12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154 |
- // Copyright 2014 The Gogs Authors. All rights reserved.
- // Copyright 2019 The Gitea Authors. All rights reserved.
- // Use of this source code is governed by a MIT-style
- // license that can be found in the LICENSE file.
-
- package user
-
- import (
- "context"
- "crypto/sha256"
- "crypto/subtle"
- "encoding/hex"
- "fmt"
- "net/url"
- "os"
- "path/filepath"
- "strings"
- "time"
-
- _ "image/jpeg" // Needed for jpeg support
-
- "code.gitea.io/gitea/models/auth"
- "code.gitea.io/gitea/models/db"
- "code.gitea.io/gitea/modules/auth/openid"
- "code.gitea.io/gitea/modules/base"
- "code.gitea.io/gitea/modules/git"
- "code.gitea.io/gitea/modules/log"
- "code.gitea.io/gitea/modules/setting"
- "code.gitea.io/gitea/modules/structs"
- "code.gitea.io/gitea/modules/timeutil"
- "code.gitea.io/gitea/modules/util"
-
- "golang.org/x/crypto/argon2"
- "golang.org/x/crypto/bcrypt"
- "golang.org/x/crypto/pbkdf2"
- "golang.org/x/crypto/scrypt"
- "xorm.io/builder"
- )
-
- // UserType defines the user type
- type UserType int //revive:disable-line:exported
-
- const (
- // UserTypeIndividual defines an individual user
- UserTypeIndividual UserType = iota // Historic reason to make it starts at 0.
-
- // UserTypeOrganization defines an organization
- UserTypeOrganization
- )
-
- const (
- algoBcrypt = "bcrypt"
- algoScrypt = "scrypt"
- algoArgon2 = "argon2"
- algoPbkdf2 = "pbkdf2"
- )
-
- // AvailableHashAlgorithms represents the available password hashing algorithms
- var AvailableHashAlgorithms = []string{
- algoPbkdf2,
- algoArgon2,
- algoScrypt,
- algoBcrypt,
- }
-
- const (
- // EmailNotificationsEnabled indicates that the user would like to receive all email notifications
- EmailNotificationsEnabled = "enabled"
- // EmailNotificationsOnMention indicates that the user would like to be notified via email when mentioned.
- EmailNotificationsOnMention = "onmention"
- // EmailNotificationsDisabled indicates that the user would not like to be notified via email.
- EmailNotificationsDisabled = "disabled"
- )
-
- // User represents the object of individual and member of organization.
- type User struct {
- ID int64 `xorm:"pk autoincr"`
- LowerName string `xorm:"UNIQUE NOT NULL"`
- Name string `xorm:"UNIQUE NOT NULL"`
- FullName string
- // Email is the primary email address (to be used for communication)
- Email string `xorm:"NOT NULL"`
- KeepEmailPrivate bool
- EmailNotificationsPreference string `xorm:"VARCHAR(20) NOT NULL DEFAULT 'enabled'"`
- Passwd string `xorm:"NOT NULL"`
- PasswdHashAlgo string `xorm:"NOT NULL DEFAULT 'argon2'"`
-
- // MustChangePassword is an attribute that determines if a user
- // is to change his/her password after registration.
- MustChangePassword bool `xorm:"NOT NULL DEFAULT false"`
-
- LoginType auth.Type
- LoginSource int64 `xorm:"NOT NULL DEFAULT 0"`
- LoginName string
- Type UserType
- Location string
- Website string
- Rands string `xorm:"VARCHAR(10)"`
- Salt string `xorm:"VARCHAR(10)"`
- Language string `xorm:"VARCHAR(5)"`
- Description string
-
- CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
- UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
- LastLoginUnix timeutil.TimeStamp `xorm:"INDEX"`
-
- // Remember visibility choice for convenience, true for private
- LastRepoVisibility bool
- // Maximum repository creation limit, -1 means use global default
- MaxRepoCreation int `xorm:"NOT NULL DEFAULT -1"`
-
- // IsActive true: primary email is activated, user can access Web UI and Git SSH.
- // false: an inactive user can only log in Web UI for account operations (ex: activate the account by email), no other access.
- IsActive bool `xorm:"INDEX"`
- // the user is a Gitea admin, who can access all repositories and the admin pages.
- IsAdmin bool
- // true: the user is only allowed to see organizations/repositories that they has explicit rights to.
