bench-forgejo/routers/web/user/setting/security.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package setting

import (
	"net/http"

	"code.gitea.io/gitea/models"
	"code.gitea.io/gitea/modules/base"
	"code.gitea.io/gitea/modules/context"
	"code.gitea.io/gitea/modules/setting"
)

const (
	tplSettingsSecurity    base.TplName = "user/settings/security"
	tplSettingsTwofaEnroll base.TplName = "user/settings/twofa_enroll"
)

// Security render change user's password page and 2FA
func Security(ctx *context.Context) {
	ctx.Data["Title"] = ctx.Tr("settings")
	ctx.Data["PageIsSettingsSecurity"] = true
	ctx.Data["RequireU2F"] = true

	if ctx.FormString("openid.return_to") != "" {
		settingsOpenIDVerify(ctx)
		return
	}

	loadSecurityData(ctx)

	ctx.HTML(http.StatusOK, tplSettingsSecurity)
}

// DeleteAccountLink delete a single account link
func DeleteAccountLink(ctx *context.Context) {
	id := ctx.FormInt64("id")
	if id <= 0 {
		ctx.Flash.Error("Account link id is not given")
	} else {
		if _, err := models.RemoveAccountLink(ctx.User, id); err != nil {
			ctx.Flash.Error("RemoveAccountLink: " + err.Error())
		} else {
			ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))
		}
	}

	ctx.JSON(http.StatusOK, map[string]interface{}{
		"redirect": setting.AppSubURL + "/user/settings/security",
	})
}

func loadSecurityData(ctx *context.Context) {
	enrolled := true
	_, err := models.GetTwoFactorByUID(ctx.User.ID)
	if err != nil {
		if models.IsErrTwoFactorNotEnrolled(err) {
			enrolled = false
		} else {
			ctx.ServerError("SettingsTwoFactor", err)
			return
		}
	}
	ctx.Data["TwofaEnrolled"] = enrolled
	if enrolled {
		ctx.Data["U2FRegistrations"], err = models.GetU2FRegistrationsByUID(ctx.User.ID)
		if err != nil {
			ctx.ServerError("GetU2FRegistrationsByUID", err)
			return
		}
	}

	tokens, err := models.ListAccessTokens(models.ListAccessTokensOptions{UserID: ctx.User.ID})
	if err != nil {
		ctx.ServerError("ListAccessTokens", err)
		return
	}
	ctx.Data["Tokens"] = tokens

	accountLinks, err := models.ListAccountLinks(ctx.User)
	if err != nil {
		ctx.ServerError("ListAccountLinks", err)
		return
	}

	// map the provider display name with the LoginSource
	sources := make(map[*models.LoginSource]string)
	for _, externalAccount := range accountLinks {
		if loginSource, err := models.GetLoginSourceByID(externalAccount.LoginSourceID); err == nil {
			var providerDisplayName string

			type DisplayNamed interface {
				DisplayName() string
			}

			type Named interface {
				Name() string
			}

			if displayNamed, ok := loginSource.Cfg.(DisplayNamed); ok {
				providerDisplayName = displayNamed.DisplayName()
			} else if named, ok := loginSource.Cfg.(Named); ok {
				providerDisplayName = named.Name()
			} else {
				providerDisplayName = loginSource.Name
			}
			sources[loginSource] = providerDisplayName
		}
	}
	ctx.Data["AccountLinks"] = sources

	openid, err := models.GetUserOpenIDs(ctx.User.ID)
	if err != nil {
		ctx.ServerError("GetUserOpenIDs", err)
		return
	}
	ctx.Data["OpenIDs"] = openid
}
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`// Copyright 2014 The Gogs Authors. All rights reserved.`
			`// Copyright 2018 The Gitea Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package setting`

			`import (`
[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 2021-04-05 21:00:52 +05:30			`"net/http"`

Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`"code.gitea.io/gitea/models"`
			`"code.gitea.io/gitea/modules/base"`
			`"code.gitea.io/gitea/modules/context"`
			`"code.gitea.io/gitea/modules/setting"`
			`)`

			`const (`
			`tplSettingsSecurity base.TplName = "user/settings/security"`
			`tplSettingsTwofaEnroll base.TplName = "user/settings/twofa_enroll"`
			`)`

			`// Security render change user's password page and 2FA`
			`func Security(ctx *context.Context) {`
			`ctx.Data["Title"] = ctx.Tr("settings")`
			`ctx.Data["PageIsSettingsSecurity"] = true`
load U2F js only on pages which need it (#11585) * load U2F js only on pages which need it * Update templates/base/head.tmpl 2021-01-21 02:47:46 +05:30			`ctx.Data["RequireU2F"] = true`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30
Rename ctx.Form() to ctx.FormString() and move code into own file (#16571) Followup from #16562 prepare for #16567 * Rename ctx.Form() to ctx.FormString() * Reimplement FormX func to need less code and cpu cycles * Move code into own file 2021-08-11 06:01:13 +05:30			`if ctx.FormString("openid.return_to") != "" {`
fix missing data on redirects (#3975) 2018-06-18 23:54:45 +05:30			`settingsOpenIDVerify(ctx)`
			`return`
			`}`

