From eb803ec5eb3a7e66a107873ce6ee584b8c77b131 Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Fri, 4 Apr 2014 18:31:09 -0400
Subject: Add transfer repository

---
 models/user.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'models/user.go')

diff --git a/models/user.go b/models/user.go
index c5e46b48..2641a15f 100644
--- a/models/user.go
+++ b/models/user.go
@@ -105,11 +105,17 @@ type Member struct {
 // IsUserExist checks if given user name exist,
 // the user name should be noncased unique.
 func IsUserExist(name string) (bool, error) {
+	if len(name) == 0 {
+		return false, nil
+	}
 	return orm.Get(&User{LowerName: strings.ToLower(name)})
 }
 
 // IsEmailUsed returns true if the e-mail has been used.
 func IsEmailUsed(email string) (bool, error) {
+	if len(email) == 0 {
+		return false, nil
+	}
 	return orm.Get(&User{Email: email})
 }
 
-- 
cgit v1.2.3


From e41ab839c7dbbdffc60a4e02775f24add9d126d9 Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Fri, 4 Apr 2014 18:55:17 -0400
Subject: Use session for rolling back

---
 gogs.go          |  2 +-
 models/access.go | 11 +++++++++++
 models/repo.go   | 43 ++++++++++++++++++++++++++++++++++++-------
 models/user.go   | 18 +++++++++++++++---
 4 files changed, 63 insertions(+), 11 deletions(-)

(limited to 'models/user.go')

diff --git a/gogs.go b/gogs.go
index 034e131b..8d9159d6 100644
--- a/gogs.go
+++ b/gogs.go
@@ -19,7 +19,7 @@ import (
 // Test that go1.2 tag above is included in builds. main.go refers to this definition.
 const go12tag = true
 
-const APP_VER = "0.2.0.0403 Alpha"
+const APP_VER = "0.2.0.0404 Alpha"
 
 func init() {
 	base.AppVer = APP_VER
diff --git a/models/access.go b/models/access.go
index 83261575..2c090015 100644
--- a/models/access.go
+++ b/models/access.go
@@ -7,6 +7,8 @@ package models
 import (
 	"strings"
 	"time"
+
+	"github.com/lunny/xorm"
 )
 
 // Access types.
@@ -40,6 +42,15 @@ func UpdateAccess(access *Access) error {
 	return err
 }
 
+// UpdateAccess updates access information with session for rolling back.
+func UpdateAccessWithSession(sess *xorm.Session, access *Access) error {
+	if _, err := sess.Id(access.Id).Update(access); err != nil {
+		sess.Rollback()
+		return err
+	}
+	return nil
+}
+
 // HasAccess returns true if someone can read or write to given repository.
 func HasAccess(userName, repoName string, mode int) (bool, error) {
 	return orm.Get(&Access{
diff --git a/models/repo.go b/models/repo.go
index e8ebce92..acee6f6a 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -381,45 +381,62 @@ func TransferOwnership(user *User, newOwner string, repo *Repository) (err error
 	if err = orm.Find(&accesses, &Access{RepoName: user.LowerName + "/" + repo.LowerName}); err != nil {
 		return err
 	}
+
+	sess := orm.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
 	for i := range accesses {
 		accesses[i].RepoName = newUser.LowerName + "/" + repo.LowerName
 		if accesses[i].UserName == user.LowerName {
 			accesses[i].UserName = newUser.LowerName
 		}
-		if err = UpdateAccess(&accesses[i]); err != nil {
+		if err = UpdateAccessWithSession(sess, &accesses[i]); err != nil {
 			return err
 		}
 	}
 
 	// Update repository.
 	repo.OwnerId = newUser.Id
-	if _, err := orm.Id(repo.Id).Update(repo); err != nil {
+	if _, err := sess.Id(repo.Id).Update(repo); err != nil {
+		sess.Rollback()
 		return err
 	}
 
