mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11026 Commits
17 Branches
Tree: c9a04cfdc8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c9a04cfdc8'
${ noResults }
gitea/models/user_mail.go

user_mail.go 13KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502 
  1. // Copyright 2016 The Gogs Authors. All rights reserved.

  2. // Copyright 2020 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package models

  7. 

  8. import (

  9. 	"errors"

  10. 	"fmt"

  11. 	"net/mail"

  12. 	"strings"

  13. 

  14. 	"code.gitea.io/gitea/modules/log"

  15. 	"code.gitea.io/gitea/modules/setting"

  16. 	"code.gitea.io/gitea/modules/util"

  17. 

  18. 	"xorm.io/builder"

  19. )

  20. 

  21. var (

  22. 	// ErrEmailAddressNotExist email address not exist

  23. 	ErrEmailAddressNotExist = errors.New("Email address does not exist")

  24. )

  25. 

  26. // EmailAddress is the list of all email addresses of a user. Can contain the

  27. // primary email address, but is not obligatory.

  28. type EmailAddress struct {

  29. 	ID          int64  `xorm:"pk autoincr"`

  30. 	UID         int64  `xorm:"INDEX NOT NULL"`

  31. 	Email       string `xorm:"UNIQUE NOT NULL"`

  32. 	IsActivated bool

  33. 	IsPrimary   bool `xorm:"-"`

  34. }

  35. 

  36. // ValidateEmail check if email is a allowed address

  37. func ValidateEmail(email string) error {

  38. 	if len(email) == 0 {

  39. 		return nil

  40. 	}

  41. 

  42. 	if _, err := mail.ParseAddress(email); err != nil {

  43. 		return ErrEmailInvalid{email}

  44. 	}

  45. 

  46. 	// TODO: add an email allow/block list

  47. 

  48. 	return nil

  49. }

  50. 

  51. // GetEmailAddresses returns all email addresses belongs to given user.

  52. func GetEmailAddresses(uid int64) ([]*EmailAddress, error) {

  53. 	emails := make([]*EmailAddress, 0, 5)

  54. 	if err := x.

  55. 		Where("uid=?", uid).

  56. 		Find(&emails); err != nil {

  57. 		return nil, err

  58. 	}

  59. 

  60. 	u, err := GetUserByID(uid)

  61. 	if err != nil {

  62. 		return nil, err

  63. 	}

  64. 

  65. 	isPrimaryFound := false

  66. 	for _, email := range emails {

  67. 		if email.Email == u.Email {

  68. 			isPrimaryFound = true

  69. 			email.IsPrimary = true

  70. 		} else {

  71. 			email.IsPrimary = false

  72. 		}

  73. 	}

  74. 

  75. 	// We always want the primary email address displayed, even if it's not in

  76. 	// the email address table (yet).

  77. 	if !isPrimaryFound {

  78. 		emails = append(emails, &EmailAddress{

  79. 			Email:       u.Email,

  80. 			IsActivated: u.IsActive,

  81. 			IsPrimary:   true,

  82. 		})

  83. 	}

  84. 	return emails, nil

  85. }

  86. 

  87. // GetEmailAddressByID gets a user's email address by ID

  88. func GetEmailAddressByID(uid, id int64) (*EmailAddress, error) {

  89. 	// User ID is required for security reasons

  90. 	email := &EmailAddress{UID: uid}

  91. 	if has, err := x.ID(id).Get(email); err != nil {

  92. 		return nil, err

  93. 	} else if !has {

  94. 		return nil, nil

  95. 	}

  96. 	return email, nil

  97. }

  98. 

  99. func isEmailActive(e Engine, email string, userID, emailID int64) (bool, error) {

  100. 	if len(email) == 0 {

  101. 		return true, nil

  102. 	}

  103. 

  104. 	// Can't filter by boolean field unless it's explicit

  105. 	cond := builder.NewCond()

  106. 	cond = cond.And(builder.Eq{"email": email}, builder.Neq{"id": emailID})

  107. 	if setting.Service.RegisterEmailConfirm {

  108. 		// Inactive (unvalidated) addresses don't count as active if email validation is required

  109. 		cond = cond.And(builder.Eq{"is_activated": true})

  110. 	}

  111. 

