gitea/routers/user/setting_openid.go

// Copyright 2017 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package user

import (
	"code.gitea.io/gitea/models"
	"code.gitea.io/gitea/modules/auth"
	"code.gitea.io/gitea/modules/auth/openid"
	"code.gitea.io/gitea/modules/base"
	"code.gitea.io/gitea/modules/context"
	"code.gitea.io/gitea/modules/log"
	"code.gitea.io/gitea/modules/setting"
)

const (
	tplSettingsOpenID base.TplName = "user/settings/openid"
)

// SettingsOpenID renders change user's openid page
func SettingsOpenID(ctx *context.Context) {
	ctx.Data["Title"] = ctx.Tr("settings")
	ctx.Data["PageIsSettingsOpenID"] = true

	if ctx.Query("openid.return_to") != "" {
		settingsOpenIDVerify(ctx)
		return
	}

	openid, err := models.GetUserOpenIDs(ctx.User.ID)
	if err != nil {
		ctx.Handle(500, "GetUserOpenIDs", err)
		return
	}
	ctx.Data["OpenIDs"] = openid

	ctx.HTML(200, tplSettingsOpenID)
}

// SettingsOpenIDPost response for change user's openid
func SettingsOpenIDPost(ctx *context.Context, form auth.AddOpenIDForm) {
	ctx.Data["Title"] = ctx.Tr("settings")
	ctx.Data["PageIsSettingsOpenID"] = true

	if ctx.HasError() {
		openid, err := models.GetUserOpenIDs(ctx.User.ID)
		if err != nil {
			ctx.Handle(500, "GetUserOpenIDs", err)
			return
		}
		ctx.Data["OpenIDs"] = openid
		ctx.HTML(200, tplSettingsOpenID)
		return
	}

	// WARNING: specifying a wrong OpenID here could lock
	// a user out of her account, would be better to
	// verify/confirm the new OpenID before storing it

	// Also, consider allowing for multiple OpenID URIs

	id, err := openid.Normalize(form.Openid)
	if err != nil {
		ctx.RenderWithErr(err.Error(), tplSettingsOpenID, &form)
		return
	}
	form.Openid = id
	log.Trace("Normalized id: " + id)

	oids, err := models.GetUserOpenIDs(ctx.User.ID)
	if err != nil {
		ctx.Handle(500, "GetUserOpenIDs", err)
		return
	}
	ctx.Data["OpenIDs"] = oids

	// Check that the OpenID is not already used
	for _, obj := range oids {
		if obj.URI == id {
			ctx.RenderWithErr(ctx.Tr("form.openid_been_used", id), tplSettingsOpenID, &form)
			return
		}
	}

	redirectTo := setting.AppURL + "user/settings/openid"
	url, err := openid.RedirectURL(id, redirectTo, setting.AppURL)
	if err != nil {
		ctx.RenderWithErr(err.Error(), tplSettingsOpenID, &form)
		return
	}
	ctx.Redirect(url)
}

func settingsOpenIDVerify(ctx *context.Context) {
	log.Trace("Incoming call to: " + ctx.Req.Request.URL.String())

	fullURL := setting.AppURL + ctx.Req.Request.URL.String()[1:]
	log.Trace("Full URL: " + fullURL)

	oids, err := models.GetUserOpenIDs(ctx.User.ID)
	if err != nil {
		ctx.Handle(500, "GetUserOpenIDs", err)
		return
	}
	ctx.Data["OpenIDs"] = oids

	id, err := openid.Verify(fullURL)
	if err != nil {
		ctx.RenderWithErr(err.Error(), tplSettingsOpenID, &auth.AddOpenIDForm{
			Openid: id,
		})
		return
	}

	log.Trace("Verified ID: " + id)

	oid := &models.UserOpenID{UID: ctx.User.ID, URI: id}
	if err = models.AddUserOpenID(oid); err != nil {
		if models.IsErrOpenIDAlreadyUsed(err) {
			ctx.RenderWithErr(ctx.Tr("form.openid_been_used", id), tplSettingsOpenID, &auth.AddOpenIDForm{Openid: id})
			return
		}
		ctx.Handle(500, "AddUserOpenID", err)
		return
	}
	log.Trace("Associated OpenID %s to user %s", id, ctx.User.Name)
	ctx.Flash.Success(ctx.Tr("settings.add_openid_success"))

	ctx.Redirect(setting.AppSubURL + "/user/settings/openid")
}

// DeleteOpenID response for delete user's openid
func DeleteOpenID(ctx *context.Context) {
	if err := models.DeleteUserOpenID(&models.UserOpenID{ID: ctx.QueryInt64("id"), UID: ctx.User.ID}); err != nil {
		ctx.Handle(500, "DeleteUserOpenID", err)
		return
	}
	log.Trace("OpenID address deleted: %s", ctx.User.Name)

	ctx.Flash.Success(ctx.Tr("settings.openid_deletion_success"))
	ctx.JSON(200, map[string]interface{}{
		"redirect": setting.AppSubURL + "/user/settings/openid",
	})
}

