code.gitea.io/gitea@v1.21.7/routers/web/user/setting/security/openid.go (about)

     1  // Copyright 2018 The Gitea Authors. All rights reserved.
     2  // SPDX-License-Identifier: MIT
     3  
     4  package security
     5  
     6  import (
     7  	"net/http"
     8  
     9  	user_model "code.gitea.io/gitea/models/user"
    10  	"code.gitea.io/gitea/modules/auth/openid"
    11  	"code.gitea.io/gitea/modules/context"
    12  	"code.gitea.io/gitea/modules/log"
    13  	"code.gitea.io/gitea/modules/setting"
    14  	"code.gitea.io/gitea/modules/web"
    15  	"code.gitea.io/gitea/services/forms"
    16  )
    17  
    18  // OpenIDPost response for change user's openid
    19  func OpenIDPost(ctx *context.Context) {
    20  	form := web.GetForm(ctx).(*forms.AddOpenIDForm)
    21  	ctx.Data["Title"] = ctx.Tr("settings")
    22  	ctx.Data["PageIsSettingsSecurity"] = true
    23  
    24  	if ctx.HasError() {
    25  		loadSecurityData(ctx)
    26  
    27  		ctx.HTML(http.StatusOK, tplSettingsSecurity)
    28  		return
    29  	}
    30  
    31  	// WARNING: specifying a wrong OpenID here could lock
    32  	// a user out of her account, would be better to
    33  	// verify/confirm the new OpenID before storing it
    34  
    35  	// Also, consider allowing for multiple OpenID URIs
    36  
    37  	id, err := openid.Normalize(form.Openid)
    38  	if err != nil {
    39  		loadSecurityData(ctx)
    40  
    41  		ctx.RenderWithErr(err.Error(), tplSettingsSecurity, &form)
    42  		return
    43  	}
    44  	form.Openid = id
    45  	log.Trace("Normalized id: " + id)
    46  
    47  	oids, err := user_model.GetUserOpenIDs(ctx, ctx.Doer.ID)
    48  	if err != nil {
    49  		ctx.ServerError("GetUserOpenIDs", err)
    50  		return
    51  	}
    52  	ctx.Data["OpenIDs"] = oids
    53  
    54  	// Check that the OpenID is not already used
    55  	for _, obj := range oids {
    56  		if obj.URI == id {
    57  			loadSecurityData(ctx)
    58  
    59  			ctx.RenderWithErr(ctx.Tr("form.openid_been_used", id), tplSettingsSecurity, &form)
    60  			return
    61  		}
    62  	}
    63  
    64  	redirectTo := setting.AppURL + "user/settings/security"
    65  	url, err := openid.RedirectURL(id, redirectTo, setting.AppURL)
    66  	if err != nil {
    67  		loadSecurityData(ctx)
    68  
    69  		ctx.RenderWithErr(err.Error(), tplSettingsSecurity, &form)
    70  		return
    71  	}
    72  	ctx.Redirect(url)
    73  }
    74  
    75  func settingsOpenIDVerify(ctx *context.Context) {
    76  	log.Trace("Incoming call to: " + ctx.Req.URL.String())
    77  
    78  	fullURL := setting.AppURL + ctx.Req.URL.String()[1:]
    79  	log.Trace("Full URL: " + fullURL)
    80  
    81  	id, err := openid.Verify(fullURL)
    82  	if err != nil {
    83  		ctx.RenderWithErr(err.Error(), tplSettingsSecurity, &forms.AddOpenIDForm{
    84  			Openid: id,
    85  		})
    86  		return
    87  	}
    88  
    89  	log.Trace("Verified ID: " + id)
    90  
    91  	oid := &user_model.UserOpenID{UID: ctx.Doer.ID, URI: id}
    92  	if err = user_model.AddUserOpenID(ctx, oid); err != nil {
    93  		if user_model.IsErrOpenIDAlreadyUsed(err) {
    94  			ctx.RenderWithErr(ctx.Tr("form.openid_been_used", id), tplSettingsSecurity, &forms.AddOpenIDForm{Openid: id})
    95  			return
    96  		}
    97  		ctx.ServerError("AddUserOpenID", err)
    98  		return
    99  	}
   100  	log.Trace("Associated OpenID %s to user %s", id, ctx.Doer.Name)
   101  	ctx.Flash.Success(ctx.Tr("settings.add_openid_success"))
   102  
   103  	ctx.Redirect(setting.AppSubURL + "/user/settings/security")
   104  }
   105  
   106  // DeleteOpenID response for delete user's openid
   107  func DeleteOpenID(ctx *context.Context) {
   108  	if err := user_model.DeleteUserOpenID(ctx, &user_model.UserOpenID{ID: ctx.FormInt64("id"), UID: ctx.Doer.ID}); err != nil {
   109  		ctx.ServerError("DeleteUserOpenID", err)
   110  		return
   111  	}
   112  	log.Trace("OpenID address deleted: %s", ctx.Doer.Name)
   113  
   114  	ctx.Flash.Success(ctx.Tr("settings.openid_deletion_success"))
   115  	ctx.JSONRedirect(setting.AppSubURL + "/user/settings/security")
   116  }
   117  
   118  // ToggleOpenIDVisibility response for toggle visibility of user's openid
   119  func ToggleOpenIDVisibility(ctx *context.Context) {
   120  	if err := user_model.ToggleUserOpenIDVisibility(ctx, ctx.FormInt64("id")); err != nil {
   121  		ctx.ServerError("ToggleUserOpenIDVisibility", err)
   122  		return
   123  	}
   124  
   125  	ctx.Redirect(setting.AppSubURL + "/user/settings/security")
   126  }