2014-08-29 15:32:52 +08:00
// Copyright 2014 The Gogs Authors. All rights reserved.
2020-01-24 19:00:29 +00:00
// Copyright 2020 The Gitea Authors.
2014-08-29 15:32:52 +08:00
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package admin
import (
2020-12-25 09:59:32 +00:00
"fmt"
2021-04-05 17:30:52 +02:00
"net/http"
2020-12-25 09:59:32 +00:00
"strconv"
2014-08-29 15:32:52 +08:00
"strings"
2016-11-10 17:24:48 +01:00
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
2019-10-14 22:24:26 +07:00
"code.gitea.io/gitea/modules/password"
2016-11-10 17:24:48 +01:00
"code.gitea.io/gitea/modules/setting"
2021-01-26 23:36:53 +08:00
"code.gitea.io/gitea/modules/web"
2021-06-09 07:33:54 +08:00
"code.gitea.io/gitea/routers/web/explore"
router_user_setting "code.gitea.io/gitea/routers/web/user/setting"
2021-04-06 20:44:05 +01:00
"code.gitea.io/gitea/services/forms"
2019-09-24 13:02:49 +08:00
"code.gitea.io/gitea/services/mailer"
2014-08-29 15:32:52 +08:00
)
const (
2016-11-21 11:21:24 +08:00
tplUsers base . TplName = "admin/user/list"
tplUserNew base . TplName = "admin/user/new"
tplUserEdit base . TplName = "admin/user/edit"
2014-08-29 15:32:52 +08:00
)
2016-11-21 11:21:24 +08:00
// Users show all the users
2016-03-11 11:56:52 -05:00
func Users ( ctx * context . Context ) {
2014-08-29 20:50:43 +08:00
ctx . Data [ "Title" ] = ctx . Tr ( "admin.users" )
ctx . Data [ "PageIsAdmin" ] = true
ctx . Data [ "PageIsAdminUsers" ] = true
2021-06-09 07:33:54 +08:00
explore . RenderUserSearch ( ctx , & models . SearchUserOptions {
2021-06-26 22:53:14 +03:00
Actor : ctx . User ,
Type : models . UserTypeIndividual ,
2020-01-24 19:00:29 +00:00
ListOptions : models . ListOptions {
PageSize : setting . UI . Admin . UserPagingNum ,
} ,
2017-11-26 00:40:38 -08:00
SearchByEmail : true ,
2017-10-25 01:36:19 +08:00
} , tplUsers )
2014-08-29 15:32:52 +08:00
}
2016-11-21 11:21:24 +08:00
// NewUser render adding a new user page
2016-03-11 11:56:52 -05:00
func NewUser ( ctx * context . Context ) {
2014-08-29 15:32:52 +08:00
ctx . Data [ "Title" ] = ctx . Tr ( "admin.users.new_account" )
ctx . Data [ "PageIsAdmin" ] = true
ctx . Data [ "PageIsAdminUsers" ] = true
2021-06-26 22:53:14 +03:00
ctx . Data [ "DefaultUserVisibilityMode" ] = setting . Service . DefaultUserVisibilityMode
2021-06-27 20:47:35 +02:00
ctx . Data [ "AllowedUserVisibilityModes" ] = setting . Service . AllowedUserVisibilityModesSlice . ToVisibleTypeSlice ( )
2014-08-29 15:32:52 +08:00
2015-09-13 09:51:51 -04:00
ctx . Data [ "login_type" ] = "0-0"
sources , err := models . LoginSources ( )
2014-08-29 15:32:52 +08:00
if err != nil {
2018-01-10 22:34:17 +01:00
ctx . ServerError ( "LoginSources" , err )
2014-08-29 15:32:52 +08:00
return
}
2015-09-13 09:51:51 -04:00
ctx . Data [ "Sources" ] = sources
2015-09-25 19:45:44 -04:00
ctx . Data [ "CanSendEmail" ] = setting . MailService != nil
2021-04-05 17:30:52 +02:00
ctx . HTML ( http . StatusOK , tplUserNew )
2014-08-29 15:32:52 +08:00
}