// ToggleOpenIDVisibility response for toggle visibility of user's openid
func ToggleOpenIDVisibility(ctx *context.Context) {
	if err := models.ToggleUserOpenIDVisibility(ctx.QueryInt64("id")); err != nil {
		ctx.Handle(500, "ToggleUserOpenIDVisibility", err)
		return
	}

	ctx.Redirect(setting.AppSubURL + "/user/settings/openid")
}
Login via OpenID-2.0 (#618) 2017-03-17 17:16:08 +03:00			`// Copyright 2017 The Gitea Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package user`

			`import (`
			`"code.gitea.io/gitea/models"`
			`"code.gitea.io/gitea/modules/auth"`
			`"code.gitea.io/gitea/modules/auth/openid"`
			`"code.gitea.io/gitea/modules/base"`
			`"code.gitea.io/gitea/modules/context"`
			`"code.gitea.io/gitea/modules/log"`
			`"code.gitea.io/gitea/modules/setting"`
			`)`

			`const (`
Run "make fmt" with go-1.6 (#1333) 2017-03-21 03:55:00 +03:00			`tplSettingsOpenID base.TplName = "user/settings/openid"`
Login via OpenID-2.0 (#618) 2017-03-17 17:16:08 +03:00			`)`

			`// SettingsOpenID renders change user's openid page`
			`func SettingsOpenID(ctx *context.Context) {`
			`ctx.Data["Title"] = ctx.Tr("settings")`
			`ctx.Data["PageIsSettingsOpenID"] = true`

			`if ctx.Query("openid.return_to") != "" {`
			`settingsOpenIDVerify(ctx)`
			`return`
			`}`

			`openid, err := models.GetUserOpenIDs(ctx.User.ID)`
			`if err != nil {`
			`ctx.Handle(500, "GetUserOpenIDs", err)`
			`return`
			`}`
			`ctx.Data["OpenIDs"] = openid`

			`ctx.HTML(200, tplSettingsOpenID)`
			`}`

			`// SettingsOpenIDPost response for change user's openid`
			`func SettingsOpenIDPost(ctx *context.Context, form auth.AddOpenIDForm) {`
			`ctx.Data["Title"] = ctx.Tr("settings")`
			`ctx.Data["PageIsSettingsOpenID"] = true`

			`if ctx.HasError() {`
Show user OpenID URIs in their profile (#1314) 2017-03-20 11:31:08 +03:00			`openid, err := models.GetUserOpenIDs(ctx.User.ID)`
			`if err != nil {`
			`ctx.Handle(500, "GetUserOpenIDs", err)`
			`return`
			`}`
			`ctx.Data["OpenIDs"] = openid`
Login via OpenID-2.0 (#618) 2017-03-17 17:16:08 +03:00			`ctx.HTML(200, tplSettingsOpenID)`
			`return`
			`}`

			`// WARNING: specifying a wrong OpenID here could lock`
			`// a user out of her account, would be better to`
			`// verify/confirm the new OpenID before storing it`

			`// Also, consider allowing for multiple OpenID URIs`

			`id, err := openid.Normalize(form.Openid)`
			`if err != nil {`
			`ctx.RenderWithErr(err.Error(), tplSettingsOpenID, &form)`
Run "make fmt" with go-1.6 (#1333) 2017-03-21 03:55:00 +03:00			`return`
Login via OpenID-2.0 (#618) 2017-03-17 17:16:08 +03:00			`}`
			`form.Openid = id`
Run "make fmt" with go-1.6 (#1333) 2017-03-21 03:55:00 +03:00			`log.Trace("Normalized id: " + id)`
Login via OpenID-2.0 (#618) 2017-03-17 17:16:08 +03:00
			`oids, err := models.GetUserOpenIDs(ctx.User.ID)`
			`if err != nil {`
			`ctx.Handle(500, "GetUserOpenIDs", err)`
			`return`
			`}`
			`ctx.Data["OpenIDs"] = oids`

