2019-11-29 12:59:40 +01:00
|
|
|
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
|
|
|
// See LICENSE.txt for license information.
|
2017-01-30 08:30:02 -05:00
|
|
|
|
|
|
|
|
package api4
|
|
|
|
|
|
|
|
|
|
import (
|
2019-06-22 00:14:21 +01:00
|
|
|
"encoding/json"
|
2017-02-27 23:25:28 +09:00
|
|
|
"fmt"
|
2018-07-18 10:07:00 +02:00
|
|
|
"io"
|
|
|
|
|
"io/ioutil"
|
2017-01-30 08:30:02 -05:00
|
|
|
"net/http"
|
2017-02-27 23:25:28 +09:00
|
|
|
"strconv"
|
2020-02-12 17:51:45 +04:00
|
|
|
"strings"
|
2017-03-27 09:17:34 -04:00
|
|
|
"time"
|
2017-01-30 08:30:02 -05:00
|
|
|
|
2019-11-28 14:39:38 +01:00
|
|
|
"github.com/mattermost/mattermost-server/v5/app"
|
2020-03-12 15:50:21 -04:00
|
|
|
"github.com/mattermost/mattermost-server/v5/audit"
|
2019-11-28 14:39:38 +01:00
|
|
|
"github.com/mattermost/mattermost-server/v5/model"
|
2021-03-05 09:18:37 +01:00
|
|
|
"github.com/mattermost/mattermost-server/v5/shared/mlog"
|
2019-11-28 14:39:38 +01:00
|
|
|
"github.com/mattermost/mattermost-server/v5/store"
|
|
|
|
|
"github.com/mattermost/mattermost-server/v5/utils"
|
2017-01-30 08:30:02 -05:00
|
|
|
)
|
|
|
|
|
|
2017-09-22 12:54:27 -05:00
|
|
|
func (api *API) InitUser() {
|
|
|
|
|
api.BaseRoutes.Users.Handle("", api.ApiHandler(createUser)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("", api.ApiSessionRequired(getUsers)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/ids", api.ApiSessionRequired(getUsersByIds)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/usernames", api.ApiSessionRequired(getUsersByNames)).Methods("POST")
|
2020-04-28 12:52:43 +02:00
|
|
|
api.BaseRoutes.Users.Handle("/known", api.ApiSessionRequired(getKnownUsers)).Methods("GET")
|
2019-11-27 20:41:09 -05:00
|
|
|
api.BaseRoutes.Users.Handle("/search", api.ApiSessionRequiredDisableWhenBusy(searchUsers)).Methods("POST")
|
2017-09-22 12:54:27 -05:00
|
|
|
api.BaseRoutes.Users.Handle("/autocomplete", api.ApiSessionRequired(autocompleteUsers)).Methods("GET")
|
2018-06-07 09:45:49 -07:00
|
|
|
api.BaseRoutes.Users.Handle("/stats", api.ApiSessionRequired(getTotalUsersStats)).Methods("GET")
|
2020-07-16 12:37:26 -04:00
|
|
|
api.BaseRoutes.Users.Handle("/stats/filtered", api.ApiSessionRequired(getFilteredUsersStats)).Methods("GET")
|
2019-06-22 00:14:21 +01:00
|
|
|
api.BaseRoutes.Users.Handle("/group_channels", api.ApiSessionRequired(getUsersByGroupChannelIds)).Methods("POST")
|
2017-09-22 12:54:27 -05:00
|
|
|
|
|
|
|
|
api.BaseRoutes.User.Handle("", api.ApiSessionRequired(getUser)).Methods("GET")
|
2018-10-02 08:04:38 +02:00
|
|
|
api.BaseRoutes.User.Handle("/image/default", api.ApiSessionRequiredTrustRequester(getDefaultProfileImage)).Methods("GET")
|
2017-09-22 12:54:27 -05:00
|
|
|
api.BaseRoutes.User.Handle("/image", api.ApiSessionRequiredTrustRequester(getProfileImage)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.User.Handle("/image", api.ApiSessionRequired(setProfileImage)).Methods("POST")
|
2018-10-02 08:04:38 +02:00
|
|
|
api.BaseRoutes.User.Handle("/image", api.ApiSessionRequired(setDefaultProfileImage)).Methods("DELETE")
|
2017-09-22 12:54:27 -05:00
|
|
|
api.BaseRoutes.User.Handle("", api.ApiSessionRequired(updateUser)).Methods("PUT")
|
|
|
|
|
api.BaseRoutes.User.Handle("/patch", api.ApiSessionRequired(patchUser)).Methods("PUT")
|
|
|
|
|
api.BaseRoutes.User.Handle("", api.ApiSessionRequired(deleteUser)).Methods("DELETE")
|
|
|
|
|
api.BaseRoutes.User.Handle("/roles", api.ApiSessionRequired(updateUserRoles)).Methods("PUT")
|
|
|
|
|
api.BaseRoutes.User.Handle("/active", api.ApiSessionRequired(updateUserActive)).Methods("PUT")
|
|
|
|
|
api.BaseRoutes.User.Handle("/password", api.ApiSessionRequired(updatePassword)).Methods("PUT")
|
2019-07-22 22:13:39 +02:00
|
|
|
api.BaseRoutes.User.Handle("/promote", api.ApiSessionRequired(promoteGuestToUser)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.User.Handle("/demote", api.ApiSessionRequired(demoteUserToGuest)).Methods("POST")
|
2020-07-17 10:00:43 +03:00
|
|
|
api.BaseRoutes.User.Handle("/convert_to_bot", api.ApiSessionRequired(convertUserToBot)).Methods("POST")
|
2017-09-22 12:54:27 -05:00
|
|
|
api.BaseRoutes.Users.Handle("/password/reset", api.ApiHandler(resetPassword)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/password/reset/send", api.ApiHandler(sendPasswordReset)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/email/verify", api.ApiHandler(verifyUserEmail)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/email/verify/send", api.ApiHandler(sendVerificationEmail)).Methods("POST")
|
2020-06-26 16:08:01 +03:00
|
|
|
api.BaseRoutes.User.Handle("/email/verify/member", api.ApiSessionRequired(verifyUserEmailWithoutToken)).Methods("POST")
|
2018-11-09 02:18:14 +05:30
|
|
|
api.BaseRoutes.User.Handle("/terms_of_service", api.ApiSessionRequired(saveUserTermsOfService)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.User.Handle("/terms_of_service", api.ApiSessionRequired(getUserTermsOfService)).Methods("GET")
|
2017-09-22 12:54:27 -05:00
|
|
|
|
2018-01-04 09:45:59 -08:00
|
|
|
api.BaseRoutes.User.Handle("/auth", api.ApiSessionRequiredTrustRequester(updateUserAuth)).Methods("PUT")
|
|
|
|
|
|
2017-09-22 12:54:27 -05:00
|
|
|
api.BaseRoutes.Users.Handle("/mfa", api.ApiHandler(checkUserMfa)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.User.Handle("/mfa", api.ApiSessionRequiredMfa(updateUserMfa)).Methods("PUT")
|
|
|
|
|
api.BaseRoutes.User.Handle("/mfa/generate", api.ApiSessionRequiredMfa(generateMfaSecret)).Methods("POST")
|
|
|
|
|
|
|
|
|
|
api.BaseRoutes.Users.Handle("/login", api.ApiHandler(login)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/login/switch", api.ApiHandler(switchAccountType)).Methods("POST")
|
2020-09-01 14:50:43 +02:00
|
|
|
api.BaseRoutes.Users.Handle("/login/cws", api.ApiHandlerTrustRequester(loginCWS)).Methods("POST")
|
2017-09-22 12:54:27 -05:00
|
|
|
api.BaseRoutes.Users.Handle("/logout", api.ApiHandler(logout)).Methods("POST")
|
|
|
|
|
|
|
|
|
|
api.BaseRoutes.UserByUsername.Handle("", api.ApiSessionRequired(getUserByUsername)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.UserByEmail.Handle("", api.ApiSessionRequired(getUserByEmail)).Methods("GET")
|
|
|
|
|
|
|
|
|
|
api.BaseRoutes.User.Handle("/sessions", api.ApiSessionRequired(getSessions)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.User.Handle("/sessions/revoke", api.ApiSessionRequired(revokeSession)).Methods("POST")
|
2017-10-16 23:50:31 -04:00
|
|
|
api.BaseRoutes.User.Handle("/sessions/revoke/all", api.ApiSessionRequired(revokeAllSessionsForUser)).Methods("POST")
|
2019-07-01 23:28:46 +02:00
|
|
|
api.BaseRoutes.Users.Handle("/sessions/revoke/all", api.ApiSessionRequired(revokeAllSessionsAllUsers)).Methods("POST")
|
2017-09-22 12:54:27 -05:00
|
|
|
api.BaseRoutes.Users.Handle("/sessions/device", api.ApiSessionRequired(attachDeviceId)).Methods("PUT")
|
|
|
|
|
api.BaseRoutes.User.Handle("/audits", api.ApiSessionRequired(getUserAudits)).Methods("GET")
|
|
|
|
|
|
|
|
|
|
api.BaseRoutes.User.Handle("/tokens", api.ApiSessionRequired(createUserAccessToken)).Methods("POST")
|
2018-01-05 14:46:48 -05:00
|
|
|
api.BaseRoutes.User.Handle("/tokens", api.ApiSessionRequired(getUserAccessTokensForUser)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/tokens", api.ApiSessionRequired(getUserAccessTokens)).Methods("GET")
|
2018-01-11 16:30:55 -05:00
|
|
|
api.BaseRoutes.Users.Handle("/tokens/search", api.ApiSessionRequired(searchUserAccessTokens)).Methods("POST")
|
2017-09-22 12:54:27 -05:00
|
|
|
api.BaseRoutes.Users.Handle("/tokens/{token_id:[A-Za-z0-9]+}", api.ApiSessionRequired(getUserAccessToken)).Methods("GET")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/tokens/revoke", api.ApiSessionRequired(revokeUserAccessToken)).Methods("POST")
|
2017-10-19 08:10:29 -04:00
|
|
|
api.BaseRoutes.Users.Handle("/tokens/disable", api.ApiSessionRequired(disableUserAccessToken)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/tokens/enable", api.ApiSessionRequired(enableUserAccessToken)).Methods("POST")
|
2020-06-16 16:41:05 +07:00
|
|
|
|
|
|
|
|
api.BaseRoutes.User.Handle("/typing", api.ApiSessionRequiredDisableWhenBusy(publishUserTyping)).Methods("POST")
|
2020-08-31 14:56:36 +03:00
|
|
|
|
|
|
|
|
api.BaseRoutes.Users.Handle("/migrate_auth/ldap", api.ApiSessionRequired(migrateAuthToLDAP)).Methods("POST")
|
|
|
|
|
api.BaseRoutes.Users.Handle("/migrate_auth/saml", api.ApiSessionRequired(migrateAuthToSaml)).Methods("POST")
|
2020-09-15 21:28:25 +02:00
|
|
|
|
|
|
|
|
api.BaseRoutes.User.Handle("/uploads", api.ApiSessionRequired(getUploadsForUser)).Methods("GET")
|
2020-11-08 10:36:46 +02:00
|
|
|
|
|
|
|
|
api.BaseRoutes.UserThreads.Handle("", api.ApiSessionRequired(getThreadsForUser)).Methods("GET")
|
2020-12-06 10:02:53 +02:00
|
|
|
api.BaseRoutes.UserThreads.Handle("/read", api.ApiSessionRequired(updateReadStateAllThreadsByUser)).Methods("PUT")
|
2020-11-08 10:36:46 +02:00
|
|
|
|
2021-01-28 18:07:39 +02:00
|
|
|
api.BaseRoutes.UserThread.Handle("", api.ApiSessionRequired(getThreadForUser)).Methods("GET")
|
2020-11-08 10:36:46 +02:00
|
|
|
api.BaseRoutes.UserThread.Handle("/following", api.ApiSessionRequired(followThreadByUser)).Methods("PUT")
|
|
|
|
|
api.BaseRoutes.UserThread.Handle("/following", api.ApiSessionRequired(unfollowThreadByUser)).Methods("DELETE")
|
|
|
|
|
api.BaseRoutes.UserThread.Handle("/read/{timestamp:[0-9]+}", api.ApiSessionRequired(updateReadStateThreadByUser)).Methods("PUT")
|
2017-01-30 08:30:02 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
user := model.UserFromJson(r.Body)
|
|
|
|
|
if user == nil {
|
|
|
|
|
c.SetInvalidParam("user")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-07 12:12:37 -07:00
|
|
|
user.SanitizeInput(c.IsSystemAdmin())
|
2019-08-27 10:39:01 +02:00
|
|
|
|
2018-04-18 22:46:10 +02:00
|
|
|
tokenId := r.URL.Query().Get("t")
|
2017-01-30 08:30:02 -05:00
|
|
|
inviteId := r.URL.Query().Get("iid")
|
2020-07-21 17:09:49 +03:00
|
|
|
redirect := r.URL.Query().Get("r")
|
2017-01-30 08:30:02 -05:00
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("createUser", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("invite_id", inviteId)
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user", user)
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-01-30 08:30:02 -05:00
|
|
|
// No permission check required
|
|
|
|
|
|
|
|
|
|
var ruser *model.User
|
|
|
|
|
var err *model.AppError
|
2021-01-25 11:15:17 +01:00
|
|
|
if tokenId != "" {
|
2020-07-09 03:16:27 -04:00
|
|
|
token, nErr := c.App.Srv().Store.Token().GetByToken(tokenId)
|
|
|
|
|
if nErr != nil {
|
|
|
|
|
var status int
|
|
|
|
|
switch nErr.(type) {
|
|
|
|
|
case *store.ErrNotFound:
|
|
|
|
|
status = http.StatusNotFound
|
|
|
|
|
default:
|
|
|
|
|
status = http.StatusInternalServerError
|
|
|
|
|
}
|
|
|
|
|
c.Err = model.NewAppError("CreateUserWithToken", "api.user.create_user.signup_link_invalid.app_error", nil, nErr.Error(), status)
|
2019-07-22 22:13:39 +02:00
|
|
|
return
|
|
|
|
|
}
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.AddMeta("token_type", token.Type)
|
2019-07-22 22:13:39 +02:00
|
|
|
|
2021-01-04 11:32:29 +05:30
|
|
|
if token.Type == app.TokenTypeGuestInvitation {
|
2020-06-12 13:43:50 +02:00
|
|
|
if c.App.Srv().License() == nil {
|
2019-07-22 22:13:39 +02:00
|
|
|
c.Err = model.NewAppError("CreateUserWithToken", "api.user.create_user.guest_accounts.license.app_error", nil, "", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if !*c.App.Config().GuestAccountsSettings.Enable {
|
|
|
|
|
c.Err = model.NewAppError("CreateUserWithToken", "api.user.create_user.guest_accounts.disabled.app_error", nil, "", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
ruser, err = c.App.CreateUserWithToken(user, token)
|
2021-01-25 11:15:17 +01:00
|
|
|
} else if inviteId != "" {
|
2020-07-21 17:09:49 +03:00
|
|
|
ruser, err = c.App.CreateUserWithInviteId(user, inviteId, redirect)
|
2017-03-29 22:05:32 -03:00
|
|
|
} else if c.IsSystemAdmin() {
|
2020-07-21 17:09:49 +03:00
|
|
|
ruser, err = c.App.CreateUserAsAdmin(user, redirect)
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.AddMeta("admin", true)
|
2017-01-30 08:30:02 -05:00
|
|
|
} else {
|
2020-07-21 17:09:49 +03:00
|
|
|
ruser, err = c.App.CreateUserFromSignup(user, redirect)
|
2017-01-30 08:30:02 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-26 13:24:26 -04:00
|
|
|
// New user created, check cloud limits and send emails if needed
|
2020-11-07 11:39:32 -05:00
|
|
|
// Soft fail on error since user is already created
|
2020-10-26 13:24:26 -04:00
|
|
|
if ruser != nil {
|
|
|
|
|
err = c.App.CheckAndSendUserLimitWarningEmails()
|
|
|
|
|
if err != nil {
|
2021-01-04 17:02:34 +03:00
|
|
|
c.LogErrorByCode(err)
|
2020-10-26 13:24:26 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user", ruser) // overwrite meta
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-01-30 08:30:02 -05:00
|
|
|
w.WriteHeader(http.StatusCreated)
|
|
|
|
|
w.Write([]byte(ruser.ToJson()))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
canSee, err := c.App.UserCanSeeOtherUser(c.App.Session().UserId, c.Params.UserId)
|
2019-04-29 16:56:56 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_MEMBERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !canSee {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_MEMBERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-01-30 08:30:02 -05:00
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
user, err := c.App.GetUser(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
2017-01-30 08:30:02 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.IsSystemAdmin() || c.App.Session().UserId == user.Id {
|
2019-03-27 18:31:35 +05:30
|
|
|
userTermsOfService, err := c.App.GetUserTermsOfService(user.Id)
|
|
|
|
|
