mirrors
/
gitea
espejo de https://github.com/go-gitea/gitea.git
Seguir 1
Destacar 0
Fork 0
Código Incidencias 0 Lanzamientos 211 Wiki Actividad
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11373 Commits
17 Ramas
Árbol: d0b8e3c8e1
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'd0b8e3c8e1'
${ noResults }
gitea/models/user_mail.go

user_mail.go 13KB
Original Blame Histórico

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500 
  1. // Copyright 2016 The Gogs Authors. All rights reserved.

  2. // Copyright 2020 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package models

  7. 

  8. import (

  9. 	"errors"

  10. 	"fmt"

  11. 	"net/mail"

  12. 	"strings"

  13. 

  14. 	"code.gitea.io/gitea/modules/log"

  15. 	"code.gitea.io/gitea/modules/setting"

  16. 	"code.gitea.io/gitea/modules/util"

  17. 

  18. 	"xorm.io/builder"

  19. )

  20. 

  21. // ErrEmailAddressNotExist email address not exist

  22. var ErrEmailAddressNotExist = errors.New("Email address does not exist")

  23. 

  24. // EmailAddress is the list of all email addresses of a user. Can contain the

  25. // primary email address, but is not obligatory.

  26. type EmailAddress struct {

  27. 	ID          int64  `xorm:"pk autoincr"`

  28. 	UID         int64  `xorm:"INDEX NOT NULL"`

  29. 	Email       string `xorm:"UNIQUE NOT NULL"`

  30. 	IsActivated bool

  31. 	IsPrimary   bool `xorm:"-"`

  32. }

  33. 

  34. // ValidateEmail check if email is a allowed address

  35. func ValidateEmail(email string) error {

  36. 	if len(email) == 0 {

  37. 		return nil

  38. 	}

  39. 

  40. 	if _, err := mail.ParseAddress(email); err != nil {

  41. 		return ErrEmailInvalid{email}

  42. 	}

  43. 

  44. 	// TODO: add an email allow/block list

  45. 

  46. 	return nil

  47. }

  48. 

  49. // GetEmailAddresses returns all email addresses belongs to given user.

  50. func GetEmailAddresses(uid int64) ([]*EmailAddress, error) {

  51. 	emails := make([]*EmailAddress, 0, 5)

  52. 	if err := x.

  53. 		Where("uid=?", uid).

  54. 		Find(&emails); err != nil {

  55. 		return nil, err

  56. 	}

  57. 

  58. 	u, err := GetUserByID(uid)

  59. 	if err != nil {

  60. 		return nil, err

  61. 	}

  62. 

  63. 	isPrimaryFound := false

  64. 	for _, email := range emails {

  65. 		if email.Email == u.Email {

  66. 			isPrimaryFound = true

  67. 			email.IsPrimary = true

  68. 		} else {

  69. 			email.IsPrimary = false

  70. 		}

  71. 	}

  72. 

  73. 	// We always want the primary email address displayed, even if it's not in

  74. 	// the email address table (yet).

  75. 	if !isPrimaryFound {

  76. 		emails = append(emails, &EmailAddress{

  77. 			Email:       u.Email,

  78. 			IsActivated: u.IsActive,

  79. 			IsPrimary:   true,

  80. 		})

  81. 	}

  82. 	return emails, nil

  83. }

  84. 

  85. // GetEmailAddressByID gets a user's email address by ID

  86. func GetEmailAddressByID(uid, id int64) (*EmailAddress, error) {

  87. 	// User ID is required for security reasons

  88. 	email := &EmailAddress{UID: uid}

  89. 	if has, err := x.ID(id).Get(email); err != nil {

  90. 		return nil, err

  91. 	} else if !has {

  92. 		return nil, nil

  93. 	}

  94. 	return email, nil

  95. }

  96. 

  97. func isEmailActive(e Engine, email string, userID, emailID int64) (bool, error) {

  98. 	if len(email) == 0 {

  99. 		return true, nil

  100. 	}

  101. 

