user.go 32 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173
  1. // Copyright 2014 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package db
  5. import (
  6. "bytes"
  7. "crypto/sha256"
  8. "crypto/subtle"
  9. "encoding/hex"
  10. "fmt"
  11. "image"
  12. _ "image/jpeg"
  13. "image/png"
  14. "os"
  15. "path/filepath"
  16. "strings"
  17. "time"
  18. "unicode/utf8"
  19. "github.com/nfnt/resize"
  20. "github.com/unknwon/com"
  21. "golang.org/x/crypto/pbkdf2"
  22. log "unknwon.dev/clog/v2"
  23. "xorm.io/xorm"
  24. "github.com/gogs/git-module"
  25. api "github.com/gogs/go-gogs-client"
  26. "gogs.io/gogs/internal/avatar"
  27. "gogs.io/gogs/internal/conf"
  28. "gogs.io/gogs/internal/db/errors"
  29. "gogs.io/gogs/internal/errutil"
  30. "gogs.io/gogs/internal/strutil"
  31. "gogs.io/gogs/internal/tool"
  32. )
  33. // USER_AVATAR_URL_PREFIX is used to identify a URL is to access user avatar.
  34. const USER_AVATAR_URL_PREFIX = "avatars"
  35. type UserType int
  36. const (
  37. UserIndividual UserType = iota // Historic reason to make it starts at 0.
  38. UserOrganization
  39. )
  40. // User represents the object of individual and member of organization.
  41. type User struct {
  42. ID int64
  43. LowerName string `xorm:"UNIQUE NOT NULL" gorm:"UNIQUE"`
  44. Name string `xorm:"UNIQUE NOT NULL" gorm:"NOT NULL"`
  45. FullName string
  46. // Email is the primary email address (to be used for communication)
  47. Email string `xorm:"NOT NULL" gorm:"NOT NULL"`
  48. Passwd string `xorm:"NOT NULL" gorm:"NOT NULL"`
  49. LoginSource int64 `xorm:"NOT NULL DEFAULT 0" gorm:"NOT NULL;DEFAULT:0"`
  50. LoginName string
  51. Type UserType
  52. OwnedOrgs []*User `xorm:"-" gorm:"-" json:"-"`
  53. Orgs []*User `xorm:"-" gorm:"-" json:"-"`
  54. Repos []*Repository `xorm:"-" gorm:"-" json:"-"`
  55. Location string
  56. Website string
  57. Rands string `xorm:"VARCHAR(10)" gorm:"TYPE:VARCHAR(10)"`
  58. Salt string `xorm:"VARCHAR(10)" gorm:"TYPE:VARCHAR(10)"`
  59. Created time.Time `xorm:"-" gorm:"-" json:"-"`
  60. CreatedUnix int64
  61. Updated time.Time `xorm:"-" gorm:"-" json:"-"`
  62. UpdatedUnix int64
  63. // Remember visibility choice for convenience, true for private
  64. LastRepoVisibility bool
  65. // Maximum repository creation limit, -1 means use global default
  66. MaxRepoCreation int `xorm:"NOT NULL DEFAULT -1" gorm:"NOT NULL;DEFAULT:-1"`
  67. // Permissions
  68. IsActive bool // Activate primary email
  69. IsAdmin bool
  70. AllowGitHook bool
  71. AllowImportLocal bool // Allow migrate repository by local path
  72. ProhibitLogin bool
  73. // Avatar
  74. Avatar string `xorm:"VARCHAR(2048) NOT NULL" gorm:"TYPE:VARCHAR(2048);NOT NULL"`
  75. AvatarEmail string `xorm:"NOT NULL" gorm:"NOT NULL"`
  76. UseCustomAvatar bool
  77. // Counters
  78. NumFollowers int
  79. NumFollowing int `xorm:"NOT NULL DEFAULT 0" gorm:"NOT NULL;DEFAULT:0"`
  80. NumStars int
  81. NumRepos int
  82. // For organization
  83. Description string
  84. NumTeams int
  85. NumMembers int
  86. Teams []*Team `xorm:"-" gorm:"-" json:"-"`
  87. Members []*User `xorm:"-" gorm:"-" json:"-"`
  88. }
  89. func (u *User) BeforeInsert() {
  90. u.CreatedUnix = time.Now().Unix()
  91. u.UpdatedUnix = u.CreatedUnix
  92. }
  93. func (u *User) BeforeUpdate() {
  94. if u.MaxRepoCreation < -1 {
  95. u.MaxRepoCreation = -1
  96. }
  97. u.UpdatedUnix = time.Now().Unix()
  98. }
  99. func (u *User) AfterSet(colName string, _ xorm.Cell) {
  100. switch colName {
  101. case "created_unix":
  102. u.Created = time.Unix(u.CreatedUnix, 0).Local()
  103. case "updated_unix":
  104. u.Updated = time.Unix(u.UpdatedUnix, 0).Local()
  105. }
  106. }
  107. // IDStr returns string representation of user's ID.
  108. func (u *User) IDStr() string {
  109. return com.ToStr(u.ID)
  110. }
  111. func (u *User) APIFormat() *api.User {
  112. return &api.User{
  113. ID: u.ID,
  114. UserName: u.Name,
  115. Login: u.Name,
  116. FullName: u.FullName,
  117. Email: u.Email,
  118. AvatarUrl: u.AvatarLink(),
  119. }
  120. }
  121. // returns true if user login type is LoginPlain.
  122. func (u *User) IsLocal() bool {
  123. return u.LoginSource <= 0
  124. }
  125. // HasForkedRepo checks if user has already forked a repository with given ID.
