2015-10-08 12:27:09 -04:00
// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
2015-06-14 23:53:32 -08:00
// See License.txt for license information.
package api
import (
"bytes"
l4g "code.google.com/p/log4go"
2015-08-14 08:43:49 -04:00
b64 "encoding/base64"
2015-06-14 23:53:32 -08:00
"fmt"
2015-09-23 15:57:49 -07:00
"github.com/disintegration/imaging"
2015-09-17 11:04:26 -04:00
"github.com/golang/freetype"
2015-06-14 23:53:32 -08:00
"github.com/gorilla/mux"
"github.com/mattermost/platform/model"
"github.com/mattermost/platform/store"
"github.com/mattermost/platform/utils"
"github.com/mssola/user_agent"
"hash/fnv"
"image"
"image/color"
2015-06-22 15:11:20 -04:00
"image/draw"
2015-06-14 23:53:32 -08:00
_ "image/gif"
_ "image/jpeg"
"image/png"
2015-07-17 09:47:25 -04:00
"io"
2015-07-28 16:39:50 -07:00
"io/ioutil"
2015-06-14 23:53:32 -08:00
"net/http"
"net/url"
"strconv"
"strings"
)
func InitUser ( r * mux . Router ) {
l4g . Debug ( "Initializing user api routes" )
sr := r . PathPrefix ( "/users" ) . Subrouter ( )
sr . Handle ( "/create" , ApiAppHandler ( createUser ) ) . Methods ( "POST" )
sr . Handle ( "/update" , ApiUserRequired ( updateUser ) ) . Methods ( "POST" )
sr . Handle ( "/update_roles" , ApiUserRequired ( updateRoles ) ) . Methods ( "POST" )
sr . Handle ( "/update_active" , ApiUserRequired ( updateActive ) ) . Methods ( "POST" )
sr . Handle ( "/update_notify" , ApiUserRequired ( updateUserNotify ) ) . Methods ( "POST" )
sr . Handle ( "/newpassword" , ApiUserRequired ( updatePassword ) ) . Methods ( "POST" )
sr . Handle ( "/send_password_reset" , ApiAppHandler ( sendPasswordReset ) ) . Methods ( "POST" )
sr . Handle ( "/reset_password" , ApiAppHandler ( resetPassword ) ) . Methods ( "POST" )
sr . Handle ( "/login" , ApiAppHandler ( login ) ) . Methods ( "POST" )
sr . Handle ( "/logout" , ApiUserRequired ( logout ) ) . Methods ( "POST" )
sr . Handle ( "/revoke_session" , ApiUserRequired ( revokeSession ) ) . Methods ( "POST" )
sr . Handle ( "/newimage" , ApiUserRequired ( uploadProfileImage ) ) . Methods ( "POST" )
sr . Handle ( "/me" , ApiAppHandler ( getMe ) ) . Methods ( "GET" )
sr . Handle ( "/status" , ApiUserRequiredActivity ( getStatuses , false ) ) . Methods ( "GET" )
sr . Handle ( "/profiles" , ApiUserRequired ( getProfiles ) ) . Methods ( "GET" )
2015-09-23 12:49:28 -07:00
sr . Handle ( "/profiles/{id:[A-Za-z0-9]+}" , ApiUserRequired ( getProfiles ) ) . Methods ( "GET" )
2015-06-14 23:53:32 -08:00
sr . Handle ( "/{id:[A-Za-z0-9]+}" , ApiUserRequired ( getUser ) ) . Methods ( "GET" )
sr . Handle ( "/{id:[A-Za-z0-9]+}/sessions" , ApiUserRequired ( getSessions ) ) . Methods ( "GET" )
sr . Handle ( "/{id:[A-Za-z0-9]+}/audits" , ApiUserRequired ( getAudits ) ) . Methods ( "GET" )
sr . Handle ( "/{id:[A-Za-z0-9]+}/image" , ApiUserRequired ( getProfileImage ) ) . Methods ( "GET" )
}
func createUser ( c * Context , w http . ResponseWriter , r * http . Request ) {
2015-09-22 12:12:50 -07:00
if ! utils . Cfg . EmailSettings . EnableSignUpWithEmail {
2015-08-28 08:37:55 -04:00
c . Err = model . NewAppError ( "signupTeam" , "User sign-up with email is disabled." , "" )
c . Err . StatusCode = http . StatusNotImplemented
return
}
2015-06-14 23:53:32 -08:00
user := model . UserFromJson ( r . Body )
if user == nil {
c . SetInvalidParam ( "createUser" , "user" )
return
}
2015-09-09 18:42:28 -04:00
// the user's username is checked to be valid when they are saved to the database
2015-06-14 23:53:32 -08:00
user . EmailVerified = false
var team * model . Team
if result := <- Srv . Store . Team ( ) . Get ( user . TeamId ) ; result . Err != nil {
c . Err = result . Err
return
} else {
team = result . Data . ( * model . Team )
}
hash := r . URL . Query ( ) . Get ( "h" )
2015-07-22 12:13:45 -04:00
if IsVerifyHashRequired ( user , team , hash ) {
2015-06-14 23:53:32 -08:00
data := r . URL . Query ( ) . Get ( "d" )
props := model . MapFromJson ( strings . NewReader ( data ) )
2015-09-22 12:12:50 -07:00
if ! model . ComparePassword ( hash , fmt . Sprintf ( "%v:%v" , data , utils . Cfg . EmailSettings . InviteSalt ) ) {
2015-06-14 23:53:32 -08:00
c . Err = model . NewAppError ( "createUser" , "The signup link does not appear to be valid" , "" )
return
}
t , err := strconv . ParseInt ( props [ "time" ] , 10 , 64 )
if err != nil || model . GetMillis ( ) - t > 1000 * 60 * 60 * 48 { // 48 hours
c . Err = model . NewAppError ( "createUser" , "The signup link has expired" , "" )
return
}
if user . TeamId != props [ "id" ] {
c . Err = model . NewAppError ( "createUser" , "Invalid team name" , data )
return
}
user . Email = props [ "email" ]
user . EmailVerified = true
}
2015-07-15 12:48:50 -04:00
if len ( user . AuthData ) > 0 && len ( user . AuthService ) > 0 {
user . EmailVerified = true
}
2015-06-14 23:53:32 -08:00
ruser := CreateUser ( c , team , user )
if c . Err != nil {
return
}
w . Write ( [ ] byte ( ruser . ToJson ( ) ) )
}
2015-07-22 12:13:45 -04:00
func IsVerifyHashRequired ( user * model . User , team * model . Team , hash string ) bool {
shouldVerifyHash := true
if team . Type == model . TEAM_INVITE && len ( team . AllowedDomains ) > 0 && len ( hash ) == 0 && user != nil {
domains := strings . Fields ( strings . TrimSpace ( strings . ToLower ( strings . Replace ( strings . Replace ( team . AllowedDomains , "@" , " " , - 1 ) , "," , " " , - 1 ) ) ) )
matched := false
for _ , d := range domains {
if strings . HasSuffix ( user . Email , "@" + d ) {
matched = true
break
}
}
if matched {
shouldVerifyHash = false
} else {
return true
}
}
if team . Type == model . TEAM_OPEN {
shouldVerifyHash = false
}
if len ( hash ) > 0 {
shouldVerifyHash = true
}
return shouldVerifyHash
}
2015-06-14 23:53:32 -08:00
func CreateUser ( c * Context , team * model . Team , user * model . User ) * model . User {
2015-09-22 01:15:41 -07:00
if ! utils . Cfg . TeamSettings . EnableUserCreation {
c . Err = model . NewAppError ( "CreateUser" , "User creation has been disabled. Please ask your systems administrator for details." , "" )
return nil
}
2015-06-14 23:53:32 -08:00
channelRole := ""
if team . Email == user . Email {
2015-09-11 09:39:28 -07:00
user . Roles = model . ROLE_TEAM_ADMIN
2015-06-14 23:53:32 -08:00
channelRole = model . CHANNEL_ROLE_ADMIN
2015-09-23 15:52:59 -07:00
// Below is a speical case where the first user in the entire
// system is granted the system_admin role instead of admin
if result := <- Srv . Store . User ( ) . GetTotalUsersCount ( ) ; result . Err != nil {
c . Err = result . Err
return nil
} else {
count := result . Data . ( int64 )
if count <= 0 {
user . Roles = model . ROLE_SYSTEM_ADMIN
}
}
2015-06-14 23:53:32 -08:00
} else {
user . Roles = ""
}
user . MakeNonNil ( )
if result := <- Srv . Store . User ( ) . Save ( user ) ; result . Err != nil {
c . Err = result . Err
2015-08-28 08:37:55 -04:00
l4g . Error ( "Couldn't save the user err=%v" , result . Err )
2015-06-14 23:53:32 -08:00
return nil
} else {
ruser := result . Data . ( * model . User )
2015-06-29 10:24:45 -04:00
// Soft error if there is an issue joining the default channels
2015-07-07 09:16:13 -04:00
if err := JoinDefaultChannels ( ruser , channelRole ) ; err != nil {
2015-06-29 10:24:45 -04:00
