oss/forgejo
oss/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-10-05 19:30:58 +00:00
Code Wiki Activity
forgejo/routers/web/auth/password.go

329 lines
9.7 KiB
Go
Raw Normal View History

Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
// Copyright 2019 The Gitea Authors. All rights reserved.
Implement FSFE REUSE for golang files (#21840) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-11-27 13:20:29 -05:00
// SPDX-License-Identifier: MIT
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
package auth
import (
"errors"
Add more descriptive error on forgot password page (#26848) ## Changes - Forces flashed error to render immediately when forgot password code is incorrect or has expired. - Adds a link back to the `forgot_password` page so that the user can restart the process (in the event that their link has expired)
2023-09-01 12:15:39 -04:00
"fmt"
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
"net/http"
chore: branding import path (#7337) - Massive replacement of changing `code.gitea.io/gitea` to `forgejo.org`. - Resolves forgejo/discussions#258 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7337 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Beowulf <beowulf@beocode.eu> Reviewed-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-03-27 19:40:14 +00:00
"forgejo.org/models/auth"
user_model "forgejo.org/models/user"
"forgejo.org/modules/auth/password"
"forgejo.org/modules/base"
"forgejo.org/modules/log"
"forgejo.org/modules/optional"
"forgejo.org/modules/setting"
"forgejo.org/modules/timeutil"
"forgejo.org/modules/web"
"forgejo.org/modules/web/middleware"
"forgejo.org/services/context"
"forgejo.org/services/forms"
"forgejo.org/services/mailer"
user_service "forgejo.org/services/user"
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
)
var (
// tplMustChangePassword template for updating a user's password
tplMustChangePassword base.TplName = "user/auth/change_passwd"
tplForgotPassword base.TplName = "user/auth/forgot_passwd"
tplResetPassword base.TplName = "user/auth/reset_passwd"
)
// ForgotPasswd render the forget password page
func ForgotPasswd(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("auth.forgot_password_title")
if setting.MailService == nil {
Refactor locale&string&template related code (#29165) Clarify when "string" should be used (and be escaped), and when "template.HTML" should be used (no need to escape) And help PRs like #29059 , to render the error messages correctly. (cherry picked from commit f3eb835886031df7a562abc123c3f6011c81eca8) Conflicts: modules/web/middleware/binding.go routers/web/feed/convert.go tests/integration/branches_test.go tests/integration/repo_branch_test.go trivial context conflicts
2024-02-15 05:48:45 +08:00
log.Warn("no mail service configured")
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
ctx.Data["IsResetDisable"] = true
ctx.HTML(http.StatusOK, tplForgotPassword)
return
}
ctx.Data["Email"] = ctx.FormString("email")
ctx.Data["IsResetRequest"] = true
ctx.HTML(http.StatusOK, tplForgotPassword)
}
// ForgotPasswdPost response for forget password request
func ForgotPasswdPost(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("auth.forgot_password_title")
if setting.MailService == nil {
ctx.NotFound("ForgotPasswdPost", nil)
return
}
ctx.Data["IsResetRequest"] = true
email := ctx.FormString("email")
ctx.Data["Email"] = email
Add context cache as a request level cache (#22294) To avoid duplicated load of the same data in an HTTP request, we can set a context cache to do that. i.e. Some pages may load a user from a database with the same id in different areas on the same page. But the code is hidden in two different deep logic. How should we share the user? As a result of this PR, now if both entry functions accept `context.Context` as the first parameter and we just need to refactor `GetUserByID` to reuse the user from the context cache. Then it will not be loaded twice on an HTTP request. But of course, sometimes we would like to reload an object from the database, that's why `RemoveContextData` is also exposed. The core context cache is here. It defines a new context ```go type cacheContext struct { ctx context.Context data map[any]map[any]any lock sync.RWMutex } var cacheContextKey = struct{}{} func WithCacheContext(ctx context.Context) context.Context { return context.WithValue(ctx, cacheContextKey, &cacheContext{ ctx: ctx, data: make(map[any]map[any]any), }) } ``` Then you can use the below 4 methods to read/write/del the data within the same context. ```go func GetContextData(ctx context.Context, tp, key any) any func SetContextData(ctx context.Context, tp, key, value any) func RemoveContextData(ctx context.Context, tp, key any) func GetWithContextCache[T any](ctx context.Context, cacheGroupKey string, cacheTargetID any, f func() (T, error)) (T, error) ``` Then let's take a look at how `system.GetString` implement it. ```go func GetSetting(ctx context.Context, key string) (string, error) { return cache.GetWithContextCache(ctx, contextCacheKey, key, func() (string, error) { return cache.GetString(genSettingCacheKey(key), func() (string, error) { res, err := GetSettingNoCache(ctx, key) if err != nil { return "", err } return res.SettingValue, nil }) }) } ``` First, it will check if context data include the setting object with the key. If not, it will query from the global cache which may be memory or a Redis cache. If not, it will get the object from the database. In the end, if the object gets from the global cache or database, it will be set into the context cache. An object stored in the context cache will only be destroyed after the context disappeared.
