| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | // Copyright 2019 The Gitea Authors. All rights reserved. | 
					
						
							| 
									
										
										
										
											2022-11-27 13:20:29 -05:00
										 |  |  | // SPDX-License-Identifier: MIT | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | package auth | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							|  |  |  | 	"errors" | 
					
						
							| 
									
										
										
										
											2023-09-01 12:15:39 -04:00
										 |  |  | 	"fmt" | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 	"net/http" | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	"code.gitea.io/gitea/models/auth" | 
					
						
							|  |  |  | 	user_model "code.gitea.io/gitea/models/user" | 
					
						
							| 
									
										
										
										
											2023-02-19 07:35:20 +00:00
										 |  |  | 	"code.gitea.io/gitea/modules/auth/password" | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 	"code.gitea.io/gitea/modules/base" | 
					
						
							|  |  |  | 	"code.gitea.io/gitea/modules/log" | 
					
						
							| 
									
										
										
										
											2024-02-04 14:29:09 +01:00
										 |  |  | 	"code.gitea.io/gitea/modules/optional" | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 	"code.gitea.io/gitea/modules/setting" | 
					
						
							|  |  |  | 	"code.gitea.io/gitea/modules/timeutil" | 
					
						
							|  |  |  | 	"code.gitea.io/gitea/modules/web" | 
					
						
							|  |  |  | 	"code.gitea.io/gitea/modules/web/middleware" | 
					
						
							| 
									
										
										
										
											2024-02-27 15:12:22 +08:00
										 |  |  | 	"code.gitea.io/gitea/services/context" | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 	"code.gitea.io/gitea/services/forms" | 
					
						
							|  |  |  | 	"code.gitea.io/gitea/services/mailer" | 
					
						
							| 
									
										
										
										
											2024-02-04 14:29:09 +01:00
										 |  |  | 	user_service "code.gitea.io/gitea/services/user" | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | var ( | 
					
						
							|  |  |  | 	// tplMustChangePassword template for updating a user's password | 
					
						
							|  |  |  | 	tplMustChangePassword base.TplName = "user/auth/change_passwd" | 
					
						
							|  |  |  | 	tplForgotPassword     base.TplName = "user/auth/forgot_passwd" | 
					
						
							|  |  |  | 	tplResetPassword      base.TplName = "user/auth/reset_passwd" | 
					
						
							|  |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // ForgotPasswd render the forget password page | 
					
						
							|  |  |  | func ForgotPasswd(ctx *context.Context) { | 
					
						
							|  |  |  | 	ctx.Data["Title"] = ctx.Tr("auth.forgot_password_title") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if setting.MailService == nil { | 
					
						
							| 
									
										
										
										
											2024-02-15 05:48:45 +08:00
										 |  |  | 		log.Warn("no mail service configured") | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 		ctx.Data["IsResetDisable"] = true | 
					
						
							|  |  |  | 		ctx.HTML(http.StatusOK, tplForgotPassword) | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	ctx.Data["Email"] = ctx.FormString("email") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	ctx.Data["IsResetRequest"] = true | 
					
						
							|  |  |  | 	ctx.HTML(http.StatusOK, tplForgotPassword) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // ForgotPasswdPost response for forget password request | 
					
						
							|  |  |  | func ForgotPasswdPost(ctx *context.Context) { | 
					
						
							|  |  |  | 	ctx.Data["Title"] = ctx.Tr("auth.forgot_password_title") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if setting.MailService == nil { | 
					
						
							|  |  |  | 		ctx.NotFound("ForgotPasswdPost", nil) | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	ctx.Data["IsResetRequest"] = true | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	email := ctx.FormString("email") | 
					
						
							|  |  |  | 	ctx.Data["Email"] = email | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
											  
