2017-03-17 17:16:08 +03:00
|
|
|
// Copyright 2017 The Gitea Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a MIT-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package user
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"net/url"
|
|
|
|
|
|
|
|
"code.gitea.io/gitea/models"
|
|
|
|
"code.gitea.io/gitea/modules/auth/openid"
|
|
|
|
"code.gitea.io/gitea/modules/base"
|
|
|
|
"code.gitea.io/gitea/modules/context"
|
2021-01-26 18:36:53 +03:00
|
|
|
auth "code.gitea.io/gitea/modules/forms"
|
2018-02-18 21:14:37 +03:00
|
|
|
"code.gitea.io/gitea/modules/generate"
|
2020-10-03 06:37:53 +03:00
|
|
|
"code.gitea.io/gitea/modules/hcaptcha"
|
2017-03-17 17:16:08 +03:00
|
|
|
"code.gitea.io/gitea/modules/log"
|
2018-07-05 07:13:05 +03:00
|
|
|
"code.gitea.io/gitea/modules/recaptcha"
|
2017-03-17 17:16:08 +03:00
|
|
|
"code.gitea.io/gitea/modules/setting"
|
2019-08-15 17:46:21 +03:00
|
|
|
"code.gitea.io/gitea/modules/timeutil"
|
2021-01-26 18:36:53 +03:00
|
|
|
"code.gitea.io/gitea/modules/web"
|
2019-09-24 08:02:49 +03:00
|
|
|
"code.gitea.io/gitea/services/mailer"
|
2017-03-17 17:16:08 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
tplSignInOpenID base.TplName = "user/auth/signin_openid"
|
|
|
|
tplConnectOID base.TplName = "user/auth/signup_openid_connect"
|
|
|
|
tplSignUpOID base.TplName = "user/auth/signup_openid_register"
|
|
|
|
)
|
|
|
|
|
|
|
|
// SignInOpenID render sign in page
|
|
|
|
func SignInOpenID(ctx *context.Context) {
|
|
|
|
ctx.Data["Title"] = ctx.Tr("sign_in")
|
|
|
|
|
|
|
|
if ctx.Query("openid.return_to") != "" {
|
|
|
|
signInOpenIDVerify(ctx)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check auto-login.
|
|
|
|
isSucceed, err := AutoSignIn(ctx)
|
|
|
|
if err != nil {
|
2018-01-11 00:34:17 +03:00
|
|
|
ctx.ServerError("AutoSignIn", err)
|
2017-03-17 17:16:08 +03:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
redirectTo := ctx.Query("redirect_to")
|
|
|
|
if len(redirectTo) > 0 {
|
2018-08-14 23:16:37 +03:00
|
|
|
ctx.SetCookie("redirect_to", redirectTo, 0, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
|
2017-03-17 17:16:08 +03:00
|
|
|
} else {
|
2019-03-21 05:06:16 +03:00
|
|
|
redirectTo = ctx.GetCookie("redirect_to")
|
2017-03-17 17:16:08 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if isSucceed {
|
2018-08-14 23:16:37 +03:00
|
|
|
ctx.SetCookie("redirect_to", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
|
2018-03-16 00:13:34 +03:00
|
|
|
ctx.RedirectToFirst(redirectTo)
|
2017-03-17 17:16:08 +03:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
ctx.Data["PageIsSignIn"] = true
|
|
|
|
ctx.Data["PageIsLoginOpenID"] = true
|
|
|
|
ctx.HTML(200, tplSignInOpenID)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if the given OpenID URI is allowed by blacklist/whitelist
|
|
|
|
func allowedOpenIDURI(uri string) (err error) {
|
|
|
|
|
|
|
|
// In case a Whitelist is present, URI must be in it
|
|
|
|
// in order to be accepted
|
2017-03-29 13:57:43 +03:00
|
|
|
if len(setting.Service.OpenIDWhitelist) != 0 {
|
|
|
|
for _, pat := range setting.Service.OpenIDWhitelist {