2023-02-15 21:37:34 +08:00
u, err := user_model.GetUserByEmail(ctx, email)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
if err != nil {
if user_model.IsErrUserNotExist(err) {
Make better use of i18n (#20096) * Prototyping * Start work on creating offsets * Modify tests * Start prototyping with actual MPH * Twiddle around * Twiddle around comments * Convert templates * Fix external languages * Fix latest translation * Fix some test * Tidy up code * Use simple map * go mod tidy * Move back to data structure - Uses less memory by creating for each language a map. * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * Add some comments * Fix tests * Try to fix tests * Use en-US as defacto fallback * Use correct slices * refactor (#4) * Remove TryTr, add log for missing translation key * Refactor i18n - Separate dev and production locale stores. - Allow for live-reloading in dev mode. Co-authored-by: zeripath <art27@cantab.net> * Fix live-reloading & check for errors * Make linter happy * live-reload with periodic check (#5) * Fix tests Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
2022-06-26 16:19:22 +02:00
ctx.Data["ResetPwdCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ResetPwdCodeLives, ctx.Locale)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
ctx.Data["IsResetSent"] = true
ctx.HTML(http.StatusOK, tplForgotPassword)
return
}
ctx.ServerError("user.ResetPasswd(check existence)", err)
return
}
if !u.IsLocal() && !u.IsOAuth2() {
ctx.Data["Err_Email"] = true
ctx.RenderWithErr(ctx.Tr("auth.non_local_account"), tplForgotPassword, nil)
return
}
Always enable caches (#28527) Nowadays, cache will be used on almost everywhere of Gitea and it cannot be disabled, otherwise some features will become unaviable. Then I think we can just remove the option for cache enable. That means cache cannot be disabled. But of course, we can still use cache configuration to set how should Gitea use the cache.
2023-12-19 17:29:05 +08:00
if ctx.Cache.IsExist("MailResendLimit_" + u.LowerName) {
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
ctx.Data["ResendLimited"] = true
ctx.HTML(http.StatusOK, tplForgotPassword)
return
}
fix: extend `forgejo_auth_token` table - Add a `purpose` column, this allows the `forgejo_auth_token` table to be used by other parts of Forgejo, while still enjoying the no-compromise architecture. - Remove the 'roll your own crypto' time limited code functions and migrate them to the `forgejo_auth_token` table. This migration ensures generated codes can only be used for their purpose and ensure they are invalidated after their usage by deleting it from the database, this also should help making auditing of the security code easier, as we're no longer trying to stuff a lot of data into a HMAC construction. -Helper functions are rewritten to ensure a safe-by-design approach to these tokens. - Add the `forgejo_auth_token` to dbconsistency doctor and add it to the `deleteUser` function. - TODO: Add cron job to delete expired authorization tokens. - Unit and integration tests added.
2024-08-11 05:13:01 +02:00
if err := mailer.SendResetPasswordMail(ctx, u); err != nil {
ctx.ServerError("SendResetPasswordMail", err)
return
}
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
Always enable caches (#28527) Nowadays, cache will be used on almost everywhere of Gitea and it cannot be disabled, otherwise some features will become unaviable. Then I think we can just remove the option for cache enable. That means cache cannot be disabled. But of course, we can still use cache configuration to set how should Gitea use the cache.
