USEFULL
/
gogs
mirror of https://github.com/gogs/gogs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge 9b7ae833a2 into 4acaaac85a

pull/7851/merge
Sino 2025-03-20 05:07:40 +08:00 committed by GitHub
parent 4acaaac85a 9b7ae833a2
commit a3c504577e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
18 changed files with 161 additions and 159 deletions

4
internal/context/context.go
View File

@ -160,13 +160,13 @@ func (c *Context) RedirectSubpath(location string, status ...int) {
}
// RenderWithErr used for page has form validation but need to prompt error to users.
func (c *Context) RenderWithErr(msg, tpl string, f any) {
func (c *Context) RenderWithErr(msg string, status int, tpl string, f any) {
if f != nil {
form.Assign(f, c.Data)
}
c.Flash.ErrorMsg = msg
c.Data["Flash"] = c.Flash
c.HTML(http.StatusOK, tpl)
c.HTML(status, tpl)
}
// NotFound renders the 404 page.

6
internal/route/admin/auths.go
View File

@ -155,7 +155,7 @@ func NewAuthSourcePost(c *context.Context, f form.Authentication) {
c.Data["HasTLS"] = hasTLS
if c.HasError() {
c.Success(AUTH_NEW)
c.HTML(http.StatusBadRequest, AUTH_NEW)
return
}
@ -171,7 +171,7 @@ func NewAuthSourcePost(c *context.Context, f form.Authentication) {
if err != nil {
if database.IsErrLoginSourceAlreadyExist(err) {
c.FormErr("Name")
c.RenderWithErr(c.Tr("admin.auths.login_source_exist", f.Name), AUTH_NEW, f)
c.RenderWithErr(c.Tr("admin.auths.login_source_exist", f.Name), http.StatusUnprocessableEntity, AUTH_NEW, f)
} else {
c.Error(err, "create login source")
}
@ -227,7 +227,7 @@ func EditAuthSourcePost(c *context.Context, f form.Authentication) {
c.Data["HasTLS"] = source.Provider.HasTLS()
if c.HasError() {
c.Success(AUTH_EDIT)
c.HTML(http.StatusBadRequest, AUTH_EDIT)
return
}

13
internal/route/admin/users.go
View File

@ -5,6 +5,7 @@
package admin
import (
"net/http"
"strconv"
"strings"
@ -72,7 +73,7 @@ func NewUserPost(c *context.Context, f form.AdminCrateUser) {
c.Data["CanSendEmail"] = conf.Email.Enabled
if c.HasError() {
c.Success(USER_NEW)
c.HTML(http.StatusBadRequest, USER_NEW)
return
}
@ -93,13 +94,13 @@ func NewUserPost(c *context.Context, f form.AdminCrateUser) {
switch {
case database.IsErrUserAlreadyExist(err):
c.Data["Err_UserName"] = true
c.RenderWithErr(c.Tr("form.username_been_taken"), USER_NEW, &f)
c.RenderWithErr(c.Tr("form.username_been_taken"), http.StatusUnprocessableEntity, USER_NEW, &f)
case database.IsErrEmailAlreadyUsed(err):
c.Data["Err_Email"] = true
c.RenderWithErr(c.Tr("form.email_been_used"), USER_NEW, &f)
c.RenderWithErr(c.Tr("form.email_been_used"), http.StatusUnprocessableEntity, USER_NEW, &f)
case database.IsErrNameNotAllowed(err):
c.Data["Err_UserName"] = true
c.RenderWithErr(c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), USER_NEW, &f)
c.RenderWithErr(c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, USER_NEW, &f)
default:
c.Error(err, "create user")
}
@ -170,7 +171,7 @@ func EditUserPost(c *context.Context, f form.AdminEditUser) {
}
if c.HasError() {
c.Success(USER_EDIT)
c.HTML(http.StatusBadRequest, USER_EDIT)
return
}
@ -207,7 +208,7 @@ func EditUserPost(c *context.Context, f form.AdminEditUser) {
if err != nil {
if database.IsErrEmailAlreadyUsed(err) {
c.Data["Err_Email"] = true
c.RenderWithErr(c.Tr("form.email_been_used"), USER_EDIT, &f)
c.RenderWithErr(c.Tr("form.email_been_used"), http.StatusUnprocessableEntity, USER_EDIT, &f)
} else {
c.Error(err, "update user")
}

