From 0bef325fb46f87f2a6a1ac51e8a216c30fc4a36c Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sun, 15 Jul 2018 15:26:30 +0100 Subject: [PATCH 01/19] redirect to login page after successfully activating account --- routers/user/auth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/user/auth.go b/routers/user/auth.go index 4852d47aec9a0..4c502c19abddf 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -1034,7 +1034,7 @@ func Activate(ctx *context.Context) { ctx.Session.Set("uid", user.ID) ctx.Session.Set("uname", user.Name) - ctx.Redirect(setting.AppSubURL + "/") + ctx.Redirect(setting.AppSubURL + "/user/login") return } From 23acb29e560cd564ddfe114e6d5ea4fc9b392a46 Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sat, 21 Jul 2018 17:07:47 +0100 Subject: [PATCH 02/19] force users to change password if account was created by an admin --- models/user.go | 30 ++++++++++-------- modules/context/auth.go | 20 +++++++++--- routers/admin/users.go | 11 ++++--- routers/user/auth.go | 67 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 107 insertions(+), 21 deletions(-) diff --git a/models/user.go b/models/user.go index 32b9bfec9bcd1..21e77571c2ffe 100644 --- a/models/user.go +++ b/models/user.go @@ -14,6 +14,7 @@ import ( "errors" "fmt" "image" + // Needed for jpeg support _ "image/jpeg" "image/png" @@ -83,18 +84,23 @@ type User struct { Email string `xorm:"NOT NULL"` KeepEmailPrivate bool Passwd string `xorm:"NOT NULL"` - LoginType LoginType - LoginSource int64 `xorm:"NOT NULL DEFAULT 0"` - LoginName string - Type UserType - OwnedOrgs []*User `xorm:"-"` - Orgs []*User `xorm:"-"` - Repos []*Repository `xorm:"-"` - Location string - Website string - Rands string `xorm:"VARCHAR(10)"` - Salt string `xorm:"VARCHAR(10)"` - Language string `xorm:"VARCHAR(5)"` + + // MustChangePassword is an attribute that determines if a user + // is to change his/her password after registration. + MustChangePassword bool `xorm:"NOT NULL DEFAULT false"` + + LoginType LoginType + LoginSource int64 `xorm:"NOT NULL DEFAULT 0"` + LoginName string + Type UserType + OwnedOrgs []*User `xorm:"-"` + Orgs []*User `xorm:"-"` + Repos []*Repository `xorm:"-"` + Location string + Website string + Rands string `xorm:"VARCHAR(10)"` + Salt string `xorm:"VARCHAR(10)"` + Language string `xorm:"VARCHAR(5)"` CreatedUnix util.TimeStamp `xorm:"INDEX created"` UpdatedUnix util.TimeStamp `xorm:"INDEX updated"` diff --git a/modules/context/auth.go b/modules/context/auth.go index c38cc3948d42c..c5df1d68de71c 100644 --- a/modules/context/auth.go +++ b/modules/context/auth.go @@ -31,10 +31,22 @@ func Toggle(options *ToggleOptions) macaron.Handler { } // Check prohibit login users. - if ctx.IsSigned && ctx.User.ProhibitLogin { - ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") - ctx.HTML(200, "user/auth/prohibit_login") - return + if ctx.IsSigned { + + if ctx.User.ProhibitLogin { + ctx.Data["Title"] = ctx.Tr("auth.prohibit_login") + ctx.HTML(200, "user/auth/prohibit_login") + return + } + + if ctx.Req.URL.Path == "/user/change_password" { + return + } else if ctx.User.MustChangePassword { + ctx.Data["Title"] = ctx.Tr("auth.must_change_password") + ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" + ctx.Redirect(setting.AppSubURL + "/user/change_password") + return + } } // Redirect to dashboard if user tries to visit any non-login page. diff --git a/routers/admin/users.go b/routers/admin/users.go index 9aa78db103290..bc7850d7a8807 100644 --- a/routers/admin/users.go +++ b/routers/admin/users.go @@ -77,11 +77,12 @@ func NewUserPost(ctx *context.Context, form auth.AdminCreateUserForm) { } u := &models.User{ - Name: form.UserName, - Email: form.Email, - Passwd: form.Password, - IsActive: true, - LoginType: models.LoginPlain, + Name: form.UserName, + Email: form.Email, + Passwd: form.Password, + IsActive: true, + LoginType: models.LoginPlain, + MustChangePassword: false, } if len(form.LoginType) > 0 { diff --git a/routers/user/auth.go b/routers/user/auth.go index 11cc9f6b7f160..184b374f379fe 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -28,6 +28,7 @@ import ( ) const ( + tplMustChangePassword = "user/auth/change_passwd" // tplSignIn template for sign in page tplSignIn base.TplName = "user/auth/signin" // tplSignUp template path for sign up page @@ -1185,3 +1186,69 @@ func ResetPasswdPost(ctx *context.Context) { ctx.Data["IsResetFailed"] = true ctx.HTML(200, tplResetPassword) } + +// MustChangePassword renders the page to change a user's password +func MustChangePassword(ctx *context.Context) { + ctx.Data["Title"] = ctx.Tr("auth.must_change_password") + ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" + + ctx.HTML(200, tplMustChangePassword) +} + +// MustChangePasswordPost response for updating a user's password after his/her +// account was created by an admin +func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form auth.MustChangePasswordForm) { + ctx.Data["Title"] = ctx.Tr("auth.must_change_password") + + ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/sign_up" + + if ctx.HasError() { + ctx.HTML(200, tplMustChangePassword) + return + } + + u := ctx.User + + // Make sure only requests for users who are eligible to change their password via + // this method passes through + if !u.MustChangePassword { + ctx.ServerError("MustUpdatePassword", errors.New("cannot update password.. Please visit the settings page")) + return + } + + if form.Password != form.Retype { + ctx.Data["Err_Password"] = true + ctx.RenderWithErr(ctx.Tr("form.password_not_match"), tplMustChangePassword, &form) + return + } + + if len(form.Password) < setting.MinPasswordLength { + ctx.Data["Err_Password"] = true + ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplMustChangePassword, &form) + return + } + + var err error + if u.Rands, err = models.GetUserSalt(); err != nil { + ctx.ServerError("UpdateUser", err) + return + } + + if u.Salt, err = models.GetUserSalt(); err != nil { + ctx.ServerError("UpdateUser", err) + return + } + + u.HashPassword(form.Password) + u.MustChangePassword = false + + if err := models.UpdateUserCols(u, "must_change_password", "passwd", "rands", "salt"); err != nil { + ctx.ServerError("UpdateUser", err) + return + } + + ctx.Flash.Success(ctx.Tr("settings.change_password_success")) + + log.Trace("User updated password: %s", u.Name) + ctx.Redirect(setting.AppSubURL + "/") +} From ff42bfdd777841d9576866c1849bfb29beb3b0ce Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sat, 21 Jul 2018 17:11:01 +0100 Subject: [PATCH 03/19] force users to change password if account was created by an admin --- models/migrations/v71.go | 18 ++++++++++++++ templates/user/auth/change_passwd.tmpl | 7 ++++++ templates/user/auth/change_passwd_inner.tmpl | 26 ++++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 models/migrations/v71.go create mode 100644 templates/user/auth/change_passwd.tmpl create mode 100644 templates/user/auth/change_passwd_inner.tmpl diff --git a/models/migrations/v71.go b/models/migrations/v71.go new file mode 100644 index 0000000000000..87e7a71aaa26c --- /dev/null +++ b/models/migrations/v71.go @@ -0,0 +1,18 @@ +// Copyright 2018 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package migrations + +import ( + "github.com/go-xorm/xorm" +) + +func addMustChangePassword(x *xorm.Engine) error { + type User struct { + ID int64 `xorm:"pk autoincr"` + MustChangePassword bool `xorm:"NOT NULL DEFAULT false"` + } + + return x.Sync2(new(User)) +} diff --git a/templates/user/auth/change_passwd.tmpl b/templates/user/auth/change_passwd.tmpl new file mode 100644 index 0000000000000..d84796348ef1f --- /dev/null +++ b/templates/user/auth/change_passwd.tmpl @@ -0,0 +1,7 @@ +{{template "base/head" .}} +
