IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

[MM-37984] Allow Desktop App to authenticate via external providers outside of the app on supported servers (#24140)

Browse Source 
* [MM-37984] Allow Desktop App to authenticate via external providers outside of the app on supported servers

* PR feedback

* Add support for mattermost-dev protocol for development use

* Update server/channels/db/migrations/postgres/000110_create_desktop_tokens.up.sql

* Fix silly typo

* Update server/channels/db/migrations/postgres/000110_create_desktop_tokens.up.sql

* Remove storage of client token, only validate it on the client

* Update migrations

* Add concurrently create index

* Remove CONCURRENTLY for now

* Fix issue with changing history

* Remove old migration

* Use idempotent statement to drop old index

* Remove reference to old table
This commit is contained in:
Devin Binnie 2023-08-30 11:21:43 -04:00 committed by GitHub
parent 105fa4a195
commit a3b194581f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
41 changed files with 1569 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
server/channels/api4/handlers.go
View File

@ -9,6 +9,8 @@ import (
"github.com/mattermost/gziphandler"
"github.com/mattermost/mattermost/server/public/model"
"github.com/mattermost/mattermost/server/public/shared/mlog"
"github.com/mattermost/mattermost/server/v8/channels/app"
"github.com/mattermost/mattermost/server/v8/channels/web"
)
@ -200,6 +202,17 @@ func (api *API) APILocal(h handlerFunc) http.Handler {
return handler
}
func (api *API) RateLimitedHandler(apiHandler http.Handler, settings model.RateLimitSettings) http.Handler {
settings.SetDefaults()
rateLimiter, err := app.NewRateLimiter(&settings, []string{})
if err != nil {
mlog.Error("getRateLimitedHandler", mlog.Err(err))
return nil
}
return rateLimiter.RateLimitHandler(apiHandler)
}
func requireLicense(c *Context) *model.AppError {
if c.App.Channels().License() == nil {
err := model.NewAppError("", "api.license_error", nil, "", http.StatusNotImplemented)

25
server/channels/api4/user.go
View File

@ -61,6 +61,7 @@ func (api *API) InitUser() {
api.BaseRoutes.User.Handle("/mfa/generate", api.APISessionRequiredMfa(generateMfaSecret)).Methods("POST")
api.BaseRoutes.Users.Handle("/login", api.APIHandler(login)).Methods("POST")
api.BaseRoutes.Users.Handle("/login/desktop_token", api.RateLimitedHandler(api.APIHandler(loginWithDesktopToken), model.RateLimitSettings{PerSec: model.NewInt(2), MaxBurst: model.NewInt(1)})).Methods("POST")
api.BaseRoutes.Users.Handle("/login/switch", api.APIHandler(switchAccountType)).Methods("POST")
api.BaseRoutes.Users.Handle("/login/cws", api.APIHandlerTrustRequester(loginCWS)).Methods("POST")
api.BaseRoutes.Users.Handle("/logout", api.APIHandler(logout)).Methods("POST")
@ -1978,6 +1979,30 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) {
}
}
func loginWithDesktopToken(c *Context, w http.ResponseWriter, r *http.Request) {
props := model.MapFromJSON(r.Body)
token := props["token"]
deviceId := props["device_id"]
user, err := c.App.ValidateDesktopToken(token, time.Now().Add(-model.DesktopTokenTTL).Unix())
if err != nil {
c.Err = err
return
}
err = c.App.DoLogin(c.AppContext, w, r, user, deviceId, false, false, false)
if err != nil {
c.Err = err
return
}
c.App.AttachSessionCookies(c.AppContext, w, r)
if err := json.NewEncoder(w).Encode(user); err != nil {
c.Logger.Warn("Error while writing response", mlog.Err(err))
}
}
func loginCWS(c *Context, w http.ResponseWriter, r *http.Request) {
campaignToURL := map[string]string{
"focalboard": "/boards",