if err != nil && err.StatusCode != http.StatusNotFound {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if userTermsOfService != nil {
|
|
|
|
|
user.TermsOfServiceId = userTermsOfService.TermsOfServiceId
|
|
|
|
|
user.TermsOfServiceCreateAt = userTermsOfService.CreateAt
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-31 08:12:01 -05:00
|
|
|
etag := user.Etag(*c.App.Config().PrivacySettings.ShowFullName, *c.App.Config().PrivacySettings.ShowEmailAddress)
|
2017-01-30 08:30:02 -05:00
|
|
|
|
2017-09-22 12:54:27 -05:00
|
|
|
if c.HandleEtag(etag, "Get User", w, r) {
|
2017-01-30 08:30:02 -05:00
|
|
|
return
|
2018-08-01 16:55:18 +02:00
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.App.Session().UserId == user.Id {
|
2018-08-01 16:55:18 +02:00
|
|
|
user.Sanitize(map[string]bool{})
|
2017-01-30 08:30:02 -05:00
|
|
|
} else {
|
2018-08-01 16:55:18 +02:00
|
|
|
c.App.SanitizeProfile(user, c.IsSystemAdmin())
|
2017-01-30 08:30:02 -05:00
|
|
|
}
|
2020-02-13 13:26:58 +01:00
|
|
|
c.App.UpdateLastActivityAtIfNeeded(*c.App.Session())
|
2018-08-01 16:55:18 +02:00
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
|
|
|
|
|
w.Write([]byte(user.ToJson()))
|
2017-01-30 08:30:02 -05:00
|
|
|
}
|
|
|
|
|
|
2017-02-08 05:00:16 -05:00
|
|
|
func getUserByUsername(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUsername()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
user, err := c.App.GetUserByUsername(c.Params.Username)
|
2019-04-29 16:56:56 +02:00
|
|
|
if err != nil {
|
2020-02-13 13:26:58 +01:00
|
|
|
restrictions, err2 := c.App.GetViewUsersRestrictions(c.App.Session().UserId)
|
2019-04-29 16:56:56 +02:00
|
|
|
if err2 != nil {
|
|
|
|
|
c.Err = err2
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if restrictions != nil {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_MEMBERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
canSee, err := c.App.UserCanSeeOtherUser(c.App.Session().UserId, user.Id)
|
2018-12-06 16:55:06 +01:00
|
|
|
if err != nil {
|
2017-02-08 05:00:16 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-29 16:56:56 +02:00
|
|
|
if !canSee {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_MEMBERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.IsSystemAdmin() || c.App.Session().UserId == user.Id {
|
2019-03-27 18:31:35 +05:30
|
|
|
userTermsOfService, err := c.App.GetUserTermsOfService(user.Id)
|
|
|
|
|
if err != nil && err.StatusCode != http.StatusNotFound {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if userTermsOfService != nil {
|
|
|
|
|
user.TermsOfServiceId = userTermsOfService.TermsOfServiceId
|
|
|
|
|
user.TermsOfServiceCreateAt = userTermsOfService.CreateAt
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-31 08:12:01 -05:00
|
|
|
etag := user.Etag(*c.App.Config().PrivacySettings.ShowFullName, *c.App.Config().PrivacySettings.ShowEmailAddress)
|
2017-02-08 05:00:16 -05:00
|
|
|
|
2017-09-22 12:54:27 -05:00
|
|
|
if c.HandleEtag(etag, "Get User", w, r) {
|
2017-02-08 05:00:16 -05:00
|
|
|
return
|
2018-08-01 16:55:18 +02:00
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.App.Session().UserId == user.Id {
|
2018-08-01 16:55:18 +02:00
|
|
|
user.Sanitize(map[string]bool{})
|
2017-02-08 05:00:16 -05:00
|
|
|
} else {
|
2018-08-01 16:55:18 +02:00
|
|
|
c.App.SanitizeProfile(user, c.IsSystemAdmin())
|
2017-02-08 05:00:16 -05:00
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
|
|
|
|
|
w.Write([]byte(user.ToJson()))
|
2017-02-08 05:00:16 -05:00
|
|
|
}
|
|
|
|
|
|
2017-02-07 11:54:07 -05:00
|
|
|
func getUserByEmail(c *Context, w http.ResponseWriter, r *http.Request) {
|
2020-02-12 17:51:45 +04:00
|
|
|
c.SanitizeEmail()
|
2017-02-07 11:54:07 -05:00
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-18 16:04:25 -05:00
|
|
|
sanitizeOptions := c.App.GetSanitizeOptions(c.IsSystemAdmin())
|
|
|
|
|
if !sanitizeOptions["email"] {
|
2020-02-13 13:26:58 +01:00
|
|
|
c.Err = model.NewAppError("getUserByEmail", "api.user.get_user_by_email.permissions.app_error", nil, "userId="+c.App.Session().UserId, http.StatusForbidden)
|
2018-12-18 16:04:25 -05:00
|
|
|
return
|
|
|
|
|
}
|
2017-02-07 11:54:07 -05:00
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
user, err := c.App.GetUserByEmail(c.Params.Email)
|
|
|
|
|
if err != nil {
|
2020-02-13 13:26:58 +01:00
|
|
|
restrictions, err2 := c.App.GetViewUsersRestrictions(c.App.Session().UserId)
|
2019-04-29 16:56:56 +02:00
|
|
|
if err2 != nil {
|
|
|
|
|
c.Err = err2
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if restrictions != nil {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_MEMBERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-02-07 11:54:07 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
canSee, err := c.App.UserCanSeeOtherUser(c.App.Session().UserId, user.Id)
|
2019-04-29 16:56:56 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !canSee {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_MEMBERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-31 08:12:01 -05:00
|
|
|
etag := user.Etag(*c.App.Config().PrivacySettings.ShowFullName, *c.App.Config().PrivacySettings.ShowEmailAddress)
|
2017-02-07 11:54:07 -05:00
|
|
|
|
2017-09-22 12:54:27 -05:00
|
|
|
if c.HandleEtag(etag, "Get User", w, r) {
|
2017-02-07 11:54:07 -05:00
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
|
|
|
|
c.App.SanitizeProfile(user, c.IsSystemAdmin())
|
|
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
|
|
|
|
|
w.Write([]byte(user.ToJson()))
|
2017-02-07 11:54:07 -05:00
|
|
|
}
|
|
|
|
|
|
2018-10-02 08:04:38 +02:00
|
|
|
func getDefaultProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
canSee, err := c.App.UserCanSeeOtherUser(c.App.Session().UserId, c.Params.UserId)
|
2018-10-02 08:04:38 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-29 16:56:56 +02:00
|
|
|
if !canSee {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_MEMBERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user, err := c.App.GetUser(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
2018-10-02 08:04:38 +02:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
img, err := c.App.GetDefaultProfileImage(user)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-21 17:08:49 +05:30
|
|
|
w.Header().Set("Cache-Control", fmt.Sprintf("max-age=%v, private", 24*60*60)) // 24 hrs
|
2018-10-02 08:04:38 +02:00
|
|
|
w.Header().Set("Content-Type", "image/png")
|
|
|
|
|
w.Write(img)
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-27 23:25:28 +09:00
|
|
|
func getProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
canSee, err := c.App.UserCanSeeOtherUser(c.App.Session().UserId, c.Params.UserId)
|
2018-08-01 16:55:18 +02:00
|
|
|
if err != nil {
|
2017-02-27 23:25:28 +09:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
2018-08-01 16:55:18 +02:00
|
|
|
}
|
2017-02-27 23:25:28 +09:00
|
|
|
|
2019-04-29 16:56:56 +02:00
|
|
|
if !canSee {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_MEMBERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user, err := c.App.GetUser(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
2018-08-01 16:55:18 +02:00
|
|
|
return
|
|
|
|
|
}
|
2017-02-27 23:25:28 +09:00
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
etag := strconv.FormatInt(user.LastPictureUpdate, 10)
|
|
|
|
|
if c.HandleEtag(etag, "Get Profile Image", w, r) {
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-02-27 23:25:28 +09:00
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
img, readFailed, err := c.App.GetProfileImage(user)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-02-27 23:25:28 +09:00
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
if readFailed {
|
2021-01-21 17:08:49 +05:30
|
|
|
w.Header().Set("Cache-Control", fmt.Sprintf("max-age=%v, private", 5*60)) // 5 mins
|
2018-08-01 16:55:18 +02:00
|
|
|
} else {
|
2021-01-21 17:08:49 +05:30
|
|
|
w.Header().Set("Cache-Control", fmt.Sprintf("max-age=%v, private", 24*60*60)) // 24 hrs
|
2018-08-01 16:55:18 +02:00
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
|
2017-02-27 23:25:28 +09:00
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
|
|
|
|
w.Header().Set("Content-Type", "image/png")
|
|
|
|
|
w.Write(img)
|
2017-02-27 23:25:28 +09:00
|
|
|
}
|
|
|
|
|
|
2017-02-28 22:11:56 +09:00
|
|
|
func setProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
|
2018-07-18 10:07:00 +02:00
|
|
|
defer io.Copy(ioutil.Discard, r.Body)
|
|
|
|
|
|
2017-02-28 22:11:56 +09:00
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
2017-02-28 22:11:56 +09:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-25 11:15:17 +01:00
|
|
|
if *c.App.Config().FileSettings.DriverName == "" {
|
2017-08-31 15:03:16 +01:00
|
|
|
c.Err = model.NewAppError("uploadProfileImage", "api.user.upload_profile_user.storage.app_error", nil, "", http.StatusNotImplemented)
|
2017-02-28 22:11:56 +09:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
if r.ContentLength > *c.App.Config().FileSettings.MaxFileSize {
|
2017-08-31 15:03:16 +01:00
|
|
|
c.Err = model.NewAppError("uploadProfileImage", "api.user.upload_profile_user.too_large.app_error", nil, "", http.StatusRequestEntityTooLarge)
|
2017-02-28 22:11:56 +09:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
if err := r.ParseMultipartForm(*c.App.Config().FileSettings.MaxFileSize); err != nil {
|
2017-09-05 17:40:35 -04:00
|
|
|
c.Err = model.NewAppError("uploadProfileImage", "api.user.upload_profile_user.parse.app_error", nil, err.Error(), http.StatusInternalServerError)
|
2017-02-28 22:11:56 +09:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m := r.MultipartForm
|
|
|
|
|
imageArray, ok := m.File["image"]
|
|
|
|
|
if !ok {
|
2017-08-31 15:03:16 +01:00
|
|
|
c.Err = model.NewAppError("uploadProfileImage", "api.user.upload_profile_user.no_file.app_error", nil, "", http.StatusBadRequest)
|
2017-02-28 22:11:56 +09:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(imageArray) <= 0 {
|
2017-08-31 15:03:16 +01:00
|
|
|
c.Err = model.NewAppError("uploadProfileImage", "api.user.upload_profile_user.array.app_error", nil, "", http.StatusBadRequest)
|
2017-02-28 22:11:56 +09:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("setProfileImage", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
if imageArray[0] != nil {
|
|
|
|
|
auditRec.AddMeta("filename", imageArray[0].Filename)
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-22 14:02:16 -04:00
|
|
|
user, err := c.App.GetUser(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidUrlParam("user_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
auditRec.AddMeta("user", user)
|
|
|
|
|
|
|
|
|
|
if (user.IsLDAPUser() || (user.IsSAMLUser() && *c.App.Config().SamlSettings.EnableSyncWithLdap)) &&
|
|
|
|
|
*c.App.Config().LdapSettings.PictureAttribute != "" {
|
|
|
|
|
c.Err = model.NewAppError(
|
|
|
|
|
"uploadProfileImage", "api.user.upload_profile_user.login_provider_attribute_set.app_error",
|
|
|
|
|
nil, "", http.StatusConflict)
|
|
|
|
|
return
|
2020-04-08 00:52:30 -04:00
|
|
|
}
|
|
|
|
|
|
2017-02-28 22:11:56 +09:00
|
|
|
imageData := imageArray[0]
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.SetProfileImage(c.Params.UserId, imageData); err != nil {
|
2017-02-28 22:11:56 +09:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-02-28 22:11:56 +09:00
|
|
|
c.LogAudit("")
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-02-28 22:11:56 +09:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-02 08:04:38 +02:00
|
|
|
func setDefaultProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
2018-10-02 08:04:38 +02:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-25 11:15:17 +01:00
|
|
|
if *c.App.Config().FileSettings.DriverName == "" {
|
2018-10-02 08:04:38 +02:00
|
|
|
c.Err = model.NewAppError("setDefaultProfileImage", "api.user.upload_profile_user.storage.app_error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("setDefaultProfileImage", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2018-10-02 08:04:38 +02:00
|
|
|
user, err := c.App.GetUser(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user", user)
|
2018-10-02 08:04:38 +02:00
|
|
|
|
|
|
|
|
if err := c.App.SetDefaultProfileImage(user); err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2018-10-02 08:04:38 +02:00
|
|
|
c.LogAudit("")
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2018-10-02 08:04:38 +02:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-07 09:45:49 -07:00
|
|
|
func getTotalUsersStats(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
restrictions, err := c.App.GetViewUsersRestrictions(c.App.Session().UserId)
|
2019-04-29 16:56:56 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
stats, err := c.App.GetTotalUsersStats(restrictions)
|
2018-08-01 16:55:18 +02:00
|
|
|
if err != nil {
|
2018-06-07 09:45:49 -07:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
|
|
|
|
w.Write([]byte(stats.ToJson()))
|
2018-06-07 09:45:49 -07:00
|
|
|
}
|
|
|
|
|
|
2020-07-16 12:37:26 -04:00
|
|
|
func getFilteredUsersStats(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
teamID := r.URL.Query().Get("in_team")
|
|
|
|
|
channelID := r.URL.Query().Get("in_channel")
|
|
|
|
|
includeDeleted := r.URL.Query().Get("include_deleted")
|
|
|
|
|
includeBotAccounts := r.URL.Query().Get("include_bots")
|
|
|
|
|
rolesString := r.URL.Query().Get("roles")
|
|
|
|
|
channelRolesString := r.URL.Query().Get("channel_roles")
|
|
|
|
|
teamRolesString := r.URL.Query().Get("team_roles")
|
|
|
|
|
|
|
|
|
|
includeDeletedBool, _ := strconv.ParseBool(includeDeleted)
|
|
|
|
|
includeBotAccountsBool, _ := strconv.ParseBool(includeBotAccounts)
|
|
|
|
|
|
|
|
|
|
roles := []string{}
|
|
|
|
|
var rolesValid bool
|
|
|
|
|
if rolesString != "" {
|
|
|
|
|
roles, rolesValid = model.CleanRoleNames(strings.Split(rolesString, ","))
|
|
|
|
|
if !rolesValid {
|
|
|
