mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16911 Commits
17 Branches
Tree: a129c0c06c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a129c0c06c'
${ noResults }
gitea/routers/web/user/setting/account.go

account.go 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2018 The Gitea Authors. All rights reserved.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package setting

  6. 

  7. import (

  8. 	"errors"

  9. 	"net/http"

  10. 	"time"

  11. 

  12. 	"code.gitea.io/gitea/models"

  13. 	user_model "code.gitea.io/gitea/models/user"

  14. 	"code.gitea.io/gitea/modules/auth/password"

  15. 	"code.gitea.io/gitea/modules/base"

  16. 	"code.gitea.io/gitea/modules/context"

  17. 	"code.gitea.io/gitea/modules/log"

  18. 	"code.gitea.io/gitea/modules/setting"

  19. 	"code.gitea.io/gitea/modules/timeutil"

  20. 	"code.gitea.io/gitea/modules/web"

  21. 	"code.gitea.io/gitea/services/auth"

  22. 	"code.gitea.io/gitea/services/auth/source/db"

  23. 	"code.gitea.io/gitea/services/auth/source/smtp"

  24. 	"code.gitea.io/gitea/services/forms"

  25. 	"code.gitea.io/gitea/services/mailer"

  26. 	"code.gitea.io/gitea/services/user"

  27. )

  28. 

  29. const (

  30. 	tplSettingsAccount base.TplName = "user/settings/account"

  31. )

  32. 

  33. // Account renders change user's password, user's email and user suicide page

  34. func Account(ctx *context.Context) {

  35. 	ctx.Data["Title"] = ctx.Tr("settings.account")

  36. 	ctx.Data["PageIsSettingsAccount"] = true

  37. 	ctx.Data["Email"] = ctx.Doer.Email

  38. 	ctx.Data["EnableNotifyMail"] = setting.Service.EnableNotifyMail

  39. 

  40. 	loadAccountData(ctx)

  41. 

  42. 	ctx.HTML(http.StatusOK, tplSettingsAccount)

  43. }

  44. 

  45. // AccountPost response for change user's password

  46. func AccountPost(ctx *context.Context) {

  47. 	form := web.GetForm(ctx).(*forms.ChangePasswordForm)

  48. 	ctx.Data["Title"] = ctx.Tr("settings")

  49. 	ctx.Data["PageIsSettingsAccount"] = true

  50. 

  51. 	if ctx.HasError() {

  52. 		loadAccountData(ctx)

  53. 

  54. 		ctx.HTML(http.StatusOK, tplSettingsAccount)

  55. 		return

  56. 	}

  57. 

  58. 	if len(form.Password) < setting.MinPasswordLength {

  59. 		ctx.Flash.Error(ctx.Tr("auth.password_too_short", setting.MinPasswordLength))

  60. 	} else if ctx.Doer.IsPasswordSet() && !ctx.Doer.ValidatePassword(form.OldPassword) {

  61. 		ctx.Flash.Error(ctx.Tr("settings.password_incorrect"))

  62. 	} else if form.Password != form.Retype {

  63. 		ctx.Flash.Error(ctx.Tr("form.password_not_match"))

  64. 	} else if !password.IsComplexEnough(form.Password) {

  65. 		ctx.Flash.Error(password.BuildComplexityError(ctx.Locale))

  66. 	} else if pwned, err := password.IsPwned(ctx, form.Password); pwned || err != nil {

  67. 		errMsg := ctx.Tr("auth.password_pwned")

  68. 		if err != nil {

  69. 			log.Error(err.Error())

  70. 			errMsg = ctx.Tr("auth.password_pwned_err")

  71. 		}

  72. 		ctx.Flash.Error(errMsg)

  73. 	} else {

  74. 		var err error

  75. 		if err = ctx.Doer.SetPassword(form.Password); err != nil {

  76. 			ctx.ServerError("UpdateUser", err)

  77. 			return

  78. 		}

  79. 		if err := user_model.UpdateUserCols(ctx, ctx.Doer, "salt", "passwd_hash_algo", "passwd"); err != nil {

  80. 			ctx.ServerError("UpdateUser", err)

  81. 			return

  82. 		}

  83. 		log.Trace("User password updated: %s", ctx.Doer.Name)

  84. 		ctx.Flash.Success(ctx.Tr("settings.change_password_success"))

  85. 	}

  86. 

