gitea/models/user.go

1481 lines
40 KiB
Go
Raw Normal View History

2014-04-11 02:20:58 +08:00
// Copyright 2014 The Gogs Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package models
import (
2014-11-21 23:58:08 +08:00
"bytes"
2014-09-24 03:30:04 +08:00
"container/list"
"crypto/md5"
2014-04-11 02:20:58 +08:00
"crypto/sha256"
"crypto/subtle"
2014-04-11 02:20:58 +08:00
"encoding/hex"
"errors"
"fmt"
2014-11-21 23:58:08 +08:00
"image"
2016-11-29 00:47:46 +08:00
// Needed for jpeg support
_ "image/jpeg"
2015-11-14 05:43:43 +08:00
"image/png"
2014-04-11 02:20:58 +08:00
"os"
"path/filepath"
"strings"
"time"
"unicode/utf8"
2014-04-11 02:20:58 +08:00
2014-07-26 12:24:27 +08:00
"github.com/Unknwon/com"
"github.com/go-xorm/builder"
2015-09-02 00:19:52 +08:00
"github.com/go-xorm/xorm"
2014-11-21 23:58:08 +08:00
"github.com/nfnt/resize"
"golang.org/x/crypto/pbkdf2"
2014-04-11 02:20:58 +08:00
"code.gitea.io/git"
api "code.gitea.io/sdk/gitea"
"code.gitea.io/gitea/modules/avatar"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
2014-04-11 02:20:58 +08:00
)
2016-11-29 00:47:46 +08:00
// UserType defines the user type
2014-06-25 12:44:48 +08:00
type UserType int
2014-04-11 02:20:58 +08:00
const (
2016-11-29 00:47:46 +08:00
// UserTypeIndividual defines an individual user
2016-11-08 00:53:22 +08:00
UserTypeIndividual UserType = iota // Historic reason to make it starts at 0.
2016-11-29 00:47:46 +08:00
// UserTypeOrganization defines an organization
2016-11-08 00:53:22 +08:00
UserTypeOrganization
2014-04-11 02:20:58 +08:00
)
2017-05-10 21:10:18 +08:00
const syncExternalUsers = "sync_external_users"
2014-04-11 02:20:58 +08:00
var (
2016-11-29 00:47:46 +08:00
// ErrUserNotKeyOwner user does not own this key error
ErrUserNotKeyOwner = errors.New("User does not own this public key")
// ErrEmailNotExist e-mail does not exist error
ErrEmailNotExist = errors.New("E-mail does not exist")
// ErrEmailNotActivated e-mail address has not been activated error
ErrEmailNotActivated = errors.New("E-mail address has not been activated")
// ErrUserNameIllegal user name contains illegal characters error
ErrUserNameIllegal = errors.New("User name contains illegal characters")
// ErrLoginSourceNotActived login source is not actived error
2014-05-11 14:12:45 +08:00
ErrLoginSourceNotActived = errors.New("Login source is not actived")
2016-11-29 00:47:46 +08:00
// ErrUnsupportedLoginType login source is unknown error
ErrUnsupportedLoginType = errors.New("Login source is unknown")
2014-04-11 02:20:58 +08:00
)
// User represents the object of individual and member of organization.
type User struct {
2016-07-24 01:08:22 +08:00
ID int64 `xorm:"pk autoincr"`
LowerName string `xorm:"UNIQUE NOT NULL"`
Name string `xorm:"UNIQUE NOT NULL"`
FullName string
// Email is the primary email address (to be used for communication)
Email string `xorm:"NOT NULL"`
KeepEmailPrivate bool
Passwd string `xorm:"NOT NULL"`
LoginType LoginType
LoginSource int64 `xorm:"NOT NULL DEFAULT 0"`
LoginName string
Type UserType
OwnedOrgs []*User `xorm:"-"`
Orgs []*User `xorm:"-"`
Repos []*Repository `xorm:"-"`
Location string
Website string
Rands string `xorm:"VARCHAR(10)"`
Salt string `xorm:"VARCHAR(10)"`
2016-11-10 23:16:32 +08:00
Created time.Time `xorm:"-"`
CreatedUnix int64 `xorm:"INDEX created"`
2016-11-10 23:16:32 +08:00
Updated time.Time `xorm:"-"`
UpdatedUnix int64 `xorm:"INDEX updated"`
2016-11-09 18:53:45 +08:00
LastLogin time.Time `xorm:"-"`
2017-01-06 23:14:33 +08:00
LastLoginUnix int64 `xorm:"INDEX"`
2014-11-21 23:58:08 +08:00
2015-10-25 16:26:26 +08:00
// Remember visibility choice for convenience, true for private
LastRepoVisibility bool
2016-11-27 19:59:12 +08:00
// Maximum repository creation limit, -1 means use global default
2015-12-11 01:48:45 +08:00
MaxRepoCreation int `xorm:"NOT NULL DEFAULT -1"`
// Permissions
2017-01-06 23:14:33 +08:00
IsActive bool `xorm:"INDEX"` // Activate primary email
IsAdmin bool
AllowGitHook bool
AllowImportLocal bool // Allow migrate repository by local path
AllowCreateOrganization bool `xorm:"DEFAULT true"`
ProhibitLogin bool `xorm:"NOT NULL DEFAULT false"`
2014-11-21 23:58:08 +08:00
// Avatar
2014-11-21 23:58:08 +08:00
Avatar string `xorm:"VARCHAR(2048) NOT NULL"`
AvatarEmail string `xorm:"NOT NULL"`
UseCustomAvatar bool
// Counters
NumFollowers int
NumFollowing int `xorm:"NOT NULL DEFAULT 0"`
NumStars int
NumRepos int
2014-06-25 12:44:48 +08:00
// For organization
2014-06-27 15:37:01 +08:00
Description string
NumTeams int
NumMembers int
2014-06-29 03:43:25 +08:00
Teams []*Team `xorm:"-"`
Members []*User `xorm:"-"`
2016-11-13 10:54:04 +08:00
// Preferences
DiffViewStyle string `xorm:"NOT NULL DEFAULT ''"`
2014-04-11 02:20:58 +08:00
}
2016-11-29 00:47:46 +08:00
// BeforeUpdate is invoked from XORM before updating this object.
2015-12-11 01:37:53 +08:00
func (u *User) BeforeUpdate() {
2015-12-11 01:46:05 +08:00
if u.MaxRepoCreation < -1 {
u.MaxRepoCreation = -1
2015-12-11 01:37:53 +08:00
}
}
2016-11-29 00:47:46 +08:00
// SetLastLogin set time to last login
2016-11-09 18:53:45 +08:00
func (u *User) SetLastLogin() {
u.LastLoginUnix = time.Now().Unix()
}
2016-11-29 00:47:46 +08:00
// UpdateDiffViewStyle updates the users diff view style
2016-11-13 10:54:04 +08:00
func (u *User) UpdateDiffViewStyle(style string) error {
u.DiffViewStyle = style
return UpdateUserCols(u, "diff_view_style")
2016-11-13 10:54:04 +08:00
}
// AfterLoad is invoked from XORM after setting the values of all fields of this object.
func (u *User) AfterLoad() {
u.Created = time.Unix(u.CreatedUnix, 0).Local()
u.Updated = time.Unix(u.UpdatedUnix, 0).Local()
u.LastLogin = time.Unix(u.LastLoginUnix, 0).Local()
2015-09-02 00:19:52 +08:00
}
// getEmail returns an noreply email, if the user has set to keep his
// email address private, otherwise the primary email address.
func (u *User) getEmail() string {
if u.KeepEmailPrivate {
return fmt.Sprintf("%s@%s", u.LowerName, setting.Service.NoReplyAddress)
}
return u.Email
}
2016-11-29 00:47:46 +08:00
// APIFormat converts a User to api.User
func (u *User) APIFormat() *api.User {
return &api.User{
ID: u.ID,
UserName: u.Name,
FullName: u.FullName,
Email: u.getEmail(),
2016-11-29 16:25:47 +08:00
AvatarURL: u.AvatarLink(),
}
}
2016-11-29 00:47:46 +08:00
// IsLocal returns true if user login type is LoginPlain.
