2017-04-12 08:27:57 -04:00
|
|
|
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
2015-06-14 23:53:32 -08:00
|
|
|
// See License.txt for license information.
|
|
|
|
|
|
|
|
|
|
package api
|
|
|
|
|
|
|
|
|
|
import (
|
2016-07-05 15:49:00 -04:00
|
|
|
b64 "encoding/base64"
|
2015-06-14 23:53:32 -08:00
|
|
|
"fmt"
|
|
|
|
|
"net/http"
|
|
|
|
|
"strconv"
|
|
|
|
|
"strings"
|
2016-02-08 11:29:11 -05:00
|
|
|
"time"
|
2016-05-18 13:54:33 +02:00
|
|
|
|
|
|
|
|
l4g "github.com/alecthomas/log4go"
|
|
|
|
|
"github.com/gorilla/mux"
|
2017-09-06 23:05:10 -07:00
|
|
|
"github.com/mattermost/mattermost-server/app"
|
|
|
|
|
"github.com/mattermost/mattermost-server/model"
|
|
|
|
|
"github.com/mattermost/mattermost-server/store"
|
|
|
|
|
"github.com/mattermost/mattermost-server/utils"
|
2015-06-14 23:53:32 -08:00
|
|
|
)
|
|
|
|
|
|
2017-09-22 12:54:27 -05:00
|
|
|
func (api *API) InitUser() {
|
2016-01-22 01:37:11 -03:00
|
|
|
l4g.Debug(utils.T("api.user.init.debug"))
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2017-09-22 12:54:27 -05:00
|
|
|
api.BaseRoutes.Users.Handle("/create", api.ApiAppHandler(createUser)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/update", api.ApiUserRequired(updateUser)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/update_active", api.ApiUserRequired(updateActive)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/update_notify", api.ApiUserRequired(updateUserNotify)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/newpassword", api.ApiUserRequired(updatePassword)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/send_password_reset", api.ApiAppHandler(sendPasswordReset)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/reset_password", api.ApiAppHandler(resetPassword)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/login", api.ApiAppHandler(login)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/logout", api.ApiAppHandler(logout)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/revoke_session", api.ApiUserRequired(revokeSession)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/attach_device", api.ApiUserRequired(attachDeviceId)).Methods("POST")
|
|
|
|
|
//DEPRICATED FOR SECURITY USE APIV4 api.BaseRoutes.Users.Handle("/verify_email", ApiAppHandler(verifyEmail)).Methods("POST")
|
|
|
|
|
//DEPRICATED FOR SECURITY USE APIV4 api.BaseRoutes.Users.Handle("/resend_verification", ApiAppHandler(resendVerification)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/newimage", api.ApiUserRequired(uploadProfileImage)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/me", api.ApiUserRequired(getMe)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/initial_load", api.ApiAppHandler(getInitialLoad)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getProfiles)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.NeedTeam.Handle("/users/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getProfilesInTeam)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.NeedChannel.Handle("/users/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getProfilesInChannel)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.NeedChannel.Handle("/users/not_in_channel/{offset:[0-9]+}/{limit:[0-9]+}", api.ApiUserRequired(getProfilesNotInChannel)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/search", api.ApiUserRequired(searchUsers)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/ids", api.ApiUserRequired(getProfilesByIds)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/autocomplete", api.ApiUserRequired(autocompleteUsers)).Methods("GET")
|
|
|
|
|
|
|
|
|
|
api.BaseRoutes.NeedTeam.Handle("/users/autocomplete", api.ApiUserRequired(autocompleteUsersInTeam)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.NeedChannel.Handle("/users/autocomplete", api.ApiUserRequired(autocompleteUsersInChannel)).Methods("GET")
|
|
|
|
|
|
|
|
|
|
api.BaseRoutes.Users.Handle("/mfa", api.ApiAppHandler(checkMfa)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/generate_mfa_secret", api.ApiUserRequiredMfa(generateMfaSecret)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/update_mfa", api.ApiUserRequiredMfa(updateMfa)).Methods("POST")
|
|
|
|
|
|
|
|
|
|
api.BaseRoutes.Users.Handle("/claim/email_to_oauth", api.ApiAppHandler(emailToOAuth)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/claim/oauth_to_email", api.ApiUserRequired(oauthToEmail)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/claim/email_to_ldap", api.ApiAppHandler(emailToLdap)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/claim/ldap_to_email", api.ApiAppHandler(ldapToEmail)).Methods("POST")
|
|
|
|
|
|
|
|
|
|
api.BaseRoutes.NeedUser.Handle("/get", api.ApiUserRequired(getUser)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/name/{username:[A-Za-z0-9_\\-.]+}", api.ApiUserRequired(getByUsername)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/email/{email}", api.ApiUserRequired(getByEmail)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.NeedUser.Handle("/sessions", api.ApiUserRequired(getSessions)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.NeedUser.Handle("/audits", api.ApiUserRequired(getAudits)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.NeedUser.Handle("/image", api.ApiUserRequiredTrustRequester(getProfileImage)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.NeedUser.Handle("/update_roles", api.ApiUserRequired(updateRoles)).Methods("POST")
|
|
|
|
|
|
|
|
|
|
api.BaseRoutes.Root.Handle("/login/sso/saml", api.AppHandlerIndependent(loginWithSaml)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Root.Handle("/login/sso/saml", api.AppHandlerIndependent(completeSaml)).Methods("POST")
|
2015-06-14 23:53:32 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
user := model.UserFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
if user == nil {
|
|
|
|
|
c.SetInvalidParam("createUser", "user")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-13 15:17:50 -05:00
|
|
|
hash := r.URL.Query().Get("h")
|
|
|
|
|
inviteId := r.URL.Query().Get("iid")
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2017-01-13 15:17:50 -05:00
|
|
|
var ruser *model.User
|
|
|
|
|
var err *model.AppError
|
|
|
|
|
if len(hash) > 0 {
|
2017-09-06 17:12:54 -05:00
|
|
|
ruser, err = c.App.CreateUserWithHash(user, hash, r.URL.Query().Get("d"))
|
2017-01-13 15:17:50 -05:00
|
|
|
} else if len(inviteId) > 0 {
|
2017-09-06 17:12:54 -05:00
|
|
|
ruser, err = c.App.CreateUserWithInviteId(user, inviteId)
|
2017-01-13 15:17:50 -05:00
|
|
|
} else {
|
2017-09-06 17:12:54 -05:00
|
|
|
ruser, err = c.App.CreateUserFromSignup(user)
|
2017-01-30 08:30:02 -05:00
|
|
|
}
|
2016-04-21 22:37:01 -07:00
|
|
|
|
2017-01-30 08:30:02 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
2015-11-05 08:59:29 -05:00
|
|
|
}
|
|
|
|
|
|
2015-06-14 23:53:32 -08:00
|
|
|
w.Write([]byte(ruser.ToJson()))
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-21 22:37:01 -07:00
|
|
|
func login(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
2016-05-03 14:10:36 -04:00
|
|
|
id := props["id"]
|
|
|
|
|
loginId := props["login_id"]
|
|
|
|
|
password := props["password"]
|
|
|
|
|
mfaToken := props["token"]
|
|
|
|
|
deviceId := props["device_id"]
|
2016-05-09 15:56:50 -04:00
|
|
|
ldapOnly := props["ldap_only"] == "true"
|
2016-05-03 14:10:36 -04:00
|
|
|
|
2017-01-30 08:30:02 -05:00
|
|
|
c.LogAudit("attempt - user_id=" + id + " login_id=" + loginId)
|
2017-09-06 17:12:54 -05:00
|
|
|