- // (ex: in private Gitea instances user won't be allowed to see even organizations/repositories that are set as public)
- IsRestricted bool `xorm:"NOT NULL DEFAULT false"`
-
- AllowGitHook bool
- AllowImportLocal bool // Allow migrate repository by local path
- AllowCreateOrganization bool `xorm:"DEFAULT true"`
-
- // true: the user is not allowed to log in Web UI. Git/SSH access could still be allowed (please refer to Git/SSH access related code/documents)
- ProhibitLogin bool `xorm:"NOT NULL DEFAULT false"`
-
- // Avatar
- Avatar string `xorm:"VARCHAR(2048) NOT NULL"`
- AvatarEmail string `xorm:"NOT NULL"`
- UseCustomAvatar bool
-
- // Counters
- NumFollowers int
- NumFollowing int `xorm:"NOT NULL DEFAULT 0"`
- NumStars int
- NumRepos int
-
- // For organization
- NumTeams int
- NumMembers int
- Visibility structs.VisibleType `xorm:"NOT NULL DEFAULT 0"`
- RepoAdminChangeTeamAccess bool `xorm:"NOT NULL DEFAULT false"`
-
- // Preferences
- DiffViewStyle string `xorm:"NOT NULL DEFAULT ''"`
- Theme string `xorm:"NOT NULL DEFAULT ''"`
- KeepActivityPrivate bool `xorm:"NOT NULL DEFAULT false"`
- }
-
- func init() {
- db.RegisterModel(new(User))
- }
-
- // SearchOrganizationsOptions options to filter organizations
- type SearchOrganizationsOptions struct {
- db.ListOptions
- All bool
- }
-
- // ColorFormat writes a colored string to identify this struct
- func (u *User) ColorFormat(s fmt.State) {
- if u == nil {
- log.ColorFprintf(s, "%d:%s",
- log.NewColoredIDValue(0),
- log.NewColoredValue("<nil>"))
- return
- }
- log.ColorFprintf(s, "%d:%s",
- log.NewColoredIDValue(u.ID),
- log.NewColoredValue(u.Name))
- }
-
- // BeforeUpdate is invoked from XORM before updating this object.
- func (u *User) BeforeUpdate() {
- if u.MaxRepoCreation < -1 {
- u.MaxRepoCreation = -1
- }
-
- // Organization does not need email
- u.Email = strings.ToLower(u.Email)
- if !u.IsOrganization() {
- if len(u.AvatarEmail) == 0 {
- u.AvatarEmail = u.Email
- }
- }
-
- u.LowerName = strings.ToLower(u.Name)
- u.Location = base.TruncateString(u.Location, 255)
- u.Website = base.TruncateString(u.Website, 255)
- u.Description = base.TruncateString(u.Description, 255)
- }
-
- // AfterLoad is invoked from XORM after filling all the fields of this object.
- func (u *User) AfterLoad() {
- if u.Theme == "" {
- u.Theme = setting.UI.DefaultTheme
- }
- }
-
- // SetLastLogin set time to last login
- func (u *User) SetLastLogin() {
- u.LastLoginUnix = timeutil.TimeStampNow()
- }
-
- // UpdateUserDiffViewStyle updates the users diff view style
- func UpdateUserDiffViewStyle(u *User, style string) error {
- u.DiffViewStyle = style
- return UpdateUserCols(db.DefaultContext, u, "diff_view_style")
- }
-
- // UpdateUserTheme updates a users' theme irrespective of the site wide theme
- func UpdateUserTheme(u *User, themeName string) error {
- u.Theme = themeName
- return UpdateUserCols(db.DefaultContext, u, "theme")
- }
-
- // GetEmail returns an noreply email, if the user has set to keep his
- // email address private, otherwise the primary email address.
- func (u *User) GetEmail() string {
- if u.KeepEmailPrivate {
- return fmt.Sprintf("%s@%s", u.LowerName, setting.Service.NoReplyAddress)
- }
- return u.Email
- }
-
- // GetAllUsers returns a slice of all individual users found in DB.
- func GetAllUsers() ([]*User, error) {
- users := make([]*User, 0)
- return users, db.GetEngine(db.DefaultContext).OrderBy("id").Where("type = ?", UserTypeIndividual).Find(&users)
- }
-
- // IsLocal returns true if user login type is LoginPlain.
- func (u *User) IsLocal() bool {
- return u.LoginType <= auth.Plain
- }
-
- // IsOAuth2 returns true if user login type is LoginOAuth2.
- func (u *User) IsOAuth2() bool {
- return u.LoginType == auth.OAuth2
- }
-
- // MaxCreationLimit returns the number of repositories a user is allowed to create
- func (u *User) MaxCreationLimit() int {
- if u.MaxRepoCreation <= -1 {
- return setting.Repository.MaxCreationLimit
- }
- return u.MaxRepoCreation
- }
-
- // CanCreateRepo returns if user login can create a repository
- // NOTE: functions calling this assume a failure due to repository count limit; if new checks are added, those functions should be revised
- func (u *User) CanCreateRepo() bool {
- if u.IsAdmin {
- return true
- }
- if u.MaxRepoCreation <= -1 {
- if setting.Repository.MaxCreationLimit <= -1 {
- return true
- }
- return u.NumRepos < setting.Repository.MaxCreationLimit
- }
- return u.NumRepos < u.MaxRepoCreation
- }
-
- // CanCreateOrganization returns true if user can create organisation.
