afan
/
gitea
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
gitea源码
3 Revīzijas
2 Atzari
Koks: 6d2efddf43
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '6d2efddf43'
${ noResults }
gitea/routers/api/v1/admin/user.go

user.go 14KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493 
  1. // Copyright 2015 The Gogs Authors. All rights reserved.

  2. // Copyright 2019 The Gitea Authors. All rights reserved.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package admin

  6. 

  7. import (

  8. 	"errors"

  9. 	"fmt"

  10. 	"net/http"

  11. 

  12. 	asymkey_model "code.gitea.io/gitea/models/asymkey"

  13. 	"code.gitea.io/gitea/models/auth"

  14. 	"code.gitea.io/gitea/models/db"

  15. 	org_model "code.gitea.io/gitea/models/organization"

  16. 	packages_model "code.gitea.io/gitea/models/packages"

  17. 	repo_model "code.gitea.io/gitea/models/repo"

  18. 	user_model "code.gitea.io/gitea/models/user"

  19. 	"code.gitea.io/gitea/modules/auth/password"

  20. 	"code.gitea.io/gitea/modules/log"

  21. 	"code.gitea.io/gitea/modules/optional"

  22. 	"code.gitea.io/gitea/modules/setting"

  23. 	api "code.gitea.io/gitea/modules/structs"

  24. 	"code.gitea.io/gitea/modules/timeutil"

  25. 	"code.gitea.io/gitea/modules/web"

  26. 	"code.gitea.io/gitea/routers/api/v1/user"

  27. 	"code.gitea.io/gitea/routers/api/v1/utils"

  28. 	asymkey_service "code.gitea.io/gitea/services/asymkey"

  29. 	"code.gitea.io/gitea/services/context"

  30. 	"code.gitea.io/gitea/services/convert"

  31. 	"code.gitea.io/gitea/services/mailer"

  32. 	user_service "code.gitea.io/gitea/services/user"

  33. )

  34. 

  35. func parseAuthSource(ctx *context.APIContext, u *user_model.User, sourceID int64) {

  36. 	if sourceID == 0 {

  37. 		return

  38. 	}

  39. 

  40. 	source, err := auth.GetSourceByID(ctx, sourceID)

  41. 	if err != nil {

  42. 		if auth.IsErrSourceNotExist(err) {

  43. 			ctx.APIError(http.StatusUnprocessableEntity, err)

  44. 		} else {

  45. 			ctx.APIErrorInternal(err)

  46. 		}

  47. 		return

  48. 	}

  49. 

  50. 	u.LoginType = source.Type

  51. 	u.LoginSource = source.ID

  52. }

  53. 

  54. // CreateUser create a user

  55. func CreateUser(ctx *context.APIContext) {

  56. 	// swagger:operation POST /admin/users admin adminCreateUser

  57. 	// ---

  58. 	// summary: Create a user

  59. 	// consumes:

  60. 	// - application/json

  61. 	// produces:

  62. 	// - application/json

  63. 	// parameters:

  64. 	// - name: body

  65. 	//   in: body

  66. 	//   schema:

  67. 	//     "$ref": "#/definitions/CreateUserOption"

  68. 	// responses:

  69. 	//   "201":

  70. 	//     "$ref": "#/responses/User"

  71. 	//   "400":

  72. 	//     "$ref": "#/responses/error"

  73. 	//   "403":

  74. 	//     "$ref": "#/responses/forbidden"

  75. 	//   "422":

  76. 	//     "$ref": "#/responses/validationError"

  77. 

  78. 	form := web.GetForm(ctx).(*api.CreateUserOption)

  79. 

  80. 	u := &user_model.User{

  81. 		Name:               form.Username,

  82. 		FullName:           form.FullName,

  83. 		Email:              form.Email,

  84. 		Passwd:             form.Password,

  85. 		MustChangePassword: true,

  86. 		LoginType:          auth.Plain,

  87. 		LoginName:          form.LoginName,

  88. 	}

  89. 	if form.MustChangePassword != nil {

  90. 		u.MustChangePassword = *form.MustChangePassword

  91. 	}

  92. 

  93. 	parseAuthSource(ctx, u, form.SourceID)

  94. 	if ctx.Written() {

  95. 		return

  96. 	}

  97. 

  98. 	if u.LoginType == auth.Plain {

  99. 		if len(form.Password) < setting.MinPasswordLength {

  100. 			err := errors.New("PasswordIsRequired")

  101. 			ctx.APIError(http.StatusBadRequest, err)

  102. 			return

  103. 		}

  104. 