+
+ {{template "user/auth/change_passwd_inner" .}} +
+
+{{template "base/footer" .}} diff --git a/templates/user/auth/change_passwd_inner.tmpl b/templates/user/auth/change_passwd_inner.tmpl new file mode 100644 index 0000000000000..60d4a210ee59c --- /dev/null +++ b/templates/user/auth/change_passwd_inner.tmpl @@ -0,0 +1,26 @@ + {{if or (not .LinkAccountMode) (and .LinkAccountMode .LinkAccountModeSignIn)}} + {{template "base/alert" .}} + {{end}} +

+ {{.i18n.Tr "settings.change_password"}} +

+
+
+ {{.CsrfTokenHtml}} +
+ + +
+ + +
+ + +
+ +
+ + +
+
+
From 26fccdff0afa073a684c640020aef0110d986ebc Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sat, 21 Jul 2018 17:15:22 +0100 Subject: [PATCH 04/19] fixed build --- modules/auth/user_form.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/modules/auth/user_form.go b/modules/auth/user_form.go index 959a8ac4172d5..251f73479fa2a 100644 --- a/modules/auth/user_form.go +++ b/modules/auth/user_form.go @@ -84,6 +84,16 @@ func (f *RegisterForm) Validate(ctx *macaron.Context, errs binding.Errors) bindi return validate(errs, ctx.Data, f, ctx.Locale) } +type MustChangePasswordForm struct { + Password string `binding:"Required;MaxSize(255)"` + Retype string +} + +// Validate valideates the fields +func (f *MustChangePasswordForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors { + return validate(errs, ctx.Data, f, ctx.Locale) +} + // SignInForm form for signing in with user/password type SignInForm struct { UserName string `binding:"Required;MaxSize(254)"` From 4562460b05b96eb55d66af6b4b153b6918fe879d Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sat, 21 Jul 2018 17:18:54 +0100 Subject: [PATCH 05/19] fixed build --- modules/auth/user_form.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/auth/user_form.go b/modules/auth/user_form.go index 251f73479fa2a..43ddb29c76e68 100644 --- a/modules/auth/user_form.go +++ b/modules/auth/user_form.go @@ -84,6 +84,8 @@ func (f *RegisterForm) Validate(ctx *macaron.Context, errs binding.Errors) bindi return validate(errs, ctx.Data, f, ctx.Locale) } +// MustChangePasswordForm form for updating your password after account creation +// by an admin type MustChangePasswordForm struct { Password string `binding:"Required;MaxSize(255)"` Retype string From 5a2ea86adf89ef594209ebf1c196a1484f6ddf33 Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sat, 21 Jul 2018 17:29:08 +0100 Subject: [PATCH 06/19] fix pending issues with translation and wrong routes --- options/locale/locale_en-US.ini | 1 + routers/admin/users.go | 2 +- routers/routes/routes.go | 2 ++ routers/user/auth.go | 2 +- 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 629d84e0585ea..b7273feff76e0 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -201,6 +201,7 @@ forgot_password_title= Forgot Password forgot_password = Forgot password? sign_up_now = Need an account? Register now. confirmation_mail_sent_prompt = A new confirmation email has been sent to %s. Please check your inbox within the next %s to complete the registration process. +must_change_password = Update your password reset_password_mail_sent_prompt = A confirmation email has been sent to %s. Please check your inbox within the next %s to complete the password reset process. active_your_account = Activate Your Account prohibit_login = Sign In Prohibited diff --git a/routers/admin/users.go b/routers/admin/users.go index bc7850d7a8807..ae8882ac12caa 100644 --- a/routers/admin/users.go +++ b/routers/admin/users.go @@ -82,7 +82,7 @@ func NewUserPost(ctx *context.Context, form auth.AdminCreateUserForm) { Passwd: form.Password, IsActive: true, LoginType: models.LoginPlain, - MustChangePassword: false, + MustChangePassword: true, } if len(form.LoginType) > 0 { diff --git a/routers/routes/routes.go