2023-12-19 17:29:05 +08:00
if err = ctx.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil {
log.Error("Set cache(MailResendLimit) fail: %v", err)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
}
Make better use of i18n (#20096) * Prototyping * Start work on creating offsets * Modify tests * Start prototyping with actual MPH * Twiddle around * Twiddle around comments * Convert templates * Fix external languages * Fix latest translation * Fix some test * Tidy up code * Use simple map * go mod tidy * Move back to data structure - Uses less memory by creating for each language a map. * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * Add some comments * Fix tests * Try to fix tests * Use en-US as defacto fallback * Use correct slices * refactor (#4) * Remove TryTr, add log for missing translation key * Refactor i18n - Separate dev and production locale stores. - Allow for live-reloading in dev mode. Co-authored-by: zeripath <art27@cantab.net> * Fix live-reloading & check for errors * Make linter happy * live-reload with periodic check (#5) * Fix tests Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
2022-06-26 16:19:22 +02:00
ctx.Data["ResetPwdCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ResetPwdCodeLives, ctx.Locale)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
ctx.Data["IsResetSent"] = true
ctx.HTML(http.StatusOK, tplForgotPassword)
}
fix: extend `forgejo_auth_token` table - Add a `purpose` column, this allows the `forgejo_auth_token` table to be used by other parts of Forgejo, while still enjoying the no-compromise architecture. - Remove the 'roll your own crypto' time limited code functions and migrate them to the `forgejo_auth_token` table. This migration ensures generated codes can only be used for their purpose and ensure they are invalidated after their usage by deleting it from the database, this also should help making auditing of the security code easier, as we're no longer trying to stuff a lot of data into a HMAC construction. -Helper functions are rewritten to ensure a safe-by-design approach to these tokens. - Add the `forgejo_auth_token` to dbconsistency doctor and add it to the `deleteUser` function. - TODO: Add cron job to delete expired authorization tokens. - Unit and integration tests added.
2024-08-11 05:13:01 +02:00
func commonResetPassword(ctx *context.Context, shouldDeleteToken bool) (*user_model.User, *auth.TwoFactor) {
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
code := ctx.FormString("code")
ctx.Data["Title"] = ctx.Tr("auth.reset_password")
ctx.Data["Code"] = code
Renamed ctx.User to ctx.Doer. (#19161) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-22 08:03:22 +01:00
if nil != ctx.Doer {
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
ctx.Data["user_signed_in"] = true
}
if len(code) == 0 {
Add more descriptive error on forgot password page (#26848) ## Changes - Forces flashed error to render immediately when forgot password code is incorrect or has expired. - Adds a link back to the `forgot_password` page so that the user can restart the process (in the event that their link has expired)
2023-09-01 12:15:39 -04:00
ctx.Flash.Error(ctx.Tr("auth.invalid_code_forgot_password", fmt.Sprintf("%s/user/forgot_password", setting.AppSubURL)), true)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
return nil, nil
}
// Fail early, don't frustrate the user
fix: delay deleting authorization token (#6937) - 1ce33aa38d1d258d14523ff2c7c2dbf339f22b74 extended the LTA table with a purpose column so it could be extended to other tokens. However some are single-use tokens and should be deleted after use. - This did not result in a good UX for activating user as they needed to also fill in their passwords and in the case that the password was incorrect the token would no longer be usable. - This patch modifies the code to allow for a little delay before deleting authorization tokens to do additional verification such as the password check. This cannot be done before the authorization token check as that the authorization token determines who the user is. - Resolves forgejo/forgejo#6912 - Adjusted existing unit test. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6937 Reviewed-by: Otto <otto@codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-02-17 11:09:33 +00:00
u, deleteToken, err := user_model.VerifyUserAuthorizationToken(ctx, code, auth.PasswordReset)
fix: extend `forgejo_auth_token` table - Add a `purpose` column, this allows the `forgejo_auth_token` table to be used by other parts of Forgejo, while still enjoying the no-compromise architecture. - Remove the 'roll your own crypto' time limited code functions and migrate them to the `forgejo_auth_token` table. This migration ensures generated codes can only be used for their purpose and ensure they are invalidated after their usage by deleting it from the database, this also should help making auditing of the security code easier, as we're no longer trying to stuff a lot of data into a HMAC construction. -Helper functions are rewritten to ensure a safe-by-design approach to these tokens. - Add the `forgejo_auth_token` to dbconsistency doctor and add it to the `deleteUser` function. - TODO: Add cron job to delete expired authorization tokens. - Unit and integration tests added.
