Browse Source

Enhanced HTTP response code + authentication failure log messages

Add an http_status int argument to RenderWithErr(). In most case
it is set to http.StatusBadRequest.
Authentication failure log messages (that should be matched by fail2ban) are
composed like : "^<DATE> \[ WARN\] <IP> authfail : <REASON>$"
pull/3357/head
Gogs 7 years ago
parent
commit
103417e1d3
  1. 4
      pkg/context/context.go
  2. 3
      routes/admin/auths.go
  3. 11
      routes/admin/users.go
  4. 31
      routes/install.go
  5. 7
      routes/org/org.go
  6. 9
      routes/org/setting.go
  7. 7
      routes/org/teams.go
  8. 26
      routes/repo/editor.go
  9. 4
      routes/repo/issue.go
  10. 9
      routes/repo/pull.go
  11. 7
      routes/repo/release.go
  12. 19
      routes/repo/repo.go
  13. 23
      routes/repo/setting.go
  14. 2
      routes/repo/wiki.go
  15. 44
      routes/user/auth.go
  16. 11
      routes/user/setting.go

4
pkg/context/context.go

@ -137,13 +137,13 @@ func (c *Context) SubURLRedirect(location string, status ...int) {
} }
// RenderWithErr used for page has form validation but need to prompt error to users. // RenderWithErr used for page has form validation but need to prompt error to users.
func (c *Context) RenderWithErr(msg, tpl string, f interface{}) { func (c *Context) RenderWithErr(msg, tpl string, f interface{}, http_status int) {
if f != nil { if f != nil {
form.Assign(f, c.Data) form.Assign(f, c.Data)
} }
c.Flash.ErrorMsg = msg c.Flash.ErrorMsg = msg
c.Data["Flash"] = c.Flash c.Data["Flash"] = c.Flash
c.HTML(http.StatusOK, tpl) c.HTML(http_status, tpl)
} }
// Handle handles and logs error by given status. // Handle handles and logs error by given status.

3
routes/admin/auths.go

@ -6,6 +6,7 @@ package admin
import ( import (
"fmt" "fmt"
"net/http"
"github.com/Unknwon/com" "github.com/Unknwon/com"
"github.com/go-xorm/core" "github.com/go-xorm/core"
@ -158,7 +159,7 @@ func NewAuthSourcePost(c *context.Context, f form.Authentication) {
}); err != nil { }); err != nil {
if models.IsErrLoginSourceAlreadyExist(err) { if models.IsErrLoginSourceAlreadyExist(err) {
c.Data["Err_Name"] = true c.Data["Err_Name"] = true
c.RenderWithErr(c.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), AUTH_NEW, f) c.RenderWithErr(c.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), AUTH_NEW, f, http.StatusBadRequest)
} else { } else {
c.Handle(500, "CreateSource", err) c.Handle(500, "CreateSource", err)
} }

11
routes/admin/users.go

@ -6,6 +6,7 @@ package admin
import ( import (
"strings" "strings"
"net/http"
"github.com/Unknwon/com" "github.com/Unknwon/com"
log "gopkg.in/clog.v1" log "gopkg.in/clog.v1"
@ -97,16 +98,16 @@ func NewUserPost(c *context.Context, f form.AdminCrateUser) {
switch { switch {
case models.IsErrUserAlreadyExist(err): case models.IsErrUserAlreadyExist(err):
c.Data["Err_UserName"] = true c.Data["Err_UserName"] = true
c.RenderWithErr(c.Tr("form.username_been_taken"), USER_NEW, &f) c.RenderWithErr(c.Tr("form.username_been_taken"), USER_NEW, &f, http.StatusBadRequest)
case models.IsErrEmailAlreadyUsed(err): case models.IsErrEmailAlreadyUsed(err):
c.Data["Err_Email"] = true c.Data["Err_Email"] = true
c.RenderWithErr(c.Tr("form.email_been_used"), USER_NEW, &f) c.RenderWithErr(c.Tr("form.email_been_used"), USER_NEW, &f, http.StatusBadRequest)
case models.IsErrNameReserved(err): case models.IsErrNameReserved(err):
c.Data["Err_UserName"] = true c.Data["Err_UserName"] = true
c.RenderWithErr(c.Tr("user.form.name_reserved", err.(models.ErrNameReserved).Name), USER_NEW, &f) c.RenderWithErr(c.Tr("user.form.name_reserved", err.(models.ErrNameReserved).Name), USER_NEW, &f, http.StatusBadRequest)
case models.IsErrNamePatternNotAllowed(err): case models.IsErrNamePatternNotAllowed(err):
c.Data["Err_UserName"] = true c.Data["Err_UserName"] = true
c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), USER_NEW, &f) c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), USER_NEW, &f, http.StatusBadRequest)
default: default:
c.Handle(500, "CreateUser", err) c.Handle(500, "CreateUser", err)
} }
@ -217,7 +218,7 @@ func EditUserPost(c *context.Context, f form.AdminEditUser) {
if err := models.UpdateUser(u); err != nil { if err := models.UpdateUser(u); err != nil {
if models.IsErrEmailAlreadyUsed(err) { if models.IsErrEmailAlreadyUsed(err) {
c.Data["Err_Email"] = true c.Data["Err_Email"] = true
c.RenderWithErr(c.Tr("form.email_been_used"), USER_EDIT, &f) c.RenderWithErr(c.Tr("form.email_been_used"), USER_EDIT, &f, http.StatusBadRequest)
} else { } else {
c.Handle(500, "UpdateUser", err) c.Handle(500, "UpdateUser", err)
} }

