project-mirrors
diff --git a/‎models/auth/auth_token.go‎
Lines changed: 23 additions & 3 deletions b/‎models/auth/auth_token.go‎
Lines changed: 23 additions & 3 deletions
diff --git a/‎models/repo/TestSearchRepositoryIDsByCondition/repository.yml‎
Lines changed: 30 additions & 0 deletions b/‎models/repo/TestSearchRepositoryIDsByCondition/repository.yml‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎models/repo/fork.go‎
Lines changed: 6 additions & 4 deletions b/‎models/repo/fork.go‎
Lines changed: 6 additions & 4 deletions
diff --git a/‎models/repo/repo_list.go‎
Lines changed: 2 additions & 5 deletions b/‎models/repo/repo_list.go‎
Lines changed: 2 additions & 5 deletions
diff --git a/‎models/repo/repo_list_test.go‎
Lines changed: 45 additions & 0 deletions b/‎models/repo/repo_list_test.go‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎models/user/email_address.go‎
Lines changed: 0 additions & 19 deletions b/‎models/user/email_address.go‎
Lines changed: 0 additions & 19 deletions
diff --git a/‎models/user/user.go‎
Lines changed: 46 additions & 30 deletions b/‎models/user/user.go‎
Lines changed: 46 additions & 30 deletions
@@ -15,12 +15,31 @@ import (
 	"code.gitea.io/gitea/modules/util"
 )
 
+type AuthorizationPurpose string
+
+var (
+	// Used to store long term authorization tokens.
+	LongTermAuthorization AuthorizationPurpose = "long_term_authorization"
+
+	// Used to activate a user account.
+	UserActivation AuthorizationPurpose = "user_activation"
+
+	// Used to reset the password.
+	PasswordReset AuthorizationPurpose = "password_reset"
+)
+
+// Used to activate the specified email address for a user.
+func EmailActivation(email string) AuthorizationPurpose {
+	return AuthorizationPurpose("email_activation:" + email)
+}
+
 // AuthorizationToken represents a authorization token to a user.
 type AuthorizationToken struct {
 	ID              int64  `xorm:"pk autoincr"`
 	UID             int64  `xorm:"INDEX"`
 	LookupKey       string `xorm:"INDEX UNIQUE"`
 	HashedValidator string
+	Purpose         AuthorizationPurpose `xorm:"NOT NULL DEFAULT 'long_term_authorization'"`
 	Expiry          timeutil.TimeStamp
 }
 
@@ -41,7 +60,7 @@ func (authToken *AuthorizationToken) IsExpired() bool {
 // GenerateAuthToken generates a new authentication token for the given user.
 // It returns the lookup key and validator values that should be passed to the
 // user via a long-term cookie.
-func GenerateAuthToken(ctx context.Context, userID int64, expiry timeutil.TimeStamp) (lookupKey, validator string, err error) {
+func GenerateAuthToken(ctx context.Context, userID int64, expiry timeutil.TimeStamp, purpose AuthorizationPurpose) (lookupKey, validator string, err error) {
 	// Request 64 random bytes. The first 32 bytes will be used for the lookupKey
 	// and the other 32 bytes will be used for the validator.
 	rBytes, err := util.CryptoRandomBytes(64)
@@ -56,14 +75,15 @@ func GenerateAuthToken(ctx context.Context, userID int64, expiry timeutil.TimeSt
 		Expiry:          expiry,
 		LookupKey:       lookupKey,
 		HashedValidator: HashValidator(rBytes[32:]),
+		Purpose:         purpose,
 	})
 	return lookupKey, validator, err
 }
 
 // FindAuthToken will find a authorization token via the lookup key.
-func FindAuthToken(ctx context.Context, lookupKey string) (*AuthorizationToken, error) {
+func FindAuthToken(ctx context.Context, lookupKey string, purpose AuthorizationPurpose) (*AuthorizationToken, error) {
 	var authToken AuthorizationToken
-	has, err := db.GetEngine(ctx).Where("lookup_key = ?", lookupKey).Get(&authToken)
+	has, err := db.GetEngine(ctx).Where("lookup_key = ? AND purpose = ?", lookupKey, purpose).Get(&authToken)
 	if err != nil {
 		return nil, err
 	} else if !has {
 
@@ -0,0 +1,30 @@
+-
+  id: 1001
+  owner_id: 33
+  owner_name: user33
+  lower_name: repo1001
+  name: repo1001
+  default_branch: main
+  num_watches: 0
+  num_stars: 0
+  num_forks: 0
+  num_issues: 0
+  num_closed_issues: 0
+  num_pulls: 0
+  num_closed_pulls: 0
+  num_milestones: 0
+  num_closed_milestones: 0
+  num_projects: 0
+  num_closed_projects: 0
+  is_private: false
+  is_empty: false
+  is_archived: false
+  is_mirror: false
+  status: 0
+  is_fork: false
+  fork_id: 0
+  is_template: false
+  template_id: 0
+  size: 0
+  is_fsck_enabled: true
+  close_issues_via_commit_in_any_branch: false
@@ -7,6 +7,7 @@ import (
 	"context"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 
 	"xorm.io/builder"
@@ -54,9 +55,9 @@ func GetUserFork(ctx context.Context, repoID, userID int64) (*Repository, error)
 	return &forkedRepo, nil
 }
 
