8000 Verify password for local-account activation by 6543 · Pull Request #13631 · go-gitea/gitea · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Verify password for local-account activation #13631

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
Nov 28, 2020
Merged

Verify password for local-account activation #13631

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
2720e1b
Verify passwords for activation
ashimokawa May 19, 2020
a7162ac
Fix function comment
lafriks Nov 19, 2020
4b5d0eb
Merge branch 'master' into verify-password-for-account-activation
6543 Nov 19, 2020
b7ec064
Merge branch 'master' into verify-password-for-account-activation
6543 Nov 19, 2020
f07fa2f
only veify password on local-account aktivation
6543 Nov 19, 2020
65c4b30
fix lint
6543 Nov 19, 2020
91fb084
Merge branch 'master' into verify-password-for-account-activation
6543 Nov 19, 2020
8cdaa49
Merge branch 'master' into verify-password-for-account-activation
6543 Nov 20, 2020
718e66a
Merge branch 'master' into verify-password-for-account-activation
6543 Nov 21, 2020
27ac918
Merge branch 'master' into verify-password-for-account-activation
6543 Nov 24, 2020
0244d70
Update templates/user/auth/activate.tmpl
6543 Nov 25, 2020
5b86719
Merge branch 'master' into verify-password-for-account-activation
6543 Nov 25, 2020
b5ba60e
Merge branch 'master' into verify-password-for-account-activation
zeripath Nov 27, 2020
d4f2257
Merge branch 'master' into verify-password-for-account-activation
6543 Nov 27, 2020
f903dfb
Merge branch 'master' into verify-password-for-account-activation
6543 Nov 28, 2020
3201090
Merge branch 'master' into verify-password-for-account-activation
zeripath Nov 28, 2020
991f1a7
Merge branch 'master' into verify-password-for-account-activation
zeripath Nov 28, 2020
e92286c
Merge branch 'master' into verify-password-for-account-activation
techknowlogick Nov 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 45 additions & 27 deletions routers/user/auth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1203,6 +1203,8 @@ func SignUpPost(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterFo
// Activate render activate user page
func Activate(ctx *context.Context) {
code := ctx.Query("code")
password := ctx.Query("password")

if len(code) == 0 {
ctx.Data["IsActivatePage"] = true
if ctx.User.IsActive {
Expand All @@ -1228,42 +1230,58 @@ func Activate(ctx *context.Context) {
return
}

// Verify code.
if user := models.VerifyUserActiveCode(code); user != nil {
user.IsActive = true
var err error
if user.Rands, err = models.GetUserSalt(); err != nil {
ctx.ServerError("UpdateUser", err)
user := models.VerifyUserActiveCode(code)
// if code is wrong
if user == nil {
ctx.Data["IsActivateFailed"] = true
ctx.HTML(200, TplActivate)
return
}

// if account is local account, verify password
if user.LoginSource == 0 {
if len(password) == 0 {
ctx.Data["Code"] = code
ctx.Data["NeedsPassword"] = true
ctx.HTML(200, TplActivate)
return
}
if err := models.UpdateUserCols(user, "is_active", "rands"); err != nil {
if models.IsErrUserNotExist(err) {
ctx.Error(404)
} else {
ctx.ServerError("UpdateUser", err)
}
if !user.ValidatePassword(password) {
ctx.Data["IsActivateFailed"] = true
ctx.HTML(200, TplActivate)
return
}
}

log.Trace("User activated: %s", user.Name)

if err := ctx.Session.Set("uid", user.ID); err != nil {
log.Error(fmt.Sprintf("Error setting uid in session: %v", err))
}
if err := ctx.Session.Set("uname", user.Name); err != nil {
log.Error(fmt.Sprintf("Error setting uname in session: %v", err))
}
if err := ctx.Session.Release(); err != nil {
log.Error("Error storing session: %v", err)
user.IsActive = true
var err error
if user.Rands, err = models.GetUserSalt(); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
if err := models.UpdateUserCols(user, "is_active", "rands"); err != nil {
if models.IsErrUserNotExist(err) {
ctx.Error(404)
} else {
ctx.ServerError("UpdateUser", err)
}

ctx.Flash.Success(ctx.Tr("auth.account_activated"))
ctx.Redirect(setting.AppSubURL + "/")
return
}

ctx.Data["IsActivateFailed"] = true
ctx.HTML(200, TplActivate)
log.Trace("User activated: %s", user.Name)

if err := ctx.Session.Set("uid", user.ID); err != nil {
log.Error(fmt.Sprintf("Error setting uid in session: %v", err))
}
if err := ctx.Session.Set("uname", user.Name); err != nil {
log.Error(fmt.Sprintf("Error setting uname in session: %v", err))
}
if err := ctx.Session.Release(); err != nil {
log.Error("Error storing session: %v", err)
}

ctx.Flash.Success(ctx.Tr("auth.account_activated"))
ctx.Redirect(setting.AppSubURL + "/")
}

// ActivateEmail render the activate email page
Expand Down
14 changes: 13 additions & 1 deletion templates/user/auth/activate.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,19 @@
<p>{{.i18n.Tr "auth.confirmation_mail_sent_prompt" (.SignedUser.Email|Escape) .ActiveCodeLives | Str2html}}</p>
{{end}}
{{else}}
{{if .IsSendRegisterMail}}
{{if .NeedsPassword}}
<form class="ui form" action="/user/activate" method="post">
<div class="required inline field">
<label for="password">{{.i18n.Tr "password"}}</label>
<input id="password" name="password" type="password" autocomplete="off" required>
</div>
<div class="inline field">
<label></label>
<button class="ui green button">{{.i18n.Tr "install.confirm_password"}}</button>
</div>
<input id="code" name="code" type="hidden" value="{{.Code}}">
</form>
{{else if .IsSendRegisterMail}}
<p>{{.i18n.Tr "auth.confirmation_mail_sent_prompt" (.Email|Escape) .ActiveCodeLives | Str2html}}</p>
{{else if .IsActivateFailed}}
<p>{{.i18n.Tr "auth.invalid_code"}}</p>
Expand Down
0