31
routes/install.go

@ -6,6 +6,7 @@ package routes
import ( import (
"net/mail" "net/mail"
"net/http"
"os" "os"
"os/exec" "os/exec"
"path/filepath" "path/filepath"
@ -186,7 +187,7 @@ func InstallPost(c *context.Context, f form.Install) {
} }
if _, err := exec.LookPath("git"); err != nil { if _, err := exec.LookPath("git"); err != nil {
c.RenderWithErr(c.Tr("install.test_git_failed", err), INSTALL, &f) c.RenderWithErr(c.Tr("install.test_git_failed", err), INSTALL, &f, http.StatusOK)
return return
} }
@ -203,7 +204,7 @@ func InstallPost(c *context.Context, f form.Install) {
if models.DbCfg.Type == "sqlite3" && len(models.DbCfg.Path) == 0 { if models.DbCfg.Type == "sqlite3" && len(models.DbCfg.Path) == 0 {
c.FormErr("DbPath") c.FormErr("DbPath")
c.RenderWithErr(c.Tr("install.err_empty_db_path"), INSTALL, &f) c.RenderWithErr(c.Tr("install.err_empty_db_path"), INSTALL, &f, http.StatusBadRequest)
return return
} }
@ -212,10 +213,10 @@ func InstallPost(c *context.Context, f form.Install) {
if err := models.NewTestEngine(x); err != nil { if err := models.NewTestEngine(x); err != nil {
if strings.Contains(err.Error(), `Unknown database type: sqlite3`) { if strings.Contains(err.Error(), `Unknown database type: sqlite3`) {
c.FormErr("DbType") c.FormErr("DbType")
c.RenderWithErr(c.Tr("install.sqlite3_not_available", "https://gogs.io/docs/installation/install_from_binary.html"), INSTALL, &f) c.RenderWithErr(c.Tr("install.sqlite3_not_available", "https://gogs.io/docs/installation/install_from_binary.html"), INSTALL, &f, http.StatusOK)
} else { } else {
c.FormErr("DbSetting") c.FormErr("DbSetting")
c.RenderWithErr(c.Tr("install.invalid_db_setting", err), INSTALL, &f) c.RenderWithErr(c.Tr("install.invalid_db_setting", err), INSTALL, &f, http.StatusOK)
} }
return return
} }
@ -224,7 +225,7 @@ func InstallPost(c *context.Context, f form.Install) {
f.RepoRootPath = strings.Replace(f.RepoRootPath, "\\", "/", -1) f.RepoRootPath = strings.Replace(f.RepoRootPath, "\\", "/", -1)
if err := os.MkdirAll(f.RepoRootPath, os.ModePerm); err != nil { if err := os.MkdirAll(f.RepoRootPath, os.ModePerm); err != nil {
c.FormErr("RepoRootPath") c.FormErr("RepoRootPath")
c.RenderWithErr(c.Tr("install.invalid_repo_path", err), INSTALL, &f) c.RenderWithErr(c.Tr("install.invalid_repo_path", err), INSTALL, &f, http.StatusOK)
return return
} }
@ -232,21 +233,21 @@ func InstallPost(c *context.Context, f form.Install) {
f.LogRootPath = strings.Replace(f.LogRootPath, "\\", "/", -1) f.LogRootPath = strings.Replace(f.LogRootPath, "\\", "/", -1)
if err := os.MkdirAll(f.LogRootPath, os.ModePerm); err != nil { if err := os.MkdirAll(f.LogRootPath, os.ModePerm); err != nil {
c.FormErr("LogRootPath") c.FormErr("LogRootPath")
c.RenderWithErr(c.Tr("install.invalid_log_root_path", err), INSTALL, &f) c.RenderWithErr(c.Tr("install.invalid_log_root_path", err), INSTALL, &f, http.StatusOK)
return return
} }
currentUser, match := setting.IsRunUserMatchCurrentUser(f.RunUser) currentUser, match := setting.IsRunUserMatchCurrentUser(f.RunUser)
if !match { if !match {
c.FormErr("RunUser") c.FormErr("RunUser")
c.RenderWithErr(c.Tr("install.run_user_not_match", f.RunUser, currentUser), INSTALL, &f) c.RenderWithErr(c.Tr("install.run_user_not_match", f.RunUser, currentUser), INSTALL, &f, http.StatusOK)
return return
} }
// Check host address and port // Check host address and port
if len(f.SMTPHost) > 0 && !strings.Contains(f.SMTPHost, ":") { if len(f.SMTPHost) > 0 && !strings.Contains(f.SMTPHost, ":") {
c.FormErr("SMTP", "SMTPHost") c.FormErr("SMTP", "SMTPHost")
c.RenderWithErr(c.Tr("install.smtp_host_missing_port"), INSTALL, &f) c.RenderWithErr(c.Tr("install.smtp_host_missing_port"), INSTALL, &f, http.StatusOK)
return return
} }
@ -255,7 +256,7 @@ func InstallPost(c *context.Context, f form.Install) {
_, err := mail.ParseAddress(f.SMTPFrom) _, err := mail.ParseAddress(f.SMTPFrom)
if err != nil { if err != nil {
c.FormErr("SMTP", "SMTPFrom") c.FormErr("SMTP", "SMTPFrom")
c.RenderWithErr(c.Tr("install.invalid_smtp_from", err), INSTALL, &f) c.RenderWithErr(c.Tr("install.invalid_smtp_from", err), INSTALL, &f, http.StatusOK)
return return
} }
} }
@ -263,19 +264,19 @@ func InstallPost(c *context.Context, f form.Install) {
// Check logic loophole between disable self-registration and no admin account. // Check logic loophole between disable self-registration and no admin account.
if f.DisableRegistration && len(f.AdminName) == 0 { if f.DisableRegistration && len(f.AdminName) == 0 {
c.FormErr("Services", "Admin") c.FormErr("Services", "Admin")
c.RenderWithErr(c.Tr("install.no_admin_and_disable_registration"), INSTALL, f) c.RenderWithErr(c.Tr("install.no_admin_and_disable_registration"), INSTALL, f, http.StatusOK)
return return
} }
// Check admin password. // Check admin password.
if len(f.AdminName) > 0 && len(f.AdminPasswd) == 0 { if len(f.AdminName) > 0 && len(f.AdminPasswd) == 0 {
c.FormErr("Admin", "AdminPasswd") c.FormErr("Admin", "AdminPasswd")
c.RenderWithErr(c.Tr("install.err_empty_admin_password"), INSTALL, f) c.RenderWithErr(c.Tr("install.err_empty_admin_password"), INSTALL, f, http.StatusOK)
return return
} }
if f.AdminPasswd != f.AdminConfirmPasswd { if f.AdminPasswd != f.AdminConfirmPasswd {
c.FormErr("Admin", "AdminPasswd") c.FormErr("Admin", "AdminPasswd")
c.RenderWithErr(c.Tr("form.password_not_match"), INSTALL, f) c.RenderWithErr(c.Tr("form.password_not_match"), INSTALL, f, http.StatusOK)
return return
} }
@ -348,14 +349,14 @@ func InstallPost(c *context.Context, f form.Install) {
cfg.Section("security").Key("INSTALL_LOCK").SetValue("true") cfg.Section("security").Key("INSTALL_LOCK").SetValue("true")
secretKey, err := tool.RandomString(15) secretKey, err := tool.RandomString(15)
if err != nil { if err != nil {
c.RenderWithErr(c.Tr("install.secret_key_failed", err), INSTALL, &f) c.RenderWithErr(c.Tr("install.secret_key_failed", err), INSTALL, &f, http.StatusInternalServerError)
return return
} }
cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey) cfg.Section("security").Key("SECRET_KEY").SetValue(secretKey)
os.MkdirAll(filepath.Dir(setting.CustomConf), os.ModePerm) os.MkdirAll(filepath.Dir(setting.CustomConf), os.ModePerm)
if err := cfg.SaveTo(setting.CustomConf); err != nil { if err := cfg.SaveTo(setting.CustomConf); err != nil {
c.RenderWithErr(c.Tr("install.save_config_failed", err), INSTALL, &f) c.RenderWithErr(c.Tr("install.save_config_failed", err), INSTALL, &f, http.StatusInternalServerError)
return return
} }
@ -374,7 +375,7 @@ func InstallPost(c *context.Context, f form.Install) {
if !models.IsErrUserAlreadyExist(err) { if !models.IsErrUserAlreadyExist(err) {
setting.InstallLock = false setting.InstallLock = false
c.FormErr("AdminName", "AdminEmail") c.FormErr("AdminName", "AdminEmail")
c.RenderWithErr(c.Tr("install.invalid_admin_setting", err), INSTALL, &f) c.RenderWithErr(c.Tr("install.invalid_admin_setting", err), INSTALL, &f, http.StatusBadRequest)
return return
} }
log.Info("Admin account already exist") log.Info("Admin account already exist")