36
internal/route/install.go
View File

@ -5,6 +5,7 @@
package route
import (
"net/http"
"net/mail"
"os"
"os/exec"
@ -198,13 +199,12 @@ func InstallPost(c *context.Context, f form.Install) {
c.HasValue("Err_AdminEmail") {
c.FormErr("Admin")
}
c.Success(INSTALL)
c.HTML(http.StatusBadRequest, INSTALL)
return
}
if _, err := exec.LookPath("git"); err != nil {
c.RenderWithErr(c.Tr("install.test_git_failed", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.test_git_failed", err), http.StatusInternalServerError, INSTALL, &f)
return
}
@ -226,7 +226,7 @@ func InstallPost(c *context.Context, f form.Install) {
if conf.Database.Type == "sqlite3" && conf.Database.Path == "" {
c.FormErr("DbPath")
c.RenderWithErr(c.Tr("install.err_empty_db_path"), INSTALL, &f)
c.RenderWithErr(c.Tr("install.err_empty_db_path"), http.StatusBadRequest, INSTALL, &f)
return
}
@ -234,10 +234,10 @@ func InstallPost(c *context.Context, f form.Install) {
if err := database.NewTestEngine(); err != nil {
if strings.Contains(err.Error(), `Unknown database type: sqlite3`) {
c.FormErr("DbType")
c.RenderWithErr(c.Tr("install.sqlite3_not_available", "https://gogs.io/docs/installation/install_from_binary.html"), INSTALL, &f)
c.RenderWithErr(c.Tr("install.sqlite3_not_available", "https://gogs.io/docs/installation/install_from_binary.html"), http.StatusInternalServerError, INSTALL, &f)
} else {
c.FormErr("DbSetting")
c.RenderWithErr(c.Tr("install.invalid_db_setting", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.invalid_db_setting", err), http.StatusBadRequest, INSTALL, &f)
}
return
}
@ -246,7 +246,7 @@ func InstallPost(c *context.Context, f form.Install) {
f.RepoRootPath = strings.ReplaceAll(f.RepoRootPath, "\\", "/")
if err := os.MkdirAll(f.RepoRootPath, os.ModePerm); err != nil {
c.FormErr("RepoRootPath")
c.RenderWithErr(c.Tr("install.invalid_repo_path", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.invalid_repo_path", err), http.StatusBadRequest, INSTALL, &f)
return
}
@ -254,21 +254,21 @@ func InstallPost(c *context.Context, f form.Install) {
f.LogRootPath = strings.ReplaceAll(f.LogRootPath, "\\", "/")
if err := os.MkdirAll(f.LogRootPath, os.ModePerm); err != nil {
c.FormErr("LogRootPath")
c.RenderWithErr(c.Tr("install.invalid_log_root_path", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.invalid_log_root_path", err), http.StatusBadRequest, INSTALL, &f)
return
}
currentUser, match := conf.CheckRunUser(f.RunUser)
if !match {
c.FormErr("RunUser")
c.RenderWithErr(c.Tr("install.run_user_not_match", f.RunUser, currentUser), INSTALL, &f)
c.RenderWithErr(c.Tr("install.run_user_not_match", f.RunUser, currentUser), http.StatusForbidden, INSTALL, &f)
return
}
// Check host address and port
if len(f.SMTPHost) > 0 && !strings.Contains(f.SMTPHost, ":") {
c.FormErr("SMTP", "SMTPHost")
c.RenderWithErr(c.Tr("install.smtp_host_missing_port"), INSTALL, &f)
c.RenderWithErr(c.Tr("install.smtp_host_missing_port"), http.StatusBadRequest, INSTALL, &f)
return
}
@ -277,7 +277,7 @@ func InstallPost(c *context.Context, f form.Install) {
_, err := mail.ParseAddress(f.SMTPFrom)
if err != nil {
c.FormErr("SMTP", "SMTPFrom")
c.RenderWithErr(c.Tr("install.invalid_smtp_from", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.invalid_smtp_from", err), http.StatusBadRequest, INSTALL, &f)
return
}
}
@ -285,19 +285,19 @@ func InstallPost(c *context.Context, f form.Install) {
// Check logic loophole between disable self-registration and no admin account.
if f.DisableRegistration && f.AdminName == "" {
c.FormErr("Services", "Admin")
c.RenderWithErr(c.Tr("install.no_admin_and_disable_registration"), INSTALL, f)
c.RenderWithErr(c.Tr("install.no_admin_and_disable_registration"), http.StatusUnprocessableEntity, INSTALL, f)
return
}
// Check admin password.
if len(f.AdminName) > 0 && f.AdminPasswd == "" {
c.FormErr("Admin", "AdminPasswd")
c.RenderWithErr(c.Tr("install.err_empty_admin_password"), INSTALL, f)
c.RenderWithErr(c.Tr("install.err_empty_admin_password"), http.StatusBadRequest, INSTALL, f)
return
}
if f.AdminPasswd != f.AdminConfirmPasswd {
c.FormErr("Admin", "AdminPasswd")
c.RenderWithErr(c.Tr("form.password_not_match"), INSTALL, f)
c.RenderWithErr(c.Tr("form.password_not_match"), http.StatusBadRequest, INSTALL, f)
return
}
@ -371,21 +371,21 @@ func InstallPost(c *context.Context, f form.Install) {
cfg.Section("security").Key("INSTALL_LOCK").SetValue("true")
secretKey, err := strutil.RandomChars(15)
if err != nil {
c.RenderWithErr(c.Tr("install.secret_key_failed", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.secret_key_failed", err), http.StatusInternalServerError, INSTALL, &f)
return
}
cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey)
_ = os.MkdirAll(filepath.Dir(conf.CustomConf), os.ModePerm)
if err := cfg.SaveTo(conf.CustomConf); err != nil {
c.RenderWithErr(c.Tr("install.save_config_failed", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.save_config_failed", err), http.StatusInternalServerError, INSTALL, &f)
return
}
// NOTE: We reuse the current value because this handler does not have access to CLI flags.
err = GlobalInit(conf.CustomConf)
if err != nil {
c.RenderWithErr(c.Tr("install.init_failed", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.init_failed", err), http.StatusInternalServerError, INSTALL, &f)
return
}
@ -405,7 +405,7 @@ func InstallPost(c *context.Context, f form.Install) {
if !database.IsErrUserAlreadyExist(err) {
conf.Security.InstallLock = false
c.FormErr("AdminName", "AdminEmail")
c.RenderWithErr(c.Tr("install.invalid_admin_setting", err), INSTALL, &f)
c.RenderWithErr(c.Tr("install.invalid_admin_setting", err), http.StatusBadRequest, INSTALL, &f)
return
}

8
internal/route/org/org.go
View File

@ -5,6 +5,8 @@
package org
import (
"net/http"
log "unknwon.dev/clog/v2"
"gogs.io/gogs/internal/context"
@ -25,7 +27,7 @@ func CreatePost(c *context.Context, f form.CreateOrg) {
c.Title("new_org")
if c.HasError() {
c.Success(CREATE)
c.HTML(http.StatusBadRequest, CREATE)
return
}
@ -39,9 +41,9 @@ func CreatePost(c *context.Context, f form.CreateOrg) {
c.Data["Err_OrgName"] = true
switch {
case database.IsErrUserAlreadyExist(err):
c.RenderWithErr(c.Tr("form.org_name_been_taken"), CREATE, &f)
c.RenderWithErr(c.Tr("form.org_name_been_taken"), http.StatusUnprocessableEntity, CREATE, &f)
case database.IsErrNameNotAllowed(err):
c.RenderWithErr(c.Tr("org.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), CREATE, &f)
c.RenderWithErr(c.Tr("org.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, CREATE, &f)
default:
c.Error(err, "create organization")
}