			`loadSecurityData(ctx)`

[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 2021-04-05 21:00:52 +05:30			`ctx.HTML(http.StatusOK, tplSettingsSecurity)`
fix missing data on redirects (#3975) 2018-06-18 23:54:45 +05:30			`}`

			`// DeleteAccountLink delete a single account link`
			`func DeleteAccountLink(ctx *context.Context) {`
Rename context.Query to context.Form (#16562) 2021-07-29 07:12:15 +05:30			`id := ctx.FormInt64("id")`
fix bug when deleting a linked account will removed all (#5989) 2019-02-07 12:21:23 +05:30			`if id <= 0 {`
			`ctx.Flash.Error("Account link id is not given")`
fix missing data on redirects (#3975) 2018-06-18 23:54:45 +05:30			`} else {`
fix bug when deleting a linked account will removed all (#5989) 2019-02-07 12:21:23 +05:30			`if _, err := models.RemoveAccountLink(ctx.User, id); err != nil {`
			`ctx.Flash.Error("RemoveAccountLink: " + err.Error())`
			`} else {`
			`ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))`
			`}`
fix missing data on redirects (#3975) 2018-06-18 23:54:45 +05:30			`}`

[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 2021-04-05 21:00:52 +05:30			`ctx.JSON(http.StatusOK, map[string]interface{}{`
fix missing data on redirects (#3975) 2018-06-18 23:54:45 +05:30			`"redirect": setting.AppSubURL + "/user/settings/security",`
			`})`
			`}`

			`func loadSecurityData(ctx *context.Context) {`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`enrolled := true`
			`_, err := models.GetTwoFactorByUID(ctx.User.ID)`
			`if err != nil {`
			`if models.IsErrTwoFactorNotEnrolled(err) {`
			`enrolled = false`
			`} else {`
			`ctx.ServerError("SettingsTwoFactor", err)`
			`return`
			`}`
			`}`
			`ctx.Data["TwofaEnrolled"] = enrolled`
Add support for FIDO U2F (#3971) * Add support for U2F Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add vendor library Add missing translations Signed-off-by: Jonas Franz <info@jonasfranz.software> * Minor improvements Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library Add U2F error handling Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F login page to OAuth Signed-off-by: Jonas Franz <info@jonasfranz.software> * Move U2F user settings to a separate file Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add unit tests for u2f model Renamed u2f table name Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix problems caused by refactoring Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F documentation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Remove not needed console.log-s Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add default values to app.ini.sample Add FIDO U2F to comparison Signed-off-by: Jonas Franz <info@jonasfranz.software> 2018-05-19 19:42:37 +05:30			`if enrolled {`
			`ctx.Data["U2FRegistrations"], err = models.GetU2FRegistrationsByUID(ctx.User.ID)`
			`if err != nil {`
			`ctx.ServerError("GetU2FRegistrationsByUID", err)`
			`return`
			`}`
			`}`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30
[API] Delete Token accept names too (#12366) * Delete Token accept names too * better description Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> 2020-08-28 13:39:33 +05:30			`tokens, err := models.ListAccessTokens(models.ListAccessTokensOptions{UserID: ctx.User.ID})`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`if err != nil {`
			`ctx.ServerError("ListAccessTokens", err)`
			`return`
			`}`
			`ctx.Data["Tokens"] = tokens`

			`accountLinks, err := models.ListAccountLinks(ctx.User)`
			`if err != nil {`
			`ctx.ServerError("ListAccountLinks", err)`
			`return`
			`}`

			`// map the provider display name with the LoginSource`
			`sources := make(map[*models.LoginSource]string)`
			`for _, externalAccount := range accountLinks {`
			`if loginSource, err := models.GetLoginSourceByID(externalAccount.LoginSourceID); err == nil {`
			`var providerDisplayName string`
Add microsoft oauth2 providers (#16544) * Clean up oauth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review * remove unused Scopes Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-08-06 06:41:08 +05:30
			`type DisplayNamed interface {`
			`DisplayName() string`
			`}`

			`type Named interface {`
			`Name() string`
			`}`

			`if displayNamed, ok := loginSource.Cfg.(DisplayNamed); ok {`
			`providerDisplayName = displayNamed.DisplayName()`
			`} else if named, ok := loginSource.Cfg.(Named); ok {`
			`providerDisplayName = named.Name()`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`} else {`
			`providerDisplayName = loginSource.Name`
			`}`
			`sources[loginSource] = providerDisplayName`
			`}`
			`}`
			`ctx.Data["AccountLinks"] = sources`

			`openid, err := models.GetUserOpenIDs(ctx.User.ID)`
			`if err != nil {`
			`ctx.ServerError("GetUserOpenIDs", err)`
			`return`
			`}`
			`ctx.Data["OpenIDs"] = openid`
			`}`