Skip to content

Commit

Permalink
Fix build
Browse files Browse the repository at this point in the history
  • Loading branch information
@lunny
lunny committed Sep 25, 2021
1 parent d0719d0 commit e9fc57f
Show file tree
Hide file tree
Showing 10 changed files with 60 additions and 61 deletions.
1 change: 1 addition & 0 deletions models/login/main_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,6 @@ func TestMain(m *testing.M) {
"oauth2_application.yml",
"oauth2_authorization_code.yml",
"oauth2_grant.yml",
"u2f_registration.yml",
)
}
8 changes: 2 additions & 6 deletions models/login/twofactor.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,16 +63,12 @@ func (t *TwoFactor) GenerateScratchToken() (string, error) {
return "", err
}
t.ScratchSalt, _ = util.RandomString(10)
t.ScratchHash = hashToken(token, t.ScratchSalt)
t.ScratchHash = HashToken(token, t.ScratchSalt)
return token, nil
}

// HashToken return the hashable salt
func HashToken(token, salt string) string {
return hashToken(token, salt)
}

func hashToken(token, salt string) string {
tempHash := pbkdf2.Key([]byte(token), []byte(salt), 10000, 50, sha256.New)
return fmt.Sprintf("%x", tempHash)
}
Expand All @@ -82,7 +78,7 @@ func (t *TwoFactor) VerifyScratchToken(token string) bool {
if len(token) == 0 {
return false
}
tempHash := hashToken(token, t.ScratchSalt)
tempHash := HashToken(token, t.ScratchSalt)
return subtle.ConstantTimeCompare([]byte(t.ScratchHash), []byte(tempHash)) == 1
}

Expand Down
5 changes: 3 additions & 2 deletions modules/context/api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"strings"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
Expand Down Expand Up @@ -219,9 +220,9 @@ func (ctx *APIContext) CheckForOTP() {
}

otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")
twofa, err := models.GetTwoFactorByUID(ctx.Context.User.ID)
twofa, err := login.GetTwoFactorByUID(ctx.Context.User.ID)
if err != nil {
if models.IsErrTwoFactorNotEnrolled(err) {
if login.IsErrTwoFactorNotEnrolled(err) {
return // No 2FA enrollment for this user
}
ctx.Context.Error(http.StatusInternalServerError)
Expand Down
6 changes: 3 additions & 3 deletions modules/context/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ package context
import (
"net/http"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/web/middleware"
Expand Down Expand Up @@ -154,9 +154,9 @@ func ToggleAPI(options *ToggleOptions) func(ctx *APIContext) {
if skip, ok := ctx.Data["SkipLocalTwoFA"]; ok && skip.(bool) {
return // Skip 2FA
}
twofa, err := models.GetTwoFactorByUID(ctx.User.ID)
twofa, err := login.GetTwoFactorByUID(ctx.User.ID)
if err != nil {
if models.IsErrTwoFactorNotEnrolled(err) {
if login.IsErrTwoFactorNotEnrolled(err) {
return // No 2FA enrollment for this user
}
ctx.InternalServerError(err)
Expand Down
10 changes: 5 additions & 5 deletions routers/web/admin/users.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,9 +195,9 @@ func prepareUserInfo(ctx *context.Context) *models.User {
ctx.Data["Sources"] = sources

ctx.Data["TwoFactorEnabled"] = true
_, err = models.GetTwoFactorByUID(u.ID)
_, err = login.GetTwoFactorByUID(u.ID)
if err != nil {
if !models.IsErrTwoFactorNotEnrolled(err) {
if !login.IsErrTwoFactorNotEnrolled(err) {
ctx.ServerError("IsErrTwoFactorNotEnrolled", err)
return nil
}
Expand Down Expand Up @@ -295,13 +295,13 @@ func EditUserPost(ctx *context.Context) {
}

if form.Reset2FA {
tf, err := models.GetTwoFactorByUID(u.ID)
if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {
tf, err := login.GetTwoFactorByUID(u.ID)
if err != nil && !login.IsErrTwoFactorNotEnrolled(err) {
ctx.ServerError("GetTwoFactorByUID", err)
return
}

if err = models.DeleteTwoFactorByID(tf.ID, u.ID); err != nil {
if err = login.DeleteTwoFactorByID(tf.ID, u.ID); err != nil {
ctx.ServerError("DeleteTwoFactorByID", err)
return
}
Expand Down
5 changes: 3 additions & 2 deletions routers/web/repo/http.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"time"

