Fixed several activation bugs (#15473)
* Removed unneeded form tag. * Fixed typo. * Fixed NPE. * Use better error page. * Splitted GET and POST.release/v1.15
parent
ee3fb92419
commit
7670c1c99e
|
@ -472,7 +472,8 @@ func RegisterRoutes(m *web.Route) {
|
||||||
|
|
||||||
m.Group("/user", func() {
|
m.Group("/user", func() {
|
||||||
// r.Get("/feeds", binding.Bind(auth.FeedsForm{}), user.Feeds)
|
// r.Get("/feeds", binding.Bind(auth.FeedsForm{}), user.Feeds)
|
||||||
m.Any("/activate", user.Activate, reqSignIn)
|
m.Get("/activate", user.Activate, reqSignIn)
|
||||||
|
m.Post("/activate", user.ActivatePost, reqSignIn)
|
||||||
m.Any("/activate_email", user.ActivateEmail)
|
m.Any("/activate_email", user.ActivateEmail)
|
||||||
m.Get("/avatar/{username}/{size}", user.Avatar)
|
m.Get("/avatar/{username}/{size}", user.Avatar)
|
||||||
m.Get("/email2user", user.Email2User)
|
m.Get("/email2user", user.Email2User)
|
||||||
|
|
|
@ -1240,7 +1240,7 @@ func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: probably we should respect 'remeber' user's choice...
|
// TODO: probably we should respect 'remember' user's choice...
|
||||||
linkAccount(ctx, user, *gothUser, true)
|
linkAccount(ctx, user, *gothUser, true)
|
||||||
return // user is already created here, all redirects are handled
|
return // user is already created here, all redirects are handled
|
||||||
} else if setting.OAuth2Client.AccountLinking == setting.OAuth2AccountLinkingLogin {
|
} else if setting.OAuth2Client.AccountLinking == setting.OAuth2AccountLinkingLogin {
|
||||||
|
@ -1327,12 +1327,11 @@ func handleUserCreated(ctx *context.Context, u *models.User, gothUser *goth.User
|
||||||
// Activate render activate user page
|
// Activate render activate user page
|
||||||
func Activate(ctx *context.Context) {
|
func Activate(ctx *context.Context) {
|
||||||
code := ctx.Query("code")
|
code := ctx.Query("code")
|
||||||
password := ctx.Query("password")
|
|
||||||
|
|
||||||
if len(code) == 0 {
|
if len(code) == 0 {
|
||||||
ctx.Data["IsActivatePage"] = true
|
ctx.Data["IsActivatePage"] = true
|
||||||
if ctx.User.IsActive {
|
if ctx.User == nil || ctx.User.IsActive {
|
||||||
ctx.Error(http.StatusNotFound)
|
ctx.NotFound("invalid user", nil)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
// Resend confirmation email.
|
// Resend confirmation email.
|
||||||
|
@ -1364,6 +1363,34 @@ func Activate(ctx *context.Context) {
|
||||||
|
|
||||||
// if account is local account, verify password
|
// if account is local account, verify password
|
||||||
if user.LoginSource == 0 {
|
if user.LoginSource == 0 {
|
||||||
|
ctx.Data["Code"] = code
|
||||||
|
ctx.Data["NeedsPassword"] = true
|
||||||
|
ctx.HTML(http.StatusOK, TplActivate)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
handleAccountActivation(ctx, user)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ActivatePost handles account activation with password check
|
||||||
|
func ActivatePost(ctx *context.Context) {
|
||||||
|
code := ctx.Query("code")
|
||||||
|
if len(code) == 0 {
|
||||||
|
ctx.Redirect(setting.AppSubURL + "/user/activate")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
user := models.VerifyUserActiveCode(code)
|
||||||
|
// if code is wrong
|
||||||
|
if user == nil {
|
||||||
|
ctx.Data["IsActivateFailed"] = true
|
||||||
|
ctx.HTML(http.StatusOK, TplActivate)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// if account is local account, verify password
|
||||||
|
if user.LoginSource == 0 {
|
||||||
|
password := ctx.Query("password")
|
||||||
if len(password) == 0 {
|
if len(password) == 0 {
|
||||||
ctx.Data["Code"] = code
|
ctx.Data["Code"] = code
|
||||||
ctx.Data["NeedsPassword"] = true
|
ctx.Data["NeedsPassword"] = true
|
||||||
|
@ -1377,6 +1404,10 @@ func Activate(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
handleAccountActivation(ctx, user)
|
||||||
|
}
|
||||||
|
|
||||||
|
func handleAccountActivation(ctx *context.Context, user *models.User) {
|
||||||
user.IsActive = true
|
user.IsActive = true
|
||||||
var err error
|
var err error
|
||||||
if user.Rands, err = models.GetUserSalt(); err != nil {
|
if user.Rands, err = models.GetUserSalt(); err != nil {
|
||||||
|
@ -1385,7 +1416,7 @@ func Activate(ctx *context.Context) {
|
||||||
}
|
}
|
||||||
if err := models.UpdateUserCols(user, "is_active", "rands"); err != nil {
|
if err := models.UpdateUserCols(user, "is_active", "rands"); err != nil {
|
||||||
if models.IsErrUserNotExist(err) {
|
if models.IsErrUserNotExist(err) {
|
||||||
ctx.Error(http.StatusNotFound)
|
ctx.NotFound("UpdateUserCols", err)
|
||||||
} else {
|
} else {
|
||||||
ctx.ServerError("UpdateUser", err)
|
ctx.ServerError("UpdateUser", err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,17 +19,15 @@
|
||||||
{{end}}
|
{{end}}
|
||||||
{{else}}
|
{{else}}
|
||||||
{{if .NeedsPassword}}
|
{{if .NeedsPassword}}
|
||||||
<form class="ui form" action="{{AppSubUrl}}/user/activate" method="post">
|
<div class="required inline field">
|
||||||
<div class="required inline field">
|
<label for="password">{{.i18n.Tr "password"}}</label>
|
||||||
<label for="password">{{.i18n.Tr "password"}}</label>
|
<input id="password" name="password" type="password" autocomplete="off" required>
|
||||||
<input id="password" name="password" type="password" autocomplete="off" required>
|
</div>
|
||||||
</div>
|
<div class="inline field">
|
||||||
<div class="inline field">
|
<label></label>
|
||||||
<label></label>
|
<button class="ui green button">{{.i18n.Tr "install.confirm_password"}}</button>
|
||||||
<button class="ui green button">{{.i18n.Tr "install.confirm_password"}}</button>
|
</div>
|
||||||
</div>
|
<input id="code" name="code" type="hidden" value="{{.Code}}">
|
||||||
<input id="code" name="code" type="hidden" value="{{.Code}}">
|
|
||||||
</form>
|
|
||||||
{{else if .IsSendRegisterMail}}
|
{{else if .IsSendRegisterMail}}
|
||||||
<p>{{.i18n.Tr "auth.confirmation_mail_sent_prompt" (.Email|Escape) .ActiveCodeLives | Str2html}}</p>
|
<p>{{.i18n.Tr "auth.confirmation_mail_sent_prompt" (.Email|Escape) .ActiveCodeLives | Str2html}}</p>
|
||||||
{{else if .IsActivateFailed}}
|
{{else if .IsActivateFailed}}
|
||||||
|
|
Loading…
Reference in New Issue