|
|
c.SetInvalidParam("roles")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
channelRoles := []string{}
|
2020-12-22 19:20:59 +05:30
|
|
|
if channelRolesString != "" && channelID != "" {
|
2020-07-16 12:37:26 -04:00
|
|
|
channelRoles, rolesValid = model.CleanRoleNames(strings.Split(channelRolesString, ","))
|
|
|
|
|
if !rolesValid {
|
|
|
|
|
c.SetInvalidParam("channelRoles")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
teamRoles := []string{}
|
2020-12-22 19:20:59 +05:30
|
|
|
if teamRolesString != "" && teamID != "" {
|
2020-07-16 12:37:26 -04:00
|
|
|
teamRoles, rolesValid = model.CleanRoleNames(strings.Split(teamRolesString, ","))
|
|
|
|
|
if !rolesValid {
|
|
|
|
|
c.SetInvalidParam("teamRoles")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
options := &model.UserCountOptions{
|
|
|
|
|
IncludeDeleted: includeDeletedBool,
|
|
|
|
|
IncludeBotAccounts: includeBotAccountsBool,
|
|
|
|
|
TeamId: teamID,
|
|
|
|
|
ChannelId: channelID,
|
|
|
|
|
Roles: roles,
|
|
|
|
|
ChannelRoles: channelRoles,
|
|
|
|
|
TeamRoles: teamRoles,
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-13 10:57:57 -05:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_USERS) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_USERS)
|
2020-07-16 12:37:26 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
stats, err := c.App.GetFilteredUsersStats(options)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(stats.ToJson()))
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-22 00:14:21 +01:00
|
|
|
func getUsersByGroupChannelIds(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
channelIds := model.ArrayFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
if len(channelIds) == 0 {
|
|
|
|
|
c.SetInvalidParam("channel_ids")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
usersByChannelId, err := c.App.GetUsersByGroupChannelIds(channelIds, c.IsSystemAdmin())
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
b, _ := json.Marshal(usersByChannelId)
|
|
|
|
|
w.Write(b)
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-03 15:17:34 -05:00
|
|
|
func getUsers(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
inTeamId := r.URL.Query().Get("in_team")
|
2017-03-30 02:10:51 +01:00
|
|
|
notInTeamId := r.URL.Query().Get("not_in_team")
|
2017-02-03 15:17:34 -05:00
|
|
|
inChannelId := r.URL.Query().Get("in_channel")
|
2020-06-18 10:22:35 -04:00
|
|
|
inGroupId := r.URL.Query().Get("in_group")
|
2017-02-03 15:17:34 -05:00
|
|
|
notInChannelId := r.URL.Query().Get("not_in_channel")
|
2019-05-16 10:12:06 +01:00
|
|
|
groupConstrained := r.URL.Query().Get("group_constrained")
|
2017-03-29 21:11:40 -04:00
|
|
|
withoutTeam := r.URL.Query().Get("without_team")
|
2019-01-11 14:50:32 +01:00
|
|
|
inactive := r.URL.Query().Get("inactive")
|
2020-06-29 15:52:46 -04:00
|
|
|
active := r.URL.Query().Get("active")
|
2019-01-11 14:50:32 +01:00
|
|
|
role := r.URL.Query().Get("role")
|
2017-06-30 12:07:23 -04:00
|
|
|
sort := r.URL.Query().Get("sort")
|
2020-07-16 12:37:26 -04:00
|
|
|
rolesString := r.URL.Query().Get("roles")
|
|
|
|
|
channelRolesString := r.URL.Query().Get("channel_roles")
|
|
|
|
|
teamRolesString := r.URL.Query().Get("team_roles")
|
2017-02-03 15:17:34 -05:00
|
|
|
|
2021-01-25 11:15:17 +01:00
|
|
|
if notInChannelId != "" && inTeamId == "" {
|
2017-06-30 12:07:23 -04:00
|
|
|
c.SetInvalidUrlParam("team_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-09 05:48:30 -07:00
|
|
|
if sort != "" && sort != "last_activity_at" && sort != "create_at" && sort != "status" {
|
2017-06-30 12:07:23 -04:00
|
|
|
c.SetInvalidUrlParam("sort")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Currently only supports sorting on a team
|
2018-03-09 05:48:30 -07:00
|
|
|
// or sort="status" on inChannelId
|
2020-06-18 10:22:35 -04:00
|
|
|
if (sort == "last_activity_at" || sort == "create_at") && (inTeamId == "" || notInTeamId != "" || inChannelId != "" || notInChannelId != "" || withoutTeam != "" || inGroupId != "") {
|
2017-06-30 12:07:23 -04:00
|
|
|
c.SetInvalidUrlParam("sort")
|
2017-02-03 15:17:34 -05:00
|
|
|
return
|
|
|
|
|
}
|
2018-03-09 05:48:30 -07:00
|
|
|
if sort == "status" && inChannelId == "" {
|
|
|
|
|
c.SetInvalidUrlParam("sort")
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-02-03 15:17:34 -05:00
|
|
|
|
2019-01-11 14:50:32 +01:00
|
|
|
withoutTeamBool, _ := strconv.ParseBool(withoutTeam)
|
2019-05-16 10:12:06 +01:00
|
|
|
groupConstrainedBool, _ := strconv.ParseBool(groupConstrained)
|
2019-01-11 14:50:32 +01:00
|
|
|
inactiveBool, _ := strconv.ParseBool(inactive)
|
2020-06-29 15:52:46 -04:00
|
|
|
activeBool, _ := strconv.ParseBool(active)
|
|
|
|
|
|
|
|
|
|
if inactiveBool && activeBool {
|
|
|
|
|
c.SetInvalidUrlParam("inactive")
|
|
|
|
|
}
|
2019-01-11 14:50:32 +01:00
|
|
|
|
2020-07-16 12:37:26 -04:00
|
|
|
roles := []string{}
|
|
|
|
|
var rolesValid bool
|
|
|
|
|
if rolesString != "" {
|
|
|
|
|
roles, rolesValid = model.CleanRoleNames(strings.Split(rolesString, ","))
|
|
|
|
|
if !rolesValid {
|
|
|
|
|
c.SetInvalidParam("roles")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
channelRoles := []string{}
|
2020-12-22 19:20:59 +05:30
|
|
|
if channelRolesString != "" && inChannelId != "" {
|
2020-07-16 12:37:26 -04:00
|
|
|
channelRoles, rolesValid = model.CleanRoleNames(strings.Split(channelRolesString, ","))
|
|
|
|
|
if !rolesValid {
|
|
|
|
|
c.SetInvalidParam("channelRoles")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
teamRoles := []string{}
|
2020-12-22 19:20:59 +05:30
|
|
|
if teamRolesString != "" && inTeamId != "" {
|
2020-07-16 12:37:26 -04:00
|
|
|
teamRoles, rolesValid = model.CleanRoleNames(strings.Split(teamRolesString, ","))
|
|
|
|
|
if !rolesValid {
|
|
|
|
|
c.SetInvalidParam("teamRoles")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
restrictions, err := c.App.GetViewUsersRestrictions(c.App.Session().UserId)
|
2019-04-29 16:56:56 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-11 14:50:32 +01:00
|
|
|
userGetOptions := &model.UserGetOptions{
|
2019-04-29 16:56:56 +02:00
|
|
|
InTeamId: inTeamId,
|
|
|
|
|
InChannelId: inChannelId,
|
|
|
|
|
NotInTeamId: notInTeamId,
|
|
|
|
|
NotInChannelId: notInChannelId,
|
2020-06-18 10:22:35 -04:00
|
|
|
InGroupId: inGroupId,
|
2019-05-16 10:12:06 +01:00
|
|
|
GroupConstrained: groupConstrainedBool,
|
2019-04-29 16:56:56 +02:00
|
|
|
WithoutTeam: withoutTeamBool,
|
|
|
|
|
Inactive: inactiveBool,
|
2020-06-29 15:52:46 -04:00
|
|
|
Active: activeBool,
|
2019-04-29 16:56:56 +02:00
|
|
|
Role: role,
|
2020-07-16 12:37:26 -04:00
|
|
|
Roles: roles,
|
|
|
|
|
ChannelRoles: channelRoles,
|
|
|
|
|
TeamRoles: teamRoles,
|
2019-04-29 16:56:56 +02:00
|
|
|
Sort: sort,
|
|
|
|
|
Page: c.Params.Page,
|
|
|
|
|
PerPage: c.Params.PerPage,
|
|
|
|
|
ViewRestrictions: restrictions,
|
2019-01-11 14:50:32 +01:00
|
|
|
}
|
|
|
|
|
|
2017-02-03 15:17:34 -05:00
|
|
|
var profiles []*model.User
|
|
|
|
|
etag := ""
|
|
|
|
|
|
2017-06-30 12:07:23 -04:00
|
|
|
if withoutTeamBool, _ := strconv.ParseBool(withoutTeam); withoutTeamBool {
|
2017-03-29 21:11:40 -04:00
|
|
|
// Use a special permission for now
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_LIST_USERS_WITHOUT_TEAM) {
|
2017-03-29 21:11:40 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_LIST_USERS_WITHOUT_TEAM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-17 15:13:17 -04:00
|
|
|
profiles, err = c.App.GetUsersWithoutTeamPage(userGetOptions, c.IsSystemAdmin())
|
2021-01-25 11:15:17 +01:00
|
|
|
} else if notInChannelId != "" {
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToChannel(*c.App.Session(), notInChannelId, model.PERMISSION_READ_CHANNEL) {
|
2017-02-03 15:17:34 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-16 10:12:06 +01:00
|
|
|
profiles, err = c.App.GetUsersNotInChannelPage(inTeamId, notInChannelId, groupConstrainedBool, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin(), restrictions)
|
2021-01-25 11:15:17 +01:00
|
|
|
} else if notInTeamId != "" {
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToTeam(*c.App.Session(), notInTeamId, model.PERMISSION_VIEW_TEAM) {
|
2017-03-30 02:10:51 +01:00
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-29 16:56:56 +02:00
|
|
|
etag = c.App.GetUsersNotInTeamEtag(inTeamId, restrictions.Hash())
|
2017-09-22 12:54:27 -05:00
|
|
|
if c.HandleEtag(etag, "Get Users Not in Team", w, r) {
|
2017-03-30 02:10:51 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-16 10:12:06 +01:00
|
|
|
profiles, err = c.App.GetUsersNotInTeamPage(notInTeamId, groupConstrainedBool, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin(), restrictions)
|
2021-01-25 11:15:17 +01:00
|
|
|
} else if inTeamId != "" {
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToTeam(*c.App.Session(), inTeamId, model.PERMISSION_VIEW_TEAM) {
|
2017-02-03 15:17:34 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-30 12:07:23 -04:00
|
|
|
if sort == "last_activity_at" {
|
2019-04-29 16:56:56 +02:00
|
|
|
profiles, err = c.App.GetRecentlyActiveUsersForTeamPage(inTeamId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin(), restrictions)
|
2017-06-30 12:07:23 -04:00
|
|
|
} else if sort == "create_at" {
|
2019-04-29 16:56:56 +02:00
|
|
|
profiles, err = c.App.GetNewUsersForTeamPage(inTeamId, c.Params.Page, c.Params.PerPage, c.IsSystemAdmin(), restrictions)
|
2017-06-30 12:07:23 -04:00
|
|
|
} else {
|
2019-04-29 16:56:56 +02:00
|
|
|
etag = c.App.GetUsersInTeamEtag(inTeamId, restrictions.Hash())
|
2017-09-22 12:54:27 -05:00
|
|
|
if c.HandleEtag(etag, "Get Users in Team", w, r) {
|
2017-06-30 12:07:23 -04:00
|
|
|
return
|
|
|
|
|
}
|
2019-01-11 14:50:32 +01:00
|
|
|
profiles, err = c.App.GetUsersInTeamPage(userGetOptions, c.IsSystemAdmin())
|
2017-06-30 12:07:23 -04:00
|
|
|
}
|
2021-01-25 11:15:17 +01:00
|
|
|
} else if inChannelId != "" {
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToChannel(*c.App.Session(), inChannelId, model.PERMISSION_READ_CHANNEL) {
|
2017-02-03 15:17:34 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-03-09 05:48:30 -07:00
|
|
|
if sort == "status" {
|
2020-09-16 11:04:17 +03:00
|
|
|
profiles, err = c.App.GetUsersInChannelPageByStatus(userGetOptions, c.IsSystemAdmin())
|
2018-03-09 05:48:30 -07:00
|
|
|
} else {
|
2020-09-16 11:04:17 +03:00
|
|
|
profiles, err = c.App.GetUsersInChannelPage(userGetOptions, c.IsSystemAdmin())
|
2018-03-09 05:48:30 -07:00
|
|
|
}
|
2021-01-25 11:15:17 +01:00
|
|
|
} else if inGroupId != "" {
|
2020-06-18 10:22:35 -04:00
|
|
|
if c.App.Srv().License() == nil || !*c.App.Srv().License().Features.LDAPGroups {
|
|
|
|
|
c.Err = model.NewAppError("Api4.getUsersInGroup", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-21 16:49:31 -04:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_GROUPS) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_SYSCONSOLE_READ_USERMANAGEMENT_GROUPS)
|
2020-06-18 10:22:35 -04:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
profiles, _, err = c.App.GetGroupMemberUsersPage(inGroupId, c.Params.Page, c.Params.PerPage)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-02-03 15:17:34 -05:00
|
|
|
} else {
|
2020-02-13 13:26:58 +01:00
|
|
|
userGetOptions, err = c.App.RestrictUsersGetByPermissions(c.App.Session().UserId, userGetOptions)
|
2019-04-29 16:56:56 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2019-01-11 14:50:32 +01:00
|
|
|
profiles, err = c.App.GetUsersPage(userGetOptions, c.IsSystemAdmin())
|
2017-02-03 15:17:34 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
2021-01-25 11:15:17 +01:00
|
|
|
if etag != "" {
|
2018-08-01 16:55:18 +02:00
|
|
|
w.Header().Set(model.HEADER_ETAG_SERVER, etag)
|
|
|
|
|
}
|
2020-02-13 13:26:58 +01:00
|
|
|
c.App.UpdateLastActivityAtIfNeeded(*c.App.Session())
|
2018-08-01 16:55:18 +02:00
|
|
|
w.Write([]byte(model.UserListToJson(profiles)))
|
2017-02-03 15:17:34 -05:00
|
|
|
}
|
|
|
|
|
|
2017-02-03 09:30:57 -05:00
|
|
|
func getUsersByIds(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
userIds := model.ArrayFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
if len(userIds) == 0 {
|
|
|
|
|
c.SetInvalidParam("user_ids")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-27 09:37:03 -04:00
|
|
|
sinceString := r.URL.Query().Get("since")
|
|
|
|
|
|
|
|
|
|
options := &store.UserGetByIdsOpts{
|
|
|
|
|
IsAdmin: c.IsSystemAdmin(),
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-25 11:15:17 +01:00
|
|
|
if sinceString != "" {
|
2019-06-27 09:37:03 -04:00
|
|
|
since, parseError := strconv.ParseInt(sinceString, 10, 64)
|
|
|
|
|
if parseError != nil {
|
|
|
|
|
c.SetInvalidParam("since")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
options.Since = since
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
restrictions, err := c.App.GetViewUsersRestrictions(c.App.Session().UserId)
|
2019-04-29 16:56:56 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2019-06-27 09:37:03 -04:00
|
|
|
options.ViewRestrictions = restrictions
|
2017-02-03 09:30:57 -05:00
|
|
|
|
2019-06-27 09:37:03 -04:00
|
|
|
users, err := c.App.GetUsersByIds(userIds, options)
|
2018-08-01 16:55:18 +02:00
|
|
|
if err != nil {
|
2017-02-03 09:30:57 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
|
|
|
|
w.Write([]byte(model.UserListToJson(users)))
|
2017-02-03 09:30:57 -05:00
|
|
|
}
|
|
|
|
|
|
2017-04-25 11:00:41 -04:00
|
|
|
func getUsersByNames(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
usernames := model.ArrayFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
if len(usernames) == 0 {
|
|
|
|
|
c.SetInvalidParam("usernames")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
restrictions, err := c.App.GetViewUsersRestrictions(c.App.Session().UserId)
|
2019-04-29 16:56:56 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-04-25 11:00:41 -04:00
|
|
|
|