2016-11-21 11:21:24 +08:00
// NewUserPost response for adding a new user
2021-01-26 23:36:53 +08:00
func NewUserPost ( ctx * context . Context ) {
2021-04-06 20:44:05 +01:00
form := web . GetForm ( ctx ) . ( * forms . AdminCreateUserForm )
2014-08-29 15:32:52 +08:00
ctx . Data [ "Title" ] = ctx . Tr ( "admin.users.new_account" )
ctx . Data [ "PageIsAdmin" ] = true
ctx . Data [ "PageIsAdminUsers" ] = true
2021-06-26 22:53:14 +03:00
ctx . Data [ "DefaultUserVisibilityMode" ] = setting . Service . DefaultUserVisibilityMode
2014-08-29 15:32:52 +08:00
2015-09-13 09:51:51 -04:00
sources , err := models . LoginSources ( )
if err != nil {
2018-01-10 22:34:17 +01:00
ctx . ServerError ( "LoginSources" , err )
2014-08-29 15:32:52 +08:00
return
}
2015-09-13 09:51:51 -04:00
ctx . Data [ "Sources" ] = sources
2014-08-29 15:32:52 +08:00
2015-09-25 19:45:44 -04:00
ctx . Data [ "CanSendEmail" ] = setting . MailService != nil
2015-09-13 09:51:51 -04:00
if ctx . HasError ( ) {
2021-04-05 17:30:52 +02:00
ctx . HTML ( http . StatusOK , tplUserNew )
2014-08-29 15:32:52 +08:00
return
}
u := & models . User {
2019-11-04 21:10:37 +02:00
Name : form . UserName ,
Email : form . Email ,
Passwd : form . Password ,
IsActive : true ,
LoginType : models . LoginPlain ,
2014-08-29 15:32:52 +08:00
}
if len ( form . LoginType ) > 0 {
fields := strings . Split ( form . LoginType , "-" )
2015-09-13 09:51:51 -04:00
if len ( fields ) == 2 {
2020-12-25 09:59:32 +00:00
lType , _ := strconv . ParseInt ( fields [ 0 ] , 10 , 0 )
u . LoginType = models . LoginType ( lType )
u . LoginSource , _ = strconv . ParseInt ( fields [ 1 ] , 10 , 64 )
2015-09-13 09:51:51 -04:00
u . LoginName = form . LoginName
}
2014-08-29 15:32:52 +08:00
}
2019-11-19 21:07:51 -03:00
if u . LoginType == models . LoginNoType || u . LoginType == models . LoginPlain {
if len ( form . Password ) < setting . MinPasswordLength {
ctx . Data [ "Err_Password" ] = true
ctx . RenderWithErr ( ctx . Tr ( "auth.password_too_short" , setting . MinPasswordLength ) , tplUserNew , & form )
return
}
2019-11-04 21:10:37 +02:00
if ! password . IsComplexEnough ( form . Password ) {
2019-11-19 21:07:51 -03:00
ctx . Data [ "Err_Password" ] = true
2019-11-19 19:44:58 -03:00
ctx . RenderWithErr ( password . BuildComplexityError ( ctx ) , tplUserNew , & form )
2019-11-04 21:10:37 +02:00
return
}
2021-05-31 07:18:11 +01:00
pwned , err := password . IsPwned ( ctx , form . Password )
2020-09-08 17:06:39 -05:00
if pwned {
ctx . Data [ "Err_Password" ] = true
errMsg := ctx . Tr ( "auth.password_pwned" )
if err != nil {
log . Error ( err . Error ( ) )
errMsg = ctx . Tr ( "auth.password_pwned_err" )
}
ctx . RenderWithErr ( errMsg , tplUserNew , & form )
return
}
2019-11-04 21:10:37 +02:00
u . MustChangePassword = form . MustChangePassword
2019-10-14 22:24:26 +07:00
}
2021-06-26 22:53:14 +03:00
if err := models . CreateUser ( u , & models . CreateUserOverwriteOptions { Visibility : form . Visibility } ) ; err != nil {
