Fixed several activation bugs (#15473) (#15685)

* Removed unneeded form tag.

* Fixed typo.

* Fixed NPE.

* Use better error page.

* Splitted GET and POST.

Co-authored-by: KN4CK3R <KN4CK3R@users.noreply.github.com>
This commit is contained in:
6543 2021-05-01 02:14:36 +02:00 committed by GitHub
parent a725d31496
commit 15886ce048
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 46 additions and 16 deletions

View file

@ -470,7 +470,8 @@ func RegisterRoutes(m *web.Route) {
m.Group("/user", func() {
// r.Get("/feeds", binding.Bind(auth.FeedsForm{}), user.Feeds)
m.Any("/activate", user.Activate, reqSignIn)
m.Get("/activate", user.Activate, reqSignIn)
m.Post("/activate", user.ActivatePost, reqSignIn)
m.Any("/activate_email", user.ActivateEmail)
m.Get("/avatar/{username}/{size}", user.Avatar)
m.Get("/email2user", user.Email2User)

View file

@ -1233,12 +1233,11 @@ func SignUpPost(ctx *context.Context) {
// Activate render activate user page
func Activate(ctx *context.Context) {
code := ctx.Query("code")
password := ctx.Query("password")
if len(code) == 0 {
ctx.Data["IsActivatePage"] = true
if ctx.User.IsActive {
ctx.Error(404)
if ctx.User == nil || ctx.User.IsActive {
ctx.NotFound("invalid user", nil)
return
}
// Resend confirmation email.
@ -1270,6 +1269,34 @@ func Activate(ctx *context.Context) {
// if account is local account, verify password
if user.LoginSource == 0 {
ctx.Data["Code"] = code
ctx.Data["NeedsPassword"] = true
ctx.HTML(http.StatusOK, TplActivate)
return
}
handleAccountActivation(ctx, user)
}
// ActivatePost handles account activation with password check
func ActivatePost(ctx *context.Context) {
code := ctx.Query("code")
if len(code) == 0 {
ctx.Redirect(setting.AppSubURL + "/user/activate")
return
}
user := models.VerifyUserActiveCode(code)
// if code is wrong
if user == nil {
ctx.Data["IsActivateFailed"] = true
ctx.HTML(http.StatusOK, TplActivate)
return
}
// if account is local account, verify password
if user.LoginSource == 0 {
password := ctx.Query("password")
if len(password) == 0 {
ctx.Data["Code"] = code
ctx.Data["NeedsPassword"] = true
@ -1283,6 +1310,10 @@ func Activate(ctx *context.Context) {
}
}
handleAccountActivation(ctx, user)
}
func handleAccountActivation(ctx *context.Context, user *models.User) {
user.IsActive = true
var err error
if user.Rands, err = models.GetUserSalt(); err != nil {
@ -1291,7 +1322,7 @@ func Activate(ctx *context.Context) {
}
if err := models.UpdateUserCols(user, "is_active", "rands"); err != nil {
if models.IsErrUserNotExist(err) {
ctx.Error(404)
ctx.NotFound("UpdateUserCols", err)
} else {
ctx.ServerError("UpdateUser", err)
}

View file

@ -19,7 +19,6 @@
{{end}}
{{else}}
{{if .NeedsPassword}}
<form class="ui form" action="{{AppSubUrl}}/user/activate" method="post">
<div class="required inline field">
<label for="password">{{.i18n.Tr "password"}}</label>
<input id="password" name="password" type="password" autocomplete="off" required>
@ -29,7 +28,6 @@
<button class="ui green button">{{.i18n.Tr "install.confirm_password"}}</button>
</div>
<input id="code" name="code" type="hidden" value="{{.Code}}">
</form>
{{else if .IsSendRegisterMail}}
<p>{{.i18n.Tr "auth.confirmation_mail_sent_prompt" (.Email|Escape) .ActiveCodeLives | Str2html}}</p>
{{else if .IsActivateFailed}}