  112. 	em := EmailAddress{}

  113. 

  114. 	if has, err := e.Where(cond).Get(&em); has || err != nil {

  115. 		if has {

  116. 			log.Info("isEmailActive('%s',%d,%d) found duplicate in email ID %d", email, userID, emailID, em.ID)

  117. 		}

  118. 		return has, err

  119. 	}

  120. 

  121. 	// Can't filter by boolean field unless it's explicit

  122. 	cond = builder.NewCond()

  123. 	cond = cond.And(builder.Eq{"email": email}, builder.Neq{"id": userID})

  124. 	if setting.Service.RegisterEmailConfirm {

  125. 		cond = cond.And(builder.Eq{"is_active": true})

  126. 	}

  127. 

  128. 	us := User{}

  129. 

  130. 	if has, err := e.Where(cond).Get(&us); has || err != nil {

  131. 		if has {

  132. 			log.Info("isEmailActive('%s',%d,%d) found duplicate in user ID %d", email, userID, emailID, us.ID)

  133. 		}

  134. 		return has, err

  135. 	}

  136. 

  137. 	return false, nil

  138. }

  139. 

  140. func isEmailUsed(e Engine, email string) (bool, error) {

  141. 	if len(email) == 0 {

  142. 		return true, nil

  143. 	}

  144. 

  145. 	return e.Where("email=?", email).Get(&EmailAddress{})

  146. }

  147. 

  148. // IsEmailUsed returns true if the email has been used.

  149. func IsEmailUsed(email string) (bool, error) {

  150. 	return isEmailUsed(x, email)

  151. }

  152. 

  153. func addEmailAddress(e Engine, email *EmailAddress) error {

  154. 	email.Email = strings.ToLower(strings.TrimSpace(email.Email))

  155. 	used, err := isEmailUsed(e, email.Email)

  156. 	if err != nil {

  157. 		return err

  158. 	} else if used {

  159. 		return ErrEmailAlreadyUsed{email.Email}

  160. 	}

  161. 

  162. 	if err = ValidateEmail(email.Email); err != nil {

  163. 		return err

  164. 	}

  165. 

  166. 	_, err = e.Insert(email)

  167. 	return err

  168. }

  169. 

  170. // AddEmailAddress adds an email address to given user.

  171. func AddEmailAddress(email *EmailAddress) error {

  172. 	return addEmailAddress(x, email)

  173. }

  174. 

  175. // AddEmailAddresses adds an email address to given user.

  176. func AddEmailAddresses(emails []*EmailAddress) error {

  177. 	if len(emails) == 0 {

  178. 		return nil

  179. 	}

  180. 

  181. 	// Check if any of them has been used

  182. 	for i := range emails {

  183. 		emails[i].Email = strings.ToLower(strings.TrimSpace(emails[i].Email))

  184. 		used, err := IsEmailUsed(emails[i].Email)

  185. 		if err != nil {

  186. 			return err

  187. 		} else if used {

  188. 			return ErrEmailAlreadyUsed{emails[i].Email}

  189. 		}

  190. 		if err = ValidateEmail(emails[i].Email); err != nil {

  191. 			return err

  192. 		}

  193. 	}

  194. 

  195. 	if _, err := x.Insert(emails); err != nil {

  196. 		return fmt.Errorf("Insert: %v", err)

  197. 	}

  198. 

  199. 	return nil

  200. }

  201. 

  202. // Activate activates the email address to given user.

  203. func (email *EmailAddress) Activate() error {

  204. 	sess := x.NewSession()

  205. 	defer sess.Close()

  206. 	if err := sess.Begin(); err != nil {

  207. 		return err

  208. 	}

  209. 	if err := email.updateActivation(sess, true); err != nil {

  210. 		return err

  211. 	}

  212. 	return sess.Commit()

  213. }

  214. 

