afan
/
gitea
Seguir 1
Destacar 0
Cuchillo 0
Código Incidencias 0 Peticiones pull 0 Lanzamientos 0 Wiki Activity
gitea源码
3 Commits
2 Ramas
Rama: master
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'master'
${ noResults }
gitea/routers/web/admin/users.go

users.go 18KB
Enlace permanente Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2020 The Gitea Authors.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package admin

  6. 

  7. import (

  8. 	"errors"

  9. 	"net/http"

  10. 	"net/url"

  11. 	"strconv"

  12. 	"strings"

  13. 

  14. 	"code.gitea.io/gitea/models/auth"

  15. 	"code.gitea.io/gitea/models/db"

  16. 	org_model "code.gitea.io/gitea/models/organization"

  17. 	packages_model "code.gitea.io/gitea/models/packages"

  18. 	repo_model "code.gitea.io/gitea/models/repo"

  19. 	user_model "code.gitea.io/gitea/models/user"

  20. 	"code.gitea.io/gitea/modules/auth/password"

  21. 	"code.gitea.io/gitea/modules/log"

  22. 	"code.gitea.io/gitea/modules/optional"

  23. 	"code.gitea.io/gitea/modules/setting"

  24. 	"code.gitea.io/gitea/modules/structs"

  25. 	"code.gitea.io/gitea/modules/templates"

  26. 	"code.gitea.io/gitea/modules/web"

  27. 	"code.gitea.io/gitea/routers/web/explore"

  28. 	user_setting "code.gitea.io/gitea/routers/web/user/setting"

  29. 	"code.gitea.io/gitea/services/context"

  30. 	"code.gitea.io/gitea/services/forms"

  31. 	"code.gitea.io/gitea/services/mailer"

  32. 	user_service "code.gitea.io/gitea/services/user"

  33. )

  34. 

  35. const (

  36. 	tplUsers    templates.TplName = "admin/user/list"

  37. 	tplUserNew  templates.TplName = "admin/user/new"

  38. 	tplUserView templates.TplName = "admin/user/view"

  39. 	tplUserEdit templates.TplName = "admin/user/edit"

  40. )

  41. 

  42. // UserSearchDefaultAdminSort is the default sort type for admin view

  43. const UserSearchDefaultAdminSort = "alphabetically"

  44. 

  45. // Users show all the users

  46. func Users(ctx *context.Context) {

  47. 	ctx.Data["Title"] = ctx.Tr("admin.users")

  48. 	ctx.Data["PageIsAdminUsers"] = true

  49. 

  50. 	statusFilterKeys := []string{"is_active", "is_admin", "is_restricted", "is_2fa_enabled", "is_prohibit_login"}

  51. 	statusFilterMap := map[string]string{}

  52. 	for _, filterKey := range statusFilterKeys {

  53. 		paramKey := "status_filter[" + filterKey + "]"

  54. 		paramVal := ctx.FormString(paramKey)

  55. 		statusFilterMap[filterKey] = paramVal

  56. 	}

  57. 

  58. 	sortType := ctx.FormString("sort")

  59. 	if sortType == "" {

  60. 		sortType = UserSearchDefaultAdminSort

  61. 		ctx.SetFormString("sort", sortType)

  62. 	}

  63. 	ctx.PageData["adminUserListSearchForm"] = map[string]any{

  64. 		"StatusFilterMap": statusFilterMap,

  65. 		"SortType":        sortType,

  66. 	}

  67. 

  68. 	explore.RenderUserSearch(ctx, user_model.SearchUserOptions{

  69. 		Actor: ctx.Doer,

  70. 		Type:  user_model.UserTypeIndividual,

  71. 		ListOptions: db.ListOptions{

  72. 			PageSize: setting.UI.Admin.UserPagingNum,

  73. 		},

  74. 		SearchByEmail:      true,

  75. 		IsActive:           optional.ParseBool(statusFilterMap["is_active"]),

  76. 		IsAdmin:            optional.ParseBool(statusFilterMap["is_admin"]),

  77. 		IsRestricted:       optional.ParseBool(statusFilterMap["is_restricted"]),

  78. 		IsTwoFactorEnabled: optional.ParseBool(statusFilterMap["is_2fa_enabled"]),

  79. 		IsProhibitLogin:    optional.ParseBool(statusFilterMap["is_prohibit_login"]),

  80. 		IncludeReserved:    true, // administrator needs to list all accounts include reserved, bot, remote ones

  81. 	}, tplUsers)

  82. }

  83. 

