gitea/routers/web/user/setting/security.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package setting

import (
	"net/http"

	"code.gitea.io/gitea/models"
	"code.gitea.io/gitea/modules/base"
	"code.gitea.io/gitea/modules/context"
	"code.gitea.io/gitea/modules/setting"
	"code.gitea.io/gitea/services/auth/source/oauth2"
)

const (
	tplSettingsSecurity    base.TplName = "user/settings/security"
	tplSettingsTwofaEnroll base.TplName = "user/settings/twofa_enroll"
)

// Security render change user's password page and 2FA
func Security(ctx *context.Context) {
	ctx.Data["Title"] = ctx.Tr("settings")
	ctx.Data["PageIsSettingsSecurity"] = true
	ctx.Data["RequireU2F"] = true

	if ctx.Form("openid.return_to") != "" {
		settingsOpenIDVerify(ctx)
		return
	}

	loadSecurityData(ctx)

	ctx.HTML(http.StatusOK, tplSettingsSecurity)
}

// DeleteAccountLink delete a single account link
func DeleteAccountLink(ctx *context.Context) {
	id := ctx.FormInt64("id")
	if id <= 0 {
		ctx.Flash.Error("Account link id is not given")
	} else {
		if _, err := models.RemoveAccountLink(ctx.User, id); err != nil {
			ctx.Flash.Error("RemoveAccountLink: " + err.Error())
		} else {
			ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))
		}
	}

	ctx.JSON(http.StatusOK, map[string]interface{}{
		"redirect": setting.AppSubURL + "/user/settings/security",
	})
}

func loadSecurityData(ctx *context.Context) {
	enrolled := true
	_, err := models.GetTwoFactorByUID(ctx.User.ID)
	if err != nil {
		if models.IsErrTwoFactorNotEnrolled(err) {
			enrolled = false
		} else {
			ctx.ServerError("SettingsTwoFactor", err)
			return
		}
	}
	ctx.Data["TwofaEnrolled"] = enrolled
	if enrolled {
		ctx.Data["U2FRegistrations"], err = models.GetU2FRegistrationsByUID(ctx.User.ID)
		if err != nil {
			ctx.ServerError("GetU2FRegistrationsByUID", err)
			return
		}
	}

	tokens, err := models.ListAccessTokens(models.ListAccessTokensOptions{UserID: ctx.User.ID})
	if err != nil {
		ctx.ServerError("ListAccessTokens", err)
		return
	}
	ctx.Data["Tokens"] = tokens

	accountLinks, err := models.ListAccountLinks(ctx.User)
	if err != nil {
		ctx.ServerError("ListAccountLinks", err)
		return
	}

	// map the provider display name with the LoginSource
	sources := make(map[*models.LoginSource]string)
	for _, externalAccount := range accountLinks {
		if loginSource, err := models.GetLoginSourceByID(externalAccount.LoginSourceID); err == nil {
			var providerDisplayName string
			if loginSource.IsOAuth2() {
				providerTechnicalName := loginSource.Cfg.(*oauth2.Source).Provider
				providerDisplayName = oauth2.Providers[providerTechnicalName].DisplayName
			} else {
				providerDisplayName = loginSource.Name
			}
			sources[loginSource] = providerDisplayName
		}
	}
	ctx.Data["AccountLinks"] = sources

	openid, err := models.GetUserOpenIDs(ctx.User.ID)
	if err != nil {
		ctx.ServerError("GetUserOpenIDs", err)
		return
	}
	ctx.Data["OpenIDs"] = openid
}
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 04:05:00 +00:00			`// Copyright 2014 The Gogs Authors. All rights reserved.`
			`// Copyright 2018 The Gitea Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package setting`

			`import (`
[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 2021-04-05 15:30:52 +00:00			`"net/http"`

Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 04:05:00 +00:00			`"code.gitea.io/gitea/models"`
			`"code.gitea.io/gitea/modules/base"`
			`"code.gitea.io/gitea/modules/context"`
			`"code.gitea.io/gitea/modules/setting"`
Refactor: Move login out of models (#16199) `models` does far too much. In particular it handles all `UserSignin`. It shouldn't be responsible for calling LDAP, SMTP or PAM for signing in. Therefore we should move this code out of `models`. This code has to depend on `models` - therefore it belongs in `services`. There is a package in `services` called `auth` and clearly this functionality belongs in there. Plan: - [x] Change `auth.Auth` to `auth.Method` - as they represent methods of authentication. - [x] Move `models.UserSignIn` into `auth` - [x] Move `models.ExternalUserLogin` - [x] Move most of the `LoginVia` methods to `auth` or subpackages - [x] Move Resynchronize functionality to `auth` - Involved some restructuring of `models/ssh_key.go` to reduce the size of this massive file and simplify its files. - [x] Move the rest of the LDAP functionality in to the ldap subpackage - [x] Re-factor the login sources to express an interfaces `auth.Source`? - I've done this through some smaller interfaces Authenticator and Synchronizable - which would allow us to extend things in future - [x] Now LDAP is out of models - need to think about modules/auth/ldap and I think all of that functionality might just be moveable - [x] Similarly a lot Oauth2 functionality need not be in models too and should be moved to services/auth/source/oauth2 - [x] modules/auth/oauth2/oauth2.go uses xorm... This is naughty - probably need to move this into models. - [x] models/oauth2.go - mostly should be in modules/auth/oauth2 or services/auth/source/oauth2 - [x] More simplifications of login_source.go may need to be done - Allow wiring in of notify registration - this can now easily be done - but I think we should do it in another PR* - see #16178 - More refactors...? - OpenID should probably become an auth Method but I think that can be left for another PR - Methods should also probably be cleaned up - again another PR I think. - SSPI still needs more refactors.* Rename auth.Auth auth.Method * Restructure ssh_key.go - move functions from models/user.go that relate to ssh_key to ssh_key - split ssh_key.go to try create clearer function domains for allow for future refactors here. Signed-off-by: Andrew Thornton <art27@cantab.net> 2021-07-24 10:16:34 +00:00			`"code.gitea.io/gitea/services/auth/source/oauth2"`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 04:05:00 +00:00			`)`

			`const (`
			`tplSettingsSecurity base.TplName = "user/settings/security"`
			`tplSettingsTwofaEnroll base.TplName = "user/settings/twofa_enroll"`
			`)`

			`// Security render change user's password page and 2FA`
			`func Security(ctx *context.Context) {`
			`ctx.Data["Title"] = ctx.Tr("settings")`
			`ctx.Data["PageIsSettingsSecurity"] = true`
load U2F js only on pages which need it (#11585) * load U2F js only on pages which need it * Update templates/base/head.tmpl 2021-01-20 21:17:46 +00:00			`ctx.Data["RequireU2F"] = true`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 04:05:00 +00:00
Rename context.Query to context.Form (#16562) 2021-07-29 01:42:15 +00:00			`if ctx.Form("openid.return_to") != "" {`
fix missing data on redirects (#3975) 2018-06-18 18:24:45 +00:00			`settingsOpenIDVerify(ctx)`
			`return`
			`}`

			`loadSecurityData(ctx)`

[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 2021-04-05 15:30:52 +00:00			`ctx.HTML(http.StatusOK, tplSettingsSecurity)`
fix missing data on redirects (#3975) 2018-06-18 18:24:45 +00:00			`}`

			`// DeleteAccountLink delete a single account link`
			`func DeleteAccountLink(ctx *context.Context) {`
Rename context.Query to context.Form (#16562) 2021-07-29 01:42:15 +00:00			`id := ctx.FormInt64("id")`
fix bug when deleting a linked account will removed all (#5989) 2019-02-07 06:51:23 +00:00			`if id <= 0 {`
			`ctx.Flash.Error("Account link id is not given")`
fix missing data on redirects (#3975) 2018-06-18 18:24:45 +00:00			`} else {`
fix bug when deleting a linked account will removed all (#5989) 2019-02-07 06:51:23 +00:00			`if _, err := models.RemoveAccountLink(ctx.User, id); err != nil {`
			`ctx.Flash.Error("RemoveAccountLink: " + err.Error())`
			`} else {`
			`ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))`
			`}`
fix missing data on redirects (#3975) 2018-06-18 18:24:45 +00:00			`}`

[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 2021-04-05 15:30:52 +00:00			`ctx.JSON(http.StatusOK, map[string]interface{}{`
fix missing data on redirects (#3975) 2018-06-18 18:24:45 +00:00			`"redirect": setting.AppSubURL + "/user/settings/security",`
			`})`
			`}`