7
routes/org/org.go

@ -5,6 +5,7 @@
package org package org
import ( import (
"net/http"
log "gopkg.in/clog.v1" log "gopkg.in/clog.v1"
"github.com/gogits/gogs/models" "github.com/gogits/gogs/models"
@ -40,11 +41,11 @@ func CreatePost(c *context.Context, f form.CreateOrg) {
c.Data["Err_OrgName"] = true c.Data["Err_OrgName"] = true
switch { switch {
case models.IsErrUserAlreadyExist(err): case models.IsErrUserAlreadyExist(err):
c.RenderWithErr(c.Tr("form.org_name_been_taken"), CREATE, &f) c.RenderWithErr(c.Tr("form.org_name_been_taken"), CREATE, &f, http.StatusBadRequest)
case models.IsErrNameReserved(err): case models.IsErrNameReserved(err):
c.RenderWithErr(c.Tr("org.form.name_reserved", err.(models.ErrNameReserved).Name), CREATE, &f) c.RenderWithErr(c.Tr("org.form.name_reserved", err.(models.ErrNameReserved).Name), CREATE, &f, http.StatusBadRequest)
case models.IsErrNamePatternNotAllowed(err): case models.IsErrNamePatternNotAllowed(err):
c.RenderWithErr(c.Tr("org.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), CREATE, &f) c.RenderWithErr(c.Tr("org.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), CREATE, &f, http.StatusBadRequest)
default: default:
c.Handle(500, "CreateOrganization", err) c.Handle(500, "CreateOrganization", err)
} }

9
routes/org/setting.go

@ -6,6 +6,7 @@ package org
import ( import (
"strings" "strings"
"net/http"
log "gopkg.in/clog.v1" log "gopkg.in/clog.v1"
@ -48,15 +49,15 @@ func SettingsPost(c *context.Context, f form.UpdateOrgSetting) {
return return
} else if isExist { } else if isExist {
c.Data["OrgName"] = true c.Data["OrgName"] = true
c.RenderWithErr(c.Tr("form.username_been_taken"), SETTINGS_OPTIONS, &f) c.RenderWithErr(c.Tr("form.username_been_taken"), SETTINGS_OPTIONS, &f, http.StatusBadRequest)
return return
} else if err = models.ChangeUserName(org, f.Name); err != nil { } else if err = models.ChangeUserName(org, f.Name); err != nil {
c.Data["OrgName"] = true c.Data["OrgName"] = true
switch { switch {
case models.IsErrNameReserved(err): case models.IsErrNameReserved(err):
c.RenderWithErr(c.Tr("user.form.name_reserved"), SETTINGS_OPTIONS, &f) c.RenderWithErr(c.Tr("user.form.name_reserved"), SETTINGS_OPTIONS, &f, http.StatusBadRequest)
case models.IsErrNamePatternNotAllowed(err): case models.IsErrNamePatternNotAllowed(err):
c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed"), SETTINGS_OPTIONS, &f) c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed"), SETTINGS_OPTIONS, &f, http.StatusBadRequest)
default: default:
c.Handle(500, "ChangeUserName", err) c.Handle(500, "ChangeUserName", err)
} }
@ -114,7 +115,7 @@ func SettingsDelete(c *context.Context) {
if c.Req.Method == "POST" { if c.Req.Method == "POST" {
if _, err := models.UserSignIn(c.User.Name, c.Query("password")); err != nil { if _, err := models.UserSignIn(c.User.Name, c.Query("password")); err != nil {
if errors.IsUserNotExist(err) { if errors.IsUserNotExist(err) {
c.RenderWithErr(c.Tr("form.enterred_invalid_password"), SETTINGS_DELETE, nil) c.RenderWithErr(c.Tr("form.enterred_invalid_password"), SETTINGS_DELETE, nil, http.StatusBadRequest)
} else { } else {
c.Handle(500, "UserSignIn", err) c.Handle(500, "UserSignIn", err)
} }

7
routes/org/teams.go

@ -6,6 +6,7 @@ package org
import ( import (
"path" "path"
"net/http"
"github.com/Unknwon/com" "github.com/Unknwon/com"
log "gopkg.in/clog.v1" log "gopkg.in/clog.v1"
@ -171,9 +172,9 @@ func NewTeamPost(c *context.Context, f form.CreateTeam) {
c.Data["Err_TeamName"] = true c.Data["Err_TeamName"] = true
switch { switch {
case models.IsErrTeamAlreadyExist(err): case models.IsErrTeamAlreadyExist(err):
c.RenderWithErr(c.Tr("form.team_name_been_taken"), TEAM_NEW, &f) c.RenderWithErr(c.Tr("form.team_name_been_taken"), TEAM_NEW, &f, http.StatusBadRequest)
case models.IsErrNameReserved(err): case models.IsErrNameReserved(err):
c.RenderWithErr(c.Tr("org.form.team_name_reserved", err.(models.ErrNameReserved).Name), TEAM_NEW, &f) c.RenderWithErr(c.Tr("org.form.team_name_reserved", err.(models.ErrNameReserved).Name), TEAM_NEW, &f, http.StatusBadRequest)
default: default:
c.Handle(500, "NewTeam", err) c.Handle(500, "NewTeam", err)
} }
@ -249,7 +250,7 @@ func EditTeamPost(c *context.Context, f form.CreateTeam) {
c.Data["Err_TeamName"] = true c.Data["Err_TeamName"] = true
switch { switch {
case models.IsErrTeamAlreadyExist(err): case models.IsErrTeamAlreadyExist(err):
c.RenderWithErr(c.Tr("form.team_name_been_taken"), TEAM_NEW, &f) c.RenderWithErr(c.Tr("form.team_name_been_taken"), TEAM_NEW, &f, http.StatusBadRequest)
default: default:
c.Handle(500, "UpdateTeam", err) c.Handle(500, "UpdateTeam", err)
} }