											
												Add context cache as a request level cache (#22294)
To avoid duplicated load of the same data in an HTTP request, we can set
a context cache to do that. i.e. Some pages may load a user from a
database with the same id in different areas on the same page. But the
code is hidden in two different deep logic. How should we share the
user? As a result of this PR, now if both entry functions accept
`context.Context` as the first parameter and we just need to refactor
`GetUserByID` to reuse the user from the context cache. Then it will not
be loaded twice on an HTTP request.
But of course, sometimes we would like to reload an object from the
database, that's why `RemoveContextData` is also exposed.
The core context cache is here. It defines a new context
```go
type cacheContext struct {
	ctx  context.Context
	data map[any]map[any]any
        lock sync.RWMutex
}
var cacheContextKey = struct{}{}
func WithCacheContext(ctx context.Context) context.Context {
	return context.WithValue(ctx, cacheContextKey, &cacheContext{
		ctx:  ctx,
		data: make(map[any]map[any]any),
	})
}
```
Then you can use the below 4 methods to read/write/del the data within
the same context.
```go
func GetContextData(ctx context.Context, tp, key any) any
func SetContextData(ctx context.Context, tp, key, value any)
func RemoveContextData(ctx context.Context, tp, key any)
func GetWithContextCache[T any](ctx context.Context, cacheGroupKey string, cacheTargetID any, f func() (T, error)) (T, error)
```
Then let's take a look at how `system.GetString` implement it.
```go
func GetSetting(ctx context.Context, key string) (string, error) {
	return cache.GetWithContextCache(ctx, contextCacheKey, key, func() (string, error) {
		return cache.GetString(genSettingCacheKey(key), func() (string, error) {
			res, err := GetSettingNoCache(ctx, key)
			if err != nil {
				return "", err
			}
			return res.SettingValue, nil
		})
	})
}
```
First, it will check if context data include the setting object with the
key. If not, it will query from the global cache which may be memory or
a Redis cache. If not, it will get the object from the database. In the
end, if the object gets from the global cache or database, it will be
set into the context cache.
An object stored in the context cache will only be destroyed after the
context disappeared.
											
										 
											2023-02-15 21:37:34 +08:00
										 |  |  | 	u, err := user_model.GetUserByEmail(ctx, email) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		if user_model.IsErrUserNotExist(err) { | 
					
						
							| 
									
										
										
										
											2022-06-26 16:19:22 +02:00
										 |  |  | 			ctx.Data["ResetPwdCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ResetPwdCodeLives, ctx.Locale) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 			ctx.Data["IsResetSent"] = true | 
					
						
							|  |  |  | 			ctx.HTML(http.StatusOK, tplForgotPassword) | 
					
						
							|  |  |  | 			return | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		ctx.ServerError("user.ResetPasswd(check existence)", err) | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if !u.IsLocal() && !u.IsOAuth2() { | 
					
						
							|  |  |  | 		ctx.Data["Err_Email"] = true | 
					
						
							|  |  |  | 		ctx.RenderWithErr(ctx.Tr("auth.non_local_account"), tplForgotPassword, nil) | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-12-19 17:29:05 +08:00
										 |  |  | 	if ctx.Cache.IsExist("MailResendLimit_" + u.LowerName) { | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 		ctx.Data["ResendLimited"] = true | 
					
						
							|  |  |  | 		ctx.HTML(http.StatusOK, tplForgotPassword) | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	mailer.SendResetPasswordMail(u) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-12-19 17:29:05 +08:00
										 |  |  | 	if err = ctx.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil { | 
					
						
							|  |  |  | 		log.Error("Set cache(MailResendLimit) fail: %v", err) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-06-26 16:19:22 +02:00
										 |  |  | 	ctx.Data["ResetPwdCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ResetPwdCodeLives, ctx.Locale) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 	ctx.Data["IsResetSent"] = true | 
					
						
							|  |  |  | 	ctx.HTML(http.StatusOK, tplForgotPassword) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func commonResetPassword(ctx *context.Context) (*user_model.User, *auth.TwoFactor) { | 
					
						
							|  |  |  | 	code := ctx.FormString("code") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	ctx.Data["Title"] = ctx.Tr("auth.reset_password") | 
					
						
							|  |  |  | 	ctx.Data["Code"] = code | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-03-22 08:03:22 +01:00
										 |  |  | 	if nil != ctx.Doer { | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 		ctx.Data["user_signed_in"] = true | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if len(code) == 0 { | 
					
						
							| 
									
										
										
