IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
1adfd0e9be69a93c7f63bb7afc742c9fafe31aa3
mattermost/api/context.go

461 lines
14 KiB
Go
Raw Normal View History

PLT-5860 Updated copyright date (#6058) * PLT-5860 Updated copyright date in about modal * PLT-5860 Updated copyright notice in JSX files * PLT-5860 Updated copyright notice in go files * Fixed misc copyright dates * Fixed component snapshots
2017-04-12 08:27:57 -04:00
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
first commit
2015-06-14 23:53:32 -08:00
// See License.txt for license information.
package api
import (
Adding config file timestamp to X-Version header
2015-09-16 09:37:20 -07:00
"fmt"
first commit
2015-06-14 23:53:32 -08:00
"net/http"
"net/url"
"strings"
PLT-4357 adding performance monitoring (#4622) * WIP * WIP * Adding metrics collection * updating vendor packages * Adding metrics to config * Adding admin console page for perf monitoring * Updating glide * switching to tylerb/graceful
2016-11-22 11:05:54 -08:00
"time"
Added a link to error page that returns users to the root page
2015-08-25 11:06:11 -07:00
Upgrade logging package
2016-01-11 09:12:51 -06:00
l4g "github.com/alecthomas/log4go"
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
"github.com/gorilla/mux"
goi18n "github.com/nicksnyder/go-i18n/i18n"
PLT-4938 Add app package and move logic over from api package (#4931) * Add app package and move logic over from api package * Change app package functions to return errors * Move non-api tests into app package * Fix merge
2017-01-13 13:53:37 -05:00
"github.com/mattermost/platform/app"
PLT-2899 adding clustering of app servers (#3682) * PLT-2899 adding clustering of app servers * PLT-2899 base framework * PLT-2899 HA backend * PLT-2899 Fixing config file * PLT-2899 adding config syncing * PLT-2899 set System console to readonly when clustering enabled. * PLT-2899 Fixing publish API * PLT-2899 fixing strings
2016-08-04 09:25:37 -08:00
"github.com/mattermost/platform/einterfaces"
Added a link to error page that returns users to the root page
2015-08-25 11:06:11 -07:00
"github.com/mattermost/platform/model"
"github.com/mattermost/platform/utils"
first commit
2015-06-14 23:53:32 -08:00
)
type Context struct {
app type transition (#7167)
2017-09-06 17:12:54 -05:00
App *app.App
Implement APIv4 infrastructure (#5191) * Implement APIv4 infrastructure * Update parameter requirement functions per feedback
2017-01-30 08:30:02 -05:00
Session model.Session
RequestId string
IpAddress string
Path string
Err *model.AppError
PLT-5900 Removed automatic configuration of SiteURL (#5952) * Revert "PLT-5765 Passed SiteURL to SendNotifications (#5705)" This reverts commit a8e68bd8905972ae59de90fa33d5b3e3c274dc47. * Removed automatic configuration of SiteURL * Reverted unintentional config changes * Updated help text * Added link to docs in Site URL warning * Fixed merge conflict
2017-04-04 11:54:52 -04:00
siteURLHeader string
Implement APIv4 infrastructure (#5191) * Implement APIv4 infrastructure * Update parameter requirement functions per feedback
2017-01-30 08:30:02 -05:00
teamURLValid bool
teamURL string
T goi18n.TranslateFunc
Locale string
TeamId string
isSystemAdmin bool
first commit
2015-06-14 23:53:32 -08:00
}
func ApiAppHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return &handler{h, false, false, true, false, false, false, false}
first commit
2015-06-14 23:53:32 -08:00
}
func AppHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return &handler{h, false, false, false, false, false, false, false}
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
}
func AppHandlerIndependent(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return &handler{h, false, false, false, false, true, false, false}
first commit
2015-06-14 23:53:32 -08:00
}
func ApiUserRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return &handler{h, true, false, true, false, false, false, true}
first commit
2015-06-14 23:53:32 -08:00
}
func ApiUserRequiredActivity(h func(*Context, http.ResponseWriter, *http.Request), isUserActivity bool) http.Handler {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return &handler{h, true, false, true, isUserActivity, false, false, true}
}
func ApiUserRequiredMfa(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
return &handler{h, true, false, true, false, false, false, false}
first commit
2015-06-14 23:53:32 -08:00
}
func UserRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return &handler{h, true, false, false, false, false, false, true}
first commit
2015-06-14 23:53:32 -08:00
}
PLT-3484 OAuth2 Service Provider (#3632) * PLT-3484 OAuth2 Service Provider * PM text review for OAuth 2.0 Service Provider * PLT-3484 OAuth2 Service Provider UI tweaks (#3668) * Tweaks to help text * Pushing OAuth improvements (#3680) * Re-arrange System Console for OAuth 2.0 Provider
2016-08-03 12:19:27 -05:00
func AppHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return &handler{h, false, false, false, false, false, true, false}
PLT-3484 OAuth2 Service Provider (#3632) * PLT-3484 OAuth2 Service Provider * PM text review for OAuth 2.0 Service Provider * PLT-3484 OAuth2 Service Provider UI tweaks (#3668) * Tweaks to help text * Pushing OAuth improvements (#3680) * Re-arrange System Console for OAuth 2.0 Provider
2016-08-03 12:19:27 -05:00
}
first commit
2015-06-14 23:53:32 -08:00
func ApiAdminSystemRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return &handler{h, true, true, true, false, false, false, true}
