Merge remote-tracking branch 'giteaofficial/main'

* giteaofficial/main:
  Send 404 on `/{org}.gpg` (go-gitea#18959)
  Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that case (go-gitea#18897)
  Fix lfs management setting (go-gitea#18946)
  Fix admin user list pagination (go-gitea#18957)

Author: zjjhot

models/user/list.go

@@ -30,13 +30,19 @@ func (users UserList) GetTwoFaStatus() map[int64]bool {
 	for _, user := range users {
 		results[user.ID] = false // Set default to false
 	}
-	tokenMaps, err := users.loadTwoFactorStatus(db.GetEngine(db.DefaultContext))
-	if err == nil {
+
+	if tokenMaps, err := users.loadTwoFactorStatus(db.GetEngine(db.DefaultContext)); err == nil {
 		for _, token := range tokenMaps {
 			results[token.UID] = true
 		}
 	}
 
+	if ids, err := users.userIDsWithWebAuthn(db.GetEngine(db.DefaultContext)); err == nil {
+		for _, id := range ids {
+			results[id] = true
+		}
+	}
+
 	return results
 }
 
@@ -47,15 +53,23 @@ func (users UserList) loadTwoFactorStatus(e db.Engine) (map[int64]*auth.TwoFacto
 
 	userIDs := users.GetUserIDs()
 	tokenMaps := make(map[int64]*auth.TwoFactor, len(userIDs))
-	err := e.
-		In("uid", userIDs).
-		Find(&tokenMaps)
-	if err != nil {
+	if err := e.In("uid", userIDs).Find(&tokenMaps); err != nil {
 		return nil, fmt.Errorf("find two factor: %v", err)
 	}
 	return tokenMaps, nil
 }
 
+func (users UserList) userIDsWithWebAuthn(e db.Engine) ([]int64, error) {
+	if len(users) == 0 {
+		return nil, nil
+	}
+	ids := make([]int64, 0, len(users))
+	if err := e.Table(new(auth.WebAuthnCredential)).In("user_id", users.GetUserIDs()).Select("user_id").Distinct("user_id").Find(&ids); err != nil {
+		return nil, fmt.Errorf("find two factor: %v", err)
+	}
+	return ids, nil
+}
+
 // GetUsersByIDs returns all resolved users from a list of Ids.
 func GetUsersByIDs(ids []int64) (UserList, error) {
 	ous := make([]*User, 0, len(ids))

modules/context/pagination.go

@@ -55,3 +55,12 @@ func (p *Pagination) SetDefaultParams(ctx *Context) {
 	p.AddParam(ctx, "tab", "TabName")
 	p.AddParam(ctx, "t", "queryType")
 }
+
+// SetUserFilterParams sets common pagination params for user filtering, e.g. the admin userlist
+func (p *Pagination) SetUserFilterParams(ctx *Context) {
+	p.AddParamString("status_filter[is_active]", ctx.FormString("status_filter[is_active]"))
+	p.AddParamString("status_filter[is_admin]", ctx.FormString("status_filter[is_admin]"))
+	p.AddParamString("status_filter[is_restricted]", ctx.FormString("status_filter[is_restricted]"))
+	p.AddParamString("status_filter[is_2fa_enabled]", ctx.FormString("status_filter[is_2fa_enabled]"))
+	p.AddParamString("status_filter[is_prohibit_login]", ctx.FormString("status_filter[is_prohibit_login]"))
+}

routers/web/admin/users.go

@@ -217,15 +217,17 @@ func prepareUserInfo(ctx *context.Context) *user_model.User {
 	}
 	ctx.Data["Sources"] = sources
 
