0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-10-31 03:09:26 +01:00
gitea/routers/web/user/setting/security/security.go
KN4CK3R e378545f30
Filter inactive auth sources (#27870)
Fix nil access for inactive auth sources.

> Render failed, failed to render template:
user/settings/security/security, error: template error:
builtin(static):user/settings/security/accountlinks:32:20 : executing
"user/settings/security/accountlinks" at <$providerData.IconHTML>: nil
pointer evaluating oauth2.Provider.IconHTML

Code tries to access the auth source of an `ExternalLoginUser` but the
list contains only the active auth sources.
2023-11-02 01:46:26 +02:00

122 lines
3.3 KiB
Go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2018 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package security
import (
"net/http"
auth_model "code.gitea.io/gitea/models/auth"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/services/auth/source/oauth2"
)
const (
tplSettingsSecurity base.TplName = "user/settings/security/security"
tplSettingsTwofaEnroll base.TplName = "user/settings/security/twofa_enroll"
)
// Security render change user's password page and 2FA
func Security(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("settings.security")
ctx.Data["PageIsSettingsSecurity"] = true
if ctx.FormString("openid.return_to") != "" {
settingsOpenIDVerify(ctx)
return
}
loadSecurityData(ctx)
ctx.HTML(http.StatusOK, tplSettingsSecurity)
}
// DeleteAccountLink delete a single account link
func DeleteAccountLink(ctx *context.Context) {
id := ctx.FormInt64("id")
if id <= 0 {
ctx.Flash.Error("Account link id is not given")
} else {
if _, err := user_model.RemoveAccountLink(ctx, ctx.Doer, id); err != nil {
ctx.Flash.Error("RemoveAccountLink: " + err.Error())
} else {
ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))
}
}
ctx.JSONRedirect(setting.AppSubURL + "/user/settings/security")
}
func loadSecurityData(ctx *context.Context) {
enrolled, err := auth_model.HasTwoFactorByUID(ctx, ctx.Doer.ID)
if err != nil {
ctx.ServerError("SettingsTwoFactor", err)
return
}
ctx.Data["TOTPEnrolled"] = enrolled
credentials, err := auth_model.GetWebAuthnCredentialsByUID(ctx, ctx.Doer.ID)
if err != nil {
ctx.ServerError("GetWebAuthnCredentialsByUID", err)
return
}
ctx.Data["WebAuthnCredentials"] = credentials
tokens, err := auth_model.ListAccessTokens(ctx, auth_model.ListAccessTokensOptions{UserID: ctx.Doer.ID})
if err != nil {
ctx.ServerError("ListAccessTokens", err)
return
}
ctx.Data["Tokens"] = tokens
accountLinks, err := user_model.ListAccountLinks(ctx, ctx.Doer)
if err != nil {
ctx.ServerError("ListAccountLinks", err)
return
}
// map the provider display name with the AuthSource
sources := make(map[*auth_model.Source]string)
for _, externalAccount := range accountLinks {
if authSource, err := auth_model.GetSourceByID(ctx, externalAccount.LoginSourceID); err == nil && authSource.IsActive {
var providerDisplayName string
type DisplayNamed interface {
DisplayName() string
}
type Named interface {
Name() string
}
if displayNamed, ok := authSource.Cfg.(DisplayNamed); ok {
providerDisplayName = displayNamed.DisplayName()
} else if named, ok := authSource.Cfg.(Named); ok {
providerDisplayName = named.Name()
} else {
providerDisplayName = authSource.Name
}
sources[authSource] = providerDisplayName
}
}
ctx.Data["AccountLinks"] = sources
orderedOAuth2Names, oauth2Providers, err := oauth2.GetActiveOAuth2Providers(ctx)
if err != nil {
ctx.ServerError("GetActiveOAuth2Providers", err)
return
}
ctx.Data["OrderedOAuth2Names"] = orderedOAuth2Names
ctx.Data["OAuth2Providers"] = oauth2Providers
openid, err := user_model.GetUserOpenIDs(ctx, ctx.Doer.ID)
if err != nil {
ctx.ServerError("GetUserOpenIDs", err)
return
}
ctx.Data["OpenIDs"] = openid
}