"code.gitea.io/gitea/models"
"code.gitea.io/gitea/models/login"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/git"
"code.gitea.io/gitea/modules/log"
Expand Down Expand Up @@ -174,12 +175,12 @@ func httpBase(ctx *context.Context) (h *serviceHandler) {
}

if ctx.IsBasicAuth && ctx.Data["IsApiToken"] != true {
_, err = models.GetTwoFactorByUID(ctx.User.ID)
_, err = login.GetTwoFactorByUID(ctx.User.ID)
if err == nil {
// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
ctx.HandleText(http.StatusUnauthorized, "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page")
return
} else if !models.IsErrTwoFactorNotEnrolled(err) {
} else if !login.IsErrTwoFactorNotEnrolled(err) {
ctx.ServerError("IsErrTwoFactorNotEnrolled", err)
return
}
Expand Down
40 changes: 20 additions & 20 deletions routers/web/user/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,9 +213,9 @@ func SignInPost(ctx *context.Context) {

// If this user is enrolled in 2FA, we can't sign the user in just yet.
// Instead, redirect them to the 2FA authentication page.
_, err = models.GetTwoFactorByUID(u.ID)
_, err = login.GetTwoFactorByUID(u.ID)
if err != nil {
if models.IsErrTwoFactorNotEnrolled(err) {
if login.IsErrTwoFactorNotEnrolled(err) {
handleSignIn(ctx, u, form.Remember)
} else {
ctx.ServerError("UserSignIn", err)
Expand All @@ -237,7 +237,7 @@ func SignInPost(ctx *context.Context) {
return
}

regs, err := models.GetU2FRegistrationsByUID(u.ID)
regs, err := login.GetU2FRegistrationsByUID(u.ID)
if err == nil && len(regs) > 0 {
ctx.Redirect(setting.AppSubURL + "/user/u2f")
return
Expand Down Expand Up @@ -277,7 +277,7 @@ func TwoFactorPost(ctx *context.Context) {
}

id := idSess.(int64)
twofa, err := models.GetTwoFactorByUID(id)
twofa, err := login.GetTwoFactorByUID(id)
if err != nil {
ctx.ServerError("UserSignIn", err)
return
Expand Down Expand Up @@ -313,7 +313,7 @@ func TwoFactorPost(ctx *context.Context) {
}

twofa.LastUsedPasscode = form.Passcode
if err = models.UpdateTwoFactor(twofa); err != nil {
if err = login.UpdateTwoFactor(twofa); err != nil {
ctx.ServerError("UserSignIn", err)
return
}
Expand Down Expand Up @@ -356,7 +356,7 @@ func TwoFactorScratchPost(ctx *context.Context) {
}

id := idSess.(int64)
twofa, err := models.GetTwoFactorByUID(id)
twofa, err := login.GetTwoFactorByUID(id)
if err != nil {
ctx.ServerError("UserSignIn", err)
return
Expand All @@ -370,7 +370,7 @@ func TwoFactorScratchPost(ctx *context.Context) {
ctx.ServerError("UserSignIn", err)
return
}
if err = models.UpdateTwoFactor(twofa); err != nil {
if err = login.UpdateTwoFactor(twofa); err != nil {
ctx.ServerError("UserSignIn", err)
return
}
Expand Down Expand Up @@ -418,7 +418,7 @@ func U2FChallenge(ctx *context.Context) {
return
}
id := idSess.(int64)
regs, err := models.GetU2FRegistrationsByUID(id)
regs, err := login.GetU2FRegistrationsByUID(id)
if err != nil {
ctx.ServerError("UserSignIn", err)
return
Expand Down Expand Up @@ -454,7 +454,7 @@ func U2FSign(ctx *context.Context) {
}
challenge := challSess.(*u2f.Challenge)
id := idSess.(int64)
regs, err := models.GetU2FRegistrationsByUID(id)
regs, err := login.GetU2FRegistrationsByUID(id)
if err != nil {
ctx.ServerError("UserSignIn", err)
return
Expand Down Expand Up @@ -717,8 +717,8 @@ func handleOAuth2SignIn(ctx *context.Context, source *login.Source, u *models.Us

needs2FA := false
if !source.Cfg.(*oauth2.Source).SkipLocalTwoFA {
_, err := models.GetTwoFactorByUID(u.ID)
if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {
_, err := login.GetTwoFactorByUID(u.ID)
if err != nil && !login.IsErrTwoFactorNotEnrolled(err) {
ctx.ServerError("UserSignIn", err)
return
}
Expand Down Expand Up @@ -775,7 +775,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *login.Source, u *models.Us
}

