettingsDeleteAccountLink delete a single account link

  726. func SettingsDeleteAccountLink(ctx *context.Context) {

  727. 	if _, err := models.RemoveAccountLink(ctx.User, ctx.QueryInt64("loginSourceID")); err != nil {

  728. 		ctx.Flash.Error("RemoveAccountLink: " + err.Error())

  729. 	} else {

  730. 		ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))

  731. 	}

  732. 

  733. 	ctx.JSON(200, map[string]interface{}{

  734. 		"redirect": setting.AppSubURL + "/user/settings/account_link",

  735. 	})

  736. }

  737. 

  738. // SettingsDelete render user suicide page and response for delete user himself

  739. func SettingsDelete(ctx *context.Context) {

  740. 	ctx.Data["Title"] = ctx.Tr("settings")

  741. 	ctx.Data["PageIsSettingsDelete"] = true

  742. 	ctx.Data["Email"] = ctx.User.Email

  743. 

  744. 	if ctx.Req.Method == "POST" {

  745. 		if _, err := models.UserSignIn(ctx.User.Name, ctx.Query("password")); err != nil {

  746. 			if models.IsErrUserNotExist(err) {

  747. 				ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), tplSettingsDelete, nil)

  748. 			} else {

  749. 				ctx.Handle(500, "UserSignIn", err)

  750. 			}

  751. 			return

  752. 		}

  753. 

  754. 		if err := models.DeleteUser(ctx.User); err != nil {

  755. 			switch {

  756. 			case models.IsErrUserOwnRepos(err):

  757. 				ctx.Flash.Error(ctx.Tr("form.still_own_repo"))

  758. 				ctx.Redirect(setting.AppSubURL + "/user/settings/delete")

  759. 			case models.IsErrUserHasOrgs(err):

  760. 				ctx.Flash.Error(ctx.Tr("form.still_has_org"))

  761. 				ctx.Redirect(setting.AppSubURL + "/user/settings/delete")

  762. 			default:

  763. 				ctx.Handle(500, "DeleteUser", err)

  764. 			}

  765. 		} else {

  766. 			log.Trace("Account deleted: %s", ctx.User.Name)

  767. 			ctx.Redirect(setting.AppSubURL + "/")

  768. 		}

  769. 		return

  770. 	}

  771. 

  772. 	ctx.HTML(200, tplSettingsDelete)

  773. }