gitea/routers/api/v1/admin/user.go

// Copyright 2015 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package admin

import (
	"code.gitea.io/gitea/models"
	"code.gitea.io/gitea/modules/context"
	"code.gitea.io/gitea/modules/log"
	"code.gitea.io/gitea/modules/setting"
	"code.gitea.io/gitea/routers/api/v1/user"
	api "code.gitea.io/sdk/gitea"
)

func parseLoginSource(ctx *context.APIContext, u *models.User, sourceID int64, loginName string) {
	if sourceID == 0 {
		return
	}

	source, err := models.GetLoginSourceByID(sourceID)
	if err != nil {
		if models.IsErrLoginSourceNotExist(err) {
			ctx.Error(422, "", err)
		} else {
			ctx.Error(500, "GetLoginSourceByID", err)
		}
		return
	}

	u.LoginType = source.Type
	u.LoginSource = source.ID
	u.LoginName = loginName
}

// CreateUser create a user
func CreateUser(ctx *context.APIContext, form api.CreateUserOption) {
	// swagger:operation POST /admin/users admin adminCreateUser
	// ---
	// summary: Create a user
	// consumes:
	// - application/json
	// produces:
	// - application/json
	// parameters:
	// - name: body
	//   in: body
	//   schema:
	//     "$ref": "#/definitions/CreateUserOption"
	// responses:
	//   "201":
	//     "$ref": "#/responses/User"
	//   "403":
	//     "$ref": "#/responses/forbidden"
	//   "422":
	//     "$ref": "#/responses/validationError"
	u := &models.User{
		Name:      form.Username,
		FullName:  form.FullName,
		Email:     form.Email,
		Passwd:    form.Password,
		IsActive:  true,
		LoginType: models.LoginPlain,
	}

	parseLoginSource(ctx, u, form.SourceID, form.LoginName)
	if ctx.Written() {
		return
	}

	if err := models.CreateUser(u); err != nil {
		if models.IsErrUserAlreadyExist(err) ||
			models.IsErrEmailAlreadyUsed(err) ||
			models.IsErrNameReserved(err) ||
			models.IsErrNamePatternNotAllowed(err) {
			ctx.Error(422, "", err)
		} else {
			ctx.Error(500, "CreateUser", err)
		}
		return
	}
	log.Trace("Account created by admin (%s): %s", ctx.User.Name, u.Name)

	// Send email notification.
	if form.SendNotify && setting.MailService != nil {
		models.SendRegisterNotifyMail(ctx.Context.Context, u)
	}

	ctx.JSON(201, u.APIFormat())
}

// EditUser api for modifying a user's information
func EditUser(ctx *context.APIContext, form api.EditUserOption) {
	// swagger:operation PATCH /admin/users/{username} admin adminEditUser
	// ---
	// summary: Edit an existing user
	// consumes:
	// - application/json
	// produces:
	// - application/json
	// parameters:
	// - name: username
	//   in: path
	//   description: username of user to edit
	//   type: string
	//   required: true
	// - name: body
	//   in: body
	//   schema:
	//     "$ref": "#/definitions/EditUserOption"
	// responses:
	//   "200":
	//     "$ref": "#/responses/User"
	//   "403":
	//     "$ref": "#/responses/forbidden"
	//   "422":
	//     "$ref": "#/responses/validationError"
	u := user.GetUserByParams(ctx)
	if ctx.Written() {
		return
	}

	parseLoginSource(ctx, u, form.SourceID, form.LoginName)
	if ctx.Written() {
		return
	}

	if len(form.Password) > 0 {
		u.Passwd = form.Password
		var err error
		if u.Salt, err = models.GetUserSalt(); err != nil {
			ctx.Error(500, "UpdateUser", err)
			return
		}
		u.EncodePasswd()
	}

	u.LoginName = form.LoginName
	u.FullName = form.FullName
	u.Email = form.Email
	u.Website = form.Website
	u.Location = form.Location
	if form.Active != nil {
		u.IsActive = *form.Active
	}
	if form.Admin != nil {
		u.IsAdmin = *form.Admin
	}
	if form.AllowGitHook != nil {
		u.AllowGitHook = *form.AllowGitHook
	}
	if form.AllowImportLocal != nil {
		u.AllowImportLocal = *form.AllowImportLocal
	}
	if form.MaxRepoCreation != nil {
		u.MaxRepoCreation = *form.MaxRepoCreation
	}