  215. func (email *EmailAddress) updateActivation(e Engine, activate bool) error {

  216. 	user, err := getUserByID(e, email.UID)

  217. 	if err != nil {

  218. 		return err

  219. 	}

  220. 	if user.Rands, err = GetUserSalt(); err != nil {

  221. 		return err

  222. 	}

  223. 	email.IsActivated = activate

  224. 	if _, err := e.ID(email.ID).Cols("is_activated").Update(email); err != nil {

  225. 		return err

  226. 	}

  227. 	return updateUserCols(e, user, "rands")

  228. }

  229. 

  230. // DeleteEmailAddress deletes an email address of given user.

  231. func DeleteEmailAddress(email *EmailAddress) (err error) {

  232. 	var deleted int64

  233. 	// ask to check UID

  234. 	var address = EmailAddress{

  235. 		UID: email.UID,

  236. 	}

  237. 	if email.ID > 0 {

  238. 		deleted, err = x.ID(email.ID).Delete(&address)

  239. 	} else {

  240. 		deleted, err = x.

  241. 			Where("email=?", email.Email).

  242. 			Delete(&address)

  243. 	}

  244. 

  245. 	if err != nil {

  246. 		return err

  247. 	} else if deleted != 1 {

  248. 		return ErrEmailAddressNotExist

  249. 	}

  250. 	return nil

  251. }

  252. 

  253. // DeleteEmailAddresses deletes multiple email addresses

  254. func DeleteEmailAddresses(emails []*EmailAddress) (err error) {

  255. 	for i := range emails {

  256. 		if err = DeleteEmailAddress(emails[i]); err != nil {

  257. 			return err

  258. 		}

  259. 	}

  260. 

  261. 	return nil

  262. }

  263. 

  264. // MakeEmailPrimary sets primary email address of given user.

  265. func MakeEmailPrimary(email *EmailAddress) error {

  266. 	has, err := x.Get(email)

  267. 	if err != nil {

  268. 		return err

  269. 	} else if !has {

  270. 		return ErrEmailNotExist

  271. 	}

  272. 

  273. 	if !email.IsActivated {

  274. 		return ErrEmailNotActivated

  275. 	}

  276. 

  277. 	user := &User{}

  278. 	has, err = x.ID(email.UID).Get(user)

  279. 	if err != nil {

  280. 		return err

  281. 	} else if !has {

  282. 		return ErrUserNotExist{email.UID, "", 0}

  283. 	}

  284. 

  285. 	// Make sure the former primary email doesn't disappear.

  286. 	formerPrimaryEmail := &EmailAddress{UID: user.ID, Email: user.Email}

  287. 	has, err = x.Get(formerPrimaryEmail)

  288. 	if err != nil {

  289. 		return err

  290. 	}

  291. 

  292. 	sess := x.NewSession()

  293. 	defer sess.Close()

  294. 	if err = sess.Begin(); err != nil {

  295. 		return err

  296. 	}

  297. 

  298. 	if !has {

  299. 		formerPrimaryEmail.UID = user.ID

  300. 		formerPrimaryEmail.IsActivated = user.IsActive

  301. 		if _, err = sess.Insert(formerPrimaryEmail); err != nil {

  302. 			return err

  303. 		}

  304. 	}

  305. 

  306. 	user.Email = email.Email

  307. 	if _, err = sess.ID(user.ID).Cols("email").Update(user); err != nil {

  308. 		return err

  309. 	}

  310. 

  311. 	return sess.Commit()

  312. }

  313. 

  314. // SearchEmailOrderBy is used to sort the results from SearchEmails()

  315. type SearchEmailOrderBy string

  316. 

  317. func (s SearchEmailOrderBy) String() string {

  318. 	return string(s)

  319. }

  320. 