// If U2F is enrolled -> Redirect to U2F instead
regs, err := models.GetU2FRegistrationsByUID(u.ID)
regs, err := login.GetU2FRegistrationsByUID(u.ID)
if err == nil && len(regs) > 0 {
ctx.Redirect(setting.AppSubURL + "/user/u2f")
return
Expand Down Expand Up @@ -935,9 +935,9 @@ func linkAccount(ctx *context.Context, u *models.User, gothUser goth.User, remem
// If this user is enrolled in 2FA, we can't sign the user in just yet.
// Instead, redirect them to the 2FA authentication page.
// We deliberately ignore the skip local 2fa setting here because we are linking to a previous user here
_, err := models.GetTwoFactorByUID(u.ID)
_, err := login.GetTwoFactorByUID(u.ID)
if err != nil {
if !models.IsErrTwoFactorNotEnrolled(err) {
if !login.IsErrTwoFactorNotEnrolled(err) {
ctx.ServerError("UserLinkAccount", err)
return
}
Expand Down Expand Up @@ -967,7 +967,7 @@ func linkAccount(ctx *context.Context, u *models.User, gothUser goth.User, remem
}

// If U2F is enrolled -> Redirect to U2F instead
regs, err := models.GetU2FRegistrationsByUID(u.ID)
regs, err := login.GetU2FRegistrationsByUID(u.ID)
if err == nil && len(regs) > 0 {
ctx.Redirect(setting.AppSubURL + "/user/u2f")
return
Expand Down Expand Up @@ -1561,7 +1561,7 @@ func ForgotPasswdPost(ctx *context.Context) {
ctx.HTML(http.StatusOK, tplForgotPassword)
}

func commonResetPassword(ctx *context.Context) (*models.User, *models.TwoFactor) {
func commonResetPassword(ctx *context.Context) (*models.User, *login.TwoFactor) {
code := ctx.FormString("code")

ctx.Data["Title"] = ctx.Tr("auth.reset_password")
Expand All @@ -1583,9 +1583,9 @@ func commonResetPassword(ctx *context.Context) (*models.User, *models.TwoFactor)
return nil, nil
}

twofa, err := models.GetTwoFactorByUID(u.ID)
twofa, err := login.GetTwoFactorByUID(u.ID)
if err != nil {
if !models.IsErrTwoFactorNotEnrolled(err) {
if !login.IsErrTwoFactorNotEnrolled(err) {
ctx.Error(http.StatusInternalServerError, "CommonResetPassword", err.Error())
return nil, nil
}
Expand Down Expand Up @@ -1680,7 +1680,7 @@ func ResetPasswdPost(ctx *context.Context) {
}

twofa.LastUsedPasscode = passcode
if err = models.UpdateTwoFactor(twofa); err != nil {
if err = login.UpdateTwoFactor(twofa); err != nil {
ctx.ServerError("ResetPasswdPost: UpdateTwoFactor", err)
return
}
Expand Down Expand Up @@ -1712,7 +1712,7 @@ func ResetPasswdPost(ctx *context.Context) {
ctx.ServerError("UserSignIn", err)
return
}
if err = models.UpdateTwoFactor(twofa); err != nil {
if err = login.UpdateTwoFactor(twofa); err != nil {
ctx.ServerError("UserSignIn", err)
return
}
Expand Down
6 changes: 3 additions & 3 deletions routers/web/user/setting/security.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,9 @@ func DeleteAccountLink(ctx *context.Context) {

func loadSecurityData(ctx *context.Context) {
enrolled := true
_, err := models.GetTwoFactorByUID(ctx.User.ID)
_, err := login.GetTwoFactorByUID(ctx.User.ID)
if err != nil {
if models.IsErrTwoFactorNotEnrolled(err) {
if login.IsErrTwoFactorNotEnrolled(err) {
enrolled = false
} else {
ctx.ServerError("SettingsTwoFactor", err)
Expand All @@ -67,7 +67,7 @@ func loadSecurityData(ctx *context.Context) {
}
ctx.Data["TwofaEnrolled"] = enrolled
if enrolled {
ctx.Data["U2FRegistrations"], err = models.GetU2FRegistrationsByUID(ctx.User.ID)
ctx.Data["U2FRegistrations"], err = login.GetU2FRegistrationsByUID(ctx.User.ID)
if err != nil {
ctx.ServerError("GetU2FRegistrationsByUID", err)
return
Expand Down
Loading

0 comments on commit e9fc57f

Please sign in to comment.