14
internal/route/org/setting.go
View File

@ -5,6 +5,8 @@
package org
import (
"net/http"
log "unknwon.dev/clog/v2"
"gogs.io/gogs/internal/auth"
@ -31,7 +33,7 @@ func SettingsPost(c *context.Context, f form.UpdateOrgSetting) {
c.Data["PageIsSettingsOptions"] = true
if c.HasError() {
c.Success(SETTINGS_OPTIONS)
c.HTML(http.StatusBadRequest, SETTINGS_OPTIONS)
return
}
@ -42,18 +44,14 @@ func SettingsPost(c *context.Context, f form.UpdateOrgSetting) {
err := database.Handle.Users().ChangeUsername(c.Req.Context(), c.Org.Organization.ID, f.Name)
if err != nil {
c.Data["OrgName"] = true
var msg string
switch {
case database.IsErrUserAlreadyExist(err):
msg = c.Tr("form.username_been_taken")
c.RenderWithErr(c.Tr("form.username_been_taken"), http.StatusUnprocessableEntity, SETTINGS_OPTIONS, &f)
case database.IsErrNameNotAllowed(err):
msg = c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value())
c.RenderWithErr(c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, SETTINGS_OPTIONS, &f)
default:
c.Error(err, "change organization name")
return
}
c.RenderWithErr(msg, SETTINGS_OPTIONS, &f)
return
}
@ -108,7 +106,7 @@ func SettingsDelete(c *context.Context) {
if c.Req.Method == "POST" {
if _, err := database.Handle.Users().Authenticate(c.Req.Context(), c.User.Name, c.Query("password"), c.User.LoginSource); err != nil {
if auth.IsErrBadCredentials(err) {
c.RenderWithErr(c.Tr("form.enterred_invalid_password"), SETTINGS_DELETE, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_password"), http.StatusUnauthorized, SETTINGS_DELETE, nil)
} else {
c.Error(err, "authenticate user")
}

10
internal/route/org/teams.go
View File

@ -163,7 +163,7 @@ func NewTeamPost(c *context.Context, f form.CreateTeam) {
c.Data["Team"] = t
if c.HasError() {
c.Success(TEAM_NEW)
c.HTML(http.StatusBadRequest, TEAM_NEW)
return
}
@ -171,9 +171,9 @@ func NewTeamPost(c *context.Context, f form.CreateTeam) {
c.Data["Err_TeamName"] = true
switch {
case database.IsErrTeamAlreadyExist(err):
c.RenderWithErr(c.Tr("form.team_name_been_taken"), TEAM_NEW, &f)
c.RenderWithErr(c.Tr("form.team_name_been_taken"), http.StatusUnprocessableEntity, TEAM_NEW, &f)
case database.IsErrNameNotAllowed(err):
c.RenderWithErr(c.Tr("org.form.team_name_not_allowed", err.(database.ErrNameNotAllowed).Value()), TEAM_NEW, &f)
c.RenderWithErr(c.Tr("org.form.team_name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, TEAM_NEW, &f)
default:
c.Error(err, "new team")
}
@ -218,7 +218,7 @@ func EditTeamPost(c *context.Context, f form.CreateTeam) {
c.Data["Team"] = t
if c.HasError() {
c.Success(TEAM_NEW)
c.HTML(http.StatusBadRequest, TEAM_NEW)
return
}
@ -249,7 +249,7 @@ func EditTeamPost(c *context.Context, f form.CreateTeam) {
c.Data["Err_TeamName"] = true
switch {
case database.IsErrTeamAlreadyExist(err):
c.RenderWithErr(c.Tr("form.team_name_been_taken"), TEAM_NEW, &f)
c.RenderWithErr(c.Tr("form.team_name_been_taken"), http.StatusUnprocessableEntity, TEAM_NEW, &f)
default:
c.Error(err, "update team")
}