l4g . Error ( "Encountered an issue joining default channels user_id=%s, team_id=%s, err=%v" , ruser . Id , ruser . TeamId , err )
2015-06-14 23:53:32 -08:00
}
2015-10-13 09:47:31 -07:00
fireAndForgetWelcomeEmail ( result . Data . ( * model . User ) . Id , ruser . Email , team . Name , team . DisplayName , c . GetSiteURL ( ) , c . GetTeamURLFromTeam ( team ) , user . EmailVerified )
2015-06-14 23:53:32 -08:00
if user . EmailVerified {
if cresult := <- Srv . Store . User ( ) . VerifyEmail ( ruser . Id ) ; cresult . Err != nil {
2015-06-29 10:24:45 -04:00
l4g . Error ( "Failed to set email verified err=%v" , cresult . Err )
2015-06-14 23:53:32 -08:00
}
}
ruser . Sanitize ( map [ string ] bool { } )
2015-06-29 10:24:45 -04:00
// This message goes to every channel, so the channelId is irrelevant
2015-06-14 23:53:32 -08:00
message := model . NewMessage ( team . Id , "" , ruser . Id , model . ACTION_NEW_USER )
2015-07-14 15:12:04 -08:00
PublishAndForget ( message )
2015-06-14 23:53:32 -08:00
return ruser
}
}
2015-10-13 09:47:31 -07:00
func fireAndForgetWelcomeEmail ( userId , email , teamName , teamDisplayName , siteURL , teamURL string , verified bool ) {
2015-06-14 23:53:32 -08:00
go func ( ) {
2015-09-15 18:59:14 -07:00
subjectPage := NewServerTemplatePage ( "welcome_subject" )
2015-09-25 08:19:05 -04:00
subjectPage . Props [ "TeamDisplayName" ] = teamDisplayName
2015-09-15 18:59:14 -07:00
bodyPage := NewServerTemplatePage ( "welcome_body" )
2015-09-28 13:10:14 -04:00
bodyPage . Props [ "SiteURL" ] = siteURL
2015-09-25 08:19:05 -04:00
bodyPage . Props [ "TeamURL" ] = teamURL
2015-06-14 23:53:32 -08:00
2015-10-13 09:47:31 -07:00
if ! verified {
link := fmt . Sprintf ( "%s/verify_email?uid=%s&hid=%s&teamname=%s&email=%s" , siteURL , userId , model . HashPassword ( userId ) , teamName , email )
bodyPage . Props [ "VerifyUrl" ] = link
}
2015-06-14 23:53:32 -08:00
if err := utils . SendMail ( email , subjectPage . Render ( ) , bodyPage . Render ( ) ) ; err != nil {
l4g . Error ( "Failed to send welcome email successfully err=%v" , err )
}
} ( )
}
2015-07-30 13:42:27 -04:00
func FireAndForgetVerifyEmail ( userId , userEmail , teamName , teamDisplayName , siteURL , teamURL string ) {
2015-06-14 23:53:32 -08:00
go func ( ) {
2015-07-29 16:17:20 -04:00
link := fmt . Sprintf ( "%s/verify_email?uid=%s&hid=%s&teamname=%s&email=%s" , siteURL , userId , model . HashPassword ( userId ) , teamName , userEmail )
2015-06-14 23:53:32 -08:00
2015-09-15 18:59:14 -07:00
subjectPage := NewServerTemplatePage ( "verify_subject" )
subjectPage . Props [ "SiteURL" ] = siteURL
2015-07-08 11:50:10 -04:00
subjectPage . Props [ "TeamDisplayName" ] = teamDisplayName
2015-09-15 18:59:14 -07:00
bodyPage := NewServerTemplatePage ( "verify_body" )
bodyPage . Props [ "SiteURL" ] = siteURL
2015-07-08 11:50:10 -04:00
bodyPage . Props [ "TeamDisplayName" ] = teamDisplayName
2015-06-14 23:53:32 -08:00
bodyPage . Props [ "VerifyUrl" ] = link
2015-07-29 16:17:20 -04:00
if err := utils . SendMail ( userEmail , subjectPage . Render ( ) , bodyPage . Render ( ) ) ; err != nil {
2015-06-14 23:53:32 -08:00
l4g . Error ( "Failed to send verification email successfully err=%v" , err )
}
} ( )
}
2015-07-22 12:42:03 -04:00
func LoginById ( c * Context , w http . ResponseWriter , r * http . Request , userId , password , deviceId string ) * model . User {
2015-07-15 12:48:50 -04:00
if result := <- Srv . Store . User ( ) . Get ( userId ) ; result . Err != nil {
c . Err = result . Err
2015-07-22 12:42:03 -04:00
return nil
2015-07-15 12:48:50 -04:00
} else {
user := result . Data . ( * model . User )
if checkUserPassword ( c , user , password ) {
Login ( c , w , r , user , deviceId )
2015-07-22 12:42:03 -04:00
return user
2015-06-14 23:53:32 -08:00
}
}
2015-07-22 12:42:03 -04:00
return nil
2015-07-15 12:48:50 -04:00
}
2015-06-14 23:53:32 -08:00
2015-07-22 12:42:03 -04:00
func LoginByEmail ( c * Context , w http . ResponseWriter , r * http . Request , email , name , password , deviceId string ) * model . User {
2015-06-14 23:53:32 -08:00
var team * model . Team
2015-07-15 12:48:50 -04:00
if result := <- Srv . Store . Team ( ) . GetByName ( name ) ; result . Err != nil {
c . Err = result . Err
2015-07-22 12:42:03 -04:00
return nil
2015-07-15 12:48:50 -04:00
} else {
team = result . Data . ( * model . Team )
2015-06-14 23:53:32 -08:00
}
2015-07-15 12:48:50 -04:00
if result := <- Srv . Store . User ( ) . GetByEmail ( team . Id , email ) ; result . Err != nil {
c . Err = result . Err
2015-07-22 12:42:03 -04:00
return nil
2015-07-15 12:48:50 -04:00
} else {
user := result . Data . ( * model . User )
2015-06-14 23:53:32 -08:00
2015-07-15 12:48:50 -04:00
if checkUserPassword ( c , user , password ) {
Login ( c , w , r , user , deviceId )
2015-07-22 12:42:03 -04:00
return user
2015-06-14 23:53:32 -08:00
}
}
2015-07-22 12:42:03 -04:00
return nil
2015-07-15 12:48:50 -04:00
}
2015-06-14 23:53:32 -08:00
2015-07-15 12:48:50 -04:00
func checkUserPassword ( c * Context , user * model . User , password string ) bool {
2015-07-29 01:26:10 -08:00
2015-09-22 12:12:50 -07:00
if user . FailedAttempts >= utils . Cfg . ServiceSettings . MaximumLoginAttempts {
2015-07-29 01:26:10 -08:00
c . LogAuditWithUserId ( user . Id , "fail" )
c . Err = model . NewAppError ( "checkUserPassword" , "Your account is locked because of too many failed password attempts. Please reset your password." , "user_id=" + user . Id )
c . Err . StatusCode = http . StatusForbidden
return false
}
2015-07-15 12:48:50 -04:00
if ! model . ComparePassword ( user . Password , password ) {
2015-06-14 23:53:32 -08:00
c . LogAuditWithUserId ( user . Id , "fail" )
2015-07-15 12:48:50 -04:00
c . Err = model . NewAppError ( "checkUserPassword" , "Login failed because of invalid password" , "user_id=" + user . Id )
2015-07-06 11:20:40 -08:00
c . Err . StatusCode = http . StatusForbidden
2015-07-29 01:26:10 -08:00
if result := <- Srv . Store . User ( ) . UpdateFailedPasswordAttempts ( user . Id , user . FailedAttempts + 1 ) ; result . Err != nil {
c . LogError ( result . Err )
}
2015-07-15 12:48:50 -04:00
return false
2015-07-30 00:46:17 -08:00
} else {
if result := <- Srv . Store . User ( ) . UpdateFailedPasswordAttempts ( user . Id , 0 ) ; result . Err != nil {
c . LogError ( result . Err )
}
return true
2015-06-14 23:53:32 -08:00
}
2015-07-29 01:26:10 -08:00
2015-07-15 12:48:50 -04:00
}
// User MUST be validated before calling Login
func Login ( c * Context , w http . ResponseWriter , r * http . Request , user * model . User , deviceId string ) {
c . LogAuditWithUserId ( user . Id , "attempt" )
2015-06-14 23:53:32 -08:00
2015-09-21 15:11:56 -07:00
if ! user . EmailVerified && utils . Cfg . EmailSettings . RequireEmailVerification {
2015-07-15 12:48:50 -04:00
c . Err = model . NewAppError ( "Login" , "Login failed because email address has not been verified" , "user_id=" + user . Id )
2015-06-14 23:53:32 -08:00
c . Err . StatusCode = http . StatusForbidden
return
}
if user . DeleteAt > 0 {
2015-07-15 12:48:50 -04:00
c . Err = model . NewAppError ( "Login" , "Login failed because your account has been set to inactive. Please contact an administrator." , "user_id=" + user . Id )
2015-06-14 23:53:32 -08:00