-// GetForks returns all the forks of the repository
-func GetForks(ctx context.Context, repo *Repository, listOptions db.ListOptions) ([]*Repository, error) {
-	sess := db.GetEngine(ctx)
+// GetForks returns all the forks of the repository that are visible to the user.
+func GetForks(ctx context.Context, repo *Repository, user *user_model.User, listOptions db.ListOptions) ([]*Repository, int64, error) {
+	sess := db.GetEngine(ctx).Where(AccessibleRepositoryCondition(user, unit.TypeInvalid))
 
 	var forks []*Repository
 	if listOptions.Page == 0 {
@@ -66,7 +67,8 @@ func GetForks(ctx context.Context, repo *Repository, listOptions db.ListOptions)
 		sess = db.SetSessionPagination(sess, &listOptions)
 	}
 
-	return forks, sess.Find(&forks, &Repository{ForkID: repo.ID})
+	count, err := sess.FindAndCount(&forks, &Repository{ForkID: repo.ID})
+	return forks, count, err
 }
 
 // IncrementRepoForkNum increment repository fork number
 
@@ -641,12 +641,9 @@ func AccessibleRepositoryCondition(user *user_model.User, unitType unit.Type) bu
 		// 1. Be able to see all non-private repositories that either:
 		cond = cond.Or(builder.And(
 			builder.Eq{"`repository`.is_private": false},
-			// 2. Aren't in an private organisation or limited organisation if we're not logged in
+			// 2. Aren't in an private organisation/user or limited organisation/user if the doer is not logged in.
 			builder.NotIn("`repository`.owner_id", builder.Select("id").From("`user`").Where(
-				builder.And(
-					builder.Eq{"type": user_model.UserTypeOrganization},
-					builder.In("visibility", orgVisibilityLimit)),
-			))))
+				builder.In("visibility", orgVisibilityLimit)))))
 	}
 
 	if user != nil {
 
@@ -4,13 +4,18 @@
 package repo_test
 
 import (
+	"path/filepath"
+	"slices"
 	"strings"
 	"testing"
 
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/optional"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/structs"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -403,3 +408,43 @@ func TestSearchRepositoryByTopicName(t *testing.T) {
 		})
 	}
 }
+
+func TestSearchRepositoryIDsByCondition(t *testing.T) {
+	defer unittest.OverrideFixtures(
+		unittest.FixturesOptions{
+			Dir:  filepath.Join(setting.AppWorkPath, "models/fixtures/"),
+			Base: setting.AppWorkPath,
+			Dirs: []string{"models/repo/TestSearchRepositoryIDsByCondition/"},
+		},
+	)()
+	require.NoError(t, unittest.PrepareTestDatabase())
+	// Sanity check of the database
+	limitedUser := unittest.AssertExistsAndLoadBean(t, &user.User{ID: 33, Visibility: structs.VisibleTypeLimited})
+	unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1001, OwnerID: limitedUser.ID})
+
+	testCases := []struct {
+		user    *user.User
+		repoIDs []int64
+	}{
+		{
+			user:    nil,
+			repoIDs: []int64{1, 4, 8, 9, 10, 11, 12, 14, 17, 18, 21, 23, 25, 27, 29, 32, 33, 34, 35, 36, 37, 42, 44, 45, 46, 47, 48, 49, 50, 51, 53, 57, 58, 60, 61, 62, 1059},
+		},
+		{
+			user:    unittest.AssertExistsAndLoadBean(t, &user.User{ID: 4}),
+			repoIDs: []int64{1, 3, 4, 8, 9, 10, 11, 12, 14, 17, 18, 21, 23, 25, 27, 29, 32, 33, 34, 35, 36, 37, 38, 40, 42, 44, 45, 46, 47, 48, 49, 50, 51, 53, 57, 58, 60, 61, 62, 1001, 1059},
+		},
+		{
+			user:    unittest.AssertExistsAndLoadBean(t, &user.User{ID: 5}),
+			repoIDs: []int64{1, 4, 8, 9, 10, 11, 12, 14, 17, 18, 21, 23, 25, 27, 29, 32, 33, 34, 35, 36, 37, 38, 40, 42, 44, 45, 46, 47, 48, 49, 50, 51, 53, 57, 58, 60, 61, 62, 1001, 1059},
+		},
+	}
+
+	for _, testCase := range testCases {
+		repoIDs, err := repo_model.FindUserCodeAccessibleRepoIDs(db.DefaultContext, testCase.user)
+		require.NoError(t, err)
+
+		slices.Sort(repoIDs)
+		assert.EqualValues(t, testCase.repoIDs, repoIDs)
+	}
+}
@@ -10,10 +10,8 @@ import (
 	"net/mail"
 	"regexp"
 	"strings"
-	"time"
 
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/optional"
 	"code.gitea.io/gitea/modules/setting"
@@ -307,23 +305,6 @@ func updateActivation(ctx context.Context, email *EmailAddress, activate bool) e
 	return UpdateUserCols(ctx, user, "rands")
 }
 