	if err := models.UpdateUser(u); err != nil {
		if models.IsErrEmailAlreadyUsed(err) {
			ctx.Error(422, "", err)
		} else {
			ctx.Error(500, "UpdateUser", err)
		}
		return
	}
	log.Trace("Account profile updated by admin (%s): %s", ctx.User.Name, u.Name)

	ctx.JSON(200, u.APIFormat())
}

// DeleteUser api for deleting a user
func DeleteUser(ctx *context.APIContext) {
	// swagger:operation DELETE /admin/users/{username} admin adminDeleteUser
	// ---
	// summary: Delete a user
	// produces:
	// - application/json
	// parameters:
	// - name: username
	//   in: path
	//   description: username of user to delete
	//   type: string
	//   required: true
	// responses:
	//   "204":
	//     "$ref": "#/responses/empty"
	//   "403":
	//     "$ref": "#/responses/forbidden"
	//   "422":
	//     "$ref": "#/responses/validationError"
	u := user.GetUserByParams(ctx)
	if ctx.Written() {
		return
	}

	if err := models.DeleteUser(u); err != nil {
		if models.IsErrUserOwnRepos(err) ||
			models.IsErrUserHasOrgs(err) {
			ctx.Error(422, "", err)
		} else {
			ctx.Error(500, "DeleteUser", err)
		}
		return
	}
	log.Trace("Account deleted by admin(%s): %s", ctx.User.Name, u.Name)

	ctx.Status(204)
}

// CreatePublicKey api for creating a public key to a user
func CreatePublicKey(ctx *context.APIContext, form api.CreateKeyOption) {
	// swagger:operation POST /admin/users/{username}/keys admin adminCreatePublicKey
	// ---
	// summary: Add a public key on behalf of a user
	// consumes:
	// - application/json
	// produces:
	// - application/json
	// parameters:
	// - name: username
	//   in: path
	//   description: username of the user
	//   type: string
	//   required: true
	// responses:
	//   "201":
	//     "$ref": "#/responses/PublicKey"
	//   "403":
	//     "$ref": "#/responses/forbidden"
	//   "422":
	//     "$ref": "#/responses/validationError"
	u := user.GetUserByParams(ctx)
	if ctx.Written() {
		return
	}
	user.CreateUserPublicKey(ctx, form, u.ID)
}

// DeleteUserPublicKey api for deleting a user's public key
func DeleteUserPublicKey(ctx *context.APIContext) {
	// swagger:operation DELETE /admin/users/{username}/keys/{id} admin adminDeleteUserPublicKey
	// ---
	// summary: Delete a user's public key
	// produces:
	// - application/json
	// parameters:
	// - name: username
	//   in: path
	//   description: username of user
	//   type: string
	//   required: true
	// - name: id
	//   in: path
	//   description: id of the key to delete
	//   type: integer
	//   required: true
	// responses:
	//   "204":
	//     "$ref": "#/responses/empty"
	//   "403":
	//     "$ref": "#/responses/forbidden"
	//   "404":
	//     "$ref": "#/responses/notFound"
	u := user.GetUserByParams(ctx)
	if ctx.Written() {
		return
	}

	if err := models.DeletePublicKey(u, ctx.ParamsInt64(":id")); err != nil {
		if models.IsErrKeyNotExist(err) {
			ctx.Status(404)
		} else if models.IsErrKeyAccessDenied(err) {
			ctx.Error(403, "", "You do not have access to this key")
		} else {
			ctx.Error(500, "DeleteUserPublicKey", err)
		}
		return
	}
	log.Trace("Key deleted by admin(%s): %s", ctx.User.Name, u.Name)

	ctx.Status(204)
}
APIs: admin users 2015-12-06 01:13:13 +03:00			`// Copyright 2015 The Gogs Authors. All rights reserved.`
			`// Use of this source code is governed by a MIT-style`
			`// license that can be found in the LICENSE file.`

			`package admin`

			`import (`
Update import paths from github.com/go-gitea to code.gitea.io (#135) - Update import paths from github.com/go-gitea to code.gitea.io - Fix import path for travis See https://docs.travis-ci.com/user/languages/go#Go-Import-Path 2016-11-10 19:24:48 +03:00			`"code.gitea.io/gitea/models"`
			`"code.gitea.io/gitea/modules/context"`
			`"code.gitea.io/gitea/modules/log"`
			`"code.gitea.io/gitea/modules/setting"`
			`"code.gitea.io/gitea/routers/api/v1/user"`
Update swagger documentation (#2899) * Update swagger documentation Add docs for missing endpoints Add documentation for request parameters Make parameter naming consistent Fix response documentation * Restore delete comments 2017-11-13 10:02:25 +03:00			`api "code.gitea.io/sdk/gitea"`
APIs: admin users 2015-12-06 01:13:13 +03:00			`)`

Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`func parseLoginSource(ctx context.APIContext, u models.User, sourceID int64, loginName string) {`
APIs: admin users 2015-12-06 01:13:13 +03:00			`if sourceID == 0 {`
			`return`
			`}`

			`source, err := models.GetLoginSourceByID(sourceID)`
			`if err != nil {`
#3515 use alert instead 500 for duplicated login source name 2016-08-31 10:56:10 +03:00			`if models.IsErrLoginSourceNotExist(err) {`
Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`ctx.Error(422, "", err)`
APIs: admin users 2015-12-06 01:13:13 +03:00			`} else {`
Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`ctx.Error(500, "GetLoginSourceByID", err)`
APIs: admin users 2015-12-06 01:13:13 +03:00			`}`
			`return`
			`}`

			`u.LoginType = source.Type`
			`u.LoginSource = source.ID`
			`u.LoginName = loginName`
			`}`

Update swagger documentation (#2899) * Update swagger documentation Add docs for missing endpoints Add documentation for request parameters Make parameter naming consistent Fix response documentation * Restore delete comments 2017-11-13 10:02:25 +03:00			`// CreateUser create a user`
Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`func CreateUser(ctx *context.APIContext, form api.CreateUserOption) {`
Update swagger documentation (#2899) * Update swagger documentation Add docs for missing endpoints Add documentation for request parameters Make parameter naming consistent Fix response documentation * Restore delete comments 2017-11-13 10:02:25 +03:00			`// swagger:operation POST /admin/users admin adminCreateUser`
			`// ---`
			`// summary: Create a user`
			`// consumes:`
			`// - application/json`
			`// produces:`
			`// - application/json`
			`// parameters:`
			`// - name: body`
			`// in: body`
			`// schema:`
			`// "$ref": "#/definitions/CreateUserOption"`
			`// responses:`
			`// "201":`
			`// "$ref": "#/responses/User"`
			`// "403":`
			`// "$ref": "#/responses/forbidden"`
			`// "422":`
			`// "$ref": "#/responses/validationError"`
APIs: admin users 2015-12-06 01:13:13 +03:00			`u := &models.User{`
			`Name: form.Username,`
Added Full Name to CreateUser api call (#3333) 2016-07-26 21:43:06 +03:00			`FullName: form.FullName,`
APIs: admin users 2015-12-06 01:13:13 +03:00			`Email: form.Email,`
			`Passwd: form.Password,`
			`IsActive: true,`
More... 2016-11-07 19:30:04 +03:00			`LoginType: models.LoginPlain,`
APIs: admin users 2015-12-06 01:13:13 +03:00			`}`

			`parseLoginSource(ctx, u, form.SourceID, form.LoginName)`
			`if ctx.Written() {`
			`return`
			`}`

			`if err := models.CreateUser(u); err != nil {`
			`if models.IsErrUserAlreadyExist(err) \|\|`
			`models.IsErrEmailAlreadyUsed(err) \|\|`
			`models.IsErrNameReserved(err) \|\|`
			`models.IsErrNamePatternNotAllowed(err) {`
Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`ctx.Error(422, "", err)`
APIs: admin users 2015-12-06 01:13:13 +03:00			`} else {`
Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`ctx.Error(500, "CreateUser", err)`
APIs: admin users 2015-12-06 01:13:13 +03:00			`}`
			`return`
			`}`
			`log.Trace("Account created by admin (%s): %s", ctx.User.Name, u.Name)`

#2854 fix no mail notification when issue is closed/reopened 2016-07-15 19:36:39 +03:00			`// Send email notification.`
APIs: admin users 2015-12-06 01:13:13 +03:00			`if form.SendNotify && setting.MailService != nil {`
#2854 fix no mail notification when issue is closed/reopened 2016-07-15 19:36:39 +03:00			`models.SendRegisterNotifyMail(ctx.Context.Context, u)`
APIs: admin users 2015-12-06 01:13:13 +03:00			`}`

