From 0fe56e6059a4828c84cbc5b8e9f861bacf4fa145 Mon Sep 17 00:00:00 2001 From: forgejo-backport-action Date: Fri, 14 Feb 2025 13:37:46 +0000 Subject: [PATCH] [v10.0/forgejo] fix: disable forgotten password for external signin only (#6930) **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6680 - Make it such that `[service].ENABLE_INTERNAL_SIGNIN = false` disables the forgotten password prompt on the login page. Co-authored-by: davrot Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6930 Reviewed-by: Gusted Co-authored-by: forgejo-backport-action Co-committed-by: forgejo-backport-action --- routers/web/auth/auth.go | 3 ++ templates/user/auth/signin_inner.tmpl | 3 ++ .../disable_forgotten_password_test.go | 39 +++++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100644 tests/integration/disable_forgotten_password_test.go diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index ccab47a9a2..4be3489891 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -170,6 +170,8 @@ func SignIn(ctx *context.Context) { context.SetCaptchaData(ctx) } + ctx.Data["DisablePassword"] = !setting.Service.EnableInternalSignIn + ctx.HTML(http.StatusOK, tplSignIn) } @@ -189,6 +191,7 @@ func SignInPost(ctx *context.Context) { ctx.Data["PageIsLogin"] = true ctx.Data["EnableSSPI"] = auth.IsSSPIEnabled(ctx) ctx.Data["EnableInternalSignIn"] = setting.Service.EnableInternalSignIn + ctx.Data["DisablePassword"] = !setting.Service.EnableInternalSignIn // Permission denied if EnableInternalSignIn is false if !setting.Service.EnableInternalSignIn { diff --git a/templates/user/auth/signin_inner.tmpl b/templates/user/auth/signin_inner.tmpl index ddef34f35d..4abb4646d1 100644 --- a/templates/user/auth/signin_inner.tmpl +++ b/templates/user/auth/signin_inner.tmpl @@ -50,6 +50,7 @@ +{{if not .DisablePassword}}
{{template "user/auth/webauthn_error" .}} @@ -65,3 +66,5 @@
+{{end}} + diff --git a/tests/integration/disable_forgotten_password_test.go b/tests/integration/disable_forgotten_password_test.go new file mode 100644 index 0000000000..8a50c8d409 --- /dev/null +++ b/tests/integration/disable_forgotten_password_test.go @@ -0,0 +1,39 @@ +package integration + +import ( + "net/http" + "testing" + + "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/test" + "code.gitea.io/gitea/tests" +) + +func TestDisableForgottenPasswordFalse(t *testing.T) { + defer tests.PrepareTestEnv(t)() + defer test.MockVariableValue(&setting.Service.EnableInternalSignIn, true)() + + req := NewRequest(t, "GET", "/user/login/") + resp := MakeRequest(t, req, http.StatusOK) + htmlDoc := NewHTMLParser(t, resp.Body) + htmlDoc.AssertElement(t, "a[href='/user/forgot_password']", true) +} + +func TestDisableForgottenPasswordTrue(t *testing.T) { + defer tests.PrepareTestEnv(t)() + defer test.MockVariableValue(&setting.Service.EnableInternalSignIn, false)() + + req := NewRequest(t, "GET", "/user/login/") + resp := MakeRequest(t, req, http.StatusOK) + htmlDoc := NewHTMLParser(t, resp.Body) + htmlDoc.AssertElement(t, "a[href='/user/forgot_password']", false) +} + +func TestDisableForgottenPasswordDefault(t *testing.T) { + defer tests.PrepareTestEnv(t)() + + req := NewRequest(t, "GET", "/user/login/") + resp := MakeRequest(t, req, http.StatusOK) + htmlDoc := NewHTMLParser(t, resp.Body) + htmlDoc.AssertElement(t, "a[href='/user/forgot_password']", true) +}