  321. // Strings for sorting result

  322. const (

  323. 	SearchEmailOrderByEmail        SearchEmailOrderBy = "emails.email ASC, is_primary DESC, sortid ASC"

  324. 	SearchEmailOrderByEmailReverse SearchEmailOrderBy = "emails.email DESC, is_primary ASC, sortid DESC"

  325. 	SearchEmailOrderByName         SearchEmailOrderBy = "`user`.lower_name ASC, is_primary DESC, sortid ASC"

  326. 	SearchEmailOrderByNameReverse  SearchEmailOrderBy = "`user`.lower_name DESC, is_primary ASC, sortid DESC"

  327. )

  328. 

  329. // SearchEmailOptions are options to search e-mail addresses for the admin panel

  330. type SearchEmailOptions struct {

  331. 	ListOptions

  332. 	Keyword     string

  333. 	SortType    SearchEmailOrderBy

  334. 	IsPrimary   util.OptionalBool

  335. 	IsActivated util.OptionalBool

  336. }

  337. 

  338. // SearchEmailResult is an e-mail address found in the user or email_address table

  339. type SearchEmailResult struct {

  340. 	UID         int64

  341. 	Email       string

  342. 	IsActivated bool

  343. 	IsPrimary   bool

  344. 	// From User

  345. 	Name     string

  346. 	FullName string

  347. }

  348. 

  349. // SearchEmails takes options i.e. keyword and part of email name to search,

  350. // it returns results in given range and number of total results.

  351. func SearchEmails(opts *SearchEmailOptions) ([]*SearchEmailResult, int64, error) {

  352. 	// Unfortunately, UNION support for SQLite in xorm is currently broken, so we must

  353. 	// build the SQL ourselves.

  354. 	where := make([]string, 0, 5)

  355. 	args := make([]interface{}, 0, 5)

  356. 

  357. 	emailsSQL := "(SELECT id as sortid, uid, email, is_activated, 0 as is_primary " +

  358. 		"FROM email_address " +

  359. 		"UNION ALL " +

  360. 		"SELECT id as sortid, id AS uid, email, is_active AS is_activated, 1 as is_primary " +

  361. 		"FROM `user` " +

  362. 		"WHERE type = ?) AS emails"

  363. 	args = append(args, UserTypeIndividual)

  364. 

  365. 	if len(opts.Keyword) > 0 {

  366. 		// Note: % can be injected in the Keyword parameter, but it won't do any harm.

  367. 		where = append(where, "(lower(`user`.full_name) LIKE ? OR `user`.lower_name LIKE ? OR emails.email LIKE ?)")

  368. 		likeStr := "%" + strings.ToLower(opts.Keyword) + "%"

  369. 		args = append(args, likeStr)

  370. 		args = append(args, likeStr)

  371. 		args = append(args, likeStr)

  372. 	}

  373. 

  374. 	switch {

  375. 	case opts.IsPrimary.IsTrue():

  376. 		where = append(where, "emails.is_primary = ?")

  377. 		args = append(args, true)

  378. 	case opts.IsPrimary.IsFalse():

  379. 		where = append(where, "emails.is_primary = ?")

  380. 		args = append(args, false)

  381. 	}

  382. 

  383. 	switch {

  384. 	case opts.IsActivated.IsTrue():

  385. 		where = append(where, "emails.is_activated = ?")

  386. 		args = append(args, true)

  387. 	case opts.IsActivated.IsFalse():

  388. 		where = append(where, "emails.is_activated = ?")

  389. 		args = append(args, false)

  390. 	}

  391. 

  392. 	var whereStr string

  393. 	if len(where) > 0 {

  394. 		whereStr = "WHERE " + strings.Join(where, " AND ")

  395. 	}

  396. 

  397. 	joinSQL := "FROM " + emailsSQL + " INNER JOIN `user` ON `user`.id = emails.uid " + whereStr

  398. 

  399. 	count, err := x.SQL("SELECT count(*) "+joinSQL, args...).Count()

  400. 	if err != nil {

  401. 		return nil, 0, fmt.Errorf("Count: %v", err)

  402. 	}

  403. 

  404. 	orderby := opts.SortType.String()

  405. 	if orderby == "" {

  406. 		orderby = SearchEmailOrderByEmail.String()

  407. 	}

  408. 

