closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5776 Commits
2 Branches
178 MiB
Tree: ddb75191ec
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ddb75191ec'
${ noResults }
gitea/routers/user/auth.go

1010 lines
29 KiB
Raw Normal View History

New UI merge in progress
10 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
Rename module: middleware -> context
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
New UI merge in progress
10 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Convert captcha, cache, csrf as middlewares
10 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
New UI merge in progress
10 years ago
Rename module: middleware -> context
8 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
Rename module: middleware -> context
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Rename module: middleware -> context
8 years ago
Refactor User.Id to User.ID
8 years ago
Rename module: middleware -> context
8 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
Rename module: middleware -> context
8 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
New UI merge in progress
10 years ago
Rename module: middleware -> context
8 years ago
New UI merge in progress
10 years ago
Show owner/poster tags of comments and fix #1312
9 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
New UI merge in progress
10 years ago
#3448 redirect if any after sign in
8 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
#3448 redirect if any after sign in
8 years ago
Show owner/poster tags of comments and fix #1312
9 years ago
#3448 redirect if any after sign in
8 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
Show owner/poster tags of comments and fix #1312
9 years ago
work on #1891
9 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
Show owner/poster tags of comments and fix #1312
9 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
New UI merge in progress
10 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Login via OpenID-2.0 (#618)
7 years ago
Reduce conditionals in signin/signup inner forms by always using SignInLink and SignUpLink in the form action
7 years ago
Login via OpenID-2.0 (#618)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Rename module: middleware -> context
8 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Additional OAuth2 providers (#1010) * add google+ * sort signin oauth2 providers based on the name so order is always the same * update auth tip for google+ * add gitlab provider * add bitbucket provider (and some go fmt) * add twitter provider * add facebook provider * add dropbox provider * add openid connect provider incl. new format of tips section in "Add New Source" * lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow) * imports according to goimport and code style * make it possible to set custom urls to gitlab and github provider (only these could have a different host) * split up oauth2 into multiple files * small typo in comment * fix indention * fix indentation * fix new line before external import * fix layout of signin part * update "broken" dependency
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Reduce conditionals in signin/signup inner forms by always using SignInLink and SignUpLink in the form action
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
allow anonymous SSH clone
9 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Log failed authentication attempts with remote address for fail2ban (#2334) Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>
7 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Log failed authentication attempts with remote address for fail2ban (#2334) Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>
7 years ago
Finish new reset password, etc.
10 years ago
New UI merge in progress
10 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
Link OAuth2 account to 2FA enabled account (fix #1050) (#1052) * fixes #1050 where linking an account to a 2fa enabled account failed because we forgot to really link the account when 2fa is completed * handle errors
7 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
New UI merge in progress
10 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
fix 500 when use a duplicat email instead of giving an error tip (#1040)
7 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
New UI merge in progress
10 years ago
Login via OpenID-2.0 (#618)
7 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
Refactor User.Id to User.ID
8 years ago
New UI merge in progress
10 years ago
#1891 attempt to fix invalid csrf token
8 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
#1891 attempt to fix invalid csrf token
8 years ago
Support to last login feature
8 years ago
Only update needed columns when update user (#2296) * only update needed columns when update user * fix missing update_unix column
7 years ago
Normalize files with gofmt
8 years ago
Support to last login feature
8 years ago
New UI merge in progress
10 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
New UI merge in progress
10 years ago
Two factor authentication support (#630) * Initial commit for 2FA support Signed-off-by: Andrew <write@imaginarycode.com> * Add vendored files * Add missing depends * A few clean ups * Added improvements, proper encryption * Better encryption key * Simplify "key" generation * Make 2FA enrollment page more robust * Fix typo * Rename twofa/2FA to TwoFactor * UNIQUE INDEX -> UNIQUE
7 years ago
New UI merge in progress
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Only update needed columns when update user (#2296) * only update needed columns when update user * fix missing update_unix column
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Link OAuth2 account to 2FA enabled account (fix #1050) (#1052) * fixes #1050 where linking an account to a 2fa enabled account failed because we forgot to really link the account when 2fa is completed * handle errors
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Only update needed columns when update user (#2296) * only update needed columns when update user * fix missing update_unix column
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
Make time diff translatable (#2057)
7 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Rename module: middleware -> context
8 years ago
New UI merge in progress
10 years ago
Finish new collaboration page
10 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Rename module: middleware -> context
8 years ago
New UI merge in progress
10 years ago
Reduce conditionals in signin/signup inner forms by always using SignInLink and SignUpLink in the form action
7 years ago
#697 and #1606 and new admin edit user UI
9 years ago
#697 disable captcha and new admin create user UI
9 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Rename module: middleware -> context
8 years ago
New UI merge in progress
10 years ago
Reduce conditionals in signin/signup inner forms by always using SignInLink and SignUpLink in the form action
7 years ago
#697 and #1606 and new admin edit user UI
9 years ago
#697 disable captcha and new admin create user UI
9 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
#697 and #1606 and new admin edit user UI
9 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
#697 disable captcha and new admin create user UI
9 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
Added minimum password length to app.ini (#223)
8 years ago
New UI merge in progress
10 years ago
drop oauth2 feature support
9 years ago
New UI merge in progress
10 years ago
#1070 Clearer error message for illegal characters
9 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
#1070 Clearer error message for illegal characters
9 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
#1070 Clearer error message for illegal characters
9 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
#1070 Clearer error message for illegal characters
9 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
only assign auto-admin when sign up by web
9 years ago
Only update needed columns when update user (#2296) * only update needed columns when update user * fix missing update_unix column
7 years ago
only assign auto-admin when sign up by web
9 years ago
#2854 fix no mail notification when issue is closed/reopened
8 years ago
Refactor User.Id to User.ID
8 years ago
#2854 fix no mail notification when issue is closed/reopened
8 years ago
Page: Manage social accounts
10 years ago
Make time diff translatable (#2057)
7 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Page: Manage social accounts
10 years ago
New UI merge in progress
10 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Rename module: middleware -> context
8 years ago
Finish new reset password, etc.
10 years ago
#2854 fix no mail notification when issue is closed/reopened
8 years ago
Finish new reset password, etc.
10 years ago
Make time diff translatable (#2057)
7 years ago
#2854 fix no mail notification when issue is closed/reopened
8 years ago
Finish new reset password, etc.
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Finish new reset password, etc.
10 years ago
Fix random string generator (#384) * Remove unused custom-alphabet feature of random string generator Fix random string generator Random string generator should return error if it fails to read random data via crypto/rand * Fixes variable (un)initialization mixed assign Update test GetRandomString
8 years ago
Only update needed columns when update user (#2296) * only update needed columns when update user * fix missing update_unix column
7 years ago
allow anonymous SSH clone
9 years ago
Finish new reset password, etc.
10 years ago
Refactor User.Id to User.ID
8 years ago
Finish new reset password, etc.
10 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
Finish new reset password, etc.
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Rename module: middleware -> context
8 years ago
Method for activating email addresses through verification email
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Method for activating email addresses through verification email
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
templates/user/settings/emial.tmpl: little fix on UI - routers/user: little code format - conf/locale: update French locale
9 years ago
Method for activating email addresses through verification email
10 years ago
fix typo for #1996
9 years ago
Method for activating email addresses through verification email
10 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
Method for activating email addresses through verification email
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Rename module: middleware -> context
8 years ago
Rename /forget_password url to /forgot_password Also renames `forgot_password` translation key to `forgot_password_title` and `forget_password` to `forgot_password` Includes entry in CHANGELOG about the breaking change (and some markdown fixes in there)
7 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
Show a link to password reset from password change and delete account (#862) It's helpful when you forgot your password thus cannot change it (can happen if you log in via OAuth2 or OpenID) Also make sure that both the delete-account and password-change links to forgot-password will have the primary email pre-filled
7 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Rename module: middleware -> context
8 years ago
Rename /forget_password url to /forgot_password Also renames `forgot_password` translation key to `forgot_password_title` and `forget_password` to `forgot_password` Includes entry in CHANGELOG about the breaking change (and some markdown fixes in there)
7 years ago
Finish new reset password, etc.
10 years ago
finish new auth e-mails
9 years ago
Finish new reset password, etc.
10 years ago
finish new auth e-mails
9 years ago
Finish new reset password, etc.
10 years ago
allow anonymous SSH clone
9 years ago
Make time diff translatable (#2057)
7 years ago
Prevented user enumeration of valid users through HTTP status codes of login (#3639) (#3654)
8 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Prevented user enumeration of valid users through HTTP status codes of login (#3639) (#3654)
8 years ago
Finish new reset password, etc.
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Finish new reset password, etc.
10 years ago
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
7 years ago
ensure we don’t try changing LDAP passswords
8 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
ensure we don’t try changing LDAP passswords
8 years ago
Finish new reset password, etc.
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Finish new reset password, etc.
10 years ago
#2854 fix no mail notification when issue is closed/reopened
8 years ago
Finish new reset password, etc.
10 years ago
Make time diff translatable (#2057)
7 years ago
Finish new reset password, etc.
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
Rename module: middleware -> context
8 years ago
Finish new reset password, etc.
10 years ago
New UI merge in progress
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
Added minimum password length to app.ini (#223)
8 years ago
Rename module: middleware -> context
8 years ago
Finish new reset password, etc.
10 years ago
Added minimum password length to app.ini (#223)
8 years ago
Finish new reset password, etc.
10 years ago
Added minimum password length to app.ini (#223)
8 years ago
Finish new reset password, etc.
10 years ago
Fix random string generator (#384) * Remove unused custom-alphabet feature of random string generator Fix random string generator Random string generator should return error if it fails to read random data via crypto/rand * Fixes variable (un)initialization mixed assign Update test GetRandomString
8 years ago
Finish new reset password, etc.
10 years ago
Only update needed columns when update user (#2296) * only update needed columns when update user * fix missing update_unix column
7 years ago
Finish new reset password, etc.
10 years ago
Golint fixed for modules/setting (#262) * golint fixed for modules/setting * typo fixed and renamed UNIXSOCKET to UnixSocket
8 years ago
Finish new reset password, etc.
10 years ago
golint fixed for parts of routers root, dev, user and org dirs (#167) * golint fixed for parts of routers root, dev and org dirs * add user/auth.go golint fixed * rename unnecessary exported to unexported and user dir golint fixed
8 years ago
New UI merge in progress
10 years ago
 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Use of this source code is governed by a MIT-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package user
  6. 

