gitea/routers/web/user/setting/security/security.go

// Copyright 2014 The Gogs Authors. All rights reserved.
// Copyright 2018 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package security

import (
	"net/http"

	"code.gitea.io/gitea/models"
	"code.gitea.io/gitea/models/auth"
	user_model "code.gitea.io/gitea/models/user"
	"code.gitea.io/gitea/modules/base"
	"code.gitea.io/gitea/modules/context"
	"code.gitea.io/gitea/modules/setting"
)

const (
	tplSettingsSecurity    base.TplName = "user/settings/security/security"
	tplSettingsTwofaEnroll base.TplName = "user/settings/security/twofa_enroll"
)

// Security render change user's password page and 2FA
func Security(ctx *context.Context) {
	ctx.Data["Title"] = ctx.Tr("settings")
	ctx.Data["PageIsSettingsSecurity"] = true
	ctx.Data["RequireU2F"] = true

	if ctx.FormString("openid.return_to") != "" {
		settingsOpenIDVerify(ctx)
		return
	}

	loadSecurityData(ctx)

	ctx.HTML(http.StatusOK, tplSettingsSecurity)
}

// DeleteAccountLink delete a single account link
func DeleteAccountLink(ctx *context.Context) {
	id := ctx.FormInt64("id")
	if id <= 0 {
		ctx.Flash.Error("Account link id is not given")
	} else {
		if _, err := user_model.RemoveAccountLink(ctx.User, id); err != nil {
			ctx.Flash.Error("RemoveAccountLink: " + err.Error())
		} else {
			ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))
		}
	}

	ctx.JSON(http.StatusOK, map[string]interface{}{
		"redirect": setting.AppSubURL + "/user/settings/security",
	})
}

func loadSecurityData(ctx *context.Context) {
	enrolled, err := auth.HasTwoFactorByUID(ctx.User.ID)
	if err != nil {
		ctx.ServerError("SettingsTwoFactor", err)
		return
	}
	ctx.Data["TOTPEnrolled"] = enrolled

	credentials, err := auth.GetWebAuthnCredentialsByUID(ctx.User.ID)
	if err != nil {
		ctx.ServerError("GetWebAuthnCredentialsByUID", err)
		return
	}
	ctx.Data["WebAuthnCredentials"] = credentials

	tokens, err := models.ListAccessTokens(models.ListAccessTokensOptions{UserID: ctx.User.ID})
	if err != nil {
		ctx.ServerError("ListAccessTokens", err)
		return
	}
	ctx.Data["Tokens"] = tokens

	accountLinks, err := user_model.ListAccountLinks(ctx.User)
	if err != nil {
		ctx.ServerError("ListAccountLinks", err)
		return
	}

	// map the provider display name with the AuthSource
	sources := make(map[*auth.Source]string)
	for _, externalAccount := range accountLinks {
		if authSource, err := auth.GetSourceByID(externalAccount.LoginSourceID); err == nil {
			var providerDisplayName string

			type DisplayNamed interface {
				DisplayName() string
			}

			type Named interface {
				Name() string
			}

			if displayNamed, ok := authSource.Cfg.(DisplayNamed); ok {
				providerDisplayName = displayNamed.DisplayName()
			} else if named, ok := authSource.Cfg.(Named); ok {
				providerDisplayName = named.Name()
			} else {
				providerDisplayName = authSource.Name
			}
			sources[authSource] = providerDisplayName
		}
	}
	ctx.Data["AccountLinks"] = sources

	openid, err := user_model.GetUserOpenIDs(ctx.User.ID)
	if err != nil {
		ctx.ServerError("GetUserOpenIDs", err)
		return
	}
	ctx.Data["OpenIDs"] = openid
}
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`// Copyright 2014 The Gogs Authors. All rights reserved.`
			`// Copyright 2018 The Gitea Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

Refactor auth package (#17962) 3 years ago			`package security`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago
			`import (`
[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 4 years ago			`"net/http"`

Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`"code.gitea.io/gitea/models"`
Refactor auth package (#17962) 3 years ago			`"code.gitea.io/gitea/models/auth"`
Move user follow and openid into models/user/ (#17613) * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint * Move user follow and openid into models/user * Ignore the lint * Ignore the lint * Fix test * ignore stutters lint on UserOpenID 3 years ago			`user_model "code.gitea.io/gitea/models/user"`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`"code.gitea.io/gitea/modules/base"`
			`"code.gitea.io/gitea/modules/context"`
			`"code.gitea.io/gitea/modules/setting"`
			`)`

			`const (`
Refactor auth package (#17962) 3 years ago			`tplSettingsSecurity base.TplName = "user/settings/security/security"`
			`tplSettingsTwofaEnroll base.TplName = "user/settings/security/twofa_enroll"`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`)`

			`// Security render change user's password page and 2FA`
			`func Security(ctx *context.Context) {`
			`ctx.Data["Title"] = ctx.Tr("settings")`
			`ctx.Data["PageIsSettingsSecurity"] = true`
load U2F js only on pages which need it (#11585) * load U2F js only on pages which need it * Update templates/base/head.tmpl 4 years ago			`ctx.Data["RequireU2F"] = true`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago
Rename ctx.Form() to ctx.FormString() and move code into own file (#16571) Followup from #16562 prepare for #16567 * Rename ctx.Form() to ctx.FormString() * Reimplement FormX func to need less code and cpu cycles * Move code into own file 3 years ago			`if ctx.FormString("openid.return_to") != "" {`
fix missing data on redirects (#3975) 6 years ago			`settingsOpenIDVerify(ctx)`
			`return`
			`}`

			`loadSecurityData(ctx)`

[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 4 years ago			`ctx.HTML(http.StatusOK, tplSettingsSecurity)`
fix missing data on redirects (#3975) 6 years ago			`}`