func (u *User) IsLocal() bool {
2016-11-08 00:30:04 +08:00
return u.LoginType <= LoginPlain
}
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 15:14:37 +08:00
// IsOAuth2 returns true if user login type is LoginOAuth2.
func (u *User) IsOAuth2() bool {
return u.LoginType == LoginOAuth2
}
2015-11-16 23:14:12 +08:00
// HasForkedRepo checks if user has already forked a repository with given ID.
func (u *User) HasForkedRepo(repoID int64) bool {
2016-07-24 01:08:22 +08:00
_, has := HasForkedRepo(u.ID, repoID)
2015-11-16 23:14:12 +08:00
return has
}
// MaxCreationLimit returns the number of repositories a user is allowed to create
func (u *User) MaxCreationLimit() int {
2015-12-11 01:46:05 +08:00
if u.MaxRepoCreation <= -1 {
2015-12-11 01:37:53 +08:00
return setting.Repository.MaxCreationLimit
}
return u.MaxRepoCreation
}
2016-11-29 00:47:46 +08:00
// CanCreateRepo returns if user login can create a repository
2015-12-11 01:37:53 +08:00
func (u *User) CanCreateRepo() bool {
if u.IsAdmin {
return true
}
2015-12-11 01:46:05 +08:00
if u.MaxRepoCreation <= -1 {
if setting.Repository.MaxCreationLimit <= -1 {
return true
}
2015-12-11 01:37:53 +08:00
return u.NumRepos < setting.Repository.MaxCreationLimit
}
return u.NumRepos < u.MaxRepoCreation
}
// CanCreateOrganization returns true if user can create organisation.
func (u *User) CanCreateOrganization() bool {
return u.IsAdmin || (u.AllowCreateOrganization && !setting.Admin.DisableRegularOrgCreation)
}
// CanEditGitHook returns true if user can edit Git hooks.
func (u *User) CanEditGitHook() bool {
return !setting.DisableGitHooks && (u.IsAdmin || u.AllowGitHook)
}
// CanImportLocal returns true if user can migrate repository by local path.
func (u *User) CanImportLocal() bool {
if !setting.ImportLocalPaths {
return false
}
return u.IsAdmin || u.AllowImportLocal
}
2014-07-26 12:24:27 +08:00
// DashboardLink returns the user dashboard page link.
func (u *User) DashboardLink() string {
if u.IsOrganization() {
return setting.AppSubURL + "/org/" + u.Name + "/dashboard/"
2014-07-26 12:24:27 +08:00
}
return setting.AppSubURL + "/"
2014-07-26 12:24:27 +08:00
}
2015-08-26 21:45:51 +08:00
// HomeLink returns the user or organization home page link.
2014-06-25 12:44:48 +08:00
func (u *User) HomeLink() string {
return setting.AppSubURL + "/" + u.Name
2014-04-11 02:20:58 +08:00
}
// HTMLURL returns the user or organization's full link.
func (u *User) HTMLURL() string {
return setting.AppURL + u.Name
}
// GenerateEmailActivateCode generates an activate code based on user information and given e-mail.
func (u *User) GenerateEmailActivateCode(email string) string {
code := base.CreateTimeLimitCode(
2016-07-24 01:08:22 +08:00
com.ToStr(u.ID)+email+u.LowerName+u.Passwd+u.Rands,
setting.Service.ActiveCodeLives, nil)
// Add tail hex username
code += hex.EncodeToString([]byte(u.LowerName))
return code
}
// GenerateActivateCode generates an activate code based on user information.
func (u *User) GenerateActivateCode() string {
return u.GenerateEmailActivateCode(u.Email)
}
2014-04-11 02:20:58 +08:00
// CustomAvatarPath returns user custom avatar file path.
func (u *User) CustomAvatarPath() string {
return filepath.Join(setting.AvatarUploadPath, u.Avatar)
}
// GenerateRandomAvatar generates a random avatar for user.
func (u *User) GenerateRandomAvatar() error {
2017-03-08 23:05:15 +08:00
return u.generateRandomAvatar(x)
}
func (u *User) generateRandomAvatar(e Engine) error {
seed := u.Email
if len(seed) == 0 {
seed = u.Name
}
img, err := avatar.RandomImage([]byte(seed))
if err != nil {
return fmt.Errorf("RandomImage: %v", err)
}
// NOTICE for random avatar, it still uses id as avatar name, but custom avatar use md5
// since random image is not a user's photo, there is no security for enumable
u.Avatar = fmt.Sprintf("%d", u.ID)
if err = os.MkdirAll(filepath.Dir(u.CustomAvatarPath()), os.ModePerm); err != nil {
return fmt.Errorf("MkdirAll: %v", err)
}
fw, err := os.Create(u.CustomAvatarPath())
if err != nil {
return fmt.Errorf("Create: %v", err)
}
defer fw.Close()
2017-03-08 23:05:15 +08:00
if _, err := e.Id(u.ID).Cols("avatar").Update(u); err != nil {
return err
}
if err = png.Encode(fw, img); err != nil {
return fmt.Errorf("Encode: %v", err)
}
2016-07-24 01:08:22 +08:00
log.Info("New random avatar created: %d", u.ID)
return nil
}
// RelAvatarLink returns relative avatar link to the site domain,
// which includes app sub-url as prefix. However, it is possible
// to return full URL if user enables Gravatar-like service.
2015-08-28 23:36:13 +08:00
func (u *User) RelAvatarLink() string {
2016-07-24 01:08:22 +08:00
if u.ID == -1 {
2017-06-30 00:10:33 +08:00
return base.DefaultAvatarLink()
}
2014-11-21 23:58:08 +08:00
switch {
case u.UseCustomAvatar:
if !com.IsFile(u.CustomAvatarPath()) {
2017-06-30 00:10:33 +08:00
return base.DefaultAvatarLink()
}
return setting.AppSubURL + "/avatars/" + u.Avatar
case setting.DisableGravatar, setting.OfflineMode:
if !com.IsFile(u.CustomAvatarPath()) {
if err := u.GenerateRandomAvatar(); err != nil {
log.Error(3, "GenerateRandomAvatar: %v", err)
}
}
return setting.AppSubURL + "/avatars/" + u.Avatar
2014-04-11 02:20:58 +08:00
}
Add support for federated avatars (#3320) * Add support for federated avatars Fixes #3105 Removes avatar fetching duplication code Adds an "Enable Federated Avatar" checkbox in user settings (defaults to unchecked) Moves avatar settings all in the same form, making local and remote avatars mutually exclusive Renames UploadAvatarForm to AvatarForm as it's not anymore only for uploading * Run gofmt on all modified files * Move Avatar form in its own page * Add go-libravatar dependency to vendor/ dir Hopefully helps with accepting the contribution. See also #3214 * Revert "Add go-libravatar dependency to vendor/ dir" This reverts commit a8cb93ae640bbb90f7d25012fc257bda9fae9b82. * Make federated avatar setting a global configuration Removes the per-user setting * Move avatar handling back to base tool, disable federated avatar in offline mode * Format, handle error * Properly set fallback host * Use unsupported github.com mirror for importing go-libravatar * Remove comment showing life exists outside of github.com ... pity, but contribution would not be accepted otherwise * Use Combo for Get and Post methods over /avatar * FEDERATED_AVATAR -> ENABLE_FEDERATED_AVATAR * Fix persistance of federated avatar lookup checkbox at install time * Federated Avatars -> Enable Federated Avatars * Use len(string) == 0 instead of string == "" * Move import line where it belong See https://github.com/Unknwon/go-code-convention/blob/master/en-US/import_packages.md Pity the import url is still the unofficial one, but oh well... * Save a line (and waste much more expensive time) * Remove redundant parens * Remove an empty line * Remove empty lines * Reorder lines to make diff smaller * Remove another newline Unknwon review got me start a fight against newlines * Move DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR after OFFLINE_MODE On re-reading the diff I figured what Unknwon meant here: https://github.com/gogits/gogs/pull/3320/files#r73741106 * Remove newlines that weren't there before my intervention
2016-08-08 01:27:38 +08:00
return base.AvatarLink(u.AvatarEmail)
2014-04-11 02:20:58 +08:00
}
// AvatarLink returns user avatar absolute link.