2019-04-29 16:56:56 +02:00
|
|
|
users, err := c.App.GetUsersByUsernames(usernames, c.IsSystemAdmin(), restrictions)
|
2018-08-01 16:55:18 +02:00
|
|
|
if err != nil {
|
2017-04-25 11:00:41 -04:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
|
|
|
|
w.Write([]byte(model.UserListToJson(users)))
|
2017-04-25 11:00:41 -04:00
|
|
|
}
|
|
|
|
|
|
2020-04-28 12:52:43 +02:00
|
|
|
func getKnownUsers(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
userIds, err := c.App.GetKnownUsers(c.App.Session().UserId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
data, _ := json.Marshal(userIds)
|
|
|
|
|
|
|
|
|
|
w.Write(data)
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-23 06:34:22 -04:00
|
|
|
func searchUsers(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.UserSearchFromJson(r.Body)
|
|
|
|
|
if props == nil {
|
|
|
|
|
c.SetInvalidParam("")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-25 11:15:17 +01:00
|
|
|
if props.Term == "" {
|
2017-03-23 06:34:22 -04:00
|
|
|
c.SetInvalidParam("term")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if props.TeamId == "" && props.NotInChannelId != "" {
|
|
|
|
|
c.SetInvalidParam("team_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-18 10:22:35 -04:00
|
|
|
if props.InGroupId != "" {
|
|
|
|
|
if c.App.Srv().License() == nil || !*c.App.Srv().License().Features.LDAPGroups {
|
|
|
|
|
c.Err = model.NewAppError("Api4.searchUsers", "api.ldap_groups.license_error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if props.InChannelId != "" && !c.App.SessionHasPermissionToChannel(*c.App.Session(), props.InChannelId, model.PERMISSION_READ_CHANNEL) {
|
2017-03-23 06:34:22 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if props.NotInChannelId != "" && !c.App.SessionHasPermissionToChannel(*c.App.Session(), props.NotInChannelId, model.PERMISSION_READ_CHANNEL) {
|
2017-03-23 06:34:22 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if props.TeamId != "" && !c.App.SessionHasPermissionToTeam(*c.App.Session(), props.TeamId, model.PERMISSION_VIEW_TEAM) {
|
2017-03-23 06:34:22 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if props.NotInTeamId != "" && !c.App.SessionHasPermissionToTeam(*c.App.Session(), props.NotInTeamId, model.PERMISSION_VIEW_TEAM) {
|
2017-04-03 18:11:12 +01:00
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-17 11:24:12 -04:00
|
|
|
if props.Limit <= 0 || props.Limit > model.USER_SEARCH_MAX_LIMIT {
|
|
|
|
|
c.SetInvalidParam("limit")
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-03-23 06:34:22 -04:00
|
|
|
|
2018-10-17 11:24:12 -04:00
|
|
|
options := &model.UserSearchOptions{
|
2019-05-16 10:12:06 +01:00
|
|
|
IsAdmin: c.IsSystemAdmin(),
|
|
|
|
|
AllowInactive: props.AllowInactive,
|
|
|
|
|
GroupConstrained: props.GroupConstrained,
|
|
|
|
|
Limit: props.Limit,
|
|
|
|
|
Role: props.Role,
|
2020-07-16 12:37:26 -04:00
|
|
|
Roles: props.Roles,
|
|
|
|
|
ChannelRoles: props.ChannelRoles,
|
|
|
|
|
TeamRoles: props.TeamRoles,
|
2018-10-17 11:24:12 -04:00
|
|
|
}
|
2017-03-23 06:34:22 -04:00
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
2018-10-17 11:24:12 -04:00
|
|
|
options.AllowEmails = true
|
|
|
|
|
options.AllowFullNames = true
|
|
|
|
|
} else {
|
2019-01-31 08:12:01 -05:00
|
|
|
options.AllowEmails = *c.App.Config().PrivacySettings.ShowEmailAddress
|
|
|
|
|
options.AllowFullNames = *c.App.Config().PrivacySettings.ShowFullName
|
2017-03-23 06:34:22 -04:00
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
options, err := c.App.RestrictUsersSearchByPermissions(c.App.Session().UserId, options)
|
2019-04-29 16:56:56 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-17 11:24:12 -04:00
|
|
|
profiles, err := c.App.SearchUsers(props, options)
|
2018-08-01 16:55:18 +02:00
|
|
|
if err != nil {
|
2017-03-23 06:34:22 -04:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
|
|
|
|
w.Write([]byte(model.UserListToJson(profiles)))
|
2017-03-23 06:34:22 -04:00
|
|
|
}
|
|
|
|
|
|
2017-03-13 08:29:41 -04:00
|
|
|
func autocompleteUsers(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
channelId := r.URL.Query().Get("in_channel")
|
|
|
|
|
teamId := r.URL.Query().Get("in_team")
|
|
|
|
|
name := r.URL.Query().Get("name")
|
2018-10-17 11:24:12 -04:00
|
|
|
limitStr := r.URL.Query().Get("limit")
|
|
|
|
|
limit, _ := strconv.Atoi(limitStr)
|
|
|
|
|
if limitStr == "" {
|
|
|
|
|
limit = model.USER_SEARCH_DEFAULT_LIMIT
|
2019-03-15 17:53:53 +00:00
|
|
|
} else if limit > model.USER_SEARCH_MAX_LIMIT {
|
|
|
|
|
limit = model.USER_SEARCH_MAX_LIMIT
|
2018-10-17 11:24:12 -04:00
|
|
|
}
|
2017-03-13 08:29:41 -04:00
|
|
|
|
2018-10-17 11:24:12 -04:00
|
|
|
options := &model.UserSearchOptions{
|
|
|
|
|
IsAdmin: c.IsSystemAdmin(),
|
|
|
|
|
// Never autocomplete on emails.
|
|
|
|
|
AllowEmails: false,
|
|
|
|
|
Limit: limit,
|
|
|
|
|
}
|
2017-03-13 08:29:41 -04:00
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
2018-10-17 11:24:12 -04:00
|
|
|
options.AllowFullNames = true
|
2017-03-13 08:29:41 -04:00
|
|
|
} else {
|
2019-01-31 08:12:01 -05:00
|
|
|
options.AllowFullNames = *c.App.Config().PrivacySettings.ShowFullName
|
2017-03-13 08:29:41 -04:00
|
|
|
}
|
|
|
|
|
|
2021-01-25 11:15:17 +01:00
|
|
|
if channelId != "" {
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToChannel(*c.App.Session(), channelId, model.PERMISSION_READ_CHANNEL) {
|
2017-04-28 11:04:13 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-10-09 15:25:57 -04:00
|
|
|
}
|
2017-03-13 08:29:41 -04:00
|
|
|
|
2021-01-25 11:15:17 +01:00
|
|
|
if teamId != "" {
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToTeam(*c.App.Session(), teamId, model.PERMISSION_VIEW_TEAM) {
|
2018-10-09 15:25:57 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_VIEW_TEAM)
|
|
|
|
|
return
|
2018-09-28 10:06:40 -04:00
|
|
|
}
|
2018-10-09 15:25:57 -04:00
|
|
|
}
|
2018-09-28 10:06:40 -04:00
|
|
|
|
2018-12-06 13:19:32 -05:00
|
|
|
var autocomplete model.UserAutocomplete
|
2018-12-06 16:55:06 +01:00
|
|
|
|
2019-09-18 20:27:32 +02:00
|
|
|
var err *model.AppError
|
2020-02-13 13:26:58 +01:00
|
|
|
options, err = c.App.RestrictUsersSearchByPermissions(c.App.Session().UserId, options)
|
2019-09-18 20:27:32 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-25 11:15:17 +01:00
|
|
|
if channelId != "" {
|
2020-06-26 20:37:35 +02:00
|
|
|
// We're using the channelId to search for users inside that channel and the team
|
|
|
|
|
// to get the not in channel list. Also we want to include the DM and GM users for
|
|
|
|
|
// that team which could only be obtained having the team id.
|
2021-01-25 11:15:17 +01:00
|
|
|
if teamId == "" {
|
2020-06-26 20:37:35 +02:00
|
|
|
c.Err = model.NewAppError("autocompleteUser",
|
|
|
|
|
"api.user.autocomplete_users.missing_team_id.app_error",
|
|
|
|
|
nil,
|
|
|
|
|
"channelId="+channelId,
|
|
|
|
|
http.StatusInternalServerError,
|
|
|
|
|
)
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-10-17 11:24:12 -04:00
|
|
|
result, err := c.App.AutocompleteUsersInChannel(teamId, channelId, name, options)
|
2018-04-17 18:39:08 -04:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-28 11:04:13 -04:00
|
|
|
autocomplete.Users = result.InChannel
|
|
|
|
|
autocomplete.OutOfChannel = result.OutOfChannel
|
2021-01-25 11:15:17 +01:00
|
|
|
} else if teamId != "" {
|
2018-10-17 11:24:12 -04:00
|
|
|
result, err := c.App.AutocompleteUsersInTeam(teamId, name, options)
|
2018-04-17 18:39:08 -04:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-28 11:04:13 -04:00
|
|
|
autocomplete.Users = result.InTeam
|
2017-03-13 08:29:41 -04:00
|
|
|
} else {
|
2018-10-17 11:24:12 -04:00
|
|
|
result, err := c.App.SearchUsersInTeam("", name, options)
|
2018-04-17 18:39:08 -04:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-03-13 08:29:41 -04:00
|
|
|
autocomplete.Users = result
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
w.Write([]byte((autocomplete.ToJson())))
|
2017-03-13 08:29:41 -04:00
|
|
|
}
|
|
|
|
|
|
2017-01-30 08:30:02 -05:00
|
|
|
func updateUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user := model.UserFromJson(r.Body)
|
|
|
|
|
if user == nil {
|
|
|
|
|
c.SetInvalidParam("user")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-14 16:21:05 +01:00
|
|
|
// The user being updated in the payload must be the same one as indicated in the URL.
|
|
|
|
|
if user.Id != c.Params.UserId {
|
|
|
|
|
c.SetInvalidParam("user_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("updateUser", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2020-10-07 19:41:46 -04:00
|
|
|
// Cannot update a system admin unless user making request is a systemadmin also.
|
|
|
|
|
if user.IsSystemAdmin() && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), user.Id) {
|
2017-01-30 08:30:02 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-02 00:06:49 +01:00
|
|
|
ouser, err := c.App.GetUser(user.Id)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user", ouser)
|
2017-10-04 11:04:56 -04:00
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.App.Session().IsOAuth {
|
2017-10-04 11:04:56 -04:00
|
|
|
if ouser.Email != user.Email {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
c.Err.DetailedError += ", attempted email update by oauth app"
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-22 14:02:16 -04:00
|
|
|
// Check that the fields being updated are not set by the login provider
|
|
|
|
|
conflictField := c.App.CheckProviderAttributes(ouser, user.ToPatch())
|
|
|
|
|
if conflictField != "" {
|
|
|
|
|
c.Err = model.NewAppError(
|
|
|
|
|
"updateUser", "api.user.update_user.login_provider_attribute_set.app_error",
|
|
|
|
|
map[string]interface{}{"Field": conflictField}, "", http.StatusConflict)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-02 00:06:49 +01:00
|
|
|
// If eMail update is attempted by the currently logged in user, check if correct password was provided
|
2020-02-13 13:26:58 +01:00
|
|
|
if user.Email != "" && ouser.Email != user.Email && c.App.Session().UserId == c.Params.UserId {
|
2019-02-02 00:06:49 +01:00
|
|
|
err = c.App.DoubleCheckPassword(ouser, user.Password)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParam("password")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
ruser, err := c.App.UpdateUserAsUser(user, c.IsSystemAdmin())
|
|
|
|
|
if err != nil {
|
2017-01-30 08:30:02 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("update", ruser)
|
2018-08-01 16:55:18 +02:00
|
|
|
c.LogAudit("")
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
w.Write([]byte(ruser.ToJson()))
|
2017-01-30 08:30:02 -05:00
|
|
|
}
|
|
|
|
|
|
2017-02-16 09:46:55 -05:00
|
|
|
func patchUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
patch := model.UserPatchFromJson(r.Body)
|
|
|
|
|
if patch == nil {
|
|
|
|
|
c.SetInvalidParam("user")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("patchUser", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
2017-02-16 09:46:55 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-12 12:02:36 -07:00
|
|
|
ouser, err := c.App.GetUser(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.SetInvalidParam("user_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user", ouser)
|
2018-04-12 12:02:36 -07:00
|
|
|
|
2020-10-07 19:41:46 -04:00
|
|
|
// Cannot update a system admin unless user making request is a systemadmin also
|
|
|
|
|
if ouser.IsSystemAdmin() && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.App.Session().IsOAuth && patch.Email != nil {
|
2017-10-04 11:04:56 -04:00
|
|
|
if ouser.Email != *patch.Email {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
c.Err.DetailedError += ", attempted email update by oauth app"
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-22 14:02:16 -04:00
|
|
|
conflictField := c.App.CheckProviderAttributes(ouser, patch)
|
|
|
|
|
if conflictField != "" {
|
|
|
|
|
c.Err = model.NewAppError(
|
|
|
|
|
"patchUser", "api.user.patch_user.login_provider_attribute_set.app_error",
|
|
|
|
|
map[string]interface{}{"Field": conflictField}, "", http.StatusConflict)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-02 00:06:49 +01:00
|
|
|
// If eMail update is attempted by the currently logged in user, check if correct password was provided
|
2020-02-13 13:26:58 +01:00
|
|
|
if patch.Email != nil && ouser.Email != *patch.Email && c.App.Session().UserId == c.Params.UserId {
|
2019-02-02 00:06:49 +01:00
|
|
|
if patch.Password == nil {
|
|
|
|
|
c.SetInvalidParam("password")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err = c.App.DoubleCheckPassword(ouser, *patch.Password); err != nil {
|
2019-02-04 18:54:57 +01:00
|
|
|
c.Err = err
|
2019-02-02 00:06:49 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
ruser, err := c.App.PatchUser(c.Params.UserId, patch, c.IsSystemAdmin())
|
|
|
|
|
if err != nil {
|
2017-02-16 09:46:55 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
|
|
|
|
c.App.SetAutoResponderStatus(ruser, ouser.NotifyProps)
|
2020-03-12 15:50:21 -04:00
|
|
|
|
|
|
|
|
auditRec.Success()
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("patch", ruser)
|
2018-08-01 16:55:18 +02:00
|
|
|
c.LogAudit("")
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
w.Write([]byte(ruser.ToJson()))
|
2017-02-16 09:46:55 -05:00
|
|
|
}
|
|
|
|
|
|
2017-02-07 10:46:40 -08:00
|
|
|
func deleteUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
2017-02-05 12:20:17 -05:00
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userId := c.Params.UserId
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("deleteUser", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), userId) {
|
2017-02-05 12:20:17 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-02-07 10:46:40 -08:00
|
|
|
|
2019-02-20 16:56:26 +01:00
|
|
|
// if EnableUserDeactivation flag is disabled the user cannot deactivate himself.