  102. 	// Can't filter by boolean field unless it's explicit

  103. 	cond := builder.NewCond()

  104. 	cond = cond.And(builder.Eq{"email": email}, builder.Neq{"id": emailID})

  105. 	if setting.Service.RegisterEmailConfirm {

  106. 		// Inactive (unvalidated) addresses don't count as active if email validation is required

  107. 		cond = cond.And(builder.Eq{"is_activated": true})

  108. 	}

  109. 

  110. 	em := EmailAddress{}

  111. 

  112. 	if has, err := e.Where(cond).Get(&em); has || err != nil {

  113. 		if has {

  114. 			log.Info("isEmailActive('%s',%d,%d) found duplicate in email ID %d", email, userID, emailID, em.ID)

  115. 		}

  116. 		return has, err

  117. 	}

  118. 

  119. 	// Can't filter by boolean field unless it's explicit

  120. 	cond = builder.NewCond()

  121. 	cond = cond.And(builder.Eq{"email": email}, builder.Neq{"id": userID})

  122. 	if setting.Service.RegisterEmailConfirm {

  123. 		cond = cond.And(builder.Eq{"is_active": true})

  124. 	}

  125. 

  126. 	us := User{}

  127. 

  128. 	if has, err := e.Where(cond).Get(&us); has || err != nil {

  129. 		if has {

  130. 			log.Info("isEmailActive('%s',%d,%d) found duplicate in user ID %d", email, userID, emailID, us.ID)

  131. 		}

  132. 		return has, err

  133. 	}

  134. 

  135. 	return false, nil

  136. }

  137. 

  138. func isEmailUsed(e Engine, email string) (bool, error) {

  139. 	if len(email) == 0 {

  140. 		return true, nil

  141. 	}

  142. 

  143. 	return e.Where("email=?", email).Get(&EmailAddress{})

  144. }

  145. 

  146. // IsEmailUsed returns true if the email has been used.

  147. func IsEmailUsed(email string) (bool, error) {

  148. 	return isEmailUsed(x, email)

  149. }

  150. 

  151. func addEmailAddress(e Engine, email *EmailAddress) error {

  152. 	email.Email = strings.ToLower(strings.TrimSpace(email.Email))

  153. 	used, err := isEmailUsed(e, email.Email)

  154. 	if err != nil {

  155. 		return err

  156. 	} else if used {

  157. 		return ErrEmailAlreadyUsed{email.Email}

  158. 	}

  159. 

  160. 	if err = ValidateEmail(email.Email); err != nil {

  161. 		return err

  162. 	}

  163. 

  164. 	_, err = e.Insert(email)

  165. 	return err

  166. }

  167. 

  168. // AddEmailAddress adds an email address to given user.

  169. func AddEmailAddress(email *EmailAddress) error {

  170. 	return addEmailAddress(x, email)

  171. }

  172. 

  173. // AddEmailAddresses adds an email address to given user.

  174. func AddEmailAddresses(emails []*EmailAddress) error {

  175. 	if len(emails) == 0 {

  176. 		return nil

  177. 	}

  178. 

  179. 	// Check if any of them has been used

  180. 	for i := range emails {

  181. 		emails[i].Email = strings.ToLower(strings.TrimSpace(emails[i].Email))

  182. 		used, err := IsEmailUsed(emails[i].Email)

  183. 		if err != nil {

  184. 			return err

  185. 		} else if used {

  186. 			return ErrEmailAlreadyUsed{emails[i].Email}

  187. 		}

  188. 		if err = ValidateEmail(emails[i].Email); err != nil {

  189. 			return err

  190. 		}

  191. 	}

  192. 

  193. 	if _, err := x.Insert(emails); err != nil {

  194. 		return fmt.Errorf("Insert: %v", err)

  195. 	}

  196. 

  197. 	return nil

  198. }

  199. 

  200. // Activate activates the email address to given user.

  201. func (email *EmailAddress) Activate() error {

  202. 	sess := x.NewSession()

  203. 	defer sess.Close()

  204. 	if err := sess.Begin(); err != nil {

  205. 		return err

  206. 	}

  207. 	if err := email.updateActivation(sess, true); err != nil {

  208. 		return err

  209. 	}

  210. 	return sess.Commit()

  211. }

  212. 