2015-08-28 23:36:13 +08:00
func (u *User) AvatarLink() string {
link := u.RelAvatarLink()
2015-09-02 17:16:30 +08:00
if link[0] == '/' && link[1] != '/' {
return setting.AppURL + strings.TrimPrefix(link, setting.AppSubURL)[1:]
2015-08-28 23:36:13 +08:00
}
return link
}
2016-11-29 00:47:46 +08:00
// GetFollowers returns range of user's followers.
func (u *User) GetFollowers(page int) ([]*User, error) {
users := make([]*User, 0, ItemsPerPage)
2016-11-10 23:16:32 +08:00
sess := x.
Limit(ItemsPerPage, (page-1)*ItemsPerPage).
Where("follow.follow_id=?", u.ID)
if setting.UsePostgreSQL {
sess = sess.Join("LEFT", "follow", `"user".id=follow.user_id`)
} else {
sess = sess.Join("LEFT", "follow", "user.id=follow.user_id")
}
return users, sess.Find(&users)
}
2016-11-29 00:47:46 +08:00
// IsFollowing returns true if user is following followID.
func (u *User) IsFollowing(followID int64) bool {
2016-07-24 01:08:22 +08:00
return IsFollowing(u.ID, followID)
}
// GetFollowing returns range of user's following.
func (u *User) GetFollowing(page int) ([]*User, error) {
users := make([]*User, 0, ItemsPerPage)
2016-11-10 23:16:32 +08:00
sess := x.
Limit(ItemsPerPage, (page-1)*ItemsPerPage).
Where("follow.user_id=?", u.ID)
if setting.UsePostgreSQL {
sess = sess.Join("LEFT", "follow", `"user".id=follow.follow_id`)
} else {
sess = sess.Join("LEFT", "follow", "user.id=follow.follow_id")
}
return users, sess.Find(&users)
}
2014-04-11 02:20:58 +08:00
// NewGitSig generates and returns the signature of given user.
2014-06-25 12:44:48 +08:00
func (u *User) NewGitSig() *git.Signature {
2014-04-11 02:20:58 +08:00
return &git.Signature{
Name: u.DisplayName(),
Email: u.getEmail(),
2014-04-11 02:20:58 +08:00
When: time.Now(),
}
}
// EncodePasswd encodes password to safe format.
2014-06-25 12:44:48 +08:00
func (u *User) EncodePasswd() {
newPasswd := pbkdf2.Key([]byte(u.Passwd), []byte(u.Salt), 10000, 50, sha256.New)
2014-06-25 12:44:48 +08:00
u.Passwd = fmt.Sprintf("%x", newPasswd)
}
2015-04-17 02:40:39 +08:00
// ValidatePassword checks if given password matches the one belongs to the user.
2015-04-17 02:36:32 +08:00
func (u *User) ValidatePassword(passwd string) bool {
2014-08-03 01:47:33 +08:00
newUser := &User{Passwd: passwd, Salt: u.Salt}
newUser.EncodePasswd()
return subtle.ConstantTimeCompare([]byte(u.Passwd), []byte(newUser.Passwd)) == 1
2014-08-03 01:47:33 +08:00
}
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 15:14:37 +08:00
// IsPasswordSet checks if the password is set or left empty
func (u *User) IsPasswordSet() bool {
return !u.ValidatePassword("")
}
2014-11-21 23:58:08 +08:00
// UploadAvatar saves custom avatar for user.
2014-12-07 09:22:48 +08:00
// FIXME: split uploads to different subdirs in case we have massive users.
2014-11-21 23:58:08 +08:00
func (u *User) UploadAvatar(data []byte) error {
img, _, err := image.Decode(bytes.NewReader(data))
if err != nil {
2015-11-14 05:43:43 +08:00
return fmt.Errorf("Decode: %v", err)
2014-11-21 23:58:08 +08:00
}
2016-11-25 16:37:04 +08:00
m := resize.Resize(avatar.AvatarSize, avatar.AvatarSize, img, resize.NearestNeighbor)
2014-11-21 23:58:08 +08:00
sess := x.NewSession()
defer sess.Close()
2014-11-21 23:58:08 +08:00
if err = sess.Begin(); err != nil {
return err
}
2015-11-14 05:43:43 +08:00
u.UseCustomAvatar = true
u.Avatar = fmt.Sprintf("%x", md5.Sum(data))
2015-11-14 05:43:43 +08:00
if err = updateUser(sess, u); err != nil {
return fmt.Errorf("updateUser: %v", err)
2014-11-21 23:58:08 +08:00
}
2016-12-01 07:56:15 +08:00
if err := os.MkdirAll(setting.AvatarUploadPath, os.ModePerm); err != nil {
return fmt.Errorf("Failed to create dir %s: %v", setting.AvatarUploadPath, err)
2016-12-01 07:56:15 +08:00
}
2014-11-22 23:22:53 +08:00
fw, err := os.Create(u.CustomAvatarPath())
2014-11-21 23:58:08 +08:00
if err != nil {
2015-11-14 05:43:43 +08:00
return fmt.Errorf("Create: %v", err)
2014-11-21 23:58:08 +08:00
}
defer fw.Close()
2015-11-14 05:43:43 +08:00
if err = png.Encode(fw, m); err != nil {
return fmt.Errorf("Encode: %v", err)
2014-11-21 23:58:08 +08:00
}
return sess.Commit()
}
2016-03-07 00:36:30 +08:00
// DeleteAvatar deletes the user's custom avatar.
func (u *User) DeleteAvatar() error {
2016-07-24 01:08:22 +08:00
log.Trace("DeleteAvatar[%d]: %s", u.ID, u.CustomAvatarPath())
if len(u.Avatar) > 0 {
if err := os.Remove(u.CustomAvatarPath()); err != nil {
return fmt.Errorf("Failed to remove %s: %v", u.CustomAvatarPath(), err)
}
2016-12-01 07:56:15 +08:00
}
2016-03-07 00:36:30 +08:00
u.UseCustomAvatar = false
u.Avatar = ""
if _, err := x.Id(u.ID).Cols("avatar, use_custom_avatar").Update(u); err != nil {
2016-03-07 02:24:42 +08:00
return fmt.Errorf("UpdateUser: %v", err)
2016-03-07 00:36:30 +08:00
}
return nil
}
// IsAdminOfRepo returns true if user has admin or higher access of repository.
func (u *User) IsAdminOfRepo(repo *Repository) bool {
has, err := HasAccess(u.ID, repo, AccessModeAdmin)
if err != nil {
log.Error(3, "HasAccess: %v", err)
}
return has
}
// IsWriterOfRepo returns true if user has write access to given repository.
func (u *User) IsWriterOfRepo(repo *Repository) bool {
has, err := HasAccess(u.ID, repo, AccessModeWrite)
if err != nil {
log.Error(3, "HasAccess: %v", err)
}
return has
}
2014-06-28 12:40:07 +08:00
// IsOrganization returns true if user is actually a organization.
2014-06-25 12:44:48 +08:00
func (u *User) IsOrganization() bool {
2016-11-08 00:53:22 +08:00
return u.Type == UserTypeOrganization
2014-06-25 12:44:48 +08:00
}
// IsUserOrgOwner returns true if user is in the owner team of given organization.