  105. 		if !password.IsComplexEnough(form.Password) {

  106. 			err := errors.New("PasswordComplexity")

  107. 			ctx.APIError(http.StatusBadRequest, err)

  108. 			return

  109. 		}

  110. 

  111. 		if err := password.IsPwned(ctx, form.Password); err != nil {

  112. 			if password.IsErrIsPwnedRequest(err) {

  113. 				log.Error(err.Error())

  114. 			}

  115. 			ctx.APIError(http.StatusBadRequest, errors.New("PasswordPwned"))

  116. 			return

  117. 		}

  118. 	}

  119. 

  120. 	overwriteDefault := &user_model.CreateUserOverwriteOptions{

  121. 		IsActive:     optional.Some(true),

  122. 		IsRestricted: optional.FromPtr(form.Restricted),

  123. 	}

  124. 

  125. 	if form.Visibility != "" {

  126. 		visibility := api.VisibilityModes[form.Visibility]

  127. 		overwriteDefault.Visibility = &visibility

  128. 	}

  129. 

  130. 	// Update the user creation timestamp. This can only be done after the user

  131. 	// record has been inserted into the database; the insert intself will always

  132. 	// set the creation timestamp to "now".

  133. 	if form.Created != nil {

  134. 		u.CreatedUnix = timeutil.TimeStamp(form.Created.Unix())

  135. 		u.UpdatedUnix = u.CreatedUnix

  136. 	}

  137. 

  138. 	if err := user_model.AdminCreateUser(ctx, u, &user_model.Meta{}, overwriteDefault); err != nil {

  139. 		if user_model.IsErrUserAlreadyExist(err) ||

  140. 			user_model.IsErrEmailAlreadyUsed(err) ||

  141. 			db.IsErrNameReserved(err) ||

  142. 			db.IsErrNameCharsNotAllowed(err) ||

  143. 			user_model.IsErrEmailCharIsNotSupported(err) ||

  144. 			user_model.IsErrEmailInvalid(err) ||

  145. 			db.IsErrNamePatternNotAllowed(err) {

  146. 			ctx.APIError(http.StatusUnprocessableEntity, err)

  147. 		} else {

  148. 			ctx.APIErrorInternal(err)

  149. 		}

  150. 		return

  151. 	}

  152. 

  153. 	if !user_model.IsEmailDomainAllowed(u.Email) {

  154. 		ctx.Resp.Header().Add("X-Gitea-Warning", fmt.Sprintf("the domain of user email %s conflicts with EMAIL_DOMAIN_ALLOWLIST or EMAIL_DOMAIN_BLOCKLIST", u.Email))

  155. 	}

  156. 

  157. 	log.Trace("Account created by admin (%s): %s", ctx.Doer.Name, u.Name)

  158. 

  159. 	// Send email notification.

  160. 	if form.SendNotify {

  161. 		mailer.SendRegisterNotifyMail(u)

  162. 	}

  163. 	ctx.JSON(http.StatusCreated, convert.ToUser(ctx, u, ctx.Doer))

  164. }

  165. 

  166. // EditUser api for modifying a user's information

  167. func EditUser(ctx *context.APIContext) {

  168. 	// swagger:operation PATCH /admin/users/{username} admin adminEditUser

  169. 	// ---

  170. 	// summary: Edit an existing user

  171. 	// consumes:

  172. 	// - application/json

  173. 	// produces:

  174. 	// - application/json

  175. 	// parameters:

  176. 	// - name: username

  177. 	//   in: path

  178. 	//   description: username of the user whose data is to be edited

  179. 	//   type: string

  180. 	//   required: true

  181. 	// - name: body

  182. 	//   in: body

  183. 	//   schema:

  184. 	//     "$ref": "#/definitions/EditUserOption"

  185. 	// responses:

  186. 	//   "200":

  187. 	//     "$ref": "#/responses/User"

  188. 	//   "400":

  189. 	//     "$ref": "#/responses/error"

  190. 	//   "403":

  191. 	//     "$ref": "#/responses/forbidden"

  192. 	//   "422":

  193. 	//     "$ref": "#/responses/validationError"

  194. 

  195. 	form := web.GetForm(ctx).(*api.EditUserOption)

  196. 