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
}
Modifying permissions system. (#3897)
2016-09-13 12:42:48 -04:00
func ApiAdminSystemRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return &handler{h, true, true, true, false, false, true, true}
Modifying permissions system. (#3897)
2016-09-13 12:42:48 -04:00
}
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
func ApiAppHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return &handler{h, false, false, true, false, false, true, false}
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
}
func ApiUserRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return &handler{h, true, false, true, false, false, true, true}
first commit
2015-06-14 23:53:32 -08:00
}
PLT-2600/PLT-2770 Added Get Public Link modal and added new API for public file links (#2892) * Switched public file links to use a GetLinkModal * Separated getFile and the new getPublicFile api calls
2016-05-05 16:35:03 -04:00
func ApiAppHandlerTrustRequesterIndependent(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return &handler{h, false, false, true, false, true, true, false}
PLT-2600/PLT-2770 Added Get Public Link modal and added new API for public file links (#2892) * Switched public file links to use a GetLinkModal * Separated getFile and the new getPublicFile api calls
2016-05-05 16:35:03 -04:00
}
first commit
2015-06-14 23:53:32 -08:00
type handler struct {
handleFunc func(*Context, http.ResponseWriter, *http.Request)
requireUser bool
requireSystemAdmin bool
isApi bool
isUserActivity bool
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
isTeamIndependent bool
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
trustRequester bool
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
requireMfa bool
first commit
2015-06-14 23:53:32 -08:00
}
func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
PLT-4357 adding performance monitoring (#4622) * WIP * WIP * Adding metrics collection * updating vendor packages * Adding metrics to config * Adding admin console page for perf monitoring * Updating glide * switching to tylerb/graceful
2016-11-22 11:05:54 -08:00
now := time.Now()
first commit
2015-06-14 23:53:32 -08:00
l4g.Debug("%v", r.URL.Path)
Moving HTTP request counter to the start of ServeHTTP so count time is not effected by request duration. (#5764)
2017-03-14 14:56:35 -04:00
if metrics := einterfaces.GetMetricsInterface(); metrics != nil && h.isApi {
metrics.IncrementHttpRequest()
}
first commit
2015-06-14 23:53:32 -08:00
c := &Context{}
app type transition (#7167)
2017-09-06 17:12:54 -05:00
c.App = app.Global()
PLT-7 client side infra
2016-01-21 14:15:44 -06:00
c.T, c.Locale = utils.GetTranslationsAndLocale(w, r)
first commit
2015-06-14 23:53:32 -08:00
c.RequestId = model.NewId()
PLT-4938 Add app package and move logic over from api package (#4931) * Add app package and move logic over from api package * Change app package functions to return errors * Move non-api tests into app package * Fix merge
2017-01-13 13:53:37 -05:00
c.IpAddress = utils.GetIpAddress(r)
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
c.TeamId = mux.Vars(r)["team_id"]
first commit
2015-06-14 23:53:32 -08:00
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
token := ""
isTokenFromQueryString := false
// Attempt to parse token out of the header
authHeader := r.Header.Get(model.HEADER_AUTH)
if len(authHeader) > 6 && strings.ToUpper(authHeader[0:6]) == model.HEADER_BEARER {
// Default session token
token = authHeader[7:]
} else if len(authHeader) > 5 && strings.ToLower(authHeader[0:5]) == model.HEADER_TOKEN {
// OAuth token
token = authHeader[6:]
}
// Attempt to parse the token from the cookie
if len(token) == 0 {
Convering client to react-router.
2016-02-08 07:26:10 -05:00
if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil {
token = cookie.Value
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
if (h.requireSystemAdmin || h.requireUser) && !h.trustRequester {
if r.Header.Get(model.HEADER_REQUESTED_WITH) != model.HEADER_REQUESTED_WITH_XML {
Api: NewLocAppError -> NewAppError (#7280)
2017-09-01 14:58:43 +01:00
c.Err = model.NewAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token+" Appears to be a CSRF attempt", http.StatusUnauthorized)
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
token = ""
}
}
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
}
}
// Attempt to parse token out of the query string
if len(token) == 0 {
token = r.URL.Query().Get("access_token")
isTokenFromQueryString = true
}
PLT-5900 Removed automatic configuration of SiteURL (#5952) * Revert "PLT-5765 Passed SiteURL to SendNotifications (#5705)" This reverts commit a8e68bd8905972ae59de90fa33d5b3e3c274dc47. * Removed automatic configuration of SiteURL * Reverted unintentional config changes * Updated help text * Added link to docs in Site URL warning * Fixed merge conflict
2017-04-04 11:54:52 -04:00
c.SetSiteURLHeader(app.GetProtocol(r) + "://" + r.Host)
first commit
2015-06-14 23:53:32 -08:00
w.Header().Set(model.HEADER_REQUEST_ID, c.RequestId)
PLT-6226 Fixing races with licensing (#7213) * PLT-6226 Fixing races with licensing * Fixing build issue * Fixing licensing issue * removing commented code
2017-08-16 09:51:45 -07:00
w.Header().Set(model.HEADER_VERSION_ID, fmt.Sprintf("%v.%v.%v.%v", model.CurrentVersion, model.BuildNumber, utils.ClientCfgHash, utils.IsLicensed()))