										
											2023-09-01 12:15:39 -04:00
										 |  |  | 		ctx.Flash.Error(ctx.Tr("auth.invalid_code_forgot_password", fmt.Sprintf("%s/user/forgot_password", setting.AppSubURL)), true) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 		return nil, nil | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	// Fail early, don't frustrate the user | 
					
						
							| 
									
										
										
										
											2023-09-14 19:09:32 +02:00
										 |  |  | 	u := user_model.VerifyUserActiveCode(ctx, code) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 	if u == nil { | 
					
						
							| 
									
										
										
										
											2023-09-01 12:15:39 -04:00
										 |  |  | 		ctx.Flash.Error(ctx.Tr("auth.invalid_code_forgot_password", fmt.Sprintf("%s/user/forgot_password", setting.AppSubURL)), true) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 		return nil, nil | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-15 08:13:19 +02:00
										 |  |  | 	twofa, err := auth.GetTwoFactorByUID(ctx, u.ID) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		if !auth.IsErrTwoFactorNotEnrolled(err) { | 
					
						
							|  |  |  | 			ctx.Error(http.StatusInternalServerError, "CommonResetPassword", err.Error()) | 
					
						
							|  |  |  | 			return nil, nil | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} else { | 
					
						
							|  |  |  | 		ctx.Data["has_two_factor"] = true | 
					
						
							|  |  |  | 		ctx.Data["scratch_code"] = ctx.FormBool("scratch_code") | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	// Show the user that they are affecting the account that they intended to | 
					
						
							|  |  |  | 	ctx.Data["user_email"] = u.Email | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-03-22 08:03:22 +01:00
										 |  |  | 	if nil != ctx.Doer && u.ID != ctx.Doer.ID { | 
					
						
							| 
									
										
										
										
											2023-09-01 12:15:39 -04:00
										 |  |  | 		ctx.Flash.Error(ctx.Tr("auth.reset_password_wrong_user", ctx.Doer.Email, u.Email), true) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 		return nil, nil | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	return u, twofa | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // ResetPasswd render the account recovery page | 
					
						
							|  |  |  | func ResetPasswd(ctx *context.Context) { | 
					
						
							|  |  |  | 	ctx.Data["IsResetForm"] = true | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	commonResetPassword(ctx) | 
					
						
							|  |  |  | 	if ctx.Written() { | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	ctx.HTML(http.StatusOK, tplResetPassword) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // ResetPasswdPost response from account recovery request | 
					
						
							|  |  |  | func ResetPasswdPost(ctx *context.Context) { | 
					
						
							|  |  |  | 	u, twofa := commonResetPassword(ctx) | 
					
						
							|  |  |  | 	if ctx.Written() { | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if u == nil { | 
					
						
							|  |  |  | 		// Flash error has been set | 
					
						
							|  |  |  | 		ctx.HTML(http.StatusOK, tplResetPassword) | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	// Handle two-factor | 
					
						
							|  |  |  | 	regenerateScratchToken := false | 
					
						
							|  |  |  | 	if twofa != nil { | 
					
						
							|  |  |  | 		if ctx.FormBool("scratch_code") { | 
					
						
							|  |  |  | 			if !twofa.VerifyScratchToken(ctx.FormString("token")) { | 
					
						
							|  |  |  | 				ctx.Data["IsResetForm"] = true | 
					
						
							|  |  |  | 				ctx.Data["Err_Token"] = true | 
					
						
							|  |  |  | 				ctx.RenderWithErr(ctx.Tr("auth.twofa_scratch_token_incorrect"), tplResetPassword, nil) | 
					
						
							|  |  |  | 				return | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			regenerateScratchToken = true | 
					
						
							|  |  |  | 		} else { | 
					
						
							|  |  |  | 			passcode := ctx.FormString("passcode") | 
					
						
							|  |  |  | 			ok, err := twofa.ValidateTOTP(passcode) | 
					
						
							|  |  |  | 			if err != nil { | 
					
						
							|  |  |  | 				ctx.Error(http.StatusInternalServerError, "ValidateTOTP", err.Error()) | 
					
						
							|  |  |  | 				return | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			if !ok || twofa.LastUsedPasscode == passcode { | 
					
						
							|  |  |  | 				ctx.Data["IsResetForm"] = true | 
					
						
							|  |  |  | 				ctx.Data["Err_Passcode"] = true | 
					
						
							|  |  |  | 				ctx.RenderWithErr(ctx.Tr("auth.twofa_passcode_incorrect"), tplResetPassword, nil) | 
					
						
							|  |  |  | 				return | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 			twofa.LastUsedPasscode = passcode | 
					
						
							| 
									
										
										
