2014-02-18 03:38:50 +04:00
// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package user
import (
2014-03-23 01:59:22 +04:00
"net/url"
2014-03-19 12:48:45 +04:00
"strings"
2014-02-18 03:38:50 +04:00
"github.com/gogits/gogs/models"
2014-03-06 11:21:44 +04:00
"github.com/gogits/gogs/modules/auth"
"github.com/gogits/gogs/modules/base"
2014-03-19 12:48:45 +04:00
"github.com/gogits/gogs/modules/log"
2014-03-19 18:46:48 +04:00
"github.com/gogits/gogs/modules/mailer"
2014-03-15 15:01:50 +04:00
"github.com/gogits/gogs/modules/middleware"
2014-05-26 04:11:25 +04:00
"github.com/gogits/gogs/modules/setting"
2014-02-18 03:38:50 +04:00
)
2014-06-23 07:11:12 +04:00
const (
SIGNIN base . TplName = "user/signin"
SIGNUP base . TplName = "user/signup"
DELETE base . TplName = "user/delete"
ACTIVATE base . TplName = "user/activate"
FORGOT_PASSWORD base . TplName = "user/forgot_passwd"
RESET_PASSWORD base . TplName = "user/reset_passwd"
)
2014-04-11 00:36:50 +04:00
func SignIn ( ctx * middleware . Context ) {
2014-03-15 17:17:16 +04:00
ctx . Data [ "Title" ] = "Log In"
2014-03-06 20:42:14 +04:00
2014-04-14 02:12:07 +04:00
if _ , ok := ctx . Session . Get ( "socialId" ) . ( int64 ) ; ok {
ctx . Data [ "IsSocialLogin" ] = true
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , SIGNIN )
2014-04-14 02:12:07 +04:00
return
}
2014-06-01 01:15:04 +04:00
if setting . OauthService != nil {
ctx . Data [ "OauthEnabled" ] = true
ctx . Data [ "OauthService" ] = setting . OauthService
}
2014-04-11 00:36:50 +04:00
// Check auto-login.
2014-06-06 06:07:35 +04:00
uname := ctx . GetCookie ( setting . CookieUserName )
if len ( uname ) == 0 {
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , SIGNIN )
2014-04-11 00:36:50 +04:00
return
}
2014-03-23 00:40:09 +04:00
2014-04-11 00:36:50 +04:00
isSucceed := false
defer func ( ) {
if ! isSucceed {
2014-06-06 06:07:35 +04:00
log . Trace ( "user.SignIn(auto-login cookie cleared): %s" , uname )
2014-05-26 04:11:25 +04:00
ctx . SetCookie ( setting . CookieUserName , "" , - 1 )
ctx . SetCookie ( setting . CookieRememberName , "" , - 1 )
2014-04-11 21:01:30 +04:00
return
2014-03-23 00:40:09 +04:00
}
2014-04-11 00:36:50 +04:00
} ( )
2014-03-23 00:40:09 +04:00
2014-06-06 06:07:35 +04:00
user , err := models . GetUserByName ( uname )
2014-04-11 00:36:50 +04:00
if err != nil {
2014-05-06 00:21:43 +04:00
ctx . Handle ( 500 , "user.SignIn(GetUserByName)" , err )
2014-04-11 00:36:50 +04:00
return
}
2014-03-23 00:40:09 +04:00
2014-04-11 00:36:50 +04:00
secret := base . EncodeMd5 ( user . Rands + user . Passwd )
2014-05-26 04:11:25 +04:00
value , _ := ctx . GetSecureCookie ( secret , setting . CookieRememberName )
2014-04-11 00:36:50 +04:00
if value != user . Name {
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , SIGNIN )
2014-03-06 20:42:14 +04:00
return
}
2014-04-11 00:36:50 +04:00
isSucceed = true
2014-04-11 21:01:30 +04:00
2014-04-11 00:36:50 +04:00
ctx . Session . Set ( "userId" , user . Id )
ctx . Session . Set ( "userName" , user . Name )
if redirectTo , _ := url . QueryUnescape ( ctx . GetCookie ( "redirect_to" ) ) ; len ( redirectTo ) > 0 {
ctx . SetCookie ( "redirect_to" , "" , - 1 )
ctx . Redirect ( redirectTo )
