IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add Config to disable Auth Transfers. (#7843)

Browse Source 
* Add Config to disable Auth Transfers.

* Set config ExperimentalEnableAuthenticationTransfer behind an E20 license restriction
This commit is contained in:
Chris Duarte
2017-11-28 11:46:48 -08:00
committed by Christopher Speller
parent 785a410936
commit 27ba68a789
7 changed files with 75 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
api4/user_test.go
View File

@@ -2117,6 +2117,57 @@ func TestSwitchAccount(t *testing.T) {
t.Fatal("bad link") t.Fatal("bad link")
} }
isLicensed := utils.IsLicensed()
license := utils.License()
enableAuthenticationTransfer := *th.App.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer
defer func() {
utils.SetIsLicensed(isLicensed)
utils.SetLicense(license)
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ExperimentalEnableAuthenticationTransfer = enableAuthenticationTransfer })
}()
utils.SetIsLicensed(true)
utils.SetLicense(&model.License{Features: &model.Features{}})
utils.License().Features.SetDefaults()
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ExperimentalEnableAuthenticationTransfer = false })
sr = &model.SwitchRequest{
CurrentService: model.USER_AUTH_SERVICE_EMAIL,
NewService: model.USER_AUTH_SERVICE_GITLAB,
}
_, resp = Client.SwitchAccountType(sr)
CheckForbiddenStatus(t, resp)
th.LoginBasic()
sr = &model.SwitchRequest{
CurrentService: model.USER_AUTH_SERVICE_SAML,
NewService: model.USER_AUTH_SERVICE_EMAIL,
Email: th.BasicUser.Email,
NewPassword: th.BasicUser.Password,
}
_, resp = Client.SwitchAccountType(sr)
CheckForbiddenStatus(t, resp)
sr = &model.SwitchRequest{
CurrentService: model.USER_AUTH_SERVICE_EMAIL,
NewService: model.USER_AUTH_SERVICE_LDAP,
}
_, resp = Client.SwitchAccountType(sr)
CheckForbiddenStatus(t, resp)
sr = &model.SwitchRequest{
CurrentService: model.USER_AUTH_SERVICE_LDAP,
NewService: model.USER_AUTH_SERVICE_EMAIL,
}
_, resp = Client.SwitchAccountType(sr)
CheckForbiddenStatus(t, resp)
th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ExperimentalEnableAuthenticationTransfer = true })
th.LoginBasic() th.LoginBasic()
fakeAuthData := model.NewId() fakeAuthData := model.NewId()

1
app/diagnostics.go
View File

@@ -194,6 +194,7 @@ func (a *App) trackConfig() {
"enable_user_access_tokens": *cfg.ServiceSettings.EnableUserAccessTokens, "enable_user_access_tokens": *cfg.ServiceSettings.EnableUserAccessTokens,
"enable_custom_emoji": *cfg.ServiceSettings.EnableCustomEmoji, "enable_custom_emoji": *cfg.ServiceSettings.EnableCustomEmoji,
"enable_emoji_picker": *cfg.ServiceSettings.EnableEmojiPicker, "enable_emoji_picker": *cfg.ServiceSettings.EnableEmojiPicker,
"experimental_enable_authentication_transfer": *cfg.ServiceSettings.ExperimentalEnableAuthenticationTransfer,
"restrict_custom_emoji_creation": *cfg.ServiceSettings.RestrictCustomEmojiCreation, "restrict_custom_emoji_creation": *cfg.ServiceSettings.RestrictCustomEmojiCreation,
"enable_testing": cfg.ServiceSettings.EnableTesting, "enable_testing": cfg.ServiceSettings.EnableTesting,
"enable_developer": *cfg.ServiceSettings.EnableDeveloper, "enable_developer": *cfg.ServiceSettings.EnableDeveloper,

8
app/ldap.go
View File

@@ -39,6 +39,10 @@ func (a *App) TestLdap() *model.AppError {
} }
func (a *App) SwitchEmailToLdap(email, password, code, ldapId, ldapPassword string) (string, *model.AppError) { func (a *App) SwitchEmailToLdap(email, password, code, ldapId, ldapPassword string) (string, *model.AppError) {
if utils.IsLicensed() && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer {
return "", model.NewAppError("emailToLdap", "api.user.email_to_ldap.not_available.app_error", nil, "", http.StatusForbidden)
}
user, err := a.GetUserByEmail(email) user, err := a.GetUserByEmail(email)
if err != nil { if err != nil {
return "", err return "", err
@@ -71,6 +75,10 @@ func (a *App) SwitchEmailToLdap(email, password, code, ldapId, ldapPassword stri
} }
func (a *App) SwitchLdapToEmail(ldapPassword, code, email, newPassword string) (string, *model.AppError) { func (a *App) SwitchLdapToEmail(ldapPassword, code, email, newPassword string) (string, *model.AppError) {
if utils.IsLicensed() && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer {
return "", model.NewAppError("ldapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "", http.StatusForbidden)
}
user, err := a.GetUserByEmail(email) user, err := a.GetUserByEmail(email)
if err != nil { if err != nil {
return "", err return "", err

