afan
/
gitea
Volgen 1
Ster 0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
gitea源码
3 Commits
2 Branches
Branch: master
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van 'master'
${ noResults }
gitea/routers/web/auth/2fa.go

2fa.go 4.1KB
Permalink Geschiedenis Ruw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165 
  1. // Copyright 2017 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package auth

  5. 

  6. import (

  7. 	"errors"

  8. 	"net/http"

  9. 

  10. 	"code.gitea.io/gitea/models/auth"

  11. 	user_model "code.gitea.io/gitea/models/user"

  12. 	"code.gitea.io/gitea/modules/session"

  13. 	"code.gitea.io/gitea/modules/setting"

  14. 	"code.gitea.io/gitea/modules/templates"

  15. 	"code.gitea.io/gitea/modules/web"

  16. 	"code.gitea.io/gitea/services/context"

  17. 	"code.gitea.io/gitea/services/forms"

  18. )

  19. 

  20. var (

  21. 	tplTwofa        templates.TplName = "user/auth/twofa"

  22. 	tplTwofaScratch templates.TplName = "user/auth/twofa_scratch"

  23. )

  24. 

  25. // TwoFactor shows the user a two-factor authentication page.

  26. func TwoFactor(ctx *context.Context) {

  27. 	ctx.Data["Title"] = ctx.Tr("twofa")

  28. 

  29. 	if CheckAutoLogin(ctx) {

  30. 		return

  31. 	}

  32. 

  33. 	// Ensure user is in a 2FA session.

  34. 	if ctx.Session.Get("twofaUid") == nil {

  35. 		ctx.ServerError("UserSignIn", errors.New("not in 2FA session"))

  36. 		return

  37. 	}

  38. 

  39. 	ctx.HTML(http.StatusOK, tplTwofa)

  40. }

  41. 

  42. // TwoFactorPost validates a user's two-factor authentication token.

  43. func TwoFactorPost(ctx *context.Context) {

  44. 	form := web.GetForm(ctx).(*forms.TwoFactorAuthForm)

  45. 	ctx.Data["Title"] = ctx.Tr("twofa")

  46. 

  47. 	// Ensure user is in a 2FA session.

  48. 	idSess := ctx.Session.Get("twofaUid")

  49. 	if idSess == nil {

  50. 		ctx.ServerError("UserSignIn", errors.New("not in 2FA session"))

  51. 		return

  52. 	}

  53. 

  54. 	id := idSess.(int64)

  55. 	twofa, err := auth.GetTwoFactorByUID(ctx, id)

  56. 	if err != nil {

  57. 		ctx.ServerError("UserSignIn", err)

  58. 		return

  59. 	}

  60. 

  61. 	// Validate the passcode with the stored TOTP secret.

  62. 	ok, err := twofa.ValidateTOTP(form.Passcode)

  63. 	if err != nil {

  64. 		ctx.ServerError("UserSignIn", err)

  65. 		return

  66. 	}

  67. 

  68. 	if ok && twofa.LastUsedPasscode != form.Passcode {

  69. 		remember := ctx.Session.Get("twofaRemember").(bool)

  70. 		u, err := user_model.GetUserByID(ctx, id)

  71. 		if err != nil {

  72. 			ctx.ServerError("UserSignIn", err)

  73. 			return

  74. 		}

  75. 

  76. 		if ctx.Session.Get("linkAccount") != nil {

  77. 			err = linkAccountFromContext(ctx, u)

  78. 			if err != nil {

  79. 				ctx.ServerError("UserSignIn", err)

  80. 				return

  81. 			}

  82. 		}

  83. 

  84. 		twofa.LastUsedPasscode = form.Passcode

  85. 		if err = auth.UpdateTwoFactor(ctx, twofa); err != nil {

  86. 			ctx.ServerError("UserSignIn", err)

  87. 			return

  88. 		}

  89. 

  90. 		_ = ctx.Session.Set(session.KeyUserHasTwoFactorAuth, true)

  91. 		handleSignIn(ctx, u, remember)

  92. 		return

  93. 	}

  94. 

  95. 	ctx.RenderWithErr(ctx.Tr("auth.twofa_passcode_incorrect"), tplTwofa, forms.TwoFactorAuthForm{})

  96. }

  97. 

  98. // TwoFactorScratch shows the scratch code form for two-factor authentication.

  99. func TwoFactorScratch(ctx *context.Context) {

  100. 	ctx.Data["Title"] = ctx.Tr("twofa_scratch")

  101. 

  102. 	if CheckAutoLogin(ctx) {

  103. 		return

  104. 	}

  105. 

  106. 	// Ensure user is in a 2FA session.

  107. 	if ctx.Session.Get("twofaUid") == nil {

  108. 		ctx.ServerError("UserSignIn", errors.New("not in 2FA session"))

  109. 		return

  110. 	}

  111. 

  112. 	ctx.HTML(http.StatusOK, tplTwofaScratch)

  113. }

  114. 

  115. // TwoFactorScratchPost validates and invalidates a user's two-factor scratch token.

  116. func TwoFactorScratchPost(ctx *context.Context) {

  117. 	form := web.GetForm(ctx).(*forms.TwoFactorScratchAuthForm)

  118. 	ctx.Data["Title"] = ctx.Tr("twofa_scratch")

  119. 

  120. 	// Ensure user is in a 2FA session.

  121. 	idSess := ctx.Session.Get("twofaUid")

  122. 	if idSess == nil {

  123. 		ctx.ServerError("UserSignIn", errors.New("not in 2FA session"))

  124. 		return

  125. 	}

  126. 

  127. 	id := idSess.(int64)

  128. 	twofa, err := auth.GetTwoFactorByUID(ctx, id)

  129. 	if err != nil {

  130. 		ctx.ServerError("UserSignIn", err)

  131. 		return

  132. 	}

  133. 

  134. 	// Validate the passcode with the stored TOTP secret.

  135. 	if twofa.VerifyScratchToken(form.Token) {

  136. 		// Invalidate the scratch token.

  137. 		_, err = twofa.GenerateScratchToken()

  138. 		if err != nil {

  139. 			ctx.ServerError("UserSignIn", err)

  140. 			return

  141. 		}

  142. 		if err = auth.UpdateTwoFactor(ctx, twofa); err != nil {

  143. 			ctx.ServerError("UserSignIn", err)

  144. 			return

  145. 		}

  146. 

  147. 		remember := ctx.Session.Get("twofaRemember").(bool)

  148. 		u, err := user_model.GetUserByID(ctx, id)

  149. 		if err != nil {

  150. 			ctx.ServerError("UserSignIn", err)

  151. 			return

  152. 		}

  153. 

  154. 		handleSignInFull(ctx, u, remember, false)

  155. 		if ctx.Written() {

  156. 			return

  157. 		}

  158. 		ctx.Flash.Info(ctx.Tr("auth.twofa_scratch_used"))

  159. 		ctx.Redirect(setting.AppSubURL + "/user/settings/security")

  160. 		return

  161. 	}

  162. 

  163. 	ctx.RenderWithErr(ctx.Tr("auth.twofa_scratch_token_incorrect"), tplTwofaScratch, forms.TwoFactorScratchAuthForm{})

  164. }