mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4368 Commits
17 Branches
Tree: ddee4c8b58
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ddee4c8b58'
${ noResults }
gitea/routers/user/auth.go

auth.go 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package user

  6. 

  7. import (

  8. 	"fmt"

  9. 	"net/url"

  10. 

  11. 	"github.com/go-macaron/captcha"

  12. 

  13. 	"code.gitea.io/gitea/models"

  14. 	"code.gitea.io/gitea/modules/auth"

  15. 	"code.gitea.io/gitea/modules/base"

  16. 	"code.gitea.io/gitea/modules/context"

  17. 	"code.gitea.io/gitea/modules/log"

  18. 	"code.gitea.io/gitea/modules/setting"

  19. )

  20. 

  21. const (

  22. 	SIGNIN          base.TplName = "user/auth/signin"

  23. 	SIGNUP          base.TplName = "user/auth/signup"

  24. 	ACTIVATE        base.TplName = "user/auth/activate"

  25. 	FORGOT_PASSWORD base.TplName = "user/auth/forgot_passwd"

  26. 	RESET_PASSWORD  base.TplName = "user/auth/reset_passwd"

  27. )

  28. 

  29. // AutoSignIn reads cookie and try to auto-login.

  30. func AutoSignIn(ctx *context.Context) (bool, error) {

  31. 	if !models.HasEngine {

  32. 		return false, nil

  33. 	}

  34. 

  35. 	uname := ctx.GetCookie(setting.CookieUserName)

  36. 	if len(uname) == 0 {

  37. 		return false, nil

  38. 	}

  39. 

  40. 	isSucceed := false

  41. 	defer func() {

  42. 		if !isSucceed {

  43. 			log.Trace("auto-login cookie cleared: %s", uname)

  44. 			ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)

  45. 			ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)

  46. 		}

  47. 	}()

  48. 

  49. 	u, err := models.GetUserByName(uname)

  50. 	if err != nil {

  51. 		if !models.IsErrUserNotExist(err) {

  52. 			return false, fmt.Errorf("GetUserByName: %v", err)

  53. 		}

  54. 		return false, nil

  55. 	}

  56. 

  57. 	if val, _ := ctx.GetSuperSecureCookie(

  58. 		base.EncodeMD5(u.Rands+u.Passwd), setting.CookieRememberName); val != u.Name {

  59. 		return false, nil

  60. 	}

  61. 

  62. 	isSucceed = true

  63. 	ctx.Session.Set("uid", u.ID)

  64. 	ctx.Session.Set("uname", u.Name)

  65. 	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)

  66. 	return true, nil

  67. }

  68. 

  69. func SignIn(ctx *context.Context) {

  70. 	ctx.Data["Title"] = ctx.Tr("sign_in")

  71. 

  72. 	// Check auto-login.

  73. 	isSucceed, err := AutoSignIn(ctx)

  74. 	if err != nil {

  75. 		ctx.Handle(500, "AutoSignIn", err)

  76. 		return

  77. 	}

  78. 

  79. 	redirectTo := ctx.Query("redirect_to")

  80. 	if len(redirectTo) > 0 {

  81. 		ctx.SetCookie("redirect_to", redirectTo, 0, setting.AppSubUrl)

  82. 	} else {

  83. 		redirectTo, _ = url.QueryUnescape(ctx.GetCookie("redirect_to"))

  84. 	}

  85. 

  86. 	if isSucceed {

  87. 		if len(redirectTo) > 0 {

  88. 			ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)

  89. 			ctx.Redirect(redirectTo)

  90. 		} else {

  91. 			ctx.Redirect(setting.AppSubUrl + "/")

  92. 		}

  93. 		return

  94. 	}

  95. 

  96. 	ctx.HTML(200, SIGNIN)

  97. }

  98. 

  99. func SignInPost(ctx *context.Context, form auth.SignInForm) {

  100. 	ctx.Data["Title"] = ctx.Tr("sign_in")

  101. 

  102. 	if ctx.HasError() {

  103. 		ctx.HTML(200, SIGNIN)

  104. 		return

  105. 	}

  106. 

  107. 	u, err := models.UserSignIn(form.UserName, form.Password)

  108. 	if err != nil {

  109. 		if models.IsErrUserNotExist(err) {

  110. 			ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), SIGNIN, &form)

  111. 		} else {

  112. 			ctx.Handle(500, "UserSignIn", err)

  113. 		}

  114. 		return

  115. 	}

  116. 