2016-11-29 00:47:46 +08:00
func (u *User) IsUserOrgOwner(orgID int64) bool {
return IsOrganizationOwner(orgID, u.ID)
}
2017-01-20 13:16:10 +08:00
// IsPublicMember returns true if user public his/her membership in given organization.
2016-11-29 00:47:46 +08:00
func (u *User) IsPublicMember(orgID int64) bool {
return IsPublicMembership(orgID, u.ID)
}
2015-09-06 20:54:08 +08:00
func (u *User) getOrganizationCount(e Engine) (int64, error) {
2016-11-10 23:16:32 +08:00
return e.
Where("uid=?", u.ID).
Count(new(OrgUser))
2015-09-06 20:54:08 +08:00
}
2014-06-29 03:43:25 +08:00
// GetOrganizationCount returns count of membership of organization of user.
func (u *User) GetOrganizationCount() (int64, error) {
2015-09-06 20:54:08 +08:00
return u.getOrganizationCount(x)
2014-06-29 03:43:25 +08:00
}
2016-07-24 14:32:46 +08:00
// GetRepositories returns repositories that user owns, including private repositories.
func (u *User) GetRepositories(page, pageSize int) (err error) {
u.Repos, err = GetUserRepositories(u.ID, true, page, pageSize, "")
return err
}
// GetRepositoryIDs returns repositories IDs where user owned
func (u *User) GetRepositoryIDs() ([]int64, error) {
var ids []int64
return ids, x.Table("repository").Cols("id").Where("owner_id = ?", u.ID).Find(&ids)
}
// GetOrgRepositoryIDs returns repositories IDs where user's team owned
func (u *User) GetOrgRepositoryIDs() ([]int64, error) {
var ids []int64
return ids, x.Table("repository").
Cols("repository.id").
Join("INNER", "team_user", "repository.owner_id = team_user.org_id AND team_user.uid = ?", u.ID).
GroupBy("repository.id").Find(&ids)
}
// GetAccessRepoIDs returns all repositories IDs where user's or user is a team member organizations
func (u *User) GetAccessRepoIDs() ([]int64, error) {
ids, err := u.GetRepositoryIDs()
if err != nil {
return nil, err
}
ids2, err := u.GetOrgRepositoryIDs()
if err != nil {
return nil, err
}
return append(ids, ids2...), nil
}
2016-11-29 00:47:46 +08:00
// GetMirrorRepositories returns mirror repositories that user owns, including private repositories.
2016-07-24 14:32:46 +08:00
func (u *User) GetMirrorRepositories() ([]*Repository, error) {
return GetUserMirrorRepositories(u.ID)
}
// GetOwnedOrganizations returns all organizations that user owns.
func (u *User) GetOwnedOrganizations() (err error) {
2016-07-24 01:08:22 +08:00
u.OwnedOrgs, err = GetOwnedOrgsByUserID(u.ID)
return err
}
2014-06-28 12:40:07 +08:00
// GetOrganizations returns all organizations that user belongs to.
2015-12-17 15:28:47 +08:00
func (u *User) GetOrganizations(all bool) error {
2016-07-24 01:08:22 +08:00
ous, err := GetOrgUsersByUserID(u.ID, all)
2014-06-25 12:44:48 +08:00
if err != nil {
return err
}
u.Orgs = make([]*User, len(ous))
for i, ou := range ous {
2015-08-08 22:43:14 +08:00
u.Orgs[i], err = GetUserByID(ou.OrgID)
2014-06-25 12:44:48 +08:00
if err != nil {
return err
}
}
return nil
2014-04-11 02:20:58 +08:00
}
2015-08-27 13:26:38 +08:00
// DisplayName returns full name if it's not empty,
// returns username otherwise.
func (u *User) DisplayName() string {
if len(u.FullName) > 0 {
return u.FullName
}
2015-08-27 13:26:38 +08:00
return u.Name
}
2016-11-29 00:47:46 +08:00
// ShortName ellipses username to length
func (u *User) ShortName(length int) string {
return base.EllipsisString(u.Name, length)
}
// IsMailable checks if a user is eligible
// to receive emails.
func (u *User) IsMailable() bool {
return u.IsActive
}
2017-10-03 14:29:26 +08:00
func isUserExist(e Engine, uid int64, name string) (bool, error) {
2014-04-11 02:20:58 +08:00
if len(name) == 0 {
return false, nil
}
2017-10-03 14:29:26 +08:00
return e.
2016-11-10 23:16:32 +08:00
Where("id!=?", uid).
Get(&User{LowerName: strings.ToLower(name)})
2014-04-11 02:20:58 +08:00
}
2017-10-03 14:29:26 +08:00
// IsUserExist checks if given user name exist,
// the user name should be noncased unique.
// If uid is presented, then check will rule out that one,
// it is used when update a user name in settings page.
func IsUserExist(uid int64, name string) (bool, error) {
return isUserExist(x, uid, name)
}
// GetUserSalt returns a random user salt token.
func GetUserSalt() (string, error) {
2014-04-11 02:20:58 +08:00
return base.GetRandomString(10)
}
// NewGhostUser creates and returns a fake user for someone has deleted his/her account.
func NewGhostUser() *User {
return &User{
2016-07-24 01:08:22 +08:00
ID: -1,
Name: "Ghost",
LowerName: "ghost",
}
}
var (
reservedUsernames = []string{"assets", "css", "explore", "img", "js", "less", "plugins", "debug", "raw", "install", "api", "avatar", "user", "org", "help", "stars", "issues", "pulls", "commits", "repo", "template", "admin", "new", ".", ".."}
reservedUserPatterns = []string{"*.keys"}
)
// isUsableName checks if name is reserved or pattern of name is not allowed
// based on given reserved names and patterns.
// Names are exact match, patterns can be prefix or suffix match with placeholder '*'.
func isUsableName(names, patterns []string, name string) error {
name = strings.TrimSpace(strings.ToLower(name))
if utf8.RuneCountInString(name) == 0 {
return ErrNameEmpty
}
for i := range names {
if name == names[i] {
return ErrNameReserved{name}
}
}
for _, pat := range patterns {
if pat[0] == '*' && strings.HasSuffix(name, pat[1:]) ||
(pat[len(pat)-1] == '*' && strings.HasPrefix(name, pat[:len(pat)-1])) {
return ErrNamePatternNotAllowed{pat}
}
}
return nil
}
2016-11-29 00:47:46 +08:00
// IsUsableUsername returns an error when a username is reserved
func IsUsableUsername(name string) error {
return isUsableName(reservedUsernames, reservedUserPatterns, name)
}
2014-06-25 12:44:48 +08:00
// CreateUser creates record of a new user.
func CreateUser(u *User) (err error) {
if err = IsUsableUsername(u.Name); err != nil {
return err
2014-06-25 12:44:48 +08:00
}
2017-10-03 14:29:26 +08:00
sess := x.NewSession()
defer sess.Close()
if err = sess.Begin(); err != nil {
return err
}
isExist, err := isUserExist(sess, 0, u.Name)
2014-06-25 12:44:48 +08:00
if err != nil {
2014-07-26 12:24:27 +08:00
return err
2014-06-25 12:44:48 +08:00
} else if isExist {
return ErrUserAlreadyExist{u.Name}
2014-06-25 12:44:48 +08:00
}
2015-11-24 09:43:04 +08:00
u.Email = strings.ToLower(u.Email)
2017-10-03 14:29:26 +08:00
isExist, err = sess.
Where("email=?", u.Email).