|
2017-03-17 17:16:08 +03:00
|
|
|
if pat.MatchString(uri) {
|
|
|
|
return nil // pass
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// must match one of this or be refused
|
|
|
|
return fmt.Errorf("URI not allowed by whitelist")
|
|
|
|
}
|
|
|
|
|
|
|
|
// A blacklist match expliclty forbids
|
2017-03-29 13:57:43 +03:00
|
|
|
for _, pat := range setting.Service.OpenIDBlacklist {
|
2017-03-17 17:16:08 +03:00
|
|
|
if pat.MatchString(uri) {
|
|
|
|
return fmt.Errorf("URI forbidden by blacklist")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// SignInOpenIDPost response for openid sign in request
|
2021-01-26 18:36:53 +03:00
|
|
|
func SignInOpenIDPost(ctx *context.Context) {
|
|
|
|
form := web.GetForm(ctx).(*auth.SignInOpenIDForm)
|
2017-03-17 17:16:08 +03:00
|
|
|
ctx.Data["Title"] = ctx.Tr("sign_in")
|
|
|
|
ctx.Data["PageIsSignIn"] = true
|
|
|
|
ctx.Data["PageIsLoginOpenID"] = true
|
|
|
|
|
|
|
|
if ctx.HasError() {
|
|
|
|
ctx.HTML(200, tplSignInOpenID)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
id, err := openid.Normalize(form.Openid)
|
|
|
|
if err != nil {
|
|
|
|
ctx.RenderWithErr(err.Error(), tplSignInOpenID, &form)
|
2017-03-21 03:55:00 +03:00
|
|
|
return
|
2017-03-17 17:16:08 +03:00
|
|
|
}
|
|
|
|
form.Openid = id
|
|
|
|
|
|
|
|
log.Trace("OpenID uri: " + id)
|
|
|
|
|
2017-03-21 03:55:00 +03:00
|
|
|
err = allowedOpenIDURI(id)
|
|
|
|
if err != nil {
|
2017-03-17 17:16:08 +03:00
|
|
|
ctx.RenderWithErr(err.Error(), tplSignInOpenID, &form)
|
2017-03-21 03:55:00 +03:00
|
|
|
return
|
2017-03-17 17:16:08 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
redirectTo := setting.AppURL + "user/login/openid"
|
|
|
|
url, err := openid.RedirectURL(id, redirectTo, setting.AppURL)
|
2017-03-21 03:55:00 +03:00
|
|
|
if err != nil {
|
2019-04-02 10:48:31 +03:00
|
|
|
log.Error("Error in OpenID redirect URL: %s, %v", redirectTo, err.Error())
|
2019-01-12 22:24:47 +03:00
|
|
|
ctx.RenderWithErr(fmt.Sprintf("Unable to find OpenID provider in %s", redirectTo), tplSignInOpenID, &form)
|
2017-03-21 03:55:00 +03:00
|
|
|
return
|
|
|
|
}
|
2017-03-17 17:16:08 +03:00
|
|
|
|
|
|
|
// Request optional nickname and email info
|
|
|
|
// NOTE: change to `openid.sreg.required` to require it
|
|
|
|
url += "&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fextensions%2Fsreg%2F1.1"
|
|
|
|
url += "&openid.sreg.optional=nickname%2Cemail"
|
|
|
|
|
2019-04-02 10:48:31 +03:00
|
|
|
log.Trace("Form-passed openid-remember: %t", form.Remember)
|
2020-05-17 15:43:29 +03:00
|
|
|
|
|
|
|
if err := ctx.Session.Set("openid_signin_remember", form.Remember); err != nil {
|
|
|
|
log.Error("SignInOpenIDPost: Could not set openid_signin_remember in session: %v", err)
|
|
|
|
}
|
|
|
|
if err := ctx.Session.Release(); err != nil {
|
|
|
|
log.Error("SignInOpenIDPost: Unable to save changes to the session: %v", err)
|
2019-06-12 22:41:28 +03:00
|
|
|
}
|
2017-03-17 17:16:08 +03:00
|
|
|
|
|
|
|
ctx.Redirect(url)
|
|
|
|
}
|
|
|
|
|
|
|
|
// signInOpenIDVerify handles response from OpenID provider