  7. import (
  8. 	"errors"
  9. 	"fmt"
  10. 	"net/http"
  11. 	"net/url"
  12. 	"strings"
  13. 

  14. 	"code.gitea.io/gitea/models"
  15. 	"code.gitea.io/gitea/modules/auth"
  16. 	"code.gitea.io/gitea/modules/auth/oauth2"
  17. 	"code.gitea.io/gitea/modules/base"
  18. 	"code.gitea.io/gitea/modules/context"
  19. 	"code.gitea.io/gitea/modules/log"
  20. 	"code.gitea.io/gitea/modules/setting"
  21. 

  22. 	"github.com/go-macaron/captcha"
  23. 	"github.com/markbates/goth"
  24. )
  25. 

  26. const (
  27. 	// tplSignIn template for sign in page

  28. 	tplSignIn base.TplName = "user/auth/signin"
  29. 	// tplSignUp template path for sign up page

  30. 	tplSignUp base.TplName = "user/auth/signup"
  31. 	// TplActivate template path for activate user

  32. 	TplActivate       base.TplName = "user/auth/activate"
  33. 	tplForgotPassword base.TplName = "user/auth/forgot_passwd"
  34. 	tplResetPassword  base.TplName = "user/auth/reset_passwd"
  35. 	tplTwofa          base.TplName = "user/auth/twofa"
  36. 	tplTwofaScratch   base.TplName = "user/auth/twofa_scratch"
  37. 	tplLinkAccount    base.TplName = "user/auth/link_account"
  38. )
  39. 

  40. // AutoSignIn reads cookie and try to auto-login.

  41. func AutoSignIn(ctx *context.Context) (bool, error) {
  42. 	if !models.HasEngine {
  43. 		return false, nil
  44. 	}
  45. 

  46. 	uname := ctx.GetCookie(setting.CookieUserName)
  47. 	if len(uname) == 0 {
  48. 		return false, nil
  49. 	}
  50. 

  51. 	isSucceed := false
  52. 	defer func() {
  53. 		if !isSucceed {
  54. 			log.Trace("auto-login cookie cleared: %s", uname)
  55. 			ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubURL)
  56. 			ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL)
  57. 		}
  58. 	}()
  59. 

  60. 	u, err := models.GetUserByName(uname)
  61. 	if err != nil {
  62. 		if !models.IsErrUserNotExist(err) {
  63. 			return false, fmt.Errorf("GetUserByName: %v", err)
  64. 		}
  65. 		return false, nil
  66. 	}
  67. 

  68. 	if val, _ := ctx.GetSuperSecureCookie(
  69. 		base.EncodeMD5(u.Rands+u.Passwd), setting.CookieRememberName); val != u.Name {
  70. 		return false, nil
  71. 	}
  72. 

  73. 	isSucceed = true
  74. 	ctx.Session.Set("uid", u.ID)
  75. 	ctx.Session.Set("uname", u.Name)
  76. 	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL)
  77. 	return true, nil
  78. }
  79. 