26
routes/repo/editor.go

@ -165,14 +165,14 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
if len(f.TreePath) == 0 { if len(f.TreePath) == 0 {
c.FormErr("TreePath") c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.filename_cannot_be_empty"), EDIT_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.filename_cannot_be_empty"), EDIT_FILE, &f, http.StatusBadRequest)
return return
} }
if oldBranchName != branchName { if oldBranchName != branchName {
if _, err := c.Repo.Repository.GetBranch(branchName); err == nil { if _, err := c.Repo.Repository.GetBranch(branchName); err == nil {
c.FormErr("NewBranchName") c.FormErr("NewBranchName")
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), EDIT_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), EDIT_FILE, &f, http.StatusBadRequest)
return return
} }
} }
@ -193,17 +193,17 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
if index != len(treeNames)-1 { if index != len(treeNames)-1 {
if !entry.IsDir() { if !entry.IsDir() {
c.FormErr("TreePath") c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.directory_is_a_file", part), EDIT_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.directory_is_a_file", part), EDIT_FILE, &f, http.StatusBadRequest)
return return
} }
} else { } else {
if entry.IsLink() { if entry.IsLink() {
c.FormErr("TreePath") c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.file_is_a_symlink", part), EDIT_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.file_is_a_symlink", part), EDIT_FILE, &f, http.StatusBadRequest)
return return
} else if entry.IsDir() { } else if entry.IsDir() {
c.FormErr("TreePath") c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.filename_is_a_directory", part), EDIT_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.filename_is_a_directory", part), EDIT_FILE, &f, http.StatusBadRequest)
return return
} }
} }
@ -214,7 +214,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
if err != nil { if err != nil {
if git.IsErrNotExist(err) { if git.IsErrNotExist(err) {
c.FormErr("TreePath") c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.file_editing_no_longer_exists", oldTreePath), EDIT_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.file_editing_no_longer_exists", oldTreePath), EDIT_FILE, &f, http.StatusBadRequest)
} else { } else {
c.ServerError("GetTreeEntryByPath", err) c.ServerError("GetTreeEntryByPath", err)
} }
@ -229,7 +229,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
for _, file := range files { for _, file := range files {
if file == f.TreePath { if file == f.TreePath {
c.RenderWithErr(c.Tr("repo.editor.file_changed_while_editing", c.Repo.RepoLink+"/compare/"+lastCommit+"..."+c.Repo.CommitID), EDIT_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.file_changed_while_editing", c.Repo.RepoLink+"/compare/"+lastCommit+"..."+c.Repo.CommitID), EDIT_FILE, &f, http.StatusInternalServerError)
return return
} }
} }
@ -247,7 +247,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
} }
if entry != nil { if entry != nil {
c.FormErr("TreePath") c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.file_already_exists", f.TreePath), EDIT_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.file_already_exists", f.TreePath), EDIT_FILE, &f, http.StatusBadRequest)
return return
} }
} }
@ -277,7 +277,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
IsNewFile: isNewFile, IsNewFile: isNewFile,
}); err != nil { }); err != nil {
c.FormErr("TreePath") c.FormErr("TreePath")
c.RenderWithErr(c.Tr("repo.editor.fail_to_update_file", f.TreePath, err), EDIT_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.fail_to_update_file", f.TreePath, err), EDIT_FILE, &f, http.StatusInternalServerError)
return return
} }
@ -358,7 +358,7 @@ func DeleteFilePost(c *context.Context, f form.DeleteRepoFile) {
if oldBranchName != branchName { if oldBranchName != branchName {
if _, err := c.Repo.Repository.GetBranch(branchName); err == nil { if _, err := c.Repo.Repository.GetBranch(branchName); err == nil {
c.Data["Err_NewBranchName"] = true c.Data["Err_NewBranchName"] = true
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), DELETE_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), DELETE_FILE, &f, http.StatusBadRequest)
return return
} }
} }
@ -455,7 +455,7 @@ func UploadFilePost(c *context.Context, f form.UploadRepoFile) {
if oldBranchName != branchName { if oldBranchName != branchName {
if _, err := c.Repo.Repository.GetBranch(branchName); err == nil { if _, err := c.Repo.Repository.GetBranch(branchName); err == nil {
c.Data["Err_NewBranchName"] = true c.Data["Err_NewBranchName"] = true
c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), UPLOAD_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.branch_already_exists", branchName), UPLOAD_FILE, &f, http.StatusBadRequest)
return return
} }
} }
@ -477,7 +477,7 @@ func UploadFilePost(c *context.Context, f form.UploadRepoFile) {
// User can only upload files to a directory. // User can only upload files to a directory.
if !entry.IsDir() { if !entry.IsDir() {
c.Data["Err_TreePath"] = true c.Data["Err_TreePath"] = true
c.RenderWithErr(c.Tr("repo.editor.directory_is_a_file", part), UPLOAD_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.directory_is_a_file", part), UPLOAD_FILE, &f, http.StatusBadRequest)
return return
} }
} }
@ -501,7 +501,7 @@ func UploadFilePost(c *context.Context, f form.UploadRepoFile) {
Files: f.Files, Files: f.Files,
}); err != nil { }); err != nil {
c.Data["Err_TreePath"] = true c.Data["Err_TreePath"] = true
c.RenderWithErr(c.Tr("repo.editor.unable_to_upload_files", f.TreePath, err), UPLOAD_FILE, &f) c.RenderWithErr(c.Tr("repo.editor.unable_to_upload_files", f.TreePath, err), UPLOAD_FILE, &f, http.StatusInternalServerError)
return return
} }

