feat: add requireProviderPermission()

* feat: add back button in forget password page

* fix: can't step back when directly entering forgot password page

* feat: forget password page always return to login page

* feat: if has history then go back to history & change style

* Update ForgetPage.js

* fix: reset button position

* Update ForgetPage.js

* Update ForgetPage.js

---------

Co-authored-by: Eric Luo <hsluoyz@qq.com>

controllers/provider.go

@@ -141,6 +141,20 @@ func (c *ApiController) GetProvider() {
 	c.ResponseOk(object.GetMaskedProvider(provider, isMaskEnabled))
 }
 
+func (c *ApiController) requireProviderPermission(provider *object.Provider) bool {
+	isGlobalAdmin, user := c.isGlobalAdmin()
+	if isGlobalAdmin {
+		return true
+	}
+
+	if provider.Owner == "admin" || user.Owner != provider.Owner {
+		c.ResponseError(c.T("auth:Unauthorized operation"))
+		return false
+	}
+
+	return true
+}
+
 // UpdateProvider
 // @Title UpdateProvider
 // @Tag Provider API
@@ -159,6 +173,11 @@ func (c *ApiController) UpdateProvider() {
 		return
 	}
 
+	ok := c.requireProviderPermission(&provider)
+	if !ok {
+		return
+	}
+
 	c.Data["json"] = wrapActionResponse(object.UpdateProvider(id, &provider))
 	c.ServeJSON()
 }
@@ -184,11 +203,17 @@ func (c *ApiController) AddProvider() {
 		return
 	}
 
-	if err := checkQuotaForProvider(int(count)); err != nil {
+	err = checkQuotaForProvider(int(count))
+	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
+	ok := c.requireProviderPermission(&provider)
+	if !ok {
+		return
+	}
+
 	c.Data["json"] = wrapActionResponse(object.AddProvider(&provider))
 	c.ServeJSON()
 }
@@ -208,6 +233,11 @@ func (c *ApiController) DeleteProvider() {
 		return
 	}
 
+	ok := c.requireProviderPermission(&provider)
+	if !ok {
+		return
+	}
+
 	c.Data["json"] = wrapActionResponse(object.DeleteProvider(&provider))
 	c.ServeJSON()
 }

go.mod

@@ -19,7 +19,6 @@ require (
 	github.com/denisenkom/go-mssqldb v0.9.0
 	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
 	github.com/elimity-com/scim v0.0.0-20230426070224-941a5eac92f3
-	github.com/ethereum/go-ethereum v1.13.14
 	github.com/fogleman/gg v1.3.0
 	github.com/forestmgy/ldapserver v1.1.0
 	github.com/go-asn1-ber/asn1-ber v1.5.5
@@ -40,7 +39,7 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/nyaruka/phonenumbers v1.1.5
 	github.com/pquerna/otp v1.4.0
-	github.com/prometheus/client_golang v1.12.0
+	github.com/prometheus/client_golang v1.11.1
 	github.com/prometheus/client_model v0.4.0
 	github.com/qiangmzsx/string-adapter/v2 v2.1.0
 	github.com/robfig/cron/v3 v3.0.1
@@ -55,6 +54,7 @@ require (
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
 	github.com/tidwall/pretty v1.2.1 // indirect
+	github.com/tklauser/go-sysconf v0.3.10 // indirect
 	github.com/xorm-io/builder v0.3.13
 	github.com/xorm-io/core v0.7.4
 	github.com/xorm-io/xorm v1.1.6

idp/metamask.go

@@ -15,43 +15,15 @@
 package idp
 
 import (
-	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
-	"strings"
 	"time"
 
-	"github.com/ethereum/go-ethereum/crypto"
-
 	"golang.org/x/oauth2"
 )
 