|
|
|
|
func signInOpenIDVerify(ctx *context.Context) {
|
|
|
|
|
2021-01-26 18:36:53 +03:00
|
|
|
log.Trace("Incoming call to: " + ctx.Req.URL.String())
|
2017-03-17 17:16:08 +03:00
|
|
|
|
2021-01-26 18:36:53 +03:00
|
|
|
fullURL := setting.AppURL + ctx.Req.URL.String()[1:]
|
2017-03-21 03:55:00 +03:00
|
|
|
log.Trace("Full URL: " + fullURL)
|
2017-03-17 17:16:08 +03:00
|
|
|
|
|
|
|
var id, err = openid.Verify(fullURL)
|
|
|
|
if err != nil {
|
|
|
|
ctx.RenderWithErr(err.Error(), tplSignInOpenID, &auth.SignInOpenIDForm{
|
|
|
|
Openid: id,
|
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Trace("Verified ID: " + id)
|
|
|
|
|
|
|
|
/* Now we should seek for the user and log him in, or prompt
|
|
|
|
* to register if not found */
|
|
|
|
|
2019-06-12 22:41:28 +03:00
|
|
|
u, err := models.GetUserByOpenID(id)
|
2017-03-17 17:16:08 +03:00
|
|
|
if err != nil {
|
2017-03-21 03:55:00 +03:00
|
|
|
if !models.IsErrUserNotExist(err) {
|
2017-03-17 17:16:08 +03:00
|
|
|
ctx.RenderWithErr(err.Error(), tplSignInOpenID, &auth.SignInOpenIDForm{
|
|
|
|
Openid: id,
|
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
2019-06-12 22:41:28 +03:00
|
|
|
log.Error("signInOpenIDVerify: %v", err)
|
2017-03-17 17:16:08 +03:00
|
|
|
}
|
|
|
|
if u != nil {
|
|
|
|
log.Trace("User exists, logging in")
|
|
|
|
remember, _ := ctx.Session.Get("openid_signin_remember").(bool)
|
2019-04-02 10:48:31 +03:00
|
|
|
log.Trace("Session stored openid-remember: %t", remember)
|
2017-03-17 17:16:08 +03:00
|
|
|
handleSignIn(ctx, u, remember)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Trace("User with openid " + id + " does not exist, should connect or register")
|
|
|
|
|
|
|
|
parsedURL, err := url.Parse(fullURL)
|
|
|
|
if err != nil {
|
|
|
|
ctx.RenderWithErr(err.Error(), tplSignInOpenID, &auth.SignInOpenIDForm{
|
|
|
|
Openid: id,
|
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
values, err := url.ParseQuery(parsedURL.RawQuery)
|
|
|
|
if err != nil {
|
|
|
|
ctx.RenderWithErr(err.Error(), tplSignInOpenID, &auth.SignInOpenIDForm{
|
|
|
|
Openid: id,
|
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
email := values.Get("openid.sreg.email")
|
|
|
|
nickname := values.Get("openid.sreg.nickname")
|
|
|
|
|
2017-03-21 03:55:00 +03:00
|
|
|
log.Trace("User has email=" + email + " and nickname=" + nickname)
|
2017-03-17 17:16:08 +03:00
|
|
|
|
|
|
|
if email != "" {
|
2019-06-12 22:41:28 +03:00
|
|
|
u, err = models.GetUserByEmail(email)
|
2017-03-17 17:16:08 +03:00
|
|
|
if err != nil {
|
2017-03-21 03:55:00 +03:00
|
|
|
if !models.IsErrUserNotExist(err) {
|
2017-03-17 17:16:08 +03:00
|
|
|
ctx.RenderWithErr(err.Error(), tplSignInOpenID, &auth.SignInOpenIDForm{
|
|
|
|
Openid: id,
|
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
2019-06-12 22:41:28 +03:00
|
|
|
log.Error("signInOpenIDVerify: %v", err)
|
2017-03-17 17:16:08 +03:00
|
|
|
}
|
|
|
|
if u != nil {
|
|
|
|
log.Trace("Local user " + u.LowerName + " has OpenID provided email " + email)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if u == nil && nickname != "" {