user, err := c.App.AuthenticateUserForLogin(id, loginId, password, mfaToken, deviceId, ldapOnly)
|
2017-01-30 08:30:02 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.LogAudit("failure - user_id=" + id + " login_id=" + loginId)
|
2016-07-12 15:18:25 -04:00
|
|
|
c.Err = err
|
2016-05-03 14:10:36 -04:00
|
|
|
return
|
|
|
|
|
}
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2016-05-03 14:10:36 -04:00
|
|
|
c.LogAuditWithUserId(user.Id, "success")
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2016-05-03 14:10:36 -04:00
|
|
|
doLogin(c, w, r, user, deviceId)
|
2016-09-21 04:17:58 -07:00
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
2015-12-17 12:44:46 -05:00
|
|
|
|
2016-05-03 14:10:36 -04:00
|
|
|
user.Sanitize(map[string]bool{})
|
2015-07-22 12:42:03 -04:00
|
|
|
|
2016-05-03 14:10:36 -04:00
|
|
|
w.Write([]byte(user.ToJson()))
|
2015-07-15 12:48:50 -04:00
|
|
|
}
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2016-04-21 22:37:01 -07:00
|
|
|
// User MUST be authenticated completely before calling Login
|
2016-05-03 14:10:36 -04:00
|
|
|
func doLogin(c *Context, w http.ResponseWriter, r *http.Request, user *model.User, deviceId string) {
|
2017-09-06 17:12:54 -05:00
|
|
|
session, err := c.App.DoLogin(w, r, user, deviceId)
|
2017-01-30 08:30:02 -05:00
|
|
|
if err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.Session = *session
|
2015-12-08 13:38:43 -05:00
|
|
|
}
|
|
|
|
|
|
2015-06-14 23:53:32 -08:00
|
|
|
func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
2015-09-16 15:49:12 -04:00
|
|
|
id := props["id"]
|
2017-01-13 15:17:50 -05:00
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.RevokeSessionById(id); err != nil {
|
2017-01-13 15:17:50 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-05 09:58:21 -06:00
|
|
|
w.Write([]byte(model.MapToJson(props)))
|
|
|
|
|
}
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2016-01-26 20:32:24 -05:00
|
|
|
func attachDeviceId(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
deviceId := props["device_id"]
|
|
|
|
|
if len(deviceId) == 0 {
|
|
|
|
|
c.SetInvalidParam("attachDevice", "deviceId")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-13 15:17:50 -05:00
|
|
|
// A special case where we logout of all other sessions with the same device id
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.RevokeSessionsForDeviceId(c.Session.UserId, deviceId, c.Session.Id); err != nil {
|
2017-01-13 15:17:50 -05:00
|
|
|
c.Err = err
|
2016-04-21 22:37:01 -07:00
|
|
|
c.Err.StatusCode = http.StatusInternalServerError
|
2016-01-26 20:32:24 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-19 18:31:35 -05:00
|
|
|
c.App.ClearSessionCacheForUser(c.Session.UserId)
|
2017-10-18 15:36:43 -07:00
|
|
|
c.Session.SetExpireInDays(*c.App.Config().ServiceSettings.SessionLengthMobileInDays)
|
2016-01-26 20:32:24 -05:00
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
maxAge := *c.App.Config().ServiceSettings.SessionLengthMobileInDays * 60 * 60 * 24
|
2016-07-21 08:36:11 -08:00
|
|
|
|
|
|
|
|
secure := false
|
2017-01-30 08:30:02 -05:00
|
|
|
if app.GetProtocol(r) == "https" {
|
2016-07-21 08:36:11 -08:00
|
|
|
secure = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
expiresAt := time.Unix(model.GetMillis()/1000+int64(maxAge), 0)
|
|
|
|
|
sessionCookie := &http.Cookie{
|
|
|
|
|
Name: model.SESSION_COOKIE_TOKEN,
|
|
|
|
|
Value: c.Session.Token,
|
|
|
|
|
Path: "/",
|
|
|
|
|
MaxAge: maxAge,
|
|
|
|
|
Expires: expiresAt,
|
|
|
|
|
HttpOnly: true,
|
|
|
|
|
Secure: secure,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
http.SetCookie(w, sessionCookie)
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.AttachDeviceId(c.Session.Id, deviceId, c.Session.ExpiresAt); err != nil {
|
2017-01-13 15:17:50 -05:00
|
|
|
c.Err = err
|
2016-01-26 20:32:24 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-08 14:30:58 -08:00
|
|
|
w.Write([]byte(model.MapToJson(props)))
|
2016-01-26 20:32:24 -05:00
|
|
|
}
|
|
|
|
|
|
2015-06-14 23:53:32 -08:00
|
|
|
func getSessions(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
|
|
|
|
params := mux.Vars(r)
|
2016-04-21 22:37:01 -07:00
|
|
|
id := params["user_id"]
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2017-10-25 11:48:15 -07:00
|
|
|
if !c.App.SessionHasPermissionToUser(c.Session, id) {
|
2017-01-23 08:12:05 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if sessions, err := c.App.GetSessions(id); err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
} else {
|
|
|
|
|
for _, session := range sessions {
|
|
|
|
|
session.Sanitize()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(model.SessionsToJson(sessions)))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func logout(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
data := make(map[string]string)
|
|
|
|
|
data["user_id"] = c.Session.UserId
|
|
|
|
|
|
|
|
|
|
Logout(c, w, r)
|
|
|
|
|
if c.Err == nil {
|
|
|
|
|
w.Write([]byte(model.MapToJson(data)))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Logout(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.LogAudit("")
|
2015-10-01 17:52:47 -07:00
|
|
|
c.RemoveSessionCookie(w, r)
|
2016-04-21 22:37:01 -07:00
|
|
|
if c.Session.Id != "" {
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.RevokeSessionById(c.Session.Id); err != nil {
|
2017-01-13 15:17:50 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2015-06-14 23:53:32 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getMe(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if user, err := c.App.GetUser(c.Session.UserId); err != nil {
|
2017-01-13 15:17:50 -05:00
|
|
|
c.Err = err
|
2015-10-01 17:52:47 -07:00
|
|
|
c.RemoveSessionCookie(w, r)
|
2016-01-22 01:37:11 -03:00
|
|
|
l4g.Error(utils.T("api.user.get_me.getting.error"), c.Session.UserId)
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
2017-10-18 15:36:43 -07:00
|
|
|
} else if c.HandleEtag(user.Etag(c.App.Config().PrivacySettings.ShowFullName, c.App.Config().PrivacySettings.ShowEmailAddress), "Get Me", w, r) {
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
} else {
|
2017-01-13 15:17:50 -05:00
|
|
|
user.Sanitize(map[string]bool{})
|
2017-10-18 15:36:43 -07:00
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, user.Etag(c.App.Config().PrivacySettings.ShowFullName, c.App.Config().PrivacySettings.ShowEmailAddress))
|
2017-01-13 15:17:50 -05:00
|
|
|
w.Write([]byte(user.ToJson()))
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-21 22:37:01 -07:00
|
|
|
func getInitialLoad(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
|
|
|
|
il := model.InitialLoad{}
|
|
|
|
|
|
2016-02-08 07:26:10 -05:00
|
|
|
if len(c.Session.UserId) != 0 {
|
2017-01-13 15:17:50 -05:00
|
|
|
var err *model.AppError
|
2016-04-21 22:37:01 -07:00
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
il.User, err = c.App.GetUser(c.Session.UserId)
|
2017-01-13 15:17:50 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
2016-04-21 22:37:01 -07:00
|
|
|
return
|
|
|
|
|
}
|
2017-01-13 15:17:50 -05:00
|
|
|
il.User.Sanitize(map[string]bool{})
|
2016-04-21 22:37:01 -07:00
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
il.Preferences, err = c.App.GetPreferencesForUser(c.Session.UserId)
|
2017-01-16 18:33:25 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2016-04-21 22:37:01 -07:00
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
il.Teams, err = c.App.GetTeamsForUser(c.Session.UserId)
|
2017-01-13 15:17:50 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