  117. 	if form.Remember {

  118. 		days := 86400 * setting.LogInRememberDays

  119. 		ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubUrl)

  120. 		ctx.SetSuperSecureCookie(base.EncodeMD5(u.Rands+u.Passwd),

  121. 			setting.CookieRememberName, u.Name, days, setting.AppSubUrl)

  122. 	}

  123. 

  124. 	ctx.Session.Set("uid", u.ID)

  125. 	ctx.Session.Set("uname", u.Name)

  126. 

  127. 	// Clear whatever CSRF has right now, force to generate a new one

  128. 	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)

  129. 

  130. 	// Register last login

  131. 	u.SetLastLogin()

  132. 	if err := models.UpdateUser(u); err != nil {

  133. 		ctx.Handle(500, "UpdateUser", err)

  134. 		return

  135. 	}

  136. 

  137. 	if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {

  138. 		ctx.SetCookie("redirect_to", "", -1, setting.AppSubUrl)

  139. 		ctx.Redirect(redirectTo)

  140. 		return

  141. 	}

  142. 

  143. 	ctx.Redirect(setting.AppSubUrl + "/")

  144. }

  145. 

  146. func SignOut(ctx *context.Context) {

  147. 	ctx.Session.Delete("uid")

  148. 	ctx.Session.Delete("uname")

  149. 	ctx.Session.Delete("socialId")

  150. 	ctx.Session.Delete("socialName")

  151. 	ctx.Session.Delete("socialEmail")

  152. 	ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubUrl)

  153. 	ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubUrl)

  154. 	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubUrl)

  155. 	ctx.Redirect(setting.AppSubUrl + "/")

  156. }

  157. 

  158. func SignUp(ctx *context.Context) {

  159. 	ctx.Data["Title"] = ctx.Tr("sign_up")

  160. 

  161. 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha

  162. 

  163. 	if setting.Service.DisableRegistration {

  164. 		ctx.Data["DisableRegistration"] = true

  165. 		ctx.HTML(200, SIGNUP)

  166. 		return

  167. 	}

  168. 

  169. 	ctx.HTML(200, SIGNUP)

  170. }

  171. 

  172. func SignUpPost(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterForm) {

  173. 	ctx.Data["Title"] = ctx.Tr("sign_up")

  174. 

  175. 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha

  176. 

  177. 	if setting.Service.DisableRegistration {

  178. 		ctx.Error(403)

  179. 		return

  180. 	}

  181. 

  182. 	if ctx.HasError() {

  183. 		ctx.HTML(200, SIGNUP)

  184. 		return

  185. 	}

  186. 

  187. 	if setting.Service.EnableCaptcha && !cpt.VerifyReq(ctx.Req) {

  188. 		ctx.Data["Err_Captcha"] = true

  189. 		ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), SIGNUP, &form)

  190. 		return

  191. 	}

  192. 

  193. 	if form.Password != form.Retype {

  194. 		ctx.Data["Err_Password"] = true

  195. 		ctx.RenderWithErr(ctx.Tr("form.password_not_match"), SIGNUP, &form)

  196. 		return

  197. 	}

  198. 

  199. 	u := &models.User{

  200. 		Name:     form.UserName,

  201. 		Email:    form.Email,

  202. 		Passwd:   form.Password,

  203. 		IsActive: !setting.Service.RegisterEmailConfirm,

  204. 	}

  205. 	if err := models.CreateUser(u); err != nil {

  206. 		switch {

  207. 		case models.IsErrUserAlreadyExist(err):

  208. 			ctx.Data["Err_UserName"] = true

  209. 			ctx.RenderWithErr(ctx.Tr("form.username_been_taken"), SIGNUP, &form)

  210. 		case models.IsErrEmailAlreadyUsed(err):

  211. 			ctx.Data["Err_Email"] = true

  212. 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), SIGNUP, &form)

  213. 		case models.IsErrNameReserved(err):

  214. 			ctx.Data["Err_UserName"] = true

  215. 			ctx.RenderWithErr(ctx.Tr("user.form.name_reserved", err.(models.ErrNameReserved).Name), SIGNUP, &form)

  216. 		case models.IsErrNamePatternNotAllowed(err):

  217. 			ctx.Data["Err_UserName"] = true

  218. 			ctx.RenderWithErr(ctx.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), SIGNUP, &form)

  219. 		default:

  220. 			ctx.Handle(500, "CreateUser", err)

  221. 		}

  222. 		return

  223. 	}

  224. 	log.Trace("Account created: %s", u.Name)

  225. 

