IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
b97b3ae6179bc15ec23e0697b08cdcbdf53e4ffc
mattermost/api/context.go

547 lines
15 KiB
Go
Raw Normal View History

Changing SpinPunch to Mattermost in copyright
2015-10-08 12:27:09 -04:00
// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
first commit
2015-06-14 23:53:32 -08:00
// See License.txt for license information.
package api
import (
Adding config file timestamp to X-Version header
2015-09-16 09:37:20 -07:00
"fmt"
first commit
2015-06-14 23:53:32 -08:00
"net"
"net/http"
"net/url"
"strings"
Added a link to error page that returns users to the root page
2015-08-25 11:06:11 -07:00
Upgrade logging package
2016-01-11 09:12:51 -06:00
l4g "github.com/alecthomas/log4go"
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
"github.com/gorilla/mux"
goi18n "github.com/nicksnyder/go-i18n/i18n"
Added a link to error page that returns users to the root page
2015-08-25 11:06:11 -07:00
"github.com/mattermost/platform/model"
"github.com/mattermost/platform/store"
"github.com/mattermost/platform/utils"
first commit
2015-06-14 23:53:32 -08:00
)
var sessionCache *utils.Cache = utils.NewLru(model.SESSION_CACHE_SIZE)
Set CORS Headers when needed if CORS is enabled - Enable CORS with and without RateLimiter
2016-03-02 21:24:40 -03:00
var allowedMethods []string = []string{
"POST",
"GET",
"OPTIONS",
"PUT",
"PATCH",
"DELETE",
}
first commit
2015-06-14 23:53:32 -08:00
type Context struct {
Convering client to react-router.
2016-02-08 07:26:10 -05:00
Session model.Session
RequestId string
IpAddress string
Path string
Err *model.AppError
teamURLValid bool
teamURL string
siteURL string
T goi18n.TranslateFunc
Locale string
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
TeamId string
first commit
2015-06-14 23:53:32 -08:00
}
func ApiAppHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
return &handler{h, false, false, true, false, false, false}
first commit
2015-06-14 23:53:32 -08:00
}
func AppHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
return &handler{h, false, false, false, false, false, false}
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
}
func AppHandlerIndependent(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
return &handler{h, false, false, false, false, true, false}
first commit
2015-06-14 23:53:32 -08:00
}
func ApiUserRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
return &handler{h, true, false, true, true, false, false}
first commit
2015-06-14 23:53:32 -08:00
}
func ApiUserRequiredActivity(h func(*Context, http.ResponseWriter, *http.Request), isUserActivity bool) http.Handler {
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
return &handler{h, true, false, true, isUserActivity, false, false}
first commit
2015-06-14 23:53:32 -08:00
}
func UserRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
return &handler{h, true, false, false, false, false, false}
first commit
2015-06-14 23:53:32 -08:00
}
func ApiAdminSystemRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
return &handler{h, true, true, true, false, false, false}
}
func ApiAppHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
return &handler{h, false, false, true, false, false, true}
}
func ApiUserRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
return &handler{h, true, false, true, true, false, true}
first commit
2015-06-14 23:53:32 -08:00
}
PLT-2600/PLT-2770 Added Get Public Link modal and added new API for public file links (#2892) * Switched public file links to use a GetLinkModal * Separated getFile and the new getPublicFile api calls
2016-05-05 16:35:03 -04:00
func ApiAppHandlerTrustRequesterIndependent(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
return &handler{h, false, false, true, false, true, true}
}
first commit
2015-06-14 23:53:32 -08:00
type handler struct {
handleFunc func(*Context, http.ResponseWriter, *http.Request)
requireUser bool
requireSystemAdmin bool
isApi bool
isUserActivity bool
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
isTeamIndependent bool
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
trustRequester bool
first commit
2015-06-14 23:53:32 -08:00
}
func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
l4g.Debug("%v", r.URL.Path)
c := &Context{}
PLT-7 client side infra
2016-01-21 14:15:44 -06:00
c.T, c.Locale = utils.GetTranslationsAndLocale(w, r)
first commit
2015-06-14 23:53:32 -08:00
c.RequestId = model.NewId()
c.IpAddress = GetIpAddress(r)
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
c.TeamId = mux.Vars(r)["team_id"]
h.isApi = IsApiCall(r)
first commit
2015-06-14 23:53:32 -08:00
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
token := ""
isTokenFromQueryString := false
// Attempt to parse token out of the header
authHeader := r.Header.Get(model.HEADER_AUTH)
if len(authHeader) > 6 && strings.ToUpper(authHeader[0:6]) == model.HEADER_BEARER {
// Default session token
token = authHeader[7:]
} else if len(authHeader) > 5 && strings.ToLower(authHeader[0:5]) == model.HEADER_TOKEN {
// OAuth token
token = authHeader[6:]
}
// Attempt to parse the token from the cookie
if len(token) == 0 {
Convering client to react-router.