6
server/channels/app/app_iface.go
View File

@ -577,6 +577,7 @@ type AppIface interface {
FilterUsersByVisible(viewer *model.User, otherUsers []*model.User) ([]*model.User, *model.AppError)
FindTeamByName(name string) bool
FinishSendAdminNotifyPost(trial bool, now int64, pluginBasedData map[string][]*model.NotifyAdminData)
GenerateAndSaveDesktopToken(expiryTime int64, user *model.User) (*string, *model.AppError)
GenerateMfaSecret(userID string) (*model.MfaSecret, *model.AppError)
GeneratePresignURLForExport(name string) (*model.PresignURLResponse, *model.AppError)
GeneratePublicLink(siteURL string, info *model.FileInfo) string
@ -702,8 +703,8 @@ type AppIface interface {
GetOAuthAppsByCreator(userID string, page, perPage int) ([]*model.OAuthApp, *model.AppError)
GetOAuthCodeRedirect(userID string, authRequest *model.AuthorizeRequest) (string, *model.AppError)
GetOAuthImplicitRedirect(userID string, authRequest *model.AuthorizeRequest) (string, *model.AppError)
GetOAuthLoginEndpoint(w http.ResponseWriter, r *http.Request, service, teamID, action, redirectTo, loginHint string, isMobile bool) (string, *model.AppError)
GetOAuthSignupEndpoint(w http.ResponseWriter, r *http.Request, service, teamID string) (string, *model.AppError)
GetOAuthLoginEndpoint(w http.ResponseWriter, r *http.Request, service, teamID, action, redirectTo, loginHint string, isMobile bool, desktopToken string) (string, *model.AppError)
GetOAuthSignupEndpoint(w http.ResponseWriter, r *http.Request, service, teamID string, desktopToken string) (string, *model.AppError)
GetOAuthStateToken(token string) (*model.Token, *model.AppError)
GetOnboarding() (*model.System, *model.AppError)
GetOpenGraphMetadata(requestURL string) ([]byte, error)
@ -1169,6 +1170,7 @@ type AppIface interface {
UserAlreadyNotifiedOnRequiredFeature(user string, feature model.MattermostFeature) bool
UserCanSeeOtherUser(userID string, otherUserId string) (bool, *model.AppError)
UserIsFirstAdmin(user *model.User) bool
ValidateDesktopToken(token string, expiryTime int64) (*model.User, *model.AppError)
VerifyEmailFromToken(c request.CTX, userSuppliedTokenString string) *model.AppError
VerifyUserEmail(userID, email string) *model.AppError
ViewChannel(c request.CTX, view *model.ChannelView, userID string, currentSessionId string, collapsedThreadsSupported bool) (map[string]int64, *model.AppError)

48
server/channels/app/desktop_login.go Normal file
View File

@ -0,0 +1,48 @@
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package app
import (
"net/http"
"github.com/mattermost/mattermost/server/public/model"
)
func (a *App) GenerateAndSaveDesktopToken(expiryTime int64, user *model.User) (*string, *model.AppError) {
token := model.NewRandomString(64)
err := a.Srv().Store().DesktopTokens().Insert(token, expiryTime, user.Id)
if err != nil {
// Delete any other related tokens if there's an error
a.Srv().Store().DesktopTokens().DeleteByUserId(user.Id)
return nil, model.NewAppError("GenerateAndSaveDesktopToken", "app.desktop_token.generateServerToken.invalid_or_expired", nil, err.Error(), http.StatusBadRequest)
}
return &token, nil
}
func (a *App) ValidateDesktopToken(token string, expiryTime int64) (*model.User, *model.AppError) {
// Check if token is valid
userId, err := a.Srv().Store().DesktopTokens().GetUserId(token, expiryTime)
if err != nil {
// Delete the token if it is expired or invalid
a.Srv().Store().DesktopTokens().Delete(token)
return nil, model.NewAppError("ValidateDesktopToken", "app.desktop_token.validate.invalid", nil, err.Error(), http.StatusUnauthorized)
}
// Get the user profile
user, userErr := a.GetUser(*userId)
if userErr != nil {
// Delete the token if the user is invalid somehow
a.Srv().Store().DesktopTokens().Delete(token)
return nil, model.NewAppError("ValidateDesktopToken", "app.desktop_token.validate.no_user", nil, userErr.Error(), http.StatusInternalServerError)
}
// Clean up other tokens if they exist
a.Srv().Store().DesktopTokens().DeleteByUserId(*userId)
return user, nil
}