b/routers/routes/routes.go index 3eaaff60b6a52..991033cde6e46 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -203,6 +203,8 @@ func RegisterRoutes(m *macaron.Macaron) { }, openIDSignInEnabled) m.Get("/sign_up", user.SignUp) m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost) + m.Get("/change_password", user.MustChangePassword) + m.Post("/change_password", bindIgnErr(auth.MustChangePasswordForm{}), user.MustChangePasswordPost) m.Get("/reset_password", user.ResetPasswd) m.Post("/reset_password", user.ResetPasswdPost) m.Group("/oauth2", func() { diff --git a/routers/user/auth.go b/routers/user/auth.go index 184b374f379fe..b5e5c50ae1cf0 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -1200,7 +1200,7 @@ func MustChangePassword(ctx *context.Context) { func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form auth.MustChangePasswordForm) { ctx.Data["Title"] = ctx.Tr("auth.must_change_password") - ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/sign_up" + ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" if ctx.HasError() { ctx.HTML(200, tplMustChangePassword) From 3b87fefe2b5fbe5bcb0bda0427bd16ad7b9af6ed Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sat, 21 Jul 2018 20:26:26 +0100 Subject: [PATCH 07/19] make sure path check is safe --- modules/context/auth.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/context/auth.go b/modules/context/auth.go index c5df1d68de71c..66d19a8989ead 100644 --- a/modules/context/auth.go +++ b/modules/context/auth.go @@ -39,7 +39,8 @@ func Toggle(options *ToggleOptions) macaron.Handler { return } - if ctx.Req.URL.Path == "/user/change_password" { + // prevent infinite redirection + if ctx.Req.URL.Path == setting.AppSubURL+"/user/change_password" { return } else if ctx.User.MustChangePassword { ctx.Data["Title"] = ctx.Tr("auth.must_change_password") From 7e67ecc16a8eced66aa9ed4518327d35737edc8c Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sat, 21 Jul 2018 20:28:43 +0100 Subject: [PATCH 08/19] remove unneccessary newline --- models/user.go | 1 - 1 file changed, 1 deletion(-) diff --git a/models/user.go b/models/user.go index 21e77571c2ffe..1ab2e68e81675 100644 --- a/models/user.go +++ b/models/user.go @@ -14,7 +14,6 @@ import ( "errors" "fmt" "image" - // Needed for jpeg support _ "image/jpeg" "image/png" From 59432fae0a0f60454f6f9538e8644bf96be40c92 Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sat, 21 Jul 2018 22:08:52 +0100 Subject: [PATCH 09/19] make sure users that don't have to view the form get redirected --- modules/context/auth.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/context/auth.go b/modules/context/auth.go index 66d19a8989ead..58cdc2cacea86 100644 --- a/modules/context/auth.go +++ b/modules/context/auth.go @@ -40,9 +40,16 @@ func Toggle(options *ToggleOptions) macaron.Handler { } // prevent infinite redirection + // also make sure that the form cannot be accessed by + // users who don't need this if ctx.Req.URL.Path == setting.AppSubURL+"/user/change_password" { + if !ctx.User.MustChangePassword { + ctx.Redirect(setting.AppSubURL + "/") + } return - } else if ctx.User.MustChangePassword { + } + + if ctx.User.MustChangePassword { ctx.Data["Title"] = ctx.Tr("auth.must_change_password") ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" ctx.Redirect(setting.AppSubURL + "/user/change_password") From 741ef66ecfd4f884b870ec5a5308abf108d01a56 Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sat, 21 Jul 2018 22:19:11 +0100 Subject: [PATCH 10/19] move route to use /settings prefix so as to make sure unauthenticated users can't view the page --- modules/context/auth.go | 4 ++-- routers/routes/routes.go | 4 ++-- routers/user/auth.go | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/context/auth.go b/modules/context/auth.go index 58cdc2cacea86..f6685ebc60eba 