34
internal/route/repo/editor.go
View File

@ -155,20 +155,20 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
c.Data["PreviewableFileModes"] = strings.Join(conf.Repository.Editor.PreviewableFileModes, ",")
if c.HasError() {
c.Success(tmplEditorEdit)
c.HTML(http.StatusBadRequest, tmplEditorEdit)
return
}
if f.TreePath == "" {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.filename_cannot_be_empty"), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.filename_cannot_be_empty"), http.StatusBadRequest, tmplEditorEdit, &f)
return
}
if oldBranchName != branchName {
if _, err := c.Repo.Repository.GetBranch(branchName); err == nil {
c.FormErr("NewBranchName")
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), http.StatusUnprocessableEntity, tmplEditorEdit, &f)
return
}
}
@ -189,18 +189,18 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
if index != len(treeNames)-1 {
if !entry.IsTree() {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.directory_is_a_file", part), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.directory_is_a_file", part), http.StatusUnprocessableEntity, tmplEditorEdit, &f)
return
}
} else {
// 🚨 SECURITY: Do not allow editing if the target file is a symlink.
if entry.IsSymlink() {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.file_is_a_symlink", part), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.file_is_a_symlink", part), http.StatusUnprocessableEntity, tmplEditorEdit, &f)
return
} else if entry.IsTree() {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.filename_is_a_directory", part), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.filename_is_a_directory", part), http.StatusUnprocessableEntity, tmplEditorEdit, &f)
return
}
}
@ -211,7 +211,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
if err != nil {
if gitutil.IsErrRevisionNotExist(err) {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.file_editing_no_longer_exists", oldTreePath), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.file_editing_no_longer_exists", oldTreePath), http.StatusNotFound, tmplEditorEdit, &f)
} else {
c.Error(err, "get tree entry")
}
@ -234,7 +234,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
for _, file := range files {
if file == f.TreePath {
c.RenderWithErr(c.Tr("repo.editor.file_changed_while_editing", c.Repo.RepoLink+"/compare/"+lastCommit+"..."+c.Repo.CommitID), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.file_changed_while_editing", c.Repo.RepoLink+"/compare/"+lastCommit+"..."+c.Repo.CommitID), http.StatusConflict, tmplEditorEdit, &f)
return
}
}
@ -252,7 +252,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
}
if entry != nil {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.file_already_exists", f.TreePath), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.file_already_exists", f.TreePath), http.StatusUnprocessableEntity, tmplEditorEdit, &f)
return
}
}
@ -282,7 +282,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
}); err != nil {
log.Error("Failed to update repo file: %v", err)
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.fail_to_update_file", f.TreePath, errors.InternalServerError), tmplEditorEdit, &f)
c.RenderWithErr(c.Tr("repo.editor.fail_to_update_file", f.TreePath, errors.InternalServerError), http.StatusInternalServerError, tmplEditorEdit, &f)
return
}
@ -360,14 +360,14 @@ func DeleteFilePost(c *context.Context, f form.DeleteRepoFile) {
c.Data["new_branch_name"] = branchName
if c.HasError() {
c.Success(tmplEditorDelete)
c.HTML(http.StatusBadRequest, tmplEditorDelete)
return
}
if oldBranchName != branchName {
if _, err := c.Repo.Repository.GetBranch(branchName); err == nil {
c.FormErr("NewBranchName")
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), tmplEditorDelete, &f)
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), http.StatusUnprocessableEntity, tmplEditorDelete, &f)
return
}
}
@ -390,7 +390,7 @@ func DeleteFilePost(c *context.Context, f form.DeleteRepoFile) {
Message: message,
}); err != nil {
log.Error("Failed to delete repo file: %v", err)
c.RenderWithErr(c.Tr("repo.editor.fail_to_delete_file", c.Repo.TreePath, errors.InternalServerError), tmplEditorDelete, &f)
c.RenderWithErr(c.Tr("repo.editor.fail_to_delete_file", c.Repo.TreePath, errors.InternalServerError), http.StatusInternalServerError, tmplEditorDelete, &f)
return
}
@ -458,14 +458,14 @@ func UploadFilePost(c *context.Context, f form.UploadRepoFile) {
c.Data["new_branch_name"] = branchName
if c.HasError() {
c.Success(tmplEditorUpload)
c.HTML(http.StatusBadRequest, tmplEditorUpload)
return
}
if oldBranchName != branchName {
if _, err := c.Repo.Repository.GetBranch(branchName); err == nil {
c.FormErr("NewBranchName")
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), tmplEditorUpload, &f)
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), http.StatusUnprocessableEntity, tmplEditorUpload, &f)
return
}
}
@ -487,7 +487,7 @@ func UploadFilePost(c *context.Context, f form.UploadRepoFile) {
// User can only upload files to a directory.
if !entry.IsTree() {
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.directory_is_a_file", part), tmplEditorUpload, &f)
c.RenderWithErr(c.Tr("repo.editor.directory_is_a_file", part), http.StatusUnprocessableEntity, tmplEditorUpload, &f)
return
}
}
@ -512,7 +512,7 @@ func UploadFilePost(c *context.Context, f form.UploadRepoFile) {
}); err != nil {
log.Error("Failed to upload files: %v", err)
c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.unable_to_upload_files", f.TreePath, errors.InternalServerError), tmplEditorUpload, &f)
c.RenderWithErr(c.Tr("repo.editor.unable_to_upload_files", f.TreePath, errors.InternalServerError), http.StatusInternalServerError, tmplEditorUpload, &f)
return
}

10
internal/route/repo/issue.go
View File

@ -415,7 +415,7 @@ func NewIssuePost(c *context.Context, f form.NewIssue) {
}
if c.HasError() {
c.Success(ISSUE_NEW)
c.HTML(http.StatusBadRequest, ISSUE_NEW)
return
}
@ -1132,7 +1132,7 @@ func NewMilestonePost(c *context.Context, f form.CreateMilestone) {
c.Data["DateLang"] = conf.I18n.DateLang(c.Locale.Language())
if c.HasError() {
c.Success(MILESTONE_NEW)
c.HTML(http.StatusBadRequest, MILESTONE_NEW)
return
}
@ -1142,7 +1142,7 @@ func NewMilestonePost(c *context.Context, f form.CreateMilestone) {
deadline, err := time.ParseInLocation("2006-01-02", f.Deadline, time.Local)
if err != nil {
c.Data["Err_Deadline"] = true
c.RenderWithErr(c.Tr("repo.milestones.invalid_due_date_format"), MILESTONE_NEW, &f)
c.RenderWithErr(c.Tr("repo.milestones.invalid_due_date_format"), http.StatusBadRequest, MILESTONE_NEW, &f)
return
}
@ -1188,7 +1188,7 @@ func EditMilestonePost(c *context.Context, f form.CreateMilestone) {
c.Data["DateLang"] = conf.I18n.DateLang(c.Locale.Language())
if c.HasError() {
c.Success(MILESTONE_NEW)
c.HTML(http.StatusBadRequest, MILESTONE_NEW)
return
}
@ -1198,7 +1198,7 @@ func EditMilestonePost(c *context.Context, f form.CreateMilestone) {
deadline, err := time.ParseInLocation("2006-01-02", f.Deadline, time.Local)
if err != nil {
c.Data["Err_Deadline"] = true
c.RenderWithErr(c.Tr("repo.milestones.invalid_due_date_format"), MILESTONE_NEW, &f)
c.RenderWithErr(c.Tr("repo.milestones.invalid_due_date_format"), http.StatusBadRequest, MILESTONE_NEW, &f)
return
}

12
internal/route/repo/pull.go
View File

@ -112,7 +112,7 @@ func ForkPost(c *context.Context, f form.CreateRepo) {
c.Data["ContextUser"] = ctxUser
if c.HasError() {
c.Success(FORK)
c.HTML(http.StatusBadRequest, FORK)
return
}
@ -133,7 +133,7 @@ func ForkPost(c *context.Context, f form.CreateRepo) {
// Cannot fork to same owner
if ctxUser.ID == baseRepo.OwnerID {
c.RenderWithErr(c.Tr("repo.settings.cannot_fork_to_same_owner"), FORK, &f)
c.RenderWithErr(c.Tr("repo.settings.cannot_fork_to_same_owner"), http.StatusUnprocessableEntity, FORK, &f)
return
}
@ -142,11 +142,11 @@ func ForkPost(c *context.Context, f form.CreateRepo) {
c.Data["Err_RepoName"] = true
switch {
case database.IsErrReachLimitOfRepo(err):
c.RenderWithErr(c.Tr("repo.form.reach_limit_of_creation", err.(database.ErrReachLimitOfRepo).Limit), FORK, &f)
c.RenderWithErr(c.Tr("repo.form.reach_limit_of_creation", err.(database.ErrReachLimitOfRepo).Limit), http.StatusForbidden, FORK, &f)
case database.IsErrRepoAlreadyExist(err):
c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), FORK, &f)
c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), http.StatusUnprocessableEntity, FORK, &f)
case database.IsErrNameNotAllowed(err):
c.RenderWithErr(c.Tr("repo.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), FORK, &f)
c.RenderWithErr(c.Tr("repo.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, FORK, &f)
default:
c.Error(err, "fork repository")
}
@ -713,7 +713,7 @@ func CompareAndPullRequestPost(c *context.Context, f form.NewIssue) {
return
}
c.Success(COMPARE_PULL)
c.HTML(http.StatusBadRequest, COMPARE_PULL)
return
}