 	// Update user repository number.
 	rawSql := "UPDATE `user` SET num_repos = num_repos + 1 WHERE id = ?"
-	if _, err = orm.Exec(rawSql, newUser.Id); err != nil {
+	if _, err = sess.Exec(rawSql, newUser.Id); err != nil {
+		sess.Rollback()
 		return err
 	}
 	rawSql = "UPDATE `user` SET num_repos = num_repos - 1 WHERE id = ?"
-	if _, err = orm.Exec(rawSql, user.Id); err != nil {
+	if _, err = sess.Exec(rawSql, user.Id); err != nil {
+		sess.Rollback()
 		return err
 	}
 
 	// Add watch of new owner to repository.
 	if !IsWatching(newUser.Id, repo.Id) {
 		if err = WatchRepo(newUser.Id, repo.Id, true); err != nil {
+			sess.Rollback()
 			return err
 		}
 	}
 
 	if err = TransferRepoAction(user, newUser, repo); err != nil {
+		sess.Rollback()
 		return err
 	}
 
 	// Change repository directory name.
-	return os.Rename(RepoPath(user.Name, repo.Name), RepoPath(newUser.Name, repo.Name))
+	if err = os.Rename(RepoPath(user.Name, repo.Name), RepoPath(newUser.Name, repo.Name)); err != nil {
+		sess.Rollback()
+		return err
+	}
+
+	return sess.Commit()
 }
 
 // ChangeRepositoryName changes all corresponding setting from old repository name to new one.
@@ -429,15 +446,27 @@ func ChangeRepositoryName(userName, oldRepoName, newRepoName string) (err error)
 	if err = orm.Find(&accesses, &Access{RepoName: strings.ToLower(userName + "/" + oldRepoName)}); err != nil {
 		return err
 	}
+
+	sess := orm.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
 	for i := range accesses {
 		accesses[i].RepoName = userName + "/" + newRepoName
-		if err = UpdateAccess(&accesses[i]); err != nil {
+		if err = UpdateAccessWithSession(sess, &accesses[i]); err != nil {
 			return err
 		}
 	}
 
 	// Change repository directory name.
-	return os.Rename(RepoPath(userName, oldRepoName), RepoPath(userName, newRepoName))
+	if err = os.Rename(RepoPath(userName, oldRepoName), RepoPath(userName, newRepoName)); err != nil {
+		sess.Rollback()
+		return err
+	}
+
+	return sess.Commit()
 }
 
 func UpdateRepository(repo *Repository) error {
diff --git a/models/user.go b/models/user.go
index 2641a15f..1ec3b295 100644
--- a/models/user.go
+++ b/models/user.go
@@ -218,11 +218,18 @@ func ChangeUserName(user *User, newUserName string) (err error) {
 	if err = orm.Find(&accesses, &Access{UserName: user.LowerName}); err != nil {
 		return err
 	}
+
+	sess := orm.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
 	for i := range accesses {
 		accesses[i].UserName = newUserName
 		if strings.HasPrefix(accesses[i].RepoName, user.LowerName+"/") {
 			accesses[i].RepoName = strings.Replace(accesses[i].RepoName, user.LowerName, newUserName, 1)
-			if err = UpdateAccess(&accesses[i]); err != nil {
+			if err = UpdateAccessWithSession(sess, &accesses[i]); err != nil {
 				return err
 			}
 		}
@@ -241,14 +248,19 @@ func ChangeUserName(user *User, newUserName string) (err error) {
 
 		for j := range accesses {
 			accesses[j].RepoName = newUserName + "/" + repos[i].LowerName
-			if err = UpdateAccess(&accesses[j]); err != nil {
+			if err = UpdateAccessWithSession(sess, &accesses[j]); err != nil {
 				return err
 			}
 		}
 	}
 
 	// Change user directory name.
-	return os.Rename(UserPath(user.LowerName), UserPath(newUserName))
+	if err = os.Rename(UserPath(user.LowerName), UserPath(newUserName)); err != nil {
+		sess.Rollback()
+		return err
+	}
+
+	return sess.Commit()
 }
 