  87. 	ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  88. }

  89. 

  90. // EmailPost response for change user's email

  91. func EmailPost(ctx *context.Context) {

  92. 	form := web.GetForm(ctx).(*forms.AddEmailForm)

  93. 	ctx.Data["Title"] = ctx.Tr("settings")

  94. 	ctx.Data["PageIsSettingsAccount"] = true

  95. 

  96. 	// Make emailaddress primary.

  97. 	if ctx.FormString("_method") == "PRIMARY" {

  98. 		if err := user_model.MakeEmailPrimary(ctx, &user_model.EmailAddress{ID: ctx.FormInt64("id")}); err != nil {

  99. 			ctx.ServerError("MakeEmailPrimary", err)

  100. 			return

  101. 		}

  102. 

  103. 		log.Trace("Email made primary: %s", ctx.Doer.Name)

  104. 		ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  105. 		return

  106. 	}

  107. 	// Send activation Email

  108. 	if ctx.FormString("_method") == "SENDACTIVATION" {

  109. 		var address string

  110. 		if setting.CacheService.Enabled && ctx.Cache.IsExist("MailResendLimit_"+ctx.Doer.LowerName) {

  111. 			log.Error("Send activation: activation still pending")

  112. 			ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  113. 			return

  114. 		}

  115. 

  116. 		id := ctx.FormInt64("id")

  117. 		email, err := user_model.GetEmailAddressByID(ctx, ctx.Doer.ID, id)

  118. 		if err != nil {

  119. 			log.Error("GetEmailAddressByID(%d,%d) error: %v", ctx.Doer.ID, id, err)

  120. 			ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  121. 			return

  122. 		}

  123. 		if email == nil {

  124. 			log.Warn("Send activation failed: EmailAddress[%d] not found for user: %-v", id, ctx.Doer)

  125. 			ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  126. 			return

  127. 		}

  128. 		if email.IsActivated {

  129. 			log.Debug("Send activation failed: email %s is already activated for user: %-v", email.Email, ctx.Doer)

  130. 			ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  131. 			return

  132. 		}

  133. 		if email.IsPrimary {

  134. 			if ctx.Doer.IsActive && !setting.Service.RegisterEmailConfirm {

  135. 				log.Debug("Send activation failed: email %s is already activated for user: %-v", email.Email, ctx.Doer)

  136. 				ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  137. 				return

  138. 			}

  139. 			// Only fired when the primary email is inactive (Wrong state)

  140. 			mailer.SendActivateAccountMail(ctx.Locale, ctx.Doer)

  141. 		} else {

  142. 			mailer.SendActivateEmailMail(ctx.Doer, email)

  143. 		}

  144. 		address = email.Email

  145. 

  146. 		if setting.CacheService.Enabled {

  147. 			if err := ctx.Cache.Put("MailResendLimit_"+ctx.Doer.LowerName, ctx.Doer.LowerName, 180); err != nil {

  148. 				log.Error("Set cache(MailResendLimit) fail: %v", err)

  149. 			}

  150. 		}

  151. 		ctx.Flash.Info(ctx.Tr("settings.add_email_confirmation_sent", address, timeutil.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale)))

  152. 		ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  153. 		return

  154. 	}

  155. 	// Set Email Notification Preference

  156. 	if ctx.FormString("_method") == "NOTIFICATION" {

  157. 		preference := ctx.FormString("preference")

  158. 		if !(preference == user_model.EmailNotificationsEnabled ||

  159. 			preference == user_model.EmailNotificationsOnMention ||

  160. 			preference == user_model.EmailNotificationsDisabled ||

  161. 			preference == user_model.EmailNotificationsAndYourOwn) {

  162. 			log.Error("Email notifications preference change returned unrecognized option %s: %s", preference, ctx.Doer.Name)