-// VerifyActiveEmailCode verifies active email code when active account
-func VerifyActiveEmailCode(ctx context.Context, code, email string) *EmailAddress {
-	if user := GetVerifyUser(ctx, code); user != nil {
-		// time limit code
-		prefix := code[:base.TimeLimitCodeLength]
-		data := fmt.Sprintf("%d%s%s%s%s", user.ID, email, user.LowerName, user.Passwd, user.Rands)
-
-		if base.VerifyTimeLimitCode(time.Now(), data, setting.Service.ActiveCodeLives, prefix) {
-			emailAddress := &EmailAddress{UID: user.ID, Email: email}
-			if has, _ := db.GetEngine(ctx).Get(emailAddress); has {
-				return emailAddress
-			}
-		}
-	}
-	return nil
-}
-
 // SearchEmailOrderBy is used to sort the results from SearchEmails()
 type SearchEmailOrderBy string
 
 
@@ -7,7 +7,9 @@ package user
 
 import (
 	"context"
+	"crypto/subtle"
 	"encoding/hex"
+	"errors"
 	"fmt"
 	"net/mail"
 	"net/url"
@@ -318,15 +320,14 @@ func (u *User) OrganisationLink() string {
 	return setting.AppSubURL + "/org/" + url.PathEscape(u.Name)
 }
 
-// GenerateEmailActivateCode generates an activate code based on user information and given e-mail.
-func (u *User) GenerateEmailActivateCode(email string) string {
-	code := base.CreateTimeLimitCode(
-		fmt.Sprintf("%d%s%s%s%s", u.ID, email, u.LowerName, u.Passwd, u.Rands),
-		setting.Service.ActiveCodeLives, time.Now(), nil)
-
-	// Add tail hex username
-	code += hex.EncodeToString([]byte(u.LowerName))
-	return code
+// GenerateEmailAuthorizationCode generates an activation code based for the user for the specified purpose.
+// The standard expiry is ActiveCodeLives minutes.
+func (u *User) GenerateEmailAuthorizationCode(ctx context.Context, purpose auth.AuthorizationPurpose) (string, error) {
+	lookup, validator, err := auth.GenerateAuthToken(ctx, u.ID, timeutil.TimeStampNow().Add(int64(setting.Service.ActiveCodeLives)*60), purpose)
+	if err != nil {
+		return "", err
+	}
+	return lookup + ":" + validator, nil
 }
 
 // GetUserFollowers returns range of user's followers.
@@ -836,35 +837,50 @@ func countUsers(ctx context.Context, opts *CountUserFilter) int64 {
 	return count
 }
 
-// GetVerifyUser get user by verify code
-func GetVerifyUser(ctx context.Context, code string) (user *User) {
-	if len(code) <= base.TimeLimitCodeLength {
-		return nil
+// VerifyUserActiveCode verifies that the code is valid for the given purpose for this user.
+// If delete is specified, the token will be deleted.
+func VerifyUserAuthorizationToken(ctx context.Context, code string, purpose auth.AuthorizationPurpose, delete bool) (*User, error) {
+	lookupKey, validator, found := strings.Cut(code, ":")
+	if !found {
+		return nil, nil
 	}
 
-	// use tail hex username query user
-	hexStr := code[base.TimeLimitCodeLength:]
-	if b, err := hex.DecodeString(hexStr); err == nil {
-		if user, err = GetUserByName(ctx, string(b)); user != nil {
-			return user
+	authToken, err := auth.FindAuthToken(ctx, lookupKey, purpose)
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			return nil, nil
 		}
-		log.Error("user.getVerifyUser: %v", err)
+		return nil, err
 	}
 
-	return nil
-}
+	if authToken.IsExpired() {
+		return nil, auth.DeleteAuthToken(ctx, authToken)
+	}
+
+	rawValidator, err := hex.DecodeString(validator)
+	if err != nil {
+		return nil, err
+	}
+
+	if subtle.ConstantTimeCompare([]byte(authToken.HashedValidator), []byte(auth.HashValidator(rawValidator))) == 0 {
+		return nil, errors.New("validator doesn't match")
+	}
 
-// VerifyUserActiveCode verifies active code when active account
-func VerifyUserActiveCode(ctx context.Context, code string) (user *User) {
-	if user = GetVerifyUser(ctx, code); user != nil {
-		// time limit code
-		prefix := code[:base.TimeLimitCodeLength]
-		data := fmt.Sprintf("%d%s%s%s%s", user.ID, user.Email, user.LowerName, user.Passwd, user.Rands)
-		if base.VerifyTimeLimitCode(time.Now(), data, setting.Service.ActiveCodeLives, prefix) {
-			return user
+	u, err := GetUserByID(ctx, authToken.UID)
+	if err != nil {
+		if IsErrUserNotExist(err) {
+			return nil, nil
 		}
+		return nil, err
 	}
-	return nil
+
+	if delete {
+		if err := auth.DeleteAuthToken(ctx, authToken); err != nil {
+			return nil, err
+		}
+	}
+
+	return u, nil
 }
 
 // ValidateUser check if user is valid to insert / update into database