Fix URLJoin, markup render link reoslving, sign-in/up/linkaccount page common data (#36861)
The logic of "URLJoin" is unclear and it is often abused. Also: * Correct the `resolveLinkRelative` behavior * Fix missing "PathEscape" in `ToTag` * Fix more FIXMEs, and add new FIXMEs for newly found problems * Refactor "auth page common template data"
This commit is contained in:
@@ -45,6 +45,33 @@ const (
|
||||
TplActivatePrompt templates.TplName = "user/auth/activate_prompt" // for showing a message for user activation
|
||||
)
|
||||
|
||||
type CommonAuthOptions struct {
|
||||
EnableCaptcha bool
|
||||
}
|
||||
|
||||
func prepareCommonAuthPageData(ctx *context.Context, opt CommonAuthOptions) {
|
||||
ctx.Data["EnablePasswordSignInForm"] = setting.Service.EnablePasswordSignInForm
|
||||
ctx.Data["EnablePasskeyAuth"] = setting.Service.EnablePasskeyAuth
|
||||
|
||||
// for OpenID Connect
|
||||
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
||||
ctx.Data["AllowOnlyInternalRegistration"] = setting.Service.AllowOnlyInternalRegistration
|
||||
|
||||
if opt.EnableCaptcha {
|
||||
ctx.Data["EnableCaptcha"] = true
|
||||
ctx.Data["RecaptchaAPIScriptURL"] = strings.TrimSuffix(setting.Service.RecaptchaURL, "/") + "/api.js"
|
||||
ctx.Data["CaptchaType"] = setting.Service.CaptchaType
|
||||
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
|
||||
ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
|
||||
ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
|
||||
ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
|
||||
ctx.Data["CfTurnstileSitekey"] = setting.Service.CfTurnstileSitekey
|
||||
if setting.Service.CaptchaType == setting.ImageCaptcha {
|
||||
ctx.Data["Captcha"] = context.GetImageCaptcha()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// autoSignIn reads cookie and try to auto-login.
|
||||
func autoSignIn(ctx *context.Context) (bool, error) {
|
||||
isSucceed := false
|
||||
@@ -199,12 +226,10 @@ func prepareSignInPageData(ctx *context.Context) {
|
||||
ctx.Data["PageIsSignIn"] = true
|
||||
ctx.Data["PageIsLogin"] = true
|
||||
ctx.Data["EnableSSPI"] = auth.IsSSPIEnabled(ctx)
|
||||
ctx.Data["EnablePasswordSignInForm"] = setting.Service.EnablePasswordSignInForm
|
||||
ctx.Data["EnablePasskeyAuth"] = setting.Service.EnablePasskeyAuth
|
||||
|
||||
if setting.Service.EnableCaptcha && setting.Service.RequireCaptchaForLogin {
|
||||
context.SetCaptchaData(ctx)
|
||||
}
|
||||
prepareCommonAuthPageData(ctx, CommonAuthOptions{
|
||||
EnableCaptcha: setting.Service.EnableCaptcha && setting.Service.RequireCaptchaForLogin,
|
||||
})
|
||||
}
|
||||
|
||||
// SignIn render sign in page
|
||||
@@ -442,50 +467,51 @@ func buildSignOutRedirectURL(ctx *context.Context) string {
|
||||
return setting.AppSubURL + "/"
|
||||
}
|
||||
|
||||
// SignUp render the register page
|
||||
func SignUp(ctx *context.Context) {
|
||||
func prepareSignUpPageData(ctx *context.Context) bool {
|
||||
ctx.Data["Title"] = ctx.Tr("sign_up")
|
||||
ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/sign_up"
|
||||
ctx.Data["PageIsSignUp"] = true
|
||||
|
||||
hasUsers, _ := user_model.HasUsers(ctx)
|
||||
hasUsers, err := user_model.HasUsers(ctx)
|
||||
if err != nil {
|
||||
ctx.ServerError("HasUsers", err)
|
||||
return false
|
||||
}
|
||||
ctx.Data["IsFirstTimeRegistration"] = !hasUsers.HasAnyUser
|
||||
|
||||
oauth2Providers, err := oauth2.GetOAuth2Providers(ctx, optional.Some(true))
|
||||
if err != nil {
|
||||
ctx.ServerError("UserSignUp", err)
|
||||
return
|
||||
ctx.ServerError("GetOAuth2Providers", err)
|
||||
return false
|
||||
}
|
||||
|
||||
ctx.Data["OAuth2Providers"] = oauth2Providers