Replace convert.To with APIFormat calls 2016-08-14 14:17:26 +03:00			`ctx.JSON(201, u.APIFormat())`
APIs: admin users 2015-12-06 01:13:13 +03:00			`}`

golint fixed for routers (#208) 2016-11-24 10:04:31 +03:00			`// EditUser api for modifying a user's information`
Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`func EditUser(ctx *context.APIContext, form api.EditUserOption) {`
Update swagger documentation (#2899) * Update swagger documentation Add docs for missing endpoints Add documentation for request parameters Make parameter naming consistent Fix response documentation * Restore delete comments 2017-11-13 10:02:25 +03:00			`// swagger:operation PATCH /admin/users/{username} admin adminEditUser`
			`// ---`
			`// summary: Edit an existing user`
			`// consumes:`
			`// - application/json`
			`// produces:`
			`// - application/json`
			`// parameters:`
			`// - name: username`
			`// in: path`
			`// description: username of user to edit`
			`// type: string`
			`// required: true`
			`// - name: body`
			`// in: body`
			`// schema:`
			`// "$ref": "#/definitions/EditUserOption"`
			`// responses:`
			`// "200":`
			`// "$ref": "#/responses/User"`
			`// "403":`
			`// "$ref": "#/responses/forbidden"`
			`// "422":`
			`// "$ref": "#/responses/validationError"`
APIs: admin users 2015-12-06 01:13:13 +03:00			`u := user.GetUserByParams(ctx)`
			`if ctx.Written() {`
			`return`
			`}`

			`parseLoginSource(ctx, u, form.SourceID, form.LoginName)`
			`if ctx.Written() {`
			`return`
			`}`

			`if len(form.Password) > 0 {`
			`u.Passwd = form.Password`
Fix random string generator (#384) * Remove unused custom-alphabet feature of random string generator Fix random string generator Random string generator should return error if it fails to read random data via crypto/rand * Fixes variable (un)initialization mixed assign Update test GetRandomString 2016-12-20 15:32:02 +03:00			`var err error`
			`if u.Salt, err = models.GetUserSalt(); err != nil {`
			`ctx.Error(500, "UpdateUser", err)`
			`return`
			`}`
APIs: admin users 2015-12-06 01:13:13 +03:00			`u.EncodePasswd()`
			`}`

			`u.LoginName = form.LoginName`
			`u.FullName = form.FullName`
			`u.Email = form.Email`
			`u.Website = form.Website`
			`u.Location = form.Location`
			`if form.Active != nil {`
			`u.IsActive = *form.Active`
			`}`
			`if form.Admin != nil {`
			`u.IsAdmin = *form.Admin`
			`}`
			`if form.AllowGitHook != nil {`
			`u.AllowGitHook = *form.AllowGitHook`
			`}`
			`if form.AllowImportLocal != nil {`
			`u.AllowImportLocal = *form.AllowImportLocal`
			`}`
Add MaxRepoCreation to EditUser API (#2781) 2016-08-11 21:49:31 +03:00			`if form.MaxRepoCreation != nil {`
			`u.MaxRepoCreation = *form.MaxRepoCreation`
			`}`
APIs: admin users 2015-12-06 01:13:13 +03:00
			`if err := models.UpdateUser(u); err != nil {`
			`if models.IsErrEmailAlreadyUsed(err) {`
Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`ctx.Error(422, "", err)`
APIs: admin users 2015-12-06 01:13:13 +03:00			`} else {`
Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`ctx.Error(500, "UpdateUser", err)`
APIs: admin users 2015-12-06 01:13:13 +03:00			`}`
			`return`
			`}`
			`log.Trace("Account profile updated by admin (%s): %s", ctx.User.Name, u.Name)`

Replace convert.To with APIFormat calls 2016-08-14 14:17:26 +03:00			`ctx.JSON(200, u.APIFormat())`
APIs: admin users 2015-12-06 01:13:13 +03:00			`}`

golint fixed for routers (#208) 2016-11-24 10:04:31 +03:00			`// DeleteUser api for deleting a user`
Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`func DeleteUser(ctx *context.APIContext) {`
Update swagger documentation (#2899) * Update swagger documentation Add docs for missing endpoints Add documentation for request parameters Make parameter naming consistent Fix response documentation * Restore delete comments 2017-11-13 10:02:25 +03:00			`// swagger:operation DELETE /admin/users/{username} admin adminDeleteUser`
			`// ---`
			`// summary: Delete a user`
			`// produces:`
			`// - application/json`
			`// parameters:`
			`// - name: username`
			`// in: path`
			`// description: username of user to delete`
			`// type: string`
			`// required: true`
			`// responses:`
			`// "204":`
			`// "$ref": "#/responses/empty"`
			`// "403":`
			`// "$ref": "#/responses/forbidden"`
			`// "422":`
			`// "$ref": "#/responses/validationError"`
APIs: admin users 2015-12-06 01:13:13 +03:00			`u := user.GetUserByParams(ctx)`
			`if ctx.Written() {`
			`return`
			`}`