4
routes/repo/issue.go

@ -1131,7 +1131,7 @@ func NewMilestonePost(c *context.Context, f form.CreateMilestone) {
deadline, err := time.ParseInLocation("2006-01-02", f.Deadline, time.Local) deadline, err := time.ParseInLocation("2006-01-02", f.Deadline, time.Local)
if err != nil { if err != nil {
c.Data["Err_Deadline"] = true c.Data["Err_Deadline"] = true
c.RenderWithErr(c.Tr("repo.milestones.invalid_due_date_format"), MILESTONE_NEW, &f) c.RenderWithErr(c.Tr("repo.milestones.invalid_due_date_format"), MILESTONE_NEW, &f, http.StatusBadRequest)
return return
} }
@ -1191,7 +1191,7 @@ func EditMilestonePost(c *context.Context, f form.CreateMilestone) {
deadline, err := time.ParseInLocation("2006-01-02", f.Deadline, time.Local) deadline, err := time.ParseInLocation("2006-01-02", f.Deadline, time.Local)
if err != nil { if err != nil {
c.Data["Err_Deadline"] = true c.Data["Err_Deadline"] = true
c.RenderWithErr(c.Tr("repo.milestones.invalid_due_date_format"), MILESTONE_NEW, &f) c.RenderWithErr(c.Tr("repo.milestones.invalid_due_date_format"), MILESTONE_NEW, &f, http.StatusBadRequest)
return return
} }

9
routes/repo/pull.go

@ -8,6 +8,7 @@ import (
"container/list" "container/list"
"path" "path"
"strings" "strings"
"net/http"
"github.com/Unknwon/com" "github.com/Unknwon/com"
log "gopkg.in/clog.v1" log "gopkg.in/clog.v1"
@ -118,7 +119,7 @@ func ForkPost(c *context.Context, f form.CreateRepo) {
// Cannot fork to same owner // Cannot fork to same owner
if ctxUser.ID == baseRepo.OwnerID { if ctxUser.ID == baseRepo.OwnerID {
c.RenderWithErr(c.Tr("repo.settings.cannot_fork_to_same_owner"), FORK, &f) c.RenderWithErr(c.Tr("repo.settings.cannot_fork_to_same_owner"), FORK, &f, http.StatusBadRequest)
return return
} }
@ -127,11 +128,11 @@ func ForkPost(c *context.Context, f form.CreateRepo) {
c.Data["Err_RepoName"] = true c.Data["Err_RepoName"] = true
switch { switch {
case models.IsErrRepoAlreadyExist(err): case models.IsErrRepoAlreadyExist(err):
c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), FORK, &f) c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), FORK, &f, http.StatusBadRequest)
case models.IsErrNameReserved(err): case models.IsErrNameReserved(err):
c.RenderWithErr(c.Tr("repo.form.name_reserved", err.(models.ErrNameReserved).Name), FORK, &f) c.RenderWithErr(c.Tr("repo.form.name_reserved", err.(models.ErrNameReserved).Name), FORK, &f, http.StatusBadRequest)
case models.IsErrNamePatternNotAllowed(err): case models.IsErrNamePatternNotAllowed(err):
c.RenderWithErr(c.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), FORK, &f) c.RenderWithErr(c.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), FORK, &f, http.StatusBadRequest)
default: default:
c.ServerError("ForkPost", err) c.ServerError("ForkPost", err)
} }

7
routes/repo/release.go

@ -7,6 +7,7 @@ package repo
import ( import (
"fmt" "fmt"
"strings" "strings"
"net/http"
log "gopkg.in/clog.v1" log "gopkg.in/clog.v1"
@ -176,7 +177,7 @@ func NewReleasePost(c *context.Context, f form.NewRelease) {
} }
if !c.Repo.GitRepo.IsBranchExist(f.Target) { if !c.Repo.GitRepo.IsBranchExist(f.Target) {
c.RenderWithErr(c.Tr("form.target_branch_not_exist"), RELEASE_NEW, &f) c.RenderWithErr(c.Tr("form.target_branch_not_exist"), RELEASE_NEW, &f, http.StatusBadRequest)
return return
} }
@ -224,9 +225,9 @@ func NewReleasePost(c *context.Context, f form.NewRelease) {
c.Data["Err_TagName"] = true c.Data["Err_TagName"] = true
switch { switch {
case models.IsErrReleaseAlreadyExist(err): case models.IsErrReleaseAlreadyExist(err):
c.RenderWithErr(c.Tr("repo.release.tag_name_already_exist"), RELEASE_NEW, &f) c.RenderWithErr(c.Tr("repo.release.tag_name_already_exist"), RELEASE_NEW, &f, http.StatusBadRequest)
case models.IsErrInvalidTagName(err): case models.IsErrInvalidTagName(err):
c.RenderWithErr(c.Tr("repo.release.tag_name_invalid"), RELEASE_NEW, &f) c.RenderWithErr(c.Tr("repo.release.tag_name_invalid"), RELEASE_NEW, &f, http.StatusBadRequest)
default: default:
c.Handle(500, "NewRelease", err) c.Handle(500, "NewRelease", err)
} }