-type EIP712Message struct {
-	Domain struct {
-		ChainId string `json:"chainId"`
-		Name    string `json:"name"`
-		Version string `json:"version"`
-	} `json:"domain"`
-	Message struct {
-		Prompt   string `json:"prompt"`
-		Nonce    string `json:"nonce"`
-		CreateAt string `json:"createAt"`
-	} `json:"message"`
-	PrimaryType string `json:"primaryType"`
-	Types       struct {
-		EIP712Domain []struct {
-			Name string `json:"name"`
-			Type string `json:"type"`
-		} `json:"EIP712Domain"`
-		AuthRequest []struct {
-			Name string `json:"name"`
-			Type string `json:"type"`
-		} `json:"AuthRequest"`
-	} `json:"types"`
-}
-
 type MetaMaskIdProvider struct {
 	Client *http.Client
 }
@@ -70,15 +42,6 @@ func (idp *MetaMaskIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	if err := json.Unmarshal([]byte(code), &web3AuthToken); err != nil {
 		return nil, err
 	}
-	valid, err := VerifySignature(web3AuthToken.Address, web3AuthToken.TypedData, web3AuthToken.Signature)
-	if err != nil {
-		return nil, err
-	}
-
-	if !valid {
-		return nil, fmt.Errorf("invalid signature")
-	}
-
 	token := &oauth2.Token{
 		AccessToken: web3AuthToken.Signature,
 		TokenType:   "Bearer",
@@ -105,43 +68,3 @@ func (idp *MetaMaskIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 	}
 	return userInfo, nil
 }
-
-func VerifySignature(userAddress string, originalMessage string, signatureHex string) (bool, error) {
-	var eip712Mes EIP712Message
-	err := json.Unmarshal([]byte(originalMessage), &eip712Mes)
-	if err != nil {
-		return false, fmt.Errorf("invalid signature (Error parsing JSON)")
-	}
-
-	createAtTime, err := time.Parse("2006/1/2 15:04:05", eip712Mes.Message.CreateAt)
-	currentTime := time.Now()
-	if createAtTime.Before(currentTime.Add(-1*time.Minute)) && createAtTime.After(currentTime) {
-		return false, fmt.Errorf("invalid signature (signature does not meet time requirements)")
-	}
-
-	if !strings.HasPrefix(signatureHex, "0x") {
-		signatureHex = "0x" + signatureHex
-	}
-
-	signatureBytes, err := hex.DecodeString(signatureHex[2:])
-	if err != nil {
-		return false, err
-	}
-
-	if signatureBytes[64] != 27 && signatureBytes[64] != 28 {
-		return false, fmt.Errorf("invalid signature (incorrect recovery id)")
-	}
-	signatureBytes[64] -= 27
-
-	msg := fmt.Sprintf("\x19Ethereum Signed Message:\n%d%s", len([]byte(originalMessage)), []byte(originalMessage))
-	hash := crypto.Keccak256Hash([]byte(msg))
-
-	pubKey, err := crypto.SigToPub(hash.Bytes(), signatureBytes)
-	if err != nil {
-		return false, err
-	}
-
-	recoveredAddr := crypto.PubkeyToAddress(*pubKey)
-
-	return strings.EqualFold(recoveredAddr.Hex(), userAddress), nil
-}

web/package.json

@@ -10,7 +10,6 @@
     "@ctrl/tinycolor": "^3.5.0",
     "@emotion/react": "^11.10.5",
     "@metamask/eth-sig-util": "^6.0.0",
-    "@metamask/sdk-react": "^0.18.0",
     "@web3-onboard/coinbase": "^2.2.5",
     "@web3-onboard/core": "^2.20.5",
     "@web3-onboard/frontier": "^2.0.4",

web/src/ProviderEditPage.js

@@ -1337,20 +1337,6 @@ class ProviderEditPage extends React.Component {
             </Row>
           ) : null
         }
-        {
-          this.state.provider.type === "MetaMask" ? (
-            <Row style={{marginTop: "20px"}} >
-              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                {Setting.getLabel(i18next.t("provider:Signature messages"), i18next.t("provider:Signature messages - Tooltip"))} :
-              </Col>
-              <Col span={22}>
-                <Input value={this.state.provider.metadata} onChange={e => {
-                  this.updateProviderField("metadata", e.target.value);
-                }} />
-              </Col>
-            </Row>
-          ) : null
-        }
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("provider:Provider URL"), i18next.t("provider:Provider URL - Tooltip"))} :