|
||||
context.SetCaptchaData(ctx)
|
||||
|
||||
ctx.Data["PageIsSignUp"] = true
|
||||
prepareCommonAuthPageData(ctx, CommonAuthOptions{
|
||||
EnableCaptcha: setting.Service.EnableCaptcha,
|
||||
})
|
||||
|
||||
// Show Disabled Registration message if DisableRegistration or AllowOnlyExternalRegistration options are true
|
||||
ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration || setting.Service.AllowOnlyExternalRegistration
|
||||
|
||||
rememberAuthRedirectLink(ctx)
|
||||
return true
|
||||
}
|
||||
|
||||
// SignUp render the register page
|
||||
func SignUp(ctx *context.Context) {
|
||||
if !prepareSignUpPageData(ctx) {
|
||||
return
|
||||
}
|
||||
rememberAuthRedirectLink(ctx)
|
||||
ctx.HTML(http.StatusOK, tplSignUp)
|
||||
}
|
||||
|
||||
// SignUpPost response for sign up information submission
|
||||
func SignUpPost(ctx *context.Context) {
|
||||
form := web.GetForm(ctx).(*forms.RegisterForm)
|
||||
ctx.Data["Title"] = ctx.Tr("sign_up")
|
||||
|
||||
ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/sign_up"
|
||||
|
||||
oauth2Providers, err := oauth2.GetOAuth2Providers(ctx, optional.Some(true))
|
||||
if err != nil {
|
||||
ctx.ServerError("UserSignUp", err)
|
||||
if !prepareSignUpPageData(ctx) {
|
||||
return
|
||||
}
|
||||
|
||||
ctx.Data["OAuth2Providers"] = oauth2Providers
|
||||
context.SetCaptchaData(ctx)
|
||||
|
||||
ctx.Data["PageIsSignUp"] = true
|
||||
form := web.GetForm(ctx).(*forms.RegisterForm)
|
||||
|
||||
// Permission denied if DisableRegistration or AllowOnlyExternalRegistration options are true
|
||||
if setting.Service.DisableRegistration || setting.Service.AllowOnlyExternalRegistration {
|
||||
|
||||
@@ -24,30 +24,27 @@ import (
|
||||
|
||||
var tplLinkAccount templates.TplName = "user/auth/link_account"
|
||||
|
||||
// LinkAccount shows the page where the user can decide to login or create a new account
|
||||
func LinkAccount(ctx *context.Context) {
|
||||
// FIXME: these common template variables should be prepared in one common function, but not just copy-paste again and again.
|
||||
func prepareLinkAccountPageData(ctx *context.Context) {
|
||||
// TODO Make insecure passwords optional for local accounts also, once email-based Second-Factor Auth is available
|
||||
ctx.Data["DisablePassword"] = !setting.Service.RequireExternalRegistrationPassword || setting.Service.AllowOnlyExternalRegistration
|
||||
|
||||
ctx.Data["Title"] = ctx.Tr("link_account")
|
||||
ctx.Data["LinkAccountMode"] = true
|
||||
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha
|
||||
ctx.Data["Captcha"] = context.GetImageCaptcha()
|
||||
ctx.Data["CaptchaType"] = setting.Service.CaptchaType
|
||||
ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
|
||||
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
|
||||
ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
|
||||
ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
|
||||
ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
|
||||
ctx.Data["CfTurnstileSitekey"] = setting.Service.CfTurnstileSitekey
|
||||
ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
|
||||
ctx.Data["AllowOnlyInternalRegistration"] = setting.Service.AllowOnlyInternalRegistration
|
||||
ctx.Data["EnablePasswordSignInForm"] = setting.Service.EnablePasswordSignInForm
|
||||
ctx.Data["ShowRegistrationButton"] = false
|
||||
ctx.Data["EnablePasskeyAuth"] = setting.Service.EnablePasskeyAuth
|
||||
|
||||
// use this to set the right link into the signIn and signUp templates in the link_account template
|
||||
ctx.Data["SignInLink"] = setting.AppSubURL + "/user/link_account_signin"
|
||||
ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/link_account_signup"
|
||||
ctx.Data["ShowRegistrationButton"] = false
|
||||
ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
|
||||
|
||||
prepareCommonAuthPageData(ctx, CommonAuthOptions{
|
||||
EnableCaptcha: setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha,
|
||||
})
|
||||
}
|
||||
|
||||
// LinkAccount shows the page where the user can decide to login or create a new account
|
||||
func LinkAccount(ctx *context.Context) {
|
||||
prepareLinkAccountPageData(ctx)
|
||||
|
||||
linkAccountData := oauth2GetLinkAccountData(ctx)
|
||||
|
||||
@@ -126,28 +123,10 @@ func handleSignInError(ctx *context.Context, userName string, ptrForm any, tmpl
|
||||
// LinkAccountPostSignIn handle the coupling of external account with another account using signIn
|
||||
func LinkAccountPostSignIn(ctx *context.Context) {
|
||||
signInForm := web.GetForm(ctx).(*forms.SignInForm)
|
||||
ctx.Data["DisablePassword"] = !setting.Service.RequireExternalRegistrationPassword || setting.Service.AllowOnlyExternalRegistration
|
||||
ctx.Data["Title"] = ctx.Tr("link_account")
|
||||
ctx.Data["LinkAccountMode"] = true
|
||||
ctx.Data["LinkAccountModeSignIn"] = true
|
||||
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha
|
||||
ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
|
||||
ctx.Data["Captcha"] = context.GetImageCaptcha()
|
||||
ctx.Data["CaptchaType"] = setting.Service.CaptchaType
|
||||
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
|
||||
ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
|
||||
ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
|
||||
ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
|
||||
ctx.Data["CfTurnstileSitekey"] = setting.Service.CfTurnstileSitekey
|
||||
ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
|
||||
ctx.Data["AllowOnlyInternalRegistration"] = setting.Service.AllowOnlyInternalRegistration
|
||||
ctx.Data["EnablePasswordSignInForm"] = setting.Service.EnablePasswordSignInForm
|
||||
ctx.Data["ShowRegistrationButton"] = false
|
||||
ctx.Data["EnablePasskeyAuth"] = setting.Service.EnablePasskeyAuth
|
||||
|
||||
// use this to set the right link into the signIn and signUp templates in the link_account template
|
||||
ctx.Data["SignInLink"] = setting.AppSubURL + "/user/link_account_signin"
|
||||
ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/link_account_signup"
|
||||
ctx.Data["LinkAccountModeSignIn"] = true
|
||||
|
||||
prepareLinkAccountPageData(ctx)
|
||||
|
||||
linkAccountData := oauth2GetLinkAccountData(ctx)
|
||||
if linkAccountData == nil {
|
||||
@@ -218,30 +197,10 @@ func oauth2LinkAccount(ctx *context.Context, u *user_model.User, linkAccountData
|
||||
// LinkAccountPostRegister handle the creation of a new account for an external account using signUp
|
||||
func LinkAccountPostRegister(ctx *context.Context) {
|
||||
form := web.GetForm(ctx).(*forms.RegisterForm)
|
||||
// TODO Make insecure passwords optional for local accounts also,
|
||||
// once email-based Second-Factor Auth is available
|
||||
ctx.Data["DisablePassword"] = !setting.Service.RequireExternalRegistrationPassword || setting.Service.AllowOnlyExternalRegistration
|
||||
ctx.Data["Title"] = ctx.Tr("link_account")
|
||||
ctx.Data["LinkAccountMode"] = true
|
||||
ctx.Data["LinkAccountModeRegister"] = true
|
||||
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha
|
||||
ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
|
||||
ctx.Data["Captcha"] = context.GetImageCaptcha()
|
||||
ctx.Data["CaptchaType"] = setting.Service.CaptchaType
|
||||
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
|
||||
ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
|
||||
ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
|
||||
ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
|
||||
ctx.Data["CfTurnstileSitekey"] = setting.Service.CfTurnstileSitekey
|
||||
ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration
|
||||
ctx.Data["AllowOnlyInternalRegistration"] = setting.Service.AllowOnlyInternalRegistration
|
||||
ctx.Data["EnablePasswordSignInForm"] = setting.Service.EnablePasswordSignInForm
|
||||
ctx.Data["ShowRegistrationButton"] = false
|
||||
ctx.Data["EnablePasskeyAuth"] = setting.Service.EnablePasskeyAuth
|
||||
|
||||
// use this to set the right link into the signIn and signUp templates in the link_account template
|
||||
ctx.Data["SignInLink"] = setting.AppSubURL + "/user/link_account_signin"
|
||||
ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/link_account_signup"
|
||||
ctx.Data["LinkAccountModeRegister"] = true
|
||||
|
||||
prepareLinkAccountPageData(ctx)
|
||||
|
||||
linkAccountData := oauth2GetLinkAccountData(ctx)
|
||||
if linkAccountData == nil {
|
||||
|
||||
@@ -229,19 +229,26 @@ func signInOpenIDVerify(ctx *context.Context) {
|
||||
}
|
||||
}
|
||||
|
||||
// ConnectOpenID shows a form to connect an OpenID URI to an existing account
|
||||
func ConnectOpenID(ctx *context.Context) {
|
||||
oid, _ := ctx.Session.Get("openid_verified_uri").(string)
|
||||
func prepareConnectOpenIDPageData(ctx *context.Context) (oid string) {
|
||||
oid, _ = ctx.Session.Get("openid_verified_uri").(string)
|
||||
if oid == "" {
|
||||
ctx.Redirect(setting.AppSubURL + "/user/login/openid")
|
||||
return
|
||||
return ""
|
||||
}
|
||||
ctx.Data["Title"] = "OpenID connect"
|
||||
ctx.Data["PageIsSignIn"] = true
|
||||
ctx.Data["PageIsOpenIDConnect"] = true
|
||||
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
||||
ctx.Data["AllowOnlyInternalRegistration"] = setting.Service.AllowOnlyInternalRegistration
|
||||
ctx.Data["OpenID"] = oid
|
||||
prepareCommonAuthPageData(ctx, CommonAuthOptions{EnableCaptcha: false})
|
||||
return oid
|
||||
}
|
||||
|
||||
// ConnectOpenID shows a form to connect an OpenID URI to an existing account
|
||||
func ConnectOpenID(ctx *context.Context) {
|
||||
oid := prepareConnectOpenIDPageData(ctx)
|
||||
if oid == "" {
|
||||
return
|
||||
}
|
||||
userName, _ := ctx.Session.Get("openid_determined_username").(string)
|
||||
if userName != "" {
|
||||
ctx.Data["user_name"] = userName
|
||||
@@ -252,16 +259,10 @@ func ConnectOpenID(ctx *context.Context) {
|
||||
// ConnectOpenIDPost handles submission of a form to connect an OpenID URI to an existing account
|
||||
func ConnectOpenIDPost(ctx *context.Context) {
|
||||
form := web.GetForm(ctx).(*forms.ConnectOpenIDForm)
|
||||
oid, _ := ctx.Session.Get("openid_verified_uri").(string)
|
||||
oid := prepareConnectOpenIDPageData(ctx)
|
||||
if oid == "" {
|
||||
ctx.Redirect(setting.AppSubURL + "/user/login/openid")
|
||||
return
|
||||
}
|
||||
ctx.Data["Title"] = "OpenID connect"
|
||||
ctx.Data["PageIsSignIn"] = true
|
||||
ctx.Data["PageIsOpenIDConnect"] = true
|
||||
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
||||
ctx.Data["OpenID"] = oid
|
||||
|
||||
u, _, err := auth.UserSignIn(ctx, form.UserName, form.Password)
|
||||
if err != nil {
|
||||
@@ -287,28 +288,29 @@ func ConnectOpenIDPost(ctx *context.Context) {
|
||||
handleSignIn(ctx, u, remember)
|
||||
}
|
||||
|
||||
// RegisterOpenID shows a form to create a new user authenticated via an OpenID URI
|
||||
func RegisterOpenID(ctx *context.Context) {
|
||||
oid, _ := ctx.Session.Get("openid_verified_uri").(string)
|
||||
func prepareRegisterOpenIDPageData(ctx *context.Context) (oid string) {