- func (u *User) CanCreateOrganization() bool {
- return u.IsAdmin || (u.AllowCreateOrganization && !setting.Admin.DisableRegularOrgCreation)
- }
-
- // CanEditGitHook returns true if user can edit Git hooks.
- func (u *User) CanEditGitHook() bool {
- return !setting.DisableGitHooks && (u.IsAdmin || u.AllowGitHook)
- }
-
- // CanImportLocal returns true if user can migrate repository by local path.
- func (u *User) CanImportLocal() bool {
- if !setting.ImportLocalPaths || u == nil {
- return false
- }
- return u.IsAdmin || u.AllowImportLocal
- }
-
- // DashboardLink returns the user dashboard page link.
- func (u *User) DashboardLink() string {
- if u.IsOrganization() {
- return u.OrganisationLink() + "/dashboard"
- }
- return setting.AppSubURL + "/"
- }
-
- // HomeLink returns the user or organization home page link.
- func (u *User) HomeLink() string {
- return setting.AppSubURL + "/" + url.PathEscape(u.Name)
- }
-
- // HTMLURL returns the user or organization's full link.
- func (u *User) HTMLURL() string {
- return setting.AppURL + url.PathEscape(u.Name)
- }
-
- // OrganisationLink returns the organization sub page link.
- func (u *User) OrganisationLink() string {
- return setting.AppSubURL + "/org/" + url.PathEscape(u.Name)
- }
-
- // GenerateEmailActivateCode generates an activate code based on user information and given e-mail.
- func (u *User) GenerateEmailActivateCode(email string) string {
- code := base.CreateTimeLimitCode(
- fmt.Sprintf("%d%s%s%s%s", u.ID, email, u.LowerName, u.Passwd, u.Rands),
- setting.Service.ActiveCodeLives, nil)
-
- // Add tail hex username
- code += hex.EncodeToString([]byte(u.LowerName))
- return code
- }
-
- // GetUserFollowers returns range of user's followers.
- func GetUserFollowers(u *User, listOptions db.ListOptions) ([]*User, error) {
- sess := db.GetEngine(db.DefaultContext).
- Where("follow.follow_id=?", u.ID).
- Join("LEFT", "follow", "`user`.id=follow.user_id")
-
- if listOptions.Page != 0 {
- sess = db.SetSessionPagination(sess, &listOptions)
-
- users := make([]*User, 0, listOptions.PageSize)
- return users, sess.Find(&users)
- }
-
- users := make([]*User, 0, 8)
- return users, sess.Find(&users)
- }
-
- // GetUserFollowing returns range of user's following.
- func GetUserFollowing(u *User, listOptions db.ListOptions) ([]*User, error) {
- sess := db.GetEngine(db.DefaultContext).
- Where("follow.user_id=?", u.ID).
- Join("LEFT", "follow", "`user`.id=follow.follow_id")
-
- if listOptions.Page != 0 {
- sess = db.SetSessionPagination(sess, &listOptions)
-
- users := make([]*User, 0, listOptions.PageSize)
- return users, sess.Find(&users)
- }
-
- users := make([]*User, 0, 8)
- return users, sess.Find(&users)
- }
-
- // NewGitSig generates and returns the signature of given user.
- func (u *User) NewGitSig() *git.Signature {
- return &git.Signature{
- Name: u.GitName(),
- Email: u.GetEmail(),
- When: time.Now(),
- }
- }
-
- func hashPassword(passwd, salt, algo string) string {
- var tempPasswd []byte
-
- switch algo {
- case algoBcrypt:
- tempPasswd, _ = bcrypt.GenerateFromPassword([]byte(passwd), bcrypt.DefaultCost)
- return string(tempPasswd)
- case algoScrypt:
- tempPasswd, _ = scrypt.Key([]byte(passwd), []byte(salt), 65536, 16, 2, 50)
- case algoArgon2:
- tempPasswd = argon2.IDKey([]byte(passwd), []byte(salt), 2, 65536, 8, 50)
- case algoPbkdf2:
- fallthrough
- default:
- tempPasswd = pbkdf2.Key([]byte(passwd), []byte(salt), 10000, 50, sha256.New)
- }
-
- return fmt.Sprintf("%x", tempPasswd)
- }
-
- // SetPassword hashes a password using the algorithm defined in the config value of PASSWORD_HASH_ALGO
- // change passwd, salt and passwd_hash_algo fields
- func (u *User) SetPassword(passwd string) (err error) {
- if len(passwd) == 0 {
- u.Passwd = ""
- u.Salt = ""
- u.PasswdHashAlgo = ""
- return nil
- }
-
- if u.Salt, err = GetUserSalt(); err != nil {
- return err
- }
- u.PasswdHashAlgo = setting.PasswordHashAlgo
- u.Passwd = hashPassword(passwd, u.Salt, setting.PasswordHashAlgo)
-
- return nil
- }
-
- // ValidatePassword checks if given password matches the one belongs to the user.
