forgejo/routers/web/user/setting/security/security.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2018 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package security

import (
	"net/http"

	auth_model "code.gitea.io/gitea/models/auth"
	user_model "code.gitea.io/gitea/models/user"
	"code.gitea.io/gitea/modules/base"
	"code.gitea.io/gitea/modules/context"
	"code.gitea.io/gitea/modules/setting"
	"code.gitea.io/gitea/services/auth/source/oauth2"
)

const (
	tplSettingsSecurity    base.TplName = "user/settings/security/security"
	tplSettingsTwofaEnroll base.TplName = "user/settings/security/twofa_enroll"
)

// Security render change user's password page and 2FA
func Security(ctx *context.Context) {
	ctx.Data["Title"] = ctx.Tr("settings.security")
	ctx.Data["PageIsSettingsSecurity"] = true

	if ctx.FormString("openid.return_to") != "" {
		settingsOpenIDVerify(ctx)
		return
	}

	loadSecurityData(ctx)

	ctx.HTML(http.StatusOK, tplSettingsSecurity)
}

// DeleteAccountLink delete a single account link
func DeleteAccountLink(ctx *context.Context) {
	id := ctx.FormInt64("id")
	if id <= 0 {
		ctx.Flash.Error("Account link id is not given")
	} else {
		if _, err := user_model.RemoveAccountLink(ctx.Doer, id); err != nil {
			ctx.Flash.Error("RemoveAccountLink: " + err.Error())
		} else {
			ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))
		}
	}

	ctx.JSONRedirect(setting.AppSubURL + "/user/settings/security")
}

func loadSecurityData(ctx *context.Context) {
	enrolled, err := auth_model.HasTwoFactorByUID(ctx, ctx.Doer.ID)
	if err != nil {
		ctx.ServerError("SettingsTwoFactor", err)
		return
	}
	ctx.Data["TOTPEnrolled"] = enrolled

	credentials, err := auth_model.GetWebAuthnCredentialsByUID(ctx, ctx.Doer.ID)
	if err != nil {
		ctx.ServerError("GetWebAuthnCredentialsByUID", err)
		return
	}
	ctx.Data["WebAuthnCredentials"] = credentials

	tokens, err := auth_model.ListAccessTokens(ctx, auth_model.ListAccessTokensOptions{UserID: ctx.Doer.ID})
	if err != nil {
		ctx.ServerError("ListAccessTokens", err)
		return
	}
	ctx.Data["Tokens"] = tokens

	accountLinks, err := user_model.ListAccountLinks(ctx.Doer)
	if err != nil {
		ctx.ServerError("ListAccountLinks", err)
		return
	}

	// map the provider display name with the AuthSource
	sources := make(map[*auth_model.Source]string)
	for _, externalAccount := range accountLinks {
		if authSource, err := auth_model.GetSourceByID(externalAccount.LoginSourceID); err == nil {
			var providerDisplayName string

			type DisplayNamed interface {
				DisplayName() string
			}

			type Named interface {
				Name() string
			}

			if displayNamed, ok := authSource.Cfg.(DisplayNamed); ok {
				providerDisplayName = displayNamed.DisplayName()
			} else if named, ok := authSource.Cfg.(Named); ok {
				providerDisplayName = named.Name()
			} else {
				providerDisplayName = authSource.Name
			}
			sources[authSource] = providerDisplayName
		}
	}
	ctx.Data["AccountLinks"] = sources

	orderedOAuth2Names, oauth2Providers, err := oauth2.GetActiveOAuth2Providers()
	if err != nil {
		ctx.ServerError("GetActiveOAuth2Providers", err)
		return
	}
	ctx.Data["OrderedOAuth2Names"] = orderedOAuth2Names
	ctx.Data["OAuth2Providers"] = oauth2Providers

	openid, err := user_model.GetUserOpenIDs(ctx, ctx.Doer.ID)
	if err != nil {
		ctx.ServerError("GetUserOpenIDs", err)
		return
	}
	ctx.Data["OpenIDs"] = openid
}
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`// Copyright 2014 The Gogs Authors. All rights reserved.`
			`// Copyright 2018 The Gitea Authors. All rights reserved.`
Implement FSFE REUSE for golang files (#21840) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com> 2022-11-27 19:20:29 +01:00			`// SPDX-License-Identifier: MIT`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00
Refactor auth package (#17962) 2022-01-02 14:12:35 +01:00			`package security`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00
			`import (`
[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 2021-04-05 17:30:52 +02:00			`"net/http"`

Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de> 2022-08-25 04:31:57 +02:00			`auth_model "code.gitea.io/gitea/models/auth"`
Move user follow and openid into models/user/ (#17613) * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint * Move user follow and openid into models/user * Ignore the lint * Ignore the lint * Fix test * ignore stutters lint on UserOpenID 2021-11-17 10:58:31 +01:00			`user_model "code.gitea.io/gitea/models/user"`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`"code.gitea.io/gitea/modules/base"`
			`"code.gitea.io/gitea/modules/context"`
			`"code.gitea.io/gitea/modules/setting"`
Adding button to link accounts from user settings (#19792) * Adding button to link accounts from user settings * Only display button to link user accounts when at least one OAuth2 provider is active 2022-05-29 02:03:17 +02:00			`"code.gitea.io/gitea/services/auth/source/oauth2"`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`)`

			`const (`
Refactor auth package (#17962) 2022-01-02 14:12:35 +01:00			`tplSettingsSecurity base.TplName = "user/settings/security/security"`
			`tplSettingsTwofaEnroll base.TplName = "user/settings/security/twofa_enroll"`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`)`

			`// Security render change user's password page and 2FA`
			`func Security(ctx *context.Context) {`
Add main landmark to templates and adjust titles (#22670) * Add main aria landmark to templates * Adjust some titles to improve understanding of location in navigation Contributed by @Forgejo 2023-02-01 23:56:10 +01:00			`ctx.Data["Title"] = ctx.Tr("settings.security")`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`ctx.Data["PageIsSettingsSecurity"] = true`

Rename ctx.Form() to ctx.FormString() and move code into own file (#16571) Followup from #16562 prepare for #16567 * Rename ctx.Form() to ctx.FormString() * Reimplement FormX func to need less code and cpu cycles * Move code into own file 2021-08-11 02:31:13 +02:00			`if ctx.FormString("openid.return_to") != "" {`
fix missing data on redirects (#3975) 2018-06-18 20:24:45 +02:00			`settingsOpenIDVerify(ctx)`
			`return`
			`}`

			`loadSecurityData(ctx)`

[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 2021-04-05 17:30:52 +02:00			`ctx.HTML(http.StatusOK, tplSettingsSecurity)`
fix missing data on redirects (#3975) 2018-06-18 20:24:45 +02:00			`}`

			`// DeleteAccountLink delete a single account link`
			`func DeleteAccountLink(ctx *context.Context) {`
Rename context.Query to context.Form (#16562) 2021-07-29 03:42:15 +02:00			`id := ctx.FormInt64("id")`
fix bug when deleting a linked account will removed all (#5989) 2019-02-07 07:51:23 +01:00			`if id <= 0 {`
			`ctx.Flash.Error("Account link id is not given")`
fix missing data on redirects (#3975) 2018-06-18 20:24:45 +02:00			`} else {`
Renamed ctx.User to ctx.Doer. (#19161) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2022-03-22 08:03:22 +01:00			`if _, err := user_model.RemoveAccountLink(ctx.Doer, id); err != nil {`
fix bug when deleting a linked account will removed all (#5989) 2019-02-07 07:51:23 +01:00			`ctx.Flash.Error("RemoveAccountLink: " + err.Error())`
			`} else {`
			`ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))`
			`}`
fix missing data on redirects (#3975) 2018-06-18 20:24:45 +02:00			`}`

Move web JSON functions to web context and simplify code (#26132) The JSONRedirect/JSONOK/JSONError functions were put into "Base" context incorrectly, it would cause abuse. Actually, they are for "web context" only, so, move them to the correct place. And by the way, use them to simplify old code: +75 -196 2023-07-26 08:04:01 +02:00			`ctx.JSONRedirect(setting.AppSubURL + "/user/settings/security")`
fix missing data on redirects (#3975) 2018-06-18 20:24:45 +02:00			`}`

			`func loadSecurityData(ctx *context.Context) {`
More refactoring of `db.DefaultContext` (#27083) Next step of #27065 2023-09-15 08:13:19 +02:00			`enrolled, err := auth_model.HasTwoFactorByUID(ctx, ctx.Doer.ID)`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`if err != nil {`
Allow U2F 2FA without TOTP (#11573) This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495 2021-11-08 23:47:19 +01:00			`ctx.ServerError("SettingsTwoFactor", err)`
			`return`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`}`
Allow U2F 2FA without TOTP (#11573) This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495 2021-11-08 23:47:19 +01:00			`ctx.Data["TOTPEnrolled"] = enrolled`