2016-02-08 07:26:10 -05:00
if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil {
token = cookie.Value
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
if (h.requireSystemAdmin || h.requireUser) && !h.trustRequester {
if r.Header.Get(model.HEADER_REQUESTED_WITH) != model.HEADER_REQUESTED_WITH_XML {
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
c.Err = model.NewLocAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token+" Appears to bea CSRF attempt")
Minor fix for expired sessions
2016-04-04 14:58:05 -04:00
token = ""
}
}
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
}
}
// Attempt to parse token out of the query string
if len(token) == 0 {
token = r.URL.Query().Get("access_token")
isTokenFromQueryString = true
}
Adding service settings to admin console
2015-09-22 12:12:50 -07:00
protocol := GetProtocol(r)
CLI: invite user by email - missing siteURL in email (#3297)
2016-06-10 13:59:20 +02:00
c.SetSiteURL(protocol + "://" + r.Host)
first commit
2015-06-14 23:53:32 -08:00
w.Header().Set(model.HEADER_REQUEST_ID, c.RequestId)
Making changes to versioning
2015-09-17 13:01:40 -07:00
w.Header().Set(model.HEADER_VERSION_ID, fmt.Sprintf("%v.%v", model.CurrentVersion, utils.CfgLastModified))
Limited the added headers to only non-api calls
2015-07-27 11:59:14 -07:00
// Instruct the browser not to display us in an iframe for anti-clickjacking
if !h.isApi {
w.Header().Set("X-Frame-Options", "DENY")
Fixed content security policy header
2016-02-18 12:52:47 -08:00
w.Header().Set("Content-Security-Policy", "frame-ancestors 'none'")
Set default Content-Type to application/json for all API requests
2015-09-11 12:11:10 -04:00
} else {
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
// All api response bodies will be JSON formatted by default
Set default Content-Type to application/json for all API requests
2015-09-11 12:11:10 -04:00
w.Header().Set("Content-Type", "application/json")
Fixing IE expire issue
2016-02-11 13:17:27 -08:00
if r.Method == "GET" {
w.Header().Set("Expires", "0")
}
Limited the added headers to only non-api calls
2015-07-27 11:59:14 -07:00
}
first commit
2015-06-14 23:53:32 -08:00
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
if len(token) != 0 {
Revert " PLT-7 adding loc for db calls"
2016-01-20 13:36:16 -06:00
session := GetSession(token)
first commit
2015-06-14 23:53:32 -08:00
if session == nil || session.IsExpired() {
PLT-44 allow team switching without the need to login
2015-10-01 17:52:47 -07:00
c.RemoveSessionCookie(w, r)
Convering client to react-router.
2016-02-08 07:26:10 -05:00
if h.requireUser || h.requireSystemAdmin {
c.Err = model.NewLocAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token)
c.Err.StatusCode = http.StatusUnauthorized
}
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
} else if !session.IsOAuth && isTokenFromQueryString {
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
c.Err = model.NewLocAppError("ServeHTTP", "api.context.token_provided.app_error", nil, "token="+token)
first commit
2015-06-14 23:53:32 -08:00
c.Err.StatusCode = http.StatusUnauthorized
} else {
c.Session = *session
}
}
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
if h.isApi || h.isTeamIndependent {
c.setTeamURL(c.GetSiteURL(), false)
c.Path = r.URL.Path
} else {
splitURL := strings.Split(r.URL.Path, "/")
c.setTeamURL(protocol+"://"+r.Host+"/"+splitURL[1], true)
c.Path = "/" + strings.Join(splitURL[2:], "/")
}
first commit
2015-06-14 23:53:32 -08:00
if c.Err == nil && h.requireUser {
c.UserRequired()
}
if c.Err == nil && h.requireSystemAdmin {
c.SystemAdminRequired()
}
PLT-2600/PLT-2770 Added Get Public Link modal and added new API for public file links (#2892) * Switched public file links to use a GetLinkModal * Separated getFile and the new getPublicFile api calls
2016-05-05 16:35:03 -04:00
if c.Err == nil && len(c.TeamId) > 0 && !h.isTeamIndependent {
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