- func (u *User) ValidatePassword(passwd string) bool {
- tempHash := hashPassword(passwd, u.Salt, u.PasswdHashAlgo)
-
- if u.PasswdHashAlgo != algoBcrypt && subtle.ConstantTimeCompare([]byte(u.Passwd), []byte(tempHash)) == 1 {
- return true
- }
- if u.PasswdHashAlgo == algoBcrypt && bcrypt.CompareHashAndPassword([]byte(u.Passwd), []byte(passwd)) == nil {
- return true
- }
- return false
- }
-
- // IsPasswordSet checks if the password is set or left empty
- func (u *User) IsPasswordSet() bool {
- return len(u.Passwd) != 0
- }
-
- // IsOrganization returns true if user is actually a organization.
- func (u *User) IsOrganization() bool {
- return u.Type == UserTypeOrganization
- }
-
- // DisplayName returns full name if it's not empty,
- // returns username otherwise.
- func (u *User) DisplayName() string {
- trimmed := strings.TrimSpace(u.FullName)
- if len(trimmed) > 0 {
- return trimmed
- }
- return u.Name
- }
-
- // GetDisplayName returns full name if it's not empty and DEFAULT_SHOW_FULL_NAME is set,
- // returns username otherwise.
- func (u *User) GetDisplayName() string {
- if setting.UI.DefaultShowFullName {
- trimmed := strings.TrimSpace(u.FullName)
- if len(trimmed) > 0 {
- return trimmed
- }
- }
- return u.Name
- }
-
- func gitSafeName(name string) string {
- return strings.TrimSpace(strings.NewReplacer("\n", "", "<", "", ">", "").Replace(name))
- }
-
- // GitName returns a git safe name
- func (u *User) GitName() string {
- gitName := gitSafeName(u.FullName)
- if len(gitName) > 0 {
- return gitName
- }
- // Although u.Name should be safe if created in our system
- // LDAP users may have bad names
- gitName = gitSafeName(u.Name)
- if len(gitName) > 0 {
- return gitName
- }
- // Totally pathological name so it's got to be:
- return fmt.Sprintf("user-%d", u.ID)
- }
-
- // ShortName ellipses username to length
- func (u *User) ShortName(length int) string {
- return base.EllipsisString(u.Name, length)
- }
-
- // IsMailable checks if a user is eligible
- // to receive emails.
- func (u *User) IsMailable() bool {
- return u.IsActive
- }
-
- // EmailNotifications returns the User's email notification preference
- func (u *User) EmailNotifications() string {
- return u.EmailNotificationsPreference
- }
-
- // SetEmailNotifications sets the user's email notification preference
- func SetEmailNotifications(u *User, set string) error {
- u.EmailNotificationsPreference = set
- if err := UpdateUserCols(db.DefaultContext, u, "email_notifications_preference"); err != nil {
- log.Error("SetEmailNotifications: %v", err)
- return err
- }
- return nil
- }
-
- func isUserExist(e db.Engine, uid int64, name string) (bool, error) {
- if len(name) == 0 {
- return false, nil
- }
- return e.
- Where("id!=?", uid).
- Get(&User{LowerName: strings.ToLower(name)})
- }
-
- // IsUserExist checks if given user name exist,
- // the user name should be noncased unique.
- // If uid is presented, then check will rule out that one,
- // it is used when update a user name in settings page.
- func IsUserExist(uid int64, name string) (bool, error) {
- return isUserExist(db.GetEngine(db.DefaultContext), uid, name)
- }
-
- // GetUserSalt returns a random user salt token.
- func GetUserSalt() (string, error) {
- return util.RandomString(10)
- }
-
- // NewGhostUser creates and returns a fake user for someone has deleted his/her account.