19
routes/repo/repo.go

@ -9,6 +9,7 @@ import (
"os" "os"
"path" "path"
"strings" "strings"
"net/http"
"github.com/Unknwon/com" "github.com/Unknwon/com"
log "gopkg.in/clog.v1" log "gopkg.in/clog.v1"
@ -88,16 +89,16 @@ func Create(c *context.Context) {
func handleCreateError(c *context.Context, owner *models.User, err error, name, tpl string, form interface{}) { func handleCreateError(c *context.Context, owner *models.User, err error, name, tpl string, form interface{}) {
switch { switch {
case errors.IsReachLimitOfRepo(err): case errors.IsReachLimitOfRepo(err):
c.RenderWithErr(c.Tr("repo.form.reach_limit_of_creation", owner.RepoCreationNum()), tpl, form) c.RenderWithErr(c.Tr("repo.form.reach_limit_of_creation", owner.RepoCreationNum()), tpl, form, http.StatusNotAcceptable)
case models.IsErrRepoAlreadyExist(err): case models.IsErrRepoAlreadyExist(err):
c.Data["Err_RepoName"] = true c.Data["Err_RepoName"] = true
c.RenderWithErr(c.Tr("form.repo_name_been_taken"), tpl, form) c.RenderWithErr(c.Tr("form.repo_name_been_taken"), tpl, form, http.StatusBadRequest)
case models.IsErrNameReserved(err): case models.IsErrNameReserved(err):
c.Data["Err_RepoName"] = true c.Data["Err_RepoName"] = true
c.RenderWithErr(c.Tr("repo.form.name_reserved", err.(models.ErrNameReserved).Name), tpl, form) c.RenderWithErr(c.Tr("repo.form.name_reserved", err.(models.ErrNameReserved).Name), tpl, form, http.StatusBadRequest)
case models.IsErrNamePatternNotAllowed(err): case models.IsErrNamePatternNotAllowed(err):
c.Data["Err_RepoName"] = true c.Data["Err_RepoName"] = true
c.RenderWithErr(c.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tpl, form) c.RenderWithErr(c.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tpl, form, http.StatusBadRequest)
default: default:
c.Handle(500, name, err) c.Handle(500, name, err)
} }
@ -181,11 +182,11 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
addrErr := err.(models.ErrInvalidCloneAddr) addrErr := err.(models.ErrInvalidCloneAddr)
switch { switch {
case addrErr.IsURLError: case addrErr.IsURLError:
c.RenderWithErr(c.Tr("form.url_error"), MIGRATE, &f) c.RenderWithErr(c.Tr("form.url_error"), MIGRATE, &f, http.StatusBadRequest)
case addrErr.IsPermissionDenied: case addrErr.IsPermissionDenied:
c.RenderWithErr(c.Tr("repo.migrate.permission_denied"), MIGRATE, &f) c.RenderWithErr(c.Tr("repo.migrate.permission_denied"), MIGRATE, &f, http.StatusForbidden)
case addrErr.IsInvalidPath: case addrErr.IsInvalidPath:
c.RenderWithErr(c.Tr("repo.migrate.invalid_local_path"), MIGRATE, &f) c.RenderWithErr(c.Tr("repo.migrate.invalid_local_path"), MIGRATE, &f, http.StatusInternalServerError)
default: default:
c.Handle(500, "Unknown error", err) c.Handle(500, "Unknown error", err)
} }
@ -217,11 +218,11 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
if strings.Contains(err.Error(), "Authentication failed") || if strings.Contains(err.Error(), "Authentication failed") ||
strings.Contains(err.Error(), "could not read Username") { strings.Contains(err.Error(), "could not read Username") {
c.Data["Err_Auth"] = true c.Data["Err_Auth"] = true
c.RenderWithErr(c.Tr("form.auth_failed", models.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f) c.RenderWithErr(c.Tr("form.auth_failed", models.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f, http.StatusUnauthorized)
return return
} else if strings.Contains(err.Error(), "fatal:") { } else if strings.Contains(err.Error(), "fatal:") {
c.Data["Err_CloneAddr"] = true c.Data["Err_CloneAddr"] = true
c.RenderWithErr(c.Tr("repo.migrate.failed", models.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f) c.RenderWithErr(c.Tr("repo.migrate.failed", models.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f, http.StatusInternalServerError)
return return
} }

23
routes/repo/setting.go

@ -8,6 +8,7 @@ import (
"fmt" "fmt"
"strings" "strings"
"time" "time"
"net/http"
log "gopkg.in/clog.v1" log "gopkg.in/clog.v1"
@ -60,11 +61,11 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
c.FormErr("RepoName") c.FormErr("RepoName")
switch { switch {
case models.IsErrRepoAlreadyExist(err): case models.IsErrRepoAlreadyExist(err):
c.RenderWithErr(c.Tr("form.repo_name_been_taken"), SETTINGS_OPTIONS, &f) c.RenderWithErr(c.Tr("form.repo_name_been_taken"), SETTINGS_OPTIONS, &f, http.StatusBadRequest)
case models.IsErrNameReserved(err): case models.IsErrNameReserved(err):
c.RenderWithErr(c.Tr("repo.form.name_reserved", err.(models.ErrNameReserved).Name), SETTINGS_OPTIONS, &f) c.RenderWithErr(c.Tr("repo.form.name_reserved", err.(models.ErrNameReserved).Name), SETTINGS_OPTIONS, &f, http.StatusBadRequest)
case models.IsErrNamePatternNotAllowed(err): case models.IsErrNamePatternNotAllowed(err):
c.RenderWithErr(c.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), SETTINGS_OPTIONS, &f) c.RenderWithErr(c.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), SETTINGS_OPTIONS, &f, http.StatusBadRequest)
default: default:
c.ServerError("ChangeRepositoryName", err) c.ServerError("ChangeRepositoryName", err)
} }
@ -163,7 +164,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
return return
} }
if repo.Name != f.RepoName { if repo.Name != f.RepoName {
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil) c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil, http.StatusBadRequest)
return return
} }
@ -197,7 +198,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
return return
} }
if repo.Name != f.RepoName { if repo.Name != f.RepoName {
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil) c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil, http.StatusBadRequest)
return return
} }
@ -214,13 +215,13 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
c.ServerError("IsUserExist", err) c.ServerError("IsUserExist", err)
return return
} else if !isExist { } else if !isExist {
c.RenderWithErr(c.Tr("form.enterred_invalid_owner_name"), SETTINGS_OPTIONS, nil) c.RenderWithErr(c.Tr("form.enterred_invalid_owner_name"), SETTINGS_OPTIONS, nil, http.StatusBadRequest)
return return
} }
if err = models.TransferOwnership(c.User, newOwner, repo); err != nil { if err = models.TransferOwnership(c.User, newOwner, repo); err != nil {
if models.IsErrRepoAlreadyExist(err) { if models.IsErrRepoAlreadyExist(err) {
c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), SETTINGS_OPTIONS, nil) c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), SETTINGS_OPTIONS, nil, http.StatusBadRequest)
} else { } else {
c.ServerError("TransferOwnership", err) c.ServerError("TransferOwnership", err)
} }
@ -236,7 +237,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
return return
} }
if repo.Name != f.RepoName { if repo.Name != f.RepoName {
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil) c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil, http.StatusBadRequest)
return return
} }
@ -262,7 +263,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
return return
} }
if repo.Name != f.RepoName { if repo.Name != f.RepoName {
c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil) c.RenderWithErr(c.Tr("form.enterred_invalid_repo_name"), SETTINGS_OPTIONS, nil, http.StatusBadRequest)
return return
} }
@ -603,10 +604,10 @@ func SettingsDeployKeysPost(c *context.Context, f form.AddSSHKey) {
switch { switch {
case models.IsErrKeyAlreadyExist(err): case models.IsErrKeyAlreadyExist(err):
c.Data["Err_Content"] = true c.Data["Err_Content"] = true
c.RenderWithErr(c.Tr("repo.settings.key_been_used"), SETTINGS_DEPLOY_KEYS, &f) c.RenderWithErr(c.Tr("repo.settings.key_been_used"), SETTINGS_DEPLOY_KEYS, &f, http.StatusBadRequest)
case models.IsErrKeyNameAlreadyUsed(err): case models.IsErrKeyNameAlreadyUsed(err):
c.Data["Err_Title"] = true c.Data["Err_Title"] = true
c.RenderWithErr(c.Tr("repo.settings.key_name_used"), SETTINGS_DEPLOY_KEYS, &f) c.RenderWithErr(c.Tr("repo.settings.key_name_used"), SETTINGS_DEPLOY_KEYS, &f, http.StatusBadRequest)
default: default:
c.Handle(500, "AddDeployKey", err) c.Handle(500, "AddDeployKey", err)
} }