2016-04-21 22:37:01 -07:00
|
|
|
return
|
2017-01-13 15:17:50 -05:00
|
|
|
}
|
2016-04-21 22:37:01 -07:00
|
|
|
|
2017-01-13 15:17:50 -05:00
|
|
|
for _, team := range il.Teams {
|
|
|
|
|
team.Sanitize()
|
2016-04-21 22:37:01 -07:00
|
|
|
}
|
2017-01-13 15:17:50 -05:00
|
|
|
|
|
|
|
|
il.TeamMembers = c.Session.TeamMembers
|
2016-02-08 07:26:10 -05:00
|
|
|
}
|
2016-04-21 22:37:01 -07:00
|
|
|
|
2017-10-26 14:21:22 -05:00
|
|
|
if c.App.SessionCacheLength() == 0 {
|
2017-01-13 15:17:50 -05:00
|
|
|
// Below is a special case when intializating a new server
|
|
|
|
|
// Lets check to make sure the server is really empty
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
il.NoAccounts = c.App.IsFirstUserAccount()
|
2016-04-21 22:37:01 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
il.ClientCfg = utils.ClientCfg
|
2017-10-25 11:48:15 -07:00
|
|
|
if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
2017-08-16 09:51:45 -07:00
|
|
|
il.LicenseCfg = utils.ClientLicense()
|
2016-07-05 14:02:00 -04:00
|
|
|
} else {
|
2016-08-25 04:32:44 -08:00
|
|
|
il.LicenseCfg = utils.GetSanitizedClientLicense()
|
2016-07-05 14:02:00 -04:00
|
|
|
}
|
2016-04-21 22:37:01 -07:00
|
|
|
|
|
|
|
|
w.Write([]byte(il.ToJson()))
|
2016-02-08 07:26:10 -05:00
|
|
|
}
|
|
|
|
|
|
2015-06-14 23:53:32 -08:00
|
|
|
func getUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
params := mux.Vars(r)
|
2016-04-21 22:37:01 -07:00
|
|
|
id := params["user_id"]
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2017-01-13 15:17:50 -05:00
|
|
|
var user *model.User
|
|
|
|
|
var err *model.AppError
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if user, err = c.App.GetUser(id); err != nil {
|
2017-01-13 15:17:50 -05:00
|
|
|
c.Err = err
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
2017-01-30 08:30:02 -05:00
|
|
|
}
|
|
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
etag := user.Etag(c.App.Config().PrivacySettings.ShowFullName, c.App.Config().PrivacySettings.ShowEmailAddress)
|
2017-01-30 08:30:02 -05:00
|
|
|
|
2017-09-22 12:54:27 -05:00
|
|
|
if c.HandleEtag(etag, "Get User", w, r) {
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
} else {
|
2017-10-31 09:39:31 -05:00
|
|
|
c.App.SanitizeProfile(user, c.IsSystemAdmin())
|
2017-01-30 08:30:02 -05:00
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
|
2017-01-13 15:17:50 -05:00
|
|
|
w.Write([]byte(user.ToJson()))
|
2016-11-22 00:50:57 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getByUsername(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
params := mux.Vars(r)
|
|
|
|
|
username := params["username"]
|
|
|
|
|
|
2017-01-13 15:17:50 -05:00
|
|
|
var user *model.User
|
|
|
|
|
var err *model.AppError
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if user, err = c.App.GetUserByUsername(username); err != nil {
|
2017-01-13 15:17:50 -05:00
|
|
|
c.Err = err
|
2016-11-22 00:50:57 +01:00
|
|
|
return
|
2017-10-18 15:36:43 -07:00
|
|
|
} else if c.HandleEtag(user.Etag(c.App.Config().PrivacySettings.ShowFullName, c.App.Config().PrivacySettings.ShowEmailAddress), "Get By Username", w, r) {
|
2016-11-22 00:50:57 +01:00
|
|
|
return
|
|
|
|
|
} else {
|
2017-01-13 15:17:50 -05:00
|
|
|
sanitizeProfile(c, user)
|
2016-09-14 08:57:33 -04:00
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, user.Etag(c.App.Config().PrivacySettings.ShowFullName, c.App.Config().PrivacySettings.ShowEmailAddress))
|
2017-01-13 15:17:50 -05:00
|
|
|
w.Write([]byte(user.ToJson()))
|
2016-12-28 14:44:32 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getByEmail(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
params := mux.Vars(r)
|
|
|
|
|
email := params["email"]
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if user, err := c.App.GetUserByEmail(email); err != nil {
|
2017-01-13 15:17:50 -05:00
|
|
|
c.Err = err
|
2016-12-28 14:44:32 +01:00
|
|
|
return
|
2017-10-18 15:36:43 -07:00
|
|
|
} else if c.HandleEtag(user.Etag(c.App.Config().PrivacySettings.ShowFullName, c.App.Config().PrivacySettings.ShowEmailAddress), "Get By Email", w, r) {
|
2016-12-28 14:44:32 +01:00
|
|
|
return
|
|
|
|
|
} else {
|
2017-01-13 15:17:50 -05:00
|
|
|
sanitizeProfile(c, user)
|
2016-12-28 14:44:32 +01:00
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, user.Etag(c.App.Config().PrivacySettings.ShowFullName, c.App.Config().PrivacySettings.ShowEmailAddress))
|
2017-01-13 15:17:50 -05:00
|
|
|
w.Write([]byte(user.ToJson()))
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-19 14:49:25 -04:00
|
|
|
func getProfiles(c *Context, w http.ResponseWriter, r *http.Request) {
|
2016-05-04 06:31:42 -07:00
|
|
|
params := mux.Vars(r)
|
|
|
|
|
|
2016-10-19 14:49:25 -04:00
|
|
|
offset, err := strconv.Atoi(params["offset"])
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParam("getProfiles", "offset")
|
|
|
|
|
return
|
|
|
|
|
}
|
2016-05-04 06:31:42 -07:00
|
|
|
|
2016-10-19 14:49:25 -04:00
|
|
|
limit, err := strconv.Atoi(params["limit"])
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParam("getProfiles", "limit")
|
|
|
|
|
return
|
|
|
|
|
}
|
2016-05-04 06:31:42 -07:00
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
etag := c.App.GetUsersEtag() + params["offset"] + "." + params["limit"]
|
2017-09-22 12:54:27 -05:00
|
|
|
if c.HandleEtag(etag, "Get Profiles", w, r) {
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
2016-05-04 06:31:42 -07:00
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if profiles, err := c.App.GetUsersMap(offset, limit, c.IsSystemAdmin()); err != nil {
|
2017-01-25 09:32:42 -05:00
|
|
|
c.Err = err
|
2016-05-04 06:31:42 -07:00
|
|
|
return
|
|
|
|
|
} else {
|
2016-10-19 14:49:25 -04:00
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
|
2016-05-04 06:31:42 -07:00
|
|
|
w.Write([]byte(model.UserMapToJson(profiles)))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-19 14:49:25 -04:00
|
|
|
func getProfilesInTeam(c *Context, w http.ResponseWriter, r *http.Request) {
|
2015-09-23 12:49:28 -07:00
|
|
|
params := mux.Vars(r)
|
2016-10-19 14:49:25 -04:00
|
|
|
teamId := params["team_id"]
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2016-10-19 14:49:25 -04:00
|
|
|
if c.Session.GetTeamByTeamId(teamId) == nil {
|
2017-10-25 11:48:15 -07:00
|
|
|
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
2016-04-21 22:37:01 -07:00
|
|
|
return
|
|
|
|
|
}
|
2015-09-23 12:49:28 -07:00
|
|
|
}
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2016-10-19 14:49:25 -04:00
|
|
|
offset, err := strconv.Atoi(params["offset"])
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParam("getProfilesInTeam", "offset")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
limit, err := strconv.Atoi(params["limit"])
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParam("getProfilesInTeam", "limit")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
etag := c.App.GetUsersInTeamEtag(teamId)
|
2017-09-22 12:54:27 -05:00
|
|
|
if c.HandleEtag(etag, "Get Profiles In Team", w, r) {
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if profiles, err := c.App.GetUsersInTeamMap(teamId, offset, limit, c.IsSystemAdmin()); err != nil {
|
2017-01-25 09:32:42 -05:00
|
|
|
c.Err = err
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
} else {
|
2016-04-21 22:37:01 -07:00
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
|
|
|
|
|
w.Write([]byte(model.UserMapToJson(profiles)))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-19 14:49:25 -04:00
|
|
|
func getProfilesInChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
params := mux.Vars(r)
|
|
|
|
|
channelId := params["channel_id"]
|
|
|
|
|
|
|
|
|
|
offset, err := strconv.Atoi(params["offset"])
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParam("getProfiles", "offset")
|
2016-04-21 22:37:01 -07:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-19 14:49:25 -04:00
|
|
|
limit, err := strconv.Atoi(params["limit"])
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParam("getProfiles", "limit")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-25 09:32:42 -05:00
|
|
|
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
|
2017-10-25 11:48:15 -07:00
|
|
|
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
2017-01-25 09:32:42 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) {
|
2017-01-25 09:32:42 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if profiles, err := c.App.GetUsersInChannelMap(channelId, offset, limit, c.IsSystemAdmin()); err != nil {
|
2017-02-03 15:17:34 -05:00
|
|
|
c.Err = err
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
|
|
|
|
} else {
|
|
|
|
|
w.Write([]byte(model.UserMapToJson(profiles)))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getProfilesNotInChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
params := mux.Vars(r)
|
|
|
|
|
channelId := params["channel_id"]
|
|
|
|
|
|
|
|
|
|
if c.Session.GetTeamByTeamId(c.TeamId) == nil {
|
2017-10-25 11:48:15 -07:00
|
|
|
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
2017-01-23 08:12:05 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) {
|
2017-01-23 08:12:05 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
offset, err := strconv.Atoi(params["offset"])
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParam("getProfiles", "offset")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
limit, err := strconv.Atoi(params["limit"])
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParam("getProfiles", "limit")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if profiles, err := c.App.GetUsersNotInChannelMap(c.TeamId, channelId, offset, limit, c.IsSystemAdmin()); err != nil {
|
2017-01-25 09:32:42 -05:00
|
|
|
c.Err = err
|
2016-04-21 22:37:01 -07:00
|
|
|
return
|
|
|
|
|
} else {
|
2015-06-14 23:53:32 -08:00
|
|
|
w.Write([]byte(model.UserMapToJson(profiles)))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getAudits(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
params := mux.Vars(r)
|
2016-04-21 22:37:01 -07:00
|
|
|
id := params["user_id"]
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2017-10-25 11:48:15 -07:00
|
|
|
if !c.App.SessionHasPermissionToUser(c.Session, id) {
|
2017-01-23 08:12:05 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if audits, err := c.App.GetAudits(id, 20); err != nil {
|
2017-01-13 15:17:50 -05:00
|
|
|
c.Err = err
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
} else {
|
|
|
|
|
etag := audits.Etag()
|
|
|
|
|
|
2017-09-22 12:54:27 -05:00
|
|
|
if c.HandleEtag(etag, "Get Audits", w, r) {
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(etag) > 0 {
|
|
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(audits.ToJson()))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-19 11:19:51 -04:00
|
|
|
func getProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
|
2015-06-14 23:53:32 -08:00
|
|
|
params := mux.Vars(r)
|
2016-04-21 22:37:01 -07:00
|
|
|
id := params["user_id"]
|
2017-02-15 18:54:41 -05:00
|
|
|
readFailed := false
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2017-01-03 09:56:30 -05:00
|
|
|
var etag string
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if users, err := c.App.GetUsersByIds([]string{id}, false); err != nil {
|
2017-01-13 15:17:50 -05:00
|
|
|
c.Err = err
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
} else {
|
2017-02-15 18:54:41 -05:00
|
|
|
if len(users) == 0 {
|
2017-09-01 14:58:43 +01:00
|
|
|
c.Err = model.NewAppError("getProfileImage", "store.sql_user.get_profiles.app_error", nil, "", http.StatusInternalServerError)
|
2017-02-15 18:54:41 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user := users[0]
|
2017-01-13 15:17:50 -05:00
|
|
|
etag = strconv.FormatInt(user.LastPictureUpdate, 10)
|
2017-09-22 12:54:27 -05:00
|
|
|
if c.HandleEtag(etag, "Profile Image", w, r) {
|
2017-01-03 09:56:30 -05:00
|
|
|
return
|
|
|
|
|
}
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2017-01-13 15:17:50 -05:00
|
|
|
var img []byte
|
2017-10-31 09:39:31 -05:00
|
|
|
img, readFailed, err = c.App.GetProfileImage(user)
|
2017-01-13 15:17:50 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
2015-06-14 23:53:32 -08:00
|
|
|
}
|
|
|
|
|
|
2017-02-15 18:54:41 -05:00
|
|
|
if readFailed {
|
2015-06-14 23:53:32 -08:00
|
|
|
w.Header().Set("Cache-Control", "max-age=300, public") // 5 mins
|
|
|
|
|
} else {
|
|
|
|
|
w.Header().Set("Cache-Control", "max-age=86400, public") // 24 hrs
|
2017-09-19 13:34:39 -07:00
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
|
2015-06-14 23:53:32 -08:00
|
|
|
}
|
|
|
|
|
|
2015-10-25 18:02:36 +01:00
|
|
|
w.Header().Set("Content-Type", "image/png")
|
2015-06-14 23:53:32 -08:00
|
|
|
w.Write(img)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func uploadProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
|
2017-10-18 15:36:43 -07:00
|
|
|
if len(*c.App.Config().FileSettings.DriverName) == 0 {
|
2017-09-01 14:58:43 +01:00
|
|
|
c.Err = model.NewAppError("uploadProfileImage", "api.user.upload_profile_user.storage.app_error", nil, "", http.StatusNotImplemented)
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
if r.ContentLength > *c.App.Config().FileSettings.MaxFileSize {
|
2017-09-01 14:58:43 +01:00
|
|
|
c.Err = model.NewAppError("uploadProfileImage", "api.user.upload_profile_user.too_large.app_error", nil, "", http.StatusRequestEntityTooLarge)
|
2016-04-11 13:45:03 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
if err := r.ParseMultipartForm(*c.App.Config().FileSettings.MaxFileSize); err != nil {
|
2017-09-01 14:58:43 +01:00
|
|
|
c.Err = model.NewAppError("uploadProfileImage", "api.user.upload_profile_user.parse.app_error", nil, "", http.StatusBadRequest)
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m := r.MultipartForm
|
|
|
|
|
|
|
|
|
|
imageArray, ok := m.File["image"]
|
|
|
|
|
if !ok {
|
2017-09-01 14:58:43 +01:00
|
|
|
c.Err = model.NewAppError("uploadProfileImage", "api.user.upload_profile_user.no_file.app_error", nil, "", http.StatusBadRequest)
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(imageArray) <= 0 {
|
2017-09-01 14:58:43 +01:00
|
|
|
c.Err = model.NewAppError("uploadProfileImage", "api.user.upload_profile_user.array.app_error", nil, "", http.StatusBadRequest)
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
imageData := imageArray[0]
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.SetProfileImage(c.Session.UserId, imageData); err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.LogAudit("")
|
2015-09-24 16:47:27 -04:00
|
|
|
|
|
|
|
|
// write something as the response since jQuery expects a json response
|
|
|
|
|
w.Write([]byte("true"))
|
2015-06-14 23:53:32 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func updateUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
user := model.UserFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
if user == nil {
|
|
|
|
|
c.SetInvalidParam("updateUser", "user")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-25 11:48:15 -07:00