2024-08-11 05:13:01 +02:00
if err != nil {
ctx.ServerError("VerifyUserAuthorizationToken", err)
return nil, nil
}
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
if u == nil {
Add more descriptive error on forgot password page (#26848) ## Changes - Forces flashed error to render immediately when forgot password code is incorrect or has expired. - Adds a link back to the `forgot_password` page so that the user can restart the process (in the event that their link has expired)
2023-09-01 12:15:39 -04:00
ctx.Flash.Error(ctx.Tr("auth.invalid_code_forgot_password", fmt.Sprintf("%s/user/forgot_password", setting.AppSubURL)), true)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
return nil, nil
}
fix: delay deleting authorization token (#6937) - 1ce33aa38d1d258d14523ff2c7c2dbf339f22b74 extended the LTA table with a purpose column so it could be extended to other tokens. However some are single-use tokens and should be deleted after use. - This did not result in a good UX for activating user as they needed to also fill in their passwords and in the case that the password was incorrect the token would no longer be usable. - This patch modifies the code to allow for a little delay before deleting authorization tokens to do additional verification such as the password check. This cannot be done before the authorization token check as that the authorization token determines who the user is. - Resolves forgejo/forgejo#6912 - Adjusted existing unit test. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6937 Reviewed-by: Otto <otto@codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-02-17 11:09:33 +00:00
if shouldDeleteToken {
if err := deleteToken(); err != nil {
ctx.ServerError("deleteToken", err)
return nil, nil
}
}
More refactoring of `db.DefaultContext` (#27083) Next step of #27065
2023-09-15 08:13:19 +02:00
twofa, err := auth.GetTwoFactorByUID(ctx, u.ID)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
if err != nil {
if !auth.IsErrTwoFactorNotEnrolled(err) {
ctx.Error(http.StatusInternalServerError, "CommonResetPassword", err.Error())
return nil, nil
}
} else {
ctx.Data["has_two_factor"] = true
ctx.Data["scratch_code"] = ctx.FormBool("scratch_code")
}
// Show the user that they are affecting the account that they intended to
ctx.Data["user_email"] = u.Email
Renamed ctx.User to ctx.Doer. (#19161) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-22 08:03:22 +01:00
if nil != ctx.Doer && u.ID != ctx.Doer.ID {
Add more descriptive error on forgot password page (#26848) ## Changes - Forces flashed error to render immediately when forgot password code is incorrect or has expired. - Adds a link back to the `forgot_password` page so that the user can restart the process (in the event that their link has expired)
2023-09-01 12:15:39 -04:00
ctx.Flash.Error(ctx.Tr("auth.reset_password_wrong_user", ctx.Doer.Email, u.Email), true)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
return nil, nil
}
return u, twofa
}
// ResetPasswd render the account recovery page
func ResetPasswd(ctx *context.Context) {
ctx.Data["IsResetForm"] = true
fix: extend `forgejo_auth_token` table - Add a `purpose` column, this allows the `forgejo_auth_token` table to be used by other parts of Forgejo, while still enjoying the no-compromise architecture. - Remove the 'roll your own crypto' time limited code functions and migrate them to the `forgejo_auth_token` table. This migration ensures generated codes can only be used for their purpose and ensure they are invalidated after their usage by deleting it from the database, this also should help making auditing of the security code easier, as we're no longer trying to stuff a lot of data into a HMAC construction. -Helper functions are rewritten to ensure a safe-by-design approach to these tokens. - Add the `forgejo_auth_token` to dbconsistency doctor and add it to the `deleteUser` function. - TODO: Add cron job to delete expired authorization tokens. - Unit and integration tests added.