2
routes/repo/wiki.go

@ -210,7 +210,7 @@ func NewWikiPost(c *context.Context, f form.NewWiki) {
if err := c.Repo.Repository.AddWikiPage(c.User, f.Title, f.Content, f.Message); err != nil { if err := c.Repo.Repository.AddWikiPage(c.User, f.Title, f.Content, f.Message); err != nil {
if models.IsErrWikiAlreadyExist(err) { if models.IsErrWikiAlreadyExist(err) {
c.Data["Err_Title"] = true c.Data["Err_Title"] = true
c.RenderWithErr(c.Tr("repo.wiki.page_already_exists"), WIKI_NEW, &f) c.RenderWithErr(c.Tr("repo.wiki.page_already_exists"), WIKI_NEW, &f, 400)
} else { } else {
c.Handle(500, "AddWikiPage", err) c.Handle(500, "AddWikiPage", err)
} }

44
routes/user/auth.go

@ -6,6 +6,7 @@ package user
import ( import (
"fmt" "fmt"
"net/http"
"net/url" "net/url"
"github.com/go-macaron/captcha" "github.com/go-macaron/captcha"
@ -85,7 +86,8 @@ func Login(c *context.Context) {
// Check auto-login. // Check auto-login.
isSucceed, err := AutoLogin(c) isSucceed, err := AutoLogin(c)
if err != nil { if err != nil {
c.Handle(500, "AutoLogin", err) log.Warn("%s authfail : Autologin failure", c.RemoteAddr())
c.Handle(http.StatusInternalServerError, "AutoLogin", err)
return return
} }
@ -106,7 +108,7 @@ func Login(c *context.Context) {
return return
} }
c.HTML(200, LOGIN) c.HTML(http.StatusOK, LOGIN)
} }
func afterLogin(c *context.Context, u *models.User, remember bool) { func afterLogin(c *context.Context, u *models.User, remember bool) {
@ -141,14 +143,16 @@ func LoginPost(c *context.Context, f form.SignIn) {
c.Data["Title"] = c.Tr("sign_in") c.Data["Title"] = c.Tr("sign_in")
if c.HasError() { if c.HasError() {
c.Success(LOGIN) log.Warn("%s authfail : Content error", c.RemoteAddr(), f.UserName)
c.HTML(http.StatusBadRequest, LOGIN)
return return
} }
u, err := models.UserSignIn(f.UserName, f.Password) u, err := models.UserSignIn(f.UserName, f.Password)
if err != nil { if err != nil {
log.Warn("%s authfail : Authentication failure for user '%s'", c.RemoteAddr(), f.UserName)
if errors.IsUserNotExist(err) { if errors.IsUserNotExist(err) {
c.RenderWithErr(c.Tr("form.username_password_incorrect"), LOGIN, &f) c.RenderWithErr(c.Tr("form.username_password_incorrect"), LOGIN, &f, http.StatusUnauthorized)
} else { } else {
c.ServerError("UserSignIn", err) c.ServerError("UserSignIn", err)
} }
@ -256,11 +260,11 @@ func SignUp(c *context.Context) {
if setting.Service.DisableRegistration { if setting.Service.DisableRegistration {
c.Data["DisableRegistration"] = true c.Data["DisableRegistration"] = true
c.HTML(200, SIGNUP) c.HTML(http.StatusOK, SIGNUP)
return return
} }
c.HTML(200, SIGNUP) c.HTML(http.StatusOK, SIGNUP)
} }
func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) { func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
@ -269,24 +273,24 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
c.Data["EnableCaptcha"] = setting.Service.EnableCaptcha c.Data["EnableCaptcha"] = setting.Service.EnableCaptcha
if setting.Service.DisableRegistration { if setting.Service.DisableRegistration {
c.Error(403) c.Error(http.StatusForbidden)
return return
} }
if c.HasError() { if c.HasError() {
c.HTML(200, SIGNUP) c.HTML(http.StatusOK, SIGNUP)
return return
} }
if setting.Service.EnableCaptcha && !cpt.VerifyReq(c.Req) { if setting.Service.EnableCaptcha && !cpt.VerifyReq(c.Req) {
c.Data["Err_Captcha"] = true c.Data["Err_Captcha"] = true
c.RenderWithErr(c.Tr("form.captcha_incorrect"), SIGNUP, &f) c.RenderWithErr(c.Tr("form.captcha_incorrect"), SIGNUP, &f, http.StatusBadRequest)
return return
} }
if f.Password != f.Retype { if f.Password != f.Retype {
c.Data["Err_Password"] = true c.Data["Err_Password"] = true
c.RenderWithErr(c.Tr("form.password_not_match"), SIGNUP, &f) c.RenderWithErr(c.Tr("form.password_not_match"), SIGNUP, &f, http.StatusBadRequest)
return return
} }
@ -300,18 +304,18 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
switch { switch {
case models.IsErrUserAlreadyExist(err): case models.IsErrUserAlreadyExist(err):
c.Data["Err_UserName"] = true c.Data["Err_UserName"] = true
c.RenderWithErr(c.Tr("form.username_been_taken"), SIGNUP, &f) c.RenderWithErr(c.Tr("form.username_been_taken"), SIGNUP, &f, http.StatusBadRequest)
case models.IsErrEmailAlreadyUsed(err): case models.IsErrEmailAlreadyUsed(err):
c.Data["Err_Email"] = true c.Data["Err_Email"] = true
c.RenderWithErr(c.Tr("form.email_been_used"), SIGNUP, &f) c.RenderWithErr(c.Tr("form.email_been_used"), SIGNUP, &f, http.StatusBadRequest)
case models.IsErrNameReserved(err): case models.IsErrNameReserved(err):
c.Data["Err_UserName"] = true c.Data["Err_UserName"] = true
c.RenderWithErr(c.Tr("user.form.name_reserved", err.(models.ErrNameReserved).Name), SIGNUP, &f) c.RenderWithErr(c.Tr("user.form.name_reserved", err.(models.ErrNameReserved).Name), SIGNUP, &f, http.StatusBadRequest)
case models.IsErrNamePatternNotAllowed(err): case models.IsErrNamePatternNotAllowed(err):
c.Data["Err_UserName"] = true c.Data["Err_UserName"] = true
c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), SIGNUP, &f) c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), SIGNUP, &f, http.StatusBadRequest)
default: default:
c.Handle(500, "CreateUser", err) c.Handle(http.StatusInternalServerError, "CreateUser", err)
} }
return return
} }
@ -322,7 +326,7 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
u.IsAdmin = true u.IsAdmin = true
u.IsActive = true u.IsActive = true
if err := models.UpdateUser(u); err != nil { if err := models.UpdateUser(u); err != nil {
c.Handle(500, "UpdateUser", err) c.Handle(http.StatusInternalServerError, "UpdateUser", err)
return return
} }
} }
@ -333,7 +337,7 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
c.Data["IsSendRegisterMail"] = true c.Data["IsSendRegisterMail"] = true
c.Data["Email"] = u.Email c.Data["Email"] = u.Email
c.Data["Hours"] = setting.Service.ActiveCodeLives / 60 c.Data["Hours"] = setting.Service.ActiveCodeLives / 60
c.HTML(200, ACTIVATE) c.HTML(http.StatusOK, ACTIVATE)
if err := c.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil { if err := c.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil {
log.Error(4, "Set cache(MailResendLimit) fail: %v", err) log.Error(4, "Set cache(MailResendLimit) fail: %v", err)
@ -349,7 +353,7 @@ func Activate(c *context.Context) {
if len(code) == 0 { if len(code) == 0 {
c.Data["IsActivatePage"] = true c.Data["IsActivatePage"] = true
if c.User.IsActive { if c.User.IsActive {
c.Error(404) c.Error(http.StatusNotFound)
return return
} }
// Resend confirmation email. // Resend confirmation email.
@ -455,7 +459,7 @@ func ForgotPasswdPost(c *context.Context) {
if !u.IsLocal() { if !u.IsLocal() {
c.Data["Err_Email"] = true c.Data["Err_Email"] = true
c.RenderWithErr(c.Tr("auth.non_local_account"), FORGOT_PASSWORD, nil) c.RenderWithErr(c.Tr("auth.non_local_account"), FORGOT_PASSWORD, nil, http.StatusBadRequest)
return return
} }
@ -504,7 +508,7 @@ func ResetPasswdPost(c *context.Context) {
if len(passwd) < 6 { if len(passwd) < 6 {
c.Data["IsResetForm"] = true c.Data["IsResetForm"] = true
c.Data["Err_Password"] = true c.Data["Err_Password"] = true
c.RenderWithErr(c.Tr("auth.password_too_short"), RESET_PASSWORD, nil) c.RenderWithErr(c.Tr("auth.password_too_short"), RESET_PASSWORD, nil, http.StatusBadRequest)
return return
} }