|
|
|
if !c.App.SessionHasPermissionToUser(c.Session, user.Id) {
|
2017-01-23 08:12:05 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if ruser, err := c.App.UpdateUserAsUser(user, c.IsSystemAdmin()); err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
} else {
|
|
|
|
|
c.LogAudit("")
|
2017-01-19 09:00:13 -05:00
|
|
|
w.Write([]byte(ruser.ToJson()))
|
2015-06-14 23:53:32 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.LogAudit("attempted")
|
|
|
|
|
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
userId := props["user_id"]
|
|
|
|
|
if len(userId) != 26 {
|
|
|
|
|
c.SetInvalidParam("updatePassword", "user_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
currentPassword := props["current_password"]
|
|
|
|
|
if len(currentPassword) <= 0 {
|
|
|
|
|
c.SetInvalidParam("updatePassword", "current_password")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
newPassword := props["new_password"]
|
2016-07-06 18:54:54 -04:00
|
|
|
|
2015-06-14 23:53:32 -08:00
|
|
|
if userId != c.Session.UserId {
|
2017-09-01 14:58:43 +01:00
|
|
|
c.Err = model.NewAppError("updatePassword", "api.user.update_password.context.app_error", nil, "", http.StatusForbidden)
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.UpdatePasswordAsUser(userId, currentPassword, newPassword); err != nil {
|
2017-01-30 08:30:02 -05:00
|
|
|
c.LogAudit("failed")
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
} else {
|
|
|
|
|
c.LogAudit("completed")
|
|
|
|
|
|
|
|
|
|
data := make(map[string]string)
|
2017-01-19 09:00:13 -05:00
|
|
|
data["user_id"] = c.Session.UserId
|
2015-06-14 23:53:32 -08:00
|
|
|
w.Write([]byte(model.MapToJson(data)))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
2016-09-22 08:31:38 -04:00
|
|
|
params := mux.Vars(r)
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2016-09-22 08:31:38 -04:00
|
|
|
userId := params["user_id"]
|
|
|
|
|
if len(userId) != 26 {
|
|
|
|
|
c.SetInvalidParam("updateMemberRoles", "user_id")
|
2015-09-04 11:59:10 -07:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-22 08:31:38 -04:00
|
|
|
newRoles := props["new_roles"]
|
|
|
|
|
if !(model.IsValidUserRoles(newRoles)) {
|
|
|
|
|
c.SetInvalidParam("updateMemberRoles", "new_roles")
|
2016-05-06 11:28:22 -07:00
|
|
|
return
|
2016-04-21 22:37:01 -07:00
|
|
|
}
|
|
|
|
|
|
2017-10-25 11:48:15 -07:00
|
|
|
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_ROLES) {
|
2017-01-23 08:12:05 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_ROLES)
|
2015-09-04 11:59:10 -07:00
|
|
|
return
|
|
|
|
|
}
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2017-10-31 12:00:21 -04:00
|
|
|
if _, err := c.App.UpdateUserRoles(userId, newRoles, true); err != nil {
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
} else {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.LogAuditWithUserId(userId, "roles="+newRoles)
|
2016-07-06 13:57:32 -04:00
|
|
|
}
|
|
|
|
|
|
2016-09-22 08:31:38 -04:00
|
|
|
rdata := map[string]string{}
|
|
|
|
|
rdata["status"] = "ok"
|
|
|
|
|
w.Write([]byte(model.MapToJson(rdata)))
|
2015-06-14 23:53:32 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func updateActive(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
2017-01-19 09:00:13 -05:00
|
|
|
userId := props["user_id"]
|
|
|
|
|
if len(userId) != 26 {
|
2015-06-14 23:53:32 -08:00
|
|
|
c.SetInvalidParam("updateActive", "user_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
active := props["active"] == "true"
|
|
|
|
|
|
2016-04-21 22:37:01 -07:00
|
|
|
// true when you're trying to de-activate yourself
|
2017-01-19 09:00:13 -05:00
|
|
|
isSelfDeactive := !active && userId == c.Session.UserId
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2017-10-25 11:48:15 -07:00
|
|
|
if !isSelfDeactive && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
2017-09-01 14:58:43 +01:00
|
|
|
c.Err = model.NewAppError("updateActive", "api.user.update_active.permissions.app_error", nil, "userId="+userId, http.StatusForbidden)
|
2016-04-21 22:37:01 -07:00
|
|
|
return
|
2015-06-14 23:53:32 -08:00
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if ruser, err := c.App.UpdateActiveNoLdap(userId, active); err != nil {
|
2016-07-26 12:39:35 -04:00
|
|
|
c.Err = err
|
|
|
|
|
} else {
|
|
|
|
|
c.LogAuditWithUserId(ruser.Id, fmt.Sprintf("active=%v", active))
|
2015-11-16 17:12:49 -08:00
|
|
|
w.Write([]byte(ruser.ToJson()))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-14 23:53:32 -08:00
|
|
|
func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
email := props["email"]
|
|
|
|
|
if len(email) == 0 {
|
|
|
|
|
c.SetInvalidParam("sendPasswordReset", "email")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if sent, err := c.App.SendPasswordReset(email, utils.GetSiteURL()); err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
2016-04-21 22:37:01 -07:00
|
|
|
return
|
2017-01-25 09:32:42 -05:00
|
|
|
} else if sent {
|
|
|
|
|
c.LogAudit("sent=" + email)
|
2016-04-21 22:37:01 -07:00
|
|
|
}
|
2015-06-14 23:53:32 -08:00
|
|
|
|
|
|
|
|
w.Write([]byte(model.MapToJson(props)))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func resetPassword(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
2016-04-21 22:37:01 -07:00
|
|
|
code := props["code"]
|
2017-04-27 10:55:03 -04:00
|
|
|
if len(code) != model.TOKEN_SIZE {
|
2016-04-21 22:37:01 -07:00
|
|
|
c.SetInvalidParam("resetPassword", "code")
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-06 18:54:54 -04:00
|
|
|
newPassword := props["new_password"]
|
|
|
|
|
|
2017-04-27 10:55:03 -04:00
|
|
|
c.LogAudit("attempt - token=" + code)
|
2016-04-21 22:37:01 -07:00
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.ResetPasswordFromToken(code, newPassword); err != nil {
|
2017-04-27 10:55:03 -04:00
|
|
|
c.LogAudit("fail - token=" + code)
|
2016-04-21 22:37:01 -07:00
|
|
|
c.Err = err
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-27 10:55:03 -04:00
|
|
|
c.LogAudit("success - token=" + code)
|
2015-06-14 23:53:32 -08:00
|
|
|
|
2016-04-21 22:37:01 -07:00
|
|
|
rdata := map[string]string{}
|
|
|
|
|
rdata["status"] = "ok"
|
|
|
|
|
w.Write([]byte(model.MapToJson(rdata)))
|
|
|
|
|
}
|
2015-06-14 23:53:32 -08:00
|
|
|
|
|
|
|
|
func updateUserNotify(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
2017-01-19 09:00:13 -05:00
|
|
|
userId := props["user_id"]
|
|
|
|
|
if len(userId) != 26 {
|
2015-06-14 23:53:32 -08:00
|
|
|
c.SetInvalidParam("updateUserNotify", "user_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-25 11:48:15 -07:00
|
|
|
if !c.App.SessionHasPermissionToUser(c.Session, userId) {
|
2017-01-23 08:12:05 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
delete(props, "user_id")
|
|
|
|
|
|
|
|
|
|
email := props["email"]
|
|
|
|
|
if len(email) == 0 {
|
|
|
|
|
c.SetInvalidParam("updateUserNotify", "email")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
desktop_sound := props["desktop_sound"]
|
|
|
|
|
if len(desktop_sound) == 0 {
|
|
|
|
|
c.SetInvalidParam("updateUserNotify", "desktop_sound")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
desktop := props["desktop"]
|
|
|
|
|
if len(desktop) == 0 {
|
|
|
|
|
c.SetInvalidParam("updateUserNotify", "desktop")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-19 15:27:23 +03:00
|
|
|
comments := props["comments"]
|
|
|
|
|
if len(comments) == 0 {
|
|
|
|
|
c.SetInvalidParam("updateUserNotify", "comments")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