8
app/oauth.go
View File

@@ -717,6 +717,10 @@ func (a *App) AuthorizeOAuthUser(w http.ResponseWriter, r *http.Request, service
} }
func (a *App) SwitchEmailToOAuth(w http.ResponseWriter, r *http.Request, email, password, code, service string) (string, *model.AppError) { func (a *App) SwitchEmailToOAuth(w http.ResponseWriter, r *http.Request, email, password, code, service string) (string, *model.AppError) {
if utils.IsLicensed() && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer {
return "", model.NewAppError("emailToOAuth", "api.user.email_to_oauth.not_available.app_error", nil, "", http.StatusForbidden)
}
var user *model.User var user *model.User
var err *model.AppError var err *model.AppError
if user, err = a.GetUserByEmail(email); err != nil { if user, err = a.GetUserByEmail(email); err != nil {
@@ -743,6 +747,10 @@ func (a *App) SwitchEmailToOAuth(w http.ResponseWriter, r *http.Request, email,
} }
func (a *App) SwitchOAuthToEmail(email, password, requesterId string) (string, *model.AppError) { func (a *App) SwitchOAuthToEmail(email, password, requesterId string) (string, *model.AppError) {
if utils.IsLicensed() && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer {
return "", model.NewAppError("oauthToEmail", "api.user.oauth_to_email.not_available.app_error", nil, "", http.StatusForbidden)
}
var user *model.User var user *model.User
var err *model.AppError var err *model.AppError
if user, err = a.GetUserByEmail(email); err != nil { if user, err = a.GetUserByEmail(email); err != nil {

1
config/default.json
View File

@@ -46,6 +46,7 @@
"RestrictPostDelete": "all", "RestrictPostDelete": "all",
"AllowEditPost": "always", "AllowEditPost": "always",
"PostEditTimeLimit": 300, "PostEditTimeLimit": 300,
"ExperimentalEnableAuthenticationTransfer": true,
"TimeBetweenUserTypingUpdatesMilliseconds": 5000, "TimeBetweenUserTypingUpdatesMilliseconds": 5000,
"EnablePostSearch": true, "EnablePostSearch": true,
"EnableUserTypingMessages": true, "EnableUserTypingMessages": true,

5
model/config.go
View File

@@ -203,6 +203,7 @@ type ServiceSettings struct {
EnableUserTypingMessages *bool EnableUserTypingMessages *bool
EnableChannelViewedMessages *bool EnableChannelViewedMessages *bool
EnableUserStatuses *bool EnableUserStatuses *bool
ExperimentalEnableAuthenticationTransfer *bool
ClusterLogTimeoutMilliseconds *int ClusterLogTimeoutMilliseconds *int
CloseUnusedDirectMessages *bool CloseUnusedDirectMessages *bool
EnablePreviewFeatures *bool EnablePreviewFeatures *bool
@@ -391,6 +392,10 @@ func (s *ServiceSettings) SetDefaults() {
s.AllowEditPost = NewString(ALLOW_EDIT_POST_ALWAYS) s.AllowEditPost = NewString(ALLOW_EDIT_POST_ALWAYS)
} }
if s.ExperimentalEnableAuthenticationTransfer == nil {
s.ExperimentalEnableAuthenticationTransfer = NewBool(true)
}
if s.PostEditTimeLimit == nil { if s.PostEditTimeLimit == nil {
s.PostEditTimeLimit = NewInt(300) s.PostEditTimeLimit = NewInt(300)
} }

2
utils/config.go
View File

@@ -526,7 +526,6 @@ func getClientConfig(c *model.Config) map[string]string {
props["EnableEmojiPicker"] = strconv.FormatBool(*c.ServiceSettings.EnableEmojiPicker) props["EnableEmojiPicker"] = strconv.FormatBool(*c.ServiceSettings.EnableEmojiPicker)
props["RestrictCustomEmojiCreation"] = *c.ServiceSettings.RestrictCustomEmojiCreation props["RestrictCustomEmojiCreation"] = *c.ServiceSettings.RestrictCustomEmojiCreation
props["MaxFileSize"] = strconv.FormatInt(*c.FileSettings.MaxFileSize, 10) props["MaxFileSize"] = strconv.FormatInt(*c.FileSettings.MaxFileSize, 10)
props["AppDownloadLink"] = *c.NativeAppSettings.AppDownloadLink props["AppDownloadLink"] = *c.NativeAppSettings.AppDownloadLink
props["AndroidAppDownloadLink"] = *c.NativeAppSettings.AndroidAppDownloadLink props["AndroidAppDownloadLink"] = *c.NativeAppSettings.AndroidAppDownloadLink
props["IosAppDownloadLink"] = *c.NativeAppSettings.IosAppDownloadLink props["IosAppDownloadLink"] = *c.NativeAppSettings.IosAppDownloadLink
@@ -547,6 +546,7 @@ func getClientConfig(c *model.Config) map[string]string {
if IsLicensed() { if IsLicensed() {
License := License() License := License()
props["ExperimentalTownSquareIsReadOnly"] = strconv.FormatBool(*c.TeamSettings.ExperimentalTownSquareIsReadOnly) props["ExperimentalTownSquareIsReadOnly"] = strconv.FormatBool(*c.TeamSettings.ExperimentalTownSquareIsReadOnly)
props["ExperimentalEnableAuthenticationTransfer"] = strconv.FormatBool(*c.ServiceSettings.ExperimentalEnableAuthenticationTransfer)
if *License.Features.CustomBrand { if *License.Features.CustomBrand {
props["EnableCustomBrand"] = strconv.FormatBool(*c.TeamSettings.EnableCustomBrand) props["EnableCustomBrand"] = strconv.FormatBool(*c.TeamSettings.EnableCustomBrand)