11
internal/route/repo/release.go
View File

@ -6,6 +6,7 @@ package repo
import (
"fmt"
"net/http"
"strings"
"github.com/gogs/git-module"
@ -173,12 +174,12 @@ func NewReleasePost(c *context.Context, f form.NewRelease) {
renderReleaseAttachmentSettings(c)
if c.HasError() {
c.Success(RELEASE_NEW)
c.HTML(http.StatusBadRequest, RELEASE_NEW)
return
}
if !c.Repo.GitRepo.HasBranch(f.Target) {
c.RenderWithErr(c.Tr("form.target_branch_not_exist"), RELEASE_NEW, &f)
c.RenderWithErr(c.Tr("form.target_branch_not_exist"), http.StatusUnprocessableEntity, RELEASE_NEW, &f)
return
}
@ -226,9 +227,9 @@ func NewReleasePost(c *context.Context, f form.NewRelease) {
c.Data["Err_TagName"] = true
switch {
case database.IsErrReleaseAlreadyExist(err):
c.RenderWithErr(c.Tr("repo.release.tag_name_already_exist"), RELEASE_NEW, &f)
c.RenderWithErr(c.Tr("repo.release.tag_name_already_exist"), http.StatusUnprocessableEntity, RELEASE_NEW, &f)
case database.IsErrInvalidTagName(err):
c.RenderWithErr(c.Tr("repo.release.tag_name_invalid"), RELEASE_NEW, &f)
c.RenderWithErr(c.Tr("repo.release.tag_name_invalid"), http.StatusBadRequest, RELEASE_NEW, &f)
default:
c.Error(err, "new release")
}
@ -284,7 +285,7 @@ func EditReleasePost(c *context.Context, f form.EditRelease) {
c.Data["IsDraft"] = rel.IsDraft
if c.HasError() {
c.Success(RELEASE_NEW)
c.HTML(http.StatusBadRequest, RELEASE_NEW)
return
}

22
internal/route/repo/repo.go
View File

@ -89,13 +89,13 @@ func Create(c *context.Context) {
func handleCreateError(c *context.Context, err error, name, tpl string, form any) {
switch {
case database.IsErrReachLimitOfRepo(err):
c.RenderWithErr(c.Tr("repo.form.reach_limit_of_creation", err.(database.ErrReachLimitOfRepo).Limit), tpl, form)
c.RenderWithErr(c.Tr("repo.form.reach_limit_of_creation", err.(database.ErrReachLimitOfRepo).Limit), http.StatusForbidden, tpl, form)
case database.IsErrRepoAlreadyExist(err):
c.Data["Err_RepoName"] = true
c.RenderWithErr(c.Tr("form.repo_name_been_taken"), tpl, form)
c.RenderWithErr(c.Tr("form.repo_name_been_taken"), http.StatusUnprocessableEntity, tpl, form)
case database.IsErrNameNotAllowed(err):
c.Data["Err_RepoName"] = true
c.RenderWithErr(c.Tr("repo.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), tpl, form)
c.RenderWithErr(c.Tr("repo.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, tpl, form)
default:
c.Error(err, name)
}
@ -115,7 +115,7 @@ func CreatePost(c *context.Context, f form.CreateRepo) {
c.Data["ContextUser"] = ctxUser
if c.HasError() {
c.Success(CREATE)
c.HTML(http.StatusBadRequest, CREATE)
return
}
@ -169,7 +169,7 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
c.Data["ContextUser"] = ctxUser
if c.HasError() {
c.Success(MIGRATE)
c.HTML(http.StatusBadRequest, MIGRATE)
return
}
@ -180,13 +180,13 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
addrErr := err.(database.ErrInvalidCloneAddr)
switch {
case addrErr.IsURLError:
c.RenderWithErr(c.Tr("repo.migrate.clone_address")+c.Tr("form.url_error"), MIGRATE, &f)
c.RenderWithErr(c.Tr("repo.migrate.clone_address")+c.Tr("form.url_error"), http.StatusBadRequest, MIGRATE, &f)
case addrErr.IsPermissionDenied:
c.RenderWithErr(c.Tr("repo.migrate.permission_denied"), MIGRATE, &f)
c.RenderWithErr(c.Tr("repo.migrate.permission_denied"), http.StatusForbidden, MIGRATE, &f)
case addrErr.IsInvalidPath:
c.RenderWithErr(c.Tr("repo.migrate.invalid_local_path"), MIGRATE, &f)
c.RenderWithErr(c.Tr("repo.migrate.invalid_local_path"), http.StatusBadRequest, MIGRATE, &f)
case addrErr.IsBlockedLocalAddress:
c.RenderWithErr(c.Tr("repo.migrate.clone_address_resolved_to_blocked_local_address"), MIGRATE, &f)
c.RenderWithErr(c.Tr("repo.migrate.clone_address_resolved_to_blocked_local_address"), http.StatusForbidden, MIGRATE, &f)
default:
c.Error(err, "unexpected error")
}
@ -219,11 +219,11 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
if strings.Contains(err.Error(), "Authentication failed") ||
strings.Contains(err.Error(), "could not read Username") {
c.Data["Err_Auth"] = true
c.RenderWithErr(c.Tr("form.auth_failed", database.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f)
c.RenderWithErr(c.Tr("form.auth_failed", database.HandleMirrorCredentials(err.Error(), true)), http.StatusUnauthorized, MIGRATE, &f)
return
} else if strings.Contains(err.Error(), "fatal:") {
c.Data["Err_CloneAddr"] = true
c.RenderWithErr(c.Tr("repo.migrate.failed", database.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f)
c.RenderWithErr(c.Tr("repo.migrate.failed", database.HandleMirrorCredentials(err.Error(), true)), http.StatusInternalServerError, MIGRATE, &f)
return
}