  226. 	// Auto-set admin for the only user.

  227. 	if models.CountUsers() == 1 {

  228. 		u.IsAdmin = true

  229. 		u.IsActive = true

  230. 		if err := models.UpdateUser(u); err != nil {

  231. 			ctx.Handle(500, "UpdateUser", err)

  232. 			return

  233. 		}

  234. 	}

  235. 

  236. 	// Send confirmation email, no need for social account.

  237. 	if setting.Service.RegisterEmailConfirm && u.ID > 1 {

  238. 		models.SendActivateAccountMail(ctx.Context, u)

  239. 		ctx.Data["IsSendRegisterMail"] = true

  240. 		ctx.Data["Email"] = u.Email

  241. 		ctx.Data["Hours"] = setting.Service.ActiveCodeLives / 60

  242. 		ctx.HTML(200, ACTIVATE)

  243. 

  244. 		if err := ctx.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil {

  245. 			log.Error(4, "Set cache(MailResendLimit) fail: %v", err)

  246. 		}

  247. 		return

  248. 	}

  249. 

  250. 	ctx.Redirect(setting.AppSubUrl + "/user/login")

  251. }

  252. 

  253. func Activate(ctx *context.Context) {

  254. 	code := ctx.Query("code")

  255. 	if len(code) == 0 {

  256. 		ctx.Data["IsActivatePage"] = true

  257. 		if ctx.User.IsActive {

  258. 			ctx.Error(404)

  259. 			return

  260. 		}

  261. 		// Resend confirmation email.

  262. 		if setting.Service.RegisterEmailConfirm {

  263. 			if ctx.Cache.IsExist("MailResendLimit_" + ctx.User.LowerName) {

  264. 				ctx.Data["ResendLimited"] = true

  265. 			} else {

  266. 				ctx.Data["Hours"] = setting.Service.ActiveCodeLives / 60

  267. 				models.SendActivateAccountMail(ctx.Context, ctx.User)

  268. 

  269. 				if err := ctx.Cache.Put("MailResendLimit_"+ctx.User.LowerName, ctx.User.LowerName, 180); err != nil {

  270. 					log.Error(4, "Set cache(MailResendLimit) fail: %v", err)

  271. 				}

  272. 			}

  273. 		} else {

  274. 			ctx.Data["ServiceNotEnabled"] = true

  275. 		}

  276. 		ctx.HTML(200, ACTIVATE)

  277. 		return

  278. 	}

  279. 

  280. 	// Verify code.

  281. 	if user := models.VerifyUserActiveCode(code); user != nil {

  282. 		user.IsActive = true

  283. 		user.Rands = models.GetUserSalt()

  284. 		if err := models.UpdateUser(user); err != nil {

  285. 			if models.IsErrUserNotExist(err) {

  286. 				ctx.Error(404)

  287. 			} else {

  288. 				ctx.Handle(500, "UpdateUser", err)

  289. 			}

  290. 			return

  291. 		}

  292. 

  293. 		log.Trace("User activated: %s", user.Name)

  294. 

  295. 		ctx.Session.Set("uid", user.ID)

  296. 		ctx.Session.Set("uname", user.Name)

  297. 		ctx.Redirect(setting.AppSubUrl + "/")

  298. 		return

  299. 	}

  300. 

  301. 	ctx.Data["IsActivateFailed"] = true

  302. 	ctx.HTML(200, ACTIVATE)

  303. }

  304. 

  305. func ActivateEmail(ctx *context.Context) {

  306. 	code := ctx.Query("code")

  307. 	email_string := ctx.Query("email")

  308. 

  309. 	// Verify code.

  310. 	if email := models.VerifyActiveEmailCode(code, email_string); email != nil {

  311. 		if err := email.Activate(); err != nil {

  312. 			ctx.Handle(500, "ActivateEmail", err)

  313. 		}

  314. 

  315. 		log.Trace("Email activated: %s", email.Email)

  316. 		ctx.Flash.Success(ctx.Tr("settings.add_email_success"))

  317. 	}

  318. 

  319. 	ctx.Redirect(setting.AppSubUrl + "/user/settings/email")

  320. 	return

  321. }

  322. 

  323. func ForgotPasswd(ctx *context.Context) {

  324. 	ctx.Data["Title"] = ctx.Tr("auth.forgot_password")

  325. 