  80. func checkAutoLogin(ctx *context.Context) bool {
  81. 	// Check auto-login.

  82. 	isSucceed, err := AutoSignIn(ctx)
  83. 	if err != nil {
  84. 		ctx.Handle(500, "AutoSignIn", err)
  85. 		return true
  86. 	}
  87. 

  88. 	redirectTo := ctx.Query("redirect_to")
  89. 	if len(redirectTo) > 0 {
  90. 		ctx.SetCookie("redirect_to", redirectTo, 0, setting.AppSubURL)
  91. 	} else {
  92. 		redirectTo, _ = url.QueryUnescape(ctx.GetCookie("redirect_to"))
  93. 	}
  94. 

  95. 	if isSucceed {
  96. 		if len(redirectTo) > 0 {
  97. 			ctx.SetCookie("redirect_to", "", -1, setting.AppSubURL)
  98. 			ctx.Redirect(redirectTo)
  99. 		} else {
  100. 			ctx.Redirect(setting.AppSubURL + "/")
  101. 		}
  102. 		return true
  103. 	}
  104. 

  105. 	return false
  106. }
  107. 

  108. // SignIn render sign in page

  109. func SignIn(ctx *context.Context) {
  110. 	ctx.Data["Title"] = ctx.Tr("sign_in")
  111. 

  112. 	// Check auto-login.

  113. 	if checkAutoLogin(ctx) {
  114. 		return
  115. 	}
  116. 

  117. 	orderedOAuth2Names, oauth2Providers, err := models.GetActiveOAuth2Providers()
  118. 	if err != nil {
  119. 		ctx.Handle(500, "UserSignIn", err)
  120. 		return
  121. 	}
  122. 	ctx.Data["OrderedOAuth2Names"] = orderedOAuth2Names
  123. 	ctx.Data["OAuth2Providers"] = oauth2Providers
  124. 	ctx.Data["Title"] = ctx.Tr("sign_in")
  125. 	ctx.Data["SignInLink"] = setting.AppSubURL + "/user/login"
  126. 	ctx.Data["PageIsSignIn"] = true
  127. 	ctx.Data["PageIsLogin"] = true
  128. 

  129. 	ctx.HTML(200, tplSignIn)
  130. }
  131. 

  132. // SignInPost response for sign in request

  133. func SignInPost(ctx *context.Context, form auth.SignInForm) {
  134. 	ctx.Data["Title"] = ctx.Tr("sign_in")
  135. 

  136. 	orderedOAuth2Names, oauth2Providers, err := models.GetActiveOAuth2Providers()
  137. 	if err != nil {
  138. 		ctx.Handle(500, "UserSignIn", err)
  139. 		return
  140. 	}
  141. 	ctx.Data["OrderedOAuth2Names"] = orderedOAuth2Names
  142. 	ctx.Data["OAuth2Providers"] = oauth2Providers
  143. 	ctx.Data["Title"] = ctx.Tr("sign_in")
  144. 	ctx.Data["SignInLink"] = setting.AppSubURL + "/user/login"
  145. 	ctx.Data["PageIsSignIn"] = true
  146. 	ctx.Data["PageIsLogin"] = true
  147. 

  148. 	if ctx.HasError() {
  149. 		ctx.HTML(200, tplSignIn)
  150. 		return
  151. 	}
  152. 

  153. 	u, err := models.UserSignIn(form.UserName, form.Password)
  154. 	if err != nil {
  155. 		if models.IsErrUserNotExist(err) {
  156. 			ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form)
  157. 			log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
  158. 		} else if models.IsErrEmailAlreadyUsed(err) {
  159. 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSignIn, &form)
  160. 			log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
  161. 		} else {
  162. 			ctx.Handle(500, "UserSignIn", err)
  163. 		}
  164. 		return
  165. 	}
  166. 

  167. 	// If this user is enrolled in 2FA, we can't sign the user in just yet.

  168. 	// Instead, redirect them to the 2FA authentication page.

  169. 	_, err = models.GetTwoFactorByUID(u.ID)
  170. 	if err != nil {
  171. 		if models.IsErrTwoFactorNotEnrolled(err) {
  172. 			handleSignIn(ctx, u, form.Remember)
  173. 		} else {
  174. 			ctx.Handle(500, "UserSignIn", err)
  175. 		}
  176. 		return
  177. 	}
  178. 

  179. 	// User needs to use 2FA, save data and redirect to 2FA page.

  180. 	ctx.Session.Set("twofaUid", u.ID)
  181. 	ctx.Session.Set("twofaRemember", form.Remember)
  182. 	ctx.Redirect(setting.AppSubURL + "/user/two_factor")
  183. }
  184. 

  185. // TwoFactor shows the user a two-factor authentication page.

  186. func TwoFactor(ctx *context.Context) {
  187. 	ctx.Data["Title"] = ctx.Tr("twofa")
  188. 

  189. 	// Check auto-login.

  190. 	if checkAutoLogin(ctx) {
  191. 		return
  192. 	}
  193. 

  194. 	// Ensure user is in a 2FA session.

  195. 	if ctx.Session.Get("twofaUid") == nil {
  196. 		ctx.Handle(500, "UserSignIn", errors.New("not in 2FA session"))
  197. 		return
  198. 	}
  199. 

  200. 	ctx.HTML(200, tplTwofa)
  201. }
  202. 

  203. // TwoFactorPost validates a user's two-factor authentication token.

  204. func TwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) {
  205. 	ctx.Data["Title"] = ctx.Tr("twofa")
  206. 

  207. 	// Ensure user is in a 2FA session.

  208. 	idSess := ctx.Session.Get("twofaUid")
  209. 	if idSess == nil {
  210. 		ctx.Handle(500, "UserSignIn", errors.New("not in 2FA session"))
  211. 		return
  212. 	}
  213. 

  214. 	id := idSess.(int64)
  215. 	twofa, err := models.GetTwoFactorByUID(id)
  216. 	if err != nil {
  217. 		ctx.Handle(500, "UserSignIn", err)
  218. 		return
  219. 	}
  220. 

  221. 	// Validate the passcode with the stored TOTP secret.

  222. 	ok, err := twofa.ValidateTOTP(form.Passcode)
  223. 	if err != nil {
  224. 		ctx.Handle(500, "UserSignIn", err)
  225. 		return
  226. 	}
  227. 

  228. 	if ok {
  229. 		remember := ctx.Session.Get("twofaRemember").(bool)
  230. 		u, err := models.GetUserByID(id)
  231. 		if err != nil {
  232. 			ctx.Handle(500, "UserSignIn", err)
  233. 			return
  234. 		}
  235. 