|
|
|
|
u, _ = models.GetUserByName(nickname)
|
|
|
|
if err != nil {
|
2017-03-21 03:55:00 +03:00
|
|
|
if !models.IsErrUserNotExist(err) {
|
2017-03-17 17:16:08 +03:00
|
|
|
ctx.RenderWithErr(err.Error(), tplSignInOpenID, &auth.SignInOpenIDForm{
|
|
|
|
Openid: id,
|
|
|
|
})
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if u != nil {
|
|
|
|
log.Trace("Local user " + u.LowerName + " has OpenID provided nickname " + nickname)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-05-17 15:43:29 +03:00
|
|
|
if err := ctx.Session.Set("openid_verified_uri", id); err != nil {
|
|
|
|
log.Error("signInOpenIDVerify: Could not set openid_verified_uri in session: %v", err)
|
2019-06-12 22:41:28 +03:00
|
|
|
}
|
2020-05-17 15:43:29 +03:00
|
|
|
if err := ctx.Session.Set("openid_determined_email", email); err != nil {
|
|
|
|
log.Error("signInOpenIDVerify: Could not set openid_determined_email in session: %v", err)
|
2019-06-12 22:41:28 +03:00
|
|
|
}
|
2017-03-17 17:16:08 +03:00
|
|
|
|
|
|
|
if u != nil {
|
|
|
|
nickname = u.LowerName
|
|
|
|
}
|
|
|
|
|
2020-05-17 15:43:29 +03:00
|
|
|
if err := ctx.Session.Set("openid_determined_username", nickname); err != nil {
|
|
|
|
log.Error("signInOpenIDVerify: Could not set openid_determined_username in session: %v", err)
|
|
|
|
}
|
|
|
|
if err := ctx.Session.Release(); err != nil {
|
|
|
|
log.Error("signInOpenIDVerify: Unable to save changes to the session: %v", err)
|
2019-06-12 22:41:28 +03:00
|
|
|
}
|
2017-03-17 17:16:08 +03:00
|
|
|
|
2017-03-29 13:57:43 +03:00
|
|
|
if u != nil || !setting.Service.EnableOpenIDSignUp {
|
2017-03-17 17:16:08 +03:00
|
|
|
ctx.Redirect(setting.AppSubURL + "/user/openid/connect")
|
|
|
|
} else {
|
|
|
|
ctx.Redirect(setting.AppSubURL + "/user/openid/register")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// ConnectOpenID shows a form to connect an OpenID URI to an existing account
|
|
|
|
func ConnectOpenID(ctx *context.Context) {
|
|
|
|
oid, _ := ctx.Session.Get("openid_verified_uri").(string)
|
|
|
|
if oid == "" {
|
|
|
|
ctx.Redirect(setting.AppSubURL + "/user/login/openid")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.Data["Title"] = "OpenID connect"
|
|
|
|
ctx.Data["PageIsSignIn"] = true
|
|
|
|
ctx.Data["PageIsOpenIDConnect"] = true
|
2017-03-29 13:57:43 +03:00
|
|
|
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
2017-03-17 17:16:08 +03:00
|
|
|
ctx.Data["OpenID"] = oid
|
|
|
|
userName, _ := ctx.Session.Get("openid_determined_username").(string)
|
|
|
|
if userName != "" {
|
|
|
|
ctx.Data["user_name"] = userName
|
|
|
|
}
|
|
|
|
ctx.HTML(200, tplConnectOID)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ConnectOpenIDPost handles submission of a form to connect an OpenID URI to an existing account
|
2021-01-26 18:36:53 +03:00
|
|
|
func ConnectOpenIDPost(ctx *context.Context) {
|
|
|
|
form := web.GetForm(ctx).(*auth.ConnectOpenIDForm)
|
2017-03-17 17:16:08 +03:00
|
|
|
oid, _ := ctx.Session.Get("openid_verified_uri").(string)
|
|
|
|
if oid == "" {
|
|
|
|