|
||||
oid, _ = ctx.Session.Get("openid_verified_uri").(string)
|
||||
if oid == "" {
|
||||
ctx.Redirect(setting.AppSubURL + "/user/login/openid")
|
||||
return
|
||||
return ""
|
||||
}
|
||||
ctx.Data["Title"] = "OpenID signup"
|
||||
ctx.Data["PageIsSignIn"] = true
|
||||
ctx.Data["PageIsOpenIDRegister"] = true
|
||||
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
||||
ctx.Data["AllowOnlyInternalRegistration"] = setting.Service.AllowOnlyInternalRegistration
|
||||
ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
|
||||
ctx.Data["Captcha"] = context.GetImageCaptcha()
|
||||
ctx.Data["CaptchaType"] = setting.Service.CaptchaType
|
||||
ctx.Data["RecaptchaSitekey"] = setting.Service.RecaptchaSitekey
|
||||
ctx.Data["HcaptchaSitekey"] = setting.Service.HcaptchaSitekey
|
||||
ctx.Data["RecaptchaURL"] = setting.Service.RecaptchaURL
|
||||
ctx.Data["McaptchaSitekey"] = setting.Service.McaptchaSitekey
|
||||
ctx.Data["McaptchaURL"] = setting.Service.McaptchaURL
|
||||
ctx.Data["CfTurnstileSitekey"] = setting.Service.CfTurnstileSitekey
|
||||
ctx.Data["OpenID"] = oid
|
||||
prepareCommonAuthPageData(ctx, CommonAuthOptions{
|
||||
EnableCaptcha: setting.Service.EnableCaptcha,
|
||||
})
|
||||
return oid
|
||||
}
|
||||
|
||||
// RegisterOpenID shows a form to create a new user authenticated via an OpenID URI
|
||||
func RegisterOpenID(ctx *context.Context) {
|
||||
oid := prepareRegisterOpenIDPageData(ctx)
|
||||
if oid == "" {
|
||||
return
|
||||
}
|
||||
|
||||
userName, _ := ctx.Session.Get("openid_determined_username").(string)
|
||||
if userName != "" {
|
||||
ctx.Data["user_name"] = userName
|
||||
@@ -322,19 +324,12 @@ func RegisterOpenID(ctx *context.Context) {
|
||||
|
||||
// RegisterOpenIDPost handles submission of a form to create a new user authenticated via an OpenID URI
|
||||
func RegisterOpenIDPost(ctx *context.Context) {
|
||||
form := web.GetForm(ctx).(*forms.SignUpOpenIDForm)
|
||||
oid, _ := ctx.Session.Get("openid_verified_uri").(string)
|
||||
oid := prepareRegisterOpenIDPageData(ctx)
|
||||
if oid == "" {
|
||||
ctx.Redirect(setting.AppSubURL + "/user/login/openid")
|
||||
return
|
||||
}
|
||||
|
||||
ctx.Data["Title"] = "OpenID signup"
|
||||
ctx.Data["PageIsSignIn"] = true
|
||||
ctx.Data["PageIsOpenIDRegister"] = true
|
||||
ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
|
||||
context.SetCaptchaData(ctx)
|
||||
ctx.Data["OpenID"] = oid
|
||||
form := web.GetForm(ctx).(*forms.SignUpOpenIDForm)
|
||||
|
||||
if setting.Service.AllowOnlyInternalRegistration {
|
||||
ctx.HTTPError(http.StatusForbidden)
|
||||
|
||||
@@ -218,7 +218,8 @@ func redirectForCommitChoice[T any](ctx *context.Context, parsed *preparedEditor
|
||||
}
|
||||
|
||||
// redirect to the newly updated file
|
||||
redirectTo := util.URLJoin(ctx.Repo.RepoLink, "src/branch", util.PathEscapeSegments(parsed.NewBranchName), util.PathEscapeSegments(treePath))
|
||||
redirectTo := ctx.Repo.RepoLink + "/src/branch/" + util.PathEscapeSegments(parsed.NewBranchName) + "/" + util.PathEscapeSegments(treePath)
|
||||
redirectTo = strings.TrimSuffix(redirectTo, "/")
|
||||
ctx.JSONRedirect(redirectTo)
|
||||
}
|
||||
|
||||
|
||||
@@ -238,7 +238,7 @@ func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
|
||||
ctx.Redirect(ctx.Repo.RepoLink + "/wiki/?action=_pages")
|
||||
}
|
||||
if isRaw {
|
||||
ctx.Redirect(util.URLJoin(ctx.Repo.RepoLink, "wiki/raw", string(pageName)))
|
||||
ctx.Redirect(ctx.Repo.RepoLink + "/wiki/raw/" + string(pageName))
|
||||
}
|
||||
if entry == nil || ctx.Written() {
|
||||
return nil, nil
|
||||
|
||||
Reference in New Issue
Block a user