Limited the added headers to only non-api calls
2015-07-27 11:59:14 -07:00
PLT-3484 OAuth2 Service Provider (#3632) * PLT-3484 OAuth2 Service Provider * PM text review for OAuth 2.0 Service Provider * PLT-3484 OAuth2 Service Provider UI tweaks (#3668) * Tweaks to help text * Pushing OAuth improvements (#3680) * Re-arrange System Console for OAuth 2.0 Provider
2016-08-03 12:19:27 -05:00
// Instruct the browser not to display us in an iframe unless is the same origin for anti-clickjacking
Limited the added headers to only non-api calls
2015-07-27 11:59:14 -07:00
if !h.isApi {
PLT-3484 OAuth2 Service Provider (#3632) * PLT-3484 OAuth2 Service Provider * PM text review for OAuth 2.0 Service Provider * PLT-3484 OAuth2 Service Provider UI tweaks (#3668) * Tweaks to help text * Pushing OAuth improvements (#3680) * Re-arrange System Console for OAuth 2.0 Provider
2016-08-03 12:19:27 -05:00
w.Header().Set("X-Frame-Options", "SAMEORIGIN")
w.Header().Set("Content-Security-Policy", "frame-ancestors 'self'")
Set default Content-Type to application/json for all API requests
2015-09-11 12:11:10 -04:00
} else {
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
// All api response bodies will be JSON formatted by default
Set default Content-Type to application/json for all API requests
2015-09-11 12:11:10 -04:00
w.Header().Set("Content-Type", "application/json")
Fixing IE expire issue
2016-02-11 13:17:27 -08:00
if r.Method == "GET" {
w.Header().Set("Expires", "0")
}
Limited the added headers to only non-api calls
2015-07-27 11:59:14 -07:00
}
first commit
2015-06-14 23:53:32 -08:00
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
if len(token) != 0 {
app type transition (#7167)
2017-09-06 17:12:54 -05:00
session, err := app.Global().GetSession(token)
first commit
2015-06-14 23:53:32 -08:00
PLT-4938 Add app package and move logic over from api package (#4931) * Add app package and move logic over from api package * Change app package functions to return errors * Move non-api tests into app package * Fix merge
2017-01-13 13:53:37 -05:00
if err != nil {
l4g.Error(utils.T("api.context.invalid_session.error"), err.Error())
PLT-44 allow team switching without the need to login
2015-10-01 17:52:47 -07:00
c.RemoveSessionCookie(w, r)
Convering client to react-router.
2016-02-08 07:26:10 -05:00
if h.requireUser || h.requireSystemAdmin {
Api: NewLocAppError -> NewAppError (#7280)
2017-09-01 14:58:43 +01:00
c.Err = model.NewAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token, http.StatusUnauthorized)
Convering client to react-router.
2016-02-08 07:26:10 -05:00
}
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
} else if !session.IsOAuth && isTokenFromQueryString {
Api: NewLocAppError -> NewAppError (#7280)
2017-09-01 14:58:43 +01:00
c.Err = model.NewAppError("ServeHTTP", "api.context.token_provided.app_error", nil, "token="+token, http.StatusUnauthorized)
first commit
2015-06-14 23:53:32 -08:00
} else {
c.Session = *session
}
}
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
if h.isApi || h.isTeamIndependent {
PLT-5900 Removed automatic configuration of SiteURL (#5952) * Revert "PLT-5765 Passed SiteURL to SendNotifications (#5705)" This reverts commit a8e68bd8905972ae59de90fa33d5b3e3c274dc47. * Removed automatic configuration of SiteURL * Reverted unintentional config changes * Updated help text * Added link to docs in Site URL warning * Fixed merge conflict
2017-04-04 11:54:52 -04:00
c.setTeamURL(c.GetSiteURLHeader(), false)
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
c.Path = r.URL.Path
} else {
splitURL := strings.Split(r.URL.Path, "/")
PLT-5900 Removed automatic configuration of SiteURL (#5952) * Revert "PLT-5765 Passed SiteURL to SendNotifications (#5705)" This reverts commit a8e68bd8905972ae59de90fa33d5b3e3c274dc47. * Removed automatic configuration of SiteURL * Reverted unintentional config changes * Updated help text * Added link to docs in Site URL warning * Fixed merge conflict
2017-04-04 11:54:52 -04:00
c.setTeamURL(c.GetSiteURLHeader()+"/"+splitURL[1], true)
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
c.Path = "/" + strings.Join(splitURL[2:], "/")
}
PLT-6554 Add config setting to control enabling API version 3 (#6835) * Add config setting to control enabling API version 3 * Update help text for APIv3 config setting (#6843) * Update configuration_settings.jsx * Update en.json
2017-07-04 16:12:02 -04:00
if h.isApi && !*utils.Cfg.ServiceSettings.EnableAPIv3 {
c.Err = model.NewAppError("ServeHTTP", "api.context.v3_disabled.app_error", nil, "", http.StatusNotImplemented)
}
first commit
2015-06-14 23:53:32 -08:00
if c.Err == nil && h.requireUser {
c.UserRequired()
}
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
if c.Err == nil && h.requireMfa {
c.MfaRequired()
}
first commit
2015-06-14 23:53:32 -08:00
if c.Err == nil && h.requireSystemAdmin {
c.SystemAdminRequired()
}
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
if c.Err == nil && h.isUserActivity && token != "" && len(c.Session.UserId) > 0 {
app type transition (#7167)
2017-09-06 17:12:54 -05:00
app.Global().SetStatusOnline(c.Session.UserId, c.Session.Id, false)
app.Global().UpdateLastActivityAtIfNeeded(c.Session)
first commit
2015-06-14 23:53:32 -08:00
}
Fix API Get channels for a user returns users' dm channels with blank teamid (#4748) * fix API Get channels for a user returns users' dm channels with blank team ID add check in the context.go add suggestion made adjustment per review and support from @joram * update tests * add check if needd user or admin permissions * update per review