c.HasPermissionsToTeam(c.TeamId, "TeamRoute")
}
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
if c.Err == nil && h.isUserActivity && token != "" && len(c.Session.UserId) > 0 {
first commit
2015-06-14 23:53:32 -08:00
go func() {
Revert " PLT-7 adding loc for db calls"
2016-01-20 13:36:16 -06:00
if err := (<-Srv.Store.User().UpdateUserAndSessionActivity(c.Session.UserId, c.Session.Id, model.GetMillis())).Err; err != nil {
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
l4g.Error(utils.T("api.context.last_activity_at.error"), c.Session.UserId, c.Session.Id, err)
first commit
2015-06-14 23:53:32 -08:00
}
}()
}
if c.Err == nil {
h.handleFunc(c, w, r)
}
if c.Err != nil {
PLT-7-server-db
2016-01-20 14:36:34 -06:00
c.Err.Translate(c.T)
first commit
2015-06-14 23:53:32 -08:00
c.Err.RequestId = c.RequestId
c.LogError(c.Err)
c.Err.Where = r.URL.Path
if h.isApi {
w.WriteHeader(c.Err.StatusCode)
w.Write([]byte(c.Err.ToJson()))
} else {
if c.Err.StatusCode == http.StatusUnauthorized {
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
http.Redirect(w, r, c.GetTeamURL()+"/?redirect="+url.QueryEscape(r.URL.Path), http.StatusTemporaryRedirect)
first commit
2015-06-14 23:53:32 -08:00
} else {
RenderWebError(c.Err, w, r)
}
}
}
}
Set CORS Headers when needed if CORS is enabled - Enable CORS with and without RateLimiter
2016-03-02 21:24:40 -03:00
func (cw *CorsWrapper) ServeHTTP(w http.ResponseWriter, r *http.Request) {
Add Cors Handler
2016-03-01 22:12:05 -03:00
if len(*utils.Cfg.ServiceSettings.AllowCorsFrom) > 0 {
Set CORS Headers when needed if CORS is enabled - Enable CORS with and without RateLimiter
2016-03-02 21:24:40 -03:00
origin := r.Header.Get("Origin")
if *utils.Cfg.ServiceSettings.AllowCorsFrom == "*" || strings.Contains(*utils.Cfg.ServiceSettings.AllowCorsFrom, origin) {
w.Header().Set("Access-Control-Allow-Origin", origin)
if r.Method == "OPTIONS" {
w.Header().Set(
"Access-Control-Allow-Methods",
strings.Join(allowedMethods, ", "))
w.Header().Set(
"Access-Control-Allow-Headers",
r.Header.Get("Access-Control-Request-Headers"))
}
}
Add Cors Handler
2016-03-01 22:12:05 -03:00
}
if r.Method == "OPTIONS" {
return
}
cw.router.ServeHTTP(w, r)
}
Adding service settings to admin console
2015-09-22 12:12:50 -07:00
func GetProtocol(r *http.Request) string {
if r.Header.Get(model.HEADER_FORWARDED_PROTO) == "https" {
return "https"
} else {
return "http"
}
}
first commit
2015-06-14 23:53:32 -08:00
func (c *Context) LogAudit(extraInfo string) {
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
audit := &model.Audit{UserId: c.Session.UserId, IpAddress: c.IpAddress, Action: c.Path, ExtraInfo: extraInfo, SessionId: c.Session.Id}
Revert " PLT-7 adding loc for db calls"
2016-01-20 13:36:16 -06:00
if r := <-Srv.Store.Audit().Save(audit); r.Err != nil {
Fixing audit log to wait for confirm
2015-08-20 15:04:37 -07:00
c.LogError(r.Err)
}
first commit
2015-06-14 23:53:32 -08:00
}
func (c *Context) LogAuditWithUserId(userId, extraInfo string) {
Fixing audit log to wait for confirm
2015-08-20 15:04:37 -07:00
if len(c.Session.UserId) > 0 {
extraInfo = strings.TrimSpace(extraInfo + " session_user=" + c.Session.UserId)
}
first commit
2015-06-14 23:53:32 -08:00
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
audit := &model.Audit{UserId: userId, IpAddress: c.IpAddress, Action: c.Path, ExtraInfo: extraInfo, SessionId: c.Session.Id}
Revert " PLT-7 adding loc for db calls"
2016-01-20 13:36:16 -06:00
if r := <-Srv.Store.Audit().Save(audit); r.Err != nil {
Fixing audit log to wait for confirm
2015-08-20 15:04:37 -07:00
c.LogError(r.Err)
}
first commit
2015-06-14 23:53:32 -08:00
}
func (c *Context) LogError(err *model.AppError) {
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
l4g.Error(utils.T("api.context.log.error"), c.Path, err.Where, err.StatusCode,
PLT-2593: Fix logs being stored with user locale (#2722)
2016-04-17 21:32:20 -03:00