  236. 		if ctx.Session.Get("linkAccount") != nil {
  237. 			gothUser := ctx.Session.Get("linkAccountGothUser")
  238. 			if gothUser == nil {
  239. 				ctx.Handle(500, "UserSignIn", errors.New("not in LinkAccount session"))
  240. 				return
  241. 			}
  242. 

  243. 			err = models.LinkAccountToUser(u, gothUser.(goth.User))
  244. 			if err != nil {
  245. 				ctx.Handle(500, "UserSignIn", err)
  246. 				return
  247. 			}
  248. 		}
  249. 

  250. 		handleSignIn(ctx, u, remember)
  251. 		return
  252. 	}
  253. 

  254. 	ctx.RenderWithErr(ctx.Tr("auth.twofa_passcode_incorrect"), tplTwofa, auth.TwoFactorAuthForm{})
  255. }
  256. 

  257. // TwoFactorScratch shows the scratch code form for two-factor authentication.

  258. func TwoFactorScratch(ctx *context.Context) {
  259. 	ctx.Data["Title"] = ctx.Tr("twofa_scratch")
  260. 

  261. 	// Check auto-login.

  262. 	if checkAutoLogin(ctx) {
  263. 		return
  264. 	}
  265. 

  266. 	// Ensure user is in a 2FA session.

  267. 	if ctx.Session.Get("twofaUid") == nil {
  268. 		ctx.Handle(500, "UserSignIn", errors.New("not in 2FA session"))
  269. 		return
  270. 	}
  271. 

  272. 	ctx.HTML(200, tplTwofaScratch)
  273. }
  274. 

  275. // TwoFactorScratchPost validates and invalidates a user's two-factor scratch token.

  276. func TwoFactorScratchPost(ctx *context.Context, form auth.TwoFactorScratchAuthForm) {
  277. 	ctx.Data["Title"] = ctx.Tr("twofa_scratch")
  278. 

  279. 	// Ensure user is in a 2FA session.

  280. 	idSess := ctx.Session.Get("twofaUid")
  281. 	if idSess == nil {
  282. 		ctx.Handle(500, "UserSignIn", errors.New("not in 2FA session"))
  283. 		return
  284. 	}
  285. 

  286. 	id := idSess.(int64)
  287. 	twofa, err := models.GetTwoFactorByUID(id)
  288. 	if err != nil {
  289. 		ctx.Handle(500, "UserSignIn", err)
  290. 		return
  291. 	}
  292. 

  293. 	// Validate the passcode with the stored TOTP secret.

  294. 	if twofa.VerifyScratchToken(form.Token) {
  295. 		// Invalidate the scratch token.

  296. 		twofa.ScratchToken = ""
  297. 		if err = models.UpdateTwoFactor(twofa); err != nil {
  298. 			ctx.Handle(500, "UserSignIn", err)
  299. 			return
  300. 		}
  301. 

  302. 		remember := ctx.Session.Get("twofaRemember").(bool)
  303. 		u, err := models.GetUserByID(id)
  304. 		if err != nil {
  305. 			ctx.Handle(500, "UserSignIn", err)
  306. 			return
  307. 		}
  308. 

  309. 		handleSignInFull(ctx, u, remember, false)
  310. 		ctx.Flash.Info(ctx.Tr("auth.twofa_scratch_used"))
  311. 		ctx.Redirect(setting.AppSubURL + "/user/settings/two_factor")
  312. 		return
  313. 	}
  314. 

  315. 	ctx.RenderWithErr(ctx.Tr("auth.twofa_scratch_token_incorrect"), tplTwofaScratch, auth.TwoFactorScratchAuthForm{})
  316. }
  317. 

  318. // This handles the final part of the sign-in process of the user.

  319. func handleSignIn(ctx *context.Context, u *models.User, remember bool) {
  320. 	handleSignInFull(ctx, u, remember, true)
  321. }
  322. 

  323. func handleSignInFull(ctx *context.Context, u *models.User, remember bool, obeyRedirect bool) {
  324. 	if remember {
  325. 		days := 86400 * setting.LogInRememberDays
  326. 		ctx.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubURL)
  327. 		ctx.SetSuperSecureCookie(base.EncodeMD5(u.Rands+u.Passwd),
  328. 			setting.CookieRememberName, u.Name, days, setting.AppSubURL)
  329. 	}
  330. 

  331. 	ctx.Session.Delete("openid_verified_uri")
  332. 	ctx.Session.Delete("openid_signin_remember")
  333. 	ctx.Session.Delete("openid_determined_email")
  334. 	ctx.Session.Delete("openid_determined_username")
  335. 	ctx.Session.Delete("twofaUid")
  336. 	ctx.Session.Delete("twofaRemember")
  337. 	ctx.Session.Set("uid", u.ID)
  338. 	ctx.Session.Set("uname", u.Name)
  339. 

  340. 	// Clear whatever CSRF has right now, force to generate a new one

  341. 	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL)
  342. 

  343. 	// Register last login

  344. 	u.SetLastLogin()
  345. 	if err := models.UpdateUserCols(u, "last_login_unix"); err != nil {
  346. 		ctx.Handle(500, "UpdateUserCols", err)
  347. 		return
  348. 	}
  349. 

  350. 	if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {
  351. 		ctx.SetCookie("redirect_to", "", -1, setting.AppSubURL)
  352. 		if obeyRedirect {
  353. 			ctx.Redirect(redirectTo)
  354. 		}
  355. 		return
  356. 	}
  357. 

  358. 	if obeyRedirect {
  359. 		ctx.Redirect(setting.AppSubURL + "/")
  360. 	}
  361. }
  362. 

  363. // SignInOAuth handles the OAuth2 login buttons

  364. func SignInOAuth(ctx *context.Context) {
  365. 	provider := ctx.Params(":provider")
  366. 

  367. 	loginSource, err := models.GetActiveOAuth2LoginSourceByName(provider)
  368. 	if err != nil {
  369. 		ctx.Handle(500, "SignIn", err)
  370. 		return
  371. 	}
  372. 

  373. 	// try to do a direct callback flow, so we don't authenticate the user again but use the valid accesstoken to get the user

  374. 	user, gothUser, err := oAuth2UserLoginCallback(loginSource, ctx.Req.Request, ctx.Resp)
  375. 	if err == nil && user != nil {
  376. 		// we got the user without going through the whole OAuth2 authentication flow again

  377. 		handleOAuth2SignIn(user, gothUser, ctx, err)
  378. 		return
  379. 	}
  380. 

  381. 	err = oauth2.Auth(loginSource.Name, ctx.Req.Request, ctx.Resp)
  382. 	if err != nil {
  383. 		ctx.Handle(500, "SignIn", err)
  384. 	}
  385. 	// redirect is done in oauth2.Auth

  386. }
  387. 

