mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-27 07:16:17 +00:00
8d2dab94a6
- The current architecture is inherently insecure, because you can construct the 'secret' cookie value with values that are available in the database. Thus provides zero protection when a database is dumped/leaked. - This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies). - Integration testing is added to ensure the new mechanism works. - Removes a setting, because it's not used anymore. (cherry picked from commiteff097448b
) [GITEA] rework long-term authentication (squash) add migration Reminder: the migration is run via integration tests as explained in the commit "[DB] run all Forgejo migrations in integration tests" (cherry picked from commit4accf7443c
) (cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc) (cherry picked from commitd8bc98a8f0
) (cherry picked from commit6404845df9
) (cherry picked from commit72bdd4f3b9
) (cherry picked from commit4b01bb0ce8
) (cherry picked from commitc26ac31816
)
118 lines
3.5 KiB
Go
118 lines
3.5 KiB
Go
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package web
|
|
|
|
import (
|
|
"net/http"
|
|
"strconv"
|
|
|
|
"code.gitea.io/gitea/models/db"
|
|
repo_model "code.gitea.io/gitea/models/repo"
|
|
user_model "code.gitea.io/gitea/models/user"
|
|
"code.gitea.io/gitea/modules/base"
|
|
"code.gitea.io/gitea/modules/context"
|
|
"code.gitea.io/gitea/modules/log"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
"code.gitea.io/gitea/modules/sitemap"
|
|
"code.gitea.io/gitea/modules/structs"
|
|
"code.gitea.io/gitea/modules/util"
|
|
"code.gitea.io/gitea/modules/web/middleware"
|
|
"code.gitea.io/gitea/routers/web/auth"
|
|
"code.gitea.io/gitea/routers/web/user"
|
|
)
|
|
|
|
const (
|
|
// tplHome home page template
|
|
tplHome base.TplName = "home"
|
|
)
|
|
|
|
// Home render home page
|
|
func Home(ctx *context.Context) {
|
|
if ctx.IsSigned {
|
|
if !ctx.Doer.IsActive && setting.Service.RegisterEmailConfirm {
|
|
ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
|
|
ctx.HTML(http.StatusOK, auth.TplActivate)
|
|
} else if !ctx.Doer.IsActive || ctx.Doer.ProhibitLogin {
|
|
log.Info("Failed authentication attempt for %s from %s", ctx.Doer.Name, ctx.RemoteAddr())
|
|
ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
|
|
ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
|
|
} else if ctx.Doer.MustChangePassword {
|
|
ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
|
|
ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
|
|
middleware.SetRedirectToCookie(ctx.Resp, setting.AppSubURL+ctx.Req.URL.RequestURI())
|
|
ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
|
|
} else {
|
|
user.Dashboard(ctx)
|
|
}
|
|
return
|
|
// Check non-logged users landing page.
|
|
} else if setting.LandingPageURL != setting.LandingPageHome {
|
|
ctx.Redirect(setting.AppSubURL + string(setting.LandingPageURL))
|
|
return
|
|
}
|
|
|
|
// Check auto-login.
|
|
if len(ctx.GetSiteCookie(setting.CookieRememberName)) != 0 {
|
|
ctx.Redirect(setting.AppSubURL + "/user/login")
|
|
return
|
|
}
|
|
|
|
ctx.Data["PageIsHome"] = true
|
|
ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled
|
|
ctx.HTML(http.StatusOK, tplHome)
|
|
}
|
|
|
|
// HomeSitemap renders the main sitemap
|
|
func HomeSitemap(ctx *context.Context) {
|
|
m := sitemap.NewSitemapIndex()
|
|
if !setting.Service.Explore.DisableUsersPage {
|
|
_, cnt, err := user_model.SearchUsers(ctx, &user_model.SearchUserOptions{
|
|
Type: user_model.UserTypeIndividual,
|
|
ListOptions: db.ListOptions{PageSize: 1},
|
|
IsActive: util.OptionalBoolTrue,
|
|
Visible: []structs.VisibleType{structs.VisibleTypePublic},
|
|
})
|
|
if err != nil {
|
|
ctx.ServerError("SearchUsers", err)
|
|
return
|
|
}
|
|
count := int(cnt)
|
|
idx := 1
|
|
for i := 0; i < count; i += setting.UI.SitemapPagingNum {
|
|
m.Add(sitemap.URL{URL: setting.AppURL + "explore/users/sitemap-" + strconv.Itoa(idx) + ".xml"})
|
|
idx++
|
|
}
|
|
}
|
|
|
|
_, cnt, err := repo_model.SearchRepository(ctx, &repo_model.SearchRepoOptions{
|
|
ListOptions: db.ListOptions{
|
|
PageSize: 1,
|
|
},
|
|
Actor: ctx.Doer,
|
|
AllPublic: true,
|
|
})
|
|
if err != nil {
|
|
ctx.ServerError("SearchRepository", err)
|
|
return
|
|
}
|
|
count := int(cnt)
|
|
idx := 1
|
|
for i := 0; i < count; i += setting.UI.SitemapPagingNum {
|
|
m.Add(sitemap.URL{URL: setting.AppURL + "explore/repos/sitemap-" + strconv.Itoa(idx) + ".xml"})
|
|
idx++
|
|
}
|
|
|
|
ctx.Resp.Header().Set("Content-Type", "text/xml")
|
|
if _, err := m.WriteTo(ctx.Resp); err != nil {
|
|
log.Error("Failed writing sitemap: %v", err)
|
|
}
|
|
}
|
|
|
|
// NotFound render 404 page
|
|
func NotFound(ctx *context.Context) {
|
|
ctx.Data["Title"] = "Page Not Found"
|
|
ctx.NotFound("home.NotFound", nil)
|
|
}
|