 // UpdateUser updates user's information.
-- 
cgit v1.2.3


From b7c3b0cc73ad8721e2eec59d018a91850ba7f750 Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Sat, 5 Apr 2014 12:32:34 -0400
Subject: Add reset password, fix #58

---
 models/user.go                          | 15 ++++++
 modules/base/template.go                |  4 ++
 modules/mailer/mail.go                  | 22 ++++++++-
 routers/user/user.go                    | 84 ++++++++++++++++++++++++++++++++-
 templates/mail/auth/reset_passwd.tmpl   | 33 +++++++++++++
 templates/mail/auth/reset_password.html | 25 ----------
 templates/user/forgot_passwd.tmpl       | 30 ++++++++++++
 templates/user/reset_passwd.tmpl        | 26 ++++++++++
 templates/user/signin.tmpl              |  2 +-
 web.go                                  |  2 +
 10 files changed, 214 insertions(+), 29 deletions(-)
 create mode 100644 templates/mail/auth/reset_passwd.tmpl
 delete mode 100644 templates/mail/auth/reset_password.html
 create mode 100644 templates/user/forgot_passwd.tmpl
 create mode 100644 templates/user/reset_passwd.tmpl

(limited to 'models/user.go')

diff --git a/models/user.go b/models/user.go
index 1ec3b295..2196eae8 100644
--- a/models/user.go
+++ b/models/user.go
@@ -367,6 +367,21 @@ func GetUserByName(name string) (*User, error) {
 	return user, nil
 }
 
+// GetUserByEmail returns the user object by given e-mail if exists.
+func GetUserByEmail(email string) (*User, error) {
+	if len(email) == 0 {
+		return nil, ErrUserNotExist
+	}
+	user := &User{Email: strings.ToLower(email)}
+	has, err := orm.Get(user)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrUserNotExist
+	}
+	return user, nil
+}
+
 // LoginUserPlain validates user by raw user name and password.
 func LoginUserPlain(name, passwd string) (*User, error) {
 	user := User{LowerName: strings.ToLower(name), Passwd: passwd}
diff --git a/modules/base/template.go b/modules/base/template.go
index dfcae931..56b77a5d 100644
--- a/modules/base/template.go
+++ b/modules/base/template.go
@@ -67,6 +67,10 @@ var TemplateFuncs template.FuncMap = map[string]interface{}{
 	"DateFormat": DateFormat,
 	"List":       List,
 	"Mail2Domain": func(mail string) string {
+		if !strings.Contains(mail, "@") {
+			return "try.gogits.org"
+		}
+
 		suffix := strings.SplitN(mail, "@", 2)[1]
 		domain, ok := mailDomains[suffix]
 		if !ok {
diff --git a/modules/mailer/mail.go b/modules/mailer/mail.go
index b99fc8fd..eee6b916 100644
--- a/modules/mailer/mail.go
+++ b/modules/mailer/mail.go
@@ -86,7 +86,27 @@ func SendActiveMail(r *middleware.Render, user *models.User) {
 	}
 
 	msg := NewMailMessage([]string{user.Email}, subject, body)
-	msg.Info = fmt.Sprintf("UID: %d, send email verify mail", user.Id)
+	msg.Info = fmt.Sprintf("UID: %d, send active mail", user.Id)
+
+	SendAsync(&msg)
+}
+
+// Send reset password email.
+func SendResetPasswdMail(r *middleware.Render, user *models.User) {
+	code := CreateUserActiveCode(user, nil)
+
+	subject := "Reset your password"
+
+	data := GetMailTmplData(user)
+	data["Code"] = code
+	body, err := r.HTMLString("mail/auth/reset_passwd", data)
+	if err != nil {
+		log.Error("mail.SendResetPasswdMail(fail to render): %v", err)
+		return
+	}
+
+	msg := NewMailMessage([]string{user.Email}, subject, body)
+	msg.Info = fmt.Sprintf("UID: %d, send reset password email", user.Id)
 