Get(new(User))
if err != nil {
return err
2017-10-03 14:29:26 +08:00
} else if isExist {
return ErrEmailAlreadyUsed{u.Email}
}
2017-10-03 14:29:26 +08:00
isExist, err = isEmailUsed(sess, u.Email)
2014-06-25 12:44:48 +08:00
if err != nil {
2014-07-26 12:24:27 +08:00
return err
2014-06-25 12:44:48 +08:00
} else if isExist {
return ErrEmailAlreadyUsed{u.Email}
2014-06-25 12:44:48 +08:00
}
u.KeepEmailPrivate = setting.Service.DefaultKeepEmailPrivate
2014-06-25 12:44:48 +08:00
u.LowerName = strings.ToLower(u.Name)
u.AvatarEmail = u.Email
u.Avatar = base.HashEmail(u.AvatarEmail)
if u.Rands, err = GetUserSalt(); err != nil {
return err
}
if u.Salt, err = GetUserSalt(); err != nil {
return err
}
2014-06-25 12:44:48 +08:00
u.EncodePasswd()
u.AllowCreateOrganization = setting.Service.DefaultAllowCreateOrganization
u.MaxRepoCreation = -1
2014-06-25 12:44:48 +08:00
if _, err = sess.Insert(u); err != nil {
2014-07-26 12:24:27 +08:00
return err
} else if err = os.MkdirAll(UserPath(u.Name), os.ModePerm); err != nil {
return err
2014-06-25 12:44:48 +08:00
}
return sess.Commit()
2014-06-25 12:44:48 +08:00
}
func countUsers(e Engine) int64 {
2016-11-10 23:16:32 +08:00
count, _ := e.
Where("type=0").
Count(new(User))
return count
}
// CountUsers returns number of users.
func CountUsers() int64 {
return countUsers(x)
}
2015-09-12 08:42:26 +08:00
// Users returns number of users in given page.
func Users(opts *SearchUserOptions) ([]*User, error) {
if len(opts.OrderBy) == 0 {
opts.OrderBy = "name ASC"
}
users := make([]*User, 0, opts.PageSize)
sess := x.
Limit(opts.PageSize, (opts.Page-1)*opts.PageSize).
Where("type=0")
return users, sess.
OrderBy(opts.OrderBy).
2016-11-10 23:16:32 +08:00
Find(&users)
2014-04-11 02:20:58 +08:00
}
2017-01-05 08:50:34 +08:00
// get user by verify code
2014-04-11 02:20:58 +08:00
func getVerifyUser(code string) (user *User) {
if len(code) <= base.TimeLimitCodeLength {
return nil
}
// use tail hex username query user
hexStr := code[base.TimeLimitCodeLength:]
if b, err := hex.DecodeString(hexStr); err == nil {
if user, err = GetUserByName(string(b)); user != nil {
return user
}
2014-07-26 12:24:27 +08:00
log.Error(4, "user.getVerifyUser: %v", err)
2014-04-11 02:20:58 +08:00
}
return nil
}
2016-11-29 00:47:46 +08:00
// VerifyUserActiveCode verifies active code when active account
2014-04-11 02:20:58 +08:00
func VerifyUserActiveCode(code string) (user *User) {
2014-05-26 08:11:25 +08:00
minutes := setting.Service.ActiveCodeLives
2014-04-11 02:20:58 +08:00
if user = getVerifyUser(code); user != nil {
// time limit code
prefix := code[:base.TimeLimitCodeLength]
2016-07-24 01:08:22 +08:00
data := com.ToStr(user.ID) + user.Email + user.LowerName + user.Passwd + user.Rands
2014-04-11 02:20:58 +08:00
if base.VerifyTimeLimitCode(data, minutes, prefix) {
return user
}
}
return nil
}
2016-11-29 00:47:46 +08:00
// VerifyActiveEmailCode verifies active email code when active account
func VerifyActiveEmailCode(code, email string) *EmailAddress {
minutes := setting.Service.ActiveCodeLives
if user := getVerifyUser(code); user != nil {
// time limit code
prefix := code[:base.TimeLimitCodeLength]
2016-07-24 01:08:22 +08:00
data := com.ToStr(user.ID) + email + user.LowerName + user.Passwd + user.Rands
if base.VerifyTimeLimitCode(data, minutes, prefix) {
emailAddress := &EmailAddress{Email: email}
if has, _ := x.Get(emailAddress); has {
return emailAddress
}
}
}
return nil
}
2014-04-11 02:20:58 +08:00
// ChangeUserName changes all corresponding setting from old user name to new one.
2014-07-26 12:24:27 +08:00
func ChangeUserName(u *User, newUserName string) (err error) {
if err = IsUsableUsername(newUserName); err != nil {
return err
}
isExist, err := IsUserExist(0, newUserName)
if err != nil {
return err
} else if isExist {
return ErrUserAlreadyExist{newUserName}
2014-07-26 12:24:27 +08:00
}
if err = ChangeUsernameInPullRequests(u.Name, newUserName); err != nil {
return fmt.Errorf("ChangeUsernameInPullRequests: %v", err)
2016-01-28 05:45:03 +08:00
}
// Delete all local copies of repository wiki that user owns.
2016-11-10 23:16:32 +08:00
if err = x.
Where("owner_id=?", u.ID).
Iterate(new(Repository), func(idx int, bean interface{}) error {
repo := bean.(*Repository)
RemoveAllWithNotice("Delete repository wiki local copy", repo.LocalWikiPath())
return nil
}); err != nil {
return fmt.Errorf("Delete repository wiki local copy: %v", err)
}
return os.Rename(UserPath(u.Name), UserPath(newUserName))
2014-04-11 02:20:58 +08:00
}
2017-02-25 22:53:57 +08:00
// checkDupEmail checks whether there are the same email with the user
func checkDupEmail(e Engine, u *User) error {
u.Email = strings.ToLower(u.Email)
has, err := e.
Where("id!=?", u.ID).
And("type=?", u.Type).
And("email=?", u.Email).
Get(new(User))
if err != nil {
return err
} else if has {
return ErrEmailAlreadyUsed{u.Email}
}
return nil
}
func updateUser(e Engine, u *User) error {
// Organization does not need email
2017-02-25 22:53:57 +08:00
u.Email = strings.ToLower(u.Email)
if !u.IsOrganization() {
if len(u.AvatarEmail) == 0 {
u.AvatarEmail = u.Email
}
if len(u.AvatarEmail) > 0 {
u.Avatar = base.HashEmail(u.AvatarEmail)
}
2014-12-01 07:29:16 +08:00
}
2014-06-06 10:07:35 +08:00
u.LowerName = strings.ToLower(u.Name)
u.Location = base.TruncateString(u.Location, 255)
u.Website = base.TruncateString(u.Website, 255)
u.Description = base.TruncateString(u.Description, 255)
2014-04-11 02:20:58 +08:00
2016-07-24 01:08:22 +08:00
_, err := e.Id(u.ID).AllCols().Update(u)
2014-04-11 02:20:58 +08:00
return err
}
// UpdateUser updates user's information.
func UpdateUser(u *User) error {
return updateUser(x, u)
2017-02-25 22:53:57 +08:00
}
// UpdateUserCols update user according special columns
func UpdateUserCols(u *User, cols ...string) error {
return updateUserCols(x, u, cols...)
}
func updateUserCols(e Engine, u *User, cols ...string) error {
// Organization does not need email
u.Email = strings.ToLower(u.Email)
if !u.IsOrganization() {
if len(u.AvatarEmail) == 0 {
u.AvatarEmail = u.Email
}
if len(u.AvatarEmail) > 0 {
u.Avatar = base.HashEmail(u.AvatarEmail)
}
}
u.LowerName = strings.ToLower(u.Name)
u.Location = base.TruncateString(u.Location, 255)
u.Website = base.TruncateString(u.Website, 255)
u.Description = base.TruncateString(u.Description, 255)
_, err := e.Id(u.ID).Cols(cols...).Update(u)
return err
}
2017-02-25 22:53:57 +08:00
// UpdateUserSetting updates user's settings.
func UpdateUserSetting(u *User) error {
if !u.IsOrganization() {
if err := checkDupEmail(x, u); err != nil {
return err
}
}
return updateUser(x, u)
}
2015-09-06 20:54:08 +08:00
// deleteBeans deletes all given beans, beans should contain delete conditions.
func deleteBeans(e Engine, beans ...interface{}) (err error) {
for i := range beans {
if _, err = e.Delete(beans[i]); err != nil {
return err
}
}
return nil
}
2014-11-13 18:27:01 +08:00
// FIXME: need some kind of mechanism to record failure. HINT: system notice
2015-09-06 20:54:08 +08:00
func deleteUser(e *xorm.Session, u *User) error {
2015-08-17 17:05:37 +08:00
// Note: A user owns any repository or belongs to any organization
// cannot perform delete operation.
