bench-forgejo/routers/web/user/setting/security/security.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package security

import (
	"net/http"

	auth_model "code.gitea.io/gitea/models/auth"
	user_model "code.gitea.io/gitea/models/user"
	"code.gitea.io/gitea/modules/base"
	"code.gitea.io/gitea/modules/context"
	"code.gitea.io/gitea/modules/setting"
	"code.gitea.io/gitea/services/auth/source/oauth2"
)

const (
	tplSettingsSecurity    base.TplName = "user/settings/security/security"
	tplSettingsTwofaEnroll base.TplName = "user/settings/security/twofa_enroll"
)

// Security render change user's password page and 2FA
func Security(ctx *context.Context) {
	ctx.Data["Title"] = ctx.Tr("settings")
	ctx.Data["PageIsSettingsSecurity"] = true

	if ctx.FormString("openid.return_to") != "" {
		settingsOpenIDVerify(ctx)
		return
	}

	loadSecurityData(ctx)

	ctx.HTML(http.StatusOK, tplSettingsSecurity)
}

// DeleteAccountLink delete a single account link
func DeleteAccountLink(ctx *context.Context) {
	id := ctx.FormInt64("id")
	if id <= 0 {
		ctx.Flash.Error("Account link id is not given")
	} else {
		if _, err := user_model.RemoveAccountLink(ctx.Doer, id); err != nil {
			ctx.Flash.Error("RemoveAccountLink: " + err.Error())
		} else {
			ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))
		}
	}

	ctx.JSON(http.StatusOK, map[string]interface{}{
		"redirect": setting.AppSubURL + "/user/settings/security",
	})
}

func loadSecurityData(ctx *context.Context) {
	enrolled, err := auth_model.HasTwoFactorByUID(ctx.Doer.ID)
	if err != nil {
		ctx.ServerError("SettingsTwoFactor", err)
		return
	}
	ctx.Data["TOTPEnrolled"] = enrolled

	credentials, err := auth_model.GetWebAuthnCredentialsByUID(ctx.Doer.ID)
	if err != nil {
		ctx.ServerError("GetWebAuthnCredentialsByUID", err)
		return
	}
	ctx.Data["WebAuthnCredentials"] = credentials

	tokens, err := auth_model.ListAccessTokens(auth_model.ListAccessTokensOptions{UserID: ctx.Doer.ID})
	if err != nil {
		ctx.ServerError("ListAccessTokens", err)
		return
	}
	ctx.Data["Tokens"] = tokens

	accountLinks, err := user_model.ListAccountLinks(ctx.Doer)
	if err != nil {
		ctx.ServerError("ListAccountLinks", err)
		return
	}

	// map the provider display name with the AuthSource
	sources := make(map[*auth_model.Source]string)
	for _, externalAccount := range accountLinks {
		if authSource, err := auth_model.GetSourceByID(externalAccount.LoginSourceID); err == nil {
			var providerDisplayName string

			type DisplayNamed interface {
				DisplayName() string
			}

			type Named interface {
				Name() string
			}

			if displayNamed, ok := authSource.Cfg.(DisplayNamed); ok {
				providerDisplayName = displayNamed.DisplayName()
			} else if named, ok := authSource.Cfg.(Named); ok {
				providerDisplayName = named.Name()
			} else {
				providerDisplayName = authSource.Name
			}
			sources[authSource] = providerDisplayName
		}
	}
	ctx.Data["AccountLinks"] = sources

	orderedOAuth2Names, oauth2Providers, err := oauth2.GetActiveOAuth2Providers()
	if err != nil {
		ctx.ServerError("GetActiveOAuth2Providers", err)
		return
	}
	ctx.Data["OrderedOAuth2Names"] = orderedOAuth2Names
	ctx.Data["OAuth2Providers"] = oauth2Providers

	openid, err := user_model.GetUserOpenIDs(ctx.Doer.ID)
	if err != nil {
		ctx.ServerError("GetUserOpenIDs", err)
		return
	}
	ctx.Data["OpenIDs"] = openid
}
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`// Copyright 2014 The Gogs Authors. All rights reserved.`
			`// Copyright 2018 The Gitea Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

Refactor auth package (#17962) 2022-01-02 18:42:35 +05:30			`package security`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30
			`import (`
[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 2021-04-05 21:00:52 +05:30			`"net/http"`

Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de> 2022-08-25 08:01:57 +05:30			`auth_model "code.gitea.io/gitea/models/auth"`
Move user follow and openid into models/user/ (#17613) * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint * Move user follow and openid into models/user * Ignore the lint * Ignore the lint * Fix test * ignore stutters lint on UserOpenID 2021-11-17 15:28:31 +05:30			`user_model "code.gitea.io/gitea/models/user"`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`"code.gitea.io/gitea/modules/base"`
			`"code.gitea.io/gitea/modules/context"`
			`"code.gitea.io/gitea/modules/setting"`
Adding button to link accounts from user settings (#19792) * Adding button to link accounts from user settings * Only display button to link user accounts when at least one OAuth2 provider is active 2022-05-29 05:33:17 +05:30			`"code.gitea.io/gitea/services/auth/source/oauth2"`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`)`

			`const (`
Refactor auth package (#17962) 2022-01-02 18:42:35 +05:30			`tplSettingsSecurity base.TplName = "user/settings/security/security"`
			`tplSettingsTwofaEnroll base.TplName = "user/settings/security/twofa_enroll"`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`)`

			`// Security render change user's password page and 2FA`
			`func Security(ctx *context.Context) {`
			`ctx.Data["Title"] = ctx.Tr("settings")`
			`ctx.Data["PageIsSettingsSecurity"] = true`

Rename ctx.Form() to ctx.FormString() and move code into own file (#16571) Followup from #16562 prepare for #16567 * Rename ctx.Form() to ctx.FormString() * Reimplement FormX func to need less code and cpu cycles * Move code into own file 2021-08-11 06:01:13 +05:30			`if ctx.FormString("openid.return_to") != "" {`
fix missing data on redirects (#3975) 2018-06-18 23:54:45 +05:30			`settingsOpenIDVerify(ctx)`
			`return`
			`}`

			`loadSecurityData(ctx)`

[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 2021-04-05 21:00:52 +05:30			`ctx.HTML(http.StatusOK, tplSettingsSecurity)`
fix missing data on redirects (#3975) 2018-06-18 23:54:45 +05:30			`}`

			`// DeleteAccountLink delete a single account link`
			`func DeleteAccountLink(ctx *context.Context) {`
Rename context.Query to context.Form (#16562) 2021-07-29 07:12:15 +05:30			`id := ctx.FormInt64("id")`
fix bug when deleting a linked account will removed all (#5989) 2019-02-07 12:21:23 +05:30			`if id <= 0 {`
			`ctx.Flash.Error("Account link id is not given")`
fix missing data on redirects (#3975) 2018-06-18 23:54:45 +05:30			`} else {`
Renamed ctx.User to ctx.Doer. (#19161) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2022-03-22 12:33:22 +05:30			`if _, err := user_model.RemoveAccountLink(ctx.Doer, id); err != nil {`
fix bug when deleting a linked account will removed all (#5989) 2019-02-07 12:21:23 +05:30			`ctx.Flash.Error("RemoveAccountLink: " + err.Error())`
			`} else {`
			`ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))`
			`}`
fix missing data on redirects (#3975) 2018-06-18 23:54:45 +05:30			`}`

[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 2021-04-05 21:00:52 +05:30			`ctx.JSON(http.StatusOK, map[string]interface{}{`
fix missing data on redirects (#3975) 2018-06-18 23:54:45 +05:30			`"redirect": setting.AppSubURL + "/user/settings/security",`
			`})`
			`}`

			`func loadSecurityData(ctx *context.Context) {`
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de> 2022-08-25 08:01:57 +05:30			`enrolled, err := auth_model.HasTwoFactorByUID(ctx.Doer.ID)`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`if err != nil {`
Allow U2F 2FA without TOTP (#11573) This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495 2021-11-09 04:17:19 +05:30			`ctx.ServerError("SettingsTwoFactor", err)`
			`return`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`}`
Allow U2F 2FA without TOTP (#11573) This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495 2021-11-09 04:17:19 +05:30			`ctx.Data["TOTPEnrolled"] = enrolled`

Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de> 2022-08-25 08:01:57 +05:30			`credentials, err := auth_model.GetWebAuthnCredentialsByUID(ctx.Doer.ID)`
Allow U2F 2FA without TOTP (#11573) This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495 2021-11-09 04:17:19 +05:30			`if err != nil {`
Support webauthn (#17957) Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2022-01-14 20:33:31 +05:30			`ctx.ServerError("GetWebAuthnCredentialsByUID", err)`
Allow U2F 2FA without TOTP (#11573) This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495 2021-11-09 04:17:19 +05:30			`return`
Add support for FIDO U2F (#3971) * Add support for U2F Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add vendor library Add missing translations Signed-off-by: Jonas Franz <info@jonasfranz.software> * Minor improvements Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library Add U2F error handling Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F login page to OAuth Signed-off-by: Jonas Franz <info@jonasfranz.software> * Move U2F user settings to a separate file Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add unit tests for u2f model Renamed u2f table name Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix problems caused by refactoring Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F documentation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Remove not needed console.log-s Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add default values to app.ini.sample Add FIDO U2F to comparison Signed-off-by: Jonas Franz <info@jonasfranz.software> 2018-05-19 19:42:37 +05:30			`}`
Support webauthn (#17957) Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2022-01-14 20:33:31 +05:30			`ctx.Data["WebAuthnCredentials"] = credentials`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de> 2022-08-25 08:01:57 +05:30			`tokens, err := auth_model.ListAccessTokens(auth_model.ListAccessTokensOptions{UserID: ctx.Doer.ID})`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`if err != nil {`
			`ctx.ServerError("ListAccessTokens", err)`
			`return`
			`}`
			`ctx.Data["Tokens"] = tokens`

Renamed ctx.User to ctx.Doer. (#19161) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2022-03-22 12:33:22 +05:30			`accountLinks, err := user_model.ListAccountLinks(ctx.Doer)`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`if err != nil {`
			`ctx.ServerError("ListAccountLinks", err)`
			`return`
			`}`

Refactor auth package (#17962) 2022-01-02 18:42:35 +05:30			`// map the provider display name with the AuthSource`
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de> 2022-08-25 08:01:57 +05:30			`sources := make(map[*auth_model.Source]string)`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`for _, externalAccount := range accountLinks {`
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de> 2022-08-25 08:01:57 +05:30			`if authSource, err := auth_model.GetSourceByID(externalAccount.LoginSourceID); err == nil {`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`var providerDisplayName string`
Add microsoft oauth2 providers (#16544) * Clean up oauth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review * remove unused Scopes Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-08-06 06:41:08 +05:30
			`type DisplayNamed interface {`
			`DisplayName() string`
			`}`

			`type Named interface {`
			`Name() string`
			`}`

Refactor auth package (#17962) 2022-01-02 18:42:35 +05:30			`if displayNamed, ok := authSource.Cfg.(DisplayNamed); ok {`
Add microsoft oauth2 providers (#16544) * Clean up oauth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review * remove unused Scopes Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-08-06 06:41:08 +05:30			`providerDisplayName = displayNamed.DisplayName()`
Refactor auth package (#17962) 2022-01-02 18:42:35 +05:30			`} else if named, ok := authSource.Cfg.(Named); ok {`
Add microsoft oauth2 providers (#16544) * Clean up oauth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review * remove unused Scopes Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-08-06 06:41:08 +05:30			`providerDisplayName = named.Name()`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`} else {`
Refactor auth package (#17962) 2022-01-02 18:42:35 +05:30			`providerDisplayName = authSource.Name`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`}`
Refactor auth package (#17962) 2022-01-02 18:42:35 +05:30			`sources[authSource] = providerDisplayName`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`}`
			`}`
			`ctx.Data["AccountLinks"] = sources`

Adding button to link accounts from user settings (#19792) * Adding button to link accounts from user settings * Only display button to link user accounts when at least one OAuth2 provider is active 2022-05-29 05:33:17 +05:30			`orderedOAuth2Names, oauth2Providers, err := oauth2.GetActiveOAuth2Providers()`
			`if err != nil {`
			`ctx.ServerError("GetActiveOAuth2Providers", err)`
			`return`
			`}`
			`ctx.Data["OrderedOAuth2Names"] = orderedOAuth2Names`
			`ctx.Data["OAuth2Providers"] = oauth2Providers`

Renamed ctx.User to ctx.Doer. (#19161) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2022-03-22 12:33:22 +05:30			`openid, err := user_model.GetUserOpenIDs(ctx.Doer.ID)`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 09:35:00 +05:30			`if err != nil {`
			`ctx.ServerError("GetUserOpenIDs", err)`
			`return`
			`}`
			`ctx.Data["OpenIDs"] = openid`
			`}`