2024-08-11 05:13:01 +02:00
commonResetPassword(ctx, false)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
if ctx.Written() {
return
}
ctx.HTML(http.StatusOK, tplResetPassword)
}
// ResetPasswdPost response from account recovery request
func ResetPasswdPost(ctx *context.Context) {
fix: extend `forgejo_auth_token` table - Add a `purpose` column, this allows the `forgejo_auth_token` table to be used by other parts of Forgejo, while still enjoying the no-compromise architecture. - Remove the 'roll your own crypto' time limited code functions and migrate them to the `forgejo_auth_token` table. This migration ensures generated codes can only be used for their purpose and ensure they are invalidated after their usage by deleting it from the database, this also should help making auditing of the security code easier, as we're no longer trying to stuff a lot of data into a HMAC construction. -Helper functions are rewritten to ensure a safe-by-design approach to these tokens. - Add the `forgejo_auth_token` to dbconsistency doctor and add it to the `deleteUser` function. - TODO: Add cron job to delete expired authorization tokens. - Unit and integration tests added.
2024-08-11 05:13:01 +02:00
u, twofa := commonResetPassword(ctx, true)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
if ctx.Written() {
return
}
if u == nil {
// Flash error has been set
ctx.HTML(http.StatusOK, tplResetPassword)
return
}
// Handle two-factor
regenerateScratchToken := false
if twofa != nil {
if ctx.FormBool("scratch_code") {
if !twofa.VerifyScratchToken(ctx.FormString("token")) {
ctx.Data["IsResetForm"] = true
ctx.Data["Err_Token"] = true
ctx.RenderWithErr(ctx.Tr("auth.twofa_scratch_token_incorrect"), tplResetPassword, nil)
return
}
regenerateScratchToken = true
} else {
passcode := ctx.FormString("passcode")
ok, err := twofa.ValidateTOTP(passcode)
if err != nil {
ctx.Error(http.StatusInternalServerError, "ValidateTOTP", err.Error())
return
}
if !ok || twofa.LastUsedPasscode == passcode {
ctx.Data["IsResetForm"] = true
ctx.Data["Err_Passcode"] = true
ctx.RenderWithErr(ctx.Tr("auth.twofa_passcode_incorrect"), tplResetPassword, nil)
return
}
twofa.LastUsedPasscode = passcode
More refactoring of `db.DefaultContext` (#27083) Next step of #27065
2023-09-15 08:13:19 +02:00
if err = auth.UpdateTwoFactor(ctx, twofa); err != nil {
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
ctx.ServerError("ResetPasswdPost: UpdateTwoFactor", err)
return
}
}
}
Unify user update methods (#28733) Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.
2024-02-04 14:29:09 +01:00
opts := &user_service.UpdateAuthOptions{
Password: optional.Some(ctx.FormString("password")),
MustChangePassword: optional.Some(false),
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
}
Do not use `ctx.Doer` when reset password (#29289) Fix #29278. Caused by a small typo in #28733 (cherry picked from commit 22b8de85ddda50725480b21c5bf6ef9c0202b5e9)
2024-02-21 12:57:22 +08:00
if err := user_service.UpdateAuth(ctx, u, opts); err != nil {
Unify user update methods (#28733) Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.
2024-02-04 14:29:09 +01:00
ctx.Data["IsResetForm"] = true
ctx.Data["Err_Password"] = true
switch {
case errors.Is(err, password.ErrMinLength):
ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplResetPassword, nil)
case errors.Is(err, password.ErrComplexity):
ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplResetPassword, nil)
case errors.Is(err, password.ErrIsPwned):
Remove urls from translations (#31950) Part of #27700 Removes all URLs from translation strings to easy up changing them in the future and to exclude people injecting malicious URLs through translations. First measure as long as #24402 is out of scope. (cherry picked from commit 83f37f630246e381eefd650fc2d4b1f3976ea882) Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu> Conflicts: - options/locale/locale_en-US.ini Resolved by manually applying the URL->%s changes to our translations. - routers/web/admin/hooks.go templates/repo/settings/protected_branch.tmpl templates/status/500.tmpl Manually resolved. - templates/repo/settings/webhook/settings.tmpl Applied the change to templates/webhook/shared-settings.tmpl instead Additional changes: Gitea-specific URLs have been replaced by their Forgejo counterparts, lifted from the original translation text.
