mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-30 20:00:37 +00:00
f8b471ace1
Fixes #28660 Fixes an admin api bug related to `user.LoginSource` Fixed `/user/emails` response not identical to GitHub api This PR unifies the user update methods. The goal is to keep the logic only at one place (having audit logs in mind). For example, do the password checks only in one method not everywhere a password is updated. After that PR is merged, the user creation should be next.
52 lines
1 KiB
Go
52 lines
1 KiB
Go
// Copyright 2020 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package password
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
|
|
"code.gitea.io/gitea/modules/auth/password/pwn"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
)
|
|
|
|
var ErrIsPwned = errors.New("password has been pwned")
|
|
|
|
type ErrIsPwnedRequest struct {
|
|
err error
|
|
}
|
|
|
|
func IsErrIsPwnedRequest(err error) bool {
|
|
_, ok := err.(ErrIsPwnedRequest)
|
|
return ok
|
|
}
|
|
|
|
func (err ErrIsPwnedRequest) Error() string {
|
|
return fmt.Sprintf("using Have-I-Been-Pwned service failed: %v", err.err)
|
|
}
|
|
|
|
func (err ErrIsPwnedRequest) Unwrap() error {
|
|
return err.err
|
|
}
|
|
|
|
// IsPwned checks whether a password has been pwned
|
|
// If a password has not been pwned, no error is returned.
|
|
func IsPwned(ctx context.Context, password string) error {
|
|
if !setting.PasswordCheckPwn {
|
|
return nil
|
|
}
|
|
|
|
client := pwn.New(pwn.WithContext(ctx))
|
|
count, err := client.CheckPassword(password, true)
|
|
if err != nil {
|
|
return ErrIsPwnedRequest{err}
|
|
}
|
|
|
|
if count > 0 {
|
|
return ErrIsPwned
|
|
}
|
|
|
|
return nil
|
|
}
|