- func NewGhostUser() *User {
- return &User{
- ID: -1,
- Name: "Ghost",
- LowerName: "ghost",
- }
- }
-
- // NewReplaceUser creates and returns a fake user for external user
- func NewReplaceUser(name string) *User {
- return &User{
- ID: -1,
- Name: name,
- LowerName: strings.ToLower(name),
- }
- }
-
- // IsGhost check if user is fake user for a deleted account
- func (u *User) IsGhost() bool {
- if u == nil {
- return false
- }
- return u.ID == -1 && u.Name == "Ghost"
- }
-
- var (
- reservedUsernames = []string{
- ".",
- "..",
- ".well-known",
- "admin",
- "api",
- "assets",
- "attachments",
- "avatars",
- "captcha",
- "commits",
- "debug",
- "error",
- "explore",
- "favicon.ico",
- "ghost",
- "help",
- "install",
- "issues",
- "less",
- "login",
- "manifest.json",
- "metrics",
- "milestones",
- "new",
- "notifications",
- "org",
- "plugins",
- "pulls",
- "raw",
- "repo",
- "robots.txt",
- "search",
- "serviceworker.js",
- "stars",
- "template",
- "user",
- }
-
- reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom"}
- )
-
- // IsUsableUsername returns an error when a username is reserved
- func IsUsableUsername(name string) error {
- // Validate username make sure it satisfies requirement.
- if db.AlphaDashDotPattern.MatchString(name) {
- // Note: usually this error is normally caught up earlier in the UI
- return db.ErrNameCharsNotAllowed{Name: name}
- }
- return db.IsUsableName(reservedUsernames, reservedUserPatterns, name)
- }
-
- // CreateUserOverwriteOptions are an optional options who overwrite system defaults on user creation
- type CreateUserOverwriteOptions struct {
- Visibility structs.VisibleType
- }
-
- // CreateUser creates record of a new user.
- func CreateUser(u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
- if err = IsUsableUsername(u.Name); err != nil {
- return err
- }
-
- // set system defaults
- u.KeepEmailPrivate = setting.Service.DefaultKeepEmailPrivate
- u.Visibility = setting.Service.DefaultUserVisibilityMode
- u.AllowCreateOrganization = setting.Service.DefaultAllowCreateOrganization && !setting.Admin.DisableRegularOrgCreation
- u.EmailNotificationsPreference = setting.Admin.DefaultEmailNotification
- u.MaxRepoCreation = -1
- u.Theme = setting.UI.DefaultTheme
-
- // overwrite defaults if set
- if len(overwriteDefault) != 0 && overwriteDefault[0] != nil {
- u.Visibility = overwriteDefault[0].Visibility
- }
-
- ctx, committer, err := db.TxContext()
- if err != nil {
- return err
- }
- defer committer.Close()
-
- sess := db.GetEngine(ctx)
-
- // validate data
- if err := validateUser(u); err != nil {
- return err
- }
-
- isExist, err := isUserExist(sess, 0, u.Name)
- if err != nil {
- return err
- } else if isExist {
- return ErrUserAlreadyExist{u.Name}
- }
-
- isExist, err = IsEmailUsed(ctx, u.Email)
- if err != nil {
- return err
- } else if isExist {
- return ErrEmailAlreadyUsed{
- Email: u.Email,
- }
- }
-
- // prepare for database
-
- u.LowerName = strings.ToLower(u.Name)
- u.AvatarEmail = u.Email
- if u.Rands, err = GetUserSalt(); err != nil {
- return err
- }
- if err = u.SetPassword(u.Passwd); err != nil {
- return err
- }
-
- // save changes to database
-
- if err = DeleteUserRedirect(ctx, u.Name); err != nil {
- return err
- }
-
- if err = db.Insert(ctx, u); err != nil {
- return err
- }
-
- // insert email address
- if err := db.Insert(ctx, &EmailAddress{
- UID: u.ID,
- Email: u.Email,
- LowerEmail: strings.ToLower(u.Email),
- IsActivated: u.IsActive,
- IsPrimary: true,
- }); err != nil {
- return err
- }
-
- return committer.Commit()
- }
-
- func countUsers(e db.Engine) int64 {
- count, _ := e.
- Where("type=0").
- Count(new(User))
- return count
- }
-
- // CountUsers returns number of users.
- func CountUsers() int64 {
- return countUsers(db.GetEngine(db.DefaultContext))
- }
-
- // GetVerifyUser get user by verify code
- func GetVerifyUser(code string) (user *User) {
- if len(code) <= base.TimeLimitCodeLength {
- return nil
- }
-
- // use tail hex username query user
- hexStr := code[base.TimeLimitCodeLength:]
- if b, err := hex.DecodeString(hexStr); err == nil {
- if user, err = GetUserByName(string(b)); user != nil {
- return user
- }
- log.Error("user.getVerifyUser: %v", err)
- }
-
- return nil
- }
-
- // VerifyUserActiveCode verifies active code when active account
- func VerifyUserActiveCode(code string) (user *User) {
- minutes := setting.Service.ActiveCodeLives
-
- if user = GetVerifyUser(code); user != nil {
- // time limit code
- prefix := code[:base.TimeLimitCodeLength]
- data := fmt.Sprintf("%d%s%s%s%s", user.ID, user.Email, user.LowerName, user.Passwd, user.Rands)
-
- if base.VerifyTimeLimitCode(data, minutes, prefix) {
- return user
- }
- }
- return nil
- }
-
- // ChangeUserName changes all corresponding setting from old user name to new one.