  213. func (email *EmailAddress) updateActivation(e Engine, activate bool) error {

  214. 	user, err := getUserByID(e, email.UID)

  215. 	if err != nil {

  216. 		return err

  217. 	}

  218. 	if user.Rands, err = GetUserSalt(); err != nil {

  219. 		return err

  220. 	}

  221. 	email.IsActivated = activate

  222. 	if _, err := e.ID(email.ID).Cols("is_activated").Update(email); err != nil {

  223. 		return err

  224. 	}

  225. 	return updateUserCols(e, user, "rands")

  226. }

  227. 

  228. // DeleteEmailAddress deletes an email address of given user.

  229. func DeleteEmailAddress(email *EmailAddress) (err error) {

  230. 	var deleted int64

  231. 	// ask to check UID

  232. 	address := EmailAddress{

  233. 		UID: email.UID,

  234. 	}

  235. 	if email.ID > 0 {

  236. 		deleted, err = x.ID(email.ID).Delete(&address)

  237. 	} else {

  238. 		deleted, err = x.

  239. 			Where("email=?", email.Email).

  240. 			Delete(&address)

  241. 	}

  242. 

  243. 	if err != nil {

  244. 		return err

  245. 	} else if deleted != 1 {

  246. 		return ErrEmailAddressNotExist

  247. 	}

  248. 	return nil

  249. }

  250. 

  251. // DeleteEmailAddresses deletes multiple email addresses

  252. func DeleteEmailAddresses(emails []*EmailAddress) (err error) {

  253. 	for i := range emails {

  254. 		if err = DeleteEmailAddress(emails[i]); err != nil {

  255. 			return err

  256. 		}

  257. 	}

  258. 

  259. 	return nil

  260. }

  261. 

  262. // MakeEmailPrimary sets primary email address of given user.

  263. func MakeEmailPrimary(email *EmailAddress) error {

  264. 	has, err := x.Get(email)

  265. 	if err != nil {

  266. 		return err

  267. 	} else if !has {

  268. 		return ErrEmailNotExist

  269. 	}

  270. 

  271. 	if !email.IsActivated {

  272. 		return ErrEmailNotActivated

  273. 	}

  274. 

  275. 	user := &User{}

  276. 	has, err = x.ID(email.UID).Get(user)

  277. 	if err != nil {

  278. 		return err

  279. 	} else if !has {

  280. 		return ErrUserNotExist{email.UID, "", 0}

  281. 	}

  282. 

  283. 	// Make sure the former primary email doesn't disappear.

  284. 	formerPrimaryEmail := &EmailAddress{UID: user.ID, Email: user.Email}

  285. 	has, err = x.Get(formerPrimaryEmail)

  286. 	if err != nil {

  287. 		return err

  288. 	}

  289. 

  290. 	sess := x.NewSession()

  291. 	defer sess.Close()

  292. 	if err = sess.Begin(); err != nil {

  293. 		return err

  294. 	}

  295. 

  296. 	if !has {

  297. 		formerPrimaryEmail.UID = user.ID

  298. 		formerPrimaryEmail.IsActivated = user.IsActive

  299. 		if _, err = sess.Insert(formerPrimaryEmail); err != nil {

  300. 			return err

  301. 		}

  302. 	}

  303. 

  304. 	user.Email = email.Email

  305. 	if _, err = sess.ID(user.ID).Cols("email").Update(user); err != nil {

  306. 		return err

  307. 	}

  308. 

  309. 	return sess.Commit()

  310. }

  311. 

  312. // SearchEmailOrderBy is used to sort the results from SearchEmails()

  313. type SearchEmailOrderBy string

  314. 

  315. func (s SearchEmailOrderBy) String() string {

  316. 	return string(s)

  317. }

  318. 