  197. 	authOpts := &user_service.UpdateAuthOptions{

  198. 		LoginSource:        optional.FromNonDefault(form.SourceID),

  199. 		LoginName:          optional.Some(form.LoginName),

  200. 		Password:           optional.FromNonDefault(form.Password),

  201. 		MustChangePassword: optional.FromPtr(form.MustChangePassword),

  202. 		ProhibitLogin:      optional.FromPtr(form.ProhibitLogin),

  203. 	}

  204. 	if err := user_service.UpdateAuth(ctx, ctx.ContextUser, authOpts); err != nil {

  205. 		switch {

  206. 		case errors.Is(err, password.ErrMinLength):

  207. 			ctx.APIError(http.StatusBadRequest, fmt.Errorf("password must be at least %d characters", setting.MinPasswordLength))

  208. 		case errors.Is(err, password.ErrComplexity):

  209. 			ctx.APIError(http.StatusBadRequest, err)

  210. 		case errors.Is(err, password.ErrIsPwned), password.IsErrIsPwnedRequest(err):

  211. 			ctx.APIError(http.StatusBadRequest, err)

  212. 		default:

  213. 			ctx.APIErrorInternal(err)

  214. 		}

  215. 		return

  216. 	}

  217. 

  218. 	if form.Email != nil {

  219. 		if err := user_service.AdminAddOrSetPrimaryEmailAddress(ctx, ctx.ContextUser, *form.Email); err != nil {

  220. 			switch {

  221. 			case user_model.IsErrEmailCharIsNotSupported(err), user_model.IsErrEmailInvalid(err):

  222. 				ctx.APIError(http.StatusBadRequest, err)

  223. 			case user_model.IsErrEmailAlreadyUsed(err):

  224. 				ctx.APIError(http.StatusBadRequest, err)

  225. 			default:

  226. 				ctx.APIErrorInternal(err)

  227. 			}

  228. 			return

  229. 		}

  230. 

  231. 		if !user_model.IsEmailDomainAllowed(*form.Email) {

  232. 			ctx.Resp.Header().Add("X-Gitea-Warning", fmt.Sprintf("the domain of user email %s conflicts with EMAIL_DOMAIN_ALLOWLIST or EMAIL_DOMAIN_BLOCKLIST", *form.Email))

  233. 		}

  234. 	}

  235. 

  236. 	opts := &user_service.UpdateOptions{

  237. 		FullName:                optional.FromPtr(form.FullName),

  238. 		Website:                 optional.FromPtr(form.Website),

  239. 		Location:                optional.FromPtr(form.Location),

  240. 		Description:             optional.FromPtr(form.Description),

  241. 		IsActive:                optional.FromPtr(form.Active),

  242. 		IsAdmin:                 user_service.UpdateOptionFieldFromPtr(form.Admin),

  243. 		Visibility:              optional.FromMapLookup(api.VisibilityModes, form.Visibility),

  244. 		AllowGitHook:            optional.FromPtr(form.AllowGitHook),

  245. 		AllowImportLocal:        optional.FromPtr(form.AllowImportLocal),

  246. 		MaxRepoCreation:         optional.FromPtr(form.MaxRepoCreation),

  247. 		AllowCreateOrganization: optional.FromPtr(form.AllowCreateOrganization),

  248. 		IsRestricted:            optional.FromPtr(form.Restricted),

  249. 	}

  250. 

  251. 	if err := user_service.UpdateUser(ctx, ctx.ContextUser, opts); err != nil {

  252. 		if user_model.IsErrDeleteLastAdminUser(err) {

  253. 			ctx.APIError(http.StatusBadRequest, err)

  254. 		} else {

  255. 			ctx.APIErrorInternal(err)

  256. 		}

  257. 		return

  258. 	}

  259. 

  260. 	log.Trace("Account profile updated by admin (%s): %s", ctx.Doer.Name, ctx.ContextUser.Name)

  261. 

  262. 	ctx.JSON(http.StatusOK, convert.ToUser(ctx, ctx.ContextUser, ctx.Doer))

  263. }

  264. 

  265. // DeleteUser api for deleting a user

  266. func DeleteUser(ctx *context.APIContext) {

  267. 	// swagger:operation DELETE /admin/users/{username} admin adminDeleteUser

  268. 	// ---

  269. 	// summary: Delete a user

  270. 	// produces:

  271. 	// - application/json

  272. 	// parameters:

  273. 	// - name: username

  274. 	//   in: path

  275. 	//   description: username of the user to delete

  276. 	//   type: string

  277. 	//   required: true

  278. 	// - name: purge

  279. 	//   in: query

  280. 	//   description: purge the user from the system completely

  281. 	//   type: boolean

  282. 	// responses:

  283. 	//   "204":

  284. 	//     "$ref": "#/responses/empty"

  285. 	//   "403":

  286. 	//     "$ref": "#/responses/forbidden"

  287. 	//   "404":

  288. 	//     "$ref": "#/responses/notFound"

  289. 	//   "422":

  290. 	//     "$ref": "#/responses/validationError"

  291. 