2014-04-11 02:20:58 +08:00
// Check ownership of repository.
2015-09-06 20:54:08 +08:00
count, err := getRepositoryCount(e, u)
2014-04-11 02:20:58 +08:00
if err != nil {
return fmt.Errorf("GetRepositoryCount: %v", err)
2014-04-11 02:20:58 +08:00
} else if count > 0 {
2016-07-24 01:08:22 +08:00
return ErrUserOwnRepos{UID: u.ID}
2014-04-11 02:20:58 +08:00
}
2014-06-27 15:37:01 +08:00
// Check membership of organization.
2015-09-06 20:54:08 +08:00
count, err = u.getOrganizationCount(e)
2014-06-27 15:37:01 +08:00
if err != nil {
return fmt.Errorf("GetOrganizationCount: %v", err)
2014-06-27 15:37:01 +08:00
} else if count > 0 {
2016-07-24 01:08:22 +08:00
return ErrUserHasOrgs{UID: u.ID}
2014-06-27 15:37:01 +08:00
}
2015-08-17 17:05:37 +08:00
// ***** START: Watch *****
watchedRepoIDs := make([]int64, 0, 10)
if err = e.Table("watch").Cols("watch.repo_id").
Where("watch.user_id = ?", u.ID).Find(&watchedRepoIDs); err != nil {
return fmt.Errorf("get all watches: %v", err)
2014-04-11 02:20:58 +08:00
}
if _, err = e.Decr("num_watches").In("id", watchedRepoIDs).Update(new(Repository)); err != nil {
return fmt.Errorf("decrease repository num_watches: %v", err)
2014-04-12 09:47:39 +08:00
}
2015-08-17 17:05:37 +08:00
// ***** END: Watch *****
2015-08-17 17:05:37 +08:00
// ***** START: Star *****
starredRepoIDs := make([]int64, 0, 10)
if err = e.Table("star").Cols("star.repo_id").
Where("star.uid = ?", u.ID).Find(&starredRepoIDs); err != nil {
2015-08-17 17:05:37 +08:00
return fmt.Errorf("get all stars: %v", err)
} else if _, err = e.Decr("num_watches").In("id", starredRepoIDs).Update(new(Repository)); err != nil {
return fmt.Errorf("decrease repository num_stars: %v", err)
2015-08-17 17:05:37 +08:00
}
// ***** END: Star *****
2015-08-17 17:05:37 +08:00
// ***** START: Follow *****
followeeIDs := make([]int64, 0, 10)
if err = e.Table("follow").Cols("follow.follow_id").
Where("follow.user_id = ?", u.ID).Find(&followeeIDs); err != nil {
return fmt.Errorf("get all followees: %v", err)
} else if _, err = e.Decr("num_followers").In("id", followeeIDs).Update(new(User)); err != nil {
return fmt.Errorf("decrease user num_followers: %v", err)
2015-08-17 17:05:37 +08:00
}
followerIDs := make([]int64, 0, 10)
if err = e.Table("follow").Cols("follow.user_id").
Where("follow.follow_id = ?", u.ID).Find(&followerIDs); err != nil {
return fmt.Errorf("get all followers: %v", err)
} else if _, err = e.Decr("num_following").In("id", followerIDs).Update(new(User)); err != nil {
return fmt.Errorf("decrease user num_following: %v", err)
2014-04-11 02:20:58 +08:00
}
2015-08-17 17:05:37 +08:00
// ***** END: Follow *****
2015-09-06 20:54:08 +08:00
if err = deleteBeans(e,
2016-07-24 01:08:22 +08:00
&AccessToken{UID: u.ID},
&Collaboration{UserID: u.ID},
&Access{UserID: u.ID},
&Watch{UserID: u.ID},
&Star{UID: u.ID},
&Follow{UserID: u.ID},
2016-07-24 01:08:22 +08:00
&Follow{FollowID: u.ID},
&Action{UserID: u.ID},
&IssueUser{UID: u.ID},
&EmailAddress{UID: u.ID},
2017-03-17 22:16:08 +08:00
&UserOpenID{UID: u.ID},
); err != nil {
2015-12-01 09:45:55 +08:00
return fmt.Errorf("deleteBeans: %v", err)
2014-04-11 02:20:58 +08:00
}
2015-08-17 17:05:37 +08:00
// ***** START: PublicKey *****
2014-05-07 04:28:52 +08:00
keys := make([]*PublicKey, 0, 10)
2016-07-24 01:08:22 +08:00
if err = e.Find(&keys, &PublicKey{OwnerID: u.ID}); err != nil {
2015-08-17 17:05:37 +08:00
return fmt.Errorf("get all public keys: %v", err)
2014-04-11 02:20:58 +08:00
}
keyIDs := make([]int64, len(keys))
for i := range keys {
keyIDs[i] = keys[i].ID
}
if err = deletePublicKeys(e, keyIDs...); err != nil {
return fmt.Errorf("deletePublicKeys: %v", err)
2014-04-11 02:20:58 +08:00
}
2015-08-17 17:05:37 +08:00
// ***** END: PublicKey *****
2014-04-11 02:20:58 +08:00
// Clear assignee.
2016-07-24 01:08:22 +08:00
if _, err = e.Exec("UPDATE `issue` SET assignee_id=0 WHERE assignee_id=?", u.ID); err != nil {
2015-08-17 17:05:37 +08:00
return fmt.Errorf("clear assignee: %v", err)
}
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 15:14:37 +08:00
// ***** START: ExternalLoginUser *****
if err = removeAllAccountLinks(e, u); err != nil {
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 15:14:37 +08:00
return fmt.Errorf("ExternalLoginUser: %v", err)
}
// ***** END: ExternalLoginUser *****
2016-07-24 01:08:22 +08:00
if _, err = e.Id(u.ID).Delete(new(User)); err != nil {
2015-08-17 17:05:37 +08:00
return fmt.Errorf("Delete: %v", err)
}
2015-08-17 17:05:37 +08:00
// FIXME: system notice
// Note: There are something just cannot be roll back,
// so just keep error logs of those operations.
2016-12-01 07:56:15 +08:00
path := UserPath(u.Name)
2015-08-17 17:05:37 +08:00
2016-12-01 07:56:15 +08:00
if err := os.RemoveAll(path); err != nil {
return fmt.Errorf("Failed to RemoveAll %s: %v", path, err)
2016-12-01 07:56:15 +08:00
}
if len(u.Avatar) > 0 {
avatarPath := u.CustomAvatarPath()
if com.IsExist(avatarPath) {
if err := os.Remove(avatarPath); err != nil {
return fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
}
}
2016-12-01 07:56:15 +08:00
}
2014-04-11 02:20:58 +08:00
2015-08-17 17:05:37 +08:00
return nil
2014-06-21 12:51:41 +08:00
}
2015-09-06 20:54:08 +08:00
// DeleteUser completely and permanently deletes everything of a user,
// but issues/comments/pulls will be kept and shown as someone has been deleted.
func DeleteUser(u *User) (err error) {
sess := x.NewSession()
defer sess.Close()
2015-09-06 20:54:08 +08:00
if err = sess.Begin(); err != nil {
return err
}
if err = deleteUser(sess, u); err != nil {
2015-09-14 01:26:20 +08:00
// Note: don't wrapper error here.
return err
2015-09-06 20:54:08 +08:00
}
if err = sess.Commit(); err != nil {
return err
}
return RewriteAllPublicKeys()
2015-09-06 20:54:08 +08:00
}
// DeleteInactivateUsers deletes all inactivate users and email addresses.