  163. 			ctx.ServerError("SetEmailPreference", errors.New("option unrecognized"))

  164. 			return

  165. 		}

  166. 		if err := user_model.SetEmailNotifications(ctx, ctx.Doer, preference); err != nil {

  167. 			log.Error("Set Email Notifications failed: %v", err)

  168. 			ctx.ServerError("SetEmailNotifications", err)

  169. 			return

  170. 		}

  171. 		log.Trace("Email notifications preference made %s: %s", preference, ctx.Doer.Name)

  172. 		ctx.Flash.Success(ctx.Tr("settings.email_preference_set_success"))

  173. 		ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  174. 		return

  175. 	}

  176. 

  177. 	if ctx.HasError() {

  178. 		loadAccountData(ctx)

  179. 

  180. 		ctx.HTML(http.StatusOK, tplSettingsAccount)

  181. 		return

  182. 	}

  183. 

  184. 	email := &user_model.EmailAddress{

  185. 		UID:         ctx.Doer.ID,

  186. 		Email:       form.Email,

  187. 		IsActivated: !setting.Service.RegisterEmailConfirm,

  188. 	}

  189. 	if err := user_model.AddEmailAddress(ctx, email); err != nil {

  190. 		if user_model.IsErrEmailAlreadyUsed(err) {

  191. 			loadAccountData(ctx)

  192. 

  193. 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSettingsAccount, &form)

  194. 			return

  195. 		} else if user_model.IsErrEmailCharIsNotSupported(err) ||

  196. 			user_model.IsErrEmailInvalid(err) {

  197. 			loadAccountData(ctx)

  198. 

  199. 			ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplSettingsAccount, &form)

  200. 			return

  201. 		}

  202. 		ctx.ServerError("AddEmailAddress", err)

  203. 		return

  204. 	}

  205. 

  206. 	// Send confirmation email

  207. 	if setting.Service.RegisterEmailConfirm {

  208. 		mailer.SendActivateEmailMail(ctx.Doer, email)

  209. 		if setting.CacheService.Enabled {

  210. 			if err := ctx.Cache.Put("MailResendLimit_"+ctx.Doer.LowerName, ctx.Doer.LowerName, 180); err != nil {

  211. 				log.Error("Set cache(MailResendLimit) fail: %v", err)

  212. 			}

  213. 		}

  214. 		ctx.Flash.Info(ctx.Tr("settings.add_email_confirmation_sent", email.Email, timeutil.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale)))

  215. 	} else {

  216. 		ctx.Flash.Success(ctx.Tr("settings.add_email_success"))

  217. 	}

  218. 

  219. 	log.Trace("Email address added: %s", email.Email)

  220. 	ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  221. }

  222. 

  223. // DeleteEmail response for delete user's email

  224. func DeleteEmail(ctx *context.Context) {

  225. 	if err := user_model.DeleteEmailAddress(ctx, &user_model.EmailAddress{ID: ctx.FormInt64("id"), UID: ctx.Doer.ID}); err != nil {

  226. 		ctx.ServerError("DeleteEmail", err)

  227. 		return

  228. 	}

  229. 	log.Trace("Email address deleted: %s", ctx.Doer.Name)

  230. 

  231. 	ctx.Flash.Success(ctx.Tr("settings.email_deletion_success"))

  232. 	ctx.JSONRedirect(setting.AppSubURL + "/user/settings/account")

  233. }

  234. 

  235. // DeleteAccount render user suicide page and response for delete user himself

  236. func DeleteAccount(ctx *context.Context) {

  237. 	ctx.Data["Title"] = ctx.Tr("settings")

  238. 	ctx.Data["PageIsSettingsAccount"] = true

  239. 

  240. 	if _, _, err := auth.UserSignIn(ctx, ctx.Doer.Name, ctx.FormString("password")); err != nil {

  241. 		switch {

  242. 		case user_model.IsErrUserNotExist(err):

  243. 			loadAccountData(ctx)

  244. 