2024-09-02 20:36:24 +02:00
ctx.RenderWithErr(ctx.Tr("auth.password_pwned", "https://haveibeenpwned.com/Passwords"), tplResetPassword, nil)
Unify user update methods (#28733) Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.
2024-02-04 14:29:09 +01:00
case password.IsErrIsPwnedRequest(err):
ctx.RenderWithErr(ctx.Tr("auth.password_pwned_err"), tplResetPassword, nil)
default:
ctx.ServerError("UpdateAuth", err)
}
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
return
}
log.Trace("User password reset: %s", u.Name)
ctx.Data["IsResetFailed"] = true
remember := len(ctx.FormString("remember")) != 0
if regenerateScratchToken {
// Invalidate the scratch token.
chore(sec): unify usage of `crypto/rand.Read` (#7453) - Unify the usage of [`crypto/rand.Read`](https://pkg.go.dev/crypto/rand#Read) to `util.CryptoRandomBytes`. - Refactor `util.CryptoRandomBytes` to never return an error. It is documented by Go, https://go.dev/issue/66821, to always succeed. So if we still receive a error or if the returned bytes read is not equal to the expected bytes to be read we panic (just to be on the safe side). - This simplifies a lot of code to no longer care about error handling. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7453 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-04-04 03:31:37 +00:00
twofa.GenerateScratchToken()
if err := auth.UpdateTwoFactor(ctx, twofa); err != nil {
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
ctx.ServerError("UserSignIn", err)
return
}
handleSignInFull(ctx, u, remember, false)
if ctx.Written() {
return
}
ctx.Flash.Info(ctx.Tr("auth.twofa_scratch_used"))
ctx.Redirect(setting.AppSubURL + "/user/settings/security")
return
}
handleSignIn(ctx, u, remember)
}
// MustChangePassword renders the page to change a user's password
func MustChangePassword(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/settings/change_password"
feat: Global 2FA enforcement (#8753) resolves #8549 This PR add a config to enforce 2FA for the whole Forgejo instance. It can be configured to `none`, `admin` or `all`. A user who is required to enable 2FA is like a disabled user. He can only see the `/user/settings/security`-Page to enable 2FA, this should be similar to a user which needs to change his password. Also api and git-commands are not allowed. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [ ] I did not document these changes and I do not expect someone else to do it. I will do it, if the general idea of this PR is a good feature. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Security features - [PR](https://codeberg.org/forgejo/forgejo/pulls/8753): <!--number 8753 --><!--line 0 --><!--description R2xvYmFsIDJGQSBlbmZvcmNlbWVudA==-->Global 2FA enforcement<!--description--> <!--end release-notes-assistant--> Co-authored-by: 0ko <0ko@noreply.codeberg.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8753 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: zokki <zokki.softwareschmiede@gmail.com> Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
2025-08-15 10:56:45 +02:00
ctx.Data["HideNavbarLinks"] = true
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
ctx.HTML(http.StatusOK, tplMustChangePassword)
}
Use neutral language in comments and docs (#20135) - Replace `his/her` to `their`, as it's more neutral language.
2022-06-26 00:50:12 +02:00
// MustChangePasswordPost response for updating a user's password after their
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
// account was created by an admin
func MustChangePasswordPost(ctx *context.Context) {
form := web.GetForm(ctx).(*forms.MustChangePasswordForm)
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/settings/change_password"
if ctx.HasError() {
ctx.HTML(http.StatusOK, tplMustChangePassword)
return
}
Unify user update methods (#28733) Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.
2024-02-04 14:29:09 +01:00
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
// Make sure only requests for users who are eligible to change their password via
// this method passes through
Unify user update methods (#28733) Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.