  84. // NewUser render adding a new user page

  85. func NewUser(ctx *context.Context) {

  86. 	ctx.Data["Title"] = ctx.Tr("admin.users.new_account")

  87. 	ctx.Data["PageIsAdminUsers"] = true

  88. 	ctx.Data["DefaultUserVisibilityMode"] = setting.Service.DefaultUserVisibilityMode

  89. 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()

  90. 

  91. 	ctx.Data["login_type"] = "0-0"

  92. 

  93. 	sources, err := db.Find[auth.Source](ctx, auth.FindSourcesOptions{

  94. 		IsActive: optional.Some(true),

  95. 	})

  96. 	if err != nil {

  97. 		ctx.ServerError("auth.Sources", err)

  98. 		return

  99. 	}

  100. 	ctx.Data["Sources"] = sources

  101. 

  102. 	ctx.Data["CanSendEmail"] = setting.MailService != nil

  103. 	ctx.HTML(http.StatusOK, tplUserNew)

  104. }

  105. 

  106. // NewUserPost response for adding a new user

  107. func NewUserPost(ctx *context.Context) {

  108. 	form := web.GetForm(ctx).(*forms.AdminCreateUserForm)

  109. 	ctx.Data["Title"] = ctx.Tr("admin.users.new_account")

  110. 	ctx.Data["PageIsAdminUsers"] = true

  111. 	ctx.Data["DefaultUserVisibilityMode"] = setting.Service.DefaultUserVisibilityMode

  112. 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()

  113. 

  114. 	sources, err := db.Find[auth.Source](ctx, auth.FindSourcesOptions{

  115. 		IsActive: optional.Some(true),

  116. 	})

  117. 	if err != nil {

  118. 		ctx.ServerError("auth.Sources", err)

  119. 		return

  120. 	}

  121. 	ctx.Data["Sources"] = sources

  122. 

  123. 	ctx.Data["CanSendEmail"] = setting.MailService != nil

  124. 

  125. 	if ctx.HasError() {

  126. 		ctx.HTML(http.StatusOK, tplUserNew)

  127. 		return

  128. 	}

  129. 

  130. 	u := &user_model.User{

  131. 		Name:      form.UserName,

  132. 		Email:     form.Email,

  133. 		Passwd:    form.Password,

  134. 		LoginType: auth.Plain,

  135. 	}

  136. 

  137. 	overwriteDefault := &user_model.CreateUserOverwriteOptions{

  138. 		IsActive:   optional.Some(true),

  139. 		Visibility: &form.Visibility,

  140. 	}

  141. 

  142. 	if len(form.LoginType) > 0 {

  143. 		fields := strings.Split(form.LoginType, "-")

  144. 		if len(fields) == 2 {

  145. 			lType, _ := strconv.ParseInt(fields[0], 10, 0)

  146. 			u.LoginType = auth.Type(lType)

  147. 			u.LoginSource, _ = strconv.ParseInt(fields[1], 10, 64)

  148. 			u.LoginName = form.LoginName

  149. 		}

  150. 	}

  151. 	if u.LoginType == auth.NoType || u.LoginType == auth.Plain {

  152. 		if len(form.Password) < setting.MinPasswordLength {

  153. 			ctx.Data["Err_Password"] = true

  154. 			ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplUserNew, &form)

  155. 			return

  156. 		}

  157. 		if !password.IsComplexEnough(form.Password) {

  158. 			ctx.Data["Err_Password"] = true

  159. 			ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplUserNew, &form)