  126. func (u *User) HasForkedRepo(repoID int64) bool {
  127. _, has, _ := HasForkedRepo(u.ID, repoID)
  128. return has
  129. }
  130. func (u *User) RepoCreationNum() int {
  131. if u.MaxRepoCreation <= -1 {
  132. return conf.Repository.MaxCreationLimit
  133. }
  134. return u.MaxRepoCreation
  135. }
  136. func (u *User) CanCreateRepo() bool {
  137. if u.MaxRepoCreation <= -1 {
  138. if conf.Repository.MaxCreationLimit <= -1 {
  139. return true
  140. }
  141. return u.NumRepos < conf.Repository.MaxCreationLimit
  142. }
  143. return u.NumRepos < u.MaxRepoCreation
  144. }
  145. func (u *User) CanCreateOrganization() bool {
  146. return !conf.Admin.DisableRegularOrgCreation || u.IsAdmin
  147. }
  148. // CanEditGitHook returns true if user can edit Git hooks.
  149. func (u *User) CanEditGitHook() bool {
  150. return u.IsAdmin || u.AllowGitHook
  151. }
  152. // CanImportLocal returns true if user can migrate repository by local path.
  153. func (u *User) CanImportLocal() bool {
  154. return conf.Repository.EnableLocalPathMigration && (u.IsAdmin || u.AllowImportLocal)
  155. }
  156. // DashboardLink returns the user dashboard page link.
  157. func (u *User) DashboardLink() string {
  158. if u.IsOrganization() {
  159. return conf.Server.Subpath + "/org/" + u.Name + "/dashboard/"
  160. }
  161. return conf.Server.Subpath + "/"
  162. }
  163. // HomeLink returns the user or organization home page link.
  164. func (u *User) HomeLink() string {
  165. return conf.Server.Subpath + "/" + u.Name
  166. }
  167. func (u *User) HTMLURL() string {
  168. return conf.Server.ExternalURL + u.Name
  169. }
  170. // GenerateEmailActivateCode generates an activate code based on user information and given e-mail.
  171. func (u *User) GenerateEmailActivateCode(email string) string {
  172. code := tool.CreateTimeLimitCode(
  173. com.ToStr(u.ID)+email+u.LowerName+u.Passwd+u.Rands,
  174. conf.Auth.ActivateCodeLives, nil)
  175. // Add tail hex username
  176. code += hex.EncodeToString([]byte(u.LowerName))
  177. return code
  178. }
  179. // GenerateActivateCode generates an activate code based on user information.
  180. func (u *User) GenerateActivateCode() string {
  181. return u.GenerateEmailActivateCode(u.Email)
  182. }
  183. // CustomAvatarPath returns user custom avatar file path.
  184. func (u *User) CustomAvatarPath() string {
  185. return filepath.Join(conf.Picture.AvatarUploadPath, com.ToStr(u.ID))
  186. }
  187. // GenerateRandomAvatar generates a random avatar for user.
  188. func (u *User) GenerateRandomAvatar() error {
  189. seed := u.Email
  190. if len(seed) == 0 {
  191. seed = u.Name
  192. }
  193. img, err := avatar.RandomImage([]byte(seed))
  194. if err != nil {
  195. return fmt.Errorf("RandomImage: %v", err)
  196. }
  197. if err = os.MkdirAll(filepath.Dir(u.CustomAvatarPath()), os.ModePerm); err != nil {
  198. return fmt.Errorf("MkdirAll: %v", err)
  199. }
  200. fw, err := os.Create(u.CustomAvatarPath())
  201. if err != nil {
  202. return fmt.Errorf("Create: %v", err)
  203. }
  204. defer fw.Close()
  205. if err = png.Encode(fw, img); err != nil {
  206. return fmt.Errorf("Encode: %v", err)
  207. }
  208. log.Info("New random avatar created: %d", u.ID)
  209. return nil
  210. }
  211. // RelAvatarLink returns relative avatar link to the site domain,
  212. // which includes app sub-url as prefix. However, it is possible
  213. // to return full URL if user enables Gravatar-like service.
  214. func (u *User) RelAvatarLink() string {
  215. defaultImgUrl := conf.Server.Subpath + "/img/avatar_default.png"
  216. if u.ID == -1 {
  217. return defaultImgUrl
  218. }
  219. switch {
  220. case u.UseCustomAvatar:
  221. if !com.IsExist(u.CustomAvatarPath()) {
  222. return defaultImgUrl
  223. }
  224. return fmt.Sprintf("%s/%s/%d", conf.Server.Subpath, USER_AVATAR_URL_PREFIX, u.ID)
  225. case conf.Picture.DisableGravatar:
  226. if !com.IsExist(u.CustomAvatarPath()) {
  227. if err := u.GenerateRandomAvatar(); err != nil {
  228. log.Error("GenerateRandomAvatar: %v", err)
  229. }
  230. }
  231. return fmt.Sprintf("%s/%s/%d", conf.Server.Subpath, USER_AVATAR_URL_PREFIX, u.ID)
  232. }
  233. return tool.AvatarLink(u.AvatarEmail)
  234. }
  235. // AvatarLink returns user avatar absolute link.
  236. func (u *User) AvatarLink() string {
  237. link := u.RelAvatarLink()
  238. if link[0] == '/' && link[1] != '/' {
  239. return conf.Server.ExternalURL + strings.TrimPrefix(link, conf.Server.Subpath)[1:]
  240. }
  241. return link
  242. }
  243. // User.GetFollwoers returns range of user's followers.