			`func loadSecurityData(ctx *context.Context) {`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 04:05:00 +00:00			`enrolled := true`
			`_, err := models.GetTwoFactorByUID(ctx.User.ID)`
			`if err != nil {`
			`if models.IsErrTwoFactorNotEnrolled(err) {`
			`enrolled = false`
			`} else {`
			`ctx.ServerError("SettingsTwoFactor", err)`
			`return`
			`}`
			`}`
			`ctx.Data["TwofaEnrolled"] = enrolled`
Add support for FIDO U2F (#3971) * Add support for U2F Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add vendor library Add missing translations Signed-off-by: Jonas Franz <info@jonasfranz.software> * Minor improvements Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library Add U2F error handling Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F login page to OAuth Signed-off-by: Jonas Franz <info@jonasfranz.software> * Move U2F user settings to a separate file Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add unit tests for u2f model Renamed u2f table name Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix problems caused by refactoring Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F documentation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Remove not needed console.log-s Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add default values to app.ini.sample Add FIDO U2F to comparison Signed-off-by: Jonas Franz <info@jonasfranz.software> 2018-05-19 14:12:37 +00:00			`if enrolled {`
			`ctx.Data["U2FRegistrations"], err = models.GetU2FRegistrationsByUID(ctx.User.ID)`
			`if err != nil {`
			`ctx.ServerError("GetU2FRegistrationsByUID", err)`
			`return`
			`}`
			`}`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 04:05:00 +00:00
[API] Delete Token accept names too (#12366) * Delete Token accept names too * better description Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> 2020-08-28 08:09:33 +00:00			`tokens, err := models.ListAccessTokens(models.ListAccessTokensOptions{UserID: ctx.User.ID})`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 04:05:00 +00:00			`if err != nil {`
			`ctx.ServerError("ListAccessTokens", err)`
			`return`
			`}`
			`ctx.Data["Tokens"] = tokens`

			`accountLinks, err := models.ListAccountLinks(ctx.User)`
			`if err != nil {`
			`ctx.ServerError("ListAccountLinks", err)`
			`return`
			`}`

			`// map the provider display name with the LoginSource`
			`sources := make(map[*models.LoginSource]string)`
			`for _, externalAccount := range accountLinks {`
			`if loginSource, err := models.GetLoginSourceByID(externalAccount.LoginSourceID); err == nil {`
			`var providerDisplayName string`
			`if loginSource.IsOAuth2() {`
Refactor: Move login out of models (#16199) `models` does far too much. In particular it handles all `UserSignin`. It shouldn't be responsible for calling LDAP, SMTP or PAM for signing in. Therefore we should move this code out of `models`. This code has to depend on `models` - therefore it belongs in `services`. There is a package in `services` called `auth` and clearly this functionality belongs in there. Plan: - [x] Change `auth.Auth` to `auth.Method` - as they represent methods of authentication. - [x] Move `models.UserSignIn` into `auth` - [x] Move `models.ExternalUserLogin` - [x] Move most of the `LoginVia` methods to `auth` or subpackages - [x] Move Resynchronize functionality to `auth` - Involved some restructuring of `models/ssh_key.go` to reduce the size of this massive file and simplify its files. - [x] Move the rest of the LDAP functionality in to the ldap subpackage - [x] Re-factor the login sources to express an interfaces `auth.Source`? - I've done this through some smaller interfaces Authenticator and Synchronizable - which would allow us to extend things in future - [x] Now LDAP is out of models - need to think about modules/auth/ldap and I think all of that functionality might just be moveable - [x] Similarly a lot Oauth2 functionality need not be in models too and should be moved to services/auth/source/oauth2 - [x] modules/auth/oauth2/oauth2.go uses xorm... This is naughty - probably need to move this into models. - [x] models/oauth2.go - mostly should be in modules/auth/oauth2 or services/auth/source/oauth2 - [x] More simplifications of login_source.go may need to be done - Allow wiring in of notify registration - this can now easily be done - but I think we should do it in another PR* - see #16178 - More refactors...? - OpenID should probably become an auth Method but I think that can be left for another PR - Methods should also probably be cleaned up - again another PR I think. - SSPI still needs more refactors.* Rename auth.Auth auth.Method * Restructure ssh_key.go - move functions from models/user.go that relate to ssh_key to ssh_key - split ssh_key.go to try create clearer function domains for allow for future refactors here. Signed-off-by: Andrew Thornton <art27@cantab.net> 2021-07-24 10:16:34 +00:00			`providerTechnicalName := loginSource.Cfg.(*oauth2.Source).Provider`
			`providerDisplayName = oauth2.Providers[providerTechnicalName].DisplayName`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 04:05:00 +00:00			`} else {`
			`providerDisplayName = loginSource.Name`
			`}`
			`sources[loginSource] = providerDisplayName`
			`}`
			`}`
			`ctx.Data["AccountLinks"] = sources`

			`openid, err := models.GetUserOpenIDs(ctx.User.ID)`
			`if err != nil {`
			`ctx.ServerError("GetUserOpenIDs", err)`
			`return`
			`}`
			`ctx.Data["OpenIDs"] = openid`
			`}`