c.RequestId, c.Session.UserId, c.IpAddress, err.SystemMessage(utils.T), err.DetailedError)
first commit
2015-06-14 23:53:32 -08:00
}
PLT-3440 (#3440)
2016-06-29 04:16:20 -08:00
func (c *Context) LogDebug(err *model.AppError) {
l4g.Debug(utils.T("api.context.log.error"), c.Path, err.Where, err.StatusCode,
c.RequestId, c.Session.UserId, c.IpAddress, err.SystemMessage(utils.T), err.DetailedError)
}
first commit
2015-06-14 23:53:32 -08:00
func (c *Context) UserRequired() {
if len(c.Session.UserId) == 0 {
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
c.Err = model.NewLocAppError("", "api.context.session_expired.app_error", nil, "UserRequired")
first commit
2015-06-14 23:53:32 -08:00
c.Err.StatusCode = http.StatusUnauthorized
return
}
}
func (c *Context) SystemAdminRequired() {
if len(c.Session.UserId) == 0 {
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
c.Err = model.NewLocAppError("", "api.context.session_expired.app_error", nil, "SystemAdminRequired")
first commit
2015-06-14 23:53:32 -08:00
c.Err.StatusCode = http.StatusUnauthorized
return
} else if !c.IsSystemAdmin() {
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
c.Err = model.NewLocAppError("", "api.context.permissions.app_error", nil, "AdminRequired")
first commit
2015-06-14 23:53:32 -08:00
c.Err.StatusCode = http.StatusForbidden
return
}
}
func (c *Context) HasPermissionsToUser(userId string, where string) bool {
// You are the user
if c.Session.UserId == userId {
return true
}
// You're a mattermost system admin and you're on the VPN
if c.IsSystemAdmin() {
return true
}
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
c.Err = model.NewLocAppError(where, "api.context.permissions.app_error", nil, "userId="+userId)
first commit
2015-06-14 23:53:32 -08:00
c.Err.StatusCode = http.StatusForbidden
return false
}
func (c *Context) HasPermissionsToTeam(teamId string, where string) bool {
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
if c.IsSystemAdmin() {
first commit
2015-06-14 23:53:32 -08:00
return true
}
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
for _, teamMember := range c.Session.TeamMembers {
if teamId == teamMember.TeamId {
return true
}
first commit
2015-06-14 23:53:32 -08:00
}
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
c.Err = model.NewLocAppError(where, "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", teamId="+teamId)
first commit
2015-06-14 23:53:32 -08:00
c.Err.StatusCode = http.StatusForbidden
return false
}
func (c *Context) HasPermissionsToChannel(sc store.StoreChannel, where string) bool {
if cresult := <-sc; cresult.Err != nil {
c.Err = cresult.Err
return false
} else if cresult.Data.(int64) != 1 {
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
c.Err = model.NewLocAppError(where, "api.context.permissions.app_error", nil, "userId="+c.Session.UserId)
first commit
2015-06-14 23:53:32 -08:00
c.Err.StatusCode = http.StatusForbidden
return false
}
return true
}
PLT-12 adding log viewer
2015-09-10 18:32:22 -07:00
func (c *Context) HasSystemAdminPermissions(where string) bool {
if c.IsSystemAdmin() {
return true
}
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
c.Err = model.NewLocAppError(where, "api.context.system_permissions.app_error", nil, "userId="+c.Session.UserId)
PLT-12 adding log viewer
2015-09-10 18:32:22 -07:00
c.Err.StatusCode = http.StatusForbidden
return false
}
Fixing permissions for system admin. Fixes slack import for system admins.
2015-09-30 09:34:05 -04:00
func (c *Context) IsSystemAdmin() bool {
if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) {
return true
}
return false
}
Fixing some locations to use the IsTeamAdmin function which properly checks for system admin permissions.
2015-09-30 11:30:11 -04:00
func (c *Context) IsTeamAdmin() bool {
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
if c.IsSystemAdmin() {
Fixing permissions for system admin. Fixes slack import for system admins.