 	SendAsync(&msg)
 }
diff --git a/routers/user/user.go b/routers/user/user.go
index 08930e22..872ed0d6 100644
--- a/routers/user/user.go
+++ b/routers/user/user.go
@@ -403,9 +403,12 @@ func Activate(ctx *middleware.Context) {
 	if user := models.VerifyUserActiveCode(code); user != nil {
 		user.IsActive = true
 		user.Rands = models.GetUserSalt()
-		models.UpdateUser(user)
+		if err := models.UpdateUser(user); err != nil {
+			ctx.Handle(404, "user.Activate", err)
+			return
+		}
 
-		log.Trace("%s User activated: %s", ctx.Req.RequestURI, user.LowerName)
+		log.Trace("%s User activated: %s", ctx.Req.RequestURI, user.Name)
 
 		ctx.Session.Set("userId", user.Id)
 		ctx.Session.Set("userName", user.Name)
@@ -416,3 +419,80 @@ func Activate(ctx *middleware.Context) {
 	ctx.Data["IsActivateFailed"] = true
 	ctx.HTML(200, "user/active")
 }
+
+func ForgotPasswd(ctx *middleware.Context) {
+	ctx.Data["Title"] = "Forgot Password"
+
+	if base.MailService == nil {
+		ctx.Data["IsResetDisable"] = true
+		ctx.HTML(200, "user/forgot_passwd")
+		return
+	}
+
+	ctx.Data["IsResetRequest"] = true
+	if ctx.Req.Method == "GET" {
+		ctx.HTML(200, "user/forgot_passwd")
+		return
+	}
+
+	email := ctx.Query("email")
+	u, err := models.GetUserByEmail(email)
+	if err != nil {
+		if err == models.ErrUserNotExist {
+			ctx.RenderWithErr("This e-mail address does not associate to any account.", "user/forgot_passwd", nil)
+		} else {
+			ctx.Handle(404, "user.ResetPasswd(check existence)", err)
+		}
+		return
+	}
+
+	mailer.SendResetPasswdMail(ctx.Render, u)
+	ctx.Data["Email"] = email
+	ctx.Data["Hours"] = base.Service.ActiveCodeLives / 60
+	ctx.Data["IsResetSent"] = true
+	ctx.HTML(200, "user/forgot_passwd")
+}
+
+func ResetPasswd(ctx *middleware.Context) {
+	code := ctx.Query("code")
+	if len(code) == 0 {
+		ctx.Error(404)
+		return
+	}
+	ctx.Data["Code"] = code
+
+	if ctx.Req.Method == "GET" {
+		ctx.Data["IsResetForm"] = true
+		ctx.HTML(200, "user/reset_passwd")
+		return
+	}
+
+	if u := models.VerifyUserActiveCode(code); u != nil {
+		// Validate password length.
+		passwd := ctx.Query("passwd")
+		if len(passwd) < 6 || len(passwd) > 30 {
+			ctx.Data["IsResetForm"] = true
+			ctx.RenderWithErr("Password length should be in 6 and 30.", "user/reset_passwd", nil)
+			return
+		}
+
+		u.Passwd = passwd
+		if err := u.EncodePasswd(); err != nil {
+			ctx.Handle(404, "user.ResetPasswd(EncodePasswd)", err)
+			return
+		}
+
+		u.Rands = models.GetUserSalt()
+		if err := models.UpdateUser(u); err != nil {
+			ctx.Handle(404, "user.ResetPasswd(UpdateUser)", err)
+			return
+		}
+
+		log.Trace("%s User password reset: %s", ctx.Req.RequestURI, u.Name)
+		ctx.Redirect("/user/login")
+		return
+	}
+
+	ctx.Data["IsResetFailed"] = true
+	ctx.HTML(200, "user/reset_passwd")
+}
diff --git a/templates/mail/auth/reset_passwd.tmpl b/templates/mail/auth/reset_passwd.tmpl
new file mode 100644
index 00000000..11861f4e
--- /dev/null
+++ b/templates/mail/auth/reset_passwd.tmpl
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>{{.User.Name}}, please reset your password</title>
+</head>
+<body style="background:#eee;">
+<div style="color:#333; font:12px/1.5 Tahoma,Arial,sans-serif;; text-shadow:1px 1px #fff; padding:0; margin:0;">
+    <div style="width:600px;margin:0 auto; padding:40px 0 20px;">