Next round of `db.DefaultContext` refactor (#27089) Part of #27065 2023-09-16 16:39:12 +02:00			`credentials, err := auth_model.GetWebAuthnCredentialsByUID(ctx, ctx.Doer.ID)`
Allow U2F 2FA without TOTP (#11573) This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495 2021-11-08 23:47:19 +01:00			`if err != nil {`
Support webauthn (#17957) Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2022-01-14 16:03:31 +01:00			`ctx.ServerError("GetWebAuthnCredentialsByUID", err)`
Allow U2F 2FA without TOTP (#11573) This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495 2021-11-08 23:47:19 +01:00			`return`
Add support for FIDO U2F (#3971) * Add support for U2F Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add vendor library Add missing translations Signed-off-by: Jonas Franz <info@jonasfranz.software> * Minor improvements Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library Add U2F error handling Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F login page to OAuth Signed-off-by: Jonas Franz <info@jonasfranz.software> * Move U2F user settings to a separate file Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add unit tests for u2f model Renamed u2f table name Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix problems caused by refactoring Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F documentation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Remove not needed console.log-s Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add default values to app.ini.sample Add FIDO U2F to comparison Signed-off-by: Jonas Franz <info@jonasfranz.software> 2018-05-19 16:12:37 +02:00			`}`
Support webauthn (#17957) Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2022-01-14 16:03:31 +01:00			`ctx.Data["WebAuthnCredentials"] = credentials`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00
More refactoring of `db.DefaultContext` (#27083) Next step of #27065 2023-09-15 08:13:19 +02:00			`tokens, err := auth_model.ListAccessTokens(ctx, auth_model.ListAccessTokensOptions{UserID: ctx.Doer.ID})`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`if err != nil {`
			`ctx.ServerError("ListAccessTokens", err)`
			`return`
			`}`
			`ctx.Data["Tokens"] = tokens`

Renamed ctx.User to ctx.Doer. (#19161) Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2022-03-22 08:03:22 +01:00			`accountLinks, err := user_model.ListAccountLinks(ctx.Doer)`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`if err != nil {`
			`ctx.ServerError("ListAccountLinks", err)`
			`return`
			`}`

Refactor auth package (#17962) 2022-01-02 14:12:35 +01:00			`// map the provider display name with the AuthSource`
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de> 2022-08-25 04:31:57 +02:00			`sources := make(map[*auth_model.Source]string)`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`for _, externalAccount := range accountLinks {`
Move some files into models' sub packages (#20262) * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de> 2022-08-25 04:31:57 +02:00			`if authSource, err := auth_model.GetSourceByID(externalAccount.LoginSourceID); err == nil {`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`var providerDisplayName string`
Add microsoft oauth2 providers (#16544) * Clean up oauth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review * remove unused Scopes Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-08-06 03:11:08 +02:00
			`type DisplayNamed interface {`
			`DisplayName() string`
			`}`

			`type Named interface {`
			`Name() string`
			`}`

Refactor auth package (#17962) 2022-01-02 14:12:35 +01:00			`if displayNamed, ok := authSource.Cfg.(DisplayNamed); ok {`
Add microsoft oauth2 providers (#16544) * Clean up oauth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review * remove unused Scopes Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-08-06 03:11:08 +02:00			`providerDisplayName = displayNamed.DisplayName()`
Refactor auth package (#17962) 2022-01-02 14:12:35 +01:00			`} else if named, ok := authSource.Cfg.(Named); ok {`
Add microsoft oauth2 providers (#16544) * Clean up oauth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review * remove unused Scopes Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 2021-08-06 03:11:08 +02:00			`providerDisplayName = named.Name()`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`} else {`
Refactor auth package (#17962) 2022-01-02 14:12:35 +01:00			`providerDisplayName = authSource.Name`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`}`
Refactor auth package (#17962) 2022-01-02 14:12:35 +01:00			`sources[authSource] = providerDisplayName`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`}`
			`}`
			`ctx.Data["AccountLinks"] = sources`

Adding button to link accounts from user settings (#19792) * Adding button to link accounts from user settings * Only display button to link user accounts when at least one OAuth2 provider is active 2022-05-29 02:03:17 +02:00			`orderedOAuth2Names, oauth2Providers, err := oauth2.GetActiveOAuth2Providers()`
			`if err != nil {`
			`ctx.ServerError("GetActiveOAuth2Providers", err)`
			`return`
			`}`
			`ctx.Data["OrderedOAuth2Names"] = orderedOAuth2Names`
			`ctx.Data["OAuth2Providers"] = oauth2Providers`

More refactoring of `db.DefaultContext` (#27083) Next step of #27065 2023-09-15 08:13:19 +02:00			`openid, err := user_model.GetUserOpenIDs(ctx, ctx.Doer.ID)`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 2018-05-17 06:05:00 +02:00			`if err != nil {`
			`ctx.ServerError("GetUserOpenIDs", err)`
			`return`
			`}`
			`ctx.Data["OpenIDs"] = openid`
			`}`