  160. 			return

  161. 		}

  162. 		if err := password.IsPwned(ctx, form.Password); err != nil {

  163. 			ctx.Data["Err_Password"] = true

  164. 			errMsg := ctx.Tr("auth.password_pwned", "https://haveibeenpwned.com/Passwords")

  165. 			if password.IsErrIsPwnedRequest(err) {

  166. 				log.Error(err.Error())

  167. 				errMsg = ctx.Tr("auth.password_pwned_err")

  168. 			}

  169. 			ctx.RenderWithErr(errMsg, tplUserNew, &form)

  170. 			return

  171. 		}

  172. 		u.MustChangePassword = form.MustChangePassword

  173. 	}

  174. 

  175. 	if err := user_model.AdminCreateUser(ctx, u, &user_model.Meta{}, overwriteDefault); err != nil {

  176. 		switch {

  177. 		case user_model.IsErrUserAlreadyExist(err):

  178. 			ctx.Data["Err_UserName"] = true

  179. 			ctx.RenderWithErr(ctx.Tr("form.username_been_taken"), tplUserNew, &form)

  180. 		case user_model.IsErrEmailAlreadyUsed(err):

  181. 			ctx.Data["Err_Email"] = true

  182. 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplUserNew, &form)

  183. 		case user_model.IsErrEmailInvalid(err), user_model.IsErrEmailCharIsNotSupported(err):

  184. 			ctx.Data["Err_Email"] = true

  185. 			ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplUserNew, &form)

  186. 		case db.IsErrNameReserved(err):

  187. 			ctx.Data["Err_UserName"] = true

  188. 			ctx.RenderWithErr(ctx.Tr("user.form.name_reserved", err.(db.ErrNameReserved).Name), tplUserNew, &form)

  189. 		case db.IsErrNamePatternNotAllowed(err):

  190. 			ctx.Data["Err_UserName"] = true

  191. 			ctx.RenderWithErr(ctx.Tr("user.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), tplUserNew, &form)

  192. 		case db.IsErrNameCharsNotAllowed(err):

  193. 			ctx.Data["Err_UserName"] = true

  194. 			ctx.RenderWithErr(ctx.Tr("user.form.name_chars_not_allowed", err.(db.ErrNameCharsNotAllowed).Name), tplUserNew, &form)

  195. 		default:

  196. 			ctx.ServerError("CreateUser", err)

  197. 		}

  198. 		return

  199. 	}

  200. 

  201. 	if !user_model.IsEmailDomainAllowed(u.Email) {

  202. 		ctx.Flash.Warning(ctx.Tr("form.email_domain_is_not_allowed", u.Email))

  203. 	}

  204. 

  205. 	log.Trace("Account created by admin (%s): %s", ctx.Doer.Name, u.Name)

  206. 

  207. 	// Send email notification.

  208. 	if form.SendNotify {

  209. 		mailer.SendRegisterNotifyMail(u)

  210. 	}

  211. 

  212. 	ctx.Flash.Success(ctx.Tr("admin.users.new_success", u.Name))

  213. 	ctx.Redirect(setting.AppSubURL + "/-/admin/users/" + strconv.FormatInt(u.ID, 10))

  214. }

  215. 

  216. func prepareUserInfo(ctx *context.Context) *user_model.User {

  217. 	u, err := user_model.GetUserByID(ctx, ctx.PathParamInt64("userid"))

  218. 	if err != nil {

  219. 		if user_model.IsErrUserNotExist(err) {

  220. 			ctx.Redirect(setting.AppSubURL + "/-/admin/users")

  221. 		} else {

  222. 			ctx.ServerError("GetUserByID", err)

  223. 		}

  224. 		return nil

  225. 	}

  226. 	ctx.Data["User"] = u

  227. 

  228. 	if u.LoginSource > 0 {

  229. 		ctx.Data["LoginSource"], err = auth.GetSourceByID(ctx, u.LoginSource)

  230. 		if err != nil {

  231. 			ctx.ServerError("auth.GetSourceByID", err)

  232. 			return nil

  233. 		}

  234. 	} else {

  235. 		ctx.Data["LoginSource"] = &auth.Source{}

  236. 	}

  237. 