  326. 	if setting.MailService == nil {

  327. 		ctx.Data["IsResetDisable"] = true

  328. 		ctx.HTML(200, FORGOT_PASSWORD)

  329. 		return

  330. 	}

  331. 

  332. 	ctx.Data["IsResetRequest"] = true

  333. 	ctx.HTML(200, FORGOT_PASSWORD)

  334. }

  335. 

  336. func ForgotPasswdPost(ctx *context.Context) {

  337. 	ctx.Data["Title"] = ctx.Tr("auth.forgot_password")

  338. 

  339. 	if setting.MailService == nil {

  340. 		ctx.Handle(403, "ForgotPasswdPost", nil)

  341. 		return

  342. 	}

  343. 	ctx.Data["IsResetRequest"] = true

  344. 

  345. 	email := ctx.Query("email")

  346. 	ctx.Data["Email"] = email

  347. 

  348. 	u, err := models.GetUserByEmail(email)

  349. 	if err != nil {

  350. 		if models.IsErrUserNotExist(err) {

  351. 			ctx.Data["Hours"] = setting.Service.ActiveCodeLives / 60

  352. 			ctx.Data["IsResetSent"] = true

  353. 			ctx.HTML(200, FORGOT_PASSWORD)

  354. 			return

  355. 		} else {

  356. 			ctx.Handle(500, "user.ResetPasswd(check existence)", err)

  357. 		}

  358. 		return

  359. 	}

  360. 

  361. 	if !u.IsLocal() {

  362. 		ctx.Data["Err_Email"] = true

  363. 		ctx.RenderWithErr(ctx.Tr("auth.non_local_account"), FORGOT_PASSWORD, nil)

  364. 		return

  365. 	}

  366. 

  367. 	if ctx.Cache.IsExist("MailResendLimit_" + u.LowerName) {

  368. 		ctx.Data["ResendLimited"] = true

  369. 		ctx.HTML(200, FORGOT_PASSWORD)

  370. 		return

  371. 	}

  372. 

  373. 	models.SendResetPasswordMail(ctx.Context, u)

  374. 	if err = ctx.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil {

  375. 		log.Error(4, "Set cache(MailResendLimit) fail: %v", err)

  376. 	}

  377. 

  378. 	ctx.Data["Hours"] = setting.Service.ActiveCodeLives / 60

  379. 	ctx.Data["IsResetSent"] = true

  380. 	ctx.HTML(200, FORGOT_PASSWORD)

  381. }

  382. 

  383. func ResetPasswd(ctx *context.Context) {

  384. 	ctx.Data["Title"] = ctx.Tr("auth.reset_password")

  385. 

  386. 	code := ctx.Query("code")

  387. 	if len(code) == 0 {

  388. 		ctx.Error(404)

  389. 		return

  390. 	}

  391. 	ctx.Data["Code"] = code

  392. 	ctx.Data["IsResetForm"] = true

  393. 	ctx.HTML(200, RESET_PASSWORD)

  394. }

  395. 

  396. func ResetPasswdPost(ctx *context.Context) {

  397. 	ctx.Data["Title"] = ctx.Tr("auth.reset_password")

  398. 

  399. 	code := ctx.Query("code")

  400. 	if len(code) == 0 {

  401. 		ctx.Error(404)

  402. 		return

  403. 	}

  404. 	ctx.Data["Code"] = code

  405. 

  406. 	if u := models.VerifyUserActiveCode(code); u != nil {

  407. 		// Validate password length.

  408. 		passwd := ctx.Query("password")

  409. 		if len(passwd) < 6 {

  410. 			ctx.Data["IsResetForm"] = true

  411. 			ctx.Data["Err_Password"] = true

  412. 			ctx.RenderWithErr(ctx.Tr("auth.password_too_short"), RESET_PASSWORD, nil)

  413. 			return

  414. 		}

  415. 

  416. 		u.Passwd = passwd

  417. 		u.Rands = models.GetUserSalt()

  418. 		u.Salt = models.GetUserSalt()

  419. 		u.EncodePasswd()

  420. 		if err := models.UpdateUser(u); err != nil {

  421. 			ctx.Handle(500, "UpdateUser", err)

  422. 			return

  423. 		}

  424. 

  425. 		log.Trace("User password reset: %s", u.Name)

  426. 		ctx.Redirect(setting.AppSubUrl + "/user/login")

  427. 		return

  428. 	}

  429. 

  430. 	ctx.Data["IsResetFailed"] = true

  431. 	ctx.HTML(200, RESET_PASSWORD)

  432. }