75
server/channels/app/desktop_login_test.go Normal file
View File

@ -0,0 +1,75 @@
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package app
import (
"testing"
"time"
"github.com/mattermost/mattermost/server/public/model"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
const (
TTL = time.Minute * 3
ExpiredLength = time.Minute * 10
)
func TestGenerateAndSaveDesktopToken(t *testing.T) {
th := Setup(t).InitBasic()
defer th.TearDown()
t.Run("generate token", func(t *testing.T) {
token, err := th.App.GenerateAndSaveDesktopToken(time.Now().Add(-TTL).Unix(), th.BasicUser)
assert.Nil(t, err)
assert.NotNil(t, token)
})
}
func TestValidateDesktopToken(t *testing.T) {
th := Setup(t).InitBasic()
defer th.TearDown()
authenticatedServerToken, err := th.App.GenerateAndSaveDesktopToken(time.Now().Add(-TTL).Unix(), th.BasicUser)
require.Nil(t, err)
require.NotNil(t, authenticatedServerToken)
expiredServerToken, err := th.App.GenerateAndSaveDesktopToken(time.Now().Add(-ExpiredLength).Unix(), th.BasicUser2)
require.Nil(t, err)
require.NotNil(t, expiredServerToken)
badUser := model.User{Id: "some_garbage_user_id"}
badUserServerToken, err := th.App.GenerateAndSaveDesktopToken(time.Now().Add(-TTL).Unix(), &badUser)
require.Nil(t, err)
require.NotNil(t, badUserServerToken)
t.Run("validate token", func(t *testing.T) {
user, err := th.App.ValidateDesktopToken(*authenticatedServerToken, time.Now().Add(-TTL).Unix())
assert.Nil(t, err)
assert.NotNil(t, user)
assert.Equal(t, th.BasicUser.Id, user.Id)
})
t.Run("validate token - expired", func(t *testing.T) {
user, err := th.App.ValidateDesktopToken(*expiredServerToken, time.Now().Add(-TTL).Unix())
assert.NotNil(t, err)
assert.Nil(t, user)
assert.Equal(t, "app.desktop_token.validate.invalid", err.Id)
})
t.Run("validate token - not authenticated", func(t *testing.T) {
user, err := th.App.ValidateDesktopToken("not_real_token", time.Now().Add(-TTL).Unix())
assert.NotNil(t, err)
assert.Nil(t, user)
assert.Equal(t, "app.desktop_token.validate.invalid", err.Id)
})
t.Run("validate token - bad user id", func(t *testing.T) {
user, err := th.App.ValidateDesktopToken(*badUserServerToken, time.Now().Add(-TTL).Unix())
assert.NotNil(t, err)
assert.Nil(t, user)
assert.Equal(t, "app.desktop_token.validate.no_user", err.Id)
})
}

12
server/channels/app/oauth.go
View File

@ -429,7 +429,7 @@ func (a *App) newSessionUpdateToken(app *model.OAuthApp, accessData *model.Acces
return accessRsp, nil
}
func (a *App) GetOAuthLoginEndpoint(w http.ResponseWriter, r *http.Request, service, teamID, action, redirectTo, loginHint string, isMobile bool) (string, *model.AppError) {
func (a *App) GetOAuthLoginEndpoint(w http.ResponseWriter, r *http.Request, service, teamID, action, redirectTo, loginHint string, isMobile bool, desktopToken string) (string, *model.AppError) {
stateProps := map[string]string{}
stateProps["action"] = action
if teamID != "" {
@ -440,6 +440,10 @@ func (a *App) GetOAuthLoginEndpoint(w http.ResponseWriter, r *http.Request, serv
stateProps["redirect_to"] = redirectTo
}
if desktopToken != "" {
stateProps["desktop_token"] = desktopToken
}
stateProps[model.UserAuthServiceIsMobile] = strconv.FormatBool(isMobile)
authURL, err := a.GetAuthorizationCode(w, r, service, stateProps, loginHint)
@ -450,13 +454,17 @@ func (a *App) GetOAuthLoginEndpoint(w http.ResponseWriter, r *http.Request, serv
return authURL, nil
}
func (a *App) GetOAuthSignupEndpoint(w http.ResponseWriter, r *http.Request, service, teamID string) (string, *model.AppError) {
func (a *App) GetOAuthSignupEndpoint(w http.ResponseWriter, r *http.Request, service, teamID string, desktopToken string) (string, *model.AppError) {
stateProps := map[string]string{}
stateProps["action"] = model.OAuthActionSignup
if teamID != "" {
stateProps["team_id"] = teamID
}
if desktopToken != "" {
stateProps["desktop_token"] = desktopToken
}
authURL, err := a.GetAuthorizationCode(w, r, service, stateProps, "")
if err != nil {
return "", err

