IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7085 from saturninoabril/merge-4.0.2

Browse Source 
Merge 4.0.2
This commit is contained in:
Christopher Speller
2017-08-02 12:53:01 -07:00
committed by GitHub
parent 76bfd279b3 fa3dd6a84b
commit 873e4f4903
3 changed files with 37 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
api/user.go
View File

@@ -1202,9 +1202,15 @@ func completeSaml(c *Context, w http.ResponseWriter, r *http.Request) {
relayProps = model.MapFromJson(strings.NewReader(stateStr))
}
action := relayProps["action"]
if user, err := samlInterface.DoLogin(encodedXML, relayProps); err != nil {
c.Err = err
c.Err.StatusCode = http.StatusFound
if action == model.OAUTH_ACTION_MOBILE {
err.Translate(c.T)
w.Write([]byte(err.ToJson()))
} else {
c.Err = err
c.Err.StatusCode = http.StatusFound
}
return
} else {
if err := app.CheckUserAdditionalAuthenticationCriteria(user, ""); err != nil {
@@ -1212,7 +1218,7 @@ func completeSaml(c *Context, w http.ResponseWriter, r *http.Request) {
c.Err.StatusCode = http.StatusFound
return
}
action := relayProps["action"]
switch action {
case model.OAUTH_ACTION_SIGNUP:
teamId := relayProps["team_id"]
@@ -1243,8 +1249,8 @@ func completeSaml(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
if action == "mobile" {
w.Write([]byte(""))
if action == model.OAUTH_ACTION_MOBILE {
ReturnStatusOK(w)
} else {
http.Redirect(w, r, app.GetProtocol(r)+"://"+r.Host, http.StatusFound)
}

24
api4/oauth.go
View File

@@ -403,10 +403,20 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
uri := c.GetSiteURLHeader() + "/signup/" + service + "/complete"
body, teamId, props, err := app.AuthorizeOAuthUser(w, r, service, code, state, uri)
action := ""
if props != nil {
action = props["action"]
}
if err != nil {
err.Translate(c.T)
l4g.Error(err.Error())
http.Redirect(w, r, c.GetSiteURLHeader()+"/error?message="+err.Message, http.StatusTemporaryRedirect)
if action == model.OAUTH_ACTION_MOBILE {
w.Write([]byte(err.ToJson()))
} else {
http.Redirect(w, r, c.GetSiteURLHeader()+"/error?message="+err.Message, http.StatusTemporaryRedirect)
}
return
}
@@ -414,12 +424,14 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
if err != nil {
err.Translate(c.T)
l4g.Error(err.Error())
http.Redirect(w, r, c.GetSiteURLHeader()+"/error?message="+err.Message, http.StatusTemporaryRedirect)
if action == model.OAUTH_ACTION_MOBILE {
w.Write([]byte(err.ToJson()))
} else {
http.Redirect(w, r, c.GetSiteURLHeader()+"/error?message="+err.Message, http.StatusTemporaryRedirect)
}
return
}
action := props["action"]
var redirectUrl string
if action == model.OAUTH_ACTION_EMAIL_TO_SSO {
redirectUrl = c.GetSiteURLHeader() + "/login?extra=signin_change"
@@ -429,7 +441,11 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
} else {
session, err := app.DoLogin(w, r, user, "")
if err != nil {
err.Translate(c.T)
c.Err = err
if action == model.OAUTH_ACTION_MOBILE {
w.Write([]byte(err.ToJson()))
}
return
}

12
app/oauth.go
View File

@@ -624,25 +624,25 @@ func AuthorizeOAuthUser(w http.ResponseWriter, r *http.Request, service, code, s
expectedToken, err := GetOAuthStateToken(stateProps["token"])
if err != nil {
return nil, "", nil, err
return nil, "", stateProps, err
}
stateEmail := stateProps["email"]
stateAction := stateProps["action"]
if stateAction == model.OAUTH_ACTION_EMAIL_TO_SSO && stateEmail == "" {
return nil, "", nil, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.invalid_state.app_error", nil, "", http.StatusBadRequest)
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.invalid_state.app_error", nil, "", http.StatusBadRequest)
}
cookieValue := ""
if cookie, err := r.Cookie(COOKIE_OAUTH); err != nil {
return nil, "", nil, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.invalid_state.app_error", nil, "", http.StatusBadRequest)
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.invalid_state.app_error", nil, "", http.StatusBadRequest)
} else {
cookieValue = cookie.Value
}
expectedTokenExtra := generateOAuthStateTokenExtra(stateEmail, stateAction, cookieValue)
if expectedTokenExtra != expectedToken.Extra {
return nil, "", nil, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.invalid_state.app_error", nil, "", http.StatusBadRequest)
return nil, "", stateProps, model.NewAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.invalid_state.app_error", nil, "", http.StatusBadRequest)
}
DeleteToken(expectedToken)
@@ -674,7 +674,7 @@ func AuthorizeOAuthUser(w http.ResponseWriter, r *http.Request, service, code, s
var ar *model.AccessResponse
var bodyBytes []byte
if resp, err := utils.HttpClient().Do(req); err != nil {
return nil, "", nil, model.NewLocAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.token_failed.app_error", nil, err.Error())
return nil, "", stateProps, model.NewLocAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.token_failed.app_error", nil, err.Error())
} else {
bodyBytes, _ = ioutil.ReadAll(resp.Body)
resp.Body = ioutil.NopCloser(bytes.NewBuffer(bodyBytes))
@@ -703,7 +703,7 @@ func AuthorizeOAuthUser(w http.ResponseWriter, r *http.Request, service, code, s
req.Header.Set("Authorization", "Bearer "+ar.AccessToken)
if resp, err := utils.HttpClient().Do(req); err != nil {
return nil, "", nil, model.NewLocAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.service.app_error",
return nil, "", stateProps, model.NewLocAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.service.app_error",
map[string]interface{}{"Service": service}, err.Error())
} else {
return resp.Body, teamId, stateProps, nil