  244. func (u *User) GetFollowers(page int) ([]*User, error) {
  245. users := make([]*User, 0, ItemsPerPage)
  246. sess := x.Limit(ItemsPerPage, (page-1)*ItemsPerPage).Where("follow.follow_id=?", u.ID)
  247. if conf.UsePostgreSQL {
  248. sess = sess.Join("LEFT", "follow", `"user".id=follow.user_id`)
  249. } else {
  250. sess = sess.Join("LEFT", "follow", "user.id=follow.user_id")
  251. }
  252. return users, sess.Find(&users)
  253. }
  254. func (u *User) IsFollowing(followID int64) bool {
  255. return IsFollowing(u.ID, followID)
  256. }
  257. // GetFollowing returns range of user's following.
  258. func (u *User) GetFollowing(page int) ([]*User, error) {
  259. users := make([]*User, 0, ItemsPerPage)
  260. sess := x.Limit(ItemsPerPage, (page-1)*ItemsPerPage).Where("follow.user_id=?", u.ID)
  261. if conf.UsePostgreSQL {
  262. sess = sess.Join("LEFT", "follow", `"user".id=follow.follow_id`)
  263. } else {
  264. sess = sess.Join("LEFT", "follow", "user.id=follow.follow_id")
  265. }
  266. return users, sess.Find(&users)
  267. }
  268. // NewGitSig generates and returns the signature of given user.
  269. func (u *User) NewGitSig() *git.Signature {
  270. return &git.Signature{
  271. Name: u.DisplayName(),
  272. Email: u.Email,
  273. When: time.Now(),
  274. }
  275. }
  276. // EncodePassword encodes password to safe format.
  277. func (u *User) EncodePassword() {
  278. newPasswd := pbkdf2.Key([]byte(u.Passwd), []byte(u.Salt), 10000, 50, sha256.New)
  279. u.Passwd = fmt.Sprintf("%x", newPasswd)
  280. }
  281. // ValidatePassword checks if given password matches the one belongs to the user.
  282. func (u *User) ValidatePassword(passwd string) bool {
  283. newUser := &User{Passwd: passwd, Salt: u.Salt}
  284. newUser.EncodePassword()
  285. return subtle.ConstantTimeCompare([]byte(u.Passwd), []byte(newUser.Passwd)) == 1
  286. }
  287. // UploadAvatar saves custom avatar for user.
  288. // FIXME: split uploads to different subdirs in case we have massive number of users.
  289. func (u *User) UploadAvatar(data []byte) error {
  290. img, _, err := image.Decode(bytes.NewReader(data))
  291. if err != nil {
  292. return fmt.Errorf("decode image: %v", err)
  293. }
  294. _ = os.MkdirAll(conf.Picture.AvatarUploadPath, os.ModePerm)
  295. fw, err := os.Create(u.CustomAvatarPath())
  296. if err != nil {
  297. return fmt.Errorf("create custom avatar directory: %v", err)
  298. }
  299. defer fw.Close()
  300. m := resize.Resize(avatar.AVATAR_SIZE, avatar.AVATAR_SIZE, img, resize.NearestNeighbor)
  301. if err = png.Encode(fw, m); err != nil {
  302. return fmt.Errorf("encode image: %v", err)
  303. }
  304. return nil
  305. }
  306. // DeleteAvatar deletes the user's custom avatar.
  307. func (u *User) DeleteAvatar() error {
  308. log.Trace("DeleteAvatar [%d]: %s", u.ID, u.CustomAvatarPath())
  309. if err := os.Remove(u.CustomAvatarPath()); err != nil {
  310. return err
  311. }
  312. u.UseCustomAvatar = false
  313. return UpdateUser(u)
  314. }
  315. // IsAdminOfRepo returns true if user has admin or higher access of repository.
  316. func (u *User) IsAdminOfRepo(repo *Repository) bool {
  317. has, err := HasAccess(u.ID, repo, AccessModeAdmin)
  318. if err != nil {
  319. log.Error("HasAccess: %v", err)
  320. }
  321. return has
  322. }
  323. // IsWriterOfRepo returns true if user has write access to given repository.
  324. func (u *User) IsWriterOfRepo(repo *Repository) bool {
  325. has, err := HasAccess(u.ID, repo, AccessModeWrite)
  326. if err != nil {
  327. log.Error("HasAccess: %v", err)
  328. }
  329. return has
  330. }
  331. // IsOrganization returns true if user is actually a organization.
  332. func (u *User) IsOrganization() bool {
  333. return u.Type == UserOrganization
  334. }
  335. // IsUserOrgOwner returns true if user is in the owner team of given organization.
  336. func (u *User) IsUserOrgOwner(orgId int64) bool {
  337. return IsOrganizationOwner(orgId, u.ID)
  338. }
  339. // IsPublicMember returns true if user public his/her membership in give organization.
  340. func (u *User) IsPublicMember(orgId int64) bool {
  341. return IsPublicMembership(orgId, u.ID)
  342. }
  343. // IsEnabledTwoFactor returns true if user has enabled two-factor authentication.
  344. func (u *User) IsEnabledTwoFactor() bool {
  345. return TwoFactors.IsUserEnabled(u.ID)
  346. }
  347. func (u *User) getOrganizationCount(e Engine) (int64, error) {
  348. return e.Where("uid=?", u.ID).Count(new(OrgUser))
  349. }
  350. // GetOrganizationCount returns count of membership of organization of user.
  351. func (u *User) GetOrganizationCount() (int64, error) {
  352. return u.getOrganizationCount(x)
  353. }
  354. // GetRepositories returns repositories that user owns, including private repositories.