web/src/UserEditPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Card, Col, Form, Input, InputNumber, List, Result, Row, Select, Space, Spin, Switch, Tag} from "antd";
+import {Button, Card, Col, Form, Input, InputNumber, List, Result, Row, Select, Space, Spin, Switch, Tag, Tooltip} from "antd";
 import {withRouter} from "react-router-dom";
 import {TotpMfaType} from "./auth/MfaSetupPage";
 import * as GroupBackend from "./backend/GroupBackend";
@@ -407,7 +407,17 @@ class UserEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Password"), i18next.t("general:Password - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <PasswordModal user={this.state.user} userName={this.state.userName} organization={this.getUserOrganization()} account={this.props.account} disabled={disabled} />
+            {
+              (this.state.user.name === this.state.userName) ? (
+                <PasswordModal user={this.state.user} userName={this.state.userName} organization={this.getUserOrganization()} account={this.props.account} disabled={disabled} />
+              ) : (
+                <Tooltip placement={"topLeft"} title={i18next.t("user:You have changed the username, please save your change first before modifying the password")}>
+                  <span>
+                    <PasswordModal user={this.state.user} userName={this.state.userName} organization={this.getUserOrganization()} account={this.props.account} disabled={true} />
+                  </span>
+                </Tooltip>
+              )
+            }
           </Col>
         </Row>
       );

web/src/auth/ForgetPage.js

@@ -21,7 +21,7 @@ import * as Setting from "../Setting";
 import i18next from "i18next";
 import {SendCodeInput} from "../common/SendCodeInput";
 import * as UserBackend from "../backend/UserBackend";
-import {CheckCircleOutlined, KeyOutlined, LockOutlined, SolutionOutlined, UserOutlined} from "@ant-design/icons";
+import {ArrowLeftOutlined, CheckCircleOutlined, KeyOutlined, LockOutlined, SolutionOutlined, UserOutlined} from "@ant-design/icons";
 import CustomGithubCorner from "../common/CustomGithubCorner";
 import {withRouter} from "react-router-dom";
 import * as PasswordChecker from "../common/PasswordChecker";
@@ -443,6 +443,18 @@ class ForgetPage extends React.Component {
     );
   }
 
+  stepBack() {
+    if (this.state.current > 0) {
+      this.setState({
+        current: this.state.current - 1,
+      });
+    } else if (this.props.history.length > 1) {
+      this.props.history.goBack();
+    } else {
+      Setting.redirectToLoginPage(this.getApplicationObj(), this.props.history);
+    }
+  }
+
   render() {
     const application = this.getApplicationObj();
     if (application === undefined) {
@@ -456,6 +468,9 @@ class ForgetPage extends React.Component {
       <React.Fragment>
         <CustomGithubCorner />
         <div className="forget-content" style={{padding: Setting.isMobile() ? "0" : null, boxShadow: Setting.isMobile() ? "none" : null}}>
+          <Button type="text" style={{position: "relative", left: Setting.isMobile() ? "10px" : "-90px", top: 0}} size={"large"} onClick={() => {this.stepBack();}}>
+            <ArrowLeftOutlined style={{fontSize: "24px"}} />
+          </Button>
           <Row>
             <Col span={24} style={{justifyContent: "center"}}>
               <Row>