100644 --- a/modules/context/auth.go +++ b/modules/context/auth.go @@ -42,7 +42,7 @@ func Toggle(options *ToggleOptions) macaron.Handler { // prevent infinite redirection // also make sure that the form cannot be accessed by // users who don't need this - if ctx.Req.URL.Path == setting.AppSubURL+"/user/change_password" { + if ctx.Req.URL.Path == setting.AppSubURL+"/user/settings/change_password" { if !ctx.User.MustChangePassword { ctx.Redirect(setting.AppSubURL + "/") } @@ -52,7 +52,7 @@ func Toggle(options *ToggleOptions) macaron.Handler { if ctx.User.MustChangePassword { ctx.Data["Title"] = ctx.Tr("auth.must_change_password") ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" - ctx.Redirect(setting.AppSubURL + "/user/change_password") + ctx.Redirect(setting.AppSubURL + "/user/settings/change_password") return } } diff --git a/routers/routes/routes.go b/routers/routes/routes.go index 991033cde6e46..de6f24efa9ce3 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -203,8 +203,6 @@ func RegisterRoutes(m *macaron.Macaron) { }, openIDSignInEnabled) m.Get("/sign_up", user.SignUp) m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost) - m.Get("/change_password", user.MustChangePassword) - m.Post("/change_password", bindIgnErr(auth.MustChangePasswordForm{}), user.MustChangePasswordPost) m.Get("/reset_password", user.ResetPasswd) m.Post("/reset_password", user.ResetPasswdPost) m.Group("/oauth2", func() { @@ -231,6 +229,8 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("/user/settings", func() { m.Get("", userSetting.Profile) m.Post("", bindIgnErr(auth.UpdateProfileForm{}), userSetting.ProfilePost) + m.Get("/change_password", user.MustChangePassword) + m.Post("/change_password", bindIgnErr(auth.MustChangePasswordForm{}), user.MustChangePasswordPost) m.Post("/avatar", binding.MultipartForm(auth.AvatarForm{}), userSetting.AvatarPost) m.Post("/avatar/delete", userSetting.DeleteAvatar) m.Group("/account", func() { diff --git a/routers/user/auth.go b/routers/user/auth.go index b5e5c50ae1cf0..9ef2c8b74cab3 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -1190,7 +1190,7 @@ func ResetPasswdPost(ctx *context.Context) { // MustChangePassword renders the page to change a user's password func MustChangePassword(ctx *context.Context) { ctx.Data["Title"] = ctx.Tr("auth.must_change_password") - ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" + ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/settings/change_password" ctx.HTML(200, tplMustChangePassword) } @@ -1200,7 +1200,7 @@ func MustChangePassword(ctx *context.Context) { func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form auth.MustChangePasswordForm) { ctx.Data["Title"] = ctx.Tr("auth.must_change_password") - ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" + ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/settings/change_password" if ctx.HasError() { ctx.HTML(200, tplMustChangePassword) From 9b4f70f34349af100e72ec1748737e5e31a5b236 Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sat, 21 Jul 2018 23:02:19 +0100 Subject: [PATCH 11/19] update as per @lafriks review --- routers/user/auth.go | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/routers/user/auth.go b/routers/user/auth.go index 9ef2c8b74cab3..571fe9eb92e17 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -1173,7 +1173,8 @@ func ResetPasswdPost(ctx *context.Context) { return } u.HashPassword(passwd) - if err := models.UpdateUserCols(u, "passwd", "rands", "salt"); err != nil { + u.MustChangePassword = false + if err := models.UpdateUserCols(u, "must_change_password", "passwd", "rands", "salt"); err != nil { ctx.ServerError("UpdateUser", err) return } @@ -1229,11 +1230,6 @@ func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form aut } var err error - if u.Rands, err = models.GetUserSalt(); err != nil { - ctx.ServerError("UpdateUser", err) - return - } - if u.Salt, err = models.GetUserSalt(); err != nil { ctx.ServerError("UpdateUser", err) return @@ -1242,7 +1238,7 @@ func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form aut u.HashPassword(form.Password) u.MustChangePassword = false - if err := models.UpdateUserCols(u, "must_change_password", "passwd", "rands", "salt"); err != nil { + if err := models.UpdateUserCols(u, "must_change_password", "passwd", "salt"); err != nil { ctx.ServerError("UpdateUser", err) return } From 845c00bd2f55200e0203625db8ad9fafeb4649ee Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sat, 21 Jul 2018 23:28:06 +0100 Subject: [PATCH 12/19] add necessary comment --- routers/user/auth.go | 1 + 1 file changed, 1 insertion(+) diff --git a/routers/user/auth.go b/routers/user/auth.go index 571fe9eb92e17..1a08f70bbe2a0 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -28,6 +28,7 @@ import ( ) const ( + // tplMustChangePassword template for updating a user's password tplMustChangePassword = "user/auth/change_passwd" // tplSignIn template for sign in page tplSignIn base.TplName = "user/auth/signin" From b6b39d31b0edf582222931a87de556ccacada574 Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sun, 22 Jul 2018 16:41:02 +0100 Subject: [PATCH 13/19] remove unrelated changes --- routers/user/auth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/user/auth.go b/routers/user/auth.go index 1a08f70bbe2a0..ab8112e743d83 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -1037,7 +1037,7 @@ func Activate(ctx *context.Context) { ctx.Session.Set("uid", user.ID) ctx.Session.Set("uname", user.Name) - ctx.Redirect(setting.AppSubURL + "/user/login") + ctx.Redirect(setting.AppSubURL + "/") return } From e0f8fd8ef2d5bc6a05bd25c3ca18be314173f368 Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Mon, 23 Jul 2018 15:45:39 +0100 Subject: [PATCH 14/19] support redirecting to location the user actually want to go to before being forced to change his/her password --- modules/context/auth.go | 1 + routers/user/auth.go | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/modules/context/auth.go b/modules/context/auth.go index f6685ebc60eba..110122cb668f4 100644 --- a/modules/context/auth.go +++ b/modules/context/auth.go @@ -52,6 +52,7 @@ func Toggle(options *ToggleOptions) macaron.Handler { if ctx.User.MustChangePassword { ctx.Data["Title"] = ctx.Tr("auth.must_change_password") ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" + ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL) ctx.Redirect(setting.AppSubURL + "/user/settings/change_password") return } diff --git a/routers/user/auth.go b/routers/user/auth.go index ab8112e743d83..4feee9cc5562c 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -1247,5 +1247,12 @@ func MustChangePasswordPost(ctx *context.Context, cpt *captcha.Captcha, form aut ctx.Flash.Success(ctx.Tr("settings.change_password_success")) log.Trace("User updated password: %s", u.Name) + + if redirectTo, _ := url.QueryUnescape(ctx.GetCookie("redirect_to")); len(redirectTo) > 0 && !util.IsExternalURL(redirectTo) { + ctx.SetCookie("redirect_to", "", -1, setting.AppSubURL) + ctx.RedirectToFirst(redirectTo) + return + } + ctx.Redirect(setting.AppSubURL + "/") } From f7e1e088eb2cbb33477d1a3c5f22a2df8f47984a Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Sat, 28 Jul 2018 10:50:24 +0100 Subject: [PATCH 15/19] run make fmt --- models/migrations/migrations.go | 1 - 1 file changed, 1 deletion(-) diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go index 516da48c203fb..37c7733488727 100644 --- a/models/migrations/migrations.go +++ b/models/migrations/migrations.go @@ -198,7 +198,6 @@ var migrations = []Migration{ NewMigration("protect each scratch token", addScratchHash), // v71 -> v72 NewMigration("add