27
internal/route/repo/setting.go
View File

@ -7,6 +7,7 @@ package repo
import (
"fmt"
"io"
"net/http"
"strings"
"time"
@ -53,7 +54,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
switch c.Query("action") {
case "update":
if c.HasError() {
c.Success(SETTINGS_OPTIONS)
c.HTML(http.StatusBadRequest, SETTINGS_OPTIONS)
return
}
@ -67,9 +68,9 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
c.FormErr("RepoName")
switch {
case database.IsErrRepoAlreadyExist(err):
c.RenderWithErr(c.Tr("form.repo_name_been_taken"), SETTINGS_OPTIONS, &f)
c.RenderWithErr(c.Tr("form.repo_name_been_taken"), http.StatusUnprocessableEntity, SETTINGS_OPTIONS, &f)
case database.IsErrNameNotAllowed(err):
c.RenderWithErr(c.Tr("repo.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), SETTINGS_OPTIONS, &f)
c.RenderWithErr(c.Tr("repo.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, SETTINGS_OPTIONS, &f)
default:
c.Error(err, "change repository name")
}
@ -179,7 +180,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
return
}
if repo.Name != f.RepoName {
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), http.StatusBadRequest, SETTINGS_OPTIONS, nil)
return
}
@ -213,7 +214,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
return
}
if repo.Name != f.RepoName {
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), http.StatusBadRequest, SETTINGS_OPTIONS, nil)
return
}
@ -226,13 +227,13 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
newOwner := c.Query("new_owner_name")
if !database.Handle.Users().IsUsernameUsed(c.Req.Context(), newOwner, c.Repo.Owner.ID) {
c.RenderWithErr(c.Tr("form.enterred_invalid_owner_name"), SETTINGS_OPTIONS, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_owner_name"), http.StatusBadRequest, SETTINGS_OPTIONS, nil)
return
}
if err := database.TransferOwnership(c.User, newOwner, repo); err != nil {
if database.IsErrRepoAlreadyExist(err) {
c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), SETTINGS_OPTIONS, nil)
c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), http.StatusUnprocessableEntity, SETTINGS_OPTIONS, nil)
} else {
c.Error(err, "transfer ownership")
}
@ -248,7 +249,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
return
}
if repo.Name != f.RepoName {
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), http.StatusBadRequest, SETTINGS_OPTIONS, nil)
return
}
@ -274,7 +275,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
return
}
if repo.Name != f.RepoName {
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), http.StatusBadRequest, SETTINGS_OPTIONS, nil)
return
}
@ -440,7 +441,7 @@ func SettingsBranches(c *context.Context) {
if c.Repo.Repository.IsBare {
c.Flash.Info(c.Tr("repo.settings.branches_bare"), true)
c.Success(SETTINGS_BRANCHES)
c.HTML(http.StatusUnprocessableEntity, SETTINGS_BRANCHES)
return
}
@ -637,7 +638,7 @@ func SettingsDeployKeysPost(c *context.Context, f form.AddSSHKey) {
c.Data["Deploykeys"] = keys
if c.HasError() {
c.Success(SETTINGS_DEPLOY_KEYS)
c.HTML(http.StatusBadRequest, SETTINGS_DEPLOY_KEYS)
return
}
@ -660,10 +661,10 @@ func SettingsDeployKeysPost(c *context.Context, f form.AddSSHKey) {
switch {
case database.IsErrKeyAlreadyExist(err):
c.Data["Err_Content"] = true
c.RenderWithErr(c.Tr("repo.settings.key_been_used"), SETTINGS_DEPLOY_KEYS, &f)
c.RenderWithErr(c.Tr("repo.settings.key_been_used"), http.StatusUnprocessableEntity, SETTINGS_DEPLOY_KEYS, &f)
case database.IsErrKeyNameAlreadyUsed(err):
c.Data["Err_Title"] = true
c.RenderWithErr(c.Tr("repo.settings.key_name_used"), SETTINGS_DEPLOY_KEYS, &f)
c.RenderWithErr(c.Tr("repo.settings.key_name_used"), http.StatusUnprocessableEntity, SETTINGS_DEPLOY_KEYS, &f)
default:
c.Error(err, "add deploy key")
}

24
internal/route/repo/webhook.go
View File

@ -120,32 +120,32 @@ func WebhooksNew(c *context.Context, orCtx *orgRepoContext) {
c.Success(orCtx.TmplNew)
}
func validateWebhook(l macaron.Locale, w *database.Webhook) (field, msg string, ok bool) {
func validateWebhook(l macaron.Locale, w *database.Webhook) (field, msg string, status int) {
// 🚨 SECURITY: Local addresses must not be allowed by non-admins to prevent SSRF,
// see https://github.com/gogs/gogs/issues/5366 for details.
payloadURL, err := url.Parse(w.URL)
if err != nil {
return "PayloadURL", l.Tr("repo.settings.webhook.err_cannot_parse_payload_url", err), false
return "PayloadURL", l.Tr("repo.settings.webhook.err_cannot_parse_payload_url", err), http.StatusBadRequest
}
if netutil.IsBlockedLocalHostname(payloadURL.Hostname(), conf.Security.LocalNetworkAllowlist) {
return "PayloadURL", l.Tr("repo.settings.webhook.url_resolved_to_blocked_local_address"), false
return "PayloadURL", l.Tr("repo.settings.webhook.url_resolved_to_blocked_local_address"), http.StatusForbidden
}
return "", "", true
return "", "", http.StatusOK
}
func validateAndCreateWebhook(c *context.Context, orCtx *orgRepoContext, w *database.Webhook) {
c.Data["Webhook"] = w
if c.HasError() {
c.Success(orCtx.TmplNew)
c.HTML(http.StatusBadRequest, orCtx.TmplNew)
return
}
field, msg, ok := validateWebhook(c.Locale, w)
if !ok {
field, msg, status := validateWebhook(c.Locale, w)
if status != http.StatusOK {
c.FormErr(field)
c.RenderWithErr(msg, orCtx.TmplNew, nil)
c.RenderWithErr(msg, status, orCtx.TmplNew, nil)
return
}
@ -342,14 +342,14 @@ func validateAndUpdateWebhook(c *context.Context, orCtx *orgRepoContext, w *data
c.Data["Webhook"] = w
if c.HasError() {
c.Success(orCtx.TmplNew)
c.HTML(http.StatusBadRequest, orCtx.TmplNew)
return
}
field, msg, ok := validateWebhook(c.Locale, w)
if !ok {
field, msg, status := validateWebhook(c.Locale, w)
if status != http.StatusOK {
c.FormErr(field)
c.RenderWithErr(msg, orCtx.TmplNew, nil)
c.RenderWithErr(msg, status, orCtx.TmplNew, nil)
return
}