2016-12-20 16:55:22 +01:00
if c.Err == nil && (h.requireUser || h.requireSystemAdmin) {
//check if teamId exist
c.CheckTeamId()
}
first commit
2015-06-14 23:53:32 -08:00
if c.Err == nil {
h.handleFunc(c, w, r)
}
Restricting visibility of detailed_error message (#3629)
2016-07-19 12:40:13 -04:00
// Handle errors that have occoured
first commit
2015-06-14 23:53:32 -08:00
if c.Err != nil {
PLT-7-server-db
2016-01-20 14:36:34 -06:00
c.Err.Translate(c.T)
first commit
2015-06-14 23:53:32 -08:00
c.Err.RequestId = c.RequestId
c.LogError(c.Err)
c.Err.Where = r.URL.Path
Merging performance branch into master (#4268) * improve performance on sendNotifications * Fix SQL queries * Remove get direct profiles, not needed anymore * Add raw data to error details if AppError fails to decode * men * Fix decode (#4052) * Fixing json decode * Adding unit test * Initial work for client scaling (#4051) * Begin adding paging to profiles API * Added more paging functionality * Finish hooking up admin console user lists * Add API for searching users and add searching to all user lists * Add lazy loading of profiles * Revert config.json * Fix unit tests and some style issues * Add GetProfilesFromList to Go driver and fix web unit test * Update etag for GetProfiles * Updating ui for filters and pagination (#4044) * Updating UI for pagination * Adjusting margins for filter row * Adjusting margin for specific modals * Adding relative padding to system console * Adjusting responsive view * Update client user tests * Minor fixes for direct messages modal (#4056) * Remove some unneeded initial load calls (#4057) * UX updates to user lists, added smart counts and bug fixes (#4059) * Improved getExplicitMentions and unit tests (#4064) * Refactor getting posts to lazy load profiles correctly (#4062) * Comment out SetActiveChannel test (#4066) * Profiler cpu, block, and memory profiler. (#4081) * Fix TestSetActiveChannel unit test (#4071) * Fixing build failure caused by dependancies updating (#4076) * Adding profiler * Fix admin_team_member_dropdown eslint errors * Bumping session cache size (#4077) * Bumping session cache size * Bumping status cache * Refactor how the client handles channel members to be large team friendly (#4106) * Refactor how the client handles channel members to be large team friendly * Change Id to ChannelId in ChannelStats model * Updated getChannelMember and getProfilesByIds routes to match proposal * Performance improvements (#4100) * Performance improvements * Fixing re-connect issue * Fixing error message * Some other minor perf tweaks * Some other minor perf tweaks * Fixing config file * Fixing buffer size * Fixing web socket send message * adding some error logging * fix getMe to be user required * Fix websocket event for new user * Fixing shutting down * Reverting web socket changes * Fixing logging lvl * Adding caching to GetMember * Adding some logging * Fixing caching * Fixing caching invalidate * Fixing direct message caching * Fixing caching * Fixing caching * Remove GetDirectProfiles from initial load * Adding logging and fixing websocket client * Adding back caching from bad merge. * Explicitly close go driver requests (#4162) * Refactored how the client handles team members to be more large team friendly (#4159) * Refactor getProfilesForDirectMessageList API into getAllProfiles API * Refactored how the client handles team members to be more large team friendly * Fix js error when receiving a notification * Fix JS error caused by current user being overwritten with sanitized version (#4165) * Adding error message to status failure (#4167) * Fix a few bugs caused by client scaling refactoring (#4170) * When there is no read replica, don't open a second set of connections to the master database (#4173) * Adding connection tacking to stats (#4174) * Reduce DB writes for statuses and other status related changes (#4175) * Fix bug preventing opening of DM channels from more modal (#4181) * Fixing socket timing error (#4183) * Fixing ping/pong handler * Fixing socket timing error * Commenting out status broadcasting * Removing user status changes * Removing user status changes * Removing user status changes * Removing user status changes * Adding DoPreComputeJson() * Performance improvements (#4194) * * Fix System Console Analytics queries * Add db.SetConnMaxLifetime to 15 minutes * Add "net/http/pprof" for profiling * Add FreeOSMemory() to manually release memory on reload config * Add flag to enable http profiler * Fix memory leak (#4197) * Fix memory leak * removed unneeded nil assignment * Fixing go routine leak (#4208) * Merge fixes * Merge fix * Refactored statuses to be queried by the client rather than broadcast by the server (#4212) * Refactored server code to reduce status broadcasts and to allow getting statuses by IDs * Refactor client code to periodically fetch statuses * Add store unit test for getting statuses by ids * Fix status unit test * Add getStatusesByIds REST API and move the client over to use that instead of the WebSocket * Adding multiple threads to websocket hub (#4230) * Adding multiple threads to websocket hub * Fixing unit tests * Fixing so websocket connections from the same user end up in the same… (#4240) * Fixing so websocket connections from the same user end up in the same list * Removing old comment * Refactor user autocomplete to query the server (#4239) * Add API for autocompleting users * Converted at mention autocomplete to query server * Converted user search autocomplete to query server * Switch autocomplete API naming to use term instead of username * Split autocomplete API into two, one for channels and for teams * Fix copy/paste error * Some final client scaling fixes (#4246) * Add lazy loading of profiles to integration pages * Add lazy loading of profiles to emoji page * Fix JS error when receiving post in select team menu and also clean up channel store
