wangwei
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
7591 Commits
197 Branches
346 MB
2596 Download
Tree: ae6640998d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ae6640998d'
${ noResults }
aiforge/routers/user/setting/security_twofa.go

security_twofa.go 4.9 kB
Raw Normal View History

Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information
8 years ago
Switch plaintext scratch tokens to use hash instead (#4331)
7 years ago
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information
8 years ago
Switch plaintext scratch tokens to use hash instead (#4331)
7 years ago
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information
8 years ago
fix issuer of OTP URI should be URI-encoded. (#6634) * fix: Issuer of OTP URI should be URI-encoded. follow this link https://github.com/google/google-authenticator/wiki/Key-Uri-Format . * filter unsafe character ':' in issuer * Use Replace rather than ReplaceAll
6 years ago
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information
8 years ago
Increase default TOTP secret size to 320 bits (#4287)
7 years ago
fix issuer of OTP URI should be URI-encoded. (#6634) * fix: Issuer of OTP URI should be URI-encoded. follow this link https://github.com/google/google-authenticator/wiki/Key-Uri-Format . * filter unsafe character ':' in issuer * Use Replace rather than ReplaceAll
6 years ago
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information
8 years ago
Switch plaintext scratch tokens to use hash instead (#4331)
7 years ago
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information
8 years ago
Switch plaintext scratch tokens to use hash instead (#4331)
7 years ago
Splitted the user settings code into several files to be more maintainable (#3968) * refactor setting router code splitted up one huge router settings file into the smaller files representing the actual page structure * move code to subfolder * rename functions * renamed files * add copyright information
8 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2018 The Gitea Authors. All rights reserved.

  3. // Use of this source code is governed by a MIT-style

  4. // license that can be found in the LICENSE file.

  5. 

  6. package setting

  7. 

  8. import (

  9. 	"bytes"

  10. 	"encoding/base64"

  11. 	"html/template"

  12. 	"image/png"

  13. 	"strings"

  14. 

  15. 	"code.gitea.io/gitea/models"

  16. 	"code.gitea.io/gitea/modules/auth"

  17. 	"code.gitea.io/gitea/modules/context"

  18. 	"code.gitea.io/gitea/modules/setting"

  19. 

  20. 	"github.com/pquerna/otp"

  21. 	"github.com/pquerna/otp/totp"

  22. )

  23. 

  24. // RegenerateScratchTwoFactor regenerates the user's 2FA scratch code.

  25. func RegenerateScratchTwoFactor(ctx *context.Context) {

  26. 	ctx.Data["Title"] = ctx.Tr("settings")

  27. 	ctx.Data["PageIsSettingsSecurity"] = true

  28. 

  29. 	t, err := models.GetTwoFactorByUID(ctx.User.ID)

  30. 	if err != nil {

  31. 		ctx.ServerError("SettingsTwoFactor", err)

  32. 		return

  33. 	}

  34. 

  35. 	token, err := t.GenerateScratchToken()

  36. 	if err != nil {

  37. 		ctx.ServerError("SettingsTwoFactor", err)

  38. 		return

  39. 	}

  40. 

  41. 	if err = models.UpdateTwoFactor(t); err != nil {

  42. 		ctx.ServerError("SettingsTwoFactor", err)

  43. 		return

  44. 	}

  45. 

  46. 	ctx.Flash.Success(ctx.Tr("settings.twofa_scratch_token_regenerated", token))

  47. 	ctx.Redirect(setting.AppSubURL + "/user/settings/security")

  48. }

  49. 

  50. // DisableTwoFactor deletes the user's 2FA settings.

  51. func DisableTwoFactor(ctx *context.Context) {

  52. 	ctx.Data["Title"] = ctx.Tr("settings")

  53. 	ctx.Data["PageIsSettingsSecurity"] = true

  54. 

  55. 	t, err := models.GetTwoFactorByUID(ctx.User.ID)

  56. 	if err != nil {

  57. 		ctx.ServerError("SettingsTwoFactor", err)

  58. 		return

  59. 	}

  60. 

  61. 	if err = models.DeleteTwoFactorByID(t.ID, ctx.User.ID); err != nil {

  62. 		ctx.ServerError("SettingsTwoFactor", err)

  63. 		return

  64. 	}

  65. 

  66. 	ctx.Flash.Success(ctx.Tr("settings.twofa_disabled"))

  67. 	ctx.Redirect(setting.AppSubURL + "/user/settings/security")

  68. }

  69. 