c . Err . StatusCode = http . StatusForbidden
return
}
2015-09-16 15:49:12 -04:00
session := & model . Session { UserId : user . Id , TeamId : user . TeamId , Roles : user . Roles , DeviceId : deviceId , IsOAuth : false }
2015-06-14 23:53:32 -08:00
maxAge := model . SESSION_TIME_WEB_IN_SECS
2015-07-15 12:48:50 -04:00
if len ( deviceId ) > 0 {
2015-06-14 23:53:32 -08:00
session . SetExpireInDays ( model . SESSION_TIME_MOBILE_IN_DAYS )
maxAge = model . SESSION_TIME_MOBILE_IN_SECS
} else {
session . SetExpireInDays ( model . SESSION_TIME_WEB_IN_DAYS )
}
ua := user_agent . New ( r . UserAgent ( ) )
plat := ua . Platform ( )
if plat == "" {
plat = "unknown"
}
os := ua . OS ( )
if os == "" {
os = "unknown"
}
bname , bversion := ua . Browser ( )
if bname == "" {
bname = "unknown"
}
if bversion == "" {
bversion = "0.0"
}
session . AddProp ( model . SESSION_PROP_PLATFORM , plat )
session . AddProp ( model . SESSION_PROP_OS , os )
session . AddProp ( model . SESSION_PROP_BROWSER , fmt . Sprintf ( "%v/%v" , bname , bversion ) )
if result := <- Srv . Store . Session ( ) . Save ( session ) ; result . Err != nil {
c . Err = result . Err
c . Err . StatusCode = http . StatusForbidden
return
} else {
session = result . Data . ( * model . Session )
2015-09-16 15:49:12 -04:00
AddSessionToCache ( session )
2015-06-14 23:53:32 -08:00
}
2015-09-16 15:49:12 -04:00
w . Header ( ) . Set ( model . HEADER_TOKEN , session . Token )
2015-06-14 23:53:32 -08:00
sessionCookie := & http . Cookie {
Name : model . SESSION_TOKEN ,
2015-09-16 15:49:12 -04:00
Value : session . Token ,
2015-06-14 23:53:32 -08:00
Path : "/" ,
MaxAge : maxAge ,
HttpOnly : true ,
}
http . SetCookie ( w , sessionCookie )
2015-10-01 17:52:47 -07:00
multiToken := ""
if originalMultiSessionCookie , err := r . Cookie ( model . MULTI_SESSION_TOKEN ) ; err == nil {
multiToken = originalMultiSessionCookie . Value
}
// Attempt to clean all the old tokens or duplicate tokens
if len ( multiToken ) > 0 {
tokens := strings . Split ( multiToken , " " )
multiToken = ""
seen := make ( map [ string ] string )
seen [ session . TeamId ] = session . TeamId
for _ , token := range tokens {
if sr := <- Srv . Store . Session ( ) . Get ( token ) ; sr . Err == nil {
s := sr . Data . ( * model . Session )
if ! s . IsExpired ( ) && seen [ s . TeamId ] == "" {
multiToken += " " + token
seen [ s . TeamId ] = s . TeamId
}
}
}
}
multiToken = strings . TrimSpace ( session . Token + " " + multiToken )
multiSessionCookie := & http . Cookie {
Name : model . MULTI_SESSION_TOKEN ,
Value : multiToken ,
Path : "/" ,
MaxAge : maxAge ,
HttpOnly : true ,
}
http . SetCookie ( w , multiSessionCookie )
2015-06-14 23:53:32 -08:00
c . Session = * session
c . LogAuditWithUserId ( user . Id , "success" )
2015-07-15 12:48:50 -04:00
}
2015-06-14 23:53:32 -08:00
2015-07-15 12:48:50 -04:00
func login ( c * Context , w http . ResponseWriter , r * http . Request ) {
props := model . MapFromJson ( r . Body )
2015-07-23 08:19:51 -04:00
if len ( props [ "password" ] ) == 0 {
c . Err = model . NewAppError ( "login" , "Password field must not be blank" , "" )
c . Err . StatusCode = http . StatusForbidden
return
}
2015-07-22 12:42:03 -04:00
var user * model . User
2015-07-15 12:48:50 -04:00
if len ( props [ "id" ] ) != 0 {
2015-07-22 12:42:03 -04:00
user = LoginById ( c , w , r , props [ "id" ] , props [ "password" ] , props [ "device_id" ] )
2015-07-15 12:48:50 -04:00
} else if len ( props [ "email" ] ) != 0 && len ( props [ "name" ] ) != 0 {
2015-07-22 12:42:03 -04:00
user = LoginByEmail ( c , w , r , props [ "email" ] , props [ "name" ] , props [ "password" ] , props [ "device_id" ] )
} else {
c . Err = model . NewAppError ( "login" , "Either user id or team name and user email must be provided" , "" )
2015-07-22 15:05:20 -04:00
c . Err . StatusCode = http . StatusForbidden
2015-07-22 12:42:03 -04:00
return
2015-07-15 12:48:50 -04:00
}
if c . Err != nil {
return
}
2015-07-22 12:42:03 -04:00
if user != nil {
user . Sanitize ( map [ string ] bool { } )
} else {
user = & model . User { }
}
w . Write ( [ ] byte ( user . ToJson ( ) ) )
2015-06-14 23:53:32 -08:00
}
func revokeSession ( c * Context , w http . ResponseWriter , r * http . Request ) {
props := model . MapFromJson ( r . Body )
2015-09-16 15:49:12 -04:00
id := props [ "id" ]
2015-06-14 23:53:32 -08:00
2015-09-16 15:49:12 -04:00
if result := <- Srv . Store . Session ( ) . Get ( id ) ; result . Err != nil {
2015-06-14 23:53:32 -08:00
c . Err = result . Err
return
} else {
2015-09-16 15:49:12 -04:00
session := result . Data . ( * model . Session )
2015-06-14 23:53:32 -08:00
2015-09-16 15:49:12 -04:00
c . LogAudit ( "session_id=" + session . Id )
if session . IsOAuth {
RevokeAccessToken ( session . Token )
} else {
sessionCache . Remove ( session . Token )
if result := <- Srv . Store . Session ( ) . Remove ( session . Id ) ; result . Err != nil {
c . Err = result . Err
return
} else {
w . Write ( [ ] byte ( model . MapToJson ( props ) ) )
return
2015-06-14 23:53:32 -08:00
}
}
}
}
func RevokeAllSession ( c * Context , userId string ) {
if result := <- Srv . Store . Session ( ) . GetSessions ( userId ) ; result . Err != nil {
c . Err = result . Err
return
} else {
sessions := result . Data . ( [ ] * model . Session )
for _ , session := range sessions {
2015-09-16 15:49:12 -04:00
c . LogAuditWithUserId ( userId , "session_id=" + session . Id )
2015-09-24 08:02:01 -04:00
if session . IsOAuth {
RevokeAccessToken ( session . Token )
} else {
sessionCache . Remove ( session . Token )
if result := <- Srv . Store . Session ( ) . Remove ( session . Id ) ; result . Err != nil {
c . Err = result . Err
return
}
2015-06-14 23:53:32 -08:00
}
}
}
}
func getSessions ( c * Context , w http . ResponseWriter , r * http . Request ) {
params := mux . Vars ( r )
id := params [ "id" ]
2015-07-06 11:20:40 -08:00
if ! c . HasPermissionsToUser ( id , "getSessions" ) {
2015-06-14 23:53:32 -08:00
return
}
if result := <- Srv . Store . Session ( ) . GetSessions ( id ) ; result . Err != nil {
c . Err = result . Err
return
} else {
sessions := result . Data . ( [ ] * model . Session )
for _ , session := range sessions {
session . Sanitize ( )
}
w . Write ( [ ] byte ( model . SessionsToJson ( sessions ) ) )
}
}
func logout ( c * Context , w http . ResponseWriter , r * http . Request ) {
data := make ( map [ string ] string )
data [ "user_id" ] = c . Session . UserId
Logout ( c , w , r )
if c . Err == nil {
w . Write ( [ ] byte ( model . MapToJson ( data ) ) )
}
}
func Logout ( c * Context , w http . ResponseWriter , r * http . Request ) {
c . LogAudit ( "" )
2015-10-01 17:52:47 -07:00
c . RemoveSessionCookie ( w , r )
2015-06-14 23:53:32 -08:00
if result := <- Srv . Store . Session ( ) . Remove ( c . Session . Id ) ; result . Err != nil {
c . Err = result . Err
return
}
}
func getMe ( c * Context , w http . ResponseWriter , r * http . Request ) {
if len ( c . Session . UserId ) == 0 {
return
}
if result := <- Srv . Store . User ( ) . Get ( c . Session . UserId ) ; result . Err != nil {
c . Err = result . Err
2015-10-01 17:52:47 -07:00
c . RemoveSessionCookie ( w , r )
2015-06-14 23:53:32 -08:00
l4g . Error ( "Error in getting users profile for id=%v forcing logout" , c . Session . UserId )