			`if err := models.DeleteUser(u); err != nil {`
			`if models.IsErrUserOwnRepos(err) \|\|`
			`models.IsErrUserHasOrgs(err) {`
Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`ctx.Error(422, "", err)`
APIs: admin users 2015-12-06 01:13:13 +03:00			`} else {`
Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`ctx.Error(500, "DeleteUser", err)`
APIs: admin users 2015-12-06 01:13:13 +03:00			`}`
			`return`
			`}`
			`log.Trace("Account deleted by admin(%s): %s", ctx.User.Name, u.Name)`

			`ctx.Status(204)`
			`}`

golint fixed for routers (#208) 2016-11-24 10:04:31 +03:00			`// CreatePublicKey api for creating a public key to a user`
Convert all API handers to use *context.APIContext 2016-03-14 01:49:16 +03:00			`func CreatePublicKey(ctx *context.APIContext, form api.CreateKeyOption) {`
Update swagger documentation (#2899) * Update swagger documentation Add docs for missing endpoints Add documentation for request parameters Make parameter naming consistent Fix response documentation * Restore delete comments 2017-11-13 10:02:25 +03:00			`// swagger:operation POST /admin/users/{username}/keys admin adminCreatePublicKey`
			`// ---`
			`// summary: Add a public key on behalf of a user`
			`// consumes:`
			`// - application/json`
			`// produces:`
			`// - application/json`
			`// parameters:`
			`// - name: username`
			`// in: path`
			`// description: username of the user`
			`// type: string`
			`// required: true`
			`// responses:`
			`// "201":`
			`// "$ref": "#/responses/PublicKey"`
			`// "403":`
			`// "$ref": "#/responses/forbidden"`
			`// "422":`
			`// "$ref": "#/responses/validationError"`
APIs: admin users 2015-12-06 01:13:13 +03:00			`u := user.GetUserByParams(ctx)`
			`if ctx.Written() {`
			`return`
			`}`
Refactor User.Id to User.ID 2016-07-23 20:08:22 +03:00			`user.CreateUserPublicKey(ctx, form, u.ID)`
APIs: admin users 2015-12-06 01:13:13 +03:00			`}`
Delete a user's public key via admin api (closes #3014) (#3059) * Delete a user's public key via admin api * Test admin ssh endpoint for creating a new ssh key * Adapt public ssh key test to also test the delete operation * Test that deleting a missing key will result in a 404 * Test that a normal user can't delete another user's ssh key * Make DeletePublicKey return err * Update swagger doc 2017-12-06 13:27:10 +03:00
			`// DeleteUserPublicKey api for deleting a user's public key`
			`func DeleteUserPublicKey(ctx *context.APIContext) {`
			`// swagger:operation DELETE /admin/users/{username}/keys/{id} admin adminDeleteUserPublicKey`
			`// ---`
			`// summary: Delete a user's public key`
			`// produces:`
			`// - application/json`
			`// parameters:`
			`// - name: username`
			`// in: path`
			`// description: username of user`
			`// type: string`
			`// required: true`
			`// - name: id`
			`// in: path`
			`// description: id of the key to delete`
			`// type: integer`
			`// required: true`
			`// responses:`
			`// "204":`
			`// "$ref": "#/responses/empty"`
			`// "403":`
			`// "$ref": "#/responses/forbidden"`
			`// "404":`
			`// "$ref": "#/responses/notFound"`
			`u := user.GetUserByParams(ctx)`
			`if ctx.Written() {`
			`return`
			`}`

			`if err := models.DeletePublicKey(u, ctx.ParamsInt64(":id")); err != nil {`
			`if models.IsErrKeyNotExist(err) {`
			`ctx.Status(404)`
			`} else if models.IsErrKeyAccessDenied(err) {`
			`ctx.Error(403, "", "You do not have access to this key")`
			`} else {`
			`ctx.Error(500, "DeleteUserPublicKey", err)`
			`}`
			`return`
			`}`
			`log.Trace("Key deleted by admin(%s): %s", ctx.User.Name, u.Name)`

			`ctx.Status(204)`
			`}`