  292. 	if ctx.ContextUser.IsOrganization() {

  293. 		ctx.APIError(http.StatusUnprocessableEntity, fmt.Errorf("%s is an organization not a user", ctx.ContextUser.Name))

  294. 		return

  295. 	}

  296. 

  297. 	// admin should not delete themself

  298. 	if ctx.ContextUser.ID == ctx.Doer.ID {

  299. 		ctx.APIError(http.StatusUnprocessableEntity, errors.New("you cannot delete yourself"))

  300. 		return

  301. 	}

  302. 

  303. 	if err := user_service.DeleteUser(ctx, ctx.ContextUser, ctx.FormBool("purge")); err != nil {

  304. 		if repo_model.IsErrUserOwnRepos(err) ||

  305. 			org_model.IsErrUserHasOrgs(err) ||

  306. 			packages_model.IsErrUserOwnPackages(err) ||

  307. 			user_model.IsErrDeleteLastAdminUser(err) {

  308. 			ctx.APIError(http.StatusUnprocessableEntity, err)

  309. 		} else {

  310. 			ctx.APIErrorInternal(err)

  311. 		}

  312. 		return

  313. 	}

  314. 	log.Trace("Account deleted by admin(%s): %s", ctx.Doer.Name, ctx.ContextUser.Name)

  315. 

  316. 	ctx.Status(http.StatusNoContent)

  317. }

  318. 

  319. // CreatePublicKey api for creating a public key to a user

  320. func CreatePublicKey(ctx *context.APIContext) {

  321. 	// swagger:operation POST /admin/users/{username}/keys admin adminCreatePublicKey

  322. 	// ---

  323. 	// summary: Add a public key on behalf of a user

  324. 	// consumes:

  325. 	// - application/json

  326. 	// produces:

  327. 	// - application/json

  328. 	// parameters:

  329. 	// - name: username

  330. 	//   in: path

  331. 	//   description: username of the user who is to receive a public key

  332. 	//   type: string

  333. 	//   required: true

  334. 	// - name: key

  335. 	//   in: body

  336. 	//   schema:

  337. 	//     "$ref": "#/definitions/CreateKeyOption"

  338. 	// responses:

  339. 	//   "201":

  340. 	//     "$ref": "#/responses/PublicKey"

  341. 	//   "403":

  342. 	//     "$ref": "#/responses/forbidden"

  343. 	//   "422":

  344. 	//     "$ref": "#/responses/validationError"

  345. 

  346. 	form := web.GetForm(ctx).(*api.CreateKeyOption)

  347. 

  348. 	user.CreateUserPublicKey(ctx, *form, ctx.ContextUser.ID)

  349. }

  350. 

  351. // DeleteUserPublicKey api for deleting a user's public key

  352. func DeleteUserPublicKey(ctx *context.APIContext) {

  353. 	// swagger:operation DELETE /admin/users/{username}/keys/{id} admin adminDeleteUserPublicKey

  354. 	// ---

  355. 	// summary: Delete a user's public key

  356. 	// produces:

  357. 	// - application/json

  358. 	// parameters:

  359. 	// - name: username

  360. 	//   in: path

  361. 	//   description: username of the user whose public key is to be deleted

  362. 	//   type: string

  363. 	//   required: true

  364. 	// - name: id

  365. 	//   in: path

  366. 	//   description: id of the key to delete

  367. 	//   type: integer

  368. 	//   format: int64

  369. 	//   required: true

  370. 	// responses:

  371. 	//   "204":

  372. 	//     "$ref": "#/responses/empty"

  373. 	//   "403":

  374. 	//     "$ref": "#/responses/forbidden"

  375. 	//   "404":

  376. 	//     "$ref": "#/responses/notFound"

  377. 

  378. 	if err := asymkey_service.DeletePublicKey(ctx, ctx.ContextUser, ctx.PathParamInt64("id")); err != nil {

  379. 		if asymkey_model.IsErrKeyNotExist(err) {

  380. 			ctx.APIErrorNotFound()

  381. 		} else if asymkey_model.IsErrKeyAccessDenied(err) {

  382. 			ctx.APIError(http.StatusForbidden, "You do not have access to this key")

  383. 		} else {

  384. 			ctx.APIErrorInternal(err)

  385. 		}

  386. 		return

  387. 	}

  388. 	log.Trace("Key deleted by admin(%s): %s", ctx.Doer.Name, ctx.ContextUser.Name)

  389. 