  388. // SignInOAuthCallback handles the callback from the given provider

  389. func SignInOAuthCallback(ctx *context.Context) {
  390. 	provider := ctx.Params(":provider")
  391. 

  392. 	// first look if the provider is still active

  393. 	loginSource, err := models.GetActiveOAuth2LoginSourceByName(provider)
  394. 	if err != nil {
  395. 		ctx.Handle(500, "SignIn", err)
  396. 		return
  397. 	}
  398. 

  399. 	if loginSource == nil {
  400. 		ctx.Handle(500, "SignIn", errors.New("No valid provider found, check configured callback url in provider"))
  401. 		return
  402. 	}
  403. 

  404. 	u, gothUser, err := oAuth2UserLoginCallback(loginSource, ctx.Req.Request, ctx.Resp)
  405. 

  406. 	handleOAuth2SignIn(u, gothUser, ctx, err)
  407. }
  408. 

  409. func handleOAuth2SignIn(u *models.User, gothUser goth.User, ctx *context.Context, err error) {
  410. 	if err != nil {
  411. 		ctx.Handle(500, "UserSignIn", err)
  412. 		return
  413. 	}
  414. 

  415. 	if u == nil {
  416. 		// no existing user is found, request attach or new account

  417. 		ctx.Session.Set("linkAccountGothUser", gothUser)
  418. 		ctx.Redirect(setting.AppSubURL + "/user/link_account")
  419. 		return
  420. 	}
  421. 

  422. 	// If this user is enrolled in 2FA, we can't sign the user in just yet.

  423. 	// Instead, redirect them to the 2FA authentication page.

  424. 	_, err = models.GetTwoFactorByUID(u.ID)
  425. 	if err != nil {
  426. 		if models.IsErrTwoFactorNotEnrolled(err) {
  427. 			ctx.Session.Set("uid", u.ID)
  428. 			ctx.Session.Set("uname", u.Name)
  429. 

  430. 			// Clear whatever CSRF has right now, force to generate a new one

  431. 			ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL)
  432. 

  433. 			// Register last login

  434. 			u.SetLastLogin()
  435. 			if err := models.UpdateUserCols(u, "last_login_unix"); err != nil {
  436. 				ctx.Handle(500, "UpdateUserCols", err)
  437. 				return
  438. 			}
  439. 

  440. 			if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 {
  441. 				ctx.SetCookie("redirect_to", "", -1, setting.AppSubURL)
  442. 				ctx.Redirect(redirectTo)
  443. 				return
  444. 			}
  445. 

  446. 			ctx.Redirect(setting.AppSubURL + "/")
  447. 		} else {
  448. 			ctx.Handle(500, "UserSignIn", err)
  449. 		}
  450. 		return
  451. 	}
  452. 

  453. 	// User needs to use 2FA, save data and redirect to 2FA page.

  454. 	ctx.Session.Set("twofaUid", u.ID)
  455. 	ctx.Session.Set("twofaRemember", false)
  456. 	ctx.Redirect(setting.AppSubURL + "/user/two_factor")
  457. }
  458. 

  459. // OAuth2UserLoginCallback attempts to handle the callback from the OAuth2 provider and if successful

  460. // login the user

  461. func oAuth2UserLoginCallback(loginSource *models.LoginSource, request *http.Request, response http.ResponseWriter) (*models.User, goth.User, error) {
  462. 	gothUser, err := oauth2.ProviderCallback(loginSource.Name, request, response)
  463. 

  464. 	if err != nil {
  465. 		return nil, goth.User{}, err
  466. 	}
  467. 

  468. 	user := &models.User{
  469. 		LoginName:   gothUser.UserID,
  470. 		LoginType:   models.LoginOAuth2,
  471. 		LoginSource: loginSource.ID,
  472. 	}
  473. 

  474. 	hasUser, err := models.GetUser(user)
  475. 	if err != nil {
  476. 		return nil, goth.User{}, err
  477. 	}
  478. 

  479. 	if hasUser {
  480. 		return user, goth.User{}, nil
  481. 	}
  482. 

  483. 	// search in external linked users

  484. 	externalLoginUser := &models.ExternalLoginUser{
  485. 		ExternalID:    gothUser.UserID,
  486. 		LoginSourceID: loginSource.ID,
  487. 	}
  488. 	hasUser, err = models.GetExternalLogin(externalLoginUser)
  489. 	if err != nil {
  490. 		return nil, goth.User{}, err
  491. 	}
  492. 	if hasUser {
  493. 		user, err = models.GetUserByID(externalLoginUser.UserID)
  494. 		return user, goth.User{}, err
  495. 	}
  496. 

  497. 	// no user found to login

  498. 	return nil, gothUser, nil
  499. 

  500. }
  501. 

  502. // LinkAccount shows the page where the user can decide to login or create a new account

  503. func LinkAccount(ctx *context.Context) {
  504. 	ctx.Data["Title"] = ctx.Tr("link_account")
  505. 	ctx.Data["LinkAccountMode"] = true
  506. 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
  507. 	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
  508. 	ctx.Data["ShowRegistrationButton"] = false
  509. 

  510. 	// use this to set the right link into the signIn and signUp templates in the link_account template

  511. 	ctx.Data["SignInLink"] = setting.AppSubURL + "/user/link_account_signin"
  512. 	ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/link_account_signup"
  513. 

  514. 	gothUser := ctx.Session.Get("linkAccountGothUser")
  515. 	if gothUser == nil {
  516. 		ctx.Handle(500, "UserSignIn", errors.New("not in LinkAccount session"))
  517. 		return
  518. 	}
  519. 

  520. 	ctx.Data["user_name"] = gothUser.(goth.User).NickName
  521. 	ctx.Data["email"] = gothUser.(goth.User).Email
  522. 

  523. 	ctx.HTML(200, tplLinkAccount)
  524. }
  525. 

  526. // LinkAccountPostSignIn handle the coupling of external account with another account using signIn

  527. func LinkAccountPostSignIn(ctx *context.Context, signInForm auth.SignInForm) {
  528. 	ctx.Data["Title"] = ctx.Tr("link_account")
  529. 	ctx.Data["LinkAccountMode"] = true
  530. 	ctx.Data["LinkAccountModeSignIn"] = true
  531. 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
  532. 	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
  533. 	ctx.Data["ShowRegistrationButton"] = false
  534. 

  535. 	// use this to set the right link into the signIn and signUp templates in the link_account template

  536. 	ctx.Data["SignInLink"] = setting.AppSubURL + "/user/link_account_signin"
  537. 	ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/link_account_signup"
  538. 

  539. 	gothUser := ctx.Session.Get("linkAccountGothUser")
  540. 	if gothUser == nil {
  541. 		ctx.Handle(500, "UserSignIn", errors.New("not in LinkAccount session"))
  542. 		return
  543. 	}
  544. 