  355. func (u *User) GetRepositories(page, pageSize int) (err error) {
  356. u.Repos, err = GetUserRepositories(&UserRepoOptions{
  357. UserID: u.ID,
  358. Private: true,
  359. Page: page,
  360. PageSize: pageSize,
  361. })
  362. return err
  363. }
  364. // GetRepositories returns mirror repositories that user owns, including private repositories.
  365. func (u *User) GetMirrorRepositories() ([]*Repository, error) {
  366. return GetUserMirrorRepositories(u.ID)
  367. }
  368. // GetOwnedOrganizations returns all organizations that user owns.
  369. func (u *User) GetOwnedOrganizations() (err error) {
  370. u.OwnedOrgs, err = GetOwnedOrgsByUserID(u.ID)
  371. return err
  372. }
  373. // GetOrganizations returns all organizations that user belongs to.
  374. func (u *User) GetOrganizations(showPrivate bool) error {
  375. orgIDs, err := GetOrgIDsByUserID(u.ID, showPrivate)
  376. if err != nil {
  377. return fmt.Errorf("GetOrgIDsByUserID: %v", err)
  378. }
  379. if len(orgIDs) == 0 {
  380. return nil
  381. }
  382. u.Orgs = make([]*User, 0, len(orgIDs))
  383. if err = x.Where("type = ?", UserOrganization).In("id", orgIDs).Find(&u.Orgs); err != nil {
  384. return err
  385. }
  386. return nil
  387. }
  388. // DisplayName returns full name if it's not empty,
  389. // returns username otherwise.
  390. func (u *User) DisplayName() string {
  391. if len(u.FullName) > 0 {
  392. return u.FullName
  393. }
  394. return u.Name
  395. }
  396. func (u *User) ShortName(length int) string {
  397. return tool.EllipsisString(u.Name, length)
  398. }
  399. // IsMailable checks if a user is elegible
  400. // to receive emails.
  401. func (u *User) IsMailable() bool {
  402. return u.IsActive
  403. }
  404. // IsUserExist checks if given user name exist,
  405. // the user name should be noncased unique.
  406. // If uid is presented, then check will rule out that one,
  407. // it is used when update a user name in settings page.
  408. func IsUserExist(uid int64, name string) (bool, error) {
  409. if len(name) == 0 {
  410. return false, nil
  411. }
  412. return x.Where("id != ?", uid).Get(&User{LowerName: strings.ToLower(name)})
  413. }
  414. // GetUserSalt returns a random user salt token.
  415. func GetUserSalt() (string, error) {
  416. return strutil.RandomChars(10)
  417. }
  418. // NewGhostUser creates and returns a fake user for someone who has deleted his/her account.
  419. func NewGhostUser() *User {
  420. return &User{
  421. ID: -1,
  422. Name: "Ghost",
  423. LowerName: "ghost",
  424. }
  425. }
  426. var (
  427. reservedUsernames = []string{"-", "explore", "create", "assets", "css", "img", "js", "less", "plugins", "debug", "raw", "install", "api", "avatar", "user", "org", "help", "stars", "issues", "pulls", "commits", "repo", "template", "admin", "new", ".", ".."}
  428. reservedUserPatterns = []string{"*.keys"}
  429. )
  430. type ErrNameNotAllowed struct {
  431. args errutil.Args
  432. }
  433. func IsErrNameNotAllowed(err error) bool {
  434. _, ok := err.(ErrNameNotAllowed)
  435. return ok
  436. }
  437. func (err ErrNameNotAllowed) Value() string {
  438. val, ok := err.args["name"].(string)
  439. if ok {
  440. return val
  441. }
  442. val, ok = err.args["pattern"].(string)
  443. if ok {
  444. return val
  445. }
  446. return "<value not found>"
  447. }
  448. func (err ErrNameNotAllowed) Error() string {
  449. return fmt.Sprintf("name is not allowed: %v", err.args)
  450. }
  451. // isNameAllowed checks if name is reserved or pattern of name is not allowed
  452. // based on given reserved names and patterns.
  453. // Names are exact match, patterns can be prefix or suffix match with placeholder '*'.
  454. func isNameAllowed(names, patterns []string, name string) error {
  455. name = strings.TrimSpace(strings.ToLower(name))
  456. if utf8.RuneCountInString(name) == 0 {
  457. return ErrNameNotAllowed{args: errutil.Args{"reason": "empty name"}}
  458. }
  459. for i := range names {
  460. if name == names[i] {
  461. return ErrNameNotAllowed{args: errutil.Args{"reason": "reserved", "name": name}}
  462. }
  463. }
  464. for _, pat := range patterns {
  465. if pat[0] == '*' && strings.HasSuffix(name, pat[1:]) ||
  466. (pat[len(pat)-1] == '*' && strings.HasPrefix(name, pat[:len(pat)-1])) {
  467. return ErrNameNotAllowed{args: errutil.Args{"reason": "reserved", "pattern": pat}}
  468. }
  469. }
  470. return nil
  471. }
  472. // isUsernameAllowed return an error if given name is a reserved name or pattern for users.
  473. func isUsernameAllowed(name string) error {
  474. return isNameAllowed(reservedUsernames, reservedUserPatterns, name)
  475. }
  476. // CreateUser creates record of a new user.
  477. // Deprecated: Use Users.Create instead.