2015-08-17 17:05:37 +08:00
func DeleteInactivateUsers() (err error) {
users := make([]*User, 0, 10)
2016-11-10 23:16:32 +08:00
if err = x.
Where("is_active = ?", false).
Find(&users); err != nil {
2015-08-17 17:05:37 +08:00
return fmt.Errorf("get all inactive users: %v", err)
}
// FIXME: should only update authorized_keys file once after all deletions.
2015-08-17 17:05:37 +08:00
for _, u := range users {
if err = DeleteUser(u); err != nil {
// Ignore users that were set inactive by admin.
if IsErrUserOwnRepos(err) || IsErrUserHasOrgs(err) {
continue
}
return err
}
}
2015-08-17 17:05:37 +08:00
2016-11-10 23:16:32 +08:00
_, err = x.
Where("is_activated = ?", false).
Delete(new(EmailAddress))
2014-04-11 02:20:58 +08:00
return err
}
// UserPath returns the path absolute path of user repositories.
func UserPath(userName string) string {
2014-05-26 08:11:25 +08:00
return filepath.Join(setting.RepoRootPath, strings.ToLower(userName))
2014-04-11 02:20:58 +08:00
}
// GetUserByKeyID get user information by user's public key id
2015-11-05 10:57:10 +08:00
func GetUserByKeyID(keyID int64) (*User, error) {
var user User
has, err := x.Join("INNER", "public_key", "`public_key`.owner_id = `user`.id").
2016-11-10 23:16:32 +08:00
Where("`public_key`.id=?", keyID).
2016-11-12 16:30:46 +08:00
Get(&user)
if err != nil {
return nil, err
}
if !has {
return nil, ErrUserNotExist{0, "", keyID}
}
return &user, nil
2014-04-11 02:20:58 +08:00
}
2015-08-08 22:43:14 +08:00
func getUserByID(e Engine, id int64) (*User, error) {
2014-06-06 10:07:35 +08:00
u := new(User)
2015-02-13 13:58:46 +08:00
has, err := e.Id(id).Get(u)
2014-04-11 02:20:58 +08:00
if err != nil {
return nil, err
2014-06-06 10:07:35 +08:00
} else if !has {
return nil, ErrUserNotExist{id, "", 0}
2014-04-11 02:20:58 +08:00
}
2014-06-06 10:07:35 +08:00
return u, nil
2014-04-11 02:20:58 +08:00
}
2015-08-08 22:43:14 +08:00
// GetUserByID returns the user object by given ID if exists.
func GetUserByID(id int64) (*User, error) {
return getUserByID(x, id)
2015-02-13 13:58:46 +08:00
}
// GetAssigneeByID returns the user with write access of repository by given ID.
func GetAssigneeByID(repo *Repository, userID int64) (*User, error) {
has, err := HasAccess(userID, repo, AccessModeWrite)
if err != nil {
return nil, err
} else if !has {
return nil, ErrUserNotExist{userID, "", 0}
}
return GetUserByID(userID)
}
2014-10-25 06:43:17 +08:00
// GetUserByName returns user by given name.
2014-04-11 02:20:58 +08:00
func GetUserByName(name string) (*User, error) {
return getUserByName(x, name)
}
func getUserByName(e Engine, name string) (*User, error) {
2014-04-11 02:20:58 +08:00
if len(name) == 0 {
return nil, ErrUserNotExist{0, name, 0}
2014-04-11 02:20:58 +08:00
}
2014-10-25 06:43:17 +08:00
u := &User{LowerName: strings.ToLower(name)}
has, err := e.Get(u)
2014-04-11 02:20:58 +08:00
if err != nil {
return nil, err
} else if !has {
return nil, ErrUserNotExist{0, name, 0}
2014-04-11 02:20:58 +08:00
}
2014-10-25 06:43:17 +08:00
return u, nil
2014-04-11 02:20:58 +08:00
}
// GetUserEmailsByNames returns a list of e-mails corresponds to names.
2014-04-11 02:20:58 +08:00
func GetUserEmailsByNames(names []string) []string {
return getUserEmailsByNames(x, names)
}
func getUserEmailsByNames(e Engine, names []string) []string {
2014-04-11 02:20:58 +08:00
mails := make([]string, 0, len(names))
for _, name := range names {
u, err := getUserByName(e, name)
2014-04-11 02:20:58 +08:00
if err != nil {
continue
}
if u.IsMailable() {
mails = append(mails, u.Email)
}
2014-04-11 02:20:58 +08:00
}
return mails
}
// GetUsersByIDs returns all resolved users from a list of Ids.
func GetUsersByIDs(ids []int64) ([]*User, error) {
ous := make([]*User, 0, len(ids))
if len(ids) == 0 {
return ous, nil
}
err := x.In("id", ids).
2016-11-10 23:16:32 +08:00
Asc("name").
Find(&ous)
return ous, err
}
// GetUserIDsByNames returns a slice of ids corresponds to names.
func GetUserIDsByNames(names []string) []int64 {
ids := make([]int64, 0, len(names))
for _, name := range names {
u, err := GetUserByName(name)
if err != nil {
continue
}
2016-07-24 01:08:22 +08:00
ids = append(ids, u.ID)
}
return ids
}
2014-12-07 09:22:48 +08:00
// UserCommit represents a commit with validation of user.
2014-09-24 03:30:04 +08:00
type UserCommit struct {
2014-11-21 23:58:08 +08:00
User *User
*git.Commit
2014-09-24 03:30:04 +08:00
}
2017-01-05 08:50:34 +08:00
// ValidateCommitWithEmail check if author's e-mail of commit is corresponding to a user.
func ValidateCommitWithEmail(c *git.Commit) *User {
2014-09-26 20:55:13 +08:00
u, err := GetUserByEmail(c.Author.Email)
2014-11-21 23:58:08 +08:00
if err != nil {
return nil
2014-09-26 20:55:13 +08:00
}
2014-11-21 23:58:08 +08:00
return u
2014-09-26 20:55:13 +08:00
}
// ValidateCommitsWithEmails checks if authors' e-mails of commits are corresponding to users.
func ValidateCommitsWithEmails(oldCommits *list.List) *list.List {
2015-08-05 17:36:22 +08:00
var (
u *User
emails = map[string]*User{}
newCommits = list.New()
e = oldCommits.Front()
)
2014-09-24 03:30:04 +08:00
for e != nil {
c := e.Value.(*git.Commit)
2014-09-24 03:30:04 +08:00
2014-09-24 11:18:14 +08:00
if v, ok := emails[c.Author.Email]; !ok {
2014-11-21 23:58:08 +08:00
u, _ = GetUserByEmail(c.Author.Email)
emails[c.Author.Email] = u
2014-09-24 11:18:14 +08:00
} else {
2014-11-21 23:58:08 +08:00
u = v
2014-09-24 03:30:04 +08:00
}
newCommits.PushBack(UserCommit{
2014-11-21 23:58:08 +08:00
User: u,
Commit: c,
2014-09-24 03:30:04 +08:00
})
e = e.Next()
}
return newCommits
}
2014-04-11 02:20:58 +08:00
// GetUserByEmail returns the user object by given e-mail if exists.