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.Params.UserId == c.App.Session().UserId && !*c.App.Config().TeamSettings.EnableUserDeactivation && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
2019-02-20 16:56:26 +01:00
|
|
|
c.Err = model.NewAppError("deleteUser", "api.user.update_active.not_enable.app_error", nil, "userId="+c.Params.UserId, http.StatusUnauthorized)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
user, err := c.App.GetUser(userId)
|
|
|
|
|
if err != nil {
|
2017-02-05 12:20:17 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user", user)
|
2017-02-05 12:20:17 -05:00
|
|
|
|
2020-10-07 19:41:46 -04:00
|
|
|
// Cannot update a system admin unless user making request is a systemadmin also
|
|
|
|
|
if user.IsSystemAdmin() && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-22 12:02:23 +00:00
|
|
|
if c.Params.Permanent {
|
|
|
|
|
if *c.App.Config().ServiceSettings.EnableAPIUserDeletion {
|
|
|
|
|
err = c.App.PermanentDeleteUser(user)
|
|
|
|
|
} else {
|
|
|
|
|
err = model.NewAppError("deleteUser", "api.user.delete_user.not_enabled.app_error", nil, "userId="+c.Params.UserId, http.StatusUnauthorized)
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
_, err = c.App.UpdateActive(user, false)
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
2017-02-05 12:20:17 -05:00
|
|
|
c.Err = err
|
2017-02-07 10:46:40 -08:00
|
|
|
return
|
2017-02-05 12:20:17 -05:00
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-02-05 12:20:17 -05:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-01 16:13:16 -05:00
|
|
|
func updateUserRoles(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
newRoles := props["roles"]
|
|
|
|
|
if !model.IsValidUserRoles(newRoles) {
|
|
|
|
|
c.SetInvalidParam("roles")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-21 16:49:31 -04:00
|
|
|
// require license feature to assign "new system roles"
|
|
|
|
|
for _, roleName := range strings.Fields(newRoles) {
|
|
|
|
|
for _, id := range model.NewSystemRoleIDs {
|
|
|
|
|
if roleName == id {
|
|
|
|
|
if license := c.App.Srv().License(); license == nil || !*license.Features.CustomPermissionsSchemes {
|
|
|
|
|
c.Err = model.NewAppError("updateUserRoles", "api.user.update_user_roles.license.app_error", nil, "", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("updateUserRoles", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("roles", newRoles)
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_ROLES) {
|
2017-02-01 16:13:16 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_ROLES)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-08 00:52:30 -04:00
|
|
|
user, err := c.App.UpdateUserRoles(c.Params.UserId, newRoles, true)
|
|
|
|
|
if err != nil {
|
2017-02-01 16:13:16 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user", user)
|
2019-02-22 16:20:59 +01:00
|
|
|
c.LogAudit(fmt.Sprintf("user=%s roles=%s", c.Params.UserId, newRoles))
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-02-01 16:13:16 -05:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-18 00:06:33 +09:00
|
|
|
func updateUserActive(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
props := model.StringInterfaceFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
active, ok := props["active"].(bool)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.SetInvalidParam("active")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("updateUserActive", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("active", active)
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-04-18 00:06:33 +09:00
|
|
|
// true when you're trying to de-activate yourself
|
2020-02-13 13:26:58 +01:00
|
|
|
isSelfDeactive := !active && c.Params.UserId == c.App.Session().UserId
|
2017-04-18 00:06:33 +09:00
|
|
|
|
2020-10-07 19:41:46 -04:00
|
|
|
if !isSelfDeactive && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_USERS) {
|
2017-08-31 15:03:16 +01:00
|
|
|
c.Err = model.NewAppError("updateUserActive", "api.user.update_active.permissions.app_error", nil, "userId="+c.Params.UserId, http.StatusForbidden)
|
2017-04-18 00:06:33 +09:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-28 16:20:08 +02:00
|
|
|
// if EnableUserDeactivation flag is disabled the user cannot deactivate himself.
|
2019-02-12 08:37:54 -05:00
|
|
|
if isSelfDeactive && !*c.App.Config().TeamSettings.EnableUserDeactivation {
|
2018-05-28 16:20:08 +02:00
|
|
|
c.Err = model.NewAppError("updateUserActive", "api.user.update_active.not_enable.app_error", nil, "userId="+c.Params.UserId, http.StatusUnauthorized)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
user, err := c.App.GetUser(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
2017-12-08 14:14:55 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user", user)
|
2017-12-08 14:14:55 -05:00
|
|
|
|
2020-10-07 19:41:46 -04:00
|
|
|
if user.IsSystemAdmin() && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-15 15:43:52 +01:00
|
|
|
if active && user.IsGuest() && !*c.App.Config().GuestAccountsSettings.Enable {
|
|
|
|
|
c.Err = model.NewAppError("updateUserActive", "api.user.update_active.cannot_enable_guest_when_guest_feature_is_disabled.app_error", nil, "userId="+c.Params.UserId, http.StatusUnauthorized)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
if _, err = c.App.UpdateActive(user, active); err != nil {
|
2017-04-18 00:06:33 +09:00
|
|
|
c.Err = err
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2019-02-28 23:30:26 +01:00
|
|
|
c.LogAudit(fmt.Sprintf("user_id=%s active=%v", user.Id, active))
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
if isSelfDeactive {
|
2020-02-13 13:26:58 +01:00
|
|
|
c.App.Srv().Go(func() {
|
2020-07-07 10:03:21 +02:00
|
|
|
if err = c.App.Srv().EmailService.SendDeactivateAccountEmail(user.Email, user.Locale, c.App.GetSiteURL()); err != nil {
|
2021-01-04 17:02:34 +03:00
|
|
|
c.LogErrorByCode(err)
|
2018-08-01 16:55:18 +02:00
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
}
|
2020-10-19 10:29:43 -04:00
|
|
|
|
|
|
|
|
message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_ACTIVATION_STATUS_CHANGE, "", "", "", nil)
|
|
|
|
|
c.App.Publish(message)
|
2020-10-26 13:24:26 -04:00
|
|
|
|
|
|
|
|
// If activating, run cloud check for limit overages
|
|
|
|
|
if active {
|
|
|
|
|
emailErr := c.App.CheckAndSendUserLimitWarningEmails()
|
|
|
|
|
if emailErr != nil {
|
|
|
|
|
c.Err = emailErr
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
ReturnStatusOK(w)
|
2017-04-18 00:06:33 +09:00
|
|
|
}
|
|
|
|
|
|
2018-01-04 09:45:59 -08:00
|
|
|
func updateUserAuth(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
if !c.IsSystemAdmin() {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("updateUserAuth", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2018-01-04 09:45:59 -08:00
|
|
|
userAuth := model.UserAuthFromJson(r.Body)
|
|
|
|
|
if userAuth == nil {
|
|
|
|
|
c.SetInvalidParam("user")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-22 09:58:08 +05:30
|
|
|
if userAuth.AuthData == nil || *userAuth.AuthData == "" || userAuth.AuthService == "" {
|
|
|
|
|
c.Err = model.NewAppError("updateUserAuth", "api.user.update_user_auth.invalid_request", nil, "", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-08 00:52:30 -04:00
|
|
|
if user, err := c.App.GetUser(c.Params.UserId); err == nil {
|
|
|
|
|
auditRec.AddMeta("user", user)
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
user, err := c.App.UpdateUserAuth(c.Params.UserId, userAuth)
|
|
|
|
|
if err != nil {
|
2018-01-04 09:45:59 -08:00
|
|
|
c.Err = err
|
2018-12-17 12:04:30 -08:00
|
|
|
return
|
2018-01-04 09:45:59 -08:00
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
|
|
|
|
auditRec.AddMeta("auth_service", user.AuthService)
|
2019-02-22 16:20:59 +01:00
|
|
|
c.LogAudit(fmt.Sprintf("updated user %s auth to service=%v", c.Params.UserId, user.AuthService))
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
w.Write([]byte(user.ToJson()))
|
2018-01-04 09:45:59 -08:00
|
|
|
}
|
|
|
|
|
|
2019-03-01 18:56:11 +01:00
|
|
|
// Deprecated: checkUserMfa is deprecated and should not be used anymore, starting with version 6.0 it will be disabled.
|
|
|
|
|
// Clients should attempt a login without MFA and will receive a MFA error when it's required.
|
2017-03-27 09:21:48 -04:00
|
|
|
func checkUserMfa(c *Context, w http.ResponseWriter, r *http.Request) {
|
2019-03-01 18:56:11 +01:00
|
|
|
|
|
|
|
|
if *c.App.Config().ServiceSettings.DisableLegacyMFA {
|
|
|
|
|
http.NotFound(w, r)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-27 09:21:48 -04:00
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
loginId := props["login_id"]
|
2021-01-25 11:15:17 +01:00
|
|
|
if loginId == "" {
|
2017-03-27 09:21:48 -04:00
|
|
|
c.SetInvalidParam("login_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resp := map[string]interface{}{}
|
|
|
|
|
resp["mfa_required"] = false
|
|
|
|
|
|
2018-12-12 11:50:19 +01:00
|
|
|
if !*c.App.Config().ServiceSettings.EnableMultifactorAuthentication {
|
2017-03-27 09:21:48 -04:00
|
|
|
w.Write([]byte(model.StringInterfaceToJson(resp)))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-04 09:48:26 -07:00
|
|
|
if *c.App.Config().ServiceSettings.ExperimentalEnableHardenedMode {
|
|
|
|
|
resp["mfa_required"] = true
|
|
|
|
|
} else if user, err := c.App.GetUserForLogin("", loginId); err == nil {
|
2017-03-27 09:21:48 -04:00
|
|
|
resp["mfa_required"] = user.MfaActive
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(model.StringInterfaceToJson(resp)))
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-13 08:29:56 -04:00
|
|
|
func updateUserMfa(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("updateUserMfa", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.App.Session().IsOAuth {
|
2017-10-04 11:04:56 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
c.Err.DetailedError += ", attempted access by oauth app"
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
2017-03-13 08:29:56 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-08 00:52:30 -04:00
|
|
|
if user, err := c.App.GetUser(c.Params.UserId); err == nil {
|
|
|
|
|
auditRec.AddMeta("user", user)
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-13 08:29:56 -04:00
|
|
|
props := model.StringInterfaceFromJson(r.Body)
|
|
|
|
|
activate, ok := props["activate"].(bool)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.SetInvalidParam("activate")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
code := ""
|
|
|
|
|
if activate {
|
|
|
|
|
code, ok = props["code"].(string)
|
2021-01-25 11:15:17 +01:00
|
|
|
if !ok || code == "" {
|
2017-03-13 08:29:56 -04:00
|
|
|
c.SetInvalidParam("code")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.LogAudit("attempt")
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.UpdateMfa(activate, c.Params.UserId, code); err != nil {
|
2017-03-13 08:29:56 -04:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
|
|
|
|
auditRec.AddMeta("activate", activate)
|
2017-03-13 08:29:56 -04:00
|
|
|
c.LogAudit("success - mfa updated")
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-03-13 08:29:56 -04:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-27 09:21:48 -04:00
|
|
|
func generateMfaSecret(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.App.Session().IsOAuth {
|
2017-10-04 11:04:56 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
c.Err.DetailedError += ", attempted access by oauth app"
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
2017-03-27 09:21:48 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
secret, err := c.App.GenerateMfaSecret(c.Params.UserId)
|
2017-03-27 09:21:48 -04:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Header().Set("Cache-Control", "no-cache")
|
|
|
|
|
w.Header().Set("Pragma", "no-cache")
|
|
|
|
|
w.Header().Set("Expires", "0")
|
|
|
|
|
w.Write([]byte(secret.ToJson()))
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-07 09:35:58 -08:00
|
|
|
func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
newPassword := props["new_password"]
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("updatePassword", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
2017-02-07 09:35:58 -08:00
|
|
|
c.LogAudit("attempted")
|
|
|
|
|
|
2020-10-07 19:41:46 -04:00
|
|
|
var canUpdatePassword bool
|
2020-04-08 00:52:30 -04:00
|
|
|
if user, err := c.App.GetUser(c.Params.UserId); err == nil {
|
|
|
|
|
auditRec.AddMeta("user", user)
|
2020-10-07 19:41:46 -04:00
|
|
|
|
|
|
|
|
if user.IsSystemAdmin() {
|
|
|
|
|
canUpdatePassword = c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
} else {
|
|
|
|
|
canUpdatePassword = c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_USERS)
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
}
|
|
|
|
|
|
2017-02-07 09:35:58 -08:00
|
|
|
var err *model.AppError
|
|
|
|
|
|
2020-08-26 11:28:00 -04:00
|
|
|
// There are two main update flows depending on whether the provided password
|
|
|
|
|
// is already hashed or not.