  238. 	sources, err := db.Find[auth.Source](ctx, auth.FindSourcesOptions{})

  239. 	if err != nil {

  240. 		ctx.ServerError("auth.Sources", err)

  241. 		return nil

  242. 	}

  243. 	ctx.Data["Sources"] = sources

  244. 

  245. 	hasTOTP, err := auth.HasTwoFactorByUID(ctx, u.ID)

  246. 	if err != nil {

  247. 		ctx.ServerError("auth.HasTwoFactorByUID", err)

  248. 		return nil

  249. 	}

  250. 	hasWebAuthn, err := auth.HasWebAuthnRegistrationsByUID(ctx, u.ID)

  251. 	if err != nil {

  252. 		ctx.ServerError("auth.HasWebAuthnRegistrationsByUID", err)

  253. 		return nil

  254. 	}

  255. 	ctx.Data["TwoFactorEnabled"] = hasTOTP || hasWebAuthn

  256. 

  257. 	return u

  258. }

  259. 

  260. func ViewUser(ctx *context.Context) {

  261. 	ctx.Data["Title"] = ctx.Tr("admin.users.details")

  262. 	ctx.Data["PageIsAdminUsers"] = true

  263. 	ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation

  264. 	ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations

  265. 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()

  266. 

  267. 	u := prepareUserInfo(ctx)

  268. 	if ctx.Written() {

  269. 		return

  270. 	}

  271. 

  272. 	repos, count, err := repo_model.SearchRepository(ctx, repo_model.SearchRepoOptions{

  273. 		ListOptions: db.ListOptionsAll,

  274. 		OwnerID:     u.ID,

  275. 		OrderBy:     db.SearchOrderByAlphabetically,

  276. 		Private:     true,

  277. 		Collaborate: optional.Some(false),

  278. 	})

  279. 	if err != nil {

  280. 		ctx.ServerError("SearchRepository", err)

  281. 		return

  282. 	}

  283. 

  284. 	ctx.Data["Repos"] = repos

  285. 	ctx.Data["ReposTotal"] = int(count)

  286. 

  287. 	emails, err := user_model.GetEmailAddresses(ctx, u.ID)

  288. 	if err != nil {

  289. 		ctx.ServerError("GetEmailAddresses", err)

  290. 		return

  291. 	}

  292. 	ctx.Data["Emails"] = emails

  293. 	ctx.Data["EmailsTotal"] = len(emails)

  294. 

  295. 	orgs, err := db.Find[org_model.Organization](ctx, org_model.FindOrgOptions{

  296. 		ListOptions:       db.ListOptionsAll,

  297. 		UserID:            u.ID,

  298. 		IncludeVisibility: structs.VisibleTypePrivate,

  299. 	})

  300. 	if err != nil {

  301. 		ctx.ServerError("FindOrgs", err)

  302. 		return

  303. 	}

  304. 

  305. 	ctx.Data["Users"] = orgs // needed to be able to use explore/user_list template

  306. 	ctx.Data["OrgsTotal"] = len(orgs)

  307. 

  308. 	ctx.HTML(http.StatusOK, tplUserView)

  309. }

  310. 

  311. func editUserCommon(ctx *context.Context) {

  312. 	ctx.Data["Title"] = ctx.Tr("admin.users.edit_account")

  313. 	ctx.Data["PageIsAdminUsers"] = true

  314. 	ctx.Data["DisableRegularOrgCreation"] = setting.Admin.DisableRegularOrgCreation

  315. 	ctx.Data["DisableMigrations"] = setting.Repository.DisableMigrations

  316. 	ctx.Data["DisableGitHooks"] = setting.DisableGitHooks

  317. 	ctx.Data["DisableImportLocal"] = !setting.ImportLocalPaths

  318. 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()

  319. 	ctx.Data["DisableGravatar"] = setting.Config().Picture.DisableGravatar.Value(ctx)

  320. }

  321. 

