|
|
|
@ -697,9 +697,10 @@ func oAuth2UserLoginCallback(loginSource *models.LoginSource, request *http.Requ |
|
|
|
|
|
|
|
|
|
// LinkAccount shows the page where the user can decide to login or create a new account
|
|
|
|
|
func LinkAccount(ctx *context.Context) { |
|
|
|
|
ctx.Data["DisablePassword"] = !setting.Service.RequireExternalRegistrationCaptcha || setting.Service.AllowOnlyExternalRegistration |
|
|
|
|
ctx.Data["Title"] = ctx.Tr("link_account") |
|
|
|
|
ctx.Data["LinkAccountMode"] = true |
|
|
|
|
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha |
|
|
|
|
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha |
|
|
|
|
ctx.Data["CaptchaType"] = setting.Service.CaptchaType |
|
|
|
|
ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL |
|
|
|
|
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey |
|
|
|
@ -746,10 +747,11 @@ func LinkAccount(ctx *context.Context) { |
|
|
|
|
|
|
|
|
|
// LinkAccountPostSignIn handle the coupling of external account with another account using signIn
|
|
|
|
|
func LinkAccountPostSignIn(ctx *context.Context, signInForm auth.SignInForm) { |
|
|
|
|
ctx.Data["DisablePassword"] = setting.Service.AllowOnlyExternalRegistration |
|
|
|
|
ctx.Data["Title"] = ctx.Tr("link_account") |
|
|
|
|
ctx.Data["LinkAccountMode"] = true |
|
|
|
|
ctx.Data["LinkAccountModeSignIn"] = true |
|
|
|
|
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha |
|
|
|
|
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha |
|
|
|
|
ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL |
|
|
|
|
ctx.Data["CaptchaType"] = setting.Service.CaptchaType |
|
|
|
|
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey |
|
|
|
@ -824,10 +826,13 @@ func LinkAccountPostSignIn(ctx *context.Context, signInForm auth.SignInForm) { |
|
|
|
|
|
|
|
|
|
// LinkAccountPostRegister handle the creation of a new account for an external account using signUp
|
|
|
|
|
func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterForm) { |
|
|
|
|
// TODO Make insecure passwords optional for local accounts also,
|
|
|
|
|
// once email-based Second-Factor Auth is available
|
|
|
|
|
ctx.Data["DisablePassword"] = !setting.Service.RequireExternalRegistrationCaptcha || setting.Service.AllowOnlyExternalRegistration |
|
|
|
|
ctx.Data["Title"] = ctx.Tr("link_account") |
|
|
|
|
ctx.Data["LinkAccountMode"] = true |
|
|
|
|
ctx.Data["LinkAccountModeRegister"] = true |
|
|
|
|
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha |
|
|
|
|
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha |
|
|
|
|
ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL |
|
|
|
|
ctx.Data["CaptchaType"] = setting.Service.CaptchaType |
|
|
|
|
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey |
|
|
|
@ -854,14 +859,18 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if setting.Service.EnableCaptcha && setting.Service.CaptchaType == setting.ImageCaptcha && !cpt.VerifyReq(ctx.Req) { |
|
|
|
|
ctx.Data["Err_Captcha"] = true |
|
|
|
|
ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplLinkAccount, &form) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
if setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha { |
|
|
|
|
var valid bool |
|
|
|
|
switch setting.Service.CaptchaType { |
|
|
|
|
case setting.ImageCaptcha: |
|
|
|
|
valid = cpt.VerifyReq(ctx.Req) |
|
|
|
|
case setting.ReCaptcha: |
|
|
|
|
valid, _ = recaptcha.Verify(form.GRecaptchaResponse) |
|
|
|
|
default: |
|
|
|
|
ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType)) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if setting.Service.EnableCaptcha && setting.Service.CaptchaType == setting.ReCaptcha { |
|
|
|
|
valid, _ := recaptcha.Verify(form.GRecaptchaResponse) |
|
|
|
|
if !valid { |
|
|
|
|
ctx.Data["Err_Captcha"] = true |
|
|
|
|
ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplLinkAccount, &form) |
|
|
|
@ -869,15 +878,24 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (len(strings.TrimSpace(form.Password)) > 0 || len(strings.TrimSpace(form.Retype)) > 0) && form.Password != form.Retype { |
|
|
|
|
ctx.Data["Err_Password"] = true |
|
|
|
|
ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplLinkAccount, &form) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
if len(strings.TrimSpace(form.Password)) > 0 && len(form.Password) < setting.MinPasswordLength { |
|
|
|
|
ctx.Data["Err_Password"] = true |
|
|
|
|
ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplLinkAccount, &form) |
|
|
|
|
return |
|
|
|
|
if setting.Service.AllowOnlyExternalRegistration || !setting.Service.RequireExternalRegistrationPassword { |
|
|
|
|
// In models.User an empty password is classed as not set, so we set form.Password to empty.
|
|
|
|
|
// Eventually the database should be changed to indicate "Second Factor"-enabled accounts
|
|
|
|
|
// (accounts that do not introduce the security vulnerabilities of a password).
|
|
|
|
|
// If a user decides to circumvent second-factor security, and purposefully create a password,
|
|
|
|
|
// they can still do so using the "Recover Account" option.
|
|
|
|
|
form.Password = "" |
|
|
|
|
} else { |
|
|
|
|
if (len(strings.TrimSpace(form.Password)) > 0 || len(strings.TrimSpace(form.Retype)) > 0) && form.Password != form.Retype { |
|
|
|
|
ctx.Data["Err_Password"] = true |
|
|
|
|
ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplLinkAccount, &form) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
if len(strings.TrimSpace(form.Password)) > 0 && len(form.Password) < setting.MinPasswordLength { |
|
|
|
|
ctx.Data["Err_Password"] = true |
|
|
|
|
ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplLinkAccount, &form) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
loginSource, err := models.GetActiveOAuth2LoginSourceByName(gothUser.(goth.User).Provider) |
|
|
|
@ -1000,14 +1018,18 @@ func SignUpPost(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterFo |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if setting.Service.EnableCaptcha && setting.Service.CaptchaType == setting.ImageCaptcha && !cpt.VerifyReq(ctx.Req) { |
|
|
|
|
ctx.Data["Err_Captcha"] = true |
|
|
|
|
ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplSignUp, &form) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
if setting.Service.EnableCaptcha { |
|
|
|
|
var valid bool |
|
|
|
|
switch setting.Service.CaptchaType { |
|
|
|
|
case setting.ImageCaptcha: |
|
|
|
|
valid = cpt.VerifyReq(ctx.Req) |
|
|
|
|
case setting.ReCaptcha: |
|
|
|
|
valid, _ = recaptcha.Verify(form.GRecaptchaResponse) |
|
|
|
|
default: |
|
|
|
|
ctx.ServerError("Unknown Captcha Type", fmt.Errorf("Unknown Captcha Type: %s", setting.Service.CaptchaType)) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if setting.Service.EnableCaptcha && setting.Service.CaptchaType == setting.ReCaptcha { |
|
|
|
|
valid, _ := recaptcha.Verify(form.GRecaptchaResponse) |
|
|
|
|
if !valid { |
|
|
|
|
ctx.Data["Err_Captcha"] = true |
|
|
|
|
ctx.RenderWithErr(ctx.Tr("form.captcha_incorrect"), tplSignUp, &form) |
|
|
|
|