  478. func CreateUser(u *User) (err error) {
  479. if err = isUsernameAllowed(u.Name); err != nil {
  480. return err
  481. }
  482. isExist, err := IsUserExist(0, u.Name)
  483. if err != nil {
  484. return err
  485. } else if isExist {
  486. return ErrUserAlreadyExist{args: errutil.Args{"name": u.Name}}
  487. }
  488. u.Email = strings.ToLower(u.Email)
  489. isExist, err = IsEmailUsed(u.Email)
  490. if err != nil {
  491. return err
  492. } else if isExist {
  493. return ErrEmailAlreadyUsed{args: errutil.Args{"email": u.Email}}
  494. }
  495. u.LowerName = strings.ToLower(u.Name)
  496. u.AvatarEmail = u.Email
  497. u.Avatar = tool.HashEmail(u.AvatarEmail)
  498. if u.Rands, err = GetUserSalt(); err != nil {
  499. return err
  500. }
  501. if u.Salt, err = GetUserSalt(); err != nil {
  502. return err
  503. }
  504. u.EncodePassword()
  505. u.MaxRepoCreation = -1
  506. sess := x.NewSession()
  507. defer sess.Close()
  508. if err = sess.Begin(); err != nil {
  509. return err
  510. }
  511. if _, err = sess.Insert(u); err != nil {
  512. return err
  513. } else if err = os.MkdirAll(UserPath(u.Name), os.ModePerm); err != nil {
  514. return err
  515. }
  516. return sess.Commit()
  517. }
  518. func countUsers(e Engine) int64 {
  519. count, _ := e.Where("type=0").Count(new(User))
  520. return count
  521. }
  522. // CountUsers returns number of users.
  523. func CountUsers() int64 {
  524. return countUsers(x)
  525. }
  526. // Users returns number of users in given page.
  527. func ListUsers(page, pageSize int) ([]*User, error) {
  528. users := make([]*User, 0, pageSize)
  529. return users, x.Limit(pageSize, (page-1)*pageSize).Where("type=0").Asc("id").Find(&users)
  530. }
  531. // parseUserFromCode returns user by username encoded in code.
  532. // It returns nil if code or username is invalid.
  533. func parseUserFromCode(code string) (user *User) {
  534. if len(code) <= tool.TIME_LIMIT_CODE_LENGTH {
  535. return nil
  536. }
  537. // Use tail hex username to query user
  538. hexStr := code[tool.TIME_LIMIT_CODE_LENGTH:]
  539. if b, err := hex.DecodeString(hexStr); err == nil {
  540. if user, err = GetUserByName(string(b)); user != nil {
  541. return user
  542. } else if !IsErrUserNotExist(err) {
  543. log.Error("Failed to get user by name %q: %v", string(b), err)
  544. }
  545. }
  546. return nil
  547. }
  548. // verify active code when active account
  549. func VerifyUserActiveCode(code string) (user *User) {
  550. minutes := conf.Auth.ActivateCodeLives
  551. if user = parseUserFromCode(code); user != nil {
  552. // time limit code
  553. prefix := code[:tool.TIME_LIMIT_CODE_LENGTH]
  554. data := com.ToStr(user.ID) + user.Email + user.LowerName + user.Passwd + user.Rands
  555. if tool.VerifyTimeLimitCode(data, minutes, prefix) {
  556. return user
  557. }
  558. }
  559. return nil
  560. }
  561. // verify active code when active account
  562. func VerifyActiveEmailCode(code, email string) *EmailAddress {
  563. minutes := conf.Auth.ActivateCodeLives
  564. if user := parseUserFromCode(code); user != nil {
  565. // time limit code
  566. prefix := code[:tool.TIME_LIMIT_CODE_LENGTH]
  567. data := com.ToStr(user.ID) + email + user.LowerName + user.Passwd + user.Rands
  568. if tool.VerifyTimeLimitCode(data, minutes, prefix) {
  569. emailAddress := &EmailAddress{Email: email}
  570. if has, _ := x.Get(emailAddress); has {
  571. return emailAddress
  572. }
  573. }
  574. }
  575. return nil
  576. }
  577. // ChangeUserName changes all corresponding setting from old user name to new one.
  578. func ChangeUserName(u *User, newUserName string) (err error) {
  579. if err = isUsernameAllowed(newUserName); err != nil {
  580. return err
  581. }
  582. isExist, err := IsUserExist(0, newUserName)
  583. if err != nil {
  584. return err
  585. } else if isExist {
  586. return ErrUserAlreadyExist{args: errutil.Args{"name": newUserName}}
  587. }
  588. if err = ChangeUsernameInPullRequests(u.Name, newUserName); err != nil {
  589. return fmt.Errorf("ChangeUsernameInPullRequests: %v", err)
  590. }
  591. // Delete all local copies of repositories and wikis the user owns.
  592. if err = x.Where("owner_id=?", u.ID).Iterate(new(Repository), func(idx int, bean interface{}) error {
  593. repo := bean.(*Repository)
  594. deleteRepoLocalCopy(repo)
  595. // TODO: By the same reasoning, shouldn't we also sync access to the local wiki path?