|
|
|
|
|
if props["already_hashed"] == "true" {
|
2020-10-07 19:41:46 -04:00
|
|
|
if canUpdatePassword {
|
2020-08-26 11:28:00 -04:00
|
|
|
err = c.App.UpdateHashedPasswordByUserId(c.Params.UserId, newPassword)
|
|
|
|
|
} else if c.Params.UserId == c.App.Session().UserId {
|
|
|
|
|
err = model.NewAppError("updatePassword", "api.user.update_password.user_and_hashed.app_error", nil, "", http.StatusUnauthorized)
|
|
|
|
|
} else {
|
|
|
|
|
err = model.NewAppError("updatePassword", "api.user.update_password.context.app_error", nil, "", http.StatusForbidden)
|
|
|
|
|
}
|
2017-02-07 09:35:58 -08:00
|
|
|
} else {
|
2020-08-26 11:28:00 -04:00
|
|
|
if c.Params.UserId == c.App.Session().UserId {
|
|
|
|
|
currentPassword := props["current_password"]
|
2021-01-25 11:15:17 +01:00
|
|
|
if currentPassword == "" {
|
2020-08-26 11:28:00 -04:00
|
|
|
c.SetInvalidParam("current_password")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = c.App.UpdatePasswordAsUser(c.Params.UserId, currentPassword, newPassword)
|
2020-10-07 19:41:46 -04:00
|
|
|
} else if canUpdatePassword {
|
2020-08-26 11:28:00 -04:00
|
|
|
err = c.App.UpdatePasswordByUserIdSendEmail(c.Params.UserId, newPassword, c.App.T("api.user.reset_password.method"))
|
|
|
|
|
} else {
|
|
|
|
|
err = model.NewAppError("updatePassword", "api.user.update_password.context.app_error", nil, "", http.StatusForbidden)
|
|
|
|
|
}
|
2017-02-07 09:35:58 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.LogAudit("failed")
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2018-08-01 16:55:18 +02:00
|
|
|
c.LogAudit("completed")
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
ReturnStatusOK(w)
|
2017-02-07 09:35:58 -08:00
|
|
|
}
|
|
|
|
|
|
2017-02-07 10:46:40 -08:00
|
|
|
func resetPassword(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
2017-04-27 10:55:03 -04:00
|
|
|
token := props["token"]
|
|
|
|
|
if len(token) != model.TOKEN_SIZE {
|
|
|
|
|
c.SetInvalidParam("token")
|
2017-02-07 10:46:40 -08:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
newPassword := props["new_password"]
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("resetPassword", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("token", token)
|
2017-04-27 10:55:03 -04:00
|
|
|
c.LogAudit("attempt - token=" + token)
|
2017-02-07 10:46:40 -08:00
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.ResetPasswordFromToken(token, newPassword); err != nil {
|
2017-04-27 10:55:03 -04:00
|
|
|
c.LogAudit("fail - token=" + token)
|
2017-02-07 10:46:40 -08:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-04-27 10:55:03 -04:00
|
|
|
c.LogAudit("success - token=" + token)
|
2017-02-07 10:46:40 -08:00
|
|
|
|
|
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
email := props["email"]
|
2020-02-12 17:51:45 +04:00
|
|
|
email = strings.ToLower(email)
|
2021-01-25 11:15:17 +01:00
|
|
|
if email == "" {
|
2017-02-07 10:46:40 -08:00
|
|
|
c.SetInvalidParam("email")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("sendPasswordReset", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("email", email)
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
sent, err := c.App.SendPasswordReset(email, c.App.GetSiteURL())
|
|
|
|
|
if err != nil {
|
2018-06-04 09:48:26 -07:00
|
|
|
if *c.App.Config().ServiceSettings.ExperimentalEnableHardenedMode {
|
|
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
} else {
|
|
|
|
|
c.Err = err
|
|
|
|
|
}
|
2017-02-07 10:46:40 -08:00
|
|
|
return
|
2018-08-01 16:55:18 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if sent {
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-02-07 10:46:40 -08:00
|
|
|
c.LogAudit("sent=" + email)
|
|
|
|
|
}
|
|
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-30 08:30:02 -05:00
|
|
|
func login(c *Context, w http.ResponseWriter, r *http.Request) {
|
2019-06-12 18:35:53 +02:00
|
|
|
// Mask all sensitive errors, with the exception of the following
|
2018-06-04 09:48:26 -07:00
|
|
|
defer func() {
|
2019-06-10 23:25:25 +02:00
|
|
|
if c.Err == nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
unmaskedErrors := []string{
|
|
|
|
|
"mfa.validate_token.authenticate.app_error",
|
|
|
|
|
"api.user.check_user_mfa.bad_code.app_error",
|
|
|
|
|
"api.user.login.blank_pwd.app_error",
|
|
|
|
|
"api.user.login.bot_login_forbidden.app_error",
|
|
|
|
|
"api.user.login.client_side_cert.certificate.app_error",
|
|
|
|
|
"api.user.login.inactive.app_error",
|
|
|
|
|
"api.user.login.not_verified.app_error",
|
2019-06-12 18:35:53 +02:00
|
|
|
"api.user.check_user_login_attempts.too_many.app_error",
|
2019-06-18 07:56:18 -04:00
|
|
|
"app.team.join_user_to_team.max_accounts.app_error",
|
|
|
|
|
"store.sql_user.save.max_accounts.app_error",
|
2018-06-04 09:48:26 -07:00
|
|
|
}
|
2019-06-10 23:25:25 +02:00
|
|
|
|
|
|
|
|
maskError := true
|
|
|
|
|
|
|
|
|
|
for _, unmaskedError := range unmaskedErrors {
|
|
|
|
|
if c.Err.Id == unmaskedError {
|
|
|
|
|
maskError = false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !maskError {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
config := c.App.Config()
|
|
|
|
|
enableUsername := *config.EmailSettings.EnableSignInWithUsername
|
|
|
|
|
enableEmail := *config.EmailSettings.EnableSignInWithEmail
|
|
|
|
|
samlEnabled := *config.SamlSettings.Enable
|
2020-12-08 19:58:37 -07:00
|
|
|
gitlabEnabled := *config.GitLabSettings.Enable
|
|
|
|
|
openidEnabled := *config.OpenIdSettings.Enable
|
|
|
|
|
googleEnabled := *config.GoogleSettings.Enable
|
2020-02-14 09:55:40 -08:00
|
|
|
office365Enabled := *config.Office365Settings.Enable
|
2019-06-10 23:25:25 +02:00
|
|
|
|
2020-12-08 19:58:37 -07:00
|
|
|
if samlEnabled || gitlabEnabled || googleEnabled || office365Enabled || openidEnabled {
|
2019-06-10 23:25:25 +02:00
|
|
|
c.Err = model.NewAppError("login", "api.user.login.invalid_credentials_sso", nil, "", http.StatusUnauthorized)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if enableUsername && !enableEmail {
|
|
|
|
|
c.Err = model.NewAppError("login", "api.user.login.invalid_credentials_username", nil, "", http.StatusUnauthorized)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !enableUsername && enableEmail {
|
|
|
|
|
c.Err = model.NewAppError("login", "api.user.login.invalid_credentials_email", nil, "", http.StatusUnauthorized)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.Err = model.NewAppError("login", "api.user.login.invalid_credentials_email_username", nil, "", http.StatusUnauthorized)
|
2018-06-04 09:48:26 -07:00
|
|
|
}()
|
|
|
|
|
|
2017-01-30 08:30:02 -05:00
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
id := props["id"]
|
|
|
|
|
loginId := props["login_id"]
|
|
|
|
|
password := props["password"]
|
|
|
|
|
mfaToken := props["token"]
|
|
|
|
|
deviceId := props["device_id"]
|
|
|
|
|
ldapOnly := props["ldap_only"] == "true"
|
|
|
|
|
|
2018-06-12 10:16:39 -07:00
|
|
|
if *c.App.Config().ExperimentalSettings.ClientSideCertEnable {
|
2020-06-12 13:43:50 +02:00
|
|
|
if license := c.App.Srv().License(); license == nil || !*license.Features.SAML {
|
2018-06-19 19:40:26 +02:00
|
|
|
c.Err = model.NewAppError("ClientSideCertNotAllowed", "api.user.login.client_side_cert.license.app_error", nil, "", http.StatusBadRequest)
|
2018-06-12 10:16:39 -07:00
|
|
|
return
|
2018-12-06 16:55:06 +01:00
|
|
|
}
|
2019-01-12 07:38:34 +09:00
|
|
|
certPem, certSubject, certEmail := c.App.CheckForClientSideCert(r)
|
2018-12-06 16:55:06 +01:00
|
|
|
mlog.Debug("Client Cert", mlog.String("cert_subject", certSubject), mlog.String("cert_email", certEmail))
|
2018-06-12 10:16:39 -07:00
|
|
|
|
2021-01-25 11:15:17 +01:00
|
|
|
if certPem == "" || certEmail == "" {
|
2018-12-06 16:55:06 +01:00
|
|
|
c.Err = model.NewAppError("ClientSideCertMissing", "api.user.login.client_side_cert.certificate.app_error", nil, "", http.StatusBadRequest)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if *c.App.Config().ExperimentalSettings.ClientSideCertCheck == model.CLIENT_SIDE_CERT_CHECK_PRIMARY_AUTH {
|
|
|
|
|
loginId = certEmail
|
|
|
|
|
password = "certificate"
|
2018-06-12 10:16:39 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("login", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("login_id", loginId)
|
|
|
|
|
auditRec.AddMeta("device_id", deviceId)
|
|
|
|
|
|
2017-01-30 08:30:02 -05:00
|
|
|
c.LogAuditWithUserId(id, "attempt - login_id="+loginId)
|
2018-06-12 10:16:39 -07:00
|
|
|
|
2020-09-01 14:50:43 +02:00
|
|
|
user, err := c.App.AuthenticateUserForLogin(id, loginId, password, mfaToken, "", ldapOnly)
|
2017-01-30 08:30:02 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.LogAuditWithUserId(id, "failure - login_id="+loginId)
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user", user)
|
2017-01-30 08:30:02 -05:00
|
|
|
|
2019-07-22 22:13:39 +02:00
|
|
|
if user.IsGuest() {
|
2020-06-12 13:43:50 +02:00
|
|
|
if c.App.Srv().License() == nil {
|
2019-07-22 22:13:39 +02:00
|
|
|
c.Err = model.NewAppError("login", "api.user.login.guest_accounts.license.error", nil, "", http.StatusUnauthorized)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if !*c.App.Config().GuestAccountsSettings.Enable {
|
|
|
|
|
c.Err = model.NewAppError("login", "api.user.login.guest_accounts.disabled.error", nil, "", http.StatusUnauthorized)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-30 08:30:02 -05:00
|
|
|
c.LogAuditWithUserId(user.Id, "authenticated")
|
|
|
|
|
|
2020-06-30 10:34:05 -04:00
|
|
|
err = c.App.DoLogin(w, r, user, deviceId, false, false, false)
|
2017-01-30 08:30:02 -05:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.LogAuditWithUserId(user.Id, "success")
|
|
|
|
|
|
2019-06-11 15:09:00 -04:00
|
|
|
if r.Header.Get(model.HEADER_REQUESTED_WITH) == model.HEADER_REQUESTED_WITH_XML {
|
2019-10-31 12:50:43 +01:00
|
|
|
c.App.AttachSessionCookies(w, r)
|
2019-06-11 15:09:00 -04:00
|
|
|
}
|
|
|
|
|
|
2019-04-16 17:59:07 +01:00
|
|
|
userTermsOfService, err := c.App.GetUserTermsOfService(user.Id)
|
|
|
|
|
if err != nil && err.StatusCode != http.StatusNotFound {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if userTermsOfService != nil {
|
|
|
|
|
user.TermsOfServiceId = userTermsOfService.TermsOfServiceId
|
|
|
|
|
user.TermsOfServiceCreateAt = userTermsOfService.CreateAt
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-30 08:30:02 -05:00
|
|
|
user.Sanitize(map[string]bool{})
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-01-30 08:30:02 -05:00
|
|
|
w.Write([]byte(user.ToJson()))
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-01 14:50:43 +02:00
|
|
|
func loginCWS(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
if c.App.Srv().License() == nil || !*c.App.Srv().License().Features.Cloud {
|
|
|
|
|
c.Err = model.NewAppError("loginCWS", "api.user.login_cws.license.error", nil, "", http.StatusUnauthorized)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
r.ParseForm()
|
|
|
|
|
var loginID string
|
|
|
|
|
var token string
|
|
|
|
|
if len(r.Form) > 0 {
|
|
|
|
|
for key, value := range r.Form {
|
|
|
|
|
if key == "login_id" {
|
|
|
|
|
loginID = value[0]
|
|
|
|
|
}
|
|
|
|
|
if key == "cws_token" {
|
|
|
|
|
token = value[0]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auditRec := c.MakeAuditRecord("login", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("login_id", loginID)
|
|
|
|
|
user, err := c.App.AuthenticateUserForLogin("", loginID, "", "", token, false)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.LogAuditWithUserId("", "failure - login_id="+loginID)
|
2021-01-04 17:02:34 +03:00
|
|
|
c.LogErrorByCode(err)
|
2020-09-01 14:50:43 +02:00
|
|
|
http.Redirect(w, r, *c.App.Config().ServiceSettings.SiteURL, 302)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
auditRec.AddMeta("user", user)
|
|
|
|
|
c.LogAuditWithUserId(user.Id, "authenticated")
|
|
|
|
|
err = c.App.DoLogin(w, r, user, "", false, false, false)
|
|
|
|
|
if err != nil {
|
2021-01-04 17:02:34 +03:00
|
|
|
c.LogErrorByCode(err)
|
2020-09-01 14:50:43 +02:00
|
|
|
http.Redirect(w, r, *c.App.Config().ServiceSettings.SiteURL, 302)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
c.LogAuditWithUserId(user.Id, "success")
|
|
|
|
|
c.App.AttachSessionCookies(w, r)
|
|
|
|
|
http.Redirect(w, r, *c.App.Config().ServiceSettings.SiteURL, 302)
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-30 08:30:02 -05:00
|
|
|
func logout(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
Logout(c, w, r)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func Logout(c *Context, w http.ResponseWriter, r *http.Request) {
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("Logout", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
2017-01-30 08:30:02 -05:00
|
|
|
c.LogAudit("")
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-01-30 08:30:02 -05:00
|
|
|
c.RemoveSessionCookie(w, r)
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.App.Session().Id != "" {
|
|
|
|
|
if err := c.App.RevokeSessionById(c.App.Session().Id); err != nil {
|
2017-01-30 08:30:02 -05:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-01-30 08:30:02 -05:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
2017-02-17 10:31:01 -05:00
|
|
|
|
|
|
|
|
func getSessions(c *Context, w http.ResponseWriter, r *http.Request) {
|
2017-02-21 21:07:57 +09:00
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
2017-02-21 21:07:57 +09:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
sessions, err := c.App.GetSessions(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
2017-02-21 21:07:57 +09:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
2018-08-01 16:55:18 +02:00
|
|
|
}
|
2017-02-21 21:07:57 +09:00
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
for _, session := range sessions {
|
|
|
|
|
session.Sanitize()
|
2017-02-21 21:07:57 +09:00
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
|
|
|
|
w.Write([]byte(model.SessionsToJson(sessions)))
|
2017-02-17 10:31:01 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) {
|
2017-02-21 21:07:57 +09:00
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("revokeSession", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
2017-02-21 21:07:57 +09:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
sessionId := props["session_id"]
|
|
|
|
|
if sessionId == "" {
|
|
|
|
|
c.SetInvalidParam("session_id")
|
2017-08-10 04:36:59 +08:00
|
|
|
return
|
2017-02-21 21:07:57 +09:00
|
|
|
}
|
|
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
session, err := c.App.GetSessionById(sessionId)
|
|
|
|
|
if err != nil {
|
2017-10-04 11:04:17 -04:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("session", session)
|
2017-10-04 11:04:17 -04:00
|
|
|
|
|
|
|
|
if session.UserId != c.Params.UserId {
|
|
|
|
|
c.SetInvalidUrlParam("user_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := c.App.RevokeSession(session); err != nil {
|
2017-02-21 21:07:57 +09:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
|
|
|
|
c.LogAudit("")
|
|
|
|
|
|
2017-02-21 21:07:57 +09:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-16 23:50:31 -04:00
|
|
|
func revokeAllSessionsForUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("revokeAllSessionsForUser", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user_id", c.Params.UserId)
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
2017-10-16 23:50:31 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := c.App.RevokeAllSessions(c.Params.UserId); err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
|
|
|
|
c.LogAudit("")
|
|
|
|
|
|
2017-10-16 23:50:31 -04:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-01 23:28:46 +02:00
|
|
|
func revokeAllSessionsAllUsers(c *Context, w http.ResponseWriter, r *http.Request) {
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
2019-07-01 23:28:46 +02:00
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("revokeAllSessionsAllUsers", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2019-07-01 23:28:46 +02:00
|
|
|
if err := c.App.RevokeSessionsFromAllUsers(); err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
|
|
|
|
c.LogAudit("")
|
|
|
|
|
|
2019-07-01 23:28:46 +02:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-27 09:17:34 -04:00
|
|
|
func attachDeviceId(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
deviceId := props["device_id"]
|
2021-01-25 11:15:17 +01:00
|
|
|
if deviceId == "" {
|
2017-03-27 09:17:34 -04:00
|
|
|
c.SetInvalidParam("device_id")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("attachDeviceId", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("device_id", deviceId)
|
|
|
|
|
|
2017-03-27 09:17:34 -04:00
|
|
|
// A special case where we logout of all other sessions with the same device id
|
2020-02-13 13:26:58 +01:00
|
|
|
if err := c.App.RevokeSessionsForDeviceId(c.App.Session().UserId, deviceId, c.App.Session().Id); err != nil {
|
2017-03-27 09:17:34 -04:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
c.App.ClearSessionCacheForUser(c.App.Session().UserId)
|
2020-08-04 16:10:37 -04:00
|
|
|
c.App.SetSessionExpireInDays(c.App.Session(), *c.App.Config().ServiceSettings.SessionLengthMobileInDays)
|
2017-03-27 09:17:34 -04:00
|
|
|
|
2017-10-18 15:36:43 -07:00
|
|
|
maxAge := *c.App.Config().ServiceSettings.SessionLengthMobileInDays * 60 * 60 * 24
|
2017-03-27 09:17:34 -04:00
|
|
|
|
|
|
|
|
secure := false
|
|
|
|
|