52
server/channels/app/opentracing/opentracing_layer.go
View File

@ -4539,6 +4539,28 @@ func (a *OpenTracingAppLayer) FinishSendAdminNotifyPost(trial bool, now int64, p
a.app.FinishSendAdminNotifyPost(trial, now, pluginBasedData)
}
func (a *OpenTracingAppLayer) GenerateAndSaveDesktopToken(expiryTime int64, user *model.User) (*string, *model.AppError) {
origCtx := a.ctx
span, newCtx := tracing.StartSpanWithParentByContext(a.ctx, "app.GenerateAndSaveDesktopToken")
a.ctx = newCtx
a.app.Srv().Store().SetContext(newCtx)
defer func() {
a.app.Srv().Store().SetContext(origCtx)
a.ctx = origCtx
}()
defer span.Finish()
resultVar0, resultVar1 := a.app.GenerateAndSaveDesktopToken(expiryTime, user)
if resultVar1 != nil {
span.LogFields(spanlog.Error(resultVar1))
ext.Error.Set(span, true)
}
return resultVar0, resultVar1
}
func (a *OpenTracingAppLayer) GenerateMfaSecret(userID string) (*model.MfaSecret, *model.AppError) {
origCtx := a.ctx
span, newCtx := tracing.StartSpanWithParentByContext(a.ctx, "app.GenerateMfaSecret")
@ -7613,7 +7635,7 @@ func (a *OpenTracingAppLayer) GetOAuthImplicitRedirect(userID string, authReques
return resultVar0, resultVar1
}
func (a *OpenTracingAppLayer) GetOAuthLoginEndpoint(w http.ResponseWriter, r *http.Request, service string, teamID string, action string, redirectTo string, loginHint string, isMobile bool) (string, *model.AppError) {
func (a *OpenTracingAppLayer) GetOAuthLoginEndpoint(w http.ResponseWriter, r *http.Request, service string, teamID string, action string, redirectTo string, loginHint string, isMobile bool, desktopToken string) (string, *model.AppError) {
origCtx := a.ctx
span, newCtx := tracing.StartSpanWithParentByContext(a.ctx, "app.GetOAuthLoginEndpoint")
@ -7625,7 +7647,7 @@ func (a *OpenTracingAppLayer) GetOAuthLoginEndpoint(w http.ResponseWriter, r *ht
}()
defer span.Finish()
resultVar0, resultVar1 := a.app.GetOAuthLoginEndpoint(w, r, service, teamID, action, redirectTo, loginHint, isMobile)
resultVar0, resultVar1 := a.app.GetOAuthLoginEndpoint(w, r, service, teamID, action, redirectTo, loginHint, isMobile, desktopToken)
if resultVar1 != nil {
span.LogFields(spanlog.Error(resultVar1))
@ -7635,7 +7657,7 @@ func (a *OpenTracingAppLayer) GetOAuthLoginEndpoint(w http.ResponseWriter, r *ht
return resultVar0, resultVar1
}
func (a *OpenTracingAppLayer) GetOAuthSignupEndpoint(w http.ResponseWriter, r *http.Request, service string, teamID string) (string, *model.AppError) {
func (a *OpenTracingAppLayer) GetOAuthSignupEndpoint(w http.ResponseWriter, r *http.Request, service string, teamID string, desktopToken string) (string, *model.AppError) {
origCtx := a.ctx
span, newCtx := tracing.StartSpanWithParentByContext(a.ctx, "app.GetOAuthSignupEndpoint")
@ -7647,7 +7669,7 @@ func (a *OpenTracingAppLayer) GetOAuthSignupEndpoint(w http.ResponseWriter, r *h
}()
defer span.Finish()
resultVar0, resultVar1 := a.app.GetOAuthSignupEndpoint(w, r, service, teamID)
resultVar0, resultVar1 := a.app.GetOAuthSignupEndpoint(w, r, service, teamID, desktopToken)
if resultVar1 != nil {
span.LogFields(spanlog.Error(resultVar1))
@ -18583,6 +18605,28 @@ func (a *OpenTracingAppLayer) UserIsInAdminRoleGroup(userID string, syncableID s
return resultVar0, resultVar1
}
func (a *OpenTracingAppLayer) ValidateDesktopToken(token string, expiryTime int64) (*model.User, *model.AppError) {
origCtx := a.ctx
span, newCtx := tracing.StartSpanWithParentByContext(a.ctx, "app.ValidateDesktopToken")
a.ctx = newCtx
a.app.Srv().Store().SetContext(newCtx)
defer func() {
a.app.Srv().Store().SetContext(origCtx)
a.ctx = origCtx
}()
defer span.Finish()
resultVar0, resultVar1 := a.app.ValidateDesktopToken(token, expiryTime)
if resultVar1 != nil {
span.LogFields(spanlog.Error(resultVar1))
ext.Error.Set(span, true)
}
return resultVar0, resultVar1
}
func (a *OpenTracingAppLayer) ValidateUserPermissionsOnChannels(c request.CTX, userId string, channelIds []string) []string {
origCtx := a.ctx
span, newCtx := tracing.StartSpanWithParentByContext(a.ctx, "app.ValidateUserPermissionsOnChannels")

