fix display dashboard even if require to change password (#6214) (#6215)

* fix display dashboard even if require to change password

* fix comments

Author: lunny

modules/context/auth.go

@@ -44,21 +44,17 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 				return
 			}
 
-			// prevent infinite redirection
-			// also make sure that the form cannot be accessed by
-			// users who don't need this
-			if ctx.Req.URL.Path == "/user/settings/change_password" {
-				if !ctx.User.MustChangePassword {
-					ctx.Redirect(setting.AppSubURL + "/")
-				}
-				return
-			}
-
 			if ctx.User.MustChangePassword {
-				ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
-				ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
-				ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
-				ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
+				if ctx.Req.URL.Path != "/user/settings/change_password" {
+					ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
+					ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
+					ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
+					ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
+					return
+				}
+			} else if ctx.Req.URL.Path == "/user/settings/change_password" {
+				// make sure that the form cannot be accessed by users who don't need this
+				ctx.Redirect(setting.AppSubURL + "/")
 				return
 			}
 		}

routers/home.go

@@ -6,6 +6,7 @@ package routers
 
 import (
 	"bytes"
+	"net/url"
 	"strings"
 
 	"code.gitea.io/gitea/models"
@@ -43,6 +44,11 @@ func Home(ctx *context.Context) {
 			log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
 			ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
 			ctx.HTML(200, "user/auth/prohibit_login")
+		} else if ctx.User.MustChangePassword {
+			ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
+			ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
+			ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
+			ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
 		} else {
 			user.Dashboard(ctx)
 		}