  390. 	ctx.Status(http.StatusNoContent)

  391. }

  392. 

  393. // SearchUsers API for getting information of the users according the filter conditions

  394. func SearchUsers(ctx *context.APIContext) {

  395. 	// swagger:operation GET /admin/users admin adminSearchUsers

  396. 	// ---

  397. 	// summary: Search users according filter conditions

  398. 	// produces:

  399. 	// - application/json

  400. 	// parameters:

  401. 	// - name: source_id

  402. 	//   in: query

  403. 	//   description: ID of the user's login source to search for

  404. 	//   type: integer

  405. 	//   format: int64

  406. 	// - name: login_name

  407. 	//   in: query

  408. 	//   description: identifier of the user, provided by the external authenticator

  409. 	//   type: string

  410. 	// - name: page

  411. 	//   in: query

  412. 	//   description: page number of results to return (1-based)

  413. 	//   type: integer

  414. 	// - name: limit

  415. 	//   in: query

  416. 	//   description: page size of results

  417. 	//   type: integer

  418. 	// responses:

  419. 	//   "200":

  420. 	//     "$ref": "#/responses/UserList"

  421. 	//   "403":

  422. 	//     "$ref": "#/responses/forbidden"

  423. 

  424. 	listOptions := utils.GetListOptions(ctx)

  425. 

  426. 	users, maxResults, err := user_model.SearchUsers(ctx, user_model.SearchUserOptions{

  427. 		Actor:       ctx.Doer,

  428. 		Type:        user_model.UserTypeIndividual,

  429. 		LoginName:   ctx.FormTrim("login_name"),

  430. 		SourceID:    ctx.FormInt64("source_id"),

  431. 		OrderBy:     db.SearchOrderByAlphabetically,

  432. 		ListOptions: listOptions,

  433. 	})

  434. 	if err != nil {

  435. 		ctx.APIErrorInternal(err)

  436. 		return

  437. 	}

  438. 

  439. 	results := make([]*api.User, len(users))

  440. 	for i := range users {

  441. 		results[i] = convert.ToUser(ctx, users[i], ctx.Doer)

  442. 	}

  443. 

  444. 	ctx.SetLinkHeader(int(maxResults), listOptions.PageSize)

  445. 	ctx.SetTotalCountHeader(maxResults)

  446. 	ctx.JSON(http.StatusOK, &results)

  447. }

  448. 

  449. // RenameUser api for renaming a user

  450. func RenameUser(ctx *context.APIContext) {

  451. 	// swagger:operation POST /admin/users/{username}/rename admin adminRenameUser

  452. 	// ---

  453. 	// summary: Rename a user

  454. 	// produces:

  455. 	// - application/json

  456. 	// parameters:

  457. 	// - name: username

  458. 	//   in: path

  459. 	//   description: current username of the user

  460. 	//   type: string

  461. 	//   required: true

  462. 	// - name: body

  463. 	//   in: body

  464. 	//   required: true

  465. 	//   schema:

  466. 	//     "$ref": "#/definitions/RenameUserOption"

  467. 	// responses:

  468. 	//   "204":

  469. 	//     "$ref": "#/responses/empty"

  470. 	//   "403":

  471. 	//     "$ref": "#/responses/forbidden"

  472. 	//   "422":

  473. 	//     "$ref": "#/responses/validationError"

  474. 

  475. 	if ctx.ContextUser.IsOrganization() {

  476. 		ctx.APIError(http.StatusUnprocessableEntity, fmt.Errorf("%s is an organization not a user", ctx.ContextUser.Name))

  477. 		return

  478. 	}

  479. 

  480. 	newName := web.GetForm(ctx).(*api.RenameUserOption).NewName

  481. 

  482. 	// Check if username has been changed

  483. 	if err := user_service.RenameUser(ctx, ctx.ContextUser, newName); err != nil {

  484. 		if user_model.IsErrUserAlreadyExist(err) || db.IsErrNameReserved(err) || db.IsErrNamePatternNotAllowed(err) || db.IsErrNameCharsNotAllowed(err) {

  485. 			ctx.APIError(http.StatusUnprocessableEntity, err)

  486. 		} else {

  487. 			ctx.APIErrorInternal(err)

  488. 		}

  489. 		return

  490. 	}

  491. 	ctx.Status(http.StatusNoContent)

  492. }