7
server/channels/app/server.go
View File

@ -39,6 +39,7 @@ import (
"github.com/mattermost/mattermost/server/v8/channels/audit"
"github.com/mattermost/mattermost/server/v8/channels/jobs"
"github.com/mattermost/mattermost/server/v8/channels/jobs/active_users"
"github.com/mattermost/mattermost/server/v8/channels/jobs/cleanup_desktop_tokens"
"github.com/mattermost/mattermost/server/v8/channels/jobs/expirynotify"
"github.com/mattermost/mattermost/server/v8/channels/jobs/export_delete"
"github.com/mattermost/mattermost/server/v8/channels/jobs/export_process"
@ -1637,6 +1638,12 @@ func (s *Server) initJobs() {
hosted_purchase_screening.MakeScheduler(s.Jobs, s.License()),
)
s.Jobs.RegisterJobType(
model.JobTypeCleanupDesktopTokens,
cleanup_desktop_tokens.MakeWorker(s.Jobs, s.Store()),
cleanup_desktop_tokens.MakeScheduler(s.Jobs),
)
s.platform.Jobs = s.Jobs
}

4
server/channels/db/migrations/migrations.list
View File

@ -220,6 +220,8 @@ channels/db/migrations/mysql/000109_create_persistent_notifications.down.sql
channels/db/migrations/mysql/000109_create_persistent_notifications.up.sql
channels/db/migrations/mysql/000111_update_vacuuming.down.sql
channels/db/migrations/mysql/000111_update_vacuuming.up.sql
channels/db/migrations/mysql/000112_rework_desktop_tokens.down.sql
channels/db/migrations/mysql/000112_rework_desktop_tokens.up.sql
channels/db/migrations/postgres/000001_create_teams.down.sql
channels/db/migrations/postgres/000001_create_teams.up.sql
channels/db/migrations/postgres/000002_create_team_members.down.sql
@ -440,3 +442,5 @@ channels/db/migrations/postgres/000109_create_persistent_notifications.down.sql
channels/db/migrations/postgres/000109_create_persistent_notifications.up.sql
channels/db/migrations/postgres/000111_update_vacuuming.down.sql
channels/db/migrations/postgres/000111_update_vacuuming.up.sql
channels/db/migrations/postgres/000112_rework_desktop_tokens.down.sql
channels/db/migrations/postgres/000112_rework_desktop_tokens.up.sql

16
server/channels/db/migrations/mysql/000112_rework_desktop_tokens.down.sql Normal file
View File

@ -0,0 +1,16 @@
SET @preparedStatement = (SELECT IF(
(
SELECT COUNT(*) FROM INFORMATION_SCHEMA.STATISTICS
WHERE table_name = 'DesktopTokens'
AND table_schema = DATABASE()
AND index_name = 'idx_desktoptokens_createat'
) > 0,
'DROP INDEX idx_desktoptokens_createat ON DesktopTokens;',
'SELECT 1'
));
PREPARE removeIndexIfExists FROM @preparedStatement;
EXECUTE removeIndexIfExists;
DEALLOCATE PREPARE removeIndexIfExists;
DROP TABLE IF EXISTS DesktopTokens;