2015-03-26 17:11:47 -04:00
switch {
case models . IsErrUserAlreadyExist ( err ) :
2014-08-29 15:32:52 +08:00
ctx . Data [ "Err_UserName" ] = true
2016-11-21 11:21:24 +08:00
ctx . RenderWithErr ( ctx . Tr ( "form.username_been_taken" ) , tplUserNew , & form )
2015-03-26 17:11:47 -04:00
case models . IsErrEmailAlreadyUsed ( err ) :
2014-08-29 15:32:52 +08:00
ctx . Data [ "Err_Email" ] = true
2016-11-21 11:21:24 +08:00
ctx . RenderWithErr ( ctx . Tr ( "form.email_been_used" ) , tplUserNew , & form )
2020-11-15 00:53:43 +08:00
case models . IsErrEmailInvalid ( err ) :
ctx . Data [ "Err_Email" ] = true
ctx . RenderWithErr ( ctx . Tr ( "form.email_invalid" ) , tplUserNew , & form )
2015-03-26 17:11:47 -04:00
case models . IsErrNameReserved ( err ) :
2014-08-29 15:32:52 +08:00
ctx . Data [ "Err_UserName" ] = true
2016-11-21 11:21:24 +08:00
ctx . RenderWithErr ( ctx . Tr ( "user.form.name_reserved" , err . ( models . ErrNameReserved ) . Name ) , tplUserNew , & form )
2015-03-26 17:11:47 -04:00
case models . IsErrNamePatternNotAllowed ( err ) :
ctx . Data [ "Err_UserName" ] = true
2016-11-21 11:21:24 +08:00
ctx . RenderWithErr ( ctx . Tr ( "user.form.name_pattern_not_allowed" , err . ( models . ErrNamePatternNotAllowed ) . Pattern ) , tplUserNew , & form )
2020-02-23 16:52:05 -03:00
case models . IsErrNameCharsNotAllowed ( err ) :
ctx . Data [ "Err_UserName" ] = true
ctx . RenderWithErr ( ctx . Tr ( "user.form.name_chars_not_allowed" , err . ( models . ErrNameCharsNotAllowed ) . Name ) , tplUserNew , & form )
2014-08-29 15:32:52 +08:00
default :
2018-01-10 22:34:17 +01:00
ctx . ServerError ( "CreateUser" , err )
2014-08-29 15:32:52 +08:00
}
return
}
2015-12-05 17:13:13 -05:00
log . Trace ( "Account created by admin (%s): %s" , ctx . User . Name , u . Name )
2015-09-13 09:51:51 -04:00
2016-07-16 00:36:39 +08:00
// Send email notification.
2019-09-24 13:02:49 +08:00
if form . SendNotify {
2021-04-02 12:25:13 +02:00
mailer . SendRegisterNotifyMail ( u )
2015-09-25 19:45:44 -04:00
}
2015-09-13 09:51:51 -04:00
ctx . Flash . Success ( ctx . Tr ( "admin.users.new_success" , u . Name ) )
2020-12-25 09:59:32 +00:00
ctx . Redirect ( setting . AppSubURL + "/admin/users/" + fmt . Sprint ( u . ID ) )
2014-08-29 15:32:52 +08:00
}
2016-03-11 11:56:52 -05:00
func prepareUserInfo ( ctx * context . Context ) * models . User {
2015-09-13 11:07:21 -04:00
u , err := models . GetUserByID ( ctx . ParamsInt64 ( ":userid" ) )
2014-08-29 15:32:52 +08:00
if err != nil {
2018-01-10 22:34:17 +01:00
ctx . ServerError ( "GetUserByID" , err )
2015-09-13 11:07:21 -04:00
return nil
2014-08-29 15:32:52 +08:00
}
ctx . Data [ "User" ] = u
2015-09-13 09:51:51 -04:00
2015-09-13 11:07:21 -04:00
if u . LoginSource > 0 {
ctx . Data [ "LoginSource" ] , err = models . GetLoginSourceByID ( u . LoginSource )
if err != nil {
2018-01-10 22:34:17 +01:00
ctx . ServerError ( "GetLoginSourceByID" , err )
2015-09-13 11:07:21 -04:00
return nil
}
} else {
