osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
Sledovat 15
Oblíbit 7
Wiki 捐赠
本站源代码
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
Strom: 4f0cac5ea6
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „4f0cac5ea6“
${ noResults }
com/routers/user/setting/security_twofa.go

211 lines
5.1KB
Surový Blame Historie 

  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2018 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package setting

  7. 

  8. import (

  9. 	"bytes"

  10. 	"encoding/base64"

  11. 	"html/template"

  12. 	"image/png"

  13. 	"strings"

  14. 

  15. 	"code.gitea.io/gitea/models"

  16. 	"code.gitea.io/gitea/modules/auth"

  17. 	"code.gitea.io/gitea/modules/context"

  18. 	"code.gitea.io/gitea/modules/setting"

  19. 

  20. 	"github.com/pquerna/otp"

  21. 	"github.com/pquerna/otp/totp"

  22. )

  23. 

  24. // RegenerateScratchTwoFactor regenerates the user's 2FA scratch code.

  25. func RegenerateScratchTwoFactor(ctx *context.Context) {

  26. 	ctx.Data["Title"] = ctx.Tr("settings")

  27. 	ctx.Data["PageIsSettingsSecurity"] = true

  28. 

  29. 	t, err := models.GetTwoFactorByUID(ctx.User.ID)

  30. 	if err != nil {

  31. 		ctx.ServerError("SettingsTwoFactor", err)

  32. 		return

  33. 	}

  34. 

  35. 	token, err := t.GenerateScratchToken()

  36. 	if err != nil {

  37. 		ctx.ServerError("SettingsTwoFactor", err)

  38. 		return

  39. 	}

  40. 

  41. 	if err = models.UpdateTwoFactor(t); err != nil {

  42. 		ctx.ServerError("SettingsTwoFactor", err)

  43. 		return

  44. 	}

  45. 

  46. 	ctx.Flash.Success(ctx.Tr("settings.twofa_scratch_token_regenerated", token))

  47. 	ctx.Redirect(setting.AppSubURL + "/user/settings/security")

  48. }

  49. 

  50. // DisableTwoFactor deletes the user's 2FA settings.

  51. func DisableTwoFactor(ctx *context.Context) {

  52. 	ctx.Data["Title"] = ctx.Tr("settings")

  53. 	ctx.Data["PageIsSettingsSecurity"] = true

  54. 

  55. 	t, err := models.GetTwoFactorByUID(ctx.User.ID)

  56. 	if err != nil {

  57. 		ctx.ServerError("SettingsTwoFactor", err)

  58. 		return

  59. 	}

  60. 

  61. 	if err = models.DeleteTwoFactorByID(t.ID, ctx.User.ID); err != nil {

  62. 		ctx.ServerError("SettingsTwoFactor", err)

  63. 		return

  64. 	}

  65. 

  66. 	ctx.Flash.Success(ctx.Tr("settings.twofa_disabled"))

  67. 	ctx.Redirect(setting.AppSubURL + "/user/settings/security")

  68. }

  69. 

  70. func twofaGenerateSecretAndQr(ctx *context.Context) bool {

  71. 	var otpKey *otp.Key

  72. 	var err error

  73. 	uri := ctx.Session.Get("twofaUri")

  74. 	if uri != nil {

  75. 		otpKey, err = otp.NewKeyFromURL(uri.(string))

  76. 		if err != nil {

  77. 			ctx.ServerError("SettingsTwoFactor: NewKeyFromURL: ", err)

  78. 			return false

  79. 		}

  80. 	}

  81. 	// Filter unsafe character ':' in issuer

  82. 	issuer := strings.Replace(setting.AppName+" ("+setting.Domain+")", ":", "", -1)

  83. 	if otpKey == nil {

  84. 		otpKey, err = totp.Generate(totp.GenerateOpts{

  85. 			SecretSize:  40,

  86. 			Issuer:      issuer,

  87. 			AccountName: ctx.User.Name,

  88. 		})

  89. 		if err != nil {

  90. 			ctx.ServerError("SettingsTwoFactor", err)

  91. 			return false

  92. 		}

  93. 	}

  94. 

  95. 	ctx.Data["TwofaSecret"] = otpKey.Secret()

  96. 	img, err := otpKey.Image(320, 240)

  97. 	if err != nil {

  98. 		ctx.ServerError("SettingsTwoFactor", err)

  99. 		return false

  100. 	}

  101. 