  596. RemoveAllWithNotice("Delete repository wiki local copy", repo.LocalWikiPath())
  597. return nil
  598. }); err != nil {
  599. return fmt.Errorf("delete repository and wiki local copy: %v", err)
  600. }
  601. // Rename or create user base directory
  602. baseDir := UserPath(u.Name)
  603. newBaseDir := UserPath(newUserName)
  604. if com.IsExist(baseDir) {
  605. return os.Rename(baseDir, newBaseDir)
  606. }
  607. return os.MkdirAll(newBaseDir, os.ModePerm)
  608. }
  609. func updateUser(e Engine, u *User) error {
  610. // Organization does not need email
  611. if !u.IsOrganization() {
  612. u.Email = strings.ToLower(u.Email)
  613. has, err := e.Where("id!=?", u.ID).And("type=?", u.Type).And("email=?", u.Email).Get(new(User))
  614. if err != nil {
  615. return err
  616. } else if has {
  617. return ErrEmailAlreadyUsed{args: errutil.Args{"email": u.Email}}
  618. }
  619. if len(u.AvatarEmail) == 0 {
  620. u.AvatarEmail = u.Email
  621. }
  622. u.Avatar = tool.HashEmail(u.AvatarEmail)
  623. }
  624. u.LowerName = strings.ToLower(u.Name)
  625. u.Location = tool.TruncateString(u.Location, 255)
  626. u.Website = tool.TruncateString(u.Website, 255)
  627. u.Description = tool.TruncateString(u.Description, 255)
  628. _, err := e.ID(u.ID).AllCols().Update(u)
  629. return err
  630. }
  631. // UpdateUser updates user's information.
  632. func UpdateUser(u *User) error {
  633. return updateUser(x, u)
  634. }
  635. // deleteBeans deletes all given beans, beans should contain delete conditions.
  636. func deleteBeans(e Engine, beans ...interface{}) (err error) {
  637. for i := range beans {
  638. if _, err = e.Delete(beans[i]); err != nil {
  639. return err
  640. }
  641. }
  642. return nil
  643. }
  644. // FIXME: need some kind of mechanism to record failure. HINT: system notice
  645. func deleteUser(e *xorm.Session, u *User) error {
  646. // Note: A user owns any repository or belongs to any organization
  647. // cannot perform delete operation.
  648. // Check ownership of repository.
  649. count, err := getRepositoryCount(e, u)
  650. if err != nil {
  651. return fmt.Errorf("GetRepositoryCount: %v", err)
  652. } else if count > 0 {
  653. return ErrUserOwnRepos{UID: u.ID}
  654. }
  655. // Check membership of organization.
  656. count, err = u.getOrganizationCount(e)
  657. if err != nil {
  658. return fmt.Errorf("GetOrganizationCount: %v", err)
  659. } else if count > 0 {
  660. return ErrUserHasOrgs{UID: u.ID}
  661. }
  662. // ***** START: Watch *****
  663. watches := make([]*Watch, 0, 10)
  664. if err = e.Find(&watches, &Watch{UserID: u.ID}); err != nil {
  665. return fmt.Errorf("get all watches: %v", err)
  666. }
  667. for i := range watches {
  668. if _, err = e.Exec("UPDATE `repository` SET num_watches=num_watches-1 WHERE id=?", watches[i].RepoID); err != nil {
  669. return fmt.Errorf("decrease repository watch number[%d]: %v", watches[i].RepoID, err)
  670. }
  671. }
  672. // ***** END: Watch *****
  673. // ***** START: Star *****
  674. stars := make([]*Star, 0, 10)
  675. if err = e.Find(&stars, &Star{UID: u.ID}); err != nil {
  676. return fmt.Errorf("get all stars: %v", err)
  677. }
  678. for i := range stars {
  679. if _, err = e.Exec("UPDATE `repository` SET num_stars=num_stars-1 WHERE id=?", stars[i].RepoID); err != nil {
  680. return fmt.Errorf("decrease repository star number[%d]: %v", stars[i].RepoID, err)
  681. }
  682. }
  683. // ***** END: Star *****
  684. // ***** START: Follow *****
  685. followers := make([]*Follow, 0, 10)
  686. if err = e.Find(&followers, &Follow{UserID: u.ID}); err != nil {
  687. return fmt.Errorf("get all followers: %v", err)
  688. }
  689. for i := range followers {
  690. if _, err = e.Exec("UPDATE `user` SET num_followers=num_followers-1 WHERE id=?", followers[i].UserID); err != nil {
  691. return fmt.Errorf("decrease user follower number[%d]: %v", followers[i].UserID, err)
  692. }
  693. }
  694. // ***** END: Follow *****
  695. if err = deleteBeans(e,
  696. &AccessToken{UserID: u.ID},
  697. &Collaboration{UserID: u.ID},
  698. &Access{UserID: u.ID},
  699. &Watch{UserID: u.ID},
  700. &Star{UID: u.ID},
  701. &Follow{FollowID: u.ID},
  702. &Action{UserID: u.ID},
  703. &IssueUser{UID: u.ID},
  704. &EmailAddress{UID: u.ID},
  705. ); err != nil {
  706. return fmt.Errorf("deleteBeans: %v", err)
  707. }
  708. // ***** START: PublicKey *****
  709. keys := make([]*PublicKey, 0, 10)
  710. if err = e.Find(&keys, &PublicKey{OwnerID: u.ID}); err != nil {
  711. return fmt.Errorf("get all public keys: %v", err)
  712. }
  713. keyIDs := make([]int64, len(keys))
  714. for i := range keys {
  715. keyIDs[i] = keys[i].ID
  716. }
  717. if err = deletePublicKeys(e, keyIDs...); err != nil {
  718. return fmt.Errorf("deletePublicKeys: %v", err)
  719. }
  720. // ***** END: PublicKey *****
  721. // Clear assignee.
  722. if _, err = e.Exec("UPDATE `issue` SET assignee_id=0 WHERE assignee_id=?", u.ID); err != nil {
  723. return fmt.Errorf("clear assignee: %v", err)
  724. }
  725. if _, err = e.ID(u.ID).Delete(new(User)); err != nil {
  726. return fmt.Errorf("Delete: %v", err)
  727. }
  728. // FIXME: system notice
  729. // Note: There are something just cannot be roll back,
  730. // so just keep error logs of those operations.