ctx.Redirect(setting.AppSubURL + "/user/login/openid")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.Data["Title"] = "OpenID connect"
|
|
|
|
ctx.Data["PageIsSignIn"] = true
|
|
|
|
ctx.Data["PageIsOpenIDConnect"] = true
|
2017-03-29 13:57:43 +03:00
|
|
|
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
2017-03-17 17:16:08 +03:00
|
|
|
ctx.Data["OpenID"] = oid
|
|
|
|
|
|
|
|
u, err := models.UserSignIn(form.UserName, form.Password)
|
|
|
|
if err != nil {
|
|
|
|
if models.IsErrUserNotExist(err) {
|
|
|
|
ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplConnectOID, &form)
|
|
|
|
} else {
|
2018-01-11 00:34:17 +03:00
|
|
|
ctx.ServerError("ConnectOpenIDPost", err)
|
2017-03-17 17:16:08 +03:00
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// add OpenID for the user
|
2017-03-21 03:55:00 +03:00
|
|
|
userOID := &models.UserOpenID{UID: u.ID, URI: oid}
|
2017-03-17 17:16:08 +03:00
|
|
|
if err = models.AddUserOpenID(userOID); err != nil {
|
|
|
|
if models.IsErrOpenIDAlreadyUsed(err) {
|
|
|
|
ctx.RenderWithErr(ctx.Tr("form.openid_been_used", oid), tplConnectOID, &form)
|
|
|
|
return
|
|
|
|
}
|
2018-01-11 00:34:17 +03:00
|
|
|
ctx.ServerError("AddUserOpenID", err)
|
2017-03-17 17:16:08 +03:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
ctx.Flash.Success(ctx.Tr("settings.add_openid_success"))
|
|
|
|
|
|
|
|
remember, _ := ctx.Session.Get("openid_signin_remember").(bool)
|
2019-04-02 10:48:31 +03:00
|
|
|
log.Trace("Session stored openid-remember: %t", remember)
|
2017-03-17 17:16:08 +03:00
|
|
|
handleSignIn(ctx, u, remember)
|
|
|
|
}
|
|
|
|
|
|
|
|
// RegisterOpenID shows a form to create a new user authenticated via an OpenID URI
|
|
|
|
func RegisterOpenID(ctx *context.Context) {
|
|
|
|
oid, _ := ctx.Session.Get("openid_verified_uri").(string)
|
|
|
|
if oid == "" {
|
|
|
|
ctx.Redirect(setting.AppSubURL + "/user/login/openid")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx.Data["Title"] = "OpenID signup"
|
|
|
|
ctx.Data["PageIsSignIn"] = true
|
|
|
|
ctx.Data["PageIsOpenIDRegister"] = true
|
2017-03-29 13:57:43 +03:00
|
|
|
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
2017-03-17 19:40:39 +03:00
|
|
|
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
|
2021-01-27 17:56:54 +03:00
|
|
|
ctx.Data["Captcha"] = context.GetImageCaptcha()
|
2018-07-05 07:13:05 +03:00
|
|
|
ctx.Data["CaptchaType"] = setting.Service.CaptchaType
|
|
|
|
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
|
2020-10-03 06:37:53 +03:00
|
|
|
ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
|
2019-05-02 16:09:39 +03:00
|
|
|
ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
|
2017-03-17 17:16:08 +03:00
|
|
|
ctx.Data["OpenID"] = oid
|
|
|
|
userName, _ := ctx.Session.Get("openid_determined_username").(string)
|
|
|
|
if userName != "" {
|
|
|
|
ctx.Data["user_name"] = userName
|
|
|
|
}
|
|
|
|
email, _ := ctx.Session.Get("openid_determined_email").(string)
|
|
|
|
if email != "" {
|
|
|
|
ctx.Data["email"] = email
|
|
|
|
}
|
|
|
|
ctx.HTML(200, tplSignUpOID)
|
|
|
|
}
|
|
|
|
|
|
|
|