33
internal/route/repo/webhook_test.go
View File

@ -5,6 +5,7 @@
package repo
import (
"net/http"
"testing"
"github.com/stretchr/testify/assert"
@ -22,31 +23,31 @@ func Test_validateWebhook(t *testing.T) {
}
tests := []struct {
name string
actor *database.User
webhook *database.Webhook
expField string
expMsg string
expOK bool
name string
actor *database.User
webhook *database.Webhook
expField string
expMsg string
expStatus int
}{
{
name: "admin bypass local address check",
webhook: &database.Webhook{URL: "https://www.google.com"},
expOK: true,
name: "admin bypass local address check",
webhook: &database.Webhook{URL: "https://www.google.com"},
expStatus: http.StatusOK,
},
{
name: "local address not allowed",
webhook: &database.Webhook{URL: "http://localhost:3306"},
expField: "PayloadURL",
expMsg: "repo.settings.webhook.url_resolved_to_blocked_local_address",
expOK: false,
name: "local address not allowed",
webhook: &database.Webhook{URL: "http://localhost:3306"},
expField: "PayloadURL",
expMsg: "repo.settings.webhook.url_resolved_to_blocked_local_address",
expStatus: http.StatusForbidden,
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
field, msg, ok := validateWebhook(l, test.webhook)
assert.Equal(t, test.expOK, ok)
field, msg, status := validateWebhook(l, test.webhook)
assert.Equal(t, test.expStatus, status)
assert.Equal(t, test.expMsg, msg)
assert.Equal(t, test.expField, field)
})

7
internal/route/repo/wiki.go
View File

@ -5,6 +5,7 @@
package repo
import (
"net/http"
"strings"
"time"
@ -198,14 +199,14 @@ func NewWikiPost(c *context.Context, f form.NewWiki) {
c.Data["RequireSimpleMDE"] = true
if c.HasError() {
c.Success(WIKI_NEW)
c.HTML(http.StatusBadRequest, WIKI_NEW)
return
}
if err := c.Repo.Repository.AddWikiPage(c.User, f.Title, f.Content, f.Message); err != nil {
if database.IsErrWikiAlreadyExist(err) {
c.Data["Err_Title"] = true
c.RenderWithErr(c.Tr("repo.wiki.page_already_exists"), WIKI_NEW, &f)
c.RenderWithErr(c.Tr("repo.wiki.page_already_exists"), http.StatusUnprocessableEntity, WIKI_NEW, &f)
} else {
c.Error(err, "add wiki page")
}
@ -239,7 +240,7 @@ func EditWikiPost(c *context.Context, f form.NewWiki) {
c.Data["RequireSimpleMDE"] = true
if c.HasError() {
c.Success(WIKI_NEW)
c.HTML(http.StatusBadRequest, WIKI_NEW)
return
}

22
internal/route/user/auth.go
View File

@ -161,7 +161,7 @@ func LoginPost(c *context.Context, f form.SignIn) {
c.Data["LoginSources"] = loginSources
if c.HasError() {
c.Success(LOGIN)
c.HTML(http.StatusBadRequest, LOGIN)
return
}
@ -170,10 +170,10 @@ func LoginPost(c *context.Context, f form.SignIn) {
switch {
case auth.IsErrBadCredentials(err):
c.FormErr("UserName", "Password")
c.RenderWithErr(c.Tr("form.username_password_incorrect"), LOGIN, &f)
c.RenderWithErr(c.Tr("form.username_password_incorrect"), http.StatusUnauthorized, LOGIN, &f)
case database.IsErrLoginSourceMismatch(err):
c.FormErr("LoginSource")
c.RenderWithErr(c.Tr("form.auth_source_mismatch"), LOGIN, &f)
c.RenderWithErr(c.Tr("form.auth_source_mismatch"), http.StatusUnprocessableEntity, LOGIN, &f)
default:
c.Error(err, "authenticate user")
@ -319,19 +319,19 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
}
if c.HasError() {
c.Success(SIGNUP)
c.HTML(http.StatusBadRequest, SIGNUP)
return
}
if conf.Auth.EnableRegistrationCaptcha && !cpt.VerifyReq(c.Req) {
c.FormErr("Captcha")
c.RenderWithErr(c.Tr("form.captcha_incorrect"), SIGNUP, &f)
c.RenderWithErr(c.Tr("form.captcha_incorrect"), http.StatusUnauthorized, SIGNUP, &f)
return
}
if f.Password != f.Retype {
c.FormErr("Password")
c.RenderWithErr(c.Tr("form.password_not_match"), SIGNUP, &f)
c.RenderWithErr(c.Tr("form.password_not_match"), http.StatusBadRequest, SIGNUP, &f)
return
}
@ -348,13 +348,13 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
switch {
case database.IsErrUserAlreadyExist(err):
c.FormErr("UserName")
c.RenderWithErr(c.Tr("form.username_been_taken"), SIGNUP, &f)
c.RenderWithErr(c.Tr("form.username_been_taken"), http.StatusUnprocessableEntity, SIGNUP, &f)
case database.IsErrEmailAlreadyUsed(err):
c.FormErr("Email")
c.RenderWithErr(c.Tr("form.email_been_used"), SIGNUP, &f)
c.RenderWithErr(c.Tr("form.email_been_used"), http.StatusUnprocessableEntity, SIGNUP, &f)
case database.IsErrNameNotAllowed(err):
c.FormErr("UserName")
c.RenderWithErr(c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), SIGNUP, &f)
c.RenderWithErr(c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, SIGNUP, &f)
default:
c.Error(err, "create user")
}
@ -568,7 +568,7 @@ func ForgotPasswdPost(c *context.Context) {
if !u.IsLocal() {
c.FormErr("Email")
c.RenderWithErr(c.Tr("auth.non_local_account"), FORGOT_PASSWORD, nil)
c.RenderWithErr(c.Tr("auth.non_local_account"), http.StatusForbidden, FORGOT_PASSWORD, nil)
return
}
@ -617,7 +617,7 @@ func ResetPasswdPost(c *context.Context) {
if len(password) < 6 {
c.Data["IsResetForm"] = true
c.Data["Err_Password"] = true
c.RenderWithErr(c.Tr("auth.password_too_short"), RESET_PASSWORD, nil)
c.RenderWithErr(c.Tr("auth.password_too_short"), http.StatusBadRequest, RESET_PASSWORD, nil)
return
}