2015-09-30 09:34:05 -04:00
return true
Moved admin checking into seperate function
2015-07-16 13:40:18 -07:00
}
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
PLT-2697 Fixing team admins (#2900) * PLT-2697 Fixing team admins * Fixing eslint error * Fixing loc issues * Fixing func * Fixing func
2016-05-06 11:28:22 -07:00
teamMember := c.Session.GetTeamByTeamId(c.TeamId)
if teamMember == nil {
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
return false
}
PLT-2697 Fixing team admins (#2900) * PLT-2697 Fixing team admins * Fixing eslint error * Fixing loc issues * Fixing func * Fixing func
2016-05-06 11:28:22 -07:00
return teamMember.IsTeamAdmin()
Moved admin checking into seperate function
2015-07-16 13:40:18 -07:00
}
PLT-44 allow team switching without the need to login
2015-10-01 17:52:47 -07:00
func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) {
Multi-session login
2015-10-20 14:49:42 -07:00
cookie := &http.Cookie{
Adding multi-session cookie
2015-10-20 04:37:51 -07:00
Name: model.SESSION_COOKIE_TOKEN,
Multi-session login
2015-10-20 14:49:42 -07:00
Value: "",
PLT-44 allow team switching without the need to login
2015-10-01 17:52:47 -07:00
Path: "/",
Multi-session login
2015-10-20 14:49:42 -07:00
MaxAge: -1,
PLT-44 allow team switching without the need to login
2015-10-01 17:52:47 -07:00
HttpOnly: true,
}
Multi-session login
2015-10-20 14:49:42 -07:00
http.SetCookie(w, cookie)
first commit
2015-06-14 23:53:32 -08:00
}
func (c *Context) SetInvalidParam(where string, name string) {
PLT-2600/PLT-2770 Added Get Public Link modal and added new API for public file links (#2892) * Switched public file links to use a GetLinkModal * Separated getFile and the new getPublicFile api calls
2016-05-05 16:35:03 -04:00
c.Err = NewInvalidParamError(where, name)
}
func NewInvalidParamError(where string, name string) *model.AppError {
err := model.NewLocAppError(where, "api.context.invalid_param.app_error", map[string]interface{}{"Name": name}, "")
err.StatusCode = http.StatusBadRequest
return err
first commit
2015-06-14 23:53:32 -08:00
}
func (c *Context) SetUnknownError(where string, details string) {
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
c.Err = model.NewLocAppError(where, "api.context.unknown.app_error", nil, details)
first commit
2015-06-14 23:53:32 -08:00
}
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
func (c *Context) setTeamURL(url string, valid bool) {
c.teamURL = url
c.teamURLValid = valid
}
PLT-44 allow team switching without the need to login
2015-10-01 17:52:47 -07:00
func (c *Context) SetTeamURLFromSession() {
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
if result := <-Srv.Store.Team().Get(c.TeamId); result.Err == nil {
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
c.setTeamURL(c.GetSiteURL()+"/"+result.Data.(*model.Team).Name, true)
}
}
CLI: invite user by email - missing siteURL in email (#3297)
2016-06-10 13:59:20 +02:00
func (c *Context) SetSiteURL(url string) {
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
c.siteURL = url
}
func (c *Context) GetTeamURLFromTeam(team *model.Team) string {
return c.GetSiteURL() + "/" + team.Name
}
func (c *Context) GetTeamURL() string {
if !c.teamURLValid {
PLT-44 allow team switching without the need to login
2015-10-01 17:52:47 -07:00
c.SetTeamURLFromSession()
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
if !c.teamURLValid {
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
l4g.Debug(utils.T("api.context.invalid_team_url.debug"))
Changing the way we mattermost handles URLs. team.domain.com becomes domain.com/team. Renaming team.Name to team.DisplayName and team.Domain to team.Name. So: team.Name -> url safe name. team.DisplayName -> nice name for users
2015-07-08 11:50:10 -04:00
}
}
return c.teamURL
}
func (c *Context) GetSiteURL() string {
return c.siteURL
}
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
func IsApiCall(r *http.Request) bool {
return strings.Index(r.URL.Path, "/api/") == 0
}
first commit
2015-06-14 23:53:32 -08:00
func GetIpAddress(r *http.Request) string {
address := r.Header.Get(model.HEADER_FORWARDED)