return
} else if HandleEtag ( result . Data . ( * model . User ) . Etag ( ) , w , r ) {
return
} else {
result . Data . ( * model . User ) . Sanitize ( map [ string ] bool { } )
w . Header ( ) . Set ( model . HEADER_ETAG_SERVER , result . Data . ( * model . User ) . Etag ( ) )
w . Header ( ) . Set ( "Expires" , "-1" )
w . Write ( [ ] byte ( result . Data . ( * model . User ) . ToJson ( ) ) )
return
}
}
func getUser ( c * Context , w http . ResponseWriter , r * http . Request ) {
params := mux . Vars ( r )
id := params [ "id" ]
if ! c . HasPermissionsToUser ( id , "getUser" ) {
return
}
if result := <- Srv . Store . User ( ) . Get ( id ) ; result . Err != nil {
c . Err = result . Err
return
} else if HandleEtag ( result . Data . ( * model . User ) . Etag ( ) , w , r ) {
return
} else {
result . Data . ( * model . User ) . Sanitize ( map [ string ] bool { } )
w . Header ( ) . Set ( model . HEADER_ETAG_SERVER , result . Data . ( * model . User ) . Etag ( ) )
w . Write ( [ ] byte ( result . Data . ( * model . User ) . ToJson ( ) ) )
return
}
}
func getProfiles ( c * Context , w http . ResponseWriter , r * http . Request ) {
2015-09-23 12:49:28 -07:00
params := mux . Vars ( r )
id , ok := params [ "id" ]
if ok {
// You must be system admin to access another team
if id != c . Session . TeamId {
if ! c . HasSystemAdminPermissions ( "getProfiles" ) {
return
}
}
2015-06-14 23:53:32 -08:00
2015-09-23 12:49:28 -07:00
} else {
id = c . Session . TeamId
}
2015-06-14 23:53:32 -08:00
2015-09-23 12:49:28 -07:00
etag := ( <- Srv . Store . User ( ) . GetEtagForProfiles ( id ) ) . Data . ( string )
2015-06-14 23:53:32 -08:00
if HandleEtag ( etag , w , r ) {
return
}
2015-09-23 12:49:28 -07:00
if result := <- Srv . Store . User ( ) . GetProfiles ( id ) ; result . Err != nil {
2015-06-14 23:53:32 -08:00
c . Err = result . Err
return
} else {
profiles := result . Data . ( map [ string ] * model . User )
for k , p := range profiles {
options := utils . SanitizeOptions
options [ "passwordupdate" ] = false
p . Sanitize ( options )
profiles [ k ] = p
}
w . Header ( ) . Set ( model . HEADER_ETAG_SERVER , etag )
w . Write ( [ ] byte ( model . UserMapToJson ( profiles ) ) )
return
}
}
func getAudits ( c * Context , w http . ResponseWriter , r * http . Request ) {
params := mux . Vars ( r )
id := params [ "id" ]
if ! c . HasPermissionsToUser ( id , "getAudits" ) {
return
}
userChan := Srv . Store . User ( ) . Get ( id )
auditChan := Srv . Store . Audit ( ) . Get ( id , 20 )
if c . Err = ( <- userChan ) . Err ; c . Err != nil {
return
}
if result := <- auditChan ; result . Err != nil {
c . Err = result . Err
return
} else {
audits := result . Data . ( model . Audits )
etag := audits . Etag ( )
if HandleEtag ( etag , w , r ) {
return
}
if len ( etag ) > 0 {
w . Header ( ) . Set ( model . HEADER_ETAG_SERVER , etag )
}
w . Write ( [ ] byte ( audits . ToJson ( ) ) )
return
}
}
2015-07-28 16:39:50 -07:00
func createProfileImage ( username string , userId string ) ( [ ] byte , * model . AppError ) {
2015-06-14 23:53:32 -08:00
colors := [ ] color . NRGBA {
{ 197 , 8 , 126 , 255 } ,
{ 227 , 207 , 18 , 255 } ,
{ 28 , 181 , 105 , 255 } ,
{ 35 , 188 , 224 , 255 } ,
{ 116 , 49 , 196 , 255 } ,
{ 197 , 8 , 126 , 255 } ,
{ 197 , 19 , 19 , 255 } ,
{ 250 , 134 , 6 , 255 } ,
{ 227 , 207 , 18 , 255 } ,
{ 123 , 201 , 71 , 255 } ,
{ 28 , 181 , 105 , 255 } ,
{ 35 , 188 , 224 , 255 } ,
{ 116 , 49 , 196 , 255 } ,
{ 197 , 8 , 126 , 255 } ,
{ 197 , 19 , 19 , 255 } ,
{ 250 , 134 , 6 , 255 } ,
{ 227 , 207 , 18 , 255 } ,
{ 123 , 201 , 71 , 255 } ,
{ 28 , 181 , 105 , 255 } ,
{ 35 , 188 , 224 , 255 } ,
{ 116 , 49 , 196 , 255 } ,
{ 197 , 8 , 126 , 255 } ,
{ 197 , 19 , 19 , 255 } ,
{ 250 , 134 , 6 , 255 } ,
{ 227 , 207 , 18 , 255 } ,
{ 123 , 201 , 71 , 255 } ,
}
h := fnv . New32a ( )
h . Write ( [ ] byte ( userId ) )
seed := h . Sum32 ( )
2015-07-28 17:31:27 -07:00
initial := string ( strings . ToUpper ( username ) [ 0 ] )
2015-07-28 16:39:50 -07:00
2015-09-23 13:47:10 -07:00
fontBytes , err := ioutil . ReadFile ( utils . FindDir ( "web/static/fonts" ) + utils . Cfg . FileSettings . InitialFont )
2015-07-28 16:39:50 -07:00
if err != nil {
return nil , model . NewAppError ( "createProfileImage" , "Could not create default profile image font" , err . Error ( ) )
}
font , err := freetype . ParseFont ( fontBytes )
if err != nil {
return nil , model . NewAppError ( "createProfileImage" , "Could not create default profile image font" , err . Error ( ) )
}
2015-09-23 13:47:10 -07:00
width := int ( utils . Cfg . FileSettings . ProfileWidth )
height := int ( utils . Cfg . FileSettings . ProfileHeight )
2015-07-06 18:08:52 -04:00
color := colors [ int64 ( seed ) % int64 ( len ( colors ) ) ]
2015-07-29 13:40:24 -07:00
dstImg := image . NewRGBA ( image . Rect ( 0 , 0 , width , height ) )
2015-07-28 16:39:50 -07:00
srcImg := image . White
draw . Draw ( dstImg , dstImg . Bounds ( ) , & image . Uniform { color } , image . ZP , draw . Src )
2015-07-29 13:40:24 -07:00
size := float64 ( ( width + height ) / 4 )
2015-07-28 16:39:50 -07:00
c := freetype . NewContext ( )
c . SetFont ( font )
2015-07-28 17:31:27 -07:00
c . SetFontSize ( size )
2015-07-28 16:39:50 -07:00
c . SetClip ( dstImg . Bounds ( ) )
c . SetDst ( dstImg )
c . SetSrc ( srcImg )
2015-07-29 13:40:24 -07:00
pt := freetype . Pt ( width / 6 , height * 2 / 3 )
2015-07-28 17:31:27 -07:00
_ , err = c . DrawString ( initial , pt )
2015-07-28 16:39:50 -07:00
if err != nil {
return nil , model . NewAppError ( "createProfileImage" , "Could not add user initial to default profile picture" , err . Error ( ) )
}
2015-06-14 23:53:32 -08:00
2015-06-19 11:19:51 -04:00
buf := new ( bytes . Buffer )
2015-07-28 16:39:50 -07:00
if imgErr := png . Encode ( buf , dstImg ) ; imgErr != nil {
2015-07-16 08:54:09 -04:00
return nil , model . NewAppError ( "createProfileImage" , "Could not encode default profile image" , imgErr . Error ( ) )
2015-06-19 11:19:51 -04:00
} else {
return buf . Bytes ( ) , nil
2015-06-14 23:53:32 -08:00
}
2015-06-19 11:19:51 -04:00
}
2015-06-14 23:53:32 -08:00
2015-06-19 11:19:51 -04:00
func getProfileImage ( c * Context , w http . ResponseWriter , r * http . Request ) {
2015-06-14 23:53:32 -08:00
params := mux . Vars ( r )
id := params [ "id" ]
if result := <- Srv . Store . User ( ) . Get ( id ) ; result . Err != nil {
c . Err = result . Err
return
} else {
2015-06-19 11:19:51 -04:00
var img [ ] byte
2015-06-14 23:53:32 -08:00
2015-09-23 13:47:10 -07:00
if len ( utils . Cfg . FileSettings . DriverName ) == 0 {
2015-07-16 08:54:09 -04:00
var err * model . AppError
if img , err = createProfileImage ( result . Data . ( * model . User ) . Username , id ) ; err != nil {
2015-06-19 11:19:51 -04:00
c . Err = err
return
}
} else {
path := "teams/" + c . Session . TeamId + "/users/" + id + "/profile.png"
2015-06-14 23:53:32 -08:00
2015-07-16 08:54:09 -04:00
if data , err := readFile ( path ) ; err != nil {
if img , err = createProfileImage ( result . Data . ( * model . User ) . Username , id ) ; err != nil {
2015-06-19 11:19:51 -04:00
c . Err = err
return
}
2015-06-14 23:53:32 -08:00
2015-07-16 08:54:09 -04:00
if err := writeFile ( img , path ) ; err != nil {
c . Err = err
2015-06-19 11:19:51 -04:00