ctx . Data [ "LoginSource" ] = & models . LoginSource { }
}
2015-09-13 09:51:51 -04:00
sources , err := models . LoginSources ( )
2014-08-29 15:32:52 +08:00
if err != nil {
2018-01-10 22:34:17 +01:00
ctx . ServerError ( "LoginSources" , err )
2015-09-13 11:07:21 -04:00
return nil
2014-08-29 15:32:52 +08:00
}
2015-09-13 11:07:21 -04:00
ctx . Data [ "Sources" ] = sources
2021-01-05 13:54:48 +00:00
ctx . Data [ "TwoFactorEnabled" ] = true
_ , err = models . GetTwoFactorByUID ( u . ID )
if err != nil {
if ! models . IsErrTwoFactorNotEnrolled ( err ) {
2021-01-15 04:27:22 +08:00
ctx . ServerError ( "IsErrTwoFactorNotEnrolled" , err )
2021-01-05 13:54:48 +00:00
return nil
}
ctx . Data [ "TwoFactorEnabled" ] = false
}
2015-09-13 11:07:21 -04:00
return u
2014-08-29 15:32:52 +08:00
}
2016-11-21 11:21:24 +08:00
// EditUser show editting user page
2016-03-11 11:56:52 -05:00
func EditUser ( ctx * context . Context ) {
2014-08-29 15:32:52 +08:00
ctx . Data [ "Title" ] = ctx . Tr ( "admin.users.edit_account" )
ctx . Data [ "PageIsAdmin" ] = true
ctx . Data [ "PageIsAdminUsers" ] = true
2017-02-14 20:16:00 +08:00
ctx . Data [ "DisableRegularOrgCreation" ] = setting . Admin . DisableRegularOrgCreation
2020-12-21 15:39:41 +01:00
ctx . Data [ "DisableMigrations" ] = setting . Repository . DisableMigrations
2021-06-27 20:47:35 +02:00
ctx . Data [ "AllowedUserVisibilityModes" ] = setting . Service . AllowedUserVisibilityModesSlice . ToVisibleTypeSlice ( )
2014-08-29 15:32:52 +08:00
2015-09-13 11:07:21 -04:00
prepareUserInfo ( ctx )
if ctx . Written ( ) {
2014-08-29 15:32:52 +08:00
return
}
2021-04-05 17:30:52 +02:00
ctx . HTML ( http . StatusOK , tplUserEdit )
2015-09-13 11:07:21 -04:00
}
2016-11-21 11:21:24 +08:00
// EditUserPost response for editting user
2021-01-26 23:36:53 +08:00
func EditUserPost ( ctx * context . Context ) {
2021-04-06 20:44:05 +01:00
form := web . GetForm ( ctx ) . ( * forms . AdminEditUserForm )
2015-09-13 11:07:21 -04:00
ctx . Data [ "Title" ] = ctx . Tr ( "admin.users.edit_account" )
ctx . Data [ "PageIsAdmin" ] = true
ctx . Data [ "PageIsAdminUsers" ] = true
2020-12-21 15:39:41 +01:00
ctx . Data [ "DisableMigrations" ] = setting . Repository . DisableMigrations
2015-09-13 11:07:21 -04:00
u := prepareUserInfo ( ctx )
if ctx . Written ( ) {
2014-08-29 15:32:52 +08:00
return
}
if ctx . HasError ( ) {
2021-04-05 17:30:52 +02:00
ctx . HTML ( http . StatusOK , tplUserEdit )
2014-08-29 15:32:52 +08:00
return
}
2015-09-13 11:07:21 -04:00
fields := strings . Split ( form . LoginType , "-" )
if len ( fields ) == 2 {
2020-12-25 09:59:32 +00:00
loginType , _ := strconv . ParseInt ( fields [ 0 ] , 10 , 0 )
loginSource , _ := strconv . ParseInt ( fields [ 1 ] , 10 , 64 )
2015-09-13 11:07:21 -04:00
if u . LoginSource != loginSource {
u . LoginSource = loginSource
2020-12-25 09:59:32 +00:00
u . LoginType = models . LoginType ( loginType )
2015-09-13 11:07:21 -04:00
}
}
2020-09-29 21:27:03 +01:00
if len ( form . Password ) > 0 && ( u . IsLocal ( ) || u . IsOAuth2 ( ) ) {