2024-02-04 14:29:09 +01:00
if !ctx.Doer.MustChangePassword {
ctx.ServerError("MustUpdatePassword", errors.New("cannot update password. Please visit the settings page"))
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
return
}
if form.Password != form.Retype {
ctx.Data["Err_Password"] = true
ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplMustChangePassword, &form)
return
}
Unify user update methods (#28733) Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.
2024-02-04 14:29:09 +01:00
opts := &user_service.UpdateAuthOptions{
Password: optional.Some(form.Password),
MustChangePassword: optional.Some(false),
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
}
Unify user update methods (#28733) Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.
2024-02-04 14:29:09 +01:00
if err := user_service.UpdateAuth(ctx, ctx.Doer, opts); err != nil {
switch {
case errors.Is(err, password.ErrMinLength):
ctx.Data["Err_Password"] = true
ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplMustChangePassword, &form)
case errors.Is(err, password.ErrComplexity):
ctx.Data["Err_Password"] = true
ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplMustChangePassword, &form)
case errors.Is(err, password.ErrIsPwned):
ctx.Data["Err_Password"] = true
Remove urls from translations (#31950) Part of #27700 Removes all URLs from translation strings to easy up changing them in the future and to exclude people injecting malicious URLs through translations. First measure as long as #24402 is out of scope. (cherry picked from commit 83f37f630246e381eefd650fc2d4b1f3976ea882) Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu> Conflicts: - options/locale/locale_en-US.ini Resolved by manually applying the URL->%s changes to our translations. - routers/web/admin/hooks.go templates/repo/settings/protected_branch.tmpl templates/status/500.tmpl Manually resolved. - templates/repo/settings/webhook/settings.tmpl Applied the change to templates/webhook/shared-settings.tmpl instead Additional changes: Gitea-specific URLs have been replaced by their Forgejo counterparts, lifted from the original translation text.
2024-09-02 20:36:24 +02:00
ctx.RenderWithErr(ctx.Tr("auth.password_pwned", "https://haveibeenpwned.com/Passwords"), tplMustChangePassword, &form)
Unify user update methods (#28733) Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.
2024-02-04 14:29:09 +01:00
case password.IsErrIsPwnedRequest(err):
ctx.Data["Err_Password"] = true
ctx.RenderWithErr(ctx.Tr("auth.password_pwned_err"), tplMustChangePassword, &form)
default:
ctx.ServerError("UpdateAuth", err)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
}
return
}
ctx.Flash.Success(ctx.Tr("settings.change_password_success"))
Unify user update methods (#28733) Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.
2024-02-04 14:29:09 +01:00
log.Trace("User updated password: %s", ctx.Doer.Name)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
[PORT] drop utils.IsExternalURL (and expand IsRiskyRedirectURL tests) (#3167) Related to #2773 Related to Refactor URL detection [gitea#29960](https://github.com/go-gitea/gitea/pull/29960) Related to Refactor external URL detection [gitea#29973](https://github.com/go-gitea/gitea/pull/29973) I added a bunch of tests to `httplib.TestIsRiskyRedirectURL` and some cases should be better handled (however it is not an easy task). I also ported the removal of `utils.IsExternalURL`, since it prevents duplicated (subtle) code. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3167 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-04-15 13:03:08 +00:00
redirectTo := ctx.GetSiteCookie("redirect_to")
if redirectTo != "" {
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
middleware.DeleteRedirectToCookie(ctx.Resp)
}
[PORT] drop utils.IsExternalURL (and expand IsRiskyRedirectURL tests) (#3167) Related to #2773 Related to Refactor URL detection [gitea#29960](https://github.com/go-gitea/gitea/pull/29960) Related to Refactor external URL detection [gitea#29973](https://github.com/go-gitea/gitea/pull/29973) I added a bunch of tests to `httplib.TestIsRiskyRedirectURL` and some cases should be better handled (however it is not an easy task). I also ported the removal of `utils.IsExternalURL`, since it prevents duplicated (subtle) code. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3167 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: oliverpool <git@olivier.pfad.fr> Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-04-15 13:03:08 +00:00
ctx.RedirectToFirst(redirectTo)
Refactor auth package (#17962)
2022-01-02 21:12:35 +08:00
}
Copy permalink