  322. // EditUser show editing user page

  323. func EditUser(ctx *context.Context) {

  324. 	editUserCommon(ctx)

  325. 	prepareUserInfo(ctx)

  326. 	if ctx.Written() {

  327. 		return

  328. 	}

  329. 

  330. 	ctx.HTML(http.StatusOK, tplUserEdit)

  331. }

  332. 

  333. // EditUserPost response for editing user

  334. func EditUserPost(ctx *context.Context) {

  335. 	editUserCommon(ctx)

  336. 	u := prepareUserInfo(ctx)

  337. 	if ctx.Written() {

  338. 		return

  339. 	}

  340. 

  341. 	form := web.GetForm(ctx).(*forms.AdminEditUserForm)

  342. 	if ctx.HasError() {

  343. 		ctx.HTML(http.StatusOK, tplUserEdit)

  344. 		return

  345. 	}

  346. 

  347. 	if form.UserName != "" {

  348. 		if err := user_service.RenameUser(ctx, u, form.UserName); err != nil {

  349. 			switch {

  350. 			case user_model.IsErrUserIsNotLocal(err):

  351. 				ctx.Data["Err_UserName"] = true

  352. 				ctx.RenderWithErr(ctx.Tr("form.username_change_not_local_user"), tplUserEdit, &form)

  353. 			case user_model.IsErrUserAlreadyExist(err):

  354. 				ctx.Data["Err_UserName"] = true

  355. 				ctx.RenderWithErr(ctx.Tr("form.username_been_taken"), tplUserEdit, &form)

  356. 			case db.IsErrNameReserved(err):

  357. 				ctx.Data["Err_UserName"] = true

  358. 				ctx.RenderWithErr(ctx.Tr("user.form.name_reserved", form.UserName), tplUserEdit, &form)

  359. 			case db.IsErrNamePatternNotAllowed(err):

  360. 				ctx.Data["Err_UserName"] = true

  361. 				ctx.RenderWithErr(ctx.Tr("user.form.name_pattern_not_allowed", form.UserName), tplUserEdit, &form)

  362. 			case db.IsErrNameCharsNotAllowed(err):

  363. 				ctx.Data["Err_UserName"] = true

  364. 				ctx.RenderWithErr(ctx.Tr("user.form.name_chars_not_allowed", form.UserName), tplUserEdit, &form)

  365. 			default:

  366. 				ctx.ServerError("RenameUser", err)

  367. 			}

  368. 			return

  369. 		}

  370. 	}

  371. 

  372. 	authOpts := &user_service.UpdateAuthOptions{

  373. 		Password:  optional.FromNonDefault(form.Password),

  374. 		LoginName: optional.Some(form.LoginName),

  375. 	}

  376. 

  377. 	// skip self Prohibit Login

  378. 	if ctx.Doer.ID == u.ID {

  379. 		authOpts.ProhibitLogin = optional.Some(false)

  380. 	} else {

  381. 		authOpts.ProhibitLogin = optional.Some(form.ProhibitLogin)

  382. 	}

  383. 

  384. 	fields := strings.Split(form.LoginType, "-")

  385. 	if len(fields) == 2 {

  386. 		authSource, _ := strconv.ParseInt(fields[1], 10, 64)

  387. 

  388. 		authOpts.LoginSource = optional.Some(authSource)

  389. 	}

  390. 

  391. 	if err := user_service.UpdateAuth(ctx, u, authOpts); err != nil {

  392. 		switch {

  393. 		case errors.Is(err, password.ErrMinLength):

  394. 			ctx.Data["Err_Password"] = true

  395. 			ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplUserEdit, &form)

  396. 		case errors.Is(err, password.ErrComplexity):

  397. 			ctx.Data["Err_Password"] = true

  398. 			ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplUserEdit, &form)

  399. 		case errors.Is(err, password.ErrIsPwned):

  400. 			ctx.Data["Err_Password"] = true

  401. 			ctx.RenderWithErr(ctx.Tr("auth.password_pwned", "https://haveibeenpwned.com/Passwords"), tplUserEdit, &form)

  402. 		case password.IsErrIsPwnedRequest(err):

  403. 			ctx.Data["Err_Password"] = true

  404. 			ctx.RenderWithErr(ctx.Tr("auth.password_pwned_err"), tplUserEdit, &form)

  405. 		default:

  406. 			ctx.ServerError("UpdateUser", err)

  407. 		}

  408. 		return

  409. 	}

  410. 