ruser, err := c.App.UpdateUserNotifyProps(userId, props)
|
2017-01-25 09:32:42 -05:00
|
|
|
if err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
2015-06-14 23:53:32 -08:00
|
|
|
return
|
|
|
|
|
}
|
2017-01-19 09:00:13 -05:00
|
|
|
|
2017-01-25 09:32:42 -05:00
|
|
|
c.LogAuditWithUserId(ruser.Id, "")
|
2017-01-19 09:00:13 -05:00
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
options := c.App.Config().GetSanitizeOptions()
|
2017-01-19 09:00:13 -05:00
|
|
|
options["passwordupdate"] = false
|
|
|
|
|
ruser.Sanitize(options)
|
|
|
|
|
w.Write([]byte(ruser.ToJson()))
|
2015-06-14 23:53:32 -08:00
|
|
|
}
|
|
|
|
|
|
2016-03-17 15:46:16 -04:00
|
|
|
func emailToOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
|
2015-12-17 12:44:46 -05:00
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
password := props["password"]
|
|
|
|
|
if len(password) == 0 {
|
2016-03-17 15:46:16 -04:00
|
|
|
c.SetInvalidParam("emailToOAuth", "password")
|
2015-12-17 12:44:46 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-12 08:16:10 -05:00
|
|
|
mfaToken := props["token"]
|
|
|
|
|
|
2015-12-17 12:44:46 -05:00
|
|
|
service := props["service"]
|
|
|
|
|
if len(service) == 0 {
|
2016-03-17 15:46:16 -04:00
|
|
|
c.SetInvalidParam("emailToOAuth", "service")
|
2015-12-17 12:44:46 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
email := props["email"]
|
|
|
|
|
if len(email) == 0 {
|
2016-03-17 15:46:16 -04:00
|
|
|
c.SetInvalidParam("emailToOAuth", "email")
|
2015-12-17 12:44:46 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
link, err := c.App.SwitchEmailToOAuth(w, r, email, password, mfaToken, service)
|
2017-04-10 08:19:49 -04:00
|
|
|
if err != nil {
|
2016-04-21 22:37:01 -07:00
|
|
|
c.Err = err
|
2015-12-17 12:44:46 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-10 08:19:49 -04:00
|
|
|
c.LogAudit("success for email=" + email)
|
|
|
|
|
w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
|
2015-12-17 12:44:46 -05:00
|
|
|
}
|
|
|
|
|
|
2016-03-17 15:46:16 -04:00
|
|
|
func oauthToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
|
2015-12-17 12:44:46 -05:00
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
password := props["password"]
|
2016-07-06 18:54:54 -04:00
|
|
|
if err := utils.IsPasswordValid(password); err != nil {
|
|
|
|
|
c.Err = err
|
2015-12-17 12:44:46 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
email := props["email"]
|
|
|
|
|
if len(email) == 0 {
|
2016-03-17 15:46:16 -04:00
|
|
|
c.SetInvalidParam("oauthToEmail", "email")
|
2015-12-17 12:44:46 -05:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
link, err := c.App.SwitchOAuthToEmail(email, password, c.Session.UserId)
|
2017-04-10 08:19:49 -04:00
|
|
|
if err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2015-12-17 12:44:46 -05:00
|
|
|
|
2016-06-15 04:10:22 -08:00
|
|
|
c.RemoveSessionCookie(w, r)
|
2015-12-17 12:44:46 -05:00
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.LogAudit("success")
|
2017-04-10 08:19:49 -04:00
|
|
|
w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
|
2015-12-17 12:44:46 -05:00
|
|
|
}
|
|
|
|
|
|
2016-03-17 15:46:16 -04:00
|
|
|
func emailToLdap(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
email := props["email"]
|
|
|
|
|
if len(email) == 0 {
|
|
|
|
|
c.SetInvalidParam("emailToLdap", "email")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
emailPassword := props["email_password"]
|
|
|
|
|
if len(emailPassword) == 0 {
|
|
|
|
|
c.SetInvalidParam("emailToLdap", "email_password")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ldapId := props["ldap_id"]
|
|
|
|
|
if len(ldapId) == 0 {
|
|
|
|
|
c.SetInvalidParam("emailToLdap", "ldap_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ldapPassword := props["ldap_password"]
|
|
|
|
|
if len(ldapPassword) == 0 {
|
|
|
|
|
c.SetInvalidParam("emailToLdap", "ldap_password")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-12 08:16:10 -05:00
|
|
|
token := props["token"]
|
|
|
|
|
|
2016-03-17 15:46:16 -04:00
|
|
|
c.LogAudit("attempt")
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
link, err := c.App.SwitchEmailToLdap(email, emailPassword, token, ldapId, ldapPassword)
|
2017-04-10 08:19:49 -04:00
|
|
|
if err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-15 04:10:22 -08:00
|
|
|
c.RemoveSessionCookie(w, r)
|
2016-03-17 15:46:16 -04:00
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.LogAudit("success")
|
2017-04-10 08:19:49 -04:00
|
|
|
w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
|
2016-03-17 15:46:16 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func ldapToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
email := props["email"]
|
|
|
|
|
if len(email) == 0 {
|
|
|
|
|
c.SetInvalidParam("ldapToEmail", "email")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
emailPassword := props["email_password"]
|
2016-07-06 18:54:54 -04:00
|
|
|
if err := utils.IsPasswordValid(emailPassword); err != nil {
|
|
|
|
|
c.Err = err
|
2016-03-17 15:46:16 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ldapPassword := props["ldap_password"]
|
|
|
|
|
if len(ldapPassword) == 0 {
|
|
|
|
|
c.SetInvalidParam("ldapToEmail", "ldap_password")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-12 08:16:10 -05:00
|
|
|
token := props["token"]
|
|
|
|
|
|
2016-03-17 15:46:16 -04:00
|
|
|
c.LogAudit("attempt")
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
link, err := c.App.SwitchLdapToEmail(ldapPassword, token, email, emailPassword)
|
2017-04-10 08:19:49 -04:00
|
|
|
if err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
2016-03-17 15:46:16 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-15 04:10:22 -08:00
|
|
|
c.RemoveSessionCookie(w, r)
|
2016-03-17 15:46:16 -04:00
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.LogAudit("success")
|
2017-04-10 08:19:49 -04:00
|
|
|
w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
|
2016-03-17 15:46:16 -04:00
|
|
|
}
|
|
|
|
|
|
2016-11-03 10:41:11 -04:00
|
|
|
func generateMfaSecret(c *Context, w http.ResponseWriter, r *http.Request) {
|
2017-09-06 17:12:54 -05:00
|
|
|
secret, err := c.App.GenerateMfaSecret(c.Session.UserId)
|
2016-03-30 12:49:29 -04:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-26 08:40:47 -04:00
|
|
|
w.Header().Set("Cache-Control", "no-cache")
|
|
|
|
|
w.Header().Set("Pragma", "no-cache")
|
|
|
|
|
w.Header().Set("Expires", "0")
|
2017-03-27 09:21:48 -04:00
|
|
|
w.Write([]byte(secret.ToJson()))
|
2016-03-30 12:49:29 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func updateMfa(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.StringInterfaceFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
activate, ok := props["activate"].(bool)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.SetInvalidParam("updateMfa", "activate")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
token := ""
|
|
|
|
|
if activate {
|
|
|
|
|
token = props["token"].(string)
|
|
|
|
|
if len(token) == 0 {
|
|
|
|
|
c.SetInvalidParam("updateMfa", "token")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-12 08:16:10 -05:00
|
|
|
c.LogAudit("attempt")
|
|
|
|
|
|
2016-03-30 12:49:29 -04:00
|
|
|
if activate {
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.ActivateMfa(c.Session.UserId, token); err != nil {
|
2016-03-30 12:49:29 -04:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2016-12-12 08:16:10 -05:00
|
|
|
c.LogAudit("success - activated")
|
2016-03-30 12:49:29 -04:00
|
|
|
} else {
|
2017-09-19 18:31:35 -05:00