  102. 	var imgBytes bytes.Buffer

  103. 	if err = png.Encode(&imgBytes, img); err != nil {

  104. 		ctx.ServerError("SettingsTwoFactor", err)

  105. 		return false

  106. 	}

  107. 

  108. 	ctx.Data["QrUri"] = template.URL("data:image/png;base64," + base64.StdEncoding.EncodeToString(imgBytes.Bytes()))

  109. 	err = ctx.Session.Set("twofaSecret", otpKey.Secret())

  110. 	if err != nil {

  111. 		ctx.ServerError("SettingsTwoFactor", err)

  112. 		return false

  113. 	}

  114. 	err = ctx.Session.Set("twofaUri", otpKey.String())

  115. 	if err != nil {

  116. 		ctx.ServerError("SettingsTwoFactor", err)

  117. 		return false

  118. 	}

  119. 	return true

  120. }

  121. 

  122. // EnrollTwoFactor shows the page where the user can enroll into 2FA.

  123. func EnrollTwoFactor(ctx *context.Context) {

  124. 	ctx.Data["Title"] = ctx.Tr("settings")

  125. 	ctx.Data["PageIsSettingsSecurity"] = true

  126. 

  127. 	t, err := models.GetTwoFactorByUID(ctx.User.ID)

  128. 	if t != nil {

  129. 		// already enrolled

  130. 		ctx.ServerError("SettingsTwoFactor", err)

  131. 		return

  132. 	}

  133. 	if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {

  134. 		ctx.ServerError("SettingsTwoFactor", err)

  135. 		return

  136. 	}

  137. 

  138. 	if !twofaGenerateSecretAndQr(ctx) {

  139. 		return

  140. 	}

  141. 

  142. 	ctx.HTML(200, tplSettingsTwofaEnroll)

  143. }

  144. 

  145. // EnrollTwoFactorPost handles enrolling the user into 2FA.

  146. func EnrollTwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) {

  147. 	ctx.Data["Title"] = ctx.Tr("settings")

  148. 	ctx.Data["PageIsSettingsSecurity"] = true

  149. 

  150. 	t, err := models.GetTwoFactorByUID(ctx.User.ID)

  151. 	if t != nil {

  152. 		// already enrolled

  153. 		ctx.ServerError("SettingsTwoFactor", err)

  154. 		return

  155. 	}

  156. 	if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {

  157. 		ctx.ServerError("SettingsTwoFactor", err)

  158. 		return

  159. 	}

  160. 

  161. 	if ctx.HasError() {

  162. 		if !twofaGenerateSecretAndQr(ctx) {

  163. 			return

  164. 		}

  165. 		ctx.HTML(200, tplSettingsTwofaEnroll)

  166. 		return

  167. 	}

  168. 

  169. 	secret := ctx.Session.Get("twofaSecret").(string)

  170. 	if !totp.Validate(form.Passcode, secret) {

  171. 		if !twofaGenerateSecretAndQr(ctx) {

  172. 			return

  173. 		}

  174. 		ctx.Flash.Error(ctx.Tr("settings.passcode_invalid"))

  175. 		ctx.HTML(200, tplSettingsTwofaEnroll)

  176. 		return

  177. 	}

  178. 

  179. 	t = &models.TwoFactor{

  180. 		UID: ctx.User.ID,

  181. 	}

  182. 	err = t.SetSecret(secret)

  183. 	if err != nil {

  184. 		ctx.ServerError("SettingsTwoFactor", err)

  185. 		return

  186. 	}

  187. 	token, err := t.GenerateScratchToken()

  188. 	if err != nil {

  189. 		ctx.ServerError("SettingsTwoFactor", err)

  190. 		return

  191. 	}

  192. 

  193. 	if err = models.NewTwoFactor(t); err != nil {

  194. 		ctx.ServerError("SettingsTwoFactor", err)

  195. 		return

  196. 	}

  197. 

  198. 	err = ctx.Session.Delete("twofaSecret")

  199. 	if err != nil {

  200. 		ctx.ServerError("SettingsTwoFactor", err)

  201. 		return

  202. 	}

  203. 	err = ctx.Session.Delete("twofaUri")

  204. 	if err != nil {

  205. 		ctx.ServerError("SettingsTwoFactor", err)

  206. 		return

  207. 	}

  208. 	ctx.Flash.Success(ctx.Tr("settings.twofa_enrolled", token))

  209. 	ctx.Redirect(setting.AppSubURL + "/user/settings/security")

  210. }
上海开阖软件有限公司 沪ICP备12045867号-1