38
server/channels/db/migrations/mysql/000112_rework_desktop_tokens.up.sql Normal file
View File

@ -0,0 +1,38 @@
SET @preparedStatement = (SELECT IF(
(
SELECT COUNT(*) FROM INFORMATION_SCHEMA.STATISTICS
WHERE table_name = 'DesktopTokens'
AND table_schema = DATABASE()
AND index_name = 'idx_desktoptokens_createat'
) > 0,
'DROP INDEX idx_desktoptokens_createat ON DesktopTokens;',
'SELECT 1'
));
PREPARE removeIndexIfExists FROM @preparedStatement;
EXECUTE removeIndexIfExists;
DEALLOCATE PREPARE removeIndexIfExists;
DROP TABLE IF EXISTS DesktopTokens;
CREATE TABLE IF NOT EXISTS DesktopTokens (
Token varchar(64) NOT NULL,
CreateAt bigint NOT NULL,
UserId varchar(26) NOT NULL,
PRIMARY KEY (Token)
);
SET @preparedStatement = (SELECT IF(
(
SELECT COUNT(*) FROM INFORMATION_SCHEMA.STATISTICS
WHERE table_name = 'DesktopTokens'
AND table_schema = DATABASE()
AND index_name = 'idx_desktoptokens_token_createat'
) > 0,
'SELECT 1',
'CREATE INDEX idx_desktoptokens_token_createat ON DesktopTokens(Token, CreateAt);'
));
PREPARE createIndexIfNotExists FROM @preparedStatement;
EXECUTE createIndexIfNotExists;
DEALLOCATE PREPARE createIndexIfNotExists;

2
server/channels/db/migrations/postgres/000112_rework_desktop_tokens.down.sql Normal file
View File

@ -0,0 +1,2 @@
DROP INDEX IF EXISTS idx_desktoptokens_token_createat;
DROP TABLE IF EXISTS desktoptokens;

11
server/channels/db/migrations/postgres/000112_rework_desktop_tokens.up.sql Normal file
View File

@ -0,0 +1,11 @@
DROP INDEX IF EXISTS idx_desktoptokens_createat;
DROP TABLE IF EXISTS desktoptokens;
CREATE TABLE IF NOT EXISTS desktoptokens (
token VARCHAR(64) NOT NULL,
createat BIGINT NOT NULL,
userid VARCHAR(26) NOT NULL,
PRIMARY KEY (token)
);
CREATE INDEX IF NOT EXISTS idx_desktoptokens_token_createat ON desktoptokens(token, createat)

20
server/channels/jobs/cleanup_desktop_tokens/scheduler.go Normal file
View File

@ -0,0 +1,20 @@
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package cleanup_desktop_tokens
import (
"time"
"github.com/mattermost/mattermost/server/public/model"
"github.com/mattermost/mattermost/server/v8/channels/jobs"
)
const schedFreq = 1 * time.Hour
func MakeScheduler(jobServer *jobs.JobServer) model.Scheduler {
isEnabled := func(cfg *model.Config) bool {
return true
}
return jobs.NewPeriodicScheduler(jobServer, model.JobTypeCleanupDesktopTokens, schedFreq, isEnabled)
}

36
server/channels/jobs/cleanup_desktop_tokens/worker.go Normal file
View File

@ -0,0 +1,36 @@
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package cleanup_desktop_tokens
import (
"time"
"github.com/mattermost/mattermost/server/public/model"
"github.com/mattermost/mattermost/server/v8/channels/jobs"
"github.com/mattermost/mattermost/server/v8/channels/store"
"github.com/mattermost/mattermost/server/v8/platform/services/configservice"
)
const jobName = "CleanupDesktopTokens"
const maxAge = 5 * time.Minute
type AppIface interface {
configservice.ConfigService
ListDirectory(path string) ([]string, *model.AppError)
FileModTime(path string) (time.Time, *model.AppError)
RemoveFile(path string) *model.AppError
}
func MakeWorker(jobServer *jobs.JobServer, store store.Store) model.Worker {
isEnabled := func(cfg *model.Config) bool {
return true
}
execute := func(job *model.Job) error {
defer jobServer.HandleJobPanic(job)
return store.DesktopTokens().DeleteOlderThan(time.Now().Add(-maxAge).Unix())
}
worker := jobs.NewSimpleWorker(jobName, jobServer, execute, isEnabled)
return worker
}