  545. 	if ctx.HasError() {
  546. 		ctx.HTML(200, tplLinkAccount)
  547. 		return
  548. 	}
  549. 

  550. 	u, err := models.UserSignIn(signInForm.UserName, signInForm.Password)
  551. 	if err != nil {
  552. 		if models.IsErrUserNotExist(err) {
  553. 			ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplLinkAccount, &signInForm)
  554. 		} else {
  555. 			ctx.Handle(500, "UserLinkAccount", err)
  556. 		}
  557. 		return
  558. 	}
  559. 

  560. 	// If this user is enrolled in 2FA, we can't sign the user in just yet.

  561. 	// Instead, redirect them to the 2FA authentication page.

  562. 	_, err = models.GetTwoFactorByUID(u.ID)
  563. 	if err != nil {
  564. 		if models.IsErrTwoFactorNotEnrolled(err) {
  565. 			err = models.LinkAccountToUser(u, gothUser.(goth.User))
  566. 			if err != nil {
  567. 				ctx.Handle(500, "UserLinkAccount", err)
  568. 			} else {
  569. 				handleSignIn(ctx, u, signInForm.Remember)
  570. 			}
  571. 		} else {
  572. 			ctx.Handle(500, "UserLinkAccount", err)
  573. 		}
  574. 		return
  575. 	}
  576. 

  577. 	// User needs to use 2FA, save data and redirect to 2FA page.

  578. 	ctx.Session.Set("twofaUid", u.ID)
  579. 	ctx.Session.Set("twofaRemember", signInForm.Remember)
  580. 	ctx.Session.Set("linkAccount", true)
  581. 

  582. 	ctx.Redirect(setting.AppSubURL + "/user/two_factor")
  583. }
  584. 

  585. // LinkAccountPostRegister handle the creation of a new account for an external account using signUp

  586. func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterForm) {
  587. 	ctx.Data["Title"] = ctx.Tr("link_account")
  588. 	ctx.Data["LinkAccountMode"] = true
  589. 	ctx.Data["LinkAccountModeRegister"] = true
  590. 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
  591. 	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
  592. 	ctx.Data["ShowRegistrationButton"] = false
  593. 

  594. 	// use this to set the right link into the signIn and signUp templates in the link_account template

  595. 	ctx.Data["SignInLink"] = setting.AppSubURL + "/user/link_account_signin"
  596. 	ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/link_account_signup"
  597. 

  598. 	gothUser := ctx.Session.Get("linkAccountGothUser")
  599. 	if gothUser == nil {
  600. 		ctx.Handle(500, "UserSignUp", errors.New("not in LinkAccount session"))
  601. 		return
  602. 	}
  603. 

  604. 	if ctx.HasError() {
  605. 		ctx.HTML(200, tplLinkAccount)
  606. 		return
  607. 	}
  608. 

  609. 	if setting.Service.DisableRegistration {
  610. 		ctx.Error(403)
  611. 		return
  612. 	}
  613. 

  614. 	if setting.Service.EnableCaptcha && !cpt.VerifyReq(ctx.Req) {
  615. 		ctx.Data["Err_Captcha"] = true
  616. 		ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplLinkAccount, &form)
  617. 		return
  618. 	}
  619. 

  620. 	if (len(strings.TrimSpace(form.Password)) > 0 || len(strings.TrimSpace(form.Retype)) > 0) && form.Password != form.Retype {
  621. 		ctx.Data["Err_Password"] = true
  622. 		ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplLinkAccount, &form)
  623. 		return
  624. 	}
  625. 	if len(strings.TrimSpace(form.Password)) > 0 && len(form.Password) < setting.MinPasswordLength {
  626. 		ctx.Data["Err_Password"] = true
  627. 		ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplLinkAccount, &form)
  628. 		return
  629. 	}
  630. 

  631. 	loginSource, err := models.GetActiveOAuth2LoginSourceByName(gothUser.(goth.User).Provider)
  632. 	if err != nil {
  633. 		ctx.Handle(500, "CreateUser", err)
  634. 	}
  635. 

  636. 	u := &models.User{
  637. 		Name:        form.UserName,
  638. 		Email:       form.Email,
  639. 		Passwd:      form.Password,
  640. 		IsActive:    !setting.Service.RegisterEmailConfirm,
  641. 		LoginType:   models.LoginOAuth2,
  642. 		LoginSource: loginSource.ID,
  643. 		LoginName:   gothUser.(goth.User).UserID,
  644. 	}
  645. 

  646. 	if err := models.CreateUser(u); err != nil {
  647. 		switch {
  648. 		case models.IsErrUserAlreadyExist(err):
  649. 			ctx.Data["Err_UserName"] = true
  650. 			ctx.RenderWithErr(ctx.Tr("form.username_been_taken"), tplLinkAccount, &form)
  651. 		case models.IsErrEmailAlreadyUsed(err):
  652. 			ctx.Data["Err_Email"] = true
  653. 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplLinkAccount, &form)
  654. 		case models.IsErrNameReserved(err):
  655. 			ctx.Data["Err_UserName"] = true
  656. 			ctx.RenderWithErr(ctx.Tr("user.form.name_reserved", err.(models.ErrNameReserved).Name), tplLinkAccount, &form)
  657. 		case models.IsErrNamePatternNotAllowed(err):
  658. 			ctx.Data["Err_UserName"] = true
  659. 			ctx.RenderWithErr(ctx.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tplLinkAccount, &form)
  660. 		default:
  661. 			ctx.Handle(500, "CreateUser", err)
  662. 		}
  663. 		return
  664. 	}
  665. 	log.Trace("Account created: %s", u.Name)
  666. 

  667. 	// Auto-set admin for the only user.

  668. 	if models.CountUsers() == 1 {
  669. 		u.IsAdmin = true
  670. 		u.IsActive = true
  671. 		u.SetLastLogin()
  672. 		if err := models.UpdateUserCols(u, "is_admin", "is_active", "last_login_unix"); err != nil {
  673. 			ctx.Handle(500, "UpdateUser", err)
  674. 			return
  675. 		}
  676. 	}
  677. 

  678. 	// Send confirmation email

  679. 	if setting.Service.RegisterEmailConfirm && u.ID > 1 {
  680. 		models.SendActivateAccountMail(ctx.Context, u)
  681. 		ctx.Data["IsSendRegisterMail"] = true
  682. 		ctx.Data["Email"] = u.Email
  683. 		ctx.Data["ActiveCodeLives"] = base.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale.Language())
  684. 		ctx.HTML(200, TplActivate)
  685. 