+        <div style="border:1px solid #d9d9d9;border-radius:3px; background:#fff; box-shadow: 0px 2px 5px rgba(0, 0, 0,.05); -webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0,.05);">
+            <div style="padding: 20px 15px;">
+                <h1 style="font-size:20px; padding:10px 0 20px; margin:0; border-bottom:1px solid #ddd;"><img src="{{.AppUrl}}/{{.AppLogo}}" style="height: 32px; margin-bottom: -10px;"> <a style="color:#333;text-decoration:none;" target="_blank" href="{{.AppUrl}}">{{.AppName}}</a></h1>
+                <div style="padding:40px 15px;">
+                    <div style="font-size:16px; padding-bottom:30px; font-weight:bold;">
+                        Hi <span style="color: #00BFFF;">{{.User.Name}}</span>,
+                    </div>
+                    <div style="font-size:14px; padding:0 15px;">
+						<p style="margin:0;padding:0 0 9px 0;">Please click following link to reset your password within <b>{{.ActiveCodeLives}} hours</b>.</p>
+						<p style="margin:0;padding:0 0 9px 0;">
+							<a href="{{.AppUrl}}user/reset_password?code={{.Code}}">{{.AppUrl}}user/reset_password?code={{.Code}}</a>
+						</p>
+						<p style="margin:0;padding:0 0 9px 0;">Copy and paste it to your browser if the link is not working.</p>
+                    </div>
+                </div>
+            </div>
+        </div>
+        <div style="color:#aaa;padding:10px;text-align:center;">
+            © 2014 <a style="color:#888;text-decoration:none;" target="_blank" href="http://gogits.org">Gogs: Go Git Service</a>
+        </div>
+    </div>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/templates/mail/auth/reset_password.html b/templates/mail/auth/reset_password.html
deleted file mode 100644
index 40a9efa8..00000000
--- a/templates/mail/auth/reset_password.html
+++ /dev/null
@@ -1,25 +0,0 @@
-{{template "mail/base.html" .}}
-{{define "title"}}
-	{{if eq .Lang "zh-CN"}}
-		 {{.User.NickName}}，重置账户密码
-	{{end}}
-	{{if eq .Lang "en-US"}}
-		{{.User.NickName}}, reset your password
-	{{end}}
-{{end}}
-{{define "body"}}
-	{{if eq .Lang "zh-CN"}}
-		<p style="margin:0;padding:0 0 9px 0;">点击链接重置密码，{{.ResetPwdCodeLives}} 分钟内有效</p>
-		<p style="margin:0;padding:0 0 9px 0;">
-			<a href="{{.AppUrl}}reset/{{.Code}}">{{.AppUrl}}reset/{{.Code}}</a>
-		</p>
-		<p style="margin:0;padding:0 0 9px 0;">如果链接点击无反应，请复制到浏览器打开。</p>
-	{{end}}
-	{{if eq .Lang "en-US"}}
-		<p style="margin:0;padding:0 0 9px 0;">Please click following link to reset your password in {{.ResetPwdCodeLives}} hours</p>
-		<p style="margin:0;padding:0 0 9px 0;">
-			<a href="{{.AppUrl}}reset/{{.Code}}">{{.AppUrl}}reset/{{.Code}}</a>
-		</p>
-		<p style="margin:0;padding:0 0 9px 0;">Copy and paste it to your browser if it's not working.</p>
-	{{end}}
-{{end}}
\ No newline at end of file
diff --git a/templates/user/forgot_passwd.tmpl b/templates/user/forgot_passwd.tmpl
new file mode 100644
index 00000000..ff25406f
--- /dev/null
+++ b/templates/user/forgot_passwd.tmpl
@@ -0,0 +1,30 @@
+{{template "base/head" .}}
+{{template "base/navbar" .}}
+<div id="body" class="container">
+    <form action="/user/forget_password" method="post" class="form-horizontal card" id="login-card">
+        {{.CsrfTokenHtml}}
+        <h3>Reset Your Password</h3>
+        <div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
+        {{if .IsResetSent}}
+        <p>A confirmation e-mail has been sent to <b>{{.Email}}</b>, please check your inbox within {{.Hours}} hours.</p>