return
}
2015-06-14 23:53:32 -08:00
2015-06-19 11:19:51 -04:00
} else {
img = data
2015-06-14 23:53:32 -08:00
}
}
if c . Session . UserId == id {
w . Header ( ) . Set ( "Cache-Control" , "max-age=300, public" ) // 5 mins
} else {
w . Header ( ) . Set ( "Cache-Control" , "max-age=86400, public" ) // 24 hrs
}
w . Write ( img )
}
}
func uploadProfileImage ( c * Context , w http . ResponseWriter , r * http . Request ) {
2015-09-23 13:47:10 -07:00
if len ( utils . Cfg . FileSettings . DriverName ) == 0 {
2015-09-21 17:34:13 -07:00
c . Err = model . NewAppError ( "uploadProfileImage" , "Unable to upload file. Image storage is not configured." , "" )
2015-06-14 23:53:32 -08:00
c . Err . StatusCode = http . StatusNotImplemented
return
}
if err := r . ParseMultipartForm ( 10000000 ) ; err != nil {
c . Err = model . NewAppError ( "uploadProfileImage" , "Could not parse multipart form" , "" )
return
}
m := r . MultipartForm
imageArray , ok := m . File [ "image" ]
if ! ok {
c . Err = model . NewAppError ( "uploadProfileImage" , "No file under 'image' in request" , "" )
c . Err . StatusCode = http . StatusBadRequest
return
}
if len ( imageArray ) <= 0 {
c . Err = model . NewAppError ( "uploadProfileImage" , "Empty array under 'image' in request" , "" )
c . Err . StatusCode = http . StatusBadRequest
return
}
imageData := imageArray [ 0 ]
file , err := imageData . Open ( )
defer file . Close ( )
if err != nil {
c . Err = model . NewAppError ( "uploadProfileImage" , "Could not open image file" , err . Error ( ) )
return
}
// Decode image into Image object
img , _ , err := image . Decode ( file )
if err != nil {
c . Err = model . NewAppError ( "uploadProfileImage" , "Could not decode profile image" , err . Error ( ) )
return
}
// Scale profile image
2015-09-23 15:57:49 -07:00
img = imaging . Resize ( img , utils . Cfg . FileSettings . ProfileWidth , utils . Cfg . FileSettings . ProfileHeight , imaging . Lanczos )
2015-06-14 23:53:32 -08:00
buf := new ( bytes . Buffer )
err = png . Encode ( buf , img )
if err != nil {
c . Err = model . NewAppError ( "uploadProfileImage" , "Could not encode profile image" , err . Error ( ) )
return
}
path := "teams/" + c . Session . TeamId + "/users/" + c . Session . UserId + "/profile.png"
2015-07-16 08:54:09 -04:00
if err := writeFile ( buf . Bytes ( ) , path ) ; err != nil {
2015-06-14 23:53:32 -08:00
c . Err = model . NewAppError ( "uploadProfileImage" , "Couldn't upload profile image" , "" )
return
}
2015-07-16 08:55:37 -07:00
Srv . Store . User ( ) . UpdateLastPictureUpdate ( c . Session . UserId )
2015-07-10 09:56:41 -07:00
2015-06-14 23:53:32 -08:00
c . LogAudit ( "" )
2015-09-24 16:47:27 -04:00
// write something as the response since jQuery expects a json response
w . Write ( [ ] byte ( "true" ) )
2015-06-14 23:53:32 -08:00
}
func updateUser ( c * Context , w http . ResponseWriter , r * http . Request ) {
user := model . UserFromJson ( r . Body )
if user == nil {
c . SetInvalidParam ( "updateUser" , "user" )
return
}
2015-07-06 11:20:40 -08:00
if ! c . HasPermissionsToUser ( user . Id , "updateUser" ) {
2015-06-14 23:53:32 -08:00
return
}
if result := <- Srv . Store . User ( ) . Update ( user , false ) ; result . Err != nil {
c . Err = result . Err
return
} else {
c . LogAudit ( "" )
rusers := result . Data . ( [ 2 ] * model . User )
if rusers [ 0 ] . Email != rusers [ 1 ] . Email {
if tresult := <- Srv . Store . Team ( ) . Get ( rusers [ 1 ] . TeamId ) ; tresult . Err != nil {
l4g . Error ( tresult . Err . Message )
} else {
2015-07-08 11:50:10 -04:00
team := tresult . Data . ( * model . Team )
2015-10-06 08:58:31 -07:00
fireAndForgetEmailChangeEmail ( rusers [ 1 ] . Email , rusers [ 0 ] . Email , team . DisplayName , c . GetTeamURLFromTeam ( team ) , c . GetSiteURL ( ) )
2015-10-05 14:18:05 -07:00
if utils . Cfg . EmailSettings . RequireEmailVerification {
2015-10-05 14:54:15 -07:00
FireAndForgetEmailChangeVerifyEmail ( rusers [ 0 ] . Id , rusers [ 0 ] . Email , team . Name , team . DisplayName , c . GetSiteURL ( ) , c . GetTeamURLFromTeam ( team ) )
2015-10-05 14:18:05 -07:00
}
2015-06-14 23:53:32 -08:00
}
}
rusers [ 0 ] . Password = ""
rusers [ 0 ] . AuthData = ""
w . Write ( [ ] byte ( rusers [ 0 ] . ToJson ( ) ) )
}
}
func updatePassword ( c * Context , w http . ResponseWriter , r * http . Request ) {
c . LogAudit ( "attempted" )
props := model . MapFromJson ( r . Body )
userId := props [ "user_id" ]
if len ( userId ) != 26 {
c . SetInvalidParam ( "updatePassword" , "user_id" )
return
}
currentPassword := props [ "current_password" ]
if len ( currentPassword ) <= 0 {
c . SetInvalidParam ( "updatePassword" , "current_password" )
return
}
newPassword := props [ "new_password" ]
if len ( newPassword ) < 5 {
c . SetInvalidParam ( "updatePassword" , "new_password" )
return
}
if userId != c . Session . UserId {
c . Err = model . NewAppError ( "updatePassword" , "Update password failed because context user_id did not match props user_id" , "" )
c . Err . StatusCode = http . StatusForbidden
return
}
var result store . StoreResult
if result = <- Srv . Store . User ( ) . Get ( userId ) ; result . Err != nil {
c . Err = result . Err
return
}
if result . Data == nil {
c . Err = model . NewAppError ( "updatePassword" , "Update password failed because we couldn't find a valid account" , "" )
c . Err . StatusCode = http . StatusBadRequest
return
}
user := result . Data . ( * model . User )
tchan := Srv . Store . Team ( ) . Get ( user . TeamId )
2015-07-22 15:36:58 -04:00
if user . AuthData != "" {
c . LogAudit ( "failed - tried to update user password who was logged in through oauth" )
c . Err = model . NewAppError ( "updatePassword" , "Update password failed because the user is logged in through an OAuth service" , "auth_service=" + user . AuthService )
c . Err . StatusCode = http . StatusForbidden
return
}
2015-06-14 23:53:32 -08:00
if ! model . ComparePassword ( user . Password , currentPassword ) {
2015-07-30 13:54:00 -07:00
c . Err = model . NewAppError ( "updatePassword" , "The \"Current Password\" you entered is incorrect. Please check that Caps Lock is off and try again." , "" )
2015-07-06 11:20:40 -08:00
c . Err . StatusCode = http . StatusForbidden
2015-06-14 23:53:32 -08:00
return
}
if uresult := <- Srv . Store . User ( ) . UpdatePassword ( c . Session . UserId , model . HashPassword ( newPassword ) ) ; uresult . Err != nil {
2015-07-06 11:20:40 -08:00
c . Err = model . NewAppError ( "updatePassword" , "Update password failed" , uresult . Err . Error ( ) )
c . Err . StatusCode = http . StatusForbidden
2015-06-14 23:53:32 -08:00
return
} else {
c . LogAudit ( "completed" )
if tresult := <- tchan ; tresult . Err != nil {
l4g . Error ( tresult . Err . Message )
} else {
2015-07-08 11:50:10 -04:00
team := tresult . Data . ( * model . Team )
2015-07-28 13:28:18 -07:00
fireAndForgetPasswordChangeEmail ( user . Email , team . DisplayName , c . GetTeamURLFromTeam ( team ) , c . GetSiteURL ( ) , "using the settings menu" )
2015-06-14 23:53:32 -08:00
}
data := make ( map [ string ] string )
data [ "user_id" ] = uresult . Data . ( string )
w . Write ( [ ] byte ( model . MapToJson ( data ) ) )
}
}
func updateRoles ( c * Context , w http . ResponseWriter , r * http . Request ) {