|
|
|
if err := c.App.DeactivateMfa(c.Session.UserId); err != nil {
|
2016-03-30 12:49:29 -04:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2016-12-12 08:16:10 -05:00
|
|
|
c.LogAudit("success - deactivated")
|
2016-03-30 12:49:29 -04:00
|
|
|
}
|
|
|
|
|
|
2017-10-03 10:53:53 -05:00
|
|
|
c.App.Go(func() {
|
2016-12-12 08:16:10 -05:00
|
|
|
var user *model.User
|
2017-01-19 09:00:13 -05:00
|
|
|
var err *model.AppError
|
2017-09-06 17:12:54 -05:00
|
|
|
if user, err = c.App.GetUser(c.Session.UserId); err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
l4g.Warn(err.Error())
|
|
|
|
|
return
|
2016-12-12 08:16:10 -05:00
|
|
|
}
|
|
|
|
|
|
2017-04-04 11:54:52 -04:00
|
|
|
if err := app.SendMfaChangeEmail(user.Email, activate, user.Locale, utils.GetSiteURL()); err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
l4g.Error(err.Error())
|
|
|
|
|
}
|
2017-10-03 10:53:53 -05:00
|
|
|
})
|
2016-12-12 08:16:10 -05:00
|
|
|
|
2016-03-30 12:49:29 -04:00
|
|
|
rdata := map[string]string{}
|
|
|
|
|
rdata["status"] = "ok"
|
|
|
|
|
w.Write([]byte(model.MapToJson(rdata)))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func checkMfa(c *Context, w http.ResponseWriter, r *http.Request) {
|
2017-10-18 15:36:43 -07:00
|
|
|
if !utils.IsLicensed() || !*utils.License().Features.MFA || !*c.App.Config().ServiceSettings.EnableMultifactorAuthentication {
|
2016-03-30 12:49:29 -04:00
|
|
|
rdata := map[string]string{}
|
|
|
|
|
rdata["mfa_required"] = "false"
|
|
|
|
|
w.Write([]byte(model.MapToJson(rdata)))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
loginId := props["login_id"]
|
|
|
|
|
if len(loginId) == 0 {
|
|
|
|
|
c.SetInvalidParam("checkMfa", "login_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rdata := map[string]string{}
|
2017-09-06 17:12:54 -05:00
|
|
|
if user, err := c.App.GetUserForLogin(loginId, false); err != nil {
|
2016-03-30 12:49:29 -04:00
|
|
|
rdata["mfa_required"] = "false"
|
|
|
|
|
} else {
|
2017-01-19 09:00:13 -05:00
|
|
|
rdata["mfa_required"] = strconv.FormatBool(user.MfaActive)
|
2016-03-30 12:49:29 -04:00
|
|
|
}
|
|
|
|
|
w.Write([]byte(model.MapToJson(rdata)))
|
|
|
|
|
}
|
2016-07-05 15:49:00 -04:00
|
|
|
|
|
|
|
|
func loginWithSaml(c *Context, w http.ResponseWriter, r *http.Request) {
|
2017-09-19 18:31:35 -05:00
|
|
|
samlInterface := c.App.Saml
|
2016-07-05 15:49:00 -04:00
|
|
|
|
|
|
|
|
if samlInterface == nil {
|
2017-09-01 14:58:43 +01:00
|
|
|
c.Err = model.NewAppError("loginWithSaml", "api.user.saml.not_available.app_error", nil, "", http.StatusFound)
|
2016-07-05 15:49:00 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
teamId, err := c.App.GetTeamIdFromQuery(r.URL.Query())
|
2016-07-05 15:49:00 -04:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
action := r.URL.Query().Get("action")
|
2016-08-03 12:19:27 -05:00
|
|
|
redirectTo := r.URL.Query().Get("redirect_to")
|
|
|
|
|
relayProps := map[string]string{}
|
2016-07-05 15:49:00 -04:00
|
|
|
relayState := ""
|
|
|
|
|
|
|
|
|
|
if len(action) != 0 {
|
|
|
|
|
relayProps["team_id"] = teamId
|
|
|
|
|
relayProps["action"] = action
|
|
|
|
|
if action == model.OAUTH_ACTION_EMAIL_TO_SSO {
|
|
|
|
|
relayProps["email"] = r.URL.Query().Get("email")
|
|
|
|
|
}
|
2016-08-03 12:19:27 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(redirectTo) != 0 {
|
|
|
|
|
relayProps["redirect_to"] = redirectTo
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(relayProps) > 0 {
|
2016-07-05 15:49:00 -04:00
|
|
|
relayState = b64.StdEncoding.EncodeToString([]byte(model.MapToJson(relayProps)))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if data, err := samlInterface.BuildRequest(relayState); err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
} else {
|
|
|
|
|
w.Header().Set("Content-Type", "application/x-www-form-urlencoded")
|
|
|
|
|
http.Redirect(w, r, data.URL, http.StatusFound)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func completeSaml(c *Context, w http.ResponseWriter, r *http.Request) {
|
2017-09-19 18:31:35 -05:00
|
|
|
samlInterface := c.App.Saml
|
2016-07-05 15:49:00 -04:00
|
|
|
|
|
|
|
|
if samlInterface == nil {
|
2017-09-01 14:58:43 +01:00
|
|
|
c.Err = model.NewAppError("completeSaml", "api.user.saml.not_available.app_error", nil, "", http.StatusFound)
|
2016-07-05 15:49:00 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//Validate that the user is with SAML and all that
|
|
|
|
|
encodedXML := r.FormValue("SAMLResponse")
|
|
|
|
|
relayState := r.FormValue("RelayState")
|
|
|
|
|
|
|
|
|
|
relayProps := make(map[string]string)
|
|
|
|
|
if len(relayState) > 0 {
|
|
|
|
|
stateStr := ""
|
|
|
|
|
if b, err := b64.StdEncoding.DecodeString(relayState); err != nil {
|
2017-09-01 14:58:43 +01:00
|
|
|
c.Err = model.NewAppError("completeSaml", "api.user.authorize_oauth_user.invalid_state.app_error", nil, err.Error(), http.StatusFound)
|
2016-07-05 15:49:00 -04:00
|
|
|
return
|
|
|
|
|
} else {
|
|
|
|
|
stateStr = string(b)
|
|
|
|
|
}
|
|
|
|
|
relayProps = model.MapFromJson(strings.NewReader(stateStr))
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-27 19:22:23 -04:00
|
|
|
action := relayProps["action"]
|
2017-04-04 11:54:52 -04:00
|
|
|
if user, err := samlInterface.DoLogin(encodedXML, relayProps); err != nil {
|
2017-07-27 19:22:23 -04:00
|
|
|
if action == model.OAUTH_ACTION_MOBILE {
|
|
|
|
|
err.Translate(c.T)
|
|
|
|
|
w.Write([]byte(err.ToJson()))
|
|
|
|
|
} else {
|
|
|
|
|
c.Err = err
|
|
|
|
|
c.Err.StatusCode = http.StatusFound
|
|
|
|
|
}
|
2016-07-05 15:49:00 -04:00
|
|
|
return
|
|
|
|
|
} else {
|
2017-09-19 18:31:35 -05:00
|
|
|
if err := c.App.CheckUserAdditionalAuthenticationCriteria(user, ""); err != nil {
|
2016-07-05 15:49:00 -04:00
|
|
|
c.Err = err
|
|
|
|
|
c.Err.StatusCode = http.StatusFound
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-07-27 19:22:23 -04:00
|
|
|
|
2016-07-05 15:49:00 -04:00
|
|
|
switch action {
|
|
|
|
|
case model.OAUTH_ACTION_SIGNUP:
|
|
|
|
|
teamId := relayProps["team_id"]
|
2016-07-13 13:13:13 -04:00
|
|
|
if len(teamId) > 0 {
|
2017-10-03 10:53:53 -05:00
|
|
|
c.App.Go(func() {
|
|
|
|
|
c.App.AddDirectChannels(teamId, user)
|
|
|
|
|
})
|
2016-07-13 13:13:13 -04:00
|
|
|
}
|
2016-07-05 15:49:00 -04:00
|
|
|
case model.OAUTH_ACTION_EMAIL_TO_SSO:
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.RevokeAllSessions(user.Id); err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
c.LogAuditWithUserId(user.Id, "Revoked all sessions for user")
|
2017-10-03 10:53:53 -05:00
|
|
|
c.App.Go(func() {
|
2017-10-24 09:00:05 -07:00
|
|
|
if err := c.App.SendSignInChangeEmail(user.Email, strings.Title(model.USER_AUTH_SERVICE_SAML)+" SSO", user.Locale, utils.GetSiteURL()); err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
l4g.Error(err.Error())
|
|
|
|
|
}
|
2017-10-03 10:53:53 -05:00
|
|
|
})
|
2016-07-05 15:49:00 -04:00
|
|
|
}
|
|
|
|
|
doLogin(c, w, r, user, "")
|
2016-09-21 04:17:58 -07:00
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
2016-08-03 12:19:27 -05:00
|
|
|
|
|
|
|
|
if val, ok := relayProps["redirect_to"]; ok {
|
2017-04-04 11:54:52 -04:00
|
|
|
http.Redirect(w, r, c.GetSiteURLHeader()+val, http.StatusFound)
|
2016-08-03 12:19:27 -05:00
|
|
|
return
|
|
|
|
|
}
|
2017-03-06 11:14:44 -03:00
|
|
|
|
2017-07-27 19:22:23 -04:00
|
|
|
if action == model.OAUTH_ACTION_MOBILE {
|
|
|
|
|
ReturnStatusOK(w)
|
2017-03-06 11:14:44 -03:00
|
|
|
} else {
|
|
|
|
|
http.Redirect(w, r, app.GetProtocol(r)+"://"+r.Host, http.StatusFound)