  731. _ = os.RemoveAll(UserPath(u.Name))
  732. _ = os.Remove(u.CustomAvatarPath())
  733. return nil
  734. }
  735. // DeleteUser completely and permanently deletes everything of a user,
  736. // but issues/comments/pulls will be kept and shown as someone has been deleted.
  737. func DeleteUser(u *User) (err error) {
  738. sess := x.NewSession()
  739. defer sess.Close()
  740. if err = sess.Begin(); err != nil {
  741. return err
  742. }
  743. if err = deleteUser(sess, u); err != nil {
  744. // Note: don't wrapper error here.
  745. return err
  746. }
  747. if err = sess.Commit(); err != nil {
  748. return err
  749. }
  750. return RewriteAuthorizedKeys()
  751. }
  752. // DeleteInactivateUsers deletes all inactivate users and email addresses.
  753. func DeleteInactivateUsers() (err error) {
  754. users := make([]*User, 0, 10)
  755. if err = x.Where("is_active = ?", false).Find(&users); err != nil {
  756. return fmt.Errorf("get all inactive users: %v", err)
  757. }
  758. // FIXME: should only update authorized_keys file once after all deletions.
  759. for _, u := range users {
  760. if err = DeleteUser(u); err != nil {
  761. // Ignore users that were set inactive by admin.
  762. if IsErrUserOwnRepos(err) || IsErrUserHasOrgs(err) {
  763. continue
  764. }
  765. return err
  766. }
  767. }
  768. _, err = x.Where("is_activated = ?", false).Delete(new(EmailAddress))
  769. return err
  770. }
  771. // UserPath returns the path absolute path of user repositories.
  772. func UserPath(username string) string {
  773. return filepath.Join(conf.Repository.Root, strings.ToLower(username))
  774. }
  775. func GetUserByKeyID(keyID int64) (*User, error) {
  776. user := new(User)
  777. has, err := x.SQL("SELECT a.* FROM `user` AS a, public_key AS b WHERE a.id = b.owner_id AND b.id=?", keyID).Get(user)
  778. if err != nil {
  779. return nil, err
  780. } else if !has {
  781. return nil, errors.UserNotKeyOwner{KeyID: keyID}
  782. }
  783. return user, nil
  784. }
  785. func getUserByID(e Engine, id int64) (*User, error) {
  786. u := new(User)
  787. has, err := e.ID(id).Get(u)
  788. if err != nil {
  789. return nil, err
  790. } else if !has {
  791. return nil, ErrUserNotExist{args: map[string]interface{}{"userID": id}}
  792. }
  793. return u, nil
  794. }
  795. // GetUserByID returns the user object by given ID if exists.
  796. // Deprecated: Use Users.GetByID instead.
  797. func GetUserByID(id int64) (*User, error) {
  798. return getUserByID(x, id)
  799. }
  800. // GetAssigneeByID returns the user with write access of repository by given ID.
  801. func GetAssigneeByID(repo *Repository, userID int64) (*User, error) {
  802. has, err := HasAccess(userID, repo, AccessModeRead)
  803. if err != nil {
  804. return nil, err
  805. } else if !has {
  806. return nil, ErrUserNotExist{args: map[string]interface{}{"userID": userID}}
  807. }
  808. return GetUserByID(userID)
  809. }
  810. // GetUserByName returns a user by given name.
  811. // Deprecated: Use Users.GetByUsername instead.
  812. func GetUserByName(name string) (*User, error) {
  813. if len(name) == 0 {
  814. return nil, ErrUserNotExist{args: map[string]interface{}{"name": name}}
  815. }
  816. u := &User{LowerName: strings.ToLower(name)}
  817. has, err := x.Get(u)
  818. if err != nil {
  819. return nil, err
  820. } else if !has {
  821. return nil, ErrUserNotExist{args: map[string]interface{}{"name": name}}
  822. }
  823. return u, nil
  824. }
  825. // GetUserEmailsByNames returns a list of e-mails corresponds to names.
  826. func GetUserEmailsByNames(names []string) []string {
  827. mails := make([]string, 0, len(names))
  828. for _, name := range names {
  829. u, err := GetUserByName(name)
  830. if err != nil {
  831. continue
  832. }
  833. if u.IsMailable() {
  834. mails = append(mails, u.Email)
  835. }
  836. }
  837. return mails
  838. }
  839. // GetUserIDsByNames returns a slice of ids corresponds to names.
  840. func GetUserIDsByNames(names []string) []int64 {
  841. ids := make([]int64, 0, len(names))
  842. for _, name := range names {
  843. u, err := GetUserByName(name)
  844. if err != nil {
  845. continue
  846. }
  847. ids = append(ids, u.ID)
  848. }
  849. return ids
  850. }
  851. // UserCommit represents a commit with validation of user.
  852. type UserCommit struct {
  853. User *User
  854. *git.Commit
  855. }
  856. // ValidateCommitWithEmail chceck if author's e-mail of commit is corresponsind to a user.
  857. func ValidateCommitWithEmail(c *git.Commit) *User {
  858. u, err := GetUserByEmail(c.Author.Email)
  859. if err != nil {
  860. return nil
  861. }
  862. return u
  863. }
  864. // ValidateCommitsWithEmails checks if authors' e-mails of commits are corresponding to users.