props := model . MapFromJson ( r . Body )
user_id := props [ "user_id" ]
if len ( user_id ) != 26 {
c . SetInvalidParam ( "updateRoles" , "user_id" )
return
}
new_roles := props [ "new_roles" ]
2015-09-04 16:56:18 -07:00
if ! model . IsValidRoles ( new_roles ) {
2015-09-04 11:59:10 -07:00
c . SetInvalidParam ( "updateRoles" , "new_roles" )
return
}
2015-09-23 15:16:48 -07:00
if model . IsInRole ( new_roles , model . ROLE_SYSTEM_ADMIN ) && ! c . IsSystemAdmin ( ) {
2015-10-06 10:50:38 -07:00
c . Err = model . NewAppError ( "updateRoles" , "The system admin role can only be set by another system admin" , "" )
2015-09-04 11:59:10 -07:00
c . Err . StatusCode = http . StatusForbidden
return
}
2015-06-14 23:53:32 -08:00
var user * model . User
if result := <- Srv . Store . User ( ) . Get ( user_id ) ; result . Err != nil {
c . Err = result . Err
return
} else {
user = result . Data . ( * model . User )
}
if ! c . HasPermissionsToTeam ( user . TeamId , "updateRoles" ) {
return
}
2015-09-30 11:30:11 -04:00
if ! c . IsTeamAdmin ( ) {
2015-06-14 23:53:32 -08:00
c . Err = model . NewAppError ( "updateRoles" , "You do not have the appropriate permissions" , "userId=" + user_id )
c . Err . StatusCode = http . StatusForbidden
return
}
2015-10-06 10:50:38 -07:00
if user . IsInRole ( model . ROLE_SYSTEM_ADMIN ) && ! c . IsSystemAdmin ( ) {
c . Err = model . NewAppError ( "updateRoles" , "The system admin role can only by modified by another system admin" , "" )
c . Err . StatusCode = http . StatusForbidden
return
}
2015-09-04 11:59:10 -07:00
ruser := UpdateRoles ( c , user , new_roles )
if c . Err != nil {
2015-06-14 23:53:32 -08:00
return
}
2015-08-17 09:28:20 -04:00
uchan := Srv . Store . Session ( ) . UpdateRoles ( user . Id , new_roles )
gchan := Srv . Store . Session ( ) . GetSessions ( user . Id )
if result := <- uchan ; result . Err != nil {
// soft error since the user roles were still updated
l4g . Error ( result . Err )
}
if result := <- gchan ; result . Err != nil {
// soft error since the user roles were still updated
l4g . Error ( result . Err )
} else {
sessions := result . Data . ( [ ] * model . Session )
for _ , s := range sessions {
2015-09-29 13:26:23 -07:00
sessionCache . Remove ( s . Token )
2015-08-17 09:28:20 -04:00
}
}
options := utils . SanitizeOptions
options [ "passwordupdate" ] = false
ruser . Sanitize ( options )
w . Write ( [ ] byte ( ruser . ToJson ( ) ) )
2015-06-14 23:53:32 -08:00
}
2015-09-04 11:59:10 -07:00
func UpdateRoles ( c * Context , user * model . User , roles string ) * model . User {
// make sure there is at least 1 other active admin
2015-09-10 14:56:37 -07:00
if ! model . IsInRole ( roles , model . ROLE_SYSTEM_ADMIN ) {
2015-09-11 09:39:28 -07:00
if model . IsInRole ( user . Roles , model . ROLE_TEAM_ADMIN ) && ! model . IsInRole ( roles , model . ROLE_TEAM_ADMIN ) {
2015-09-10 14:56:37 -07:00
if result := <- Srv . Store . User ( ) . GetProfiles ( user . TeamId ) ; result . Err != nil {
c . Err = result . Err
2015-09-04 11:59:10 -07:00
return nil
2015-09-10 14:56:37 -07:00
} else {
activeAdmins := - 1
profileUsers := result . Data . ( map [ string ] * model . User )
for _ , profileUser := range profileUsers {
2015-09-11 09:39:28 -07:00
if profileUser . DeleteAt == 0 && model . IsInRole ( profileUser . Roles , model . ROLE_TEAM_ADMIN ) {
2015-09-10 14:56:37 -07:00
activeAdmins = activeAdmins + 1
}
}
if activeAdmins <= 0 {
c . Err = model . NewAppError ( "updateRoles" , "There must be at least one active admin" , "" )
return nil
}
2015-09-04 11:59:10 -07:00
}
}
}
user . Roles = roles
var ruser * model . User
if result := <- Srv . Store . User ( ) . Update ( user , true ) ; result . Err != nil {
c . Err = result . Err
return nil
} else {
c . LogAuditWithUserId ( user . Id , "roles=" + roles )
ruser = result . Data . ( [ 2 ] * model . User ) [ 0 ]
}
return ruser
}
2015-06-14 23:53:32 -08:00
func updateActive ( c * Context , w http . ResponseWriter , r * http . Request ) {
props := model . MapFromJson ( r . Body )
user_id := props [ "user_id" ]
if len ( user_id ) != 26 {
c . SetInvalidParam ( "updateActive" , "user_id" )
return
}
active := props [ "active" ] == "true"
var user * model . User
if result := <- Srv . Store . User ( ) . Get ( user_id ) ; result . Err != nil {
c . Err = result . Err
return
} else {
user = result . Data . ( * model . User )
}
if ! c . HasPermissionsToTeam ( user . TeamId , "updateActive" ) {
return
}
2015-09-30 11:30:11 -04:00
if ! c . IsTeamAdmin ( ) {
2015-06-14 23:53:32 -08:00
c . Err = model . NewAppError ( "updateActive" , "You do not have the appropriate permissions" , "userId=" + user_id )
c . Err . StatusCode = http . StatusForbidden
return
}
// make sure there is at least 1 other active admin
2015-09-11 09:39:28 -07:00
if ! active && model . IsInRole ( user . Roles , model . ROLE_TEAM_ADMIN ) {
2015-06-14 23:53:32 -08:00
if result := <- Srv . Store . User ( ) . GetProfiles ( user . TeamId ) ; result . Err != nil {
c . Err = result . Err
return
} else {
activeAdmins := - 1
profileUsers := result . Data . ( map [ string ] * model . User )
for _ , profileUser := range profileUsers {
2015-09-11 09:39:28 -07:00
if profileUser . DeleteAt == 0 && model . IsInRole ( profileUser . Roles , model . ROLE_TEAM_ADMIN ) {
2015-06-14 23:53:32 -08:00
activeAdmins = activeAdmins + 1
}
}
if activeAdmins <= 0 {
c . Err = model . NewAppError ( "updateRoles" , "There must be at least one active admin" , "userId=" + user_id )
return
}
}
}
if active {
user . DeleteAt = 0
} else {
user . DeleteAt = model . GetMillis ( )
}
if result := <- Srv . Store . User ( ) . Update ( user , true ) ; result . Err != nil {
c . Err = result . Err
return
} else {
c . LogAuditWithUserId ( user . Id , fmt . Sprintf ( "active=%v" , active ) )
if user . DeleteAt > 0 {
RevokeAllSession ( c , user . Id )
}
ruser := result . Data . ( [ 2 ] * model . User ) [ 0 ]
options := utils . SanitizeOptions
options [ "passwordupdate" ] = false
ruser . Sanitize ( options )
w . Write ( [ ] byte ( ruser . ToJson ( ) ) )
}
}
func sendPasswordReset ( c * Context , w http . ResponseWriter , r * http . Request ) {
props := model . MapFromJson ( r . Body )
email := props [ "email" ]
if len ( email ) == 0 {
c . SetInvalidParam ( "sendPasswordReset" , "email" )
return
}
2015-07-08 11:50:10 -04:00
name := props [ "name" ]
if len ( name ) == 0 {
c . SetInvalidParam ( "sendPasswordReset" , "name" )
2015-06-14 23:53:32 -08:00
return
}
var team * model . Team
2015-07-08 11:50:10 -04:00
if result := <- Srv . Store . Team ( ) . GetByName ( name ) ; result . Err != nil {
2015-06-14 23:53:32 -08:00
c . Err = result . Err
return
} else {
team = result . Data . ( * model . Team )
}
var user * model . User
if result := <- Srv . Store . User ( ) . GetByEmail ( team . Id , email ) ; result . Err != nil {
c . Err = model . NewAppError ( "sendPasswordReset" , "We couldn’ , "email=" + email + " team_id=" + team . Id )
return
} else {
user = result . Data . ( * model . User )
}
newProps := make ( map [ string ] string )
newProps [ "user_id" ] = user . Id
newProps [ "time" ] = fmt . Sprintf ( "%v" , model . GetMillis ( ) )
data := model . MapToJson ( newProps )
2015-09-22 12:12:50 -07:00