return
}
ctx . Redirect ( "/" )
}
func SignInPost ( ctx * middleware . Context , form auth . LogInForm ) {
ctx . Data [ "Title" ] = "Log In"
2014-04-14 02:12:07 +04:00
sid , isOauth := ctx . Session . Get ( "socialId" ) . ( int64 )
if isOauth {
ctx . Data [ "IsSocialLogin" ] = true
2014-05-26 04:11:25 +04:00
} else if setting . OauthService != nil {
2014-04-11 00:36:50 +04:00
ctx . Data [ "OauthEnabled" ] = true
2014-05-26 04:11:25 +04:00
ctx . Data [ "OauthService" ] = setting . OauthService
2014-04-11 00:36:50 +04:00
}
2014-03-30 01:50:51 +04:00
if ctx . HasError ( ) {
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , SIGNIN )
2014-03-06 20:42:14 +04:00
return
}
2014-06-06 06:07:35 +04:00
user , err := models . UserSignIn ( form . UserName , form . Password )
2014-03-06 20:42:14 +04:00
if err != nil {
2014-03-22 16:49:53 +04:00
if err == models . ErrUserNotExist {
2014-05-19 11:16:56 +04:00
log . Trace ( "%s Log in failed: %s" , ctx . Req . RequestURI , form . UserName )
2014-06-23 07:11:12 +04:00
ctx . RenderWithErr ( "Username or password is not correct" , SIGNIN , & form )
2014-03-03 16:35:44 +04:00
return
}
2014-03-06 20:42:14 +04:00
2014-06-06 06:07:35 +04:00
ctx . Handle ( 500 , "user.SignInPost(UserSignIn)" , err )
2014-03-06 20:42:14 +04:00
return
2014-03-02 11:31:06 +04:00
}
2014-03-06 20:42:14 +04:00
2014-05-06 00:21:43 +04:00
if form . Remember {
2014-03-23 00:40:09 +04:00
secret := base . EncodeMd5 ( user . Rands + user . Passwd )
2014-05-26 04:11:25 +04:00
days := 86400 * setting . LogInRememberDays
ctx . SetCookie ( setting . CookieUserName , user . Name , days )
ctx . SetSecureCookie ( secret , setting . CookieRememberName , user . Name , days )
2014-03-23 00:40:09 +04:00
}
2014-04-14 02:12:07 +04:00
// Bind with social account.
if isOauth {
2014-04-11 21:01:30 +04:00
if err = models . BindUserOauth2 ( user . Id , sid ) ; err != nil {
2014-04-14 02:12:07 +04:00
if err == models . ErrOauth2RecordNotExist {
ctx . Handle ( 404 , "user.SignInPost(GetOauth2ById)" , err )
} else {
ctx . Handle ( 500 , "user.SignInPost(GetOauth2ById)" , err )
}
return
2014-04-11 21:01:30 +04:00
}
ctx . Session . Delete ( "socialId" )
2014-04-14 02:12:07 +04:00
log . Trace ( "%s OAuth binded: %s -> %d" , ctx . Req . RequestURI , form . UserName , sid )
2014-04-11 21:01:30 +04:00
}
2014-04-14 02:12:07 +04:00
2014-03-15 18:34:33 +04:00
ctx . Session . Set ( "userId" , user . Id )
ctx . Session . Set ( "userName" , user . Name )
2014-04-11 00:36:50 +04:00
if redirectTo , _ := url . QueryUnescape ( ctx . GetCookie ( "redirect_to" ) ) ; len ( redirectTo ) > 0 {
2014-03-23 01:59:22 +04:00
ctx . SetCookie ( "redirect_to" , "" , - 1 )
ctx . Redirect ( redirectTo )
2014-04-11 00:36:50 +04:00
return
2014-03-23 01:59:22 +04:00
}
2014-04-11 00:36:50 +04:00
ctx . Redirect ( "/" )
2014-02-18 03:38:50 +04:00
}
2014-03-19 17:57:55 +04:00
func SignOut ( ctx * middleware . Context ) {
ctx . Session . Delete ( "userId" )
ctx . Session . Delete ( "userName" )
2014-04-11 21:01:30 +04:00
ctx . Session . Delete ( "socialId" )
2014-04-12 05:42:09 +04:00
ctx . Session . Delete ( "socialName" )
ctx . Session . Delete ( "socialEmail" )