must_change_password column for users table", addMustChangePassword), - } // Migrate database to current version From 4d96ba5735c3a8b564893e1ba10b127d6ee5dd8a Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Mon, 30 Jul 2018 23:32:32 +0100 Subject: [PATCH 16/19] added tests --- routers/admin/main_test.go | 16 ++++++++++++++ routers/admin/users_test.go | 43 +++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 routers/admin/main_test.go create mode 100644 routers/admin/users_test.go diff --git a/routers/admin/main_test.go b/routers/admin/main_test.go new file mode 100644 index 0000000000000..6a73dca586cc4 --- /dev/null +++ b/routers/admin/main_test.go @@ -0,0 +1,16 @@ +// Copyright 2017 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package admin + +import ( + "path/filepath" + "testing" + + "code.gitea.io/gitea/models" +) + +func TestMain(m *testing.M) { + models.MainTest(m, filepath.Join("..", "..")) +} diff --git a/routers/admin/users_test.go b/routers/admin/users_test.go new file mode 100644 index 0000000000000..4e72b68ad1ea4 --- /dev/null +++ b/routers/admin/users_test.go @@ -0,0 +1,43 @@ +// Copyright 2017 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package admin + +import ( + "testing" + + "code.gitea.io/gitea/models" + "code.gitea.io/gitea/modules/auth" + "code.gitea.io/gitea/modules/test" + "github.com/stretchr/testify/assert" +) + +func TestNewUserPost_MustChangePassword(t *testing.T) { + + models.PrepareTestEnv(t) + ctx := test.MockContext(t, "admin/users/new") + + u := models.AssertExistsAndLoadBean(t, &models.User{ + IsAdmin: true, + ID: 2, + }).(*models.User) + + ctx.User = u + + username := "gitea" + email := "gitea@gitea.io" + + form := auth.AdminCreateUserForm{ + LoginType: "local", + LoginName: "local", + UserName: username, + Email: email, + Password: "xxxxxxxx", + SendNotify: false, + } + + NewUserPost(ctx, form) + + assert.NotEmpty(t, ctx.Flash.SuccessMsg) +} From 95f035df5138968667863e966332eeb308df653b Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Mon, 30 Jul 2018 23:35:43 +0100 Subject: [PATCH 17/19] improve assertions --- routers/admin/users_test.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/routers/admin/users_test.go b/routers/admin/users_test.go index 4e72b68ad1ea4..af43cff644861 100644 --- a/routers/admin/users_test.go +++ b/routers/admin/users_test.go @@ -40,4 +40,10 @@ func TestNewUserPost_MustChangePassword(t *testing.T) { NewUserPost(ctx, form) assert.NotEmpty(t, ctx.Flash.SuccessMsg) + + u, err := models.GetUserByName(username) + + assert.NoError(t, err) + assert.Equal(t, username, u.Name) + assert.Equal(t, email, u.Email) } From 8ea7cdc6d77991e1acf70d342aab590533f49199 Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Mon, 30 Jul 2018 23:49:31 +0100 Subject: [PATCH 18/19] add assertion --- routers/admin/users_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/routers/admin/users_test.go b/routers/admin/users_test.go index af43cff644861..8f6859940d4ce 100644 --- a/routers/admin/users_test.go +++ b/routers/admin/users_test.go @@ -46,4 +46,5 @@ func TestNewUserPost_MustChangePassword(t *testing.T) { assert.NoError(t, err) assert.Equal(t, username, u.Name) assert.Equal(t, email, u.Email) + assert.True(t, u.MustChangePassword) } From 0181ebfb5dd411ab3404f2499129b33ef1bf3ad4 Mon Sep 17 00:00:00 2001 From: Lanre Adelowo Date: Wed, 1 Aug 2018 11:49:39 +0100 Subject: [PATCH 19/19] fix copyright year Signed-off-by: Lanre Adelowo --- routers/admin/main_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/admin/main_test.go b/routers/admin/main_test.go index 6a73dca586cc4..9a7191d471f54 100644 --- a/routers/admin/main_test.go +++ b/routers/admin/main_test.go @@ -1,4 +1,4 @@ -// Copyright 2017 The Gitea Authors. All rights reserved. +// Copyright 2018 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file.