hash := model . HashPassword ( fmt . Sprintf ( "%v:%v" , data , utils . Cfg . EmailSettings . PasswordResetSalt ) )
2015-06-14 23:53:32 -08:00
2015-07-08 11:50:10 -04:00
link := fmt . Sprintf ( "%s/reset_password?d=%s&h=%s" , c . GetTeamURLFromTeam ( team ) , url . QueryEscape ( data ) , url . QueryEscape ( hash ) )
2015-06-14 23:53:32 -08:00
2015-09-15 18:59:14 -07:00
subjectPage := NewServerTemplatePage ( "reset_subject" )
subjectPage . Props [ "SiteURL" ] = c . GetSiteURL ( )
bodyPage := NewServerTemplatePage ( "reset_body" )
bodyPage . Props [ "SiteURL" ] = c . GetSiteURL ( )
2015-06-14 23:53:32 -08:00
bodyPage . Props [ "ResetUrl" ] = link
if err := utils . SendMail ( email , subjectPage . Render ( ) , bodyPage . Render ( ) ) ; err != nil {
c . Err = model . NewAppError ( "sendPasswordReset" , "Failed to send password reset email successfully" , "err=" + err . Message )
return
}
c . LogAuditWithUserId ( user . Id , "sent=" + email )
w . Write ( [ ] byte ( model . MapToJson ( props ) ) )
}
func resetPassword ( c * Context , w http . ResponseWriter , r * http . Request ) {
props := model . MapFromJson ( r . Body )
newPassword := props [ "new_password" ]
if len ( newPassword ) < 5 {
c . SetInvalidParam ( "resetPassword" , "new_password" )
return
}
2015-09-23 12:49:28 -07:00
name := props [ "name" ]
if len ( name ) == 0 {
c . SetInvalidParam ( "resetPassword" , "name" )
2015-06-14 23:53:32 -08:00
return
}
2015-09-23 12:49:28 -07:00
userId := props [ "user_id" ]
hash := props [ "hash" ]
timeStr := ""
2015-06-14 23:53:32 -08:00
2015-09-23 12:49:28 -07:00
if ! c . IsSystemAdmin ( ) {
if len ( hash ) == 0 {
c . SetInvalidParam ( "resetPassword" , "hash" )
return
}
2015-06-14 23:53:32 -08:00
2015-09-23 12:49:28 -07:00
data := model . MapFromJson ( strings . NewReader ( props [ "data" ] ) )
userId = data [ "user_id" ]
timeStr = data [ "time" ]
if len ( timeStr ) == 0 {
c . SetInvalidParam ( "resetPassword" , "data:time" )
return
}
2015-06-14 23:53:32 -08:00
}
2015-09-23 12:49:28 -07:00
if len ( userId ) != 26 {
c . SetInvalidParam ( "resetPassword" , "user_id" )
2015-06-14 23:53:32 -08:00
return
}
c . LogAuditWithUserId ( userId , "attempt" )
var team * model . Team
2015-07-08 11:50:10 -04:00
if result := <- Srv . Store . Team ( ) . GetByName ( name ) ; result . Err != nil {
2015-06-14 23:53:32 -08:00
c . Err = result . Err
return
} else {
team = result . Data . ( * model . Team )
}
var user * model . User
if result := <- Srv . Store . User ( ) . Get ( userId ) ; result . Err != nil {
c . Err = result . Err
return
} else {
user = result . Data . ( * model . User )
}
if user . TeamId != team . Id {
c . Err = model . NewAppError ( "resetPassword" , "Trying to reset password for user on wrong team." , "userId=" + user . Id + ", teamId=" + team . Id )
c . Err . StatusCode = http . StatusForbidden
return
}
2015-09-23 12:49:28 -07:00
if ! c . IsSystemAdmin ( ) {
if ! model . ComparePassword ( hash , fmt . Sprintf ( "%v:%v" , props [ "data" ] , utils . Cfg . EmailSettings . PasswordResetSalt ) ) {
c . Err = model . NewAppError ( "resetPassword" , "The reset password link does not appear to be valid" , "" )
return
}
2015-06-14 23:53:32 -08:00
2015-09-23 12:49:28 -07:00
t , err := strconv . ParseInt ( timeStr , 10 , 64 )
if err != nil || model . GetMillis ( ) - t > 1000 * 60 * 60 { // one hour
c . Err = model . NewAppError ( "resetPassword" , "The reset link has expired" , "" )
return
}
2015-06-14 23:53:32 -08:00
}
if result := <- Srv . Store . User ( ) . UpdatePassword ( userId , model . HashPassword ( newPassword ) ) ; result . Err != nil {
c . Err = result . Err
return
} else {
c . LogAuditWithUserId ( userId , "success" )
}
2015-07-28 13:28:18 -07:00
fireAndForgetPasswordChangeEmail ( user . Email , team . DisplayName , c . GetTeamURLFromTeam ( team ) , c . GetSiteURL ( ) , "using a reset password link" )
2015-06-14 23:53:32 -08:00
props [ "new_password" ] = ""
w . Write ( [ ] byte ( model . MapToJson ( props ) ) )
}
2015-07-28 13:28:18 -07:00
func fireAndForgetPasswordChangeEmail ( email , teamDisplayName , teamURL , siteURL , method string ) {
2015-06-14 23:53:32 -08:00
go func ( ) {
2015-09-15 18:59:14 -07:00
subjectPage := NewServerTemplatePage ( "password_change_subject" )
subjectPage . Props [ "SiteURL" ] = siteURL
2015-07-08 11:50:10 -04:00
subjectPage . Props [ "TeamDisplayName" ] = teamDisplayName
2015-09-15 18:59:14 -07:00
bodyPage := NewServerTemplatePage ( "password_change_body" )
bodyPage . Props [ "SiteURL" ] = siteURL
2015-07-08 11:50:10 -04:00
bodyPage . Props [ "TeamDisplayName" ] = teamDisplayName
2015-07-28 13:28:18 -07:00
bodyPage . Props [ "TeamURL" ] = teamURL
2015-06-14 23:53:32 -08:00
bodyPage . Props [ "Method" ] = method
if err := utils . SendMail ( email , subjectPage . Render ( ) , bodyPage . Render ( ) ) ; err != nil {
l4g . Error ( "Failed to send update password email successfully err=%v" , err )
}
} ( )
}
2015-10-06 08:58:31 -07:00
func fireAndForgetEmailChangeEmail ( oldEmail , newEmail , teamDisplayName , teamURL , siteURL string ) {
2015-06-14 23:53:32 -08:00
go func ( ) {
2015-09-15 18:59:14 -07:00
subjectPage := NewServerTemplatePage ( "email_change_subject" )
subjectPage . Props [ "SiteURL" ] = siteURL
2015-07-08 11:50:10 -04:00
subjectPage . Props [ "TeamDisplayName" ] = teamDisplayName
2015-09-15 18:59:14 -07:00
bodyPage := NewServerTemplatePage ( "email_change_body" )
bodyPage . Props [ "SiteURL" ] = siteURL
2015-07-08 11:50:10 -04:00
bodyPage . Props [ "TeamDisplayName" ] = teamDisplayName
2015-07-28 13:28:18 -07:00
bodyPage . Props [ "TeamURL" ] = teamURL
2015-10-06 08:58:31 -07:00
bodyPage . Props [ "NewEmail" ] = newEmail
2015-06-14 23:53:32 -08:00
2015-10-06 08:58:31 -07:00
if err := utils . SendMail ( oldEmail , subjectPage . Render ( ) , bodyPage . Render ( ) ) ; err != nil {
l4g . Error ( "Failed to send email change notification email successfully err=%v" , err )
2015-06-14 23:53:32 -08:00
}
} ( )
}
2015-10-05 14:54:15 -07:00
func FireAndForgetEmailChangeVerifyEmail ( userId , newUserEmail , teamName , teamDisplayName , siteURL , teamURL string ) {
2015-10-05 14:18:05 -07:00
go func ( ) {
link := fmt . Sprintf ( "%s/verify_email?uid=%s&hid=%s&teamname=%s&email=%s" , siteURL , userId , model . HashPassword ( userId ) , teamName , newUserEmail )
subjectPage := NewServerTemplatePage ( "email_change_verify_subject" )
subjectPage . Props [ "SiteURL" ] = siteURL
subjectPage . Props [ "TeamDisplayName" ] = teamDisplayName
bodyPage := NewServerTemplatePage ( "email_change_verify_body" )
bodyPage . Props [ "SiteURL" ] = siteURL
bodyPage . Props [ "TeamDisplayName" ] = teamDisplayName
bodyPage . Props [ "VerifyUrl" ] = link
if err := utils . SendMail ( newUserEmail , subjectPage . Render ( ) , bodyPage . Render ( ) ) ; err != nil {
2015-10-06 08:58:31 -07:00
l4g . Error ( "Failed to send email change verification email successfully err=%v" , err )
2015-10-05 14:18:05 -07:00
}
} ( )
}
2015-06-14 23:53:32 -08:00
func updateUserNotify ( c * Context , w http . ResponseWriter , r * http . Request ) {
props := model . MapFromJson ( r . Body )
user_id := props [ "user_id" ]
if len ( user_id ) != 26 {
c . SetInvalidParam ( "updateUserNotify" , "user_id" )
return