|
|
|
|
|
}
|
2016-07-05 15:49:00 -04:00
|
|
|
}
|
|
|
|
|
}
|
2016-07-12 09:36:27 -04:00
|
|
|
|
2016-09-02 12:24:20 -04:00
|
|
|
func sanitizeProfile(c *Context, user *model.User) *model.User {
|
2017-10-18 15:36:43 -07:00
|
|
|
options := c.App.Config().GetSanitizeOptions()
|
2016-09-02 12:24:20 -04:00
|
|
|
|
2017-10-25 11:48:15 -07:00
|
|
|
if c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
2016-09-02 12:24:20 -04:00
|
|
|
options["email"] = true
|
|
|
|
|
options["fullname"] = true
|
2016-09-28 09:49:54 -03:00
|
|
|
options["authservice"] = true
|
2016-09-02 12:24:20 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user.SanitizeProfile(options)
|
|
|
|
|
|
|
|
|
|
return user
|
|
|
|
|
}
|
2016-10-19 14:49:25 -04:00
|
|
|
|
|
|
|
|
func searchUsers(c *Context, w http.ResponseWriter, r *http.Request) {
|
2016-11-02 14:38:34 -04:00
|
|
|
props := model.UserSearchFromJson(r.Body)
|
|
|
|
|
if props == nil {
|
|
|
|
|
c.SetInvalidParam("searchUsers", "")
|
|
|
|
|
return
|
|
|
|
|
}
|
2016-10-19 14:49:25 -04:00
|
|
|
|
2016-11-02 14:38:34 -04:00
|
|
|
if len(props.Term) == 0 {
|
2016-10-19 14:49:25 -04:00
|
|
|
c.SetInvalidParam("searchUsers", "term")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if props.InChannelId != "" && !c.App.SessionHasPermissionToChannel(c.Session, props.InChannelId, model.PERMISSION_READ_CHANNEL) {
|
2017-01-23 08:12:05 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if props.NotInChannelId != "" && !c.App.SessionHasPermissionToChannel(c.Session, props.NotInChannelId, model.PERMISSION_READ_CHANNEL) {
|
2017-01-23 08:12:05 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-02 14:38:34 -04:00
|
|
|
searchOptions := map[string]bool{}
|
|
|
|
|
searchOptions[store.USER_SEARCH_OPTION_ALLOW_INACTIVE] = props.AllowInactive
|
|
|
|
|
|
2017-10-25 11:48:15 -07:00
|
|
|
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
2017-10-18 15:36:43 -07:00
|
|
|
hideFullName := !c.App.Config().PrivacySettings.ShowFullName
|
|
|
|
|
hideEmail := !c.App.Config().PrivacySettings.ShowEmailAddress
|
2016-12-02 12:24:22 -05:00
|
|
|
|
|
|
|
|
if hideFullName && hideEmail {
|
|
|
|
|
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
|
|
|
|
|
} else if hideFullName {
|
|
|
|
|
searchOptions[store.USER_SEARCH_OPTION_ALL_NO_FULL_NAME] = true
|
|
|
|
|
} else if hideEmail {
|
|
|
|
|
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if profiles, err := c.App.SearchUsers(props, searchOptions, c.IsSystemAdmin()); err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
2017-03-23 06:34:22 -04:00
|
|
|
} else {
|
|
|
|
|
w.Write([]byte(model.UserListToJson(profiles)))
|
2017-01-19 09:00:13 -05:00
|
|
|
}
|
2016-10-19 14:49:25 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getProfilesByIds(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
userIds := model.ArrayFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
if len(userIds) == 0 {
|
|
|
|
|
c.SetInvalidParam("getProfilesByIds", "user_ids")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if profiles, err := c.App.GetUsersByIds(userIds, c.IsSystemAdmin()); err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
|
|
|
|
} else {
|
2017-02-03 09:30:57 -05:00
|
|
|
profileMap := map[string]*model.User{}
|
2016-10-19 14:49:25 -04:00
|
|
|
for _, p := range profiles {
|
2017-02-03 09:30:57 -05:00
|
|
|
profileMap[p.Id] = p
|
2016-10-19 14:49:25 -04:00
|
|
|
}
|
2017-02-03 09:30:57 -05:00
|
|
|
w.Write([]byte(model.UserMapToJson(profileMap)))
|
2016-10-19 14:49:25 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func autocompleteUsersInChannel(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
params := mux.Vars(r)
|
|
|
|
|
channelId := params["channel_id"]
|
|
|
|
|
teamId := params["team_id"]
|
|
|
|
|
|
|
|
|
|
term := r.URL.Query().Get("term")
|
|
|
|
|
|
|
|
|
|
if c.Session.GetTeamByTeamId(teamId) == nil {
|
2017-10-25 11:48:15 -07:00
|
|
|
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if !c.App.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) {
|
2017-01-23 08:12:05 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-03 11:24:45 -04:00
|
|
|
searchOptions := map[string]bool{}
|
2016-12-02 12:24:22 -05:00
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
hideFullName := !c.App.Config().PrivacySettings.ShowFullName
|
2017-10-25 11:48:15 -07:00
|
|
|
if hideFullName && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
2016-12-02 12:24:22 -05:00
|
|
|
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
|
|
|
|
|
} else {
|
|
|
|
|
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true
|
|
|
|
|
}
|
2016-11-03 11:24:45 -04:00
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
autocomplete, err := c.App.AutocompleteUsersInChannel(teamId, channelId, term, searchOptions, c.IsSystemAdmin())
|
2017-01-19 09:00:13 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(autocomplete.ToJson()))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func autocompleteUsersInTeam(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
params := mux.Vars(r)
|
|
|
|
|
teamId := params["team_id"]
|
|
|
|
|
|
|
|
|
|
term := r.URL.Query().Get("term")
|
|
|
|
|
|
|
|
|
|
if c.Session.GetTeamByTeamId(teamId) == nil {
|
2017-10-25 11:48:15 -07:00
|
|
|
if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-24 09:35:09 -05:00
|
|
|
searchOptions := map[string]bool{}
|
2016-12-02 12:24:22 -05:00
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
hideFullName := !c.App.Config().PrivacySettings.ShowFullName
|
2017-10-25 11:48:15 -07:00
|
|
|
if hideFullName && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
2016-12-02 12:24:22 -05:00
|
|
|
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
|
|
|
|
|
} else {
|
|
|
|
|
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true
|
|
|
|
|
}
|
2016-11-24 09:35:09 -05:00
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
autocomplete, err := c.App.AutocompleteUsersInTeam(teamId, term, searchOptions, c.IsSystemAdmin())
|
2017-01-19 09:00:13 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
2016-10-19 14:49:25 -04:00
|
|
|
return
|
2017-01-19 09:00:13 -05:00
|
|
|
}
|
2016-10-19 14:49:25 -04:00
|
|
|
|
|
|
|
|
w.Write([]byte(autocomplete.ToJson()))
|
|
|
|
|
}
|
2016-11-29 10:12:59 -05:00
|
|
|
|
|
|
|
|
func autocompleteUsers(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
term := r.URL.Query().Get("term")
|
|
|
|
|
|
2016-12-26 09:38:34 -05:00
|
|
|
searchOptions := map[string]bool{}
|
|
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
hideFullName := !c.App.Config().PrivacySettings.ShowFullName
|
2017-10-25 11:48:15 -07:00
|
|
|
if hideFullName && !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
|
2016-12-26 09:38:34 -05:00
|
|
|
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
|
|
|
|
|
} else {
|
|
|
|
|
searchOptions[store.USER_SEARCH_OPTION_NAMES_ONLY] = true
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-29 10:12:59 -05:00
|
|
|
var profiles []*model.User
|
2017-01-19 09:00:13 -05:00
|
|
|
var err *model.AppError
|
2016-11-29 10:12:59 -05:00
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if profiles, err = c.App.SearchUsersInTeam("", term, searchOptions, c.IsSystemAdmin()); err != nil {
|
2017-01-19 09:00:13 -05:00
|
|
|
c.Err = err
|
2016-11-29 10:12:59 -05:00
|
|
|
return
|
2017-01-19 09:00:13 -05:00
|
|
|
}
|
2016-11-29 10:12:59 -05:00
|
|
|
|
|
|
|
|
w.Write([]byte(model.UserListToJson(profiles)))
|
|
|
|
|
}
|