2016-12-20 14:32:02 +02:00
var err error
2019-11-19 21:07:51 -03:00
if len ( form . Password ) < setting . MinPasswordLength {
ctx . Data [ "Err_Password" ] = true
ctx . RenderWithErr ( ctx . Tr ( "auth.password_too_short" , setting . MinPasswordLength ) , tplUserEdit , & form )
2016-12-20 14:32:02 +02:00
return
}
2019-10-14 22:24:26 +07:00
if ! password . IsComplexEnough ( form . Password ) {
2019-11-19 19:44:58 -03:00
ctx . RenderWithErr ( password . BuildComplexityError ( ctx ) , tplUserEdit , & form )
2019-10-14 22:24:26 +07:00
return
}
2021-05-31 07:18:11 +01:00
pwned , err := password . IsPwned ( ctx , form . Password )
2020-09-08 17:06:39 -05:00
if pwned {
ctx . Data [ "Err_Password" ] = true
errMsg := ctx . Tr ( "auth.password_pwned" )
if err != nil {
log . Error ( err . Error ( ) )
errMsg = ctx . Tr ( "auth.password_pwned_err" )
}
ctx . RenderWithErr ( errMsg , tplUserNew , & form )
return
}
2019-11-19 21:07:51 -03:00
if u . Salt , err = models . GetUserSalt ( ) ; err != nil {
ctx . ServerError ( "UpdateUser" , err )
return
}
2021-01-10 19:05:18 +01:00
if err = u . SetPassword ( form . Password ) ; err != nil {
2021-01-15 04:27:22 +08:00
ctx . ServerError ( "SetPassword" , err )
2021-01-10 19:05:18 +01:00
return
}
2014-08-29 15:32:52 +08:00
}
2021-01-10 13:14:02 +01:00
if len ( form . UserName ) != 0 && u . Name != form . UserName {
if err := router_user_setting . HandleUsernameChange ( ctx , u , form . UserName ) ; err != nil {
ctx . Redirect ( setting . AppSubURL + "/admin/users" )
return
}
u . Name = form . UserName
u . LowerName = strings . ToLower ( form . UserName )
}
2021-01-05 13:54:48 +00:00
if form . Reset2FA {
tf , err := models . GetTwoFactorByUID ( u . ID )
if err != nil && ! models . IsErrTwoFactorNotEnrolled ( err ) {
2021-01-15 04:27:22 +08:00
ctx . ServerError ( "GetTwoFactorByUID" , err )
2021-01-05 13:54:48 +00:00
return
}
if err = models . DeleteTwoFactorByID ( tf . ID , u . ID ) ; err != nil {
2021-01-15 04:27:22 +08:00
ctx . ServerError ( "DeleteTwoFactorByID" , err )
2021-01-05 13:54:48 +00:00
return
}
}
2015-09-13 11:26:25 -04:00
u . LoginName = form . LoginName
2015-04-28 11:59:05 -04:00
u . FullName = form . FullName
2014-08-29 15:32:52 +08:00
u . Email = form . Email
u . Website = form . Website
u . Location = form . Location
2015-12-10 12:37:53 -05:00
u . MaxRepoCreation = form . MaxRepoCreation
2014-08-29 15:32:52 +08:00
u . IsActive = form . Active
u . IsAdmin = form . Admin
2020-01-13 19:33:46 +02:00
u . IsRestricted = form . Restricted
2014-11-17 14:53:41 -05:00
u . AllowGitHook = form . AllowGitHook
2015-11-03 18:40:52 -05:00
u . AllowImportLocal = form . AllowImportLocal
2016-12-31 03:33:30 +01:00
u . AllowCreateOrganization = form . AllowCreateOrganization
2020-04-06 22:23:15 +08:00
2021-06-26 22:53:14 +03:00
u . Visibility = form . Visibility
2020-04-06 22:23:15 +08:00
// skip self Prohibit Login
if ctx . User . ID == u . ID {