11
routes/user/setting.go

@ -8,6 +8,7 @@ import (
"bytes" "bytes"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"net/http"
"html/template" "html/template"
"image/png" "image/png"
"io/ioutil" "io/ioutil"
@ -86,7 +87,7 @@ func SettingsPost(c *context.Context, f form.UpdateProfile) {
return return
} }
c.RenderWithErr(msg, SETTINGS_PROFILE, &f) c.RenderWithErr(msg, SETTINGS_PROFILE, &f, http.StatusBadRequest)
return return
} }
@ -263,7 +264,7 @@ func SettingsEmailPost(c *context.Context, f form.AddEmail) {
} }
if err := models.AddEmailAddress(email); err != nil { if err := models.AddEmailAddress(email); err != nil {
if models.IsErrEmailAlreadyUsed(err) { if models.IsErrEmailAlreadyUsed(err) {
c.RenderWithErr(c.Tr("form.email_been_used"), SETTINGS_EMAILS, &f) c.RenderWithErr(c.Tr("form.email_been_used"), SETTINGS_EMAILS, &f, http.StatusBadRequest)
} else { } else {
c.ServerError("AddEmailAddress", err) c.ServerError("AddEmailAddress", err)
} }
@ -346,10 +347,10 @@ func SettingsSSHKeysPost(c *context.Context, f form.AddSSHKey) {
switch { switch {
case models.IsErrKeyAlreadyExist(err): case models.IsErrKeyAlreadyExist(err):
c.FormErr("Content") c.FormErr("Content")
c.RenderWithErr(c.Tr("settings.ssh_key_been_used"), SETTINGS_SSH_KEYS, &f) c.RenderWithErr(c.Tr("settings.ssh_key_been_used"), SETTINGS_SSH_KEYS, &f, http.StatusBadRequest)
case models.IsErrKeyNameAlreadyUsed(err): case models.IsErrKeyNameAlreadyUsed(err):
c.FormErr("Title") c.FormErr("Title")
c.RenderWithErr(c.Tr("settings.ssh_key_name_used"), SETTINGS_SSH_KEYS, &f) c.RenderWithErr(c.Tr("settings.ssh_key_name_used"), SETTINGS_SSH_KEYS, &f, http.StatusBadRequest)
default: default:
c.ServerError("AddPublicKey", err) c.ServerError("AddPublicKey", err)
} }
@ -635,7 +636,7 @@ func SettingsDelete(c *context.Context) {
if c.Req.Method == "POST" { if c.Req.Method == "POST" {
if _, err := models.UserSignIn(c.User.Name, c.Query("password")); err != nil { if _, err := models.UserSignIn(c.User.Name, c.Query("password")); err != nil {
if errors.IsUserNotExist(err) { if errors.IsUserNotExist(err) {
c.RenderWithErr(c.Tr("form.enterred_invalid_password"), SETTINGS_DELETE, nil) c.RenderWithErr(c.Tr("form.enterred_invalid_password"), SETTINGS_DELETE, nil, http.StatusUnauthorized)
} else { } else {
c.ServerError("UserSignIn", err) c.ServerError("UserSignIn", err)
} }

Loading…
Cancel
Save