2014-05-26 04:11:25 +04:00
ctx . SetCookie ( setting . CookieUserName , "" , - 1 )
ctx . SetCookie ( setting . CookieRememberName , "" , - 1 )
2014-03-19 17:57:55 +04:00
ctx . Redirect ( "/" )
2014-03-06 22:18:19 +04:00
}
2014-04-11 00:36:50 +04:00
func SignUp ( ctx * middleware . Context ) {
2014-03-15 18:34:33 +04:00
ctx . Data [ "Title" ] = "Sign Up"
ctx . Data [ "PageIsSignUp" ] = true
2014-03-06 11:21:44 +04:00
2014-05-26 04:11:25 +04:00
if setting . Service . DisableRegistration {
2014-04-22 02:03:04 +04:00
ctx . Data [ "DisableRegistration" ] = true
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , SIGNUP )
2014-03-21 09:09:22 +04:00
return
}
2014-04-14 02:12:07 +04:00
if sid , ok := ctx . Session . Get ( "socialId" ) . ( int64 ) ; ok {
oauthSignUp ( ctx , sid )
return
}
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , SIGNUP )
2014-04-14 02:12:07 +04:00
}
func oauthSignUp ( ctx * middleware . Context , sid int64 ) {
ctx . Data [ "Title" ] = "OAuth Sign Up"
ctx . Data [ "PageIsSignUp" ] = true
if _ , err := models . GetOauth2ById ( sid ) ; err != nil {
if err == models . ErrOauth2RecordNotExist {
ctx . Handle ( 404 , "user.oauthSignUp(GetOauth2ById)" , err )
} else {
ctx . Handle ( 500 , "user.oauthSignUp(GetOauth2ById)" , err )
}
return
}
ctx . Data [ "IsSocialLogin" ] = true
ctx . Data [ "username" ] = strings . Replace ( ctx . Session . Get ( "socialName" ) . ( string ) , " " , "" , - 1 )
ctx . Data [ "email" ] = ctx . Session . Get ( "socialEmail" )
log . Trace ( "user.oauthSignUp(social ID): %v" , ctx . Session . Get ( "socialId" ) )
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , SIGNUP )
2014-04-11 00:36:50 +04:00
}
func SignUpPost ( ctx * middleware . Context , form auth . RegisterForm ) {
ctx . Data [ "Title" ] = "Sign Up"
ctx . Data [ "PageIsSignUp" ] = true
2014-05-26 04:11:25 +04:00
if setting . Service . DisableRegistration {
2014-04-11 00:36:50 +04:00
ctx . Handle ( 403 , "user.SignUpPost" , nil )
2014-02-18 03:38:50 +04:00
return
}
2014-04-14 02:12:07 +04:00
sid , isOauth := ctx . Session . Get ( "socialId" ) . ( int64 )
if isOauth {
ctx . Data [ "IsSocialLogin" ] = true
}
2014-05-06 00:21:43 +04:00
if ctx . HasError ( ) {
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , SIGNUP )
2014-05-06 00:21:43 +04:00
return
}
2014-03-06 20:10:35 +04:00
if form . Password != form . RetypePasswd {
2014-03-15 18:34:33 +04:00
ctx . Data [ "Err_Password" ] = true
ctx . Data [ "Err_RetypePasswd" ] = true
2014-06-23 07:11:12 +04:00
ctx . RenderWithErr ( "Password and re-type password are not same." , SIGNUP , & form )
2014-03-06 11:21:44 +04:00
return
2014-02-19 02:31:16 +04:00
}
2014-03-04 04:03:08 +04:00
2014-03-06 11:21:44 +04:00
u := & models . User {
2014-03-19 15:21:23 +04:00
Name : form . UserName ,
Email : form . Email ,
Passwd : form . Password ,
2014-05-26 04:11:25 +04:00
IsActive : ! setting . Service . RegisterEmailConfirm || isOauth ,
2014-02-19 02:31:16 +04:00
}
2014-03-06 11:21:44 +04:00
2014-03-19 16:27:27 +04:00
var err error
2014-06-25 08:44:48 +04:00
if u , err = models . CreateUser ( u ) ; err != nil {
2014-03-20 19:41:24 +04:00
switch err {
case models . ErrUserAlreadyExist :