2016-10-19 14:49:25 -04:00
// Block out detailed error when not in developer mode
Restricting visibility of detailed_error message (#3629)
2016-07-19 12:40:13 -04:00
if !*utils.Cfg.ServiceSettings.EnableDeveloper {
c.Err.DetailedError = ""
}
first commit
2015-06-14 23:53:32 -08:00
if h.isApi {
w.WriteHeader(c.Err.StatusCode)
w.Write([]byte(c.Err.ToJson()))
PLT-4357 adding performance monitoring (#4622) * WIP * WIP * Adding metrics collection * updating vendor packages * Adding metrics to config * Adding admin console page for perf monitoring * Updating glide * switching to tylerb/graceful
2016-11-22 11:05:54 -08:00
if einterfaces.GetMetricsInterface() != nil {
einterfaces.GetMetricsInterface().IncrementHttpError()
}
first commit
2015-06-14 23:53:32 -08:00
} else {
if c.Err.StatusCode == http.StatusUnauthorized {
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
http.Redirect(w, r, c.GetTeamURL()+"/?redirect="+url.QueryEscape(r.URL.Path), http.StatusTemporaryRedirect)
first commit
2015-06-14 23:53:32 -08:00
} else {
Implement v4 endpoints for OAuth (#6040) * Implement POST /oauth/apps endpoint for APIv4 * Implement GET /oauth/apps endpoint for APIv4 * Implement GET /oauth/apps/{app_id} and /oauth/apps/{app_id}/info endpoints for APIv4 * Refactor API version independent oauth endpoints * Implement DELETE /oauth/apps/{app_id} endpoint for APIv4 * Implement /oauth/apps/{app_id}/regen_secret endpoint for APIv4 * Implement GET /user/{user_id}/oauth/apps/authorized endpoint for APIv4 * Implement POST /oauth/deauthorize endpoint
2017-04-20 09:55:02 -04:00
utils.RenderWebError(c.Err, w, r)
first commit
2015-06-14 23:53:32 -08:00
}
}
PLT-4357 adding performance monitoring (#4622) * WIP * WIP * Adding metrics collection * updating vendor packages * Adding metrics to config * Adding admin console page for perf monitoring * Updating glide * switching to tylerb/graceful
2016-11-22 11:05:54 -08:00
}
if h.isApi && einterfaces.GetMetricsInterface() != nil {
Implement APIv4 infrastructure (#5191) * Implement APIv4 infrastructure * Update parameter requirement functions per feedback
2017-01-30 08:30:02 -05:00
if r.URL.Path != model.API_URL_SUFFIX_V3+"/users/websocket" {
PLT-4357 adding performance monitoring (#4622) * WIP * WIP * Adding metrics collection * updating vendor packages * Adding metrics to config * Adding admin console page for perf monitoring * Updating glide * switching to tylerb/graceful
2016-11-22 11:05:54 -08:00
elapsed := float64(time.Since(now)) / float64(time.Second)
einterfaces.GetMetricsInterface().ObserveHttpRequestDuration(elapsed)
}
first commit
2015-06-14 23:53:32 -08:00
}
}
func (c *Context) LogAudit(extraInfo string) {
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
audit := &model.Audit{UserId: c.Session.UserId, IpAddress: c.IpAddress, Action: c.Path, ExtraInfo: extraInfo, SessionId: c.Session.Id}
app type transition (#7167)
2017-09-06 17:12:54 -05:00
if r := <-app.Global().Srv.Store.Audit().Save(audit); r.Err != nil {
Fixing audit log to wait for confirm
2015-08-20 15:04:37 -07:00
c.LogError(r.Err)
}
first commit
2015-06-14 23:53:32 -08:00
}
func (c *Context) LogAuditWithUserId(userId, extraInfo string) {
Fixing audit log to wait for confirm
2015-08-20 15:04:37 -07:00
if len(c.Session.UserId) > 0 {
extraInfo = strings.TrimSpace(extraInfo + " session_user=" + c.Session.UserId)
}
first commit
2015-06-14 23:53:32 -08:00
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
audit := &model.Audit{UserId: userId, IpAddress: c.IpAddress, Action: c.Path, ExtraInfo: extraInfo, SessionId: c.Session.Id}
app type transition (#7167)
2017-09-06 17:12:54 -05:00
if r := <-app.Global().Srv.Store.Audit().Save(audit); r.Err != nil {
Fixing audit log to wait for confirm
2015-08-20 15:04:37 -07:00
c.LogError(r.Err)
}
first commit
2015-06-14 23:53:32 -08:00
}
func (c *Context) LogError(err *model.AppError) {
Fixing invalid session (#3463)
2016-07-01 11:57:17 -08:00
// filter out endless reconnects
Moving CheckBrowserCompatability to debug (#3889)
2016-08-26 13:24:57 -08:00
if c.Path == "/api/v3/users/websocket" && err.StatusCode == 401 || err.Id == "web.check_browser_compatibility.app_error" {
Fixing invalid session (#3463)
2016-07-01 11:57:17 -08:00
c.LogDebug(err)
Config to make town square read only (#7140) * Be able to make Town Square read-only (Disable typing messages for non admins). * Do not emit UserTypingEvent when TownSquareIsReadOnly and is Town Square. * Add unit tests for TownSquareIsReadOnly config value and logic. * Add TownSquareIsReadOnly to System console>Policy. Added Telemetry. * Add control for TownSquareIsReadOnly=true only for License Enterprise Edition E10 & E20. * Update en.json * Update en.json * Update policy_settings.jsx * Change config value from TownSquareIsReadOnly to ExperimentalTownSquareIsReadOnly. * Refactored to simplify. Avoid code repeat and multiple db calls.