  686. 		if err := ctx.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil {
  687. 			log.Error(4, "Set cache(MailResendLimit) fail: %v", err)
  688. 		}
  689. 		return
  690. 	}
  691. 

  692. 	ctx.Redirect(setting.AppSubURL + "/user/login")
  693. }
  694. 

  695. // SignOut sign out from login status

  696. func SignOut(ctx *context.Context) {
  697. 	ctx.Session.Delete("uid")
  698. 	ctx.Session.Delete("uname")
  699. 	ctx.Session.Delete("socialId")
  700. 	ctx.Session.Delete("socialName")
  701. 	ctx.Session.Delete("socialEmail")
  702. 	ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubURL)
  703. 	ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL)
  704. 	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL)
  705. 	ctx.Redirect(setting.AppSubURL + "/")
  706. }
  707. 

  708. // SignUp render the register page

  709. func SignUp(ctx *context.Context) {
  710. 	ctx.Data["Title"] = ctx.Tr("sign_up")
  711. 

  712. 	ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/sign_up"
  713. 

  714. 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
  715. 

  716. 	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
  717. 

  718. 	ctx.HTML(200, tplSignUp)
  719. }
  720. 

  721. // SignUpPost response for sign up information submission

  722. func SignUpPost(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterForm) {
  723. 	ctx.Data["Title"] = ctx.Tr("sign_up")
  724. 

  725. 	ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/sign_up"
  726. 

  727. 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
  728. 

  729. 	if setting.Service.DisableRegistration {
  730. 		ctx.Error(403)
  731. 		return
  732. 	}
  733. 

  734. 	if ctx.HasError() {
  735. 		ctx.HTML(200, tplSignUp)
  736. 		return
  737. 	}
  738. 

  739. 	if setting.Service.EnableCaptcha && !cpt.VerifyReq(ctx.Req) {
  740. 		ctx.Data["Err_Captcha"] = true
  741. 		ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplSignUp, &form)
  742. 		return
  743. 	}
  744. 

  745. 	if form.Password != form.Retype {
  746. 		ctx.Data["Err_Password"] = true
  747. 		ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplSignUp, &form)
  748. 		return
  749. 	}
  750. 	if len(form.Password) < setting.MinPasswordLength {
  751. 		ctx.Data["Err_Password"] = true
  752. 		ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplSignUp, &form)
  753. 		return
  754. 	}
  755. 

  756. 	u := &models.User{
  757. 		Name:     form.UserName,
  758. 		Email:    form.Email,
  759. 		Passwd:   form.Password,
  760. 		IsActive: !setting.Service.RegisterEmailConfirm,
  761. 	}
  762. 	if err := models.CreateUser(u); err != nil {
  763. 		switch {
  764. 		case models.IsErrUserAlreadyExist(err):
  765. 			ctx.Data["Err_UserName"] = true
  766. 			ctx.RenderWithErr(ctx.Tr("form.username_been_taken"), tplSignUp, &form)
  767. 		case models.IsErrEmailAlreadyUsed(err):
  768. 			ctx.Data["Err_Email"] = true
  769. 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSignUp, &form)
  770. 		case models.IsErrNameReserved(err):
  771. 			ctx.Data["Err_UserName"] = true
  772. 			ctx.RenderWithErr(ctx.Tr("user.form.name_reserved", err.(models.ErrNameReserved).Name), tplSignUp, &form)
  773. 		case models.IsErrNamePatternNotAllowed(err):
  774. 			ctx.Data["Err_UserName"] = true
  775. 			ctx.RenderWithErr(ctx.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tplSignUp, &form)
  776. 		default:
  777. 			ctx.Handle(500, "CreateUser", err)
  778. 		}
  779. 		return
  780. 	}
  781. 	log.Trace("Account created: %s", u.Name)
  782. 

  783. 	// Auto-set admin for the only user.

  784. 	if models.CountUsers() == 1 {
  785. 		u.IsAdmin = true
  786. 		u.IsActive = true
  787. 		u.SetLastLogin()
  788. 		if err := models.UpdateUserCols(u, "is_admin", "is_active", "last_login_unix"); err != nil {
  789. 			ctx.Handle(500, "UpdateUser", err)
  790. 			return
  791. 		}
  792. 	}
  793. 

  794. 	// Send confirmation email, no need for social account.

  795. 	if setting.Service.RegisterEmailConfirm && u.ID > 1 {
  796. 		models.SendActivateAccountMail(ctx.Context, u)
  797. 		ctx.Data["IsSendRegisterMail"] = true
  798. 		ctx.Data["Email"] = u.Email
  799. 		ctx.Data["ActiveCodeLives"] = base.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale.Language())
  800. 		ctx.HTML(200, TplActivate)
  801. 

  802. 		if err := ctx.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil {
  803. 			log.Error(4, "Set cache(MailResendLimit) fail: %v", err)
  804. 		}
  805. 		return
  806. 	}
  807. 

  808. 	ctx.Redirect(setting.AppSubURL + "/user/login")
  809. }
  810. 

  811. // Activate render activate user page

  812. func Activate(ctx *context.Context) {
  813. 	code := ctx.Query("code")
  814. 	if len(code) == 0 {
  815. 		ctx.Data["IsActivatePage"] = true
  816. 		if ctx.User.IsActive {
  817. 			ctx.Error(404)
  818. 			return
  819. 		}
  820. 		// Resend confirmation email.

  821. 		if setting.Service.RegisterEmailConfirm {
  822. 			if ctx.Cache.IsExist("MailResendLimit_" + ctx.User.LowerName) {
  823. 				ctx.Data["ResendLimited"] = true
  824. 			} else {
  825. 				ctx.Data["ActiveCodeLives"] = base.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale.Language())
  826. 				models.SendActivateAccountMail(ctx.Context, ctx.User)
  827. 

  828. 				if err := ctx.Cache.Put("MailResendLimit_"+ctx.User.LowerName, ctx.User.LowerName, 180); err != nil {
  829. 					log.Error(4, "Set cache(MailResendLimit) fail: %v", err)
  830. 				}
  831. 			}
  832. 		} else {
  833. 			ctx.Data["ServiceNotEnabled"] = true
  834. 		}
  835. 		ctx.HTML(200, TplActivate)
  836. 		return
  837. 	}
  838. 

  839. 	// Verify code.

  840. 	if user := models.VerifyUserActiveCode(code); user != nil {
  841. 		user.IsActive = true
  842. 		var err error
  843. 		if user.Rands, err = models.GetUserSalt(); err != nil {
  844. 			ctx.Handle(500, "UpdateUser", err)
  845. 			return
  846. 		}
  847. 		if err := models.UpdateUserCols(user, "is_active", "rands"); err != nil {
  848. 			if models.IsErrUserNotExist(err) {
  849. 				ctx.Error(404)
  850. 			} else {
  851. 				ctx.Handle(500, "UpdateUser", err)
  852. 			}
  853. 			return
  854. 		}
  855. 