27
internal/route/user/setting.go
View File

@ -12,6 +12,7 @@ import (
"html/template"
"image/png"
"io"
"net/http"
"github.com/pkg/errors"
"github.com/pquerna/otp"
@ -76,7 +77,7 @@ func SettingsPost(c *context.Context, f form.UpdateProfile) {
c.Data["origin_name"] = c.User.Name
if c.HasError() {
c.Success(SETTINGS_PROFILE)
c.HTML(http.StatusBadRequest, SETTINGS_PROFILE)
return
}
@ -87,18 +88,14 @@ func SettingsPost(c *context.Context, f form.UpdateProfile) {
err := database.Handle.Users().ChangeUsername(c.Req.Context(), c.User.ID, f.Name)
if err != nil {
c.FormErr("Name")
var msg string
switch {
case database.IsErrUserAlreadyExist(errors.Cause(err)):
msg = c.Tr("form.username_been_taken")
c.RenderWithErr(c.Tr("form.username_been_taken"), http.StatusUnprocessableEntity, SETTINGS_PROFILE, &f)
case database.IsErrNameNotAllowed(errors.Cause(err)):
msg = c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value())
c.RenderWithErr(c.Tr("user.form.name_not_allowed", err.(database.ErrNameNotAllowed).Value()), http.StatusBadRequest, SETTINGS_PROFILE, &f)
default:
c.Error(err, "change user name")
return
}
c.RenderWithErr(msg, SETTINGS_PROFILE, &f)
return
}
@ -207,7 +204,7 @@ func SettingsPasswordPost(c *context.Context, f form.ChangePassword) {
c.PageIs("SettingsPassword")
if c.HasError() {
c.Success(SETTINGS_PASSWORD)
c.HTML(http.StatusBadRequest, SETTINGS_PASSWORD)
return
}
@ -271,14 +268,14 @@ func SettingsEmailPost(c *context.Context, f form.AddEmail) {
c.Data["Emails"] = emails
if c.HasError() {
c.Success(SETTINGS_EMAILS)
c.HTML(http.StatusBadRequest, SETTINGS_EMAILS)
return
}
err = database.Handle.Users().AddEmail(c.Req.Context(), c.User.ID, f.Email, !conf.Auth.RequireEmailConfirmation)
if err != nil {
if database.IsErrEmailAlreadyUsed(err) {
c.RenderWithErr(c.Tr("form.email_been_used"), SETTINGS_EMAILS, &f)
c.RenderWithErr(c.Tr("form.email_been_used"), http.StatusUnprocessableEntity, SETTINGS_EMAILS, &f)
} else {
c.Errorf(err, "add email address")
}
@ -348,7 +345,7 @@ func SettingsSSHKeysPost(c *context.Context, f form.AddSSHKey) {
c.Data["Keys"] = keys
if c.HasError() {
c.Success(SETTINGS_SSH_KEYS)
c.HTML(http.StatusBadRequest, SETTINGS_SSH_KEYS)
return
}
@ -368,10 +365,10 @@ func SettingsSSHKeysPost(c *context.Context, f form.AddSSHKey) {
switch {
case database.IsErrKeyAlreadyExist(err):
c.FormErr("Content")
c.RenderWithErr(c.Tr("settings.ssh_key_been_used"), SETTINGS_SSH_KEYS, &f)
c.RenderWithErr(c.Tr("settings.ssh_key_been_used"), http.StatusUnprocessableEntity, SETTINGS_SSH_KEYS, &f)
case database.IsErrKeyNameAlreadyUsed(err):
c.FormErr("Title")
c.RenderWithErr(c.Tr("settings.ssh_key_name_used"), SETTINGS_SSH_KEYS, &f)
c.RenderWithErr(c.Tr("settings.ssh_key_name_used"), http.StatusUnprocessableEntity, SETTINGS_SSH_KEYS, &f)
default:
c.Errorf(err, "add public key")
}
@ -623,7 +620,7 @@ func (h *SettingsHandler) ApplicationsPost() macaron.Handler {
}
c.Data["Tokens"] = tokens
c.Success(SETTINGS_APPLICATIONS)
c.HTML(http.StatusBadRequest, SETTINGS_APPLICATIONS)
return
}
@ -665,7 +662,7 @@ func SettingsDelete(c *context.Context) {
if c.Req.Method == "POST" {
if _, err := database.Handle.Users().Authenticate(c.Req.Context(), c.User.Name, c.Query("password"), c.User.LoginSource); err != nil {
if auth.IsErrBadCredentials(err) {
c.RenderWithErr(c.Tr("form.enterred_invalid_password"), SETTINGS_DELETE, nil)
c.RenderWithErr(c.Tr("form.enterred_invalid_password"), http.StatusUnauthorized, SETTINGS_DELETE, nil)
} else {
c.Errorf(err, "authenticate user")
}