2017-09-01 08:53:55 -05:00
} else if err.Id != "api.post.create_post.town_square_read_only" {
PLT-6322 log error messages in english (#6234)
2017-04-28 07:03:52 -07:00
l4g.Error(utils.TDefault("api.context.log.error"), c.Path, err.Where, err.StatusCode,
c.RequestId, c.Session.UserId, c.IpAddress, err.SystemMessage(utils.TDefault), err.DetailedError)
Fixing invalid session (#3463)
2016-07-01 11:57:17 -08:00
}
first commit
2015-06-14 23:53:32 -08:00
}
PLT-3440 (#3440)
2016-06-29 04:16:20 -08:00
func (c *Context) LogDebug(err *model.AppError) {
PLT-6322 log error messages in english (#6234)
2017-04-28 07:03:52 -07:00
l4g.Debug(utils.TDefault("api.context.log.error"), c.Path, err.Where, err.StatusCode,
c.RequestId, c.Session.UserId, c.IpAddress, err.SystemMessage(utils.TDefault), err.DetailedError)
PLT-3440 (#3440)
2016-06-29 04:16:20 -08:00
}
first commit
2015-06-14 23:53:32 -08:00
func (c *Context) UserRequired() {
PLT-6763 Implement user access tokens and new roles (server-side) (#6972) * Implement user access tokens and new roles * Update config.json * Add public post permission to apiv3 * Remove old comment * Fix model unit test * Updates to store per feedback * Updates per feedback from CS
2017-07-31 12:59:32 -04:00
if !*utils.Cfg.ServiceSettings.EnableUserAccessTokens && c.Session.Props[model.SESSION_PROP_TYPE] == model.SESSION_TYPE_USER_ACCESS_TOKEN {
c.Err = model.NewAppError("", "api.context.session_expired.app_error", nil, "UserAccessToken", http.StatusUnauthorized)
return
}
first commit
2015-06-14 23:53:32 -08:00
if len(c.Session.UserId) == 0 {
PLT-6763 Implement user access tokens and new roles (server-side) (#6972) * Implement user access tokens and new roles * Update config.json * Add public post permission to apiv3 * Remove old comment * Fix model unit test * Updates to store per feedback * Updates per feedback from CS
2017-07-31 12:59:32 -04:00
c.Err = model.NewAppError("", "api.context.session_expired.app_error", nil, "UserRequired", http.StatusUnauthorized)
first commit
2015-06-14 23:53:32 -08:00
return
}
}
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
func (c *Context) MfaRequired() {
// Must be licensed for MFA and have it configured for enforcement
PLT-6226 Fixing races with licensing (#7213) * PLT-6226 Fixing races with licensing * Fixing build issue * Fixing licensing issue * removing commented code
2017-08-16 09:51:45 -07:00
if !utils.IsLicensed() || !*utils.License().Features.MFA || !*utils.Cfg.ServiceSettings.EnableMultifactorAuthentication || !*utils.Cfg.ServiceSettings.EnforceMultifactorAuthentication {
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return
}
// OAuth integrations are excepted
if c.Session.IsOAuth {
return
}
app type transition (#7167)
2017-09-06 17:12:54 -05:00
if result := <-app.Global().Srv.Store.User().Get(c.Session.UserId); result.Err != nil {
Api: NewLocAppError -> NewAppError (#7280)
2017-09-01 14:58:43 +01:00
c.Err = model.NewAppError("", "api.context.session_expired.app_error", nil, "MfaRequired", http.StatusUnauthorized)
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return
} else {
user := result.Data.(*model.User)
// Only required for email and ldap accounts
if user.AuthService != "" &&
user.AuthService != model.USER_AUTH_SERVICE_EMAIL &&
user.AuthService != model.USER_AUTH_SERVICE_LDAP {
return
}
if !user.MfaActive {
Api: NewLocAppError -> NewAppError (#7280)
2017-09-01 14:58:43 +01:00
c.Err = model.NewAppError("", "api.context.mfa_required.app_error", nil, "MfaRequired", http.StatusUnauthorized)
PLT-4767 Implement MFA Enforcement (#4662) * Create MFA setup page and remove MFA setup from account settings modal * Add enforce MFA to system console and force redirect * Lockdown mfa required API routes, add localization, other changes * Minor fixes * Fix typo * Fix some unit tests * Fix more unit tests * Minor fix * Updating UI for MFA screen (#4670) * Updating UI for MFA screen * Updating styles for MFA page * Add the ability to switch between email/sso with MFA enabled * Added mfa change email * Minor UI updates for MFA enforcement * Fix unit test * Fix client unit test * Allow switching email to ldap and back when MFA is enabled * Fix unit test * Revert config.json
2016-12-12 08:16:10 -05:00
return
}
}
}
first commit
2015-06-14 23:53:32 -08:00
func (c *Context) SystemAdminRequired() {
if len(c.Session.UserId) == 0 {
Api: NewLocAppError -> NewAppError (#7280)
2017-09-01 14:58:43 +01:00
c.Err = model.NewAppError("", "api.context.session_expired.app_error", nil, "SystemAdminRequired", http.StatusUnauthorized)
first commit
2015-06-14 23:53:32 -08:00
return
Implement APIv4 infrastructure (#5191) * Implement APIv4 infrastructure * Update parameter requirement functions per feedback
2017-01-30 08:30:02 -05:00
} else if !c.IsSystemAdmin() {
Api: NewLocAppError -> NewAppError (#7280)
2017-09-01 14:58:43 +01:00
c.Err = model.NewAppError("", "api.context.permissions.app_error", nil, "AdminRequired", http.StatusForbidden)
first commit
2015-06-14 23:53:32 -08:00
return
}
}
Implement APIv4 infrastructure (#5191) * Implement APIv4 infrastructure * Update parameter requirement functions per feedback
2017-01-30 08:30:02 -05:00
func (c *Context) IsSystemAdmin() bool {