- func ChangeUserName(u *User, newUserName string) (err error) {
- oldUserName := u.Name
- if err = IsUsableUsername(newUserName); err != nil {
- return err
- }
-
- ctx, committer, err := db.TxContext()
- if err != nil {
- return err
- }
- defer committer.Close()
- sess := db.GetEngine(ctx)
-
- isExist, err := isUserExist(sess, 0, newUserName)
- if err != nil {
- return err
- } else if isExist {
- return ErrUserAlreadyExist{newUserName}
- }
-
- if _, err = sess.Exec("UPDATE `repository` SET owner_name=? WHERE owner_name=?", newUserName, oldUserName); err != nil {
- return fmt.Errorf("Change repo owner name: %v", err)
- }
-
- // Do not fail if directory does not exist
- if err = util.Rename(UserPath(oldUserName), UserPath(newUserName)); err != nil && !os.IsNotExist(err) {
- return fmt.Errorf("Rename user directory: %v", err)
- }
-
- if err = NewUserRedirect(ctx, u.ID, oldUserName, newUserName); err != nil {
- return err
- }
-
- if err = committer.Commit(); err != nil {
- if err2 := util.Rename(UserPath(newUserName), UserPath(oldUserName)); err2 != nil && !os.IsNotExist(err2) {
- log.Critical("Unable to rollback directory change during failed username change from: %s to: %s. DB Error: %v. Filesystem Error: %v", oldUserName, newUserName, err, err2)
- return fmt.Errorf("failed to rollback directory change during failed username change from: %s to: %s. DB Error: %w. Filesystem Error: %v", oldUserName, newUserName, err, err2)
- }
- return err
- }
-
- return nil
- }
-
- // checkDupEmail checks whether there are the same email with the user
- func checkDupEmail(e db.Engine, u *User) error {
- u.Email = strings.ToLower(u.Email)
- has, err := e.
- Where("id!=?", u.ID).
- And("type=?", u.Type).
- And("email=?", u.Email).
- Get(new(User))
- if err != nil {
- return err
- } else if has {
- return ErrEmailAlreadyUsed{
- Email: u.Email,
- }
- }
- return nil
- }
-
- // validateUser check if user is valid to insert / update into database
- func validateUser(u *User) error {
- if !setting.Service.AllowedUserVisibilityModesSlice.IsAllowedVisibility(u.Visibility) && !u.IsOrganization() {
- return fmt.Errorf("visibility Mode not allowed: %s", u.Visibility.String())
- }
-
- u.Email = strings.ToLower(u.Email)
- return ValidateEmail(u.Email)
- }
-
- func updateUser(ctx context.Context, u *User, changePrimaryEmail bool) error {
- if err := validateUser(u); err != nil {
- return err
- }
-
- e := db.GetEngine(ctx)
-
- if changePrimaryEmail {
- var emailAddress EmailAddress
- has, err := e.Where("lower_email=?", strings.ToLower(u.Email)).Get(&emailAddress)
- if err != nil {
- return err
- }
- if !has {
- // 1. Update old primary email
- if _, err = e.Where("uid=? AND is_primary=?", u.ID, true).Cols("is_primary").Update(&EmailAddress{
- IsPrimary: false,
- }); err != nil {
- return err
- }
-
- emailAddress.Email = u.Email
- emailAddress.UID = u.ID
- emailAddress.IsActivated = true
- emailAddress.IsPrimary = true
- if _, err := e.Insert(&emailAddress); err != nil {
- return err
- }
- } else if _, err := e.ID(emailAddress).Cols("is_primary").Update(&EmailAddress{
- IsPrimary: true,
- }); err != nil {
- return err
- }
- }
-
- _, err := e.ID(u.ID).AllCols().Update(u)
- return err
- }
-
- // UpdateUser updates user's information.
- func UpdateUser(u *User, emailChanged bool) error {
- return updateUser(db.DefaultContext, u, emailChanged)
- }
-
- // UpdateUserCols update user according special columns
- func UpdateUserCols(ctx context.Context, u *User, cols ...string) error {
- return updateUserCols(db.GetEngine(ctx), u, cols...)
- }
-
- // UpdateUserColsEngine update user according special columns
- func UpdateUserColsEngine(e db.Engine, u *User, cols ...string) error {
- return updateUserCols(e, u, cols...)