			`// DeleteAccountLink delete a single account link`
			`func DeleteAccountLink(ctx *context.Context) {`
Rename context.Query to context.Form (#16562) 3 years ago			`id := ctx.FormInt64("id")`
fix bug when deleting a linked account will removed all (#5989) 6 years ago			`if id <= 0 {`
			`ctx.Flash.Error("Account link id is not given")`
fix missing data on redirects (#3975) 6 years ago			`} else {`
Move more model into models/user (#17826) * Move more model into models/user * Remove unnecessary comment Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 3 years ago			`if _, err := user_model.RemoveAccountLink(ctx.User, id); err != nil {`
fix bug when deleting a linked account will removed all (#5989) 6 years ago			`ctx.Flash.Error("RemoveAccountLink: " + err.Error())`
			`} else {`
			`ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))`
			`}`
fix missing data on redirects (#3975) 6 years ago			`}`

[refactor] replace int with httpStatusCodes (#15282) * replace "200" (int) with "http.StatusOK" (const) * ctx.Error & ctx.HTML * ctx.JSON Part1 * ctx.JSON Part2 * ctx.JSON Part3 4 years ago			`ctx.JSON(http.StatusOK, map[string]interface{}{`
fix missing data on redirects (#3975) 6 years ago			`"redirect": setting.AppSubURL + "/user/settings/security",`
			`})`
			`}`

			`func loadSecurityData(ctx *context.Context) {`
Refactor auth package (#17962) 3 years ago			`enrolled, err := auth.HasTwoFactorByUID(ctx.User.ID)`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`if err != nil {`
Allow U2F 2FA without TOTP (#11573) This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495 3 years ago			`ctx.ServerError("SettingsTwoFactor", err)`
			`return`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`}`
Allow U2F 2FA without TOTP (#11573) This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495 3 years ago			`ctx.Data["TOTPEnrolled"] = enrolled`

Support webauthn (#17957) Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 3 years ago			`credentials, err := auth.GetWebAuthnCredentialsByUID(ctx.User.ID)`
Allow U2F 2FA without TOTP (#11573) This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495 3 years ago			`if err != nil {`
Support webauthn (#17957) Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 3 years ago			`ctx.ServerError("GetWebAuthnCredentialsByUID", err)`
Allow U2F 2FA without TOTP (#11573) This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495 3 years ago			`return`
Add support for FIDO U2F (#3971) * Add support for U2F Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add vendor library Add missing translations Signed-off-by: Jonas Franz <info@jonasfranz.software> * Minor improvements Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library Add U2F error handling Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F login page to OAuth Signed-off-by: Jonas Franz <info@jonasfranz.software> * Move U2F user settings to a separate file Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add unit tests for u2f model Renamed u2f table name Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix problems caused by refactoring Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add U2F documentation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Remove not needed console.log-s Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add default values to app.ini.sample Add FIDO U2F to comparison Signed-off-by: Jonas Franz <info@jonasfranz.software> 7 years ago			`}`
Support webauthn (#17957) Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 3 years ago			`ctx.Data["WebAuthnCredentials"] = credentials`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago
[API] Delete Token accept names too (#12366) * Delete Token accept names too * better description Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> 4 years ago			`tokens, err := models.ListAccessTokens(models.ListAccessTokensOptions{UserID: ctx.User.ID})`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`if err != nil {`
			`ctx.ServerError("ListAccessTokens", err)`
			`return`
			`}`
			`ctx.Data["Tokens"] = tokens`

Move more model into models/user (#17826) * Move more model into models/user * Remove unnecessary comment Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 3 years ago			`accountLinks, err := user_model.ListAccountLinks(ctx.User)`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`if err != nil {`
			`ctx.ServerError("ListAccountLinks", err)`
			`return`
			`}`

Refactor auth package (#17962) 3 years ago			`// map the provider display name with the AuthSource`
			`sources := make(map[*auth.Source]string)`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`for _, externalAccount := range accountLinks {`
Refactor auth package (#17962) 3 years ago			`if authSource, err := auth.GetSourceByID(externalAccount.LoginSourceID); err == nil {`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`var providerDisplayName string`
Add microsoft oauth2 providers (#16544) * Clean up oauth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review * remove unused Scopes Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 3 years ago
			`type DisplayNamed interface {`
			`DisplayName() string`
			`}`

			`type Named interface {`
			`Name() string`
			`}`

Refactor auth package (#17962) 3 years ago			`if displayNamed, ok := authSource.Cfg.(DisplayNamed); ok {`
Add microsoft oauth2 providers (#16544) * Clean up oauth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review * remove unused Scopes Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 3 years ago			`providerDisplayName = displayNamed.DisplayName()`
Refactor auth package (#17962) 3 years ago			`} else if named, ok := authSource.Cfg.(Named); ok {`
Add microsoft oauth2 providers (#16544) * Clean up oauth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review * remove unused Scopes Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> 3 years ago			`providerDisplayName = named.Name()`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`} else {`
Refactor auth package (#17962) 3 years ago			`providerDisplayName = authSource.Name`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`}`
Refactor auth package (#17962) 3 years ago			`sources[authSource] = providerDisplayName`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`}`
			`}`
			`ctx.Data["AccountLinks"] = sources`

Move user follow and openid into models/user/ (#17613) * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint * Move user follow and openid into models/user * Ignore the lint * Ignore the lint * Fix test * ignore stutters lint on UserOpenID 3 years ago			`openid, err := user_model.GetUserOpenIDs(ctx.User.ID)`
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information 7 years ago			`if err != nil {`
			`ctx.ServerError("GetUserOpenIDs", err)`
			`return`
			`}`
			`ctx.Data["OpenIDs"] = openid`
			`}`