										
											2023-09-15 08:13:19 +02:00
										 |  |  | 			if err = auth.UpdateTwoFactor(ctx, twofa); err != nil { | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 				ctx.ServerError("ResetPasswdPost: UpdateTwoFactor", err) | 
					
						
							|  |  |  | 				return | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2024-02-04 14:29:09 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	opts := &user_service.UpdateAuthOptions{ | 
					
						
							|  |  |  | 		Password:           optional.Some(ctx.FormString("password")), | 
					
						
							|  |  |  | 		MustChangePassword: optional.Some(false), | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2024-02-21 12:57:22 +08:00
										 |  |  | 	if err := user_service.UpdateAuth(ctx, u, opts); err != nil { | 
					
						
							| 
									
										
										
										
											2024-02-04 14:29:09 +01:00
										 |  |  | 		ctx.Data["IsResetForm"] = true | 
					
						
							|  |  |  | 		ctx.Data["Err_Password"] = true | 
					
						
							|  |  |  | 		switch { | 
					
						
							|  |  |  | 		case errors.Is(err, password.ErrMinLength): | 
					
						
							|  |  |  | 			ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplResetPassword, nil) | 
					
						
							|  |  |  | 		case errors.Is(err, password.ErrComplexity): | 
					
						
							|  |  |  | 			ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplResetPassword, nil) | 
					
						
							|  |  |  | 		case errors.Is(err, password.ErrIsPwned): | 
					
						
							|  |  |  | 			ctx.RenderWithErr(ctx.Tr("auth.password_pwned"), tplResetPassword, nil) | 
					
						
							|  |  |  | 		case password.IsErrIsPwnedRequest(err): | 
					
						
							|  |  |  | 			ctx.RenderWithErr(ctx.Tr("auth.password_pwned_err"), tplResetPassword, nil) | 
					
						
							|  |  |  | 		default: | 
					
						
							|  |  |  | 			ctx.ServerError("UpdateAuth", err) | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	log.Trace("User password reset: %s", u.Name) | 
					
						
							|  |  |  | 	ctx.Data["IsResetFailed"] = true | 
					
						
							|  |  |  | 	remember := len(ctx.FormString("remember")) != 0 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if regenerateScratchToken { | 
					
						
							|  |  |  | 		// Invalidate the scratch token. | 
					
						
							| 
									
										
										
										
											2024-02-04 14:29:09 +01:00
										 |  |  | 		_, err := twofa.GenerateScratchToken() | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			ctx.ServerError("UserSignIn", err) | 
					
						
							|  |  |  | 			return | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2023-09-15 08:13:19 +02:00
										 |  |  | 		if err = auth.UpdateTwoFactor(ctx, twofa); err != nil { | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 			ctx.ServerError("UserSignIn", err) | 
					
						
							|  |  |  | 			return | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		handleSignInFull(ctx, u, remember, false) | 
					
						
							|  |  |  | 		if ctx.Written() { | 
					
						
							|  |  |  | 			return | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		ctx.Flash.Info(ctx.Tr("auth.twofa_scratch_used")) | 
					
						
							|  |  |  | 		ctx.Redirect(setting.AppSubURL + "/user/settings/security") | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	handleSignIn(ctx, u, remember) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // MustChangePassword renders the page to change a user's password | 
					
						
							|  |  |  | func MustChangePassword(ctx *context.Context) { | 
					
						
							|  |  |  | 	ctx.Data["Title"] = ctx.Tr("auth.must_change_password") | 
					
						
							|  |  |  | 	ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/settings/change_password" | 
					
