2018-05-17 00:05:00 -04:00
|
|
|
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
|
|
// Copyright 2018 The Gitea Authors. All rights reserved.
|
2022-11-27 13:20:29 -05:00
|
|
|
// SPDX-License-Identifier: MIT
|
2018-05-17 00:05:00 -04:00
|
|
|
|
2022-01-02 08:12:35 -05:00
|
|
|
package security
|
2018-05-17 00:05:00 -04:00
|
|
|
|
|
|
|
import (
|
2021-04-05 11:30:52 -04:00
|
|
|
"net/http"
|
2023-11-02 21:41:00 -04:00
|
|
|
"sort"
|
2021-04-05 11:30:52 -04:00
|
|
|
|
2022-08-24 22:31:57 -04:00
|
|
|
auth_model "code.gitea.io/gitea/models/auth"
|
2023-11-23 22:49:41 -05:00
|
|
|
"code.gitea.io/gitea/models/db"
|
2021-11-17 04:58:31 -05:00
|
|
|
user_model "code.gitea.io/gitea/models/user"
|
2018-05-17 00:05:00 -04:00
|
|
|
"code.gitea.io/gitea/modules/base"
|
2024-03-02 10:42:31 -05:00
|
|
|
"code.gitea.io/gitea/modules/optional"
|
2018-05-17 00:05:00 -04:00
|
|
|
"code.gitea.io/gitea/modules/setting"
|
2022-05-28 20:03:17 -04:00
|
|
|
"code.gitea.io/gitea/services/auth/source/oauth2"
|
2024-02-27 02:12:22 -05:00
|
|
|
"code.gitea.io/gitea/services/context"
|
2018-05-17 00:05:00 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2022-01-02 08:12:35 -05:00
|
|
|
tplSettingsSecurity base.TplName = "user/settings/security/security"
|
|
|
|
tplSettingsTwofaEnroll base.TplName = "user/settings/security/twofa_enroll"
|
2018-05-17 00:05:00 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
// Security render change user's password page and 2FA
|
|
|
|
func Security(ctx *context.Context) {
|
2024-07-09 13:36:31 -04:00
|
|
|
if user_model.IsFeatureDisabledWithLoginType(ctx.Doer,
|
|
|
|
setting.UserFeatureManageMFA, setting.UserFeatureManageCredentials) {
|
|
|
|
ctx.Error(http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-02-01 17:56:10 -05:00
|
|
|
ctx.Data["Title"] = ctx.Tr("settings.security")
|
2018-05-17 00:05:00 -04:00
|
|
|
ctx.Data["PageIsSettingsSecurity"] = true
|
|
|
|
|
2021-08-10 20:31:13 -04:00
|
|
|
if ctx.FormString("openid.return_to") != "" {
|
2018-06-18 14:24:45 -04:00
|
|
|
settingsOpenIDVerify(ctx)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
loadSecurityData(ctx)
|
|
|
|
|
2021-04-05 11:30:52 -04:00
|
|
|
ctx.HTML(http.StatusOK, tplSettingsSecurity)
|
2018-06-18 14:24:45 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// DeleteAccountLink delete a single account link
|
|
|
|
func DeleteAccountLink(ctx *context.Context) {
|
2024-07-09 13:36:31 -04:00
|
|
|
if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManageCredentials) {
|
|
|
|
ctx.Error(http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-07-28 21:42:15 -04:00
|
|
|
id := ctx.FormInt64("id")
|
2019-02-07 01:51:23 -05:00
|
|
|
if id <= 0 {
|
|
|
|
ctx.Flash.Error("Account link id is not given")
|
2018-06-18 14:24:45 -04:00
|
|
|
} else {
|
2023-10-14 04:37:24 -04:00
|
|
|
if _, err := user_model.RemoveAccountLink(ctx, ctx.Doer, id); err != nil {
|
2019-02-07 01:51:23 -05:00
|
|
|
ctx.Flash.Error("RemoveAccountLink: " + err.Error())
|
|
|
|
} else {
|
|
|
|
ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))
|
|
|
|
}
|
2018-06-18 14:24:45 -04:00
|
|
|
}
|
|
|
|
|
2023-07-26 02:04:01 -04:00
|
|
|
ctx.JSONRedirect(setting.AppSubURL + "/user/settings/security")
|
2018-06-18 14:24:45 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
func loadSecurityData(ctx *context.Context) {
|
2023-09-15 02:13:19 -04:00
|
|
|
enrolled, err := auth_model.HasTwoFactorByUID(ctx, ctx.Doer.ID)
|
2018-05-17 00:05:00 -04:00
|
|
|
if err != nil {
|
2021-11-08 17:47:19 -05:00
|
|
|
ctx.ServerError("SettingsTwoFactor", err)
|
|
|
|
return
|
2018-05-17 00:05:00 -04:00
|
|
|
}
|
2021-11-08 17:47:19 -05:00
|
|
|
ctx.Data["TOTPEnrolled"] = enrolled
|
|
|
|
|
2023-09-16 10:39:12 -04:00
|
|
|
credentials, err := auth_model.GetWebAuthnCredentialsByUID(ctx, ctx.Doer.ID)
|
2021-11-08 17:47:19 -05:00
|
|
|
if err != nil {
|