  411. 	if form.Email != "" {

  412. 		if err := user_service.AdminAddOrSetPrimaryEmailAddress(ctx, u, form.Email); err != nil {

  413. 			switch {

  414. 			case user_model.IsErrEmailCharIsNotSupported(err), user_model.IsErrEmailInvalid(err):

  415. 				ctx.Data["Err_Email"] = true

  416. 				ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplUserEdit, &form)

  417. 			case user_model.IsErrEmailAlreadyUsed(err):

  418. 				ctx.Data["Err_Email"] = true

  419. 				ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplUserEdit, &form)

  420. 			default:

  421. 				ctx.ServerError("AddOrSetPrimaryEmailAddress", err)

  422. 			}

  423. 			return

  424. 		}

  425. 		if !user_model.IsEmailDomainAllowed(form.Email) {

  426. 			ctx.Flash.Warning(ctx.Tr("form.email_domain_is_not_allowed", form.Email))

  427. 		}

  428. 	}

  429. 

  430. 	opts := &user_service.UpdateOptions{

  431. 		FullName:                optional.Some(form.FullName),

  432. 		Website:                 optional.Some(form.Website),

  433. 		Location:                optional.Some(form.Location),

  434. 		IsActive:                optional.Some(form.Active),

  435. 		IsAdmin:                 user_service.UpdateOptionFieldFromValue(form.Admin),

  436. 		AllowGitHook:            optional.Some(form.AllowGitHook),

  437. 		AllowImportLocal:        optional.Some(form.AllowImportLocal),

  438. 		MaxRepoCreation:         optional.Some(form.MaxRepoCreation),

  439. 		AllowCreateOrganization: optional.Some(form.AllowCreateOrganization),

  440. 		IsRestricted:            optional.Some(form.Restricted),

  441. 		Visibility:              optional.Some(form.Visibility),

  442. 		Language:                optional.Some(form.Language),

  443. 	}

  444. 

  445. 	if err := user_service.UpdateUser(ctx, u, opts); err != nil {

  446. 		if user_model.IsErrDeleteLastAdminUser(err) {

  447. 			ctx.RenderWithErr(ctx.Tr("auth.last_admin"), tplUserEdit, &form)

  448. 		} else {

  449. 			ctx.ServerError("UpdateUser", err)

  450. 		}

  451. 		return

  452. 	}

  453. 	log.Trace("Account profile updated by admin (%s): %s", ctx.Doer.Name, u.Name)

  454. 

  455. 	if form.Reset2FA {

  456. 		tf, err := auth.GetTwoFactorByUID(ctx, u.ID)

  457. 		if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {

  458. 			ctx.ServerError("auth.GetTwoFactorByUID", err)

  459. 			return

  460. 		} else if tf != nil {

  461. 			if err := auth.DeleteTwoFactorByID(ctx, tf.ID, u.ID); err != nil {

  462. 				ctx.ServerError("auth.DeleteTwoFactorByID", err)

  463. 				return

  464. 			}

  465. 		}

  466. 

  467. 		wn, err := auth.GetWebAuthnCredentialsByUID(ctx, u.ID)

  468. 		if err != nil {

  469. 			ctx.ServerError("auth.GetTwoFactorByUID", err)

  470. 			return

  471. 		}

  472. 		for _, cred := range wn {

  473. 			if _, err := auth.DeleteCredential(ctx, cred.ID, u.ID); err != nil {

  474. 				ctx.ServerError("auth.DeleteCredential", err)

  475. 				return

  476. 			}

  477. 		}

  478. 	}

  479. 

  480. 	ctx.Flash.Success(ctx.Tr("admin.users.update_profile_success"))

  481. 	ctx.Redirect(setting.AppSubURL + "/-/admin/users/" + url.PathEscape(ctx.PathParam("userid")))

  482. }

  483. 