  245. 			ctx.RenderWithErr(ctx.Tr("form.user_not_exist"), tplSettingsAccount, nil)

  246. 		case errors.Is(err, smtp.ErrUnsupportedLoginType):

  247. 			loadAccountData(ctx)

  248. 

  249. 			ctx.RenderWithErr(ctx.Tr("form.unsupported_login_type"), tplSettingsAccount, nil)

  250. 		case errors.As(err, &db.ErrUserPasswordNotSet{}):

  251. 			loadAccountData(ctx)

  252. 

  253. 			ctx.RenderWithErr(ctx.Tr("form.unset_password"), tplSettingsAccount, nil)

  254. 		case errors.As(err, &db.ErrUserPasswordInvalid{}):

  255. 			loadAccountData(ctx)

  256. 

  257. 			ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), tplSettingsAccount, nil)

  258. 		default:

  259. 			ctx.ServerError("UserSignIn", err)

  260. 		}

  261. 		return

  262. 	}

  263. 

  264. 	// admin should not delete themself

  265. 	if ctx.Doer.IsAdmin {

  266. 		ctx.Flash.Error(ctx.Tr("form.admin_cannot_delete_self"))

  267. 		ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  268. 		return

  269. 	}

  270. 

  271. 	if err := user.DeleteUser(ctx, ctx.Doer, false); err != nil {

  272. 		switch {

  273. 		case models.IsErrUserOwnRepos(err):

  274. 			ctx.Flash.Error(ctx.Tr("form.still_own_repo"))

  275. 			ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  276. 		case models.IsErrUserHasOrgs(err):

  277. 			ctx.Flash.Error(ctx.Tr("form.still_has_org"))

  278. 			ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  279. 		case models.IsErrUserOwnPackages(err):

  280. 			ctx.Flash.Error(ctx.Tr("form.still_own_packages"))

  281. 			ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  282. 		case models.IsErrDeleteLastAdminUser(err):

  283. 			ctx.Flash.Error(ctx.Tr("auth.last_admin"))

  284. 			ctx.Redirect(setting.AppSubURL + "/user/settings/account")

  285. 		default:

  286. 			ctx.ServerError("DeleteUser", err)

  287. 		}

  288. 	} else {

  289. 		log.Trace("Account deleted: %s", ctx.Doer.Name)

  290. 		ctx.Redirect(setting.AppSubURL + "/")

  291. 	}

  292. }

  293. 

  294. func loadAccountData(ctx *context.Context) {

  295. 	emlist, err := user_model.GetEmailAddresses(ctx, ctx.Doer.ID)

  296. 	if err != nil {

  297. 		ctx.ServerError("GetEmailAddresses", err)

  298. 		return

  299. 	}

  300. 	type UserEmail struct {

  301. 		user_model.EmailAddress

  302. 		CanBePrimary bool

  303. 	}

  304. 	pendingActivation := setting.CacheService.Enabled && ctx.Cache.IsExist("MailResendLimit_"+ctx.Doer.LowerName)

  305. 	emails := make([]*UserEmail, len(emlist))

  306. 	for i, em := range emlist {

  307. 		var email UserEmail

  308. 		email.EmailAddress = *em

  309. 		email.CanBePrimary = em.IsActivated

  310. 		emails[i] = &email

  311. 	}

  312. 	ctx.Data["Emails"] = emails

  313. 	ctx.Data["EmailNotificationsPreference"] = ctx.Doer.EmailNotifications()

  314. 	ctx.Data["ActivationsPending"] = pendingActivation

  315. 	ctx.Data["CanAddEmails"] = !pendingActivation || !setting.Service.RegisterEmailConfirm

  316. 

  317. 	if setting.Service.UserDeleteWithCommentsMaxTime != 0 {

  318. 		ctx.Data["UserDeleteWithCommentsMaxTime"] = setting.Service.UserDeleteWithCommentsMaxTime.String()

  319. 		ctx.Data["UserDeleteWithComments"] = ctx.Doer.CreatedUnix.AsTime().Add(setting.Service.UserDeleteWithCommentsMaxTime).After(time.Now())

  320. 	}

  321. }