[SECURITY] Notify users about account security changes

- Currently if the password, primary mail, TOTP or security keys are changed, no notification is made of that and makes compromising an account a bit easier as it's essentially undetectable until the original person tries to log in. Although other changes should be made as well (re-authing before allowing a password change), this should go a long way of improving the account security in Forgejo. - Adds a mail notification for password and primary mail changes. For the primary mail change, a mail notification is sent to the old primary mail. - Add a mail notification when TOTP or a security keys is removed, if no other 2FA method is configured the mail will also contain that 2FA is no longer needed to log into their account. - `MakeEmailAddressPrimary` is refactored to the user service package, as it now involves calling the mailer service. - Unit tests added. - Integration tests added.
2024-07-23 00:17:06 +02:00 · 2024-07-23 00:17:06 +02:00 · 4383da91bd
commit 4383da91bd
parent ded237ee77
24 changed files with 543 additions and 116 deletions
--- a/models/user/user.go
+++ b/models/user/user.go
@ -451,17 +451,22 @@ var emailToReplacer = strings.NewReplacer(
 )

 // EmailTo returns a string suitable to be put into a e-mail `To:` header.
-func (u *User) EmailTo() string {
+func (u *User) EmailTo(overrideMail ...string) string {
 	sanitizedDisplayName := emailToReplacer.Replace(u.DisplayName())

-	// should be an edge case but nice to have
-	if sanitizedDisplayName == u.Email {
-		return u.Email
+	email := u.Email
+	if len(overrideMail) > 0 {
+		email = overrideMail[0]
 	}

-	address, err := mail.ParseAddress(fmt.Sprintf("%s <%s>", sanitizedDisplayName, u.Email))
+	// should be an edge case but nice to have
+	if sanitizedDisplayName == email {
+		return email
+	}
+
+	address, err := mail.ParseAddress(fmt.Sprintf("%s <%s>", sanitizedDisplayName, email))
 	if err != nil {
-		return u.Email
+		return email
 	}

 	return address.String()