  409. 	querySQL := "SELECT emails.uid, emails.email, emails.is_activated, emails.is_primary, " +

  410. 		"`user`.name, `user`.full_name " + joinSQL + " ORDER BY " + orderby

  411. 

  412. 	opts.setDefaultValues()

  413. 

  414. 	rows, err := x.SQL(querySQL, args...).Rows(new(SearchEmailResult))

  415. 	if err != nil {

  416. 		return nil, 0, fmt.Errorf("Emails: %v", err)

  417. 	}

  418. 

  419. 	// Page manually because xorm can't handle Limit() with raw SQL

  420. 	defer rows.Close()

  421. 

  422. 	emails := make([]*SearchEmailResult, 0, opts.PageSize)

  423. 	skip := (opts.Page - 1) * opts.PageSize

  424. 

  425. 	for rows.Next() {

  426. 		var email SearchEmailResult

  427. 		if err := rows.Scan(&email); err != nil {

  428. 			return nil, 0, err

  429. 		}

  430. 		if skip > 0 {

  431. 			skip--

  432. 			continue

  433. 		}

  434. 		emails = append(emails, &email)

  435. 		if len(emails) == opts.PageSize {

  436. 			break

  437. 		}

  438. 	}

  439. 

  440. 	return emails, count, err

  441. }

  442. 

  443. // ActivateUserEmail will change the activated state of an email address,

  444. // either primary (in the user table) or secondary (in the email_address table)

  445. func ActivateUserEmail(userID int64, email string, primary, activate bool) (err error) {

  446. 	sess := x.NewSession()

  447. 	defer sess.Close()

  448. 	if err = sess.Begin(); err != nil {

  449. 		return err

  450. 	}

  451. 	if primary {

  452. 		// Activate/deactivate a user's primary email address

  453. 		user := User{ID: userID, Email: email}

  454. 		if has, err := sess.Get(&user); err != nil {

  455. 			return err

  456. 		} else if !has {

  457. 			return fmt.Errorf("no such user: %d (%s)", userID, email)

  458. 		}

  459. 		if user.IsActive == activate {

  460. 			// Already in the desired state; no action

  461. 			return nil

  462. 		}

  463. 		if activate {

  464. 			if used, err := isEmailActive(sess, email, userID, 0); err != nil {

  465. 				return fmt.Errorf("isEmailActive(): %v", err)

  466. 			} else if used {

  467. 				return ErrEmailAlreadyUsed{Email: email}

  468. 			}

  469. 		}

  470. 		user.IsActive = activate

  471. 		if user.Rands, err = GetUserSalt(); err != nil {

  472. 			return fmt.Errorf("generate salt: %v", err)

  473. 		}

  474. 		if err = updateUserCols(sess, &user, "is_active", "rands"); err != nil {

  475. 			return fmt.Errorf("updateUserCols(): %v", err)

  476. 		}

  477. 	} else {

  478. 		// Activate/deactivate a user's secondary email address

  479. 		// First check if there's another user active with the same address

  480. 		addr := EmailAddress{UID: userID, Email: email}

  481. 		if has, err := sess.Get(&addr); err != nil {

  482. 			return err

  483. 		} else if !has {

  484. 			return fmt.Errorf("no such email: %d (%s)", userID, email)

  485. 		}

  486. 		if addr.IsActivated == activate {

  487. 			// Already in the desired state; no action

  488. 			return nil

  489. 		}

  490. 		if activate {

  491. 			if used, err := isEmailActive(sess, email, 0, addr.ID); err != nil {

  492. 				return fmt.Errorf("isEmailActive(): %v", err)

  493. 			} else if used {

  494. 				return ErrEmailAlreadyUsed{Email: email}

  495. 			}

  496. 		}

  497. 		if err = addr.updateActivation(sess, activate); err != nil {

  498. 			return fmt.Errorf("updateActivation(): %v", err)

  499. 		}

  500. 	}

  501. 	return sess.Commit()

  502. }