// Copyright 2015 The Gogs Authors. All rights reserved. // Copyright 2019 The Gitea Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. package admin import ( "errors" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/context" "code.gitea.io/gitea/modules/convert" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/password" api "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/routers/api/v1/user" "code.gitea.io/gitea/services/mailer" ) func parseLoginSource(ctx *context.APIContext, u *models.User, sourceID int64, loginName string) { if sourceID == 0 { return } source, err := models.GetLoginSourceByID(sourceID) if err != nil { if models.IsErrLoginSourceNotExist(err) { ctx.Error(422, "", err) } else { ctx.Error(500, "GetLoginSourceByID", err) } return } u.LoginType = source.Type u.LoginSource = source.ID u.LoginName = loginName } // CreateUser create a user func CreateUser(ctx *context.APIContext, form api.CreateUserOption) { // swagger:operation POST /admin/users admin adminCreateUser // --- // summary: Create a user // consumes: // - application/json // produces: // - application/json // parameters: // - name: body // in: body // schema: // "$ref": "#/definitions/CreateUserOption" // responses: // "201": // "$ref": "#/responses/User" // "403": // "$ref": "#/responses/forbidden" // "422": // "$ref": "#/responses/validationError" u := &models.User{ Name: form.Username, FullName: form.FullName, Email: form.Email, Passwd: form.Password, MustChangePassword: true, IsActive: true, LoginType: models.LoginPlain, } if form.MustChangePassword != nil { u.MustChangePassword = *form.MustChangePassword } parseLoginSource(ctx, u, form.SourceID, form.LoginName) if ctx.Written() { return } if !password.IsComplexEnough(form.Password) { err := errors.New("PasswordComplexity") ctx.Error(400, "PasswordComplexity", err) return } if err := models.CreateUser(u); err != nil { if models.IsErrUserAlreadyExist(err) || models.IsErrEmailAlreadyUsed(err) || models.IsErrNameReserved(err) || models.IsErrNamePatternNotAllowed(err) { ctx.Error(422, "", err) } else { ctx.Error(500, "CreateUser", err) } return } log.Trace("Account created by admin (%s): %s", ctx.User.Name, u.Name) // Send email notification. if form.SendNotify { mailer.SendRegisterNotifyMail(ctx.Locale, u) } ctx.JSON(201, convert.ToUser(u, ctx.IsSigned, ctx.User.IsAdmin)) } // EditUser api for modifying a user's information func EditUser(ctx *context.APIContext, form api.EditUserOption) { // swagger:operation PATCH /admin/users/{username} admin adminEditUser // --- // summary: Edit an existing user // consumes: // - application/json // produces: // - application/json // parameters: // - name: username // in: path // description: username of user to edit // type: string // required: true // - name: body // in: body // schema: // "$ref": "#/definitions/EditUserOption" // responses: // "200": // "$ref": "#/responses/User" // "403": // "$ref": "#/responses/forbidden" // "422": // "$ref": "#/responses/validationError" u := user.GetUserByParams(ctx) if ctx.Written() { return } parseLoginSource(ctx, u, form.SourceID, form.LoginName) if ctx.Written() { return } if len(form.Password) > 0 { if !password.IsComplexEnough(form.Password) { err := errors.New("PasswordComplexity") ctx.Error(400, "PasswordComplexity", err) return } var err error if u.Salt, err = models.GetUserSalt(); err != nil { ctx.Error(500, "UpdateUser", err) return } u.HashPassword(form.Password) } if form.MustChangePassword != nil { u.MustChangePassword = *form.MustChangePassword } u.LoginName = form.LoginName u.FullName = form.FullName u.Email = form.Email u.Website = form.Website u.Location = form.Location if form.Active != nil { u.IsActive = *form.Active } if form.Admin != nil { u.IsAdmin = *form.Admin } if form.AllowGitHook != nil { u.AllowGitHook = *form.AllowGitHook } if form.AllowImportLocal != nil { u.AllowImportLocal = *form.AllowImportLocal } if form.MaxRepoCreation != nil { u.MaxRepoCreation = *form.MaxRepoCreation } if form.AllowCreateOrganization != nil { u.AllowCreateOrganization = *form.AllowCreateOrganization } if form.ProhibitLogin != nil { u.ProhibitLogin = *form.ProhibitLogin } if err := models.UpdateUser(u); err != nil { if models.IsErrEmailAlreadyUsed(err) { ctx.Error(422, "", err) } else { ctx.Error(500, "UpdateUser", err) } return } log.Trace("Account profile updated by admin (%s): %s", ctx.User.Name, u.Name) ctx.JSON(200, convert.ToUser(u, ctx.IsSigned, ctx.User.IsAdmin)) } // DeleteUser api for deleting a user func DeleteUser(ctx *context.APIContext) { // swagger:operation DELETE /admin/users/{username} admin adminDeleteUser // --- // summary: Delete a user // produces: // - application/json // parameters: // - name: username // in: path // description: username of user to delete // type: string // required: true // responses: // "204": // "$ref": "#/responses/empty" // "403": // "$ref": "#/responses/forbidden" // "422": // "$ref": "#/responses/validationError" u := user.GetUserByParams(ctx) if ctx.Written() { return } if err := models.DeleteUser(u); err != nil { if models.IsErrUserOwnRepos(err) || models.IsErrUserHasOrgs(err) { ctx.Error(422, "", err) } else { ctx.Error(500, "DeleteUser", err) } return } log.Trace("Account deleted by admin(%s): %s", ctx.User.Name, u.Name) ctx.Status(204) } // CreatePublicKey api for creating a public key to a user func CreatePublicKey(ctx *context.APIContext, form api.CreateKeyOption) { // swagger:operation POST /admin/users/{username}/keys admin adminCreatePublicKey // --- // summary: Add a public key on behalf of a user // consumes: // - application/json // produces: // - application/json // parameters: // - name: username // in: path // description: username of the user // type: string // required: true // - name: key // in: body // schema: // "$ref": "#/definitions/CreateKeyOption" // responses: // "201": // "$ref": "#/responses/PublicKey" // "403": // "$ref": "#/responses/forbidden" // "422": // "$ref": "#/responses/validationError" u := user.GetUserByParams(ctx) if ctx.Written() { return } user.CreateUserPublicKey(ctx, form, u.ID) } // DeleteUserPublicKey api for deleting a user's public key func DeleteUserPublicKey(ctx *context.APIContext) { // swagger:operation DELETE /admin/users/{username}/keys/{id} admin adminDeleteUserPublicKey // --- // summary: Delete a user's public key // produces: // - application/json // parameters: // - name: username // in: path // description: username of user // type: string // required: true // - name: id // in: path // description: id of the key to delete // type: integer // format: int64 // required: true // responses: // "204": // "$ref": "#/responses/empty" // "403": // "$ref": "#/responses/forbidden" // "404": // "$ref": "#/responses/notFound" u := user.GetUserByParams(ctx) if ctx.Written() { return } if err := models.DeletePublicKey(u, ctx.ParamsInt64(":id")); err != nil { if models.IsErrKeyNotExist(err) { ctx.NotFound() } else if models.IsErrKeyAccessDenied(err) { ctx.Error(403, "", "You do not have access to this key") } else { ctx.Error(500, "DeleteUserPublicKey", err) } return } log.Trace("Key deleted by admin(%s): %s", ctx.User.Name, u.Name) ctx.Status(204) } //GetAllUsers API for getting information of all the users func GetAllUsers(ctx *context.APIContext) { // swagger:operation GET /admin/users admin adminGetAllUsers // --- // summary: List all users // produces: // - application/json // responses: // "200": // "$ref": "#/responses/UserList" // "403": // "$ref": "#/responses/forbidden" users, _, err := models.SearchUsers(&models.SearchUserOptions{ Type: models.UserTypeIndividual, OrderBy: models.SearchOrderByAlphabetically, PageSize: -1, }) if err != nil { ctx.Error(500, "GetAllUsers", err) return } results := make([]*api.User, len(users)) for i := range users { results[i] = convert.ToUser(users[i], ctx.IsSigned, ctx.User.IsAdmin) } ctx.JSON(200, &results) }