  319. // Strings for sorting result

  320. const (

  321. 	SearchEmailOrderByEmail        SearchEmailOrderBy = "emails.email ASC, is_primary DESC, sortid ASC"

  322. 	SearchEmailOrderByEmailReverse SearchEmailOrderBy = "emails.email DESC, is_primary ASC, sortid DESC"

  323. 	SearchEmailOrderByName         SearchEmailOrderBy = "`user`.lower_name ASC, is_primary DESC, sortid ASC"

  324. 	SearchEmailOrderByNameReverse  SearchEmailOrderBy = "`user`.lower_name DESC, is_primary ASC, sortid DESC"

  325. )

  326. 

  327. // SearchEmailOptions are options to search e-mail addresses for the admin panel

  328. type SearchEmailOptions struct {

  329. 	ListOptions

  330. 	Keyword     string

  331. 	SortType    SearchEmailOrderBy

  332. 	IsPrimary   util.OptionalBool

  333. 	IsActivated util.OptionalBool

  334. }

  335. 

  336. // SearchEmailResult is an e-mail address found in the user or email_address table

  337. type SearchEmailResult struct {

  338. 	UID         int64

  339. 	Email       string

  340. 	IsActivated bool

  341. 	IsPrimary   bool

  342. 	// From User

  343. 	Name     string

  344. 	FullName string

  345. }

  346. 

  347. // SearchEmails takes options i.e. keyword and part of email name to search,

  348. // it returns results in given range and number of total results.

  349. func SearchEmails(opts *SearchEmailOptions) ([]*SearchEmailResult, int64, error) {

  350. 	// Unfortunately, UNION support for SQLite in xorm is currently broken, so we must

  351. 	// build the SQL ourselves.

  352. 	where := make([]string, 0, 5)

  353. 	args := make([]interface{}, 0, 5)

  354. 

  355. 	emailsSQL := "(SELECT id as sortid, uid, email, is_activated, 0 as is_primary " +

  356. 		"FROM email_address " +

  357. 		"UNION ALL " +

  358. 		"SELECT id as sortid, id AS uid, email, is_active AS is_activated, 1 as is_primary " +

  359. 		"FROM `user` " +

  360. 		"WHERE type = ?) AS emails"

  361. 	args = append(args, UserTypeIndividual)

  362. 

  363. 	if len(opts.Keyword) > 0 {

  364. 		// Note: % can be injected in the Keyword parameter, but it won't do any harm.

  365. 		where = append(where, "(lower(`user`.full_name) LIKE ? OR `user`.lower_name LIKE ? OR emails.email LIKE ?)")

  366. 		likeStr := "%" + strings.ToLower(opts.Keyword) + "%"

  367. 		args = append(args, likeStr)

  368. 		args = append(args, likeStr)

  369. 		args = append(args, likeStr)

  370. 	}

  371. 

  372. 	switch {

  373. 	case opts.IsPrimary.IsTrue():

  374. 		where = append(where, "emails.is_primary = ?")

  375. 		args = append(args, true)

  376. 	case opts.IsPrimary.IsFalse():

  377. 		where = append(where, "emails.is_primary = ?")

  378. 		args = append(args, false)

  379. 	}

  380. 

  381. 	switch {

  382. 	case opts.IsActivated.IsTrue():

  383. 		where = append(where, "emails.is_activated = ?")

  384. 		args = append(args, true)

  385. 	case opts.IsActivated.IsFalse():

  386. 		where = append(where, "emails.is_activated = ?")

  387. 		args = append(args, false)

  388. 	}

  389. 

  390. 	var whereStr string

  391. 	if len(where) > 0 {

  392. 		whereStr = "WHERE " + strings.Join(where, " AND ")

  393. 	}

  394. 

  395. 	joinSQL := "FROM " + emailsSQL + " INNER JOIN `user` ON `user`.id = emails.uid " + whereStr

  396. 

  397. 	count, err := x.SQL("SELECT count(*) "+joinSQL, args...).Count()

  398. 	if err != nil {

  399. 		return nil, 0, fmt.Errorf("Count: %v", err)

  400. 	}

  401. 

