// Copyright 2015 The Gogs Authors. All rights reserved. // Copyright 2019 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. package admin import ( "errors" "fmt" "net/http" "strings" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/convert" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/password" "code.gitea.io/gitea/modules/setting" api "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/web" "code.gitea.io/gitea/routers/api/v1/user" "code.gitea.io/gitea/routers/api/v1/utils" "code.gitea.io/gitea/services/mailer" ) func parseLoginSource(ctx *context.APIContext, u *models.User, sourceID int64, loginName string) { if sourceID == 0 { return } source, err := models.GetLoginSourceByID(sourceID) if err != nil { if models.IsErrLoginSourceNotExist(err) { ctx.Error(http.StatusUnprocessableEntity, "", err) } else { ctx.Error(http.StatusInternalServerError, "GetLoginSourceByID", err) } return } u.LoginType = source.Type u.LoginSource = source.ID u.LoginName = loginName } // CreateUser create a user func CreateUser(ctx *context.APIContext) { // swagger:operation POST /admin/users admin adminCreateUser // --- // summary: Create a user // consumes: // - application/json // produces: // - application/json // parameters: // - name: body // in: body // schema: // "$ref": "#/definitions/CreateUserOption" // responses: // "201": // "$ref": "#/responses/User" // "400": // "$ref": "#/responses/error" // "403": // "$ref": "#/responses/forbidden" // "422": // "$ref": "#/responses/validationError" form := web.GetForm(ctx).(*api.CreateUserOption) u := &models.User{ Name: form.Username, FullName: form.FullName, Email: form.Email, Passwd: form.Password, MustChangePassword: true, IsActive: true, LoginType: models.LoginPlain, } if form.MustChangePassword != nil { u.MustChangePassword = *form.MustChangePassword } parseLoginSource(ctx, u, form.SourceID, form.LoginName) if ctx.Written() { return } if !password.IsComplexEnough(form.Password) { err := errors.New("PasswordComplexity") ctx.Error(http.StatusBadRequest, "PasswordComplexity", err) return } pwned, err := password.IsPwned(ctx, form.Password) if pwned { if err != nil { log.Error(err.Error()) } ctx.Data["Err_Password"] = true ctx.Error(http.StatusBadRequest, "PasswordPwned", errors.New("PasswordPwned")) return } var overwriteDefault *models.CreateUserOverwriteOptions if form.Visibility != "" { overwriteDefault = &models.CreateUserOverwriteOptions{ Visibility: api.VisibilityModes[form.Visibility], } } if err := models.CreateUser(u, overwriteDefault); err != nil { if models.IsErrUserAlreadyExist(err) || models.IsErrEmailAlreadyUsed(err) || models.IsErrNameReserved(err) || models.IsErrNameCharsNotAllowed(err) || models.IsErrEmailInvalid(err) || models.IsErrNamePatternNotAllowed(err) { ctx.Error(http.StatusUnprocessableEntity, "", err) } else { ctx.Error(http.StatusInternalServerError, "CreateUser", err) } return } log.Trace("Account created by admin (%s): %s", ctx.User.Name, u.Name) // Send email notification. if form.SendNotify { mailer.SendRegisterNotifyMail(u) } ctx.JSON(http.StatusCreated, convert.ToUser(u, ctx.User)) } // EditUser api for modifying a user's information func EditUser(ctx *context.APIContext) { // swagger:operation PATCH /admin/users/{username} admin adminEditUser // --- // summary: Edit an existing user // consumes: // - application/json // produces: // - application/json // parameters: // - name: username // in: path // description: username of user to edit // type: string // required: true // - name: body // in: body // schema: // "$ref": "#/definitions/EditUserOption" // responses: // "200": // "$ref": "#/responses/User" // "403": // "$ref": "#/responses/forbidden" // "422": // "$ref": "#/responses/validationError" form := web.GetForm(ctx).(*api.EditUserOption) u := user.GetUserByParams(ctx) if ctx.Written() { return } parseLoginSource(ctx, u, form.SourceID, form.LoginName) if ctx.Written() { return } if len(form.Password) != 0 { if len(form.Password) < setting.MinPasswordLength { ctx.Error(http.StatusBadRequest, "PasswordTooShort", fmt.Errorf("password must be at least %d characters", setting.MinPasswordLength)) return } if !password.IsComplexEnough(form.Password) { err := errors.New("PasswordComplexity") ctx.Error(http.StatusBadRequest, "PasswordComplexity", err) return } pwned, err := password.IsPwned(ctx, form.Password) if pwned { if err != nil { log.Error(err.Error()) } ctx.Data["Err_Password"] = true ctx.Error(http.StatusBadRequest, "PasswordPwned", errors.New("PasswordPwned")) return } if u.Salt, err = models.GetUserSalt(); err != nil { ctx.Error(http.StatusInternalServerError, "UpdateUser", err) return } if err = u.SetPassword(form.Password); err != nil { ctx.InternalServerError(err) return } } if form.MustChangePassword != nil { u.MustChangePassword = *form.MustChangePassword } u.LoginName = form.LoginName if form.FullName != nil { u.FullName = *form.FullName } var emailChanged bool if form.Email != nil { email := strings.TrimSpace(*form.Email) if len(email) == 0 { ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("email is not allowed to be empty string")) return } if err := models.ValidateEmail(email); err != nil { ctx.InternalServerError(err) return } emailChanged = !strings.EqualFold(u.Email, email) u.Email = email } if form.Website != nil { u.Website = *form.Website } if form.Location != nil { u.Location = *form.Location } if form.Description != nil { u.Description = *form.Description } if form.Active != nil { u.IsActive = *form.Active } if len(form.Visibility) != 0 { u.Visibility = api.VisibilityModes[form.Visibility] } if form.Admin != nil { u.IsAdmin = *form.Admin } if form.AllowGitHook != nil { u.AllowGitHook = *form.AllowGitHook } if form.AllowImportLocal != nil { u.AllowImportLocal = *form.AllowImportLocal } if form.MaxRepoCreation != nil { u.MaxRepoCreation = *form.MaxRepoCreation } if form.AllowCreateOrganization != nil { u.AllowCreateOrganization = *form.AllowCreateOrganization } if form.ProhibitLogin != nil { u.ProhibitLogin = *form.ProhibitLogin } if form.Restricted != nil { u.IsRestricted = *form.Restricted } if err := models.UpdateUser(u, emailChanged); err != nil { if models.IsErrEmailAlreadyUsed(err) || models.IsErrEmailInvalid(err) { ctx.Error(http.StatusUnprocessableEntity, "", err) } else { ctx.Error(http.StatusInternalServerError, "UpdateUser", err) } return } log.Trace("Account profile updated by admin (%s): %s", ctx.User.Name, u.Name) ctx.JSON(http.StatusOK, convert.ToUser(u, ctx.User)) } // DeleteUser api for deleting a user func DeleteUser(ctx *context.APIContext) { // swagger:operation DELETE /admin/users/{username} admin adminDeleteUser // --- // summary: Delete a user // produces: // - application/json // parameters: // - name: username // in: path // description: username of user to delete // type: string // required: true // responses: // "204": // "$ref": "#/responses/empty" // "403": // "$ref": "#/responses/forbidden" // "422": // "$ref": "#/responses/validationError" u := user.GetUserByParams(ctx) if ctx.Written() { return } if u.IsOrganization() { ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("%s is an organization not a user", u.Name)) return } if err := models.DeleteUser(u); err != nil { if models.IsErrUserOwnRepos(err) || models.IsErrUserHasOrgs(err) { ctx.Error(http.StatusUnprocessableEntity, "", err) } else { ctx.Error(http.StatusInternalServerError, "DeleteUser", err) } return } log.Trace("Account deleted by admin(%s): %s", ctx.User.Name, u.Name) ctx.Status(http.StatusNoContent) } // CreatePublicKey api for creating a public key to a user func CreatePublicKey(ctx *context.APIContext) { // swagger:operation POST /admin/users/{username}/keys admin adminCreatePublicKey // --- // summary: Add a public key on behalf of a user // consumes: // - application/json // produces: // - application/json // parameters: // - name: username // in: path // description: username of the user // type: string // required: true // - name: key // in: body // schema: // "$ref": "#/definitions/CreateKeyOption" // responses: // "201": // "$ref": "#/responses/PublicKey" // "403": // "$ref": "#/responses/forbidden" // "422": // "$ref": "#/responses/validationError" form := web.GetForm(ctx).(*api.CreateKeyOption) u := user.GetUserByParams(ctx) if ctx.Written() { return } user.CreateUserPublicKey(ctx, *form, u.ID) } // DeleteUserPublicKey api for deleting a user's public key func DeleteUserPublicKey(ctx *context.APIContext) { // swagger:operation DELETE /admin/users/{username}/keys/{id} admin adminDeleteUserPublicKey // --- // summary: Delete a user's public key // produces: // - application/json // parameters: // - name: username // in: path // description: username of user // type: string // required: true // - name: id // in: path // description: id of the key to delete // type: integer // format: int64 // required: true // responses: // "204": // "$ref": "#/responses/empty" // "403": // "$ref": "#/responses/forbidden" // "404": // "$ref": "#/responses/notFound" u := user.GetUserByParams(ctx) if ctx.Written() { return } if err := models.DeletePublicKey(u, ctx.ParamsInt64(":id")); err != nil { if models.IsErrKeyNotExist(err) { ctx.NotFound() } else if models.IsErrKeyAccessDenied(err) { ctx.Error(http.StatusForbidden, "", "You do not have access to this key") } else { ctx.Error(http.StatusInternalServerError, "DeleteUserPublicKey", err) } return } log.Trace("Key deleted by admin(%s): %s", ctx.User.Name, u.Name) ctx.Status(http.StatusNoContent) } //GetAllUsers API for getting information of all the users func GetAllUsers(ctx *context.APIContext) { // swagger:operation GET /admin/users admin adminGetAllUsers // --- // summary: List all users // produces: // - application/json // parameters: // - name: page // in: query // description: page number of results to return (1-based) // type: integer // - name: limit // in: query // description: page size of results // type: integer // responses: // "200": // "$ref": "#/responses/UserList" // "403": // "$ref": "#/responses/forbidden" listOptions := utils.GetListOptions(ctx) users, maxResults, err := models.SearchUsers(&models.SearchUserOptions{ Actor: ctx.User, Type: models.UserTypeIndividual, OrderBy: models.SearchOrderByAlphabetically, ListOptions: listOptions, }) if err != nil { ctx.Error(http.StatusInternalServerError, "GetAllUsers", err) return } results := make([]*api.User, len(users)) for i := range users { results[i] = convert.ToUser(users[i], ctx.User) } ctx.SetLinkHeader(int(maxResults), listOptions.PageSize) ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", maxResults)) ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link") ctx.JSON(http.StatusOK, &results) }