if app.GetProtocol(r) == "https" {
|
|
|
|
|
secure = true
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-03 13:52:32 -07:00
|
|
|
subpath, _ := utils.GetSubpathFromConfig(c.App.Config())
|
|
|
|
|
|
2017-03-27 09:17:34 -04:00
|
|
|
expiresAt := time.Unix(model.GetMillis()/1000+int64(maxAge), 0)
|
|
|
|
|
sessionCookie := &http.Cookie{
|
|
|
|
|
Name: model.SESSION_COOKIE_TOKEN,
|
2020-02-13 13:26:58 +01:00
|
|
|
Value: c.App.Session().Token,
|
2019-05-03 13:52:32 -07:00
|
|
|
Path: subpath,
|
2017-03-27 09:17:34 -04:00
|
|
|
MaxAge: maxAge,
|
|
|
|
|
Expires: expiresAt,
|
|
|
|
|
HttpOnly: true,
|
2018-02-20 12:49:45 -08:00
|
|
|
Domain: c.App.GetCookieDomain(),
|
2017-03-27 09:17:34 -04:00
|
|
|
Secure: secure,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
http.SetCookie(w, sessionCookie)
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if err := c.App.AttachDeviceId(c.App.Session().Id, deviceId, c.App.Session().ExpiresAt); err != nil {
|
2017-03-27 09:17:34 -04:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-03-27 09:17:34 -04:00
|
|
|
c.LogAudit("")
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-03-27 09:17:34 -04:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-21 09:06:08 -04:00
|
|
|
func getUserAudits(c *Context, w http.ResponseWriter, r *http.Request) {
|
2017-02-21 21:07:57 +09:00
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec := c.MakeAuditRecord("getUserAudits", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
|
|
|
|
if user, err := c.App.GetUser(c.Params.UserId); err == nil {
|
|
|
|
|
auditRec.AddMeta("user", user)
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
2017-02-21 21:07:57 +09:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
audits, err := c.App.GetAuditsPage(c.Params.UserId, c.Params.Page, c.Params.PerPage)
|
|
|
|
|
if err != nil {
|
2017-02-21 21:07:57 +09:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.Success()
|
|
|
|
|
auditRec.AddMeta("page", c.Params.Page)
|
|
|
|
|
auditRec.AddMeta("audits_per_page", c.Params.LogsPerPage)
|
|
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
w.Write([]byte(audits.ToJson()))
|
2017-02-21 21:07:57 +09:00
|
|
|
}
|
2017-02-24 14:27:47 +01:00
|
|
|
|
2017-03-24 16:42:05 -04:00
|
|
|
func verifyUserEmail(c *Context, w http.ResponseWriter, r *http.Request) {
|
2017-02-24 14:27:47 +01:00
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
2017-04-27 10:55:03 -04:00
|
|
|
token := props["token"]
|
|
|
|
|
if len(token) != model.TOKEN_SIZE {
|
|
|
|
|
c.SetInvalidParam("token")
|
2017-02-24 14:27:47 +01:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("verifyUserEmail", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
if err := c.App.VerifyEmailFromToken(token); err != nil {
|
2017-08-31 15:03:16 +01:00
|
|
|
c.Err = model.NewAppError("verifyUserEmail", "api.user.verify_email.bad_link.app_error", nil, err.Error(), http.StatusBadRequest)
|
2017-04-27 10:55:03 -04:00
|
|
|
return
|
2017-02-24 14:27:47 +01:00
|
|
|
}
|
2018-08-01 16:55:18 +02:00
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2018-08-01 16:55:18 +02:00
|
|
|
c.LogAudit("Email Verified")
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2018-08-01 16:55:18 +02:00
|
|
|
ReturnStatusOK(w)
|
2017-02-24 14:27:47 +01:00
|
|
|
}
|
2017-03-24 16:42:05 -04:00
|
|
|
|
|
|
|
|
func sendVerificationEmail(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
|
|
|
|
email := props["email"]
|
2020-02-12 17:51:45 +04:00
|
|
|
email = strings.ToLower(email)
|
2021-01-25 11:15:17 +01:00
|
|
|
if email == "" {
|
2017-03-24 16:42:05 -04:00
|
|
|
c.SetInvalidParam("email")
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-07-21 17:09:49 +03:00
|
|
|
redirect := r.URL.Query().Get("r")
|
2017-03-24 16:42:05 -04:00
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("sendVerificationEmail", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("email", email)
|
|
|
|
|
|
2018-05-10 09:46:09 -07:00
|
|
|
user, err := c.App.GetUserForLogin("", email)
|
2017-03-24 16:42:05 -04:00
|
|
|
if err != nil {
|
|
|
|
|
// Don't want to leak whether the email is valid or not
|
|
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user", user)
|
2017-03-24 16:42:05 -04:00
|
|
|
|
2020-07-21 17:09:49 +03:00
|
|
|
if err = c.App.SendEmailVerification(user, user.Email, redirect); err != nil {
|
2017-04-27 10:55:03 -04:00
|
|
|
// Don't want to leak whether the email is valid or not
|
2021-01-04 17:02:34 +03:00
|
|
|
c.LogErrorByCode(err)
|
2017-04-27 10:55:03 -04:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
return
|
2017-03-24 16:42:05 -04:00
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-03-24 16:42:05 -04:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
2017-04-10 08:19:49 -04:00
|
|
|
|
|
|
|
|
func switchAccountType(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
switchRequest := model.SwitchRequestFromJson(r.Body)
|
|
|
|
|
if switchRequest == nil {
|
|
|
|
|
c.SetInvalidParam("switch_request")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("switchAccountType", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("email", switchRequest.Email)
|
|
|
|
|
auditRec.AddMeta("new_service", switchRequest.NewService)
|
|
|
|
|
auditRec.AddMeta("old_service", switchRequest.CurrentService)
|
|
|
|
|
|
2017-04-10 08:19:49 -04:00
|
|
|
link := ""
|
|
|
|
|
var err *model.AppError
|
|
|
|
|
|
|
|
|
|
if switchRequest.EmailToOAuth() {
|
2017-09-06 17:12:54 -05:00
|
|
|
link, err = c.App.SwitchEmailToOAuth(w, r, switchRequest.Email, switchRequest.Password, switchRequest.MfaCode, switchRequest.NewService)
|
2017-04-10 08:19:49 -04:00
|
|
|
} else if switchRequest.OAuthToEmail() {
|
|
|
|
|
c.SessionRequired()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
link, err = c.App.SwitchOAuthToEmail(switchRequest.Email, switchRequest.NewPassword, c.App.Session().UserId)
|
2017-04-10 08:19:49 -04:00
|
|
|
} else if switchRequest.EmailToLdap() {
|
2018-05-10 09:46:09 -07:00
|
|
|
link, err = c.App.SwitchEmailToLdap(switchRequest.Email, switchRequest.Password, switchRequest.MfaCode, switchRequest.LdapLoginId, switchRequest.NewPassword)
|
2017-04-10 08:19:49 -04:00
|
|
|
} else if switchRequest.LdapToEmail() {
|
2017-09-06 17:12:54 -05:00
|
|
|
link, err = c.App.SwitchLdapToEmail(switchRequest.Password, switchRequest.MfaCode, switchRequest.Email, switchRequest.NewPassword)
|
2017-04-10 08:19:49 -04:00
|
|
|
} else {
|
|
|
|
|
c.SetInvalidParam("switch_request")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-04-10 08:19:49 -04:00
|
|
|
c.LogAudit("success")
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-04-10 08:19:49 -04:00
|
|
|
w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
|
|
|
|
|
}
|
2017-07-31 12:59:32 -04:00
|
|
|
|
|
|
|
|
func createUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("createUserAccessToken", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
2020-04-08 00:52:30 -04:00
|
|
|
|
|
|
|
|
if user, err := c.App.GetUser(c.Params.UserId); err == nil {
|
|
|
|
|
auditRec.AddMeta("user", user)
|
|
|
|
|
}
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if c.App.Session().IsOAuth {
|
2017-10-04 11:04:56 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_CREATE_USER_ACCESS_TOKEN)
|
|
|
|
|
c.Err.DetailedError += ", attempted access by oauth app"
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-31 12:59:32 -04:00
|
|
|
accessToken := model.UserAccessTokenFromJson(r.Body)
|
|
|
|
|
if accessToken == nil {
|
|
|
|
|
c.SetInvalidParam("user_access_token")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if accessToken.Description == "" {
|
|
|
|
|
c.SetInvalidParam("description")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c.LogAudit("")
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_CREATE_USER_ACCESS_TOKEN) {
|
2017-07-31 12:59:32 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_CREATE_USER_ACCESS_TOKEN)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUserOrBot(*c.App.Session(), c.Params.UserId) {
|
2017-07-31 12:59:32 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
accessToken.UserId = c.Params.UserId
|
|
|
|
|
accessToken.Token = ""
|
|
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
accessToken, err := c.App.CreateUserAccessToken(accessToken)
|
2017-07-31 12:59:32 -04:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
|
|
|
|
auditRec.AddMeta("token_id", accessToken.Id)
|
2017-07-31 12:59:32 -04:00
|
|
|
c.LogAudit("success - token_id=" + accessToken.Id)
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-07-31 12:59:32 -04:00
|
|
|
w.Write([]byte(accessToken.ToJson()))
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-11 16:30:55 -05:00
|
|
|
func searchUserAccessTokens(c *Context, w http.ResponseWriter, r *http.Request) {
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
2018-01-11 16:30:55 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
props := model.UserAccessTokenSearchFromJson(r.Body)
|
|
|
|
|
if props == nil {
|
|
|
|
|
c.SetInvalidParam("user_access_token_search")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-25 11:15:17 +01:00
|
|
|
if props.Term == "" {
|
2018-01-11 16:30:55 -05:00
|
|
|
c.SetInvalidParam("term")
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-12-06 16:55:06 +01:00
|
|
|
|
2018-01-11 16:30:55 -05:00
|
|
|
accessTokens, err := c.App.SearchUserAccessTokens(props.Term)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(model.UserAccessTokenListToJson(accessTokens)))
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-31 12:59:32 -04:00
|
|
|
func getUserAccessTokens(c *Context, w http.ResponseWriter, r *http.Request) {
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
2018-01-05 14:46:48 -05:00
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
accessTokens, err := c.App.GetUserAccessTokens(c.Params.Page, c.Params.PerPage)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(model.UserAccessTokenListToJson(accessTokens)))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getUserAccessTokensForUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
2017-07-31 12:59:32 -04:00
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_READ_USER_ACCESS_TOKEN) {
|
2017-07-31 12:59:32 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_READ_USER_ACCESS_TOKEN)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUserOrBot(*c.App.Session(), c.Params.UserId) {
|
2017-07-31 12:59:32 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
accessTokens, err := c.App.GetUserAccessTokensForUser(c.Params.UserId, c.Params.Page, c.Params.PerPage)
|
2017-07-31 12:59:32 -04:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(model.UserAccessTokenListToJson(accessTokens)))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func getUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireTokenId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_READ_USER_ACCESS_TOKEN) {
|
2017-07-31 12:59:32 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_READ_USER_ACCESS_TOKEN)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
accessToken, err := c.App.GetUserAccessToken(c.Params.TokenId, true)
|
2017-07-31 12:59:32 -04:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUserOrBot(*c.App.Session(), accessToken.UserId) {
|
2017-07-31 12:59:32 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(accessToken.ToJson()))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func revokeUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
tokenId := props["token_id"]
|
2017-07-31 12:59:32 -04:00
|
|
|
if tokenId == "" {
|
|
|
|
|
c.SetInvalidParam("token_id")
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("revokeUserAccessToken", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("token_id", tokenId)
|
2017-07-31 12:59:32 -04:00
|
|
|
c.LogAudit("")
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) {
|
2017-07-31 12:59:32 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-06 17:12:54 -05:00
|
|
|
accessToken, err := c.App.GetUserAccessToken(tokenId, false)
|
2017-07-31 12:59:32 -04:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
|
|
|
|
|
if user, errGet := c.App.GetUser(accessToken.UserId); errGet == nil {
|
|
|
|
|
auditRec.AddMeta("user", user)
|
|
|
|
|
}
|
2017-07-31 12:59:32 -04:00
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUserOrBot(*c.App.Session(), accessToken.UserId) {
|
2017-07-31 12:59:32 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
if err = c.App.RevokeUserAccessToken(accessToken); err != nil {
|
2017-07-31 12:59:32 -04:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-07-31 12:59:32 -04:00
|
|
|
c.LogAudit("success - token_id=" + accessToken.Id)
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-07-31 12:59:32 -04:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
2017-10-19 08:10:29 -04:00
|
|
|
|
|
|
|
|
func disableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
tokenId := props["token_id"]
|
|
|
|
|
|
|
|
|
|
if tokenId == "" {
|
|
|
|
|
c.SetInvalidParam("token_id")
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("disableUserAccessToken", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("token_id", tokenId)
|
2017-10-19 08:10:29 -04:00
|
|
|
c.LogAudit("")
|
|
|
|
|
|
|
|
|
|
// No separate permission for this action for now
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_REVOKE_USER_ACCESS_TOKEN) {
|
2017-10-19 08:10:29 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
accessToken, err := c.App.GetUserAccessToken(tokenId, false)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
|
|
|
|
|
if user, errGet := c.App.GetUser(accessToken.UserId); errGet == nil {
|
|
|
|
|
auditRec.AddMeta("user", user)
|
|
|
|
|
}
|
2017-10-19 08:10:29 -04:00
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUserOrBot(*c.App.Session(), accessToken.UserId) {
|
2017-10-19 08:10:29 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
if err = c.App.DisableUserAccessToken(accessToken); err != nil {
|
2017-10-19 08:10:29 -04:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-10-19 08:10:29 -04:00
|
|
|
c.LogAudit("success - token_id=" + accessToken.Id)
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-10-19 08:10:29 -04:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func enableUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.MapFromJson(r.Body)
|
|
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
tokenId := props["token_id"]
|
2017-10-19 08:10:29 -04:00
|
|
|
if tokenId == "" {
|
|
|
|
|
c.SetInvalidParam("token_id")
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("enableUserAccessToken", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("token_id", tokenId)
|
2017-10-19 08:10:29 -04:00
|
|
|
c.LogAudit("")
|
|
|
|
|
|
|
|
|
|
// No separate permission for this action for now
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_CREATE_USER_ACCESS_TOKEN) {
|
2017-10-19 08:10:29 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_CREATE_USER_ACCESS_TOKEN)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
accessToken, err := c.App.GetUserAccessToken(tokenId, false)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
|
|
|
|
|
if user, errGet := c.App.GetUser(accessToken.UserId); errGet == nil {
|
|
|
|
|
auditRec.AddMeta("user", user)
|
|
|
|
|
}
|
2017-10-19 08:10:29 -04:00
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionToUserOrBot(*c.App.Session(), accessToken.UserId) {
|
2017-10-19 08:10:29 -04:00
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-06 16:55:06 +01:00
|
|
|
if err = c.App.EnableUserAccessToken(accessToken); err != nil {
|
2017-10-19 08:10:29 -04:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2017-10-19 08:10:29 -04:00
|
|
|
c.LogAudit("success - token_id=" + accessToken.Id)
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2017-10-19 08:10:29 -04:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
2018-09-26 20:49:22 +00:00
|
|
|
|
2018-11-09 02:18:14 +05:30
|
|
|
func saveUserTermsOfService(c *Context, w http.ResponseWriter, r *http.Request) {
|
2018-09-26 20:49:22 +00:00
|
|
|
props := model.StringInterfaceFromJson(r.Body)
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
userId := c.App.Session().UserId
|
2020-10-21 17:08:33 +02:00
|
|
|
termsOfServiceId, ok := props["termsOfServiceId"].(string)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.SetInvalidParam("termsOfServiceId")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
accepted, ok := props["accepted"].(bool)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.SetInvalidParam("accepted")
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-09-26 20:49:22 +00:00
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("saveUserTermsOfService", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("terms_id", termsOfServiceId)
|
|
|
|
|
auditRec.AddMeta("accepted", accepted)
|
|
|
|
|
|
2020-04-08 00:52:30 -04:00
|
|
|
if user, err := c.App.GetUser(userId); err == nil {
|
|
|
|
|
auditRec.AddMeta("user", user)
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-10 00:55:47 +00:00
|
|
|
if _, err := c.App.GetTermsOfService(termsOfServiceId); err != nil {
|
2018-09-26 20:49:22 +00:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-09 02:18:14 +05:30
|
|
|
if err := c.App.SaveUserTermsOfService(userId, termsOfServiceId, accepted); err != nil {
|
2018-09-26 20:49:22 +00:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2018-10-10 00:55:47 +00:00
