peter/go-gitea
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

force users to change password if account was created by an admin

Browse Source
This commit is contained in:
Lanre Adelowo 2018-07-21 17:07:47 +01:00
parent 68d57a196e
commit 23acb29e56
4 changed files with 107 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
models/user.go
View File

@ -14,6 +14,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"image" "image"
// Needed for jpeg support // Needed for jpeg support
_ "image/jpeg" _ "image/jpeg"
"image/png" "image/png"
@ -83,18 +84,23 @@ type User struct {
Email string `xorm:"NOT NULL"` Email string `xorm:"NOT NULL"`
KeepEmailPrivate bool KeepEmailPrivate bool
Passwd string `xorm:"NOT NULL"` Passwd string `xorm:"NOT NULL"`
LoginType LoginType
LoginSource int64 `xorm:"NOT NULL DEFAULT 0"` // MustChangePassword is an attribute that determines if a user
LoginName string // is to change his/her password after registration.
Type UserType MustChangePassword bool `xorm:"NOT NULL DEFAULT false"`
OwnedOrgs []*User `xorm:"-"`
Orgs []*User `xorm:"-"` LoginType LoginType
Repos []*Repository `xorm:"-"` LoginSource int64 `xorm:"NOT NULL DEFAULT 0"`
Location string LoginName string
Website string Type UserType
Rands string `xorm:"VARCHAR(10)"` OwnedOrgs []*User `xorm:"-"`
Salt string `xorm:"VARCHAR(10)"` Orgs []*User `xorm:"-"`
Language string `xorm:"VARCHAR(5)"` Repos []*Repository `xorm:"-"`
Location string
Website string
Rands string `xorm:"VARCHAR(10)"`
Salt string `xorm:"VARCHAR(10)"`
Language string `xorm:"VARCHAR(5)"`
CreatedUnix util.TimeStamp `xorm:"INDEX created"` CreatedUnix util.TimeStamp `xorm:"INDEX created"`
UpdatedUnix util.TimeStamp `xorm:"INDEX updated"` UpdatedUnix util.TimeStamp `xorm:"INDEX updated"`

20
modules/context/auth.go
View File

@ -31,10 +31,22 @@ func Toggle(options *ToggleOptions) macaron.Handler {
} }
// Check prohibit login users. // Check prohibit login users.
if ctx.IsSigned && ctx.User.ProhibitLogin { if ctx.IsSigned {
ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
ctx.HTML(200, "user/auth/prohibit_login") if ctx.User.ProhibitLogin {
return ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
ctx.HTML(200, "user/auth/prohibit_login")
return
}
if ctx.Req.URL.Path == "/user/change_password" {
return
} else if ctx.User.MustChangePassword {
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
ctx.Redirect(setting.AppSubURL + "/user/change_password")
return
}
} }
// Redirect to dashboard if user tries to visit any non-login page. // Redirect to dashboard if user tries to visit any non-login page.

11
routers/admin/users.go
View File

@ -77,11 +77,12 @@ func NewUserPost(ctx *context.Context, form auth.AdminCreateUserForm) {
} }
u := &models.User{ u := &models.User{
Name: form.UserName, Name: form.UserName,
Email: form.Email, Email: form.Email,
Passwd: form.Password, Passwd: form.Password,
IsActive: true, IsActive: true,
LoginType: models.LoginPlain, LoginType: models.LoginPlain,
MustChangePassword: false,
} }
if len(form.LoginType) > 0 { if len(form.LoginType) > 0 {

67
routers/user/auth.go
View File

@ -28,6 +28,7 @@ import (
) )
const ( const (
tplMustChangePassword = "user/auth/change_passwd"
// tplSignIn template for sign in page // tplSignIn template for sign in page
tplSignIn base.TplName = "user/auth/signin" tplSignIn base.TplName = "user/auth/signin"
// tplSignUp template path for sign up page // tplSignUp template path for sign up page
@ -1185,3 +1186,69 @@ func ResetPasswdPost(ctx *context.Context) {
ctx.Data["IsResetFailed"] = true ctx.Data["IsResetFailed"] = true
ctx.HTML(200, tplResetPassword) ctx.HTML(200, tplResetPassword)
} }
// MustChangePassword renders the page to change a user's password
func MustChangePassword(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
ctx.HTML(200, tplMustChangePassword)
}
// MustChangePasswordPost response for updating a user's password after his/her
// account was created by an admin
func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form auth.MustChangePasswordForm) {
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/sign_up"
if ctx.HasError() {
ctx.HTML(200, tplMustChangePassword)
return
}
u := ctx.User
// Make sure only requests for users who are eligible to change their password via
// this method passes through
if !u.MustChangePassword {
ctx.ServerError("MustUpdatePassword", errors.New("cannot update password.. Please visit the settings page"))
return
}
if form.Password != form.Retype {
ctx.Data["Err_Password"] = true
ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplMustChangePassword, &form)
return
}
if len(form.Password) < setting.MinPasswordLength {
ctx.Data["Err_Password"] = true
ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplMustChangePassword, &form)
return
}
var err error
if u.Rands, err = models.GetUserSalt(); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
if u.Salt, err = models.GetUserSalt(); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
u.HashPassword(form.Password)
u.MustChangePassword = false
if err := models.UpdateUserCols(u, "must_change_password", "passwd", "rands", "salt"); err != nil {
ctx.ServerError("UpdateUser", err)
return
}
ctx.Flash.Success(ctx.Tr("settings.change_password_success"))
log.Trace("User updated password: %s", u.Name)
ctx.Redirect(setting.AppSubURL + "/")
}