mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-27 04:53:54 +01:00
536f65b8ad
Enable users to upload other key types than RSA (+ ED25519, ECDSA, NTRU, McE)
297 lines
8.1 KiB
Go
297 lines
8.1 KiB
Go
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package user
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/gogits/gogs/models"
|
|
"github.com/gogits/gogs/modules/auth"
|
|
"github.com/gogits/gogs/modules/base"
|
|
"github.com/gogits/gogs/modules/log"
|
|
"github.com/gogits/gogs/modules/middleware"
|
|
"github.com/gogits/gogs/modules/process"
|
|
)
|
|
|
|
const (
|
|
SETTING base.TplName = "user/setting"
|
|
SOCIAL base.TplName = "user/social"
|
|
PASSWORD base.TplName = "user/password"
|
|
PUBLICKEY base.TplName = "user/publickey"
|
|
NOTIFICATION base.TplName = "user/notification"
|
|
SECURITY base.TplName = "user/security"
|
|
)
|
|
|
|
var (
|
|
MinimumKeySize = map[string]int{
|
|
"(ED25519)": 256,
|
|
"(ECDSA)": 256,
|
|
"(NTRU)": 1087,
|
|
"(MCE)": 1702,
|
|
"(McE)": 1702,
|
|
"(RSA)": 2048,
|
|
}
|
|
)
|
|
|
|
func Setting(ctx *middleware.Context) {
|
|
ctx.Data["Title"] = "Setting"
|
|
ctx.Data["PageIsUserSetting"] = true
|
|
ctx.Data["IsUserPageSetting"] = true
|
|
ctx.Data["Owner"] = ctx.User
|
|
ctx.HTML(200, SETTING)
|
|
}
|
|
|
|
func SettingPost(ctx *middleware.Context, form auth.UpdateProfileForm) {
|
|
ctx.Data["Title"] = "Setting"
|
|
ctx.Data["PageIsUserSetting"] = true
|
|
ctx.Data["IsUserPageSetting"] = true
|
|
|
|
if ctx.HasError() {
|
|
ctx.HTML(200, SETTING)
|
|
return
|
|
}
|
|
|
|
ctx.Data["Owner"] = ctx.User
|
|
|
|
// Check if user name has been changed.
|
|
if ctx.User.Name != form.UserName {
|
|
isExist, err := models.IsUserExist(form.UserName)
|
|
if err != nil {
|
|
ctx.Handle(500, "user.SettingPost(update: check existence)", err)
|
|
return
|
|
} else if isExist {
|
|
ctx.RenderWithErr("User name has been taken.", SETTING, &form)
|
|
return
|
|
} else if err = models.ChangeUserName(ctx.User, form.UserName); err != nil {
|
|
ctx.Handle(500, "user.SettingPost(change user name)", err)
|
|
return
|
|
}
|
|
log.Trace("%s User name changed: %s -> %s", ctx.Req.RequestURI, ctx.User.Name, form.UserName)
|
|
|
|
ctx.User.Name = form.UserName
|
|
}
|
|
|
|
ctx.User.FullName = form.FullName
|
|
ctx.User.Email = form.Email
|
|
ctx.User.Website = form.Website
|
|
ctx.User.Location = form.Location
|
|
ctx.User.Avatar = base.EncodeMd5(form.Avatar)
|
|
ctx.User.AvatarEmail = form.Avatar
|
|
if err := models.UpdateUser(ctx.User); err != nil {
|
|
ctx.Handle(500, "setting.SettingPost(UpdateUser)", err)
|
|
return
|
|
}
|
|
log.Trace("%s User setting updated: %s", ctx.Req.RequestURI, ctx.User.LowerName)
|
|
ctx.Flash.Success("Your profile has been successfully updated.")
|
|
ctx.Redirect("/user/settings")
|
|
}
|
|
|
|
func SettingSocial(ctx *middleware.Context) {
|
|
ctx.Data["Title"] = "Social Account"
|
|
ctx.Data["PageIsUserSetting"] = true
|
|
ctx.Data["IsUserPageSettingSocial"] = true
|
|
|
|
// Unbind social account.