- }
-
- func updateUserCols(e db.Engine, u *User, cols ...string) error {
- if err := validateUser(u); err != nil {
- return err
- }
-
- _, err := e.ID(u.ID).Cols(cols...).Update(u)
- return err
- }
-
- // UpdateUserSetting updates user's settings.
- func UpdateUserSetting(u *User) (err error) {
- ctx, committer, err := db.TxContext()
- if err != nil {
- return err
- }
- defer committer.Close()
-
- if !u.IsOrganization() {
- if err = checkDupEmail(db.GetEngine(ctx), u); err != nil {
- return err
- }
- }
- if err = updateUser(ctx, u, false); err != nil {
- return err
- }
- return committer.Commit()
- }
-
- // GetInactiveUsers gets all inactive users
- func GetInactiveUsers(ctx context.Context, olderThan time.Duration) ([]*User, error) {
- var cond builder.Cond = builder.Eq{"is_active": false}
-
- if olderThan > 0 {
- cond = cond.And(builder.Lt{"created_unix": time.Now().Add(-olderThan).Unix()})
- }
-
- users := make([]*User, 0, 10)
- return users, db.GetEngine(ctx).
- Where(cond).
- Find(&users)
- }
-
- // UserPath returns the path absolute path of user repositories.
- func UserPath(userName string) string { //revive:disable-line:exported
- return filepath.Join(setting.RepoRootPath, strings.ToLower(userName))
- }
-
- // GetUserByIDEngine returns the user object by given ID if exists.
- func GetUserByIDEngine(e db.Engine, id int64) (*User, error) {
- u := new(User)
- has, err := e.ID(id).Get(u)
- if err != nil {
- return nil, err
- } else if !has {
- return nil, ErrUserNotExist{id, "", 0}
- }
- return u, nil
- }
-
- // GetUserByID returns the user object by given ID if exists.
- func GetUserByID(id int64) (*User, error) {
- return GetUserByIDCtx(db.DefaultContext, id)
- }
-
- // GetUserByIDCtx returns the user object by given ID if exists.
- func GetUserByIDCtx(ctx context.Context, id int64) (*User, error) {
- return GetUserByIDEngine(db.GetEngine(ctx), id)
- }
-
- // GetUserByName returns user by given name.
- func GetUserByName(name string) (*User, error) {
- return GetUserByNameCtx(db.DefaultContext, name)
- }
-
- // GetUserByNameCtx returns user by given name.
- func GetUserByNameCtx(ctx context.Context, name string) (*User, error) {
- if len(name) == 0 {
- return nil, ErrUserNotExist{0, name, 0}
- }
- u := &User{LowerName: strings.ToLower(name)}
- has, err := db.GetEngine(ctx).Get(u)
- if err != nil {
- return nil, err
- } else if !has {
- return nil, ErrUserNotExist{0, name, 0}
- }
- return u, nil
- }
-
- // GetUserEmailsByNames returns a list of e-mails corresponds to names of users
- // that have their email notifications set to enabled or onmention.
- func GetUserEmailsByNames(names []string) []string {
- return getUserEmailsByNames(db.DefaultContext, names)
- }
-
- func getUserEmailsByNames(ctx context.Context, names []string) []string {
- mails := make([]string, 0, len(names))
- for _, name := range names {
- u, err := GetUserByNameCtx(ctx, name)
- if err != nil {
- continue
- }
- if u.IsMailable() && u.EmailNotifications() != EmailNotificationsDisabled {
- mails = append(mails, u.Email)
- }
- }
- return mails
- }
-
- // GetMaileableUsersByIDs gets users from ids, but only if they can receive mails
- func GetMaileableUsersByIDs(ids []int64, isMention bool) ([]*User, error) {
- if len(ids) == 0 {
- return nil, nil
- }
- ous := make([]*User, 0, len(ids))
-
- if isMention {
- return ous, db.GetEngine(db.DefaultContext).In("id", ids).
- Where("`type` = ?", UserTypeIndividual).
- And("`prohibit_login` = ?", false).
- And("`is_active` = ?", true).
- And("`email_notifications_preference` IN ( ?, ?)", EmailNotificationsEnabled, EmailNotificationsOnMention).
- Find(&ous)
- }
-
- return ous, db.GetEngine(db.DefaultContext).In("id", ids).
- Where("`type` = ?", UserTypeIndividual).
- And("`prohibit_login` = ?", false).
- And("`is_active` = ?", true).
- And("`email_notifications_preference` = ?", EmailNotificationsEnabled).
- Find(&ous)
- }
-
- // GetUserNamesByIDs returns usernames for all resolved users from a list of Ids.
- func GetUserNamesByIDs(ids []int64) ([]string, error) {
- unames := make([]string, 0, len(ids))
- err := db.GetEngine(db.DefaultContext).In("id", ids).
- Table("user").
- Asc("name").