return app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM)
}
PLT-44 allow team switching without the need to login
2015-10-01 17:52:47 -07:00
func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) {
Multi-session login
2015-10-20 14:49:42 -07:00
cookie := &http.Cookie{
Adding multi-session cookie
2015-10-20 04:37:51 -07:00
Name: model.SESSION_COOKIE_TOKEN,
Multi-session login
2015-10-20 14:49:42 -07:00
Value: "",
PLT-44 allow team switching without the need to login
2015-10-01 17:52:47 -07:00
Path: "/",
Multi-session login
2015-10-20 14:49:42 -07:00
MaxAge: -1,
PLT-44 allow team switching without the need to login
2015-10-01 17:52:47 -07:00
HttpOnly: true,
}
PLT-6492 Use new cookie to determine if user is logged in (#6317) * Use new cookie to determine if user is logged in * Add temporary code for 3.9 to prevent forced re-login
2017-05-04 16:36:31 -04:00
userCookie := &http.Cookie{
Name: model.SESSION_COOKIE_USER,
Value: "",
Path: "/",
MaxAge: -1,
}
Multi-session login
2015-10-20 14:49:42 -07:00
http.SetCookie(w, cookie)
PLT-6492 Use new cookie to determine if user is logged in (#6317) * Use new cookie to determine if user is logged in * Add temporary code for 3.9 to prevent forced re-login
2017-05-04 16:36:31 -04:00
http.SetCookie(w, userCookie)
first commit
2015-06-14 23:53:32 -08:00
}
func (c *Context) SetInvalidParam(where string, name string) {
PLT-2600/PLT-2770 Added Get Public Link modal and added new API for public file links (#2892) * Switched public file links to use a GetLinkModal * Separated getFile and the new getPublicFile api calls
2016-05-05 16:35:03 -04:00
c.Err = NewInvalidParamError(where, name)
}
func NewInvalidParamError(where string, name string) *model.AppError {
Api: NewLocAppError -> NewAppError (#7280)
2017-09-01 14:58:43 +01:00
err := model.NewAppError(where, "api.context.invalid_param.app_error", map[string]interface{}{"Name": name}, "", http.StatusBadRequest)
PLT-2600/PLT-2770 Added Get Public Link modal and added new API for public file links (#2892) * Switched public file links to use a GetLinkModal * Separated getFile and the new getPublicFile api calls
2016-05-05 16:35:03 -04:00
return err
first commit
2015-06-14 23:53:32 -08:00
}
func (c *Context) SetUnknownError(where string, details string) {
Api: NewLocAppError -> NewAppError (#7280)
2017-09-01 14:58:43 +01:00
c.Err = model.NewAppError(where, "api.context.unknown.app_error", nil, details, http.StatusInternalServerError)
first commit
2015-06-14 23:53:32 -08:00
}
Move permissions code into app package (#5146) * Move permissions code into app package * Revert getPosts permission
2017-01-23 08:12:05 -05:00
func (c *Context) SetPermissionError(permission *model.Permission) {
Api: NewLocAppError -> NewAppError (#7280)
2017-09-01 14:58:43 +01:00
c.Err = model.NewAppError("Permissions", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id, http.StatusForbidden)
Move permissions code into app package (#5146) * Move permissions code into app package * Revert getPosts permission
2017-01-23 08:12:05 -05:00
}
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
func (c *Context) setTeamURL(url string, valid bool) {
c.teamURL = url
c.teamURLValid = valid
}
PLT-44 allow team switching without the need to login
2015-10-01 17:52:47 -07:00
func (c *Context) SetTeamURLFromSession() {
app type transition (#7167)
2017-09-06 17:12:54 -05:00
if result := <-app.Global().Srv.Store.Team().Get(c.TeamId); result.Err == nil {
PLT-5900 Removed automatic configuration of SiteURL (#5952) * Revert "PLT-5765 Passed SiteURL to SendNotifications (#5705)" This reverts commit a8e68bd8905972ae59de90fa33d5b3e3c274dc47. * Removed automatic configuration of SiteURL * Reverted unintentional config changes * Updated help text * Added link to docs in Site URL warning * Fixed merge conflict
2017-04-04 11:54:52 -04:00
c.setTeamURL(c.GetSiteURLHeader()+"/"+result.Data.(*model.Team).Name, true)
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
}
}
PLT-5900 Removed automatic configuration of SiteURL (#5952) * Revert "PLT-5765 Passed SiteURL to SendNotifications (#5705)" This reverts commit a8e68bd8905972ae59de90fa33d5b3e3c274dc47. * Removed automatic configuration of SiteURL * Reverted unintentional config changes * Updated help text * Added link to docs in Site URL warning * Fixed merge conflict
2017-04-04 11:54:52 -04:00
func (c *Context) SetSiteURLHeader(url string) {
c.siteURLHeader = strings.TrimRight(url, "/")
Changed autodetection of SiteURL (#3764) * Changed autoconfiguration of SiteURL to be done on every request * Added SiteURL to system console
2016-08-09 09:53:22 -04:00
}
PLT-5900 Removed automatic configuration of SiteURL (#5952) * Revert "PLT-5765 Passed SiteURL to SendNotifications (#5705)" This reverts commit a8e68bd8905972ae59de90fa33d5b3e3c274dc47. * Removed automatic configuration of SiteURL * Reverted unintentional config changes * Updated help text * Added link to docs in Site URL warning * Fixed merge conflict
2017-04-04 11:54:52 -04:00
// TODO see where these are used
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
func (c *Context) GetTeamURLFromTeam(team *model.Team) string {
