mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
170 lines
3.8 KiB
Go
170 lines
3.8 KiB
Go
|
// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
|
||
|
|
// See License.txt for license information.
|
||
|
|
|
||
|
|
package api4
|
||
|
|
|
||
|
|
import (
|
||
|
|
"net/http"
|
||
|
|
|
||
|
|
l4g "github.com/alecthomas/log4go"
|
||
|
|
"github.com/mattermost/platform/app"
|
||
|
|
"github.com/mattermost/platform/model"
|
||
|
|
"github.com/mattermost/platform/utils"
|
||
|
|
)
|
||
|
|
|
||
|
|
func InitUser() {
|
||
|
|
l4g.Debug(utils.T("api.user.init.debug"))
|
||
|
|
|
||
|
|
BaseRoutes.Users.Handle("", ApiHandler(createUser)).Methods("POST")
|
||
|
|
BaseRoutes.User.Handle("", ApiSessionRequired(getUser)).Methods("GET")
|
||
|
|
BaseRoutes.User.Handle("", ApiSessionRequired(updateUser)).Methods("PUT")
|
||
|
|
|
||
|
|
BaseRoutes.Users.Handle("/login", ApiHandler(login)).Methods("POST")
|
||
|
|
BaseRoutes.Users.Handle("/logout", ApiHandler(logout)).Methods("POST")
|
||
|
|
|
||
|
|
}
|
||
|
|
|
||
|
|
func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
||
|
|
user := model.UserFromJson(r.Body)
|
||
|
|
if user == nil {
|
||
|
|
c.SetInvalidParam("user")
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
hash := r.URL.Query().Get("h")
|
||
|
|
inviteId := r.URL.Query().Get("iid")
|
||
|
|
|
||
|
|
// No permission check required
|
||
|
|
|
||
|
|
var ruser *model.User
|
||
|
|
var err *model.AppError
|
||
|
|
if len(hash) > 0 {
|
||
|
|
ruser, err = app.CreateUserWithHash(user, hash, r.URL.Query().Get("d"))
|
||
|
|
} else if len(inviteId) > 0 {
|
||
|
|
ruser, err = app.CreateUserWithInviteId(user, inviteId, c.GetSiteURL())
|
||
|
|
} else {
|
||
|
|
ruser, err = app.CreateUserFromSignup(user, c.GetSiteURL())
|
||
|
|
}
|
||
|
|
|
||
|
|
if err != nil {
|
||
|
|
c.Err = err
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
w.WriteHeader(http.StatusCreated)
|
||
|
|
w.Write([]byte(ruser.ToJson()))
|
||
|
|
}
|
||
|
|
|
||
|
|
func getUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
||
|
|
c.RequireUserId()
|
||
|
|
if c.Err != nil {
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
// No permission check required
|
||
|
|
|
||
|
|
var user *model.User
|
||
|
|
var err *model.AppError
|
||
|
|
|
||
|
|
if user, err = app.GetUser(c.Params.UserId); err != nil {
|
||
|
|
c.Err = err
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
etag := user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress)
|
||
|
|
|
||
|
|
if HandleEtag(etag, "Get User", w, r) {
|
||
|
|
return
|
||
|
|
} else {
|
||
|
|
app.SanitizeProfile(user, c.IsSystemAdmin())
|
||
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
|
||
|
|
w.Write([]byte(user.ToJson()))
|
||
|
|
return
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func updateUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
||
|
|
c.RequireUserId()
|
||
|
|
if c.Err != nil {
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
user := model.UserFromJson(r.Body)
|
||
|
|
if user == nil {
|
||
|
|
c.SetInvalidParam("user")
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
if !app.SessionHasPermissionToUser(c.Session, user.Id) {
|
||
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
if ruser, err := app.UpdateUserAsUser(user, c.GetSiteURL(), c.IsSystemAdmin()); err != nil {
|
||
|
|
c.Err = err
|
||
|
|
return
|
||
|
|
} else {
|
||
|
|
c.LogAudit("")
|
||
|
|
w.Write([]byte(ruser.ToJson()))
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func login(c *Context, w http.ResponseWriter, r *http.Request) {
|
||
|
|
props := model.MapFromJson(r.Body)
|
||
|
|
|
||
|
|
id := props["id"]
|
||
|
|
loginId := props["login_id"]
|
||
|
|
password := props["password"]
|
||
|
|
mfaToken := props["token"]
|
||
|
|
deviceId := props["device_id"]
|
||
|
|
ldapOnly := props["ldap_only"] == "true"
|
||
|
|
|
||
|
|
c.LogAuditWithUserId(id, "attempt - login_id="+loginId)
|
||
|
|
user, err := app.AuthenticateUserForLogin(id, loginId, password, mfaToken, deviceId, ldapOnly)
|
||
|
|
if err != nil {
|
||
|
|
c.LogAuditWithUserId(id, "failure - login_id="+loginId)
|
||
|
|
c.Err = err
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
c.LogAuditWithUserId(user.Id, "authenticated")
|
||
|
|
|
||
|
|
var session *model.Session
|
||
|
|
session, err = app.DoLogin(w, r, user, deviceId)
|
||
|
|
if err != nil {
|
||
|
|
c.Err = err
|
||
|
|
return
|
||
|
|
}
|
||
|
|
|
||
|
|
c.LogAuditWithUserId(user.Id, "success")
|
||
|
|
|
||
|
|
c.Session = *session
|
||
|
|
|
||
|
|
user.Sanitize(map[string]bool{})
|
||
|
|
|
||
|
|
w.Write([]byte(user.ToJson()))
|
||
|
|
}
|
||
|
|
|
||
|
|
func logout(c *Context, w http.ResponseWriter, r *http.Request) {
|
||
|
|
data := make(map[string]string)
|
||
|
|
data["user_id"] = c.Session.UserId
|
||
|
|
|
||
|
|
Logout(c, w, r)
|
||
|
|
if c.Err == nil {
|
||
|
|
w.Write([]byte(model.MapToJson(data)))
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func Logout(c *Context, w http.ResponseWriter, r *http.Request) {
|
||
|
|
c.LogAudit("")
|
||
|
|
c.RemoveSessionCookie(w, r)
|
||
|
|
if c.Session.Id != "" {
|
||
|
|
if err := app.RevokeSessionById(c.Session.Id); err != nil {
|
||
|
|
c.Err = err
|
||
|
|
return
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
ReturnStatusOK(w)
|
||
|
|
}
|