// RegisterOpenIDPost handles submission of a form to create a new user authenticated via an OpenID URI
|
2021-01-26 18:36:53 +03:00
|
|
|
func RegisterOpenIDPost(ctx *context.Context) {
|
|
|
|
form := web.GetForm(ctx).(*auth.SignUpOpenIDForm)
|
2017-03-17 17:16:08 +03:00
|
|
|
oid, _ := ctx.Session.Get("openid_verified_uri").(string)
|
|
|
|
if oid == "" {
|
|
|
|
ctx.Redirect(setting.AppSubURL + "/user/login/openid")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
ctx.Data["Title"] = "OpenID signup"
|
|
|
|
ctx.Data["PageIsSignIn"] = true
|
|
|
|
ctx.Data["PageIsOpenIDRegister"] = true
|
2017-03-29 13:57:43 +03:00
|
|
|
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
2017-03-17 19:40:39 +03:00
|
|
|
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
|
2019-05-02 16:09:39 +03:00
|
|
|
ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
|
2021-01-27 17:56:54 +03:00
|
|
|
ctx.Data["Captcha"] = context.GetImageCaptcha()
|
2018-07-05 07:13:05 +03:00
|
|
|
ctx.Data["CaptchaType"] = setting.Service.CaptchaType
|
|
|
|
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
|
2020-10-03 06:37:53 +03:00
|
|
|
ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
|
2017-03-17 17:16:08 +03:00
|
|
|
ctx.Data["OpenID"] = oid
|
|
|
|
|
2019-07-06 22:48:02 +03:00
|
|
|
if setting.Service.EnableCaptcha {
|
|
|
|
var valid bool
|
2020-10-03 06:37:53 +03:00
|
|
|
var err error
|
2019-07-06 22:48:02 +03:00
|
|
|
switch setting.Service.CaptchaType {
|
|
|
|
case setting.ImageCaptcha:
|
2021-01-26 18:36:53 +03:00
|
|
|
valid = context.GetImageCaptcha().VerifyReq(ctx.Req)
|
2019-07-06 22:48:02 +03:00
|
|
|
case setting.ReCaptcha:
|
2020-10-03 06:37:53 +03:00
|
|
|
if err := ctx.Req.ParseForm(); err != nil {
|
2019-07-06 22:48:02 +03:00
|
|
|
ctx.ServerError("", err)
|
|
|
|
return
|
|
|
|
}
|
2020-10-03 06:37:53 +03:00
|
|
|
valid, err = recaptcha.Verify(ctx.Req.Context(), form.GRecaptchaResponse)
|
|
|
|
case setting.HCaptcha:
|
|
|
|
if err := ctx.Req.ParseForm(); err != nil {
|
|
|
|
ctx.ServerError("", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
valid, err = hcaptcha.Verify(ctx.Req.Context(), form.HcaptchaResponse)
|
2019-07-06 22:48:02 +03:00
|
|
|
default:
|
|
|
|
ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType))
|
2019-06-12 22:41:28 +03:00
|
|
|
return
|
|
|
|
}
|
2020-10-03 06:37:53 +03:00
|
|
|
if err != nil {
|
|
|
|
log.Debug("%s", err.Error())
|
|
|
|
}
|
2019-07-06 22:48:02 +03:00
|
|
|
|
2018-07-05 07:13:05 +03:00
|
|
|
if !valid {
|
|
|
|
ctx.Data["Err_Captcha"] = true
|
|
|
|
ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplSignUpOID, &form)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-05-28 18:45:54 +03:00
|
|
|
length := setting.MinPasswordLength
|
|
|
|
if length < 256 {
|
|
|
|
length = 256
|
2017-03-21 03:55:00 +03:00
|
|
|
}
|
2019-05-28 18:45:54 +03:00
|
|
|
password, err := generate.GetRandomString(length)
|
2017-03-17 17:16:08 +03:00
|
|
|
if err != nil {
|
|
|
|
ctx.RenderWithErr(err.Error(), tplSignUpOID, form)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO: abstract a finalizeSignUp function ?