u . ProhibitLogin = false
} else {
u . ProhibitLogin = form . ProhibitLogin
}
2014-11-30 18:29:16 -05:00
2014-08-29 15:32:52 +08:00
if err := models . UpdateUser ( u ) ; err != nil {
2015-03-26 17:11:47 -04:00
if models . IsErrEmailAlreadyUsed ( err ) {
2014-11-30 18:29:16 -05:00
ctx . Data [ "Err_Email" ] = true
2016-11-21 11:21:24 +08:00
ctx . RenderWithErr ( ctx . Tr ( "form.email_been_used" ) , tplUserEdit , & form )
2020-11-15 00:53:43 +08:00
} else if models . IsErrEmailInvalid ( err ) {
ctx . Data [ "Err_Email" ] = true
ctx . RenderWithErr ( ctx . Tr ( "form.email_invalid" ) , tplUserEdit , & form )
2014-11-30 18:29:16 -05:00
} else {
2018-01-10 22:34:17 +01:00
ctx . ServerError ( "UpdateUser" , err )
2014-11-30 18:29:16 -05:00
}
2014-08-29 15:32:52 +08:00
return
}
2015-12-05 17:13:13 -05:00
log . Trace ( "Account profile updated by admin (%s): %s" , ctx . User . Name , u . Name )
2015-09-13 11:07:21 -04:00
2014-08-29 15:32:52 +08:00
ctx . Flash . Success ( ctx . Tr ( "admin.users.update_profile_success" ) )
2016-11-27 18:14:25 +08:00
ctx . Redirect ( setting . AppSubURL + "/admin/users/" + ctx . Params ( ":userid" ) )
2014-08-29 15:32:52 +08:00
}
2016-11-21 11:21:24 +08:00
// DeleteUser response for deleting a user
2016-03-11 11:56:52 -05:00
func DeleteUser ( ctx * context . Context ) {
2015-09-13 13:26:20 -04:00
u , err := models . GetUserByID ( ctx . ParamsInt64 ( ":userid" ) )
2014-08-29 15:32:52 +08:00
if err != nil {
2018-01-10 22:34:17 +01:00
ctx . ServerError ( "GetUserByID" , err )
2014-08-29 15:32:52 +08:00
return
}
if err = models . DeleteUser ( u ) ; err != nil {
2015-03-17 21:51:39 -04:00
switch {
case models . IsErrUserOwnRepos ( err ) :
2014-08-29 15:32:52 +08:00
ctx . Flash . Error ( ctx . Tr ( "admin.users.still_own_repo" ) )
2021-04-05 17:30:52 +02:00
ctx . JSON ( http . StatusOK , map [ string ] interface { } {
2016-11-27 18:14:25 +08:00
"redirect" : setting . AppSubURL + "/admin/users/" + ctx . Params ( ":userid" ) ,
2015-09-13 13:26:20 -04:00
} )
2015-03-17 21:51:39 -04:00
case models . IsErrUserHasOrgs ( err ) :
2014-11-13 05:27:01 -05:00
ctx . Flash . Error ( ctx . Tr ( "admin.users.still_has_org" ) )
2021-04-05 17:30:52 +02:00
ctx . JSON ( http . StatusOK , map [ string ] interface { } {
2016-11-27 18:14:25 +08:00
"redirect" : setting . AppSubURL + "/admin/users/" + ctx . Params ( ":userid" ) ,
2015-09-13 13:26:20 -04:00
} )
2014-08-29 15:32:52 +08:00
default :
2018-01-10 22:34:17 +01:00
ctx . ServerError ( "DeleteUser" , err )
2014-08-29 15:32:52 +08:00
}
return
}
2015-12-05 17:13:13 -05:00
log . Trace ( "Account deleted by admin (%s): %s" , ctx . User . Name , u . Name )
2015-09-13 13:26:20 -04:00
ctx . Flash . Success ( ctx . Tr ( "admin.users.deletion_success" ) )
2021-04-05 17:30:52 +02:00
ctx . JSON ( http . StatusOK , map [ string ] interface { } {
2016-11-27 18:14:25 +08:00
"redirect" : setting . AppSubURL + "/admin/users" ,
2015-09-13 13:26:20 -04:00
} )
2014-08-29 15:32:52 +08:00
}