2014-06-06 06:07:35 +04:00
ctx . Data [ "Err_UserName" ] = true
2014-06-23 07:11:12 +04:00
ctx . RenderWithErr ( "Username has been already taken" , SIGNUP , & form )
2014-03-20 19:41:24 +04:00
case models . ErrEmailAlreadyUsed :
2014-06-06 06:07:35 +04:00
ctx . Data [ "Err_Email" ] = true
2014-06-23 07:11:12 +04:00
ctx . RenderWithErr ( "E-mail address has been already used" , SIGNUP , & form )
2014-03-20 19:41:24 +04:00
case models . ErrUserNameIllegal :
2014-06-25 08:44:48 +04:00
ctx . Data [ "Err_UserName" ] = true
2014-06-23 07:11:12 +04:00
ctx . RenderWithErr ( models . ErrRepoNameIllegal . Error ( ) , SIGNUP , & form )
2014-03-06 20:10:35 +04:00
default :
2014-06-25 08:44:48 +04:00
ctx . Handle ( 500 , "user.SignUpPost(CreateUser)" , err )
2014-03-06 11:21:44 +04:00
}
2014-02-19 02:31:16 +04:00
return
}
2014-06-25 08:44:48 +04:00
log . Trace ( "%s User created: %s" , ctx . Req . RequestURI , u . Name )
2014-04-14 02:12:07 +04:00
// Bind social account.
if isOauth {
if err = models . BindUserOauth2 ( u . Id , sid ) ; err != nil {
ctx . Handle ( 500 , "user.SignUp(BindUserOauth2)" , err )
return
}
2014-04-11 21:01:30 +04:00
ctx . Session . Delete ( "socialId" )
2014-04-14 02:12:07 +04:00
log . Trace ( "%s OAuth binded: %s -> %d" , ctx . Req . RequestURI , form . UserName , sid )
2014-04-11 21:01:30 +04:00
}
2014-03-19 16:27:27 +04:00
2014-04-14 02:12:07 +04:00
// Send confirmation e-mail, no need for social account.
2014-05-26 04:11:25 +04:00
if ! isOauth && setting . Service . RegisterEmailConfirm && u . Id > 1 {
2014-03-19 18:46:48 +04:00
mailer . SendRegisterMail ( ctx . Render , u )
ctx . Data [ "IsSendRegisterMail" ] = true
ctx . Data [ "Email" ] = u . Email
2014-05-26 04:11:25 +04:00
ctx . Data [ "Hours" ] = setting . Service . ActiveCodeLives / 60
2014-04-19 05:17:43 +04:00
ctx . HTML ( 200 , "user/activate" )
2014-03-21 18:09:57 +04:00
if err = ctx . Cache . Put ( "MailResendLimit_" + u . LowerName , u . LowerName , 180 ) ; err != nil {
log . Error ( "Set cache(MailResendLimit) fail: %v" , err )
}
2014-03-19 18:46:48 +04:00
return
2014-03-19 16:27:27 +04:00
}
2014-06-06 06:07:35 +04:00
2014-03-19 17:57:55 +04:00
ctx . Redirect ( "/user/login" )
2014-02-18 03:38:50 +04:00
}
2014-02-19 22:13:02 +04:00
2014-03-15 18:34:33 +04:00
func Delete ( ctx * middleware . Context ) {
ctx . Data [ "Title" ] = "Delete Account"
2014-03-19 02:31:54 +04:00
ctx . Data [ "PageIsUserSetting" ] = true
ctx . Data [ "IsUserPageSettingDelete" ] = true
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , DELETE )
2014-04-11 00:36:50 +04:00
}
2014-03-08 02:08:21 +04:00
2014-04-11 00:36:50 +04:00
func DeletePost ( ctx * middleware . Context ) {
ctx . Data [ "Title" ] = "Delete Account"
ctx . Data [ "PageIsUserSetting" ] = true
ctx . Data [ "IsUserPageSettingDelete" ] = true
2014-02-20 06:45:43 +04:00
2014-04-11 00:36:50 +04:00
tmpUser := models . User {
Passwd : ctx . Query ( "password" ) ,
Salt : ctx . User . Salt ,
}
2014-03-16 18:35:25 +04:00
tmpUser . EncodePasswd ( )
2014-04-11 00:36:50 +04:00
if tmpUser . Passwd != ctx . User . Passwd {
ctx . Flash . Error ( "Password is not correct. Make sure you are owner of this account." )