- Cols("name").
- Find(&unames)
- return unames, err
- }
-
- // GetUserIDsByNames returns a slice of ids corresponds to names.
- func GetUserIDsByNames(names []string, ignoreNonExistent bool) ([]int64, error) {
- ids := make([]int64, 0, len(names))
- for _, name := range names {
- u, err := GetUserByName(name)
- if err != nil {
- if ignoreNonExistent {
- continue
- } else {
- return nil, err
- }
- }
- ids = append(ids, u.ID)
- }
- return ids, nil
- }
-
- // GetUsersBySource returns a list of Users for a login source
- func GetUsersBySource(s *auth.Source) ([]*User, error) {
- var users []*User
- err := db.GetEngine(db.DefaultContext).Where("login_type = ? AND login_source = ?", s.Type, s.ID).Find(&users)
- return users, err
- }
-
- // UserCommit represents a commit with validation of user.
- type UserCommit struct { //revive:disable-line:exported
- User *User
- *git.Commit
- }
-
- // ValidateCommitWithEmail check if author's e-mail of commit is corresponding to a user.
- func ValidateCommitWithEmail(c *git.Commit) *User {
- if c.Author == nil {
- return nil
- }
- u, err := GetUserByEmail(c.Author.Email)
- if err != nil {
- return nil
- }
- return u
- }
-
- // ValidateCommitsWithEmails checks if authors' e-mails of commits are corresponding to users.
- func ValidateCommitsWithEmails(oldCommits []*git.Commit) []*UserCommit {
- var (
- emails = make(map[string]*User)
- newCommits = make([]*UserCommit, 0, len(oldCommits))
- )
- for _, c := range oldCommits {
- var u *User
- if c.Author != nil {
- if v, ok := emails[c.Author.Email]; !ok {
- u, _ = GetUserByEmail(c.Author.Email)
- emails[c.Author.Email] = u
- } else {
- u = v
- }
- }
-
- newCommits = append(newCommits, &UserCommit{
- User: u,
- Commit: c,
- })
- }
- return newCommits
- }
-
- // GetUserByEmail returns the user object by given e-mail if exists.
- func GetUserByEmail(email string) (*User, error) {
- return GetUserByEmailContext(db.DefaultContext, email)
- }
-
- // GetUserByEmailContext returns the user object by given e-mail if exists with db context
- func GetUserByEmailContext(ctx context.Context, email string) (*User, error) {
- if len(email) == 0 {
- return nil, ErrUserNotExist{0, email, 0}
- }
-
- email = strings.ToLower(email)
- // First try to find the user by primary email
- user := &User{Email: email}
- has, err := db.GetEngine(ctx).Get(user)
- if err != nil {
- return nil, err
- }
- if has {
- return user, nil
- }
-
- // Otherwise, check in alternative list for activated email addresses
- emailAddress := &EmailAddress{Email: email, IsActivated: true}
- has, err = db.GetEngine(ctx).Get(emailAddress)
- if err != nil {
- return nil, err
- }
- if has {
- return GetUserByIDCtx(ctx, emailAddress.UID)
- }
-
- // Finally, if email address is the protected email address:
- if strings.HasSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress)) {
- username := strings.TrimSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress))
- user := &User{}
- has, err := db.GetEngine(ctx).Where("lower_name=?", username).Get(user)
- if err != nil {
- return nil, err
- }
- if has {
- return user, nil
- }
- }
-
- return nil, ErrUserNotExist{0, email, 0}
- }
-
- // GetUser checks if a user already exists
- func GetUser(user *User) (bool, error) {
- return db.GetEngine(db.DefaultContext).Get(user)
- }
-
- // GetUserByOpenID returns the user object by given OpenID if exists.
- func GetUserByOpenID(uri string) (*User, error) {
- if len(uri) == 0 {
- return nil, ErrUserNotExist{0, uri, 0}
- }
-
- uri, err := openid.Normalize(uri)
- if err != nil {
- return nil, err
- }
-
- log.Trace("Normalized OpenID URI: " + uri)
-
- // Otherwise, check in openid table
- oid := &UserOpenID{}
- has, err := db.GetEngine(db.DefaultContext).Where("uri=?", uri).Get(oid)
- if err != nil {
- return nil, err
- }
- if has {
- return GetUserByID(oid.UID)
- }
-
- return nil, ErrUserNotExist{0, uri, 0}
- }
-
- // GetAdminUser returns the first administrator
- func GetAdminUser() (*User, error) {
- var admin User
- has, err := db.GetEngine(db.DefaultContext).Where("is_admin=?", true).Get(&admin)
- if err != nil {
- return nil, err
- } else if !has {
- return nil, ErrUserNotExist{}
- }
-
- return &admin, nil
- }
|