|
|
remove, _ := base.StrTo(ctx.Query("remove")).Int64()
|
|
if remove > 0 {
|
|
if err := models.DeleteOauth2ById(remove); err != nil {
|
|
ctx.Handle(500, "user.SettingSocial(DeleteOauth2ById)", err)
|
|
return
|
|
}
|
|
ctx.Flash.Success("OAuth2 has been unbinded.")
|
|
ctx.Redirect("/user/settings/social")
|
|
return
|
|
}
|
|
|
|
var err error
|
|
ctx.Data["Socials"], err = models.GetOauthByUserId(ctx.User.Id)
|
|
if err != nil {
|
|
ctx.Handle(500, "user.SettingSocial(GetOauthByUserId)", err)
|
|
return
|
|
}
|
|
ctx.HTML(200, SOCIAL)
|
|
}
|
|
|
|
func SettingPassword(ctx *middleware.Context) {
|
|
ctx.Data["Title"] = "Password"
|
|
ctx.Data["PageIsUserSetting"] = true
|
|
ctx.Data["IsUserPageSettingPasswd"] = true
|
|
ctx.HTML(200, PASSWORD)
|
|
}
|
|
|
|
func SettingPasswordPost(ctx *middleware.Context, form auth.UpdatePasswdForm) {
|
|
ctx.Data["Title"] = "Password"
|
|
ctx.Data["PageIsUserSetting"] = true
|
|
ctx.Data["IsUserPageSettingPasswd"] = true
|
|
|
|
if ctx.HasError() {
|
|
ctx.HTML(200, PASSWORD)
|
|
return
|
|
}
|
|
|
|
tmpUser := &models.User{
|
|
Passwd: form.OldPasswd,
|
|
Salt: ctx.User.Salt,
|
|
}
|
|
tmpUser.EncodePasswd()
|
|
if ctx.User.Passwd != tmpUser.Passwd {
|
|
ctx.Flash.Error("Old password is not correct.")
|
|
} else if form.NewPasswd != form.RetypePasswd {
|
|
ctx.Flash.Error("New password and re-type password are not same.")
|
|
} else {
|
|
ctx.User.Passwd = form.NewPasswd
|
|
ctx.User.Salt = models.GetUserSalt()
|
|
ctx.User.EncodePasswd()
|
|
if err := models.UpdateUser(ctx.User); err != nil {
|
|
ctx.Handle(200, "setting.SettingPassword", err)
|
|
return
|
|
}
|
|
log.Trace("%s User password updated: %s", ctx.Req.RequestURI, ctx.User.LowerName)
|
|
ctx.Flash.Success("Password is changed successfully. You can now sign in via new password.")
|
|
}
|
|
ctx.Redirect("/user/settings/password")
|
|
}
|
|
|
|
// Checks if the given public key string is recognized by SSH.
|
|
func CheckPublicKeyString(keyContent string) (ok bool, err error) {
|
|
if strings.ContainsAny(keyContent, "\n\r") {
|
|
return false, errors.New("Only a single line with a single key please")
|
|
}
|
|
|
|
// write the key to a file…
|
|
tmpFile, err := ioutil.TempFile(os.TempDir(), "keytest")
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
tmpPath := tmpFile.Name()
|
|
defer os.Remove(tmpPath)
|
|
tmpFile.WriteString(keyContent)
|
|
tmpFile.Close()
|
|
|
|
// … see if ssh-keygen recognizes its contents
|
|
stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-l", "-f", tmpPath)
|
|
if err != nil {
|
|
return false, errors.New("ssh-keygen -l -f: " + stderr)
|
|
} else if len(stdout) < 2 {
|
|
return false, errors.New("ssh-keygen returned not enough output to evaluate the key")
|
|
}
|
|
sshKeygenOutput := strings.Split(stdout, " ")
|
|
if len(sshKeygenOutput) < 4 {
|
|
return false, errors.New("Not enough fields returned by ssh-keygen -l -f")
|
|
}
|
|
keySize, err := strconv.Atoi(sshKeygenOutput[0])
|
|
if err != nil {
|
|
return false, errors.New("Cannot get key size of the given key")
|
|
}
|
|
keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
|
|
|
|
if minimumKeySize := MinimumKeySize[keyType]; minimumKeySize == 0 {
|
|
return false, errors.New("Sorry, unrecognized public key type")
|
|
} else {
|
|
if keySize < minimumKeySize {
|
|
return false, fmt.Errorf("The minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
|
|
}
|
|
}
|
|
|
|
return true, nil
|
|
}
|
|
|
|
func SettingSSHKeys(ctx *middleware.Context, form auth.AddSSHKeyForm) {
|
|
ctx.Data["Title"] = "SSH Keys"
|
|
ctx.Data["PageIsUserSetting"] = true
|
|
ctx.Data["IsUserPageSettingSSH"] = true
|
|
|
|
// Delete SSH key.