2014-03-16 17:07:50 +04:00
} else {
if err := models . DeleteUser ( ctx . User ) ; err != nil {
switch err {
case models . ErrUserOwnRepos :
2014-04-11 00:36:50 +04:00
ctx . Flash . Error ( "Your account still have ownership of repository, you have to delete or transfer them first." )
2014-03-16 17:07:50 +04:00
default :
2014-06-28 08:40:07 +04:00
ctx . Handle ( 500 , "user.DeletePost(DeleteUser)" , err )
2014-03-16 17:07:50 +04:00
return
}
} else {
2014-03-19 17:57:55 +04:00
ctx . Redirect ( "/" )
2014-03-11 19:40:47 +04:00
return
}
}
2014-04-11 00:36:50 +04:00
ctx . Redirect ( "/user/delete" )
2014-02-19 22:13:02 +04:00
}
2014-03-13 09:14:43 +04:00
2014-03-19 17:24:02 +04:00
func Activate ( ctx * middleware . Context ) {
code := ctx . Query ( "code" )
if len ( code ) == 0 {
ctx . Data [ "IsActivatePage" ] = true
2014-03-20 11:24:17 +04:00
if ctx . User . IsActive {
2014-03-23 09:12:55 +04:00
ctx . Handle ( 404 , "user.Activate" , nil )
2014-03-20 11:24:17 +04:00
return
}
2014-03-19 17:24:02 +04:00
// Resend confirmation e-mail.
2014-05-26 04:11:25 +04:00
if setting . Service . RegisterEmailConfirm {
2014-03-21 18:09:57 +04:00
if ctx . Cache . IsExist ( "MailResendLimit_" + ctx . User . LowerName ) {
ctx . Data [ "ResendLimited" ] = true
} else {
2014-05-26 04:11:25 +04:00
ctx . Data [ "Hours" ] = setting . Service . ActiveCodeLives / 60
2014-03-21 18:09:57 +04:00
mailer . SendActiveMail ( ctx . Render , ctx . User )
2014-04-10 05:42:25 +04:00
if err := ctx . Cache . Put ( "MailResendLimit_" + ctx . User . LowerName , ctx . User . LowerName , 180 ) ; err != nil {
log . Error ( "Set cache(MailResendLimit) fail: %v" , err )
}
2014-03-21 18:09:57 +04:00
}
2014-03-19 17:24:02 +04:00
} else {
ctx . Data [ "ServiceNotEnabled" ] = true
}
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , ACTIVATE )
2014-03-19 17:24:02 +04:00
return
}
2014-03-19 20:50:44 +04:00
// Verify code.
if user := models . VerifyUserActiveCode ( code ) ; user != nil {
user . IsActive = true
user . Rands = models . GetUserSalt ( )
2014-04-05 20:32:34 +04:00
if err := models . UpdateUser ( user ) ; err != nil {
ctx . Handle ( 404 , "user.Activate" , err )
return
}
2014-03-20 05:05:48 +04:00
2014-04-05 20:32:34 +04:00
log . Trace ( "%s User activated: %s" , ctx . Req . RequestURI , user . Name )
2014-03-20 05:05:48 +04:00
2014-03-19 20:50:44 +04:00
ctx . Session . Set ( "userId" , user . Id )
ctx . Session . Set ( "userName" , user . Name )
2014-03-23 01:59:22 +04:00
ctx . Redirect ( "/" )
2014-03-19 20:50:44 +04:00
return
}
ctx . Data [ "IsActivateFailed" ] = true
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , ACTIVATE )
2014-03-19 17:24:02 +04:00
}
2014-04-05 20:32:34 +04:00
func ForgotPasswd ( ctx * middleware . Context ) {
ctx . Data [ "Title" ] = "Forgot Password"
2014-05-26 04:11:25 +04:00
if setting . MailService == nil {
2014-04-05 20:32:34 +04:00
ctx . Data [ "IsResetDisable" ] = true
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , FORGOT_PASSWORD )
2014-04-05 20:32:34 +04:00
return
}
ctx . Data [ "IsResetRequest" ] = true
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , FORGOT_PASSWORD )
2014-04-11 00:36:50 +04:00
}