|
|
|
c.LogAudit("TermsOfServiceId=" + termsOfServiceId + ", accepted=" + strconv.FormatBool(accepted))
|
2020-03-12 15:50:21 -04:00
|
|
|
|
2018-09-26 20:49:22 +00:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
2018-11-09 02:18:14 +05:30
|
|
|
|
|
|
|
|
func getUserTermsOfService(c *Context, w http.ResponseWriter, r *http.Request) {
|
2020-02-13 13:26:58 +01:00
|
|
|
userId := c.App.Session().UserId
|
2018-12-06 16:55:06 +01:00
|
|
|
result, err := c.App.GetUserTermsOfService(userId)
|
|
|
|
|
if err != nil {
|
2018-11-09 02:18:14 +05:30
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2018-12-06 16:55:06 +01:00
|
|
|
w.Write([]byte(result.ToJson()))
|
2018-11-09 02:18:14 +05:30
|
|
|
}
|
2019-07-22 22:13:39 +02:00
|
|
|
|
|
|
|
|
func promoteGuestToUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("promoteGuestToUser", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_PROMOTE_GUEST) {
|
2019-07-22 22:13:39 +02:00
|
|
|
c.SetPermissionError(model.PERMISSION_PROMOTE_GUEST)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user, err := c.App.GetUser(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user", user)
|
2019-07-22 22:13:39 +02:00
|
|
|
|
|
|
|
|
if !user.IsGuest() {
|
|
|
|
|
c.Err = model.NewAppError("Api4.promoteGuestToUser", "api.user.promote_guest_to_user.no_guest.app_error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if err := c.App.PromoteGuestToUser(user, c.App.Session().UserId); err != nil {
|
2019-07-22 22:13:39 +02:00
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2019-07-22 22:13:39 +02:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func demoteUserToGuest(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-12 13:43:50 +02:00
|
|
|
if c.App.Srv().License() == nil {
|
2019-07-22 22:13:39 +02:00
|
|
|
c.Err = model.NewAppError("Api4.demoteUserToGuest", "api.team.demote_user_to_guest.license.error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !*c.App.Config().GuestAccountsSettings.Enable {
|
|
|
|
|
c.Err = model.NewAppError("Api4.demoteUserToGuest", "api.team.demote_user_to_guest.disabled.error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec := c.MakeAuditRecord("demoteUserToGuest", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
|
2020-02-13 13:26:58 +01:00
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_DEMOTE_TO_GUEST) {
|
2019-07-22 22:13:39 +02:00
|
|
|
c.SetPermissionError(model.PERMISSION_DEMOTE_TO_GUEST)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user, err := c.App.GetUser(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
2020-10-07 19:41:46 -04:00
|
|
|
|
|
|
|
|
if user.IsSystemAdmin() && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-08 00:52:30 -04:00
|
|
|
auditRec.AddMeta("user", user)
|
2019-07-22 22:13:39 +02:00
|
|
|
|
|
|
|
|
if user.IsGuest() {
|
|
|
|
|
c.Err = model.NewAppError("Api4.demoteUserToGuest", "api.user.demote_user_to_guest.already_guest.app_error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := c.App.DemoteUserToGuest(user); err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-12 15:50:21 -04:00
|
|
|
auditRec.Success()
|
2019-07-22 22:13:39 +02:00
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
2020-06-16 16:41:05 +07:00
|
|
|
|
|
|
|
|
func publishUserTyping(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
typingRequest := model.TypingRequestFromJson(r.Body)
|
|
|
|
|
if typingRequest == nil {
|
|
|
|
|
c.SetInvalidParam("typing_request")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if c.Params.UserId != c.App.Session().UserId && !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !c.App.HasPermissionToChannel(c.Params.UserId, typingRequest.ChannelId, model.PERMISSION_CREATE_POST) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_CREATE_POST)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := c.App.PublishUserTyping(c.Params.UserId, typingRequest.ChannelId, typingRequest.ParentId); err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
2020-06-26 16:08:01 +03:00
|
|
|
|
|
|
|
|
func verifyUserEmailWithoutToken(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user, err := c.App.GetUser(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auditRec := c.MakeAuditRecord("verifyUserEmailWithoutToken", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("user_id", user.Id)
|
|
|
|
|
|
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := c.App.VerifyUserEmail(user.Id, user.Email); err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auditRec.Success()
|
|
|
|
|
c.LogAudit("user verified")
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(user.ToJson()))
|
|
|
|
|
}
|
2020-07-17 10:00:43 +03:00
|
|
|
|
|
|
|
|
func convertUserToBot(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user, err := c.App.GetUser(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auditRec := c.MakeAuditRecord("convertUserToBot", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("user", user)
|
|
|
|
|
|
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bot, err := c.App.ConvertUserToBot(user)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auditRec.Success()
|
|
|
|
|
auditRec.AddMeta("convertedTo", bot)
|
|
|
|
|
|
|
|
|
|
w.Write(bot.ToJson())
|
|
|
|
|
}
|
2020-08-31 14:56:36 +03:00
|
|
|
|
2020-09-15 21:28:25 +02:00
|
|
|
func getUploadsForUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if c.Params.UserId != c.App.Session().UserId {
|
|
|
|
|
c.Err = model.NewAppError("getUploadsForUser", "api.user.get_uploads_for_user.forbidden.app_error", nil, "", http.StatusForbidden)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uss, err := c.App.GetUploadSessionsForUser(c.Params.UserId)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(model.UploadSessionsToJson(uss)))
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-31 14:56:36 +03:00
|
|
|
func migrateAuthToLDAP(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.StringInterfaceFromJson(r.Body)
|
|
|
|
|
from, ok := props["from"].(string)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.SetInvalidParam("from")
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-01-25 11:15:17 +01:00
|
|
|
if from == "" || (from != "email" && from != "gitlab" && from != "saml" && from != "google" && from != "office365") {
|
2020-08-31 14:56:36 +03:00
|
|
|
c.SetInvalidParam("from")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
force, ok := props["force"].(bool)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.SetInvalidParam("force")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
matchField, ok := props["match_field"].(string)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.SetInvalidParam("match_field")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auditRec := c.MakeAuditRecord("migrateAuthToLdap", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("from", from)
|
|
|
|
|
auditRec.AddMeta("match_field", matchField)
|
|
|
|
|
auditRec.AddMeta("force", force)
|
|
|
|
|
|
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-01 12:25:00 +03:00
|
|
|
if c.App.Srv().License() == nil || !*c.App.Srv().License().Features.LDAP {
|
|
|
|
|
c.Err = model.NewAppError("api.migrateAuthToLDAP", "api.admin.ldap.not_available.app_error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Email auth in Mattermost system is represented by ""
|
|
|
|
|
if from == "email" {
|
|
|
|
|
from = ""
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-31 14:56:36 +03:00
|
|
|
if migrate := c.App.AccountMigration(); migrate != nil {
|
|
|
|
|
if err := migrate.MigrateToLdap(from, matchField, force, false); err != nil {
|
|
|
|
|
c.Err = model.NewAppError("api.migrateAuthToLdap", "api.migrate_to_saml.error", nil, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
c.Err = model.NewAppError("api.migrateAuthToLdap", "api.admin.ldap.not_available.app_error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auditRec.Success()
|
|
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func migrateAuthToSaml(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
props := model.StringInterfaceFromJson(r.Body)
|
|
|
|
|
from, ok := props["from"].(string)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.SetInvalidParam("from")
|
|
|
|
|
return
|
|
|
|
|
}
|
2021-01-25 11:15:17 +01:00
|
|
|
if from == "" || (from != "email" && from != "gitlab" && from != "ldap" && from != "google" && from != "office365") {
|
2020-08-31 14:56:36 +03:00
|
|
|
c.SetInvalidParam("from")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auto, ok := props["auto"].(bool)
|
|
|
|
|
if !ok {
|
|
|
|
|
c.SetInvalidParam("auto")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
matches, ok := props["matches"].(map[string]interface{})
|
|
|
|
|
if !ok {
|
|
|
|
|
c.SetInvalidParam("matches")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
usersMap := model.MapFromJson(strings.NewReader(model.StringInterfaceToJson(matches)))
|
|
|
|
|
|
|
|
|
|
auditRec := c.MakeAuditRecord("migrateAuthToSaml", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("from", from)
|
|
|
|
|
auditRec.AddMeta("matches", matches)
|
|
|
|
|
auditRec.AddMeta("auto", auto)
|
|
|
|
|
|
|
|
|
|
if !c.App.SessionHasPermissionTo(*c.App.Session(), model.PERMISSION_MANAGE_SYSTEM) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-01 12:25:00 +03:00
|
|
|
if c.App.Srv().License() == nil || !*c.App.Srv().License().Features.SAML {
|
|
|
|
|
c.Err = model.NewAppError("api.migrateAuthToSaml", "api.admin.saml.not_available.app_error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Email auth in Mattermost system is represented by ""
|
|
|
|
|
if from == "email" {
|
|
|
|
|
from = ""
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-31 14:56:36 +03:00
|
|
|
if migrate := c.App.AccountMigration(); migrate != nil {
|
|
|
|
|
if err := migrate.MigrateToSaml(from, usersMap, auto, false); err != nil {
|
|
|
|
|
c.Err = model.NewAppError("api.migrateAuthToSaml", "api.migrate_to_saml.error", nil, err.Error(), http.StatusInternalServerError)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
c.Err = model.NewAppError("api.migrateAuthToSaml", "api.admin.saml.not_available.app_error", nil, "", http.StatusNotImplemented)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auditRec.Success()
|
|
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
}
|
2020-11-08 10:36:46 +02:00
|
|
|
|
2021-01-28 18:07:39 +02:00
|
|
|
func getThreadForUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
c.RequireUserId().RequireTeamId().RequireThreadId()
|
|
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
extendedStr := r.URL.Query().Get("extended")
|
|
|
|
|
|
|
|
|
|
extended, _ := strconv.ParseBool(extendedStr)
|
|
|
|
|
threads, err := c.App.GetThreadForUser(c.Params.UserId, c.Params.TeamId, c.Params.ThreadId, extended)
|
|
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(threads.ToJson()))
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-08 10:36:46 +02:00
|
|
|
func getThreadsForUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
2020-12-06 10:02:53 +02:00
|
|
|
c.RequireUserId().RequireTeamId()
|
2020-11-08 10:36:46 +02:00
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
options := model.GetUserThreadsOpts{
|
|
|
|
|
Since: 0,
|
2021-01-31 12:28:14 +02:00
|
|
|
Before: "",
|
|
|
|
|
After: "",
|
2020-11-08 10:36:46 +02:00
|
|
|
PageSize: 30,
|
2021-01-31 11:54:35 +02:00
|
|
|
Unread: false,
|
2020-11-08 10:36:46 +02:00
|
|
|
Extended: false,
|
|
|
|
|
Deleted: false,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sinceString := r.URL.Query().Get("since")
|
2021-01-25 11:15:17 +01:00
|
|
|
if sinceString != "" {
|
2020-11-08 10:36:46 +02:00
|
|
|
since, parseError := strconv.ParseUint(sinceString, 10, 64)
|
|
|
|
|
if parseError != nil {
|
|
|
|
|
c.SetInvalidParam("since")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
options.Since = since
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-31 12:28:14 +02:00
|
|
|
options.Before = r.URL.Query().Get("before")
|
|
|
|
|
options.After = r.URL.Query().Get("after")
|
|
|
|
|
// parameters are mutually exclusive
|
|
|
|
|
if options.Before != "" && options.After != "" {
|
|
|
|
|
c.Err = model.NewAppError("api.getThreadsForUser", "api.getThreadsForUser.bad_params", nil, "", http.StatusBadRequest)
|
|
|
|
|
return
|
2020-11-08 10:36:46 +02:00
|
|
|
}
|
|
|
|
|
pageSizeString := r.URL.Query().Get("pageSize")
|
2021-01-31 12:28:14 +02:00
|
|
|
if pageSizeString != "" {
|
2020-11-08 10:36:46 +02:00
|
|
|
pageSize, parseError := strconv.ParseUint(pageSizeString, 10, 64)
|
|
|
|
|
if parseError != nil {
|
|
|
|
|
c.SetInvalidParam("pageSize")
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
options.PageSize = pageSize
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
deletedStr := r.URL.Query().Get("deleted")
|
2021-01-31 11:54:35 +02:00
|
|
|
unreadStr := r.URL.Query().Get("unread")
|
2020-11-08 10:36:46 +02:00
|
|
|
extendedStr := r.URL.Query().Get("extended")
|
|
|
|
|
|
|
|
|
|
options.Deleted, _ = strconv.ParseBool(deletedStr)
|
2021-01-31 11:54:35 +02:00
|
|
|
options.Unread, _ = strconv.ParseBool(unreadStr)
|
2020-11-08 10:36:46 +02:00
|
|
|
options.Extended, _ = strconv.ParseBool(extendedStr)
|
|
|
|
|
|
2020-12-06 10:02:53 +02:00
|
|
|
threads, err := c.App.GetThreadsForUser(c.Params.UserId, c.Params.TeamId, options)
|
2020-11-08 10:36:46 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.Write([]byte(threads.ToJson()))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func updateReadStateThreadByUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
2020-12-06 10:02:53 +02:00
|
|
|
c.RequireUserId().RequireThreadId().RequireTimestamp().RequireTeamId()
|
2020-11-08 10:36:46 +02:00
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auditRec := c.MakeAuditRecord("updateReadStateThreadByUser", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("user_id", c.Params.UserId)
|
|
|
|
|
auditRec.AddMeta("thread_id", c.Params.ThreadId)
|
2020-12-06 10:02:53 +02:00
|
|
|
auditRec.AddMeta("team_id", c.Params.TeamId)
|
2020-11-08 10:36:46 +02:00
|
|
|
auditRec.AddMeta("timestamp", c.Params.Timestamp)
|
|
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-02 16:49:00 +02:00
|
|
|
thread, err := c.App.UpdateThreadReadForUser(c.Params.UserId, c.Params.TeamId, c.Params.ThreadId, c.Params.Timestamp)
|
2020-11-08 10:36:46 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-02 16:49:00 +02:00
|
|
|
w.Write([]byte(thread.ToJson()))
|
2020-11-08 10:36:46 +02:00
|
|
|
|
|
|
|
|
auditRec.Success()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func unfollowThreadByUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
2020-12-06 10:02:53 +02:00
|
|
|
c.RequireUserId().RequireThreadId().RequireTeamId()
|
2020-11-08 10:36:46 +02:00
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auditRec := c.MakeAuditRecord("unfollowThreadByUser", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("user_id", c.Params.UserId)
|
|
|
|
|
auditRec.AddMeta("thread_id", c.Params.ThreadId)
|
2020-12-06 10:02:53 +02:00
|
|
|
auditRec.AddMeta("team_id", c.Params.TeamId)
|
2020-11-08 10:36:46 +02:00
|
|
|
|
|
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-02 16:49:00 +02:00
|
|
|
err := c.App.UpdateThreadFollowForUser(c.Params.UserId, c.Params.TeamId, c.Params.ThreadId, false)
|
2020-11-08 10:36:46 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
|
|
|
|
|
auditRec.Success()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func followThreadByUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
2020-12-06 10:02:53 +02:00
|
|
|
c.RequireUserId().RequireThreadId().RequireTeamId()
|
2020-11-08 10:36:46 +02:00
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auditRec := c.MakeAuditRecord("followThreadByUser", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("user_id", c.Params.UserId)
|
|
|
|
|
auditRec.AddMeta("thread_id", c.Params.ThreadId)
|
2020-12-06 10:02:53 +02:00
|
|
|
auditRec.AddMeta("team_id", c.Params.TeamId)
|
2020-11-08 10:36:46 +02:00
|
|
|
|
|
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-02 16:49:00 +02:00
|
|
|
err := c.App.UpdateThreadFollowForUser(c.Params.UserId, c.Params.TeamId, c.Params.ThreadId, true)
|
2020-11-08 10:36:46 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
auditRec.Success()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func updateReadStateAllThreadsByUser(c *Context, w http.ResponseWriter, r *http.Request) {
|
2020-12-06 10:02:53 +02:00
|
|
|
c.RequireUserId().RequireTeamId()
|
2020-11-08 10:36:46 +02:00
|
|
|
if c.Err != nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auditRec := c.MakeAuditRecord("updateReadStateAllThreadsByUser", audit.Fail)
|
|
|
|
|
defer c.LogAuditRec(auditRec)
|
|
|
|
|
auditRec.AddMeta("user_id", c.Params.UserId)
|
2020-12-06 10:02:53 +02:00
|
|
|
auditRec.AddMeta("team_id", c.Params.TeamId)
|
2020-11-08 10:36:46 +02:00
|
|
|
|
|
|
|
|
if !c.App.SessionHasPermissionToUser(*c.App.Session(), c.Params.UserId) {
|
|
|
|
|
c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-06 10:02:53 +02:00
|
|
|
err := c.App.UpdateThreadsReadForUser(c.Params.UserId, c.Params.TeamId)
|
2020-11-08 10:36:46 +02:00
|
|
|
if err != nil {
|
|
|
|
|
c.Err = err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ReturnStatusOK(w)
|
|
|
|
|
auditRec.Success()
|
|
|
|
|
}
|