|
|
|
|
u := &models.User{
|
|
|
|
Name: form.UserName,
|
|
|
|
Email: form.Email,
|
|
|
|
Passwd: password,
|
|
|
|
IsActive: !setting.Service.RegisterEmailConfirm,
|
|
|
|
}
|
2020-02-23 22:52:05 +03:00
|
|
|
//nolint: dupl
|
2017-03-17 17:16:08 +03:00
|
|
|
if err := models.CreateUser(u); err != nil {
|
|
|
|
switch {
|
|
|
|
case models.IsErrUserAlreadyExist(err):
|
|
|
|
ctx.Data["Err_UserName"] = true
|
|
|
|
ctx.RenderWithErr(ctx.Tr("form.username_been_taken"), tplSignUpOID, &form)
|
|
|
|
case models.IsErrEmailAlreadyUsed(err):
|
|
|
|
ctx.Data["Err_Email"] = true
|
|
|
|
ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSignUpOID, &form)
|
|
|
|
case models.IsErrNameReserved(err):
|
|
|
|
ctx.Data["Err_UserName"] = true
|
|
|
|
ctx.RenderWithErr(ctx.Tr("user.form.name_reserved", err.(models.ErrNameReserved).Name), tplSignUpOID, &form)
|
|
|
|
case models.IsErrNamePatternNotAllowed(err):
|
|
|
|
ctx.Data["Err_UserName"] = true
|
|
|
|
ctx.RenderWithErr(ctx.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tplSignUpOID, &form)
|
2020-02-23 22:52:05 +03:00
|
|
|
case models.IsErrNameCharsNotAllowed(err):
|
|
|
|
ctx.Data["Err_UserName"] = true
|
|
|
|
ctx.RenderWithErr(ctx.Tr("user.form.name_chars_not_allowed", err.(models.ErrNameCharsNotAllowed).Name), tplSignUpOID, &form)
|
2017-03-17 17:16:08 +03:00
|
|
|
default:
|
2018-01-11 00:34:17 +03:00
|
|
|
ctx.ServerError("CreateUser", err)
|
2017-03-17 17:16:08 +03:00
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
log.Trace("Account created: %s", u.Name)
|
|
|
|
|
|
|
|
// add OpenID for the user
|
2017-03-21 03:55:00 +03:00
|
|
|
userOID := &models.UserOpenID{UID: u.ID, URI: oid}
|
2017-03-17 17:16:08 +03:00
|
|
|
if err = models.AddUserOpenID(userOID); err != nil {
|
|
|
|
if models.IsErrOpenIDAlreadyUsed(err) {
|
|
|
|
ctx.RenderWithErr(ctx.Tr("form.openid_been_used", oid), tplSignUpOID, &form)
|
|
|
|
return
|
|
|
|
}
|
2018-01-11 00:34:17 +03:00
|
|
|
ctx.ServerError("AddUserOpenID", err)
|
2017-03-17 17:16:08 +03:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Auto-set admin for the only user.
|
|
|
|
if models.CountUsers() == 1 {
|
|
|
|
u.IsAdmin = true
|
|
|
|
u.IsActive = true
|
2017-08-12 17:18:44 +03:00
|
|
|
u.SetLastLogin()
|
|
|
|
if err := models.UpdateUserCols(u, "is_admin", "is_active", "last_login_unix"); err != nil {
|
2018-01-11 00:34:17 +03:00
|
|
|
ctx.ServerError("UpdateUser", err)
|
2017-03-17 17:16:08 +03:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Send confirmation email, no need for social account.
|
|
|
|
if setting.Service.RegisterEmailConfirm && u.ID > 1 {
|
2019-09-24 08:02:49 +03:00
|
|
|
mailer.SendActivateAccountMail(ctx.Locale, u)
|
|
|
|
|
2017-03-17 17:16:08 +03:00
|
|
|
ctx.Data["IsSendRegisterMail"] = true
|
|
|
|
ctx.Data["Email"] = u.Email
|
2019-08-15 17:46:21 +03:00
|
|
|
ctx.Data["ActiveCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale.Language())
|
2017-03-17 17:16:08 +03:00
|
|
|
ctx.HTML(200, TplActivate)
|
|
|
|
|
|
|
|
if err := ctx.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil {
|
2019-04-02 10:48:31 +03:00
|
|
|
log.Error("Set cache(MailResendLimit) fail: %v", err)
|
2017-03-17 17:16:08 +03:00
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
remember, _ := ctx.Session.Get("openid_signin_remember").(bool)
|
2019-04-02 10:48:31 +03:00
|
|
|
log.Trace("Session stored openid-remember: %t", remember)
|
2017-03-17 17:16:08 +03:00
|
|
|
handleSignIn(ctx, u, remember)
|
|
|
|
}
|