  856. 		log.Trace("User activated: %s", user.Name)
  857. 

  858. 		ctx.Session.Set("uid", user.ID)
  859. 		ctx.Session.Set("uname", user.Name)
  860. 		ctx.Redirect(setting.AppSubURL + "/")
  861. 		return
  862. 	}
  863. 

  864. 	ctx.Data["IsActivateFailed"] = true
  865. 	ctx.HTML(200, TplActivate)
  866. }
  867. 

  868. // ActivateEmail render the activate email page

  869. func ActivateEmail(ctx *context.Context) {
  870. 	code := ctx.Query("code")
  871. 	emailStr := ctx.Query("email")
  872. 

  873. 	// Verify code.

  874. 	if email := models.VerifyActiveEmailCode(code, emailStr); email != nil {
  875. 		if err := email.Activate(); err != nil {
  876. 			ctx.Handle(500, "ActivateEmail", err)
  877. 		}
  878. 

  879. 		log.Trace("Email activated: %s", email.Email)
  880. 		ctx.Flash.Success(ctx.Tr("settings.add_email_success"))
  881. 	}
  882. 

  883. 	ctx.Redirect(setting.AppSubURL + "/user/settings/email")
  884. 	return
  885. }
  886. 

  887. // ForgotPasswd render the forget pasword page

  888. func ForgotPasswd(ctx *context.Context) {
  889. 	ctx.Data["Title"] = ctx.Tr("auth.forgot_password_title")
  890. 

  891. 	if setting.MailService == nil {
  892. 		ctx.Data["IsResetDisable"] = true
  893. 		ctx.HTML(200, tplForgotPassword)
  894. 		return
  895. 	}
  896. 

  897. 	email := ctx.Query("email")
  898. 	ctx.Data["Email"] = email
  899. 

  900. 	ctx.Data["IsResetRequest"] = true
  901. 	ctx.HTML(200, tplForgotPassword)
  902. }
  903. 

  904. // ForgotPasswdPost response for forget password request

  905. func ForgotPasswdPost(ctx *context.Context) {
  906. 	ctx.Data["Title"] = ctx.Tr("auth.forgot_password_title")
  907. 

  908. 	if setting.MailService == nil {
  909. 		ctx.Handle(403, "ForgotPasswdPost", nil)
  910. 		return
  911. 	}
  912. 	ctx.Data["IsResetRequest"] = true
  913. 

  914. 	email := ctx.Query("email")
  915. 	ctx.Data["Email"] = email
  916. 

  917. 	u, err := models.GetUserByEmail(email)
  918. 	if err != nil {
  919. 		if models.IsErrUserNotExist(err) {
  920. 			ctx.Data["ResetPwdCodeLives"] = base.MinutesToFriendly(setting.Service.ResetPwdCodeLives, ctx.Locale.Language())
  921. 			ctx.Data["IsResetSent"] = true
  922. 			ctx.HTML(200, tplForgotPassword)
  923. 			return
  924. 		}
  925. 

  926. 		ctx.Handle(500, "user.ResetPasswd(check existence)", err)
  927. 		return
  928. 	}
  929. 

  930. 	if !u.IsLocal() && !u.IsOAuth2() {
  931. 		ctx.Data["Err_Email"] = true
  932. 		ctx.RenderWithErr(ctx.Tr("auth.non_local_account"), tplForgotPassword, nil)
  933. 		return
  934. 	}
  935. 

  936. 	if ctx.Cache.IsExist("MailResendLimit_" + u.LowerName) {
  937. 		ctx.Data["ResendLimited"] = true
  938. 		ctx.HTML(200, tplForgotPassword)
  939. 		return
  940. 	}
  941. 

  942. 	models.SendResetPasswordMail(ctx.Context, u)
  943. 	if err = ctx.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil {
  944. 		log.Error(4, "Set cache(MailResendLimit) fail: %v", err)
  945. 	}
  946. 

  947. 	ctx.Data["ResetPwdCodeLives"] = base.MinutesToFriendly(setting.Service.ResetPwdCodeLives, ctx.Locale.Language())
  948. 	ctx.Data["IsResetSent"] = true
  949. 	ctx.HTML(200, tplForgotPassword)
  950. }
  951. 

  952. // ResetPasswd render the reset password page

  953. func ResetPasswd(ctx *context.Context) {
  954. 	ctx.Data["Title"] = ctx.Tr("auth.reset_password")
  955. 

  956. 	code := ctx.Query("code")
  957. 	if len(code) == 0 {
  958. 		ctx.Error(404)
  959. 		return
  960. 	}
  961. 	ctx.Data["Code"] = code
  962. 	ctx.Data["IsResetForm"] = true
  963. 	ctx.HTML(200, tplResetPassword)
  964. }
  965. 

  966. // ResetPasswdPost response from reset password request

  967. func ResetPasswdPost(ctx *context.Context) {
  968. 	ctx.Data["Title"] = ctx.Tr("auth.reset_password")
  969. 

  970. 	code := ctx.Query("code")
  971. 	if len(code) == 0 {
  972. 		ctx.Error(404)
  973. 		return
  974. 	}
  975. 	ctx.Data["Code"] = code
  976. 

  977. 	if u := models.VerifyUserActiveCode(code); u != nil {
  978. 		// Validate password length.

  979. 		passwd := ctx.Query("password")
  980. 		if len(passwd) < setting.MinPasswordLength {
  981. 			ctx.Data["IsResetForm"] = true
  982. 			ctx.Data["Err_Password"] = true
  983. 			ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplResetPassword, nil)
  984. 			return
  985. 		}
  986. 

  987. 		u.Passwd = passwd
  988. 		var err error
  989. 		if u.Rands, err = models.GetUserSalt(); err != nil {
  990. 			ctx.Handle(500, "UpdateUser", err)
  991. 			return
  992. 		}
  993. 		if u.Salt, err = models.GetUserSalt(); err != nil {
  994. 			ctx.Handle(500, "UpdateUser", err)
  995. 			return
  996. 		}
  997. 		u.EncodePasswd()
  998. 		if err := models.UpdateUserCols(u, "passwd", "rands", "salt"); err != nil {
  999. 			ctx.Handle(500, "UpdateUser", err)
  1000. 			return
  1001. 		}
  1002. 

  1003. 		log.Trace("User password reset: %s", u.Name)
  1004. 		ctx.Redirect(setting.AppSubURL + "/user/login")
  1005. 		return
  1006. 	}
  1007. 

  1008. 	ctx.Data["IsResetFailed"] = true
  1009. 	ctx.HTML(200, tplResetPassword)
  1010. }