func GetUserByEmail(email string) (*User, error) {
if len(email) == 0 {
return nil, ErrUserNotExist{0, email, 0}
2014-04-11 02:20:58 +08:00
}
2015-08-05 17:36:22 +08:00
email = strings.ToLower(email)
// First try to find the user by primary email
2015-08-05 17:36:22 +08:00
user := &User{Email: email}
2014-06-21 12:51:41 +08:00
has, err := x.Get(user)
2014-04-11 02:20:58 +08:00
if err != nil {
return nil, err
}
if has {
return user, nil
}
// Otherwise, check in alternative list for activated email addresses
2015-08-05 17:36:22 +08:00
emailAddress := &EmailAddress{Email: email, IsActivated: true}
has, err = x.Get(emailAddress)
if err != nil {
return nil, err
}
if has {
2015-09-10 23:40:34 +08:00
return GetUserByID(emailAddress.UID)
}
return nil, ErrUserNotExist{0, email, 0}
2014-04-11 02:20:58 +08:00
}
Oauth2 consumer (#679) * initial stuff for oauth2 login, fails on: * login button on the signIn page to start the OAuth2 flow and a callback for each provider Only GitHub is implemented for now * show login button only when the OAuth2 consumer is configured (and activated) * create macaron group for oauth2 urls * prevent net/http in modules (other then oauth2) * use a new data sessions oauth2 folder for storing the oauth2 session data * add missing 2FA when this is enabled on the user * add password option for OAuth2 user , for use with git over http and login to the GUI * add tip for registering a GitHub OAuth application * at startup of Gitea register all configured providers and also on adding/deleting of new providers * custom handling of errors in oauth2 request init + show better tip * add ExternalLoginUser model and migration script to add it to database * link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed * remove the linked external account from the user his settings * if user is unknown we allow him to register a new account or link it to some existing account * sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers) * from gorilla/sessions docs: "Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!" (we're using gorilla/sessions for storing oauth2 sessions) * use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 15:14:37 +08:00
// GetUser checks if a user already exists
func GetUser(user *User) (bool, error) {
return x.Get(user)
}
2016-11-29 00:47:46 +08:00
// SearchUserOptions contains the options for searching
type SearchUserOptions struct {
Keyword string
Type UserType
OrderBy string
Page int
2016-07-24 00:23:54 +08:00
PageSize int // Can be smaller than or equal to setting.UI.ExplorePagingNum
}
// SearchUserByName takes keyword and part of user name to search,
// it returns results in given range and number of total results.
func SearchUserByName(opts *SearchUserOptions) (users []*User, _ int64, _ error) {
if len(opts.Keyword) == 0 {
return users, 0, nil
}
opts.Keyword = strings.ToLower(opts.Keyword)
2016-07-24 00:23:54 +08:00
if opts.PageSize <= 0 || opts.PageSize > setting.UI.ExplorePagingNum {
opts.PageSize = setting.UI.ExplorePagingNum
}
if opts.Page <= 0 {
opts.Page = 1
}
users = make([]*User, 0, opts.PageSize)
// Append conditions
cond := builder.And(
builder.Eq{"type": opts.Type},
builder.Or(
builder.Like{"lower_name", opts.Keyword},
builder.Like{"LOWER(full_name)", opts.Keyword},
),
)
count, err := x.Where(cond).Count(new(User))
if err != nil {
return nil, 0, fmt.Errorf("Count: %v", err)
2014-05-01 11:48:01 +08:00
}
sess := x.Where(cond).
Limit(opts.PageSize, (opts.Page-1)*opts.PageSize)
2016-03-12 05:11:33 +08:00
if len(opts.OrderBy) > 0 {
sess.OrderBy(opts.OrderBy)
}
return users, count, sess.Find(&users)
2014-05-01 11:48:01 +08:00
}
2016-11-15 06:33:58 +08:00
// GetStarredRepos returns the repos starred by a particular user
func GetStarredRepos(userID int64, private bool) ([]*Repository, error) {
sess := x.Where("star.uid=?", userID).
Join("LEFT", "star", "`repository`.id=`star`.repo_id")
if !private {
sess = sess.And("is_private=?", false)
}
repos := make([]*Repository, 0, 10)
err := sess.Find(&repos)
if err != nil {
return nil, err
}
return repos, nil
}
2016-12-24 09:53:11 +08:00
// GetWatchedRepos returns the repos watched by a particular user
func GetWatchedRepos(userID int64, private bool) ([]*Repository, error) {
sess := x.Where("watch.user_id=?", userID).
Join("LEFT", "watch", "`repository`.id=`watch`.repo_id")
if !private {
sess = sess.And("is_private=?", false)
}
repos := make([]*Repository, 0, 10)
err := sess.Find(&repos)
if err != nil {
return nil, err
}
return repos, nil
}
2017-05-10 21:10:18 +08:00
// SyncExternalUsers is used to synchronize users with external authorization source
func SyncExternalUsers() {
if !taskStatusTable.StartIfNotRunning(syncExternalUsers) {
2017-05-10 21:10:18 +08:00
return
}
defer taskStatusTable.Stop(syncExternalUsers)
log.Trace("Doing: SyncExternalUsers")
ls, err := LoginSources()
if err != nil {
log.Error(4, "SyncExternalUsers: %v", err)
return
}
updateExisting := setting.Cron.SyncExternalUsers.UpdateExisting
for _, s := range ls {
if !s.IsActived || !s.IsSyncEnabled {
continue
}
if s.IsLDAP() {
log.Trace("Doing: SyncExternalUsers[%s]", s.Name)
var existingUsers []int64
// Find all users with this login type
var users []User
x.Where("login_type = ?", LoginLDAP).
And("login_source = ?", s.ID).
Find(&users)
sr := s.LDAP().SearchEntries()
for _, su := range sr {
if len(su.Username) == 0 {
continue
}
if len(su.Mail) == 0 {
su.Mail = fmt.Sprintf("%s@localhost", su.Username)
}
var usr *User
// Search for existing user
for _, du := range users {
if du.LowerName == strings.ToLower(su.Username) {
usr = &du
break
}
}
fullName := composeFullName(su.Name, su.Surname, su.Username)
// If no existing user found, create one
if usr == nil {
log.Trace("SyncExternalUsers[%s]: Creating user %s", s.Name, su.Username)
usr = &User{
LowerName: strings.ToLower(su.Username),
Name: su.Username,
FullName: fullName,
LoginType: s.Type,
LoginSource: s.ID,
LoginName: su.Username,
Email: su.Mail,
IsAdmin: su.IsAdmin,
IsActive: true,
}
err = CreateUser(usr)
if err != nil {
log.Error(4, "SyncExternalUsers[%s]: Error creating user %s: %v", s.Name, su.Username, err)
}
} else if updateExisting {
existingUsers = append(existingUsers, usr.ID)
// Check if user data has changed
if (len(s.LDAP().AdminFilter) > 0 && usr.IsAdmin != su.IsAdmin) ||
strings.ToLower(usr.Email) != strings.ToLower(su.Mail) ||
usr.FullName != fullName ||
!usr.IsActive {
log.Trace("SyncExternalUsers[%s]: Updating user %s", s.Name, usr.Name)
usr.FullName = fullName
usr.Email = su.Mail
// Change existing admin flag only if AdminFilter option is set
if len(s.LDAP().AdminFilter) > 0 {
usr.IsAdmin = su.IsAdmin
}
usr.IsActive = true
err = UpdateUserCols(usr, "full_name", "email", "is_admin", "is_active")
2017-05-10 21:10:18 +08:00
if err != nil {
log.Error(4, "SyncExternalUsers[%s]: Error updating user %s: %v", s.Name, usr.Name, err)
}
}
}
}
// Deactivate users not present in LDAP
if updateExisting {
for _, usr := range users {
found := false
for _, uid := range existingUsers {
if usr.ID == uid {
found = true
break
}
}
if !found {
log.Trace("SyncExternalUsers[%s]: Deactivating user %s", s.Name, usr.Name)
usr.IsActive = false
err = UpdateUserCols(&usr, "is_active")
2017-05-10 21:10:18 +08:00
if err != nil {
log.Error(4, "SyncExternalUsers[%s]: Error deactivating user %s: %v", s.Name, usr.Name, err)
}
}
}
}
}
}
}