  402. 	orderby := opts.SortType.String()

  403. 	if orderby == "" {

  404. 		orderby = SearchEmailOrderByEmail.String()

  405. 	}

  406. 

  407. 	querySQL := "SELECT emails.uid, emails.email, emails.is_activated, emails.is_primary, " +

  408. 		"`user`.name, `user`.full_name " + joinSQL + " ORDER BY " + orderby

  409. 

  410. 	opts.setDefaultValues()

  411. 

  412. 	rows, err := x.SQL(querySQL, args...).Rows(new(SearchEmailResult))

  413. 	if err != nil {

  414. 		return nil, 0, fmt.Errorf("Emails: %v", err)

  415. 	}

  416. 

  417. 	// Page manually because xorm can't handle Limit() with raw SQL

  418. 	defer rows.Close()

  419. 

  420. 	emails := make([]*SearchEmailResult, 0, opts.PageSize)

  421. 	skip := (opts.Page - 1) * opts.PageSize

  422. 

  423. 	for rows.Next() {

  424. 		var email SearchEmailResult

  425. 		if err := rows.Scan(&email); err != nil {

  426. 			return nil, 0, err

  427. 		}

  428. 		if skip > 0 {

  429. 			skip--

  430. 			continue

  431. 		}

  432. 		emails = append(emails, &email)

  433. 		if len(emails) == opts.PageSize {

  434. 			break

  435. 		}

  436. 	}

  437. 

  438. 	return emails, count, err

  439. }

  440. 

  441. // ActivateUserEmail will change the activated state of an email address,

  442. // either primary (in the user table) or secondary (in the email_address table)

  443. func ActivateUserEmail(userID int64, email string, primary, activate bool) (err error) {

  444. 	sess := x.NewSession()

  445. 	defer sess.Close()

  446. 	if err = sess.Begin(); err != nil {

  447. 		return err

  448. 	}

  449. 	if primary {

  450. 		// Activate/deactivate a user's primary email address

  451. 		user := User{ID: userID, Email: email}

  452. 		if has, err := sess.Get(&user); err != nil {

  453. 			return err

  454. 		} else if !has {

  455. 			return fmt.Errorf("no such user: %d (%s)", userID, email)

  456. 		}

  457. 		if user.IsActive == activate {

  458. 			// Already in the desired state; no action

  459. 			return nil

  460. 		}

  461. 		if activate {

  462. 			if used, err := isEmailActive(sess, email, userID, 0); err != nil {

  463. 				return fmt.Errorf("isEmailActive(): %v", err)

  464. 			} else if used {

  465. 				return ErrEmailAlreadyUsed{Email: email}

  466. 			}

  467. 		}

  468. 		user.IsActive = activate

  469. 		if user.Rands, err = GetUserSalt(); err != nil {

  470. 			return fmt.Errorf("generate salt: %v", err)

  471. 		}

  472. 		if err = updateUserCols(sess, &user, "is_active", "rands"); err != nil {

  473. 			return fmt.Errorf("updateUserCols(): %v", err)

  474. 		}

  475. 	} else {

  476. 		// Activate/deactivate a user's secondary email address

  477. 		// First check if there's another user active with the same address

  478. 		addr := EmailAddress{UID: userID, Email: email}

  479. 		if has, err := sess.Get(&addr); err != nil {

  480. 			return err

  481. 		} else if !has {

  482. 			return fmt.Errorf("no such email: %d (%s)", userID, email)

  483. 		}

  484. 		if addr.IsActivated == activate {

  485. 			// Already in the desired state; no action

  486. 			return nil

  487. 		}

  488. 		if activate {

  489. 			if used, err := isEmailActive(sess, email, 0, addr.ID); err != nil {

  490. 				return fmt.Errorf("isEmailActive(): %v", err)

  491. 			} else if used {

  492. 				return ErrEmailAlreadyUsed{Email: email}

  493. 			}

  494. 		}

  495. 		if err = addr.updateActivation(sess, activate); err != nil {

  496. 			return fmt.Errorf("updateActivation(): %v", err)

  497. 		}

  498. 	}

  499. 	return sess.Commit()

  500. }