PLT-5900 Removed automatic configuration of SiteURL (#5952) * Revert "PLT-5765 Passed SiteURL to SendNotifications (#5705)" This reverts commit a8e68bd8905972ae59de90fa33d5b3e3c274dc47. * Removed automatic configuration of SiteURL * Reverted unintentional config changes * Updated help text * Added link to docs in Site URL warning * Fixed merge conflict
2017-04-04 11:54:52 -04:00
return c.GetSiteURLHeader() + "/" + team.Name
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
}
func (c *Context) GetTeamURL() string {
if !c.teamURLValid {
PLT-44 allow team switching without the need to login
2015-10-01 17:52:47 -07:00
c.SetTeamURLFromSession()
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
if !c.teamURLValid {
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
l4g.Debug(utils.T("api.context.invalid_team_url.debug"))
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
}
}
return c.teamURL
}
PLT-5900 Removed automatic configuration of SiteURL (#5952) * Revert "PLT-5765 Passed SiteURL to SendNotifications (#5705)" This reverts commit a8e68bd8905972ae59de90fa33d5b3e3c274dc47. * Removed automatic configuration of SiteURL * Reverted unintentional config changes * Updated help text * Added link to docs in Site URL warning * Fixed merge conflict
2017-04-04 11:54:52 -04:00
func (c *Context) GetSiteURLHeader() string {
return c.siteURLHeader
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
}
Modifying permissions system. (#3897)
2016-09-13 12:42:48 -04:00
func (c *Context) GetCurrentTeamMember() *model.TeamMember {
return c.Session.GetTeamByTeamId(c.TeamId)
}
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
func IsApiCall(r *http.Request) bool {
return strings.Index(r.URL.Path, "/api/") == 0
}
first commit
2015-06-14 23:53:32 -08:00
func Handle404(w http.ResponseWriter, r *http.Request) {
Api: NewLocAppError -> NewAppError (#7280)
2017-09-01 14:58:43 +01:00
err := model.NewAppError("Handle404", "api.context.404.app_error", nil, "", http.StatusNotFound)
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
err.Translate(utils.T)
PLT-3440 (#3440)
2016-06-29 04:16:20 -08:00
PLT-4938 Add app package and move logic over from api package (#4931) * Add app package and move logic over from api package * Change app package functions to return errors * Move non-api tests into app package * Fix merge
2017-01-13 13:53:37 -05:00
l4g.Debug("%v: code=404 ip=%v", r.URL.Path, utils.GetIpAddress(r))
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
if IsApiCall(r) {
w.WriteHeader(err.StatusCode)
err.DetailedError = "There doesn't appear to be an api call for the url='" + r.URL.Path + "'. Typo? are you missing a team_id or user_id as part of the url?"
w.Write([]byte(err.ToJson()))
} else {
Implement v4 endpoints for OAuth (#6040) * Implement POST /oauth/apps endpoint for APIv4 * Implement GET /oauth/apps endpoint for APIv4 * Implement GET /oauth/apps/{app_id} and /oauth/apps/{app_id}/info endpoints for APIv4 * Refactor API version independent oauth endpoints * Implement DELETE /oauth/apps/{app_id} endpoint for APIv4 * Implement /oauth/apps/{app_id}/regen_secret endpoint for APIv4 * Implement GET /user/{user_id}/oauth/apps/authorized endpoint for APIv4 * Implement POST /oauth/deauthorize endpoint
2017-04-20 09:55:02 -04:00
utils.RenderWebError(err, w, r)
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
}
first commit
2015-06-14 23:53:32 -08:00
}
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
Fix API Get channels for a user returns users' dm channels with blank teamid (#4748) * fix API Get channels for a user returns users' dm channels with blank team ID add check in the context.go add suggestion made adjustment per review and support from @joram * update tests * add check if needd user or admin permissions * update per review
2016-12-20 16:55:22 +01:00
func (c *Context) CheckTeamId() {
if c.TeamId != "" && c.Session.GetTeamByTeamId(c.TeamId) == nil {
Move permissions code into app package (#5146) * Move permissions code into app package * Revert getPosts permission
2017-01-23 08:12:05 -05:00
if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
app type transition (#7167)
2017-09-06 17:12:54 -05:00
if result := <-app.Global().Srv.Store.Team().Get(c.TeamId); result.Err != nil {
Fix API Get channels for a user returns users' dm channels with blank teamid (#4748) * fix API Get channels for a user returns users' dm channels with blank team ID add check in the context.go add suggestion made adjustment per review and support from @joram * update tests * add check if needd user or admin permissions * update per review
2016-12-20 16:55:22 +01:00
c.Err = result.Err
c.Err.StatusCode = http.StatusBadRequest
return
}
} else {
Move permissions code into app package (#5146) * Move permissions code into app package * Revert getPosts permission
2017-01-23 08:12:05 -05:00
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
Fix API Get channels for a user returns users' dm channels with blank teamid (#4748) * fix API Get channels for a user returns users' dm channels with blank team ID add check in the context.go add suggestion made adjustment per review and support from @joram * update tests * add check if needd user or admin permissions * update per review
2016-12-20 16:55:22 +01:00
return
}
}
}
Reference in New Issue Copy Permalink