  484. // DeleteUser response for deleting a user

  485. func DeleteUser(ctx *context.Context) {

  486. 	u, err := user_model.GetUserByID(ctx, ctx.PathParamInt64("userid"))

  487. 	if err != nil {

  488. 		ctx.ServerError("GetUserByID", err)

  489. 		return

  490. 	}

  491. 

  492. 	// admin should not delete themself

  493. 	if u.ID == ctx.Doer.ID {

  494. 		ctx.Flash.Error(ctx.Tr("admin.users.cannot_delete_self"))

  495. 		ctx.Redirect(setting.AppSubURL + "/-/admin/users/" + url.PathEscape(ctx.PathParam("userid")))

  496. 		return

  497. 	}

  498. 

  499. 	if err = user_service.DeleteUser(ctx, u, ctx.FormBool("purge")); err != nil {

  500. 		switch {

  501. 		case repo_model.IsErrUserOwnRepos(err):

  502. 			ctx.Flash.Error(ctx.Tr("admin.users.still_own_repo"))

  503. 			ctx.Redirect(setting.AppSubURL + "/-/admin/users/" + url.PathEscape(ctx.PathParam("userid")))

  504. 		case org_model.IsErrUserHasOrgs(err):

  505. 			ctx.Flash.Error(ctx.Tr("admin.users.still_has_org"))

  506. 			ctx.Redirect(setting.AppSubURL + "/-/admin/users/" + url.PathEscape(ctx.PathParam("userid")))

  507. 		case packages_model.IsErrUserOwnPackages(err):

  508. 			ctx.Flash.Error(ctx.Tr("admin.users.still_own_packages"))

  509. 			ctx.Redirect(setting.AppSubURL + "/-/admin/users/" + url.PathEscape(ctx.PathParam("userid")))

  510. 		case user_model.IsErrDeleteLastAdminUser(err):

  511. 			ctx.Flash.Error(ctx.Tr("auth.last_admin"))

  512. 			ctx.Redirect(setting.AppSubURL + "/-/admin/users/" + url.PathEscape(ctx.PathParam("userid")))

  513. 		default:

  514. 			ctx.ServerError("DeleteUser", err)

  515. 		}

  516. 		return

  517. 	}

  518. 	log.Trace("Account deleted by admin (%s): %s", ctx.Doer.Name, u.Name)

  519. 

  520. 	ctx.Flash.Success(ctx.Tr("admin.users.deletion_success"))

  521. 	ctx.Redirect(setting.AppSubURL + "/-/admin/users")

  522. }

  523. 

  524. // AvatarPost response for change user's avatar request

  525. func AvatarPost(ctx *context.Context) {

  526. 	u := prepareUserInfo(ctx)

  527. 	if ctx.Written() {

  528. 		return

  529. 	}

  530. 

  531. 	form := web.GetForm(ctx).(*forms.AvatarForm)

  532. 	if err := user_setting.UpdateAvatarSetting(ctx, form, u); err != nil {

  533. 		ctx.Flash.Error(err.Error())

  534. 	} else {

  535. 		ctx.Flash.Success(ctx.Tr("settings.update_user_avatar_success"))

  536. 	}

  537. 

  538. 	ctx.Redirect(setting.AppSubURL + "/-/admin/users/" + strconv.FormatInt(u.ID, 10))

  539. }

  540. 

  541. // DeleteAvatar render delete avatar page

  542. func DeleteAvatar(ctx *context.Context) {

  543. 	u := prepareUserInfo(ctx)

  544. 	if ctx.Written() {

  545. 		return

  546. 	}

  547. 

  548. 	if err := user_service.DeleteAvatar(ctx, u); err != nil {

  549. 		ctx.Flash.Error(err.Error())

  550. 	}

  551. 

  552. 	ctx.JSONRedirect(setting.AppSubURL + "/-/admin/users/" + strconv.FormatInt(u.ID, 10))

  553. }