}
uchan := Srv . Store . User ( ) . Get ( user_id )
if ! c . HasPermissionsToUser ( user_id , "updateUserNotify" ) {
return
}
delete ( props , "user_id" )
email := props [ "email" ]
if len ( email ) == 0 {
c . SetInvalidParam ( "updateUserNotify" , "email" )
return
}
desktop_sound := props [ "desktop_sound" ]
if len ( desktop_sound ) == 0 {
c . SetInvalidParam ( "updateUserNotify" , "desktop_sound" )
return
}
desktop := props [ "desktop" ]
if len ( desktop ) == 0 {
c . SetInvalidParam ( "updateUserNotify" , "desktop" )
return
}
var user * model . User
if result := <- uchan ; result . Err != nil {
c . Err = result . Err
return
} else {
user = result . Data . ( * model . User )
}
user . NotifyProps = props
if result := <- Srv . Store . User ( ) . Update ( user , false ) ; result . Err != nil {
c . Err = result . Err
return
} else {
c . LogAuditWithUserId ( user . Id , "" )
ruser := result . Data . ( [ 2 ] * model . User ) [ 0 ]
options := utils . SanitizeOptions
options [ "passwordupdate" ] = false
ruser . Sanitize ( options )
w . Write ( [ ] byte ( ruser . ToJson ( ) ) )
}
}
func getStatuses ( c * Context , w http . ResponseWriter , r * http . Request ) {
if result := <- Srv . Store . User ( ) . GetProfiles ( c . Session . TeamId ) ; result . Err != nil {
c . Err = result . Err
return
} else {
profiles := result . Data . ( map [ string ] * model . User )
statuses := map [ string ] string { }
for _ , profile := range profiles {
if profile . IsOffline ( ) {
statuses [ profile . Id ] = model . USER_OFFLINE
} else if profile . IsAway ( ) {
statuses [ profile . Id ] = model . USER_AWAY
} else {
statuses [ profile . Id ] = model . USER_ONLINE
}
}
//w.Header().Set("Cache-Control", "max-age=9, public") // 2 mins
w . Write ( [ ] byte ( model . MapToJson ( statuses ) ) )
return
}
}
2015-07-15 12:48:50 -04:00
2015-08-14 08:43:49 -04:00
func GetAuthorizationCode ( c * Context , w http . ResponseWriter , r * http . Request , teamName , service , redirectUri , loginHint string ) {
2015-07-17 09:47:25 -04:00
2015-09-21 20:38:31 -07:00
sso := utils . Cfg . GetSSOService ( service )
2015-09-22 12:12:50 -07:00
if sso != nil && ! sso . Enable {
2015-07-17 09:47:25 -04:00
c . Err = model . NewAppError ( "GetAuthorizationCode" , "Unsupported OAuth service provider" , "service=" + service )
c . Err . StatusCode = http . StatusBadRequest
return
}
2015-09-21 20:38:31 -07:00
clientId := sso . Id
endpoint := sso . AuthEndpoint
scope := sso . Scope
2015-07-17 09:47:25 -04:00
2015-08-14 08:43:49 -04:00
stateProps := map [ string ] string { "team" : teamName , "hash" : model . HashPassword ( clientId ) }
state := b64 . StdEncoding . EncodeToString ( [ ] byte ( model . MapToJson ( stateProps ) ) )
authUrl := endpoint + "?response_type=code&client_id=" + clientId + "&redirect_uri=" + url . QueryEscape ( redirectUri ) + "&state=" + url . QueryEscape ( state )
2015-08-13 12:03:47 -04:00
if len ( scope ) > 0 {
authUrl += "&scope=" + utils . UrlEncode ( scope )
}
2015-08-14 08:43:49 -04:00
if len ( loginHint ) > 0 {
authUrl += "&login_hint=" + utils . UrlEncode ( loginHint )
}
2015-07-17 09:47:25 -04:00
http . Redirect ( w , r , authUrl , http . StatusFound )
}
2015-08-14 08:43:49 -04:00
func AuthorizeOAuthUser ( service , code , state , redirectUri string ) ( io . ReadCloser , * model . Team , * model . AppError ) {
2015-09-21 20:38:31 -07:00
sso := utils . Cfg . GetSSOService ( service )
2015-09-29 09:14:14 -04:00
if sso == nil || ! sso . Enable {
2015-08-14 08:43:49 -04:00
return nil , nil , model . NewAppError ( "AuthorizeOAuthUser" , "Unsupported OAuth service provider" , "service=" + service )
}
stateStr := ""
if b , err := b64 . StdEncoding . DecodeString ( state ) ; err != nil {
return nil , nil , model . NewAppError ( "AuthorizeOAuthUser" , "Invalid state" , err . Error ( ) )
} else {
stateStr = string ( b )
2015-07-17 09:47:25 -04:00
}
2015-08-14 08:43:49 -04:00
stateProps := model . MapFromJson ( strings . NewReader ( stateStr ) )
2015-09-21 20:38:31 -07:00
if ! model . ComparePassword ( stateProps [ "hash" ] , sso . Id ) {
2015-08-14 08:43:49 -04:00
return nil , nil , model . NewAppError ( "AuthorizeOAuthUser" , "Invalid state" , "" )
}
teamName := stateProps [ "team" ]
if len ( teamName ) == 0 {
return nil , nil , model . NewAppError ( "AuthorizeOAuthUser" , "Invalid state; missing team name" , "" )
2015-07-15 12:48:50 -04:00
}
2015-08-14 08:43:49 -04:00
tchan := Srv . Store . Team ( ) . GetByName ( teamName )
2015-07-15 12:48:50 -04:00
p := url . Values { }
2015-09-21 20:38:31 -07:00
p . Set ( "client_id" , sso . Id )
p . Set ( "client_secret" , sso . Secret )
2015-07-15 12:48:50 -04:00
p . Set ( "code" , code )
p . Set ( "grant_type" , model . ACCESS_TOKEN_GRANT_TYPE )
2015-07-17 09:47:25 -04:00
p . Set ( "redirect_uri" , redirectUri )
2015-07-15 12:48:50 -04:00
client := & http . Client { }
2015-09-21 20:38:31 -07:00
req , _ := http . NewRequest ( "POST" , sso . TokenEndpoint , strings . NewReader ( p . Encode ( ) ) )
2015-07-15 12:48:50 -04:00
req . Header . Set ( "Content-Type" , "application/x-www-form-urlencoded" )
req . Header . Set ( "Accept" , "application/json" )
var ar * model . AccessResponse
if resp , err := client . Do ( req ) ; err != nil {
2015-08-14 08:43:49 -04:00
return nil , nil , model . NewAppError ( "AuthorizeOAuthUser" , "Token request failed" , err . Error ( ) )
2015-07-15 12:48:50 -04:00
} else {
ar = model . AccessResponseFromJson ( resp . Body )
2015-09-29 09:14:14 -04:00
if ar == nil {
return nil , nil , model . NewAppError ( "AuthorizeOAuthUser" , "Bad response from token request" , "" )
}
2015-07-15 12:48:50 -04:00
}
2015-08-14 08:43:49 -04:00
if strings . ToLower ( ar . TokenType ) != model . ACCESS_TOKEN_TYPE {
return nil , nil , model . NewAppError ( "AuthorizeOAuthUser" , "Bad token type" , "token_type=" + ar . TokenType )
2015-07-15 12:48:50 -04:00
}
if len ( ar . AccessToken ) == 0 {
2015-08-14 08:43:49 -04:00
return nil , nil , model . NewAppError ( "AuthorizeOAuthUser" , "Missing access token" , "" )
2015-07-15 12:48:50 -04:00
}
p = url . Values { }
p . Set ( "access_token" , ar . AccessToken )
2015-09-21 20:38:31 -07:00
req , _ = http . NewRequest ( "GET" , sso . UserApiEndpoint , strings . NewReader ( "" ) )
2015-07-15 12:48:50 -04:00
req . Header . Set ( "Content-Type" , "application/x-www-form-urlencoded" )
req . Header . Set ( "Accept" , "application/json" )
req . Header . Set ( "Authorization" , "Bearer " + ar . AccessToken )
if resp , err := client . Do ( req ) ; err != nil {
2015-08-14 08:43:49 -04:00
return nil , nil , model . NewAppError ( "AuthorizeOAuthUser" , "Token request to " + service + " failed" , err . Error ( ) )
2015-07-15 12:48:50 -04:00
} else {
2015-08-14 08:43:49 -04:00
if result := <- tchan ; result . Err != nil {
return nil , nil , result . Err
} else {
return resp . Body , result . Data . ( * model . Team ) , nil
}
2015-07-15 12:48:50 -04:00
}
}
2015-08-28 08:37:55 -04:00
func IsUsernameTaken ( name string , teamId string ) bool {
if ! model . IsValidUsername ( name ) {
return false
}
if result := <- Srv . Store . User ( ) . GetByUsername ( teamId , name ) ; result . Err != nil {
return false
} else {
return true
}
return false
}