+        <hr/>
+        <a href="http://{{Mail2Domain .Email}}" class="btn btn-lg btn-success">Sign in to your e-mail</a>
+        {{else if .IsResetRequest}}
+        <div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
+            <label class="col-md-3 control-label">Email: </label>
+            <div class="col-md-7">
+                <input name="email" class="form-control" placeholder="Type your e-mail address" required="required">
+            </div>
+        </div>
+        <hr/>
+        <div class="form-group">
+            <div class="col-md-offset-4 col-md-6">
+                <button type="submit" class="btn btn-lg btn-primary">Click here to send reset confirmation e-mail</button>
+            </div>
+        </div>
+        {{else if .IsResetDisable}}
+        <p>Sorry, mail service is not enabled.</p>
+        {{end}}
+    </form>
+</div>
+{{template "base/footer" .}}
\ No newline at end of file
diff --git a/templates/user/reset_passwd.tmpl b/templates/user/reset_passwd.tmpl
new file mode 100644
index 00000000..9190c7c1
--- /dev/null
+++ b/templates/user/reset_passwd.tmpl
@@ -0,0 +1,26 @@
+{{template "base/head" .}}
+{{template "base/navbar" .}}
+<div id="body" class="container">
+    <form action="/user/reset_password?code={{.Code}}" method="post" class="form-horizontal card" id="login-card">
+        {{.CsrfTokenHtml}}
+        <h3>Reset Your Pasword</h3>
+        <div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
+        {{if .IsResetForm}}
+        <div class="form-group">
+            <label class="col-md-4 control-label">Password: </label>
+            <div class="col-md-6">
+                <input name="passwd" type="password" class="form-control" placeholder="Type your password" required="required">
+            </div>
+        </div>
+        <hr/>
+        <div class="form-group">
+            <div class="col-md-offset-4 col-md-6">
+                <button type="submit" class="btn btn-lg btn-primary">Click here to reset your password</button>
+            </div>
+        </div>
+        {{else}}
+        <p>Sorry, your confirmation code has been exipired or not valid.</p>
+        {{end}}
+    </form>
+</div>
+{{template "base/footer" .}}
\ No newline at end of file
diff --git a/templates/user/signin.tmpl b/templates/user/signin.tmpl
index b6c39af1..43f47e41 100644
--- a/templates/user/signin.tmpl
+++ b/templates/user/signin.tmpl
@@ -33,7 +33,7 @@
         <div class="form-group">
             <div class="col-md-offset-4 col-md-6">
                 <button type="submit" class="btn btn-lg btn-primary">Log In</button>
-                <a href="/forget-password/">Forgot your password?</a>
+                <a href="/user/forget_password/">Forgot your password?</a>
             </div>
         </div>
 
diff --git a/web.go b/web.go
index 0594d8e6..b5e4af3e 100644
--- a/web.go
+++ b/web.go
@@ -92,6 +92,8 @@ func runWeb(*cli.Context) {
 		// r.Any("/login/github", user.SocialSignIn)
 		r.Any("/login", binding.BindIgnErr(auth.LogInForm{}), user.SignIn)
 		r.Any("/sign_up", binding.BindIgnErr(auth.RegisterForm{}), user.SignUp)
+		r.Any("/forget_password", user.ForgotPasswd)
+		r.Any("/reset_password", user.ResetPasswd)
 	}, reqSignOut)
 	m.Group("/user", func(r martini.Router) {
 		r.Any("/logout", user.SignOut)
-- 
cgit v1.2.3