  865. func ValidateCommitsWithEmails(oldCommits []*git.Commit) []*UserCommit {
  866. emails := make(map[string]*User)
  867. newCommits := make([]*UserCommit, len(oldCommits))
  868. for i := range oldCommits {
  869. var u *User
  870. if v, ok := emails[oldCommits[i].Author.Email]; !ok {
  871. u, _ = GetUserByEmail(oldCommits[i].Author.Email)
  872. emails[oldCommits[i].Author.Email] = u
  873. } else {
  874. u = v
  875. }
  876. newCommits[i] = &UserCommit{
  877. User: u,
  878. Commit: oldCommits[i],
  879. }
  880. }
  881. return newCommits
  882. }
  883. // GetUserByEmail returns the user object by given e-mail if exists.
  884. // Deprecated: Use Users.GetByEmail instead.
  885. func GetUserByEmail(email string) (*User, error) {
  886. if len(email) == 0 {
  887. return nil, ErrUserNotExist{args: map[string]interface{}{"email": email}}
  888. }
  889. email = strings.ToLower(email)
  890. // First try to find the user by primary email
  891. user := &User{Email: email}
  892. has, err := x.Get(user)
  893. if err != nil {
  894. return nil, err
  895. }
  896. if has {
  897. return user, nil
  898. }
  899. // Otherwise, check in alternative list for activated email addresses
  900. emailAddress := &EmailAddress{Email: email, IsActivated: true}
  901. has, err = x.Get(emailAddress)
  902. if err != nil {
  903. return nil, err
  904. }
  905. if has {
  906. return GetUserByID(emailAddress.UID)
  907. }
  908. return nil, ErrUserNotExist{args: map[string]interface{}{"email": email}}
  909. }
  910. type SearchUserOptions struct {
  911. Keyword string
  912. Type UserType
  913. OrderBy string
  914. Page int
  915. PageSize int // Can be smaller than or equal to setting.UI.ExplorePagingNum
  916. }
  917. // SearchUserByName takes keyword and part of user name to search,
  918. // it returns results in given range and number of total results.
  919. func SearchUserByName(opts *SearchUserOptions) (users []*User, _ int64, _ error) {
  920. if len(opts.Keyword) == 0 {
  921. return users, 0, nil
  922. }
  923. opts.Keyword = strings.ToLower(opts.Keyword)
  924. if opts.PageSize <= 0 || opts.PageSize > conf.UI.ExplorePagingNum {
  925. opts.PageSize = conf.UI.ExplorePagingNum
  926. }
  927. if opts.Page <= 0 {
  928. opts.Page = 1
  929. }
  930. searchQuery := "%" + opts.Keyword + "%"
  931. users = make([]*User, 0, opts.PageSize)
  932. // Append conditions
  933. sess := x.Where("LOWER(lower_name) LIKE ?", searchQuery).
  934. Or("LOWER(full_name) LIKE ?", searchQuery).
  935. And("type = ?", opts.Type)
  936. countSess := *sess
  937. count, err := countSess.Count(new(User))
  938. if err != nil {
  939. return nil, 0, fmt.Errorf("Count: %v", err)
  940. }
  941. if len(opts.OrderBy) > 0 {
  942. sess.OrderBy(opts.OrderBy)
  943. }
  944. return users, count, sess.Limit(opts.PageSize, (opts.Page-1)*opts.PageSize).Find(&users)
  945. }
  946. // ___________ .__ .__
  947. // \_ _____/___ | | | | ______ _ __
  948. // | __)/ _ \| | | | / _ \ \/ \/ /
  949. // | \( <_> ) |_| |_( <_> ) /
  950. // \___ / \____/|____/____/\____/ \/\_/
  951. // \/
  952. // Follow represents relations of user and his/her followers.
  953. type Follow struct {
  954. ID int64
  955. UserID int64 `xorm:"UNIQUE(follow)"`
  956. FollowID int64 `xorm:"UNIQUE(follow)"`
  957. }
  958. func IsFollowing(userID, followID int64) bool {
  959. has, _ := x.Get(&Follow{UserID: userID, FollowID: followID})
  960. return has
  961. }
  962. // FollowUser marks someone be another's follower.
  963. func FollowUser(userID, followID int64) (err error) {
  964. if userID == followID || IsFollowing(userID, followID) {
  965. return nil
  966. }
  967. sess := x.NewSession()
  968. defer sess.Close()
  969. if err = sess.Begin(); err != nil {
  970. return err
  971. }
  972. if _, err = sess.Insert(&Follow{UserID: userID, FollowID: followID}); err != nil {
  973. return err
  974. }
  975. if _, err = sess.Exec("UPDATE `user` SET num_followers = num_followers + 1 WHERE id = ?", followID); err != nil {
  976. return err
  977. }
  978. if _, err = sess.Exec("UPDATE `user` SET num_following = num_following + 1 WHERE id = ?", userID); err != nil {
  979. return err
  980. }
  981. return sess.Commit()
  982. }
  983. // UnfollowUser unmarks someone be another's follower.
  984. func UnfollowUser(userID, followID int64) (err error) {
  985. if userID == followID || !IsFollowing(userID, followID) {
  986. return nil
  987. }
  988. sess := x.NewSession()
  989. defer sess.Close()
  990. if err = sess.Begin(); err != nil {
  991. return err
  992. }
  993. if _, err = sess.Delete(&Follow{UserID: userID, FollowID: followID}); err != nil {
  994. return err
  995. }
  996. if _, err = sess.Exec("UPDATE `user` SET num_followers = num_followers - 1 WHERE id = ?", followID); err != nil {
  997. return err
  998. }
  999. if _, err = sess.Exec("UPDATE `user` SET num_following = num_following - 1 WHERE id = ?", userID); err != nil {
  1000. return err
  1001. }
  1002. return sess.Commit()
  1003. }