Adding service settings to admin console
2015-09-22 12:12:50 -07:00
if len(address) == 0 {
address = r.Header.Get(model.HEADER_REAL_IP)
}
first commit
2015-06-14 23:53:32 -08:00
if len(address) == 0 {
address, _, _ = net.SplitHostPort(r.RemoteAddr)
}
return address
}
func RenderWebError(err *model.AppError, w http.ResponseWriter, r *http.Request) {
Visiting invalid URLs and bad APIs causes redirect to error page
2016-04-01 11:48:19 -04:00
T, _ := utils.GetTranslationsAndLocale(w, r)
title := T("api.templates.error.title", map[string]interface{}{"SiteName": utils.ClientCfg["SiteName"]})
message := err.Message
details := err.DetailedError
link := "/"
linkMessage := T("api.templates.error.link")
http.Redirect(
w,
r,
"/error?title="+url.QueryEscape(title)+
"&message="+url.QueryEscape(message)+
"&details="+url.QueryEscape(details)+
"&link="+url.QueryEscape(link)+
"&linkmessage="+url.QueryEscape(linkMessage),
http.StatusTemporaryRedirect)
first commit
2015-06-14 23:53:32 -08:00
}
func Handle404(w http.ResponseWriter, r *http.Request) {
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
err := model.NewLocAppError("Handle404", "api.context.404.app_error", nil, "")
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
err.Translate(utils.T)
first commit
2015-06-14 23:53:32 -08:00
err.StatusCode = http.StatusNotFound
PLT-3440 (#3440)
2016-06-29 04:16:20 -08:00
// filter out old paths that are poluting the log file
if strings.Contains(r.URL.Path, "/api/v1/") {
l4g.Debug("%v: code=404 ip=%v", r.URL.Path, GetIpAddress(r))
} else {
l4g.Error("%v: code=404 ip=%v", r.URL.Path, GetIpAddress(r))
}
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
if IsApiCall(r) {
w.WriteHeader(err.StatusCode)
err.DetailedError = "There doesn't appear to be an api call for the url='" + r.URL.Path + "'. Typo? are you missing a team_id or user_id as part of the url?"
w.Write([]byte(err.ToJson()))
} else {
RenderWebError(err, w, r)
}
first commit
2015-06-14 23:53:32 -08:00
}
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
Revert " PLT-7 adding loc for db calls"
2016-01-20 13:36:16 -06:00
func GetSession(token string) *model.Session {
Refactoring web classes to use multi-session
2015-10-16 19:05:55 -07:00
var session *model.Session
if ts, ok := sessionCache.Get(token); ok {
session = ts.(*model.Session)
}
if session == nil {
Revert " PLT-7 adding loc for db calls"
2016-01-20 13:36:16 -06:00
if sessionResult := <-Srv.Store.Session().Get(token); sessionResult.Err != nil {
Refactoring api to use translations (chunk 1) - Add spanish translations - Files in order by name from admin to export - Does not include api templates and tests - Fix web_test to load translations - Fix i18n to fallback to DEFAULT_LOCALE if no system locale found
2016-01-21 10:07:29 -03:00
l4g.Error(utils.T("api.context.invalid_token.error"), token, sessionResult.Err.DetailedError)
Refactoring web classes to use multi-session
2015-10-16 19:05:55 -07:00
} else {
session = sessionResult.Data.(*model.Session)
PLT-1558 adding session length to config file
2016-01-05 11:13:25 -06:00
Fixing websocket connection
2016-05-17 13:55:51 -07:00
if session.IsExpired() || session.Token != token {
PLT-1558 adding session length to config file
2016-01-05 11:13:25 -06:00
return nil
} else {
AddSessionToCache(session)
return session
}
Refactoring web classes to use multi-session
2015-10-16 19:05:55 -07:00
}
}
return session
}
PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
2016-04-21 22:37:01 -07:00
func RemoveAllSessionsForUserId(userId string) {
keys := sessionCache.Keys()
for _, key := range keys {
if ts, ok := sessionCache.Get(key); ok {
session := ts.(*model.Session)
if session.UserId == userId {
sessionCache.Remove(key)
}
}
}
}
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
func AddSessionToCache(session *model.Session) {
PLT-1558 adding session length to config file
2016-01-05 11:13:25 -06:00
sessionCache.AddWithExpiresInSecs(session.Token, session, int64(*utils.Cfg.ServiceSettings.SessionCacheInMinutes*60))
Implement OAuth2 service provider functionality.
2015-09-16 15:49:12 -04:00
}
Reference in New Issue Copy Permalink