2022-01-14 10:03:31 -05:00
|
|
|
ctx.ServerError("GetWebAuthnCredentialsByUID", err)
|
2021-11-08 17:47:19 -05:00
|
|
|
return
|
2018-05-19 10:12:37 -04:00
|
|
|
}
|
2022-01-14 10:03:31 -05:00
|
|
|
ctx.Data["WebAuthnCredentials"] = credentials
|
2018-05-17 00:05:00 -04:00
|
|
|
|
2023-11-23 22:49:41 -05:00
|
|
|
tokens, err := db.Find[auth_model.AccessToken](ctx, auth_model.ListAccessTokensOptions{UserID: ctx.Doer.ID})
|
2018-05-17 00:05:00 -04:00
|
|
|
if err != nil {
|
|
|
|
ctx.ServerError("ListAccessTokens", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.Data["Tokens"] = tokens
|
|
|
|
|
2023-11-23 22:49:41 -05:00
|
|
|
accountLinks, err := db.Find[user_model.ExternalLoginUser](ctx, user_model.FindExternalUserOptions{
|
|
|
|
UserID: ctx.Doer.ID,
|
|
|
|
OrderBy: "login_source_id DESC",
|
|
|
|
})
|
2018-05-17 00:05:00 -04:00
|
|
|
if err != nil {
|
|
|
|
ctx.ServerError("ListAccountLinks", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-01-02 08:12:35 -05:00
|
|
|
// map the provider display name with the AuthSource
|
2022-08-24 22:31:57 -04:00
|
|
|
sources := make(map[*auth_model.Source]string)
|
2018-05-17 00:05:00 -04:00
|
|
|
for _, externalAccount := range accountLinks {
|
2023-11-06 01:09:34 -05:00
|
|
|
if authSource, err := auth_model.GetSourceByID(ctx, externalAccount.LoginSourceID); err == nil {
|
2018-05-17 00:05:00 -04:00
|
|
|
var providerDisplayName string
|
2021-08-05 21:11:08 -04:00
|
|
|
|
|
|
|
type DisplayNamed interface {
|
|
|
|
DisplayName() string
|
|
|
|
}
|
|
|
|
|
|
|
|
type Named interface {
|
|
|
|
Name() string
|
|
|
|
}
|
|
|
|
|
2022-01-02 08:12:35 -05:00
|
|
|
if displayNamed, ok := authSource.Cfg.(DisplayNamed); ok {
|
2021-08-05 21:11:08 -04:00
|
|
|
providerDisplayName = displayNamed.DisplayName()
|
2022-01-02 08:12:35 -05:00
|
|
|
} else if named, ok := authSource.Cfg.(Named); ok {
|
2021-08-05 21:11:08 -04:00
|
|
|
providerDisplayName = named.Name()
|
2018-05-17 00:05:00 -04:00
|
|
|
} else {
|
2022-01-02 08:12:35 -05:00
|
|
|
providerDisplayName = authSource.Name
|
2018-05-17 00:05:00 -04:00
|
|
|
}
|
2022-01-02 08:12:35 -05:00
|
|
|
sources[authSource] = providerDisplayName
|
2018-05-17 00:05:00 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
ctx.Data["AccountLinks"] = sources
|
|
|
|
|
2023-11-23 22:49:41 -05:00
|
|
|
authSources, err := db.Find[auth_model.Source](ctx, auth_model.FindSourcesOptions{
|
2024-03-02 10:42:31 -05:00
|
|
|
IsActive: optional.None[bool](),
|
2023-11-02 21:41:00 -04:00
|
|
|
LoginType: auth_model.OAuth2,
|
|
|
|
})
|
2022-05-28 20:03:17 -04:00
|
|
|
if err != nil {
|
2023-11-02 21:41:00 -04:00
|
|
|
ctx.ServerError("FindSources", err)
|
2022-05-28 20:03:17 -04:00
|
|
|
return
|
|
|
|
}
|
2023-11-02 21:41:00 -04:00
|
|
|
|
|
|
|
var orderedOAuth2Names []string
|
|
|
|
oauth2Providers := make(map[string]oauth2.Provider)
|
|
|
|
for _, source := range authSources {
|
|
|
|
provider, err := oauth2.CreateProviderFromSource(source)
|
|
|
|
if err != nil {
|
|
|
|
ctx.ServerError("CreateProviderFromSource", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
oauth2Providers[source.Name] = provider
|
|
|
|
if source.IsActive {
|
|
|
|
orderedOAuth2Names = append(orderedOAuth2Names, source.Name)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
sort.Strings(orderedOAuth2Names)
|
|
|
|
|
2022-05-28 20:03:17 -04:00
|
|
|
ctx.Data["OrderedOAuth2Names"] = orderedOAuth2Names
|
|
|
|
ctx.Data["OAuth2Providers"] = oauth2Providers
|
|
|
|
|
2023-09-15 02:13:19 -04:00
|
|
|
openid, err := user_model.GetUserOpenIDs(ctx, ctx.Doer.ID)
|
2018-05-17 00:05:00 -04:00
|
|
|
if err != nil {
|
|
|
|
ctx.ServerError("GetUserOpenIDs", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.Data["OpenIDs"] = openid
|
2024-07-09 13:36:31 -04:00
|
|
|
ctx.Data["UserDisabledFeatures"] = user_model.DisabledFeaturesWithLoginType(ctx.Doer)
|
2018-05-17 00:05:00 -04:00
|
|
|
}
|