			`// Check that the OpenID is not already used`
			`for _, obj := range oids {`
			`if obj.URI == id {`
			`ctx.RenderWithErr(ctx.Tr("form.openid_been_used", id), tplSettingsOpenID, &form)`
			`return`
			`}`
			`}`

			`redirectTo := setting.AppURL + "user/settings/openid"`
			`url, err := openid.RedirectURL(id, redirectTo, setting.AppURL)`
Run "make fmt" with go-1.6 (#1333) 2017-03-21 03:55:00 +03:00			`if err != nil {`
Login via OpenID-2.0 (#618) 2017-03-17 17:16:08 +03:00			`ctx.RenderWithErr(err.Error(), tplSettingsOpenID, &form)`
Run "make fmt" with go-1.6 (#1333) 2017-03-21 03:55:00 +03:00			`return`
			`}`
Login via OpenID-2.0 (#618) 2017-03-17 17:16:08 +03:00			`ctx.Redirect(url)`
			`}`

			`func settingsOpenIDVerify(ctx *context.Context) {`
Run "make fmt" with go-1.6 (#1333) 2017-03-21 03:55:00 +03:00			`log.Trace("Incoming call to: " + ctx.Req.Request.URL.String())`
Login via OpenID-2.0 (#618) 2017-03-17 17:16:08 +03:00
Run "make fmt" with go-1.6 (#1333) 2017-03-21 03:55:00 +03:00			`fullURL := setting.AppURL + ctx.Req.Request.URL.String()[1:]`
			`log.Trace("Full URL: " + fullURL)`
Login via OpenID-2.0 (#618) 2017-03-17 17:16:08 +03:00
			`oids, err := models.GetUserOpenIDs(ctx.User.ID)`
			`if err != nil {`
			`ctx.Handle(500, "GetUserOpenIDs", err)`
			`return`
			`}`
			`ctx.Data["OpenIDs"] = oids`

			`id, err := openid.Verify(fullURL)`
			`if err != nil {`
			`ctx.RenderWithErr(err.Error(), tplSettingsOpenID, &auth.AddOpenIDForm{`
			`Openid: id,`
			`})`
			`return`
			`}`

			`log.Trace("Verified ID: " + id)`

Run "make fmt" with go-1.6 (#1333) 2017-03-21 03:55:00 +03:00			`oid := &models.UserOpenID{UID: ctx.User.ID, URI: id}`
Login via OpenID-2.0 (#618) 2017-03-17 17:16:08 +03:00			`if err = models.AddUserOpenID(oid); err != nil {`
			`if models.IsErrOpenIDAlreadyUsed(err) {`
Run "make fmt" with go-1.6 (#1333) 2017-03-21 03:55:00 +03:00			`ctx.RenderWithErr(ctx.Tr("form.openid_been_used", id), tplSettingsOpenID, &auth.AddOpenIDForm{Openid: id})`
Login via OpenID-2.0 (#618) 2017-03-17 17:16:08 +03:00			`return`
			`}`
			`ctx.Handle(500, "AddUserOpenID", err)`
			`return`
			`}`
			`log.Trace("Associated OpenID %s to user %s", id, ctx.User.Name)`
			`ctx.Flash.Success(ctx.Tr("settings.add_openid_success"))`

			`ctx.Redirect(setting.AppSubURL + "/user/settings/openid")`
			`}`

			`// DeleteOpenID response for delete user's openid`
			`func DeleteOpenID(ctx *context.Context) {`
			`if err := models.DeleteUserOpenID(&models.UserOpenID{ID: ctx.QueryInt64("id"), UID: ctx.User.ID}); err != nil {`
			`ctx.Handle(500, "DeleteUserOpenID", err)`
			`return`
			`}`
			`log.Trace("OpenID address deleted: %s", ctx.User.Name)`

			`ctx.Flash.Success(ctx.Tr("settings.openid_deletion_success"))`
			`ctx.JSON(200, map[string]interface{}{`
			`"redirect": setting.AppSubURL + "/user/settings/openid",`
			`})`
			`}`

Show user OpenID URIs in their profile (#1314) 2017-03-20 11:31:08 +03:00			`// ToggleOpenIDVisibility response for toggle visibility of user's openid`
			`func ToggleOpenIDVisibility(ctx *context.Context) {`
			`if err := models.ToggleUserOpenIDVisibility(ctx.QueryInt64("id")); err != nil {`
			`ctx.Handle(500, "ToggleUserOpenIDVisibility", err)`
			`return`
			`}`

			`ctx.Redirect(setting.AppSubURL + "/user/settings/openid")`
			`}`