						
							|  |  |  | 	ctx.Data["MustChangePassword"] = true | 
					
						
							|  |  |  | 	ctx.HTML(http.StatusOK, tplMustChangePassword) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-06-26 00:50:12 +02:00
										 |  |  | // MustChangePasswordPost response for updating a user's password after their | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | // account was created by an admin | 
					
						
							|  |  |  | func MustChangePasswordPost(ctx *context.Context) { | 
					
						
							|  |  |  | 	form := web.GetForm(ctx).(*forms.MustChangePasswordForm) | 
					
						
							|  |  |  | 	ctx.Data["Title"] = ctx.Tr("auth.must_change_password") | 
					
						
							|  |  |  | 	ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/settings/change_password" | 
					
						
							|  |  |  | 	if ctx.HasError() { | 
					
						
							|  |  |  | 		ctx.HTML(http.StatusOK, tplMustChangePassword) | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2024-02-04 14:29:09 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 	// Make sure only requests for users who are eligible to change their password via | 
					
						
							|  |  |  | 	// this method passes through | 
					
						
							| 
									
										
										
										
											2024-02-04 14:29:09 +01:00
										 |  |  | 	if !ctx.Doer.MustChangePassword { | 
					
						
							|  |  |  | 		ctx.ServerError("MustUpdatePassword", errors.New("cannot update password. Please visit the settings page")) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	if form.Password != form.Retype { | 
					
						
							|  |  |  | 		ctx.Data["Err_Password"] = true | 
					
						
							|  |  |  | 		ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplMustChangePassword, &form) | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-02-04 14:29:09 +01:00
										 |  |  | 	opts := &user_service.UpdateAuthOptions{ | 
					
						
							|  |  |  | 		Password:           optional.Some(form.Password), | 
					
						
							|  |  |  | 		MustChangePassword: optional.Some(false), | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2024-02-04 14:29:09 +01:00
										 |  |  | 	if err := user_service.UpdateAuth(ctx, ctx.Doer, opts); err != nil { | 
					
						
							|  |  |  | 		switch { | 
					
						
							|  |  |  | 		case errors.Is(err, password.ErrMinLength): | 
					
						
							|  |  |  | 			ctx.Data["Err_Password"] = true | 
					
						
							|  |  |  | 			ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplMustChangePassword, &form) | 
					
						
							|  |  |  | 		case errors.Is(err, password.ErrComplexity): | 
					
						
							|  |  |  | 			ctx.Data["Err_Password"] = true | 
					
						
							|  |  |  | 			ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplMustChangePassword, &form) | 
					
						
							|  |  |  | 		case errors.Is(err, password.ErrIsPwned): | 
					
						
							|  |  |  | 			ctx.Data["Err_Password"] = true | 
					
						
							|  |  |  | 			ctx.RenderWithErr(ctx.Tr("auth.password_pwned"), tplMustChangePassword, &form) | 
					
						
							|  |  |  | 		case password.IsErrIsPwnedRequest(err): | 
					
						
							|  |  |  | 			ctx.Data["Err_Password"] = true | 
					
						
							|  |  |  | 			ctx.RenderWithErr(ctx.Tr("auth.password_pwned_err"), tplMustChangePassword, &form) | 
					
						
							|  |  |  | 		default: | 
					
						
							|  |  |  | 			ctx.ServerError("UpdateAuth", err) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 		} | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	ctx.Flash.Success(ctx.Tr("settings.change_password_success")) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-02-04 14:29:09 +01:00
										 |  |  | 	log.Trace("User updated password: %s", ctx.Doer.Name) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-04-15 13:03:08 +00:00
										 |  |  | 	redirectTo := ctx.GetSiteCookie("redirect_to") | 
					
						
							|  |  |  | 	if redirectTo != "" { | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | 		middleware.DeleteRedirectToCookie(ctx.Resp) | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2024-04-15 13:03:08 +00:00
										 |  |  | 	ctx.RedirectToFirst(redirectTo) | 
					
						
							| 
									
										
										
										
											2022-01-02 21:12:35 +08:00
										 |  |  | } |