  70. func twofaGenerateSecretAndQr(ctx *context.Context) bool {

  71. 	var otpKey *otp.Key

  72. 	var err error

  73. 	uri := ctx.Session.Get("twofaUri")

  74. 	if uri != nil {

  75. 		otpKey, err = otp.NewKeyFromURL(uri.(string))

  76. 	}

  77. 	// Filter unsafe character ':' in issuer

  78. 	issuer := strings.Replace(setting.AppName+" ("+setting.Domain+")", ":", "", -1)

  79. 	if otpKey == nil {

  80. 		err = nil // clear the error, in case the URL was invalid

  81. 		otpKey, err = totp.Generate(totp.GenerateOpts{

  82. 			SecretSize:  40,

  83. 			Issuer:      issuer,

  84. 			AccountName: ctx.User.Name,

  85. 		})

  86. 		if err != nil {

  87. 			ctx.ServerError("SettingsTwoFactor", err)

  88. 			return false

  89. 		}

  90. 	}

  91. 

  92. 	ctx.Data["TwofaSecret"] = otpKey.Secret()

  93. 	img, err := otpKey.Image(320, 240)

  94. 	if err != nil {

  95. 		ctx.ServerError("SettingsTwoFactor", err)

  96. 		return false

  97. 	}

  98. 

  99. 	var imgBytes bytes.Buffer

  100. 	if err = png.Encode(&imgBytes, img); err != nil {

  101. 		ctx.ServerError("SettingsTwoFactor", err)

  102. 		return false

  103. 	}

  104. 

  105. 	ctx.Data["QrUri"] = template.URL("data:image/png;base64," + base64.StdEncoding.EncodeToString(imgBytes.Bytes()))

  106. 	ctx.Session.Set("twofaSecret", otpKey.Secret())

  107. 	ctx.Session.Set("twofaUri", otpKey.String())

  108. 	return true

  109. }

  110. 

  111. // EnrollTwoFactor shows the page where the user can enroll into 2FA.

  112. func EnrollTwoFactor(ctx *context.Context) {

  113. 	ctx.Data["Title"] = ctx.Tr("settings")

  114. 	ctx.Data["PageIsSettingsSecurity"] = true

  115. 

  116. 	t, err := models.GetTwoFactorByUID(ctx.User.ID)

  117. 	if t != nil {

  118. 		// already enrolled

  119. 		ctx.ServerError("SettingsTwoFactor", err)

  120. 		return

  121. 	}

  122. 	if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {

  123. 		ctx.ServerError("SettingsTwoFactor", err)

  124. 		return

  125. 	}

  126. 

  127. 	if !twofaGenerateSecretAndQr(ctx) {

  128. 		return

  129. 	}

  130. 

  131. 	ctx.HTML(200, tplSettingsTwofaEnroll)

  132. }

  133. 

  134. // EnrollTwoFactorPost handles enrolling the user into 2FA.

  135. func EnrollTwoFactorPost(ctx *context.Context, form auth.TwoFactorAuthForm) {

  136. 	ctx.Data["Title"] = ctx.Tr("settings")

  137. 	ctx.Data["PageIsSettingsSecurity"] = true

  138. 

  139. 	t, err := models.GetTwoFactorByUID(ctx.User.ID)

  140. 	if t != nil {

  141. 		// already enrolled

  142. 		ctx.ServerError("SettingsTwoFactor", err)

  143. 		return

  144. 	}

  145. 	if err != nil && !models.IsErrTwoFactorNotEnrolled(err) {

  146. 		ctx.ServerError("SettingsTwoFactor", err)

  147. 		return

  148. 	}

  149. 

  150. 	if ctx.HasError() {

  151. 		if !twofaGenerateSecretAndQr(ctx) {

  152. 			return

  153. 		}

  154. 		ctx.HTML(200, tplSettingsTwofaEnroll)

  155. 		return

  156. 	}

  157. 

  158. 	secret := ctx.Session.Get("twofaSecret").(string)

  159. 	if !totp.Validate(form.Passcode, secret) {

  160. 		if !twofaGenerateSecretAndQr(ctx) {

  161. 			return

  162. 		}

  163. 		ctx.Flash.Error(ctx.Tr("settings.passcode_invalid"))

  164. 		ctx.HTML(200, tplSettingsTwofaEnroll)

  165. 		return

  166. 	}

  167. 

  168. 	t = &models.TwoFactor{

  169. 		UID: ctx.User.ID,

  170. 	}

  171. 	err = t.SetSecret(secret)

  172. 	if err != nil {

  173. 		ctx.ServerError("SettingsTwoFactor", err)

  174. 		return

  175. 	}

  176. 	token, err := t.GenerateScratchToken()

  177. 	if err != nil {

  178. 		ctx.ServerError("SettingsTwoFactor", err)

  179. 		return

  180. 	}

  181. 

  182. 	if err = models.NewTwoFactor(t); err != nil {

  183. 		ctx.ServerError("SettingsTwoFactor", err)

  184. 		return

  185. 	}

  186. 

  187. 	ctx.Session.Delete("twofaSecret")

  188. 	ctx.Session.Delete("twofaUri")

  189. 	ctx.Flash.Success(ctx.Tr("settings.twofa_enrolled", token))

  190. 	ctx.Redirect(setting.AppSubURL + "/user/settings/security")

  191. }

No Description