func ForgotPasswdPost ( ctx * middleware . Context ) {
ctx . Data [ "Title" ] = "Forgot Password"
2014-05-26 04:11:25 +04:00
if setting . MailService == nil {
2014-04-11 00:36:50 +04:00
ctx . Handle ( 403 , "user.ForgotPasswdPost" , nil )
2014-04-05 20:32:34 +04:00
return
}
2014-04-11 00:36:50 +04:00
ctx . Data [ "IsResetRequest" ] = true
2014-04-05 20:32:34 +04:00
email := ctx . Query ( "email" )
u , err := models . GetUserByEmail ( email )
if err != nil {
if err == models . ErrUserNotExist {
ctx . RenderWithErr ( "This e-mail address does not associate to any account." , "user/forgot_passwd" , nil )
} else {
2014-04-11 00:36:50 +04:00
ctx . Handle ( 500 , "user.ResetPasswd(check existence)" , err )
2014-04-05 20:32:34 +04:00
}
return
}
2014-04-10 05:42:25 +04:00
if ctx . Cache . IsExist ( "MailResendLimit_" + u . LowerName ) {
ctx . Data [ "ResendLimited" ] = true
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , FORGOT_PASSWORD )
2014-04-10 05:42:25 +04:00
return
}
2014-04-05 20:32:34 +04:00
mailer . SendResetPasswdMail ( ctx . Render , u )
2014-04-10 05:42:25 +04:00
if err = ctx . Cache . Put ( "MailResendLimit_" + u . LowerName , u . LowerName , 180 ) ; err != nil {
log . Error ( "Set cache(MailResendLimit) fail: %v" , err )
}
2014-04-05 20:32:34 +04:00
ctx . Data [ "Email" ] = email
2014-05-26 04:11:25 +04:00
ctx . Data [ "Hours" ] = setting . Service . ActiveCodeLives / 60
2014-04-05 20:32:34 +04:00
ctx . Data [ "IsResetSent" ] = true
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , FORGOT_PASSWORD )
2014-04-05 20:32:34 +04:00
}
func ResetPasswd ( ctx * middleware . Context ) {
2014-04-11 00:36:50 +04:00
ctx . Data [ "Title" ] = "Reset Password"
2014-04-05 20:32:34 +04:00
code := ctx . Query ( "code" )
if len ( code ) == 0 {
ctx . Error ( 404 )
return
}
ctx . Data [ "Code" ] = code
2014-04-11 00:36:50 +04:00
ctx . Data [ "IsResetForm" ] = true
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , RESET_PASSWORD )
2014-04-11 00:36:50 +04:00
}
func ResetPasswdPost ( ctx * middleware . Context ) {
ctx . Data [ "Title" ] = "Reset Password"
code := ctx . Query ( "code" )
if len ( code ) == 0 {
ctx . Error ( 404 )
2014-04-05 20:32:34 +04:00
return
}
2014-04-11 00:36:50 +04:00
ctx . Data [ "Code" ] = code
2014-04-05 20:32:34 +04:00
if u := models . VerifyUserActiveCode ( code ) ; u != nil {
// Validate password length.
passwd := ctx . Query ( "passwd" )
if len ( passwd ) < 6 || len ( passwd ) > 30 {
ctx . Data [ "IsResetForm" ] = true
ctx . RenderWithErr ( "Password length should be in 6 and 30." , "user/reset_passwd" , nil )
return
}
u . Passwd = passwd
u . Rands = models . GetUserSalt ( )
2014-04-07 00:10:57 +04:00
u . Salt = models . GetUserSalt ( )
u . EncodePasswd ( )
2014-04-05 20:32:34 +04:00
if err := models . UpdateUser ( u ) ; err != nil {
2014-04-11 00:36:50 +04:00
ctx . Handle ( 500 , "user.ResetPasswd(UpdateUser)" , err )
2014-04-05 20:32:34 +04:00
return
}
log . Trace ( "%s User password reset: %s" , ctx . Req . RequestURI , u . Name )
ctx . Redirect ( "/user/login" )
return
}
ctx . Data [ "IsResetFailed" ] = true
2014-06-23 07:11:12 +04:00
ctx . HTML ( 200 , RESET_PASSWORD )
2014-04-05 20:32:34 +04:00
}