101
server/channels/store/opentracinglayer/opentracinglayer.go
View File

@ -26,6 +26,7 @@ type OpenTracingLayer struct {
CommandStore store.CommandStore
CommandWebhookStore store.CommandWebhookStore
ComplianceStore store.ComplianceStore
DesktopTokensStore store.DesktopTokensStore
DraftStore store.DraftStore
EmojiStore store.EmojiStore
FileInfoStore store.FileInfoStore
@ -95,6 +96,10 @@ func (s *OpenTracingLayer) Compliance() store.ComplianceStore {
return s.ComplianceStore
}
func (s *OpenTracingLayer) DesktopTokens() store.DesktopTokensStore {
return s.DesktopTokensStore
}
func (s *OpenTracingLayer) Draft() store.DraftStore {
return s.DraftStore
}
@ -275,6 +280,11 @@ type OpenTracingLayerComplianceStore struct {
Root *OpenTracingLayer
}
type OpenTracingLayerDesktopTokensStore struct {
store.DesktopTokensStore
Root *OpenTracingLayer
}
type OpenTracingLayerDraftStore struct {
store.DraftStore
Root *OpenTracingLayer
@ -3234,6 +3244,96 @@ func (s *OpenTracingLayerComplianceStore) Update(compliance *model.Compliance) (
return result, err
}
func (s *OpenTracingLayerDesktopTokensStore) Delete(token string) error {
origCtx := s.Root.Store.Context()
span, newCtx := tracing.StartSpanWithParentByContext(s.Root.Store.Context(), "DesktopTokensStore.Delete")
s.Root.Store.SetContext(newCtx)
defer func() {
s.Root.Store.SetContext(origCtx)
}()
defer span.Finish()
err := s.DesktopTokensStore.Delete(token)
if err != nil {
span.LogFields(spanlog.Error(err))
ext.Error.Set(span, true)
}
return err
}
func (s *OpenTracingLayerDesktopTokensStore) DeleteByUserId(userId string) error {
origCtx := s.Root.Store.Context()
span, newCtx := tracing.StartSpanWithParentByContext(s.Root.Store.Context(), "DesktopTokensStore.DeleteByUserId")
s.Root.Store.SetContext(newCtx)
defer func() {
s.Root.Store.SetContext(origCtx)
}()
defer span.Finish()
err := s.DesktopTokensStore.DeleteByUserId(userId)
if err != nil {
span.LogFields(spanlog.Error(err))
ext.Error.Set(span, true)
}
return err
}
func (s *OpenTracingLayerDesktopTokensStore) DeleteOlderThan(minCreatedAt int64) error {
origCtx := s.Root.Store.Context()
span, newCtx := tracing.StartSpanWithParentByContext(s.Root.Store.Context(), "DesktopTokensStore.DeleteOlderThan")
s.Root.Store.SetContext(newCtx)
defer func() {
s.Root.Store.SetContext(origCtx)
}()
defer span.Finish()
err := s.DesktopTokensStore.DeleteOlderThan(minCreatedAt)
if err != nil {
span.LogFields(spanlog.Error(err))
ext.Error.Set(span, true)
}
return err
}
func (s *OpenTracingLayerDesktopTokensStore) GetUserId(token string, minCreatedAt int64) (*string, error) {
origCtx := s.Root.Store.Context()
span, newCtx := tracing.StartSpanWithParentByContext(s.Root.Store.Context(), "DesktopTokensStore.GetUserId")
s.Root.Store.SetContext(newCtx)
defer func() {
s.Root.Store.SetContext(origCtx)
}()
defer span.Finish()
result, err := s.DesktopTokensStore.GetUserId(token, minCreatedAt)
if err != nil {
span.LogFields(spanlog.Error(err))
ext.Error.Set(span, true)
}
return result, