diff --git a/routers/user/auth.go b/routers/user/auth.go index ba6420967..d347962ca 100644 --- a/routers/user/auth.go +++ b/routers/user/auth.go @@ -1203,6 +1203,8 @@ func SignUpPost(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterFo // Activate render activate user page func Activate(ctx *context.Context) { code := ctx.Query("code") + password := ctx.Query("password") + if len(code) == 0 { ctx.Data["IsActivatePage"] = true if ctx.User.IsActive { @@ -1228,42 +1230,58 @@ func Activate(ctx *context.Context) { return } - // Verify code. - if user := models.VerifyUserActiveCode(code); user != nil { - user.IsActive = true - var err error - if user.Rands, err = models.GetUserSalt(); err != nil { - ctx.ServerError("UpdateUser", err) - return - } - if err := models.UpdateUserCols(user, "is_active", "rands"); err != nil { - if models.IsErrUserNotExist(err) { - ctx.Error(404) - } else { - ctx.ServerError("UpdateUser", err) - } - return - } - - log.Trace("User activated: %s", user.Name) - - if err := ctx.Session.Set("uid", user.ID); err != nil { - log.Error(fmt.Sprintf("Error setting uid in session: %v", err)) - } - if err := ctx.Session.Set("uname", user.Name); err != nil { - log.Error(fmt.Sprintf("Error setting uname in session: %v", err)) - } - if err := ctx.Session.Release(); err != nil { - log.Error("Error storing session: %v", err) - } - - ctx.Flash.Success(ctx.Tr("auth.account_activated")) - ctx.Redirect(setting.AppSubURL + "/") + user := models.VerifyUserActiveCode(code) + // if code is wrong + if user == nil { + ctx.Data["IsActivateFailed"] = true + ctx.HTML(200, TplActivate) return } - ctx.Data["IsActivateFailed"] = true - ctx.HTML(200, TplActivate) + // if account is local account, verify password + if user.LoginSource == 0 { + if len(password) == 0 { + ctx.Data["Code"] = code + ctx.Data["NeedsPassword"] = true + ctx.HTML(200, TplActivate) + return + } + if !user.ValidatePassword(password) { + ctx.Data["IsActivateFailed"] = true + ctx.HTML(200, TplActivate) + return + } + } + + user.IsActive = true + var err error + if user.Rands, err = models.GetUserSalt(); err != nil { + ctx.ServerError("UpdateUser", err) + return + } + if err := models.UpdateUserCols(user, "is_active", "rands"); err != nil { + if models.IsErrUserNotExist(err) { + ctx.Error(404) + } else { + ctx.ServerError("UpdateUser", err) + } + return + } + + log.Trace("User activated: %s", user.Name) + + if err := ctx.Session.Set("uid", user.ID); err != nil { + log.Error(fmt.Sprintf("Error setting uid in session: %v", err)) + } + if err := ctx.Session.Set("uname", user.Name); err != nil { + log.Error(fmt.Sprintf("Error setting uname in session: %v", err)) + } + if err := ctx.Session.Release(); err != nil { + log.Error("Error storing session: %v", err) + } + + ctx.Flash.Success(ctx.Tr("auth.account_activated")) + ctx.Redirect(setting.AppSubURL + "/") } // ActivateEmail render the activate email page diff --git a/templates/user/auth/activate.tmpl b/templates/user/auth/activate.tmpl index c24362bb8..c3f136add 100644 --- a/templates/user/auth/activate.tmpl +++ b/templates/user/auth/activate.tmpl @@ -18,7 +18,19 @@
{{.i18n.Tr "auth.confirmation_mail_sent_prompt" (.SignedUser.Email|Escape) .ActiveCodeLives | Str2html}}
{{end}} {{else}} - {{if .IsSendRegisterMail}} + {{if .NeedsPassword}} + + {{else if .IsSendRegisterMail}}{{.i18n.Tr "auth.confirmation_mail_sent_prompt" (.Email|Escape) .ActiveCodeLives | Str2html}}
{{else if .IsActivateFailed}}{{.i18n.Tr "auth.invalid_code"}}