web/src/auth/MetaMaskLoginButton.js

@@ -1,107 +0,0 @@
-// Copyright 2024 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import {getAuthUrl} from "./Provider";
-import {getProviderLogoURL, goToLink, showMessage} from "../Setting";
-import i18next from "i18next";
-import {
-  generateNonce,
-  getWeb3AuthTokenKey,
-  setWeb3AuthToken
-} from "./Web3Auth";
-import {useSDK} from "@metamask/sdk-react";
-import React, {useEffect} from "react";
-
-export function MetaMaskLoginButton(props) {
-  const {application, web3Provider, method, width, margin} = props;
-  const {sdk, chainId, account} = useSDK();
-  const [typedData, setTypedData] = React.useState("");
-  const [nonce, setNonce] = React.useState("");
-  const [signature, setSignature] = React.useState();
-
-  useEffect(() => {
-    if (account && signature) {
-      const date = new Date();
-
-      const token = {
-        address: account,
-        nonce: nonce,
-        createAt: Math.floor(date.getTime() / 1000),
-        typedData: typedData,
-        signature: signature,
-      };
-      setWeb3AuthToken(token);
-
-      const redirectUri = `${getAuthUrl(application, web3Provider, method)}&web3AuthTokenKey=${getWeb3AuthTokenKey(account)}`;
-      goToLink(redirectUri);
-    }
-  }, [account, signature]);
-
-  const handleConnectAndSign = async() => {
-    try {
-      terminate();
-
-      const date = new Date();
-
-      const nonce = generateNonce();
-      setNonce(nonce);
-
-      const prompt = web3Provider?.metadata === "" ? "Casdoor: In order to authenticate to this website, sign this request and your public address will be sent to the server in a verifiable way." : web3Provider.metadata;
-      const typedData = JSON.stringify({
-        domain: {
-          chainId: chainId,
-          name: "Casdoor",
-          version: "1",
-        },
-        message: {
-          prompt: `${prompt}`,
-          nonce: nonce,
-          createAt: `${date.toLocaleString()}`,
-        },
-        primaryType: "AuthRequest",
-        types: {
-          EIP712Domain: [
-            {name: "name", type: "string"},
-            {name: "version", type: "string"},
-            {name: "chainId", type: "uint256"},
-          ],
-          AuthRequest: [
-            {name: "prompt", type: "string"},
-            {name: "nonce", type: "string"},
-            {name: "createAt", type: "string"},
-          ],
-        },
-      });
-      setTypedData(typedData);
-
-      const sig = await sdk.connectAndSign({msg: typedData});
-      setSignature(sig);
-    } catch (err) {
-      showMessage("error", `${i18next.t("login:Failed to obtain MetaMask authorization")}: ${err.message}`);
-    }
-  };
-
-  const terminate = () => {
-    sdk?.terminate();
-  };
-
-  return (
-    <a key={web3Provider.displayName} onClick={handleConnectAndSign}>
-      <img width={width} height={width} src={getProviderLogoURL(web3Provider)} alt={web3Provider.displayName}
-        className="provider-img" style={{margin: margin}} />
-    </a>
-  );
-}
-
-export default MetaMaskLoginButton;

web/src/auth/ProviderButton.js

@@ -43,8 +43,6 @@ import DouyinLoginButton from "./DouyinLoginButton";
 import LoginButton from "./LoginButton";
 import * as AuthBackend from "./AuthBackend";
 import {WechatOfficialAccountModal} from "./Util";
-import {MetaMaskProvider} from "@metamask/sdk-react";
-import MetaMaskLoginButton from "./MetaMaskLoginButton";
 
 function getSigninButton(provider) {
   const text = i18next.t("login:Sign in with {type}").replace("{type}", provider.displayName !== "" ? provider.displayName : provider.type);
@@ -162,36 +160,11 @@ export function renderProviderLogo(provider, application, width, margin, size, l
         </a>
       );
     } else if (provider.category === "Web3") {
-      if (provider.type === "MetaMask") {
-        return (
-          <MetaMaskProvider
-            debug={false}
-            sdkOptions={{
-              communicationServerUrl: process.env.REACT_APP_COMM_SERVER_URL,
-              checkInstallationImmediately: false, // This will automatically connect to MetaMask on page load
-              dappMetadata: {
-                name: "Casdoor",
-                url: window.location.protocol + "//" + window.location.host,
-              },
-            }}
-          >
-            <MetaMaskLoginButton
-              application={application}
-              web3Provider={provider}
-              method={"signup"}
-              width={width}
-              margin={margin}
-            />
-          </MetaMaskProvider>
-        );
-      } else {
-        return (
-          <a key={provider.displayName} onClick={() => goToWeb3Url(application, provider, "signup")}>
-            <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName}
-              className="provider-img" style={{margin: margin}} />
-          </a>
-        );
-      }
+      return (
+        <a key={provider.displayName} onClick={() => goToWeb3Url(application, provider, "signup")}>
+          <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName} className="provider-img" style={{margin: margin}} />
+        </a>
+      );
     }
   } else if (provider.type === "Custom") {
     // style definition