|
|
if ctx.Req.Method == "DELETE" || ctx.Query("_method") == "DELETE" {
|
|
id, err := base.StrTo(ctx.Query("id")).Int64()
|
|
if err != nil {
|
|
log.Error("ssh.DelPublicKey: %v", err)
|
|
ctx.JSON(200, map[string]interface{}{
|
|
"ok": false,
|
|
"err": err.Error(),
|
|
})
|
|
return
|
|
}
|
|
|
|
if err = models.DeletePublicKey(&models.PublicKey{Id: id}); err != nil {
|
|
log.Error("ssh.DelPublicKey: %v", err)
|
|
ctx.JSON(200, map[string]interface{}{
|
|
"ok": false,
|
|
"err": err.Error(),
|
|
})
|
|
} else {
|
|
log.Trace("%s User SSH key deleted: %s", ctx.Req.RequestURI, ctx.User.LowerName)
|
|
ctx.JSON(200, map[string]interface{}{
|
|
"ok": true,
|
|
})
|
|
}
|
|
return
|
|
}
|
|
|
|
var err error
|
|
// List existed SSH keys.
|
|
ctx.Data["Keys"], err = models.ListPublicKey(ctx.User.Id)
|
|
if err != nil {
|
|
ctx.Handle(500, "ssh.ListPublicKey", err)
|
|
return
|
|
}
|
|
|
|
// Add new SSH key.
|
|
if ctx.Req.Method == "POST" {
|
|
if ctx.HasError() {
|
|
ctx.HTML(200, "user/publickey")
|
|
return
|
|
}
|
|
|
|
if ok, err := CheckPublicKeyString(form.KeyContent); !ok {
|
|
ctx.Flash.Error(err.Error())
|
|
ctx.Redirect("/user/settings/ssh")
|
|
return
|
|
}
|
|
|
|
k := &models.PublicKey{
|
|
OwnerId: ctx.User.Id,
|
|
Name: form.KeyName,
|
|
Content: form.KeyContent,
|
|
}
|
|
|
|
if err := models.AddPublicKey(k); err != nil {
|
|
if err.Error() == models.ErrKeyAlreadyExist.Error() {
|
|
ctx.RenderWithErr("Public key name has been used", "user/publickey", &form)
|
|
return
|
|
}
|
|
ctx.Handle(500, "ssh.AddPublicKey", err)
|
|
return
|
|
} else {
|
|
log.Trace("%s User SSH key added: %s", ctx.Req.RequestURI, ctx.User.LowerName)
|
|
ctx.Flash.Success("New SSH Key has been added!")
|
|
ctx.Redirect("/user/settings/ssh")
|
|
return
|
|
}
|
|
}
|
|
|
|
ctx.HTML(200, PUBLICKEY)
|
|
}
|
|
|
|
func SettingNotification(ctx *middleware.Context) {
|
|
// TODO: user setting notification
|
|
ctx.Data["Title"] = "Notification"
|
|
ctx.Data["PageIsUserSetting"] = true
|
|
ctx.Data["IsUserPageSettingNotify"] = true
|
|
ctx.HTML(200, NOTIFICATION)
|
|
}
|
|
|
|
func SettingSecurity(ctx *middleware.Context) {
|
|
// TODO: user setting security
|
|
ctx.Data["Title"] = "Security"
|
|
ctx.Data["PageIsUserSetting"] = true
|
|
ctx.Data["IsUserPageSettingSecurity"] = true
|
|
ctx.HTML(200, SECURITY)
|
|
}
|