code.gitea.io/gitea@v1.21.7/routers/web/user/setting/security/openid.go (about) 1 // Copyright 2018 The Gitea Authors. All rights reserved. 2 // SPDX-License-Identifier: MIT 3 4 package security 5 6 import ( 7 "net/http" 8 9 user_model "code.gitea.io/gitea/models/user" 10 "code.gitea.io/gitea/modules/auth/openid" 11 "code.gitea.io/gitea/modules/context" 12 "code.gitea.io/gitea/modules/log" 13 "code.gitea.io/gitea/modules/setting" 14 "code.gitea.io/gitea/modules/web" 15 "code.gitea.io/gitea/services/forms" 16 ) 17 18 // OpenIDPost response for change user's openid 19 func OpenIDPost(ctx *context.Context) { 20 form := web.GetForm(ctx).(*forms.AddOpenIDForm) 21 ctx.Data["Title"] = ctx.Tr("settings") 22 ctx.Data["PageIsSettingsSecurity"] = true 23 24 if ctx.HasError() { 25 loadSecurityData(ctx) 26 27 ctx.HTML(http.StatusOK, tplSettingsSecurity) 28 return 29 } 30 31 // WARNING: specifying a wrong OpenID here could lock 32 // a user out of her account, would be better to 33 // verify/confirm the new OpenID before storing it 34 35 // Also, consider allowing for multiple OpenID URIs 36 37 id, err := openid.Normalize(form.Openid) 38 if err != nil { 39 loadSecurityData(ctx) 40 41 ctx.RenderWithErr(err.Error(), tplSettingsSecurity, &form) 42 return 43 } 44 form.Openid = id 45 log.Trace("Normalized id: " + id) 46 47 oids, err := user_model.GetUserOpenIDs(ctx, ctx.Doer.ID) 48 if err != nil { 49 ctx.ServerError("GetUserOpenIDs", err) 50 return 51 } 52 ctx.Data["OpenIDs"] = oids 53 54 // Check that the OpenID is not already used 55 for _, obj := range oids { 56 if obj.URI == id { 57 loadSecurityData(ctx) 58 59 ctx.RenderWithErr(ctx.Tr("form.openid_been_used", id), tplSettingsSecurity, &form) 60 return 61 } 62 } 63 64 redirectTo := setting.AppURL + "user/settings/security" 65 url, err := openid.RedirectURL(id, redirectTo, setting.AppURL) 66 if err != nil { 67 loadSecurityData(ctx) 68 69 ctx.RenderWithErr(err.Error(), tplSettingsSecurity, &form) 70 return 71 } 72 ctx.Redirect(url) 73 } 74 75 func settingsOpenIDVerify(ctx *context.Context) { 76 log.Trace("Incoming call to: " + ctx.Req.URL.String()) 77 78 fullURL := setting.AppURL + ctx.Req.URL.String()[1:] 79 log.Trace("Full URL: " + fullURL) 80 81 id, err := openid.Verify(fullURL) 82 if err != nil { 83 ctx.RenderWithErr(err.Error(), tplSettingsSecurity, &forms.AddOpenIDForm{ 84 Openid: id, 85 }) 86 return 87 } 88 89 log.Trace("Verified ID: " + id) 90 91 oid := &user_model.UserOpenID{UID: ctx.Doer.ID, URI: id} 92 if err = user_model.AddUserOpenID(ctx, oid); err != nil { 93 if user_model.IsErrOpenIDAlreadyUsed(err) { 94 ctx.RenderWithErr(ctx.Tr("form.openid_been_used", id), tplSettingsSecurity, &forms.AddOpenIDForm{Openid: id}) 95 return 96 } 97 ctx.ServerError("AddUserOpenID", err) 98 return 99 } 100 log.Trace("Associated OpenID %s to user %s", id, ctx.Doer.Name) 101 ctx.Flash.Success(ctx.Tr("settings.add_openid_success")) 102 103 ctx.Redirect(setting.AppSubURL + "/user/settings/security") 104 } 105 106 // DeleteOpenID response for delete user's openid 107 func DeleteOpenID(ctx *context.Context) { 108 if err := user_model.DeleteUserOpenID(ctx, &user_model.UserOpenID{ID: ctx.FormInt64("id"), UID: ctx.Doer.ID}); err != nil { 109 ctx.ServerError("DeleteUserOpenID", err) 110 return 111 } 112 log.Trace("OpenID address deleted: %s", ctx.Doer.Name) 113 114 ctx.Flash.Success(ctx.Tr("settings.openid_deletion_success")) 115 ctx.JSONRedirect(setting.AppSubURL + "/user/settings/security") 116 } 117 118 // ToggleOpenIDVisibility response for toggle visibility of user's openid 119 func ToggleOpenIDVisibility(ctx *context.Context) { 120 if err := user_model.ToggleUserOpenIDVisibility(ctx, ctx.FormInt64("id")); err != nil { 121 ctx.ServerError("ToggleUserOpenIDVisibility", err) 122 return 123 } 124 125 ctx.Redirect(setting.AppSubURL + "/user/settings/security") 126 }