merge go fmt + bugfix allow current user password reset

This commit is contained in:
AJ ONeal 2018-10-07 05:46:15 +00:00
commit ce1739bd16
2 changed files with 23 additions and 8 deletions

View File

@ -184,6 +184,10 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues) m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues)
// ***** START: User ***** // ***** START: User *****
m.Group("/user", func() {
m.Get("/reset_password", user.ResetPasswd)
m.Post("/reset_password", user.ResetPasswdPost)
})
m.Group("/user", func() { m.Group("/user", func() {
m.Get("/login", user.SignIn) m.Get("/login", user.SignIn)
m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost) m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost)
@ -204,8 +208,6 @@ func RegisterRoutes(m *macaron.Macaron) {
}, openIDSignInEnabled) }, openIDSignInEnabled)
m.Get("/sign_up", user.SignUp) m.Get("/sign_up", user.SignUp)
m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost) m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost)
m.Get("/reset_password", user.ResetPasswd)
m.Post("/reset_password", user.ResetPasswdPost)
m.Group("/oauth2", func() { m.Group("/oauth2", func() {
m.Get("/:provider", user.SignInOAuth) m.Get("/:provider", user.SignInOAuth)
m.Get("/:provider/callback", user.SignInOAuthCallback) m.Get("/:provider/callback", user.SignInOAuthCallback)

View File

@ -855,10 +855,10 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au
// TODO LoginName should come from form.UserName... shouldn't it? // TODO LoginName should come from form.UserName... shouldn't it?
u := &models.User{ u := &models.User{
Name: form.UserName, Name: form.UserName,
Email: form.Email, Email: form.Email,
Passwd: form.Password, Passwd: form.Password,
IsActive: !setting.Service.RegisterEmailConfirm, IsActive: !setting.Service.RegisterEmailConfirm,
} }
// This will link the account in such a way that it cannot be removed // This will link the account in such a way that it cannot be removed
@ -902,8 +902,7 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au
handleRegister(ctx, u, form.Remember, true) handleRegister(ctx, u, form.Remember, true)
} }
// SignOut sign out from login status func handleSignOut(ctx *context.Context) {
func SignOut(ctx *context.Context) {
ctx.Session.Delete("uid") ctx.Session.Delete("uid")
ctx.Session.Delete("uname") ctx.Session.Delete("uname")
ctx.Session.Delete("socialId") ctx.Session.Delete("socialId")
@ -913,6 +912,11 @@ func SignOut(ctx *context.Context) {
ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true)
ctx.SetCookie("lang", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) // Setting the lang cookie will trigger the middleware to reset the language ot previous state. ctx.SetCookie("lang", "", -1, setting.AppSubURL, "", setting.SessionConfig.Secure, true) // Setting the lang cookie will trigger the middleware to reset the language ot previous state.
}
// SignOut sign out from login status
func SignOut(ctx *context.Context) {
handleSignOut(ctx)
ctx.Redirect(setting.AppSubURL + "/") ctx.Redirect(setting.AppSubURL + "/")
} }
@ -1144,6 +1148,8 @@ func ForgotPasswdPost(ctx *context.Context) {
func ResetPasswd(ctx *context.Context) { func ResetPasswd(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("auth.reset_password") ctx.Data["Title"] = ctx.Tr("auth.reset_password")
// TODO for security and convenience, show the username / email here
code := ctx.Query("code") code := ctx.Query("code")
if len(code) == 0 { if len(code) == 0 {
ctx.Error(404) ctx.Error(404)
@ -1184,6 +1190,10 @@ func ResetPasswdPost(ctx *context.Context) {
ctx.ServerError("UpdateUser", err) ctx.ServerError("UpdateUser", err)
return return
} }
// Just in case the user is signed in to another account
handleSignOut(ctx)
u.HashPassword(passwd) u.HashPassword(passwd)
if err := models.UpdateUserCols(u, "passwd", "rands", "salt"); err != nil { if err := models.UpdateUserCols(u, "passwd", "rands", "salt"); err != nil {
ctx.ServerError("UpdateUser", err) ctx.ServerError("UpdateUser", err)
@ -1191,6 +1201,9 @@ func ResetPasswdPost(ctx *context.Context) {
} }
log.Trace("User password reset: %s", u.Name) log.Trace("User password reset: %s", u.Name)
// TODO change the former form to have password retype and remember me,
// then sign in here instead of redirecting
ctx.Redirect(setting.AppSubURL + "/user/login") ctx.Redirect(setting.AppSubURL + "/user/login")
return return
} }