-	ctx.Data["TwoFactorEnabled"] = true
-	_, err = auth.GetTwoFactorByUID(u.ID)
+	hasTOTP, err := auth.HasTwoFactorByUID(u.ID)
 	if err != nil {
-		if !auth.IsErrTwoFactorNotEnrolled(err) {
-			ctx.ServerError("IsErrTwoFactorNotEnrolled", err)
-			return nil
-		}
-		ctx.Data["TwoFactorEnabled"] = false
+		ctx.ServerError("auth.HasTwoFactorByUID", err)
+		return nil
+	}
+	hasWebAuthn, err := auth.HasWebAuthnRegistrationsByUID(u.ID)
+	if err != nil {
+		ctx.ServerError("auth.HasWebAuthnRegistrationsByUID", err)
+		return nil
 	}
+	ctx.Data["TwoFactorEnabled"] = hasTOTP || hasWebAuthn
 
 	return u
 }
@@ -327,14 +329,27 @@ func EditUserPost(ctx *context.Context) {
 	if form.Reset2FA {
 		tf, err := auth.GetTwoFactorByUID(u.ID)
 		if err != nil && !auth.IsErrTwoFactorNotEnrolled(err) {
-			ctx.ServerError("GetTwoFactorByUID", err)
+			ctx.ServerError("auth.GetTwoFactorByUID", err)
 			return
+		} else if tf != nil {
+			if err := auth.DeleteTwoFactorByID(tf.ID, u.ID); err != nil {
+				ctx.ServerError("auth.DeleteTwoFactorByID", err)
+				return
+			}
 		}
 
-		if err = auth.DeleteTwoFactorByID(tf.ID, u.ID); err != nil {
-			ctx.ServerError("DeleteTwoFactorByID", err)
+		wn, err := auth.GetWebAuthnCredentialsByUID(u.ID)
+		if err != nil {
+			ctx.ServerError("auth.GetTwoFactorByUID", err)
 			return
 		}
+		for _, cred := range wn {
+			if _, err := auth.DeleteCredential(cred.ID, u.ID); err != nil {
+				ctx.ServerError("auth.DeleteCredential", err)
+				return
+			}
+		}
+
 	}
 
 	u.LoginName = form.LoginName

routers/web/explore/user.go

@@ -82,6 +82,7 @@ func RenderUserSearch(ctx *context.Context, opts *user_model.SearchUserOptions,
 
 	pager := context.NewPagination(int(count), opts.PageSize, opts.Page, 5)
 	pager.SetDefaultParams(ctx)
+	pager.SetUserFilterParams(ctx)
 	ctx.Data["Page"] = pager
 
 	ctx.HTML(http.StatusOK, tplName)

routers/web/org/home.go

@@ -6,6 +6,7 @@ package org
 
 import (
 	"net/http"
+	"strings"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
@@ -23,7 +24,14 @@ const (
 
 // Home show organization home page
 func Home(ctx *context.Context) {
-	ctx.SetParams(":org", ctx.Params(":username"))
+	uname := ctx.Params(":username")
+
+	if strings.HasSuffix(uname, ".keys") || strings.HasSuffix(uname, ".gpg") {
+		ctx.NotFound("", nil)
+		return
+	}
+
+	ctx.SetParams(":org", uname)
 	context.HandleOrgAssignment(ctx)
 	if ctx.Written() {
 		return

templates/repo/settings/lfs_locks.tmpl

@@ -24,7 +24,7 @@
 							<td>
 								{{if index $.Linkable $index}}
 									{{svg "octicon-file"}}
-								<a href="{{$.RepoLink}}/src/branch/{{PathEscapeSegments $lock.Repo.DefaultBranch}}/{{PathEscapeSegments $lock.Path}}" title="{{$lock.Path}}">{{$lock.Path}}</a>
+								<a href="{{$.RepoLink}}/src/branch/{{PathEscapeSegments $.Repository.DefaultBranch}}/{{PathEscapeSegments $lock.Path}}" title="{{$lock.Path}}">{{$lock.Path}}</a>
 								{{else}}
 									{{svg "octicon-diff"}}
 								<span class="tooltip" title="{{$.i18n.Tr "repo.settings.lfs_lock_file_no_exist"}}">{{$lock.Path}}</span>
@@ -34,9 +34,9 @@
 								{{end}}
 							</td>
 							<td>
-								<a href="{{$lock.Owner.HomeLink}}">
-									{{avatar $lock.Owner}}
-									{{$lock.Owner.DisplayName}}
+								<a href="{{$.Owner.HomeLink}}">
+									{{avatar $.Owner}}
+									{{$.Owner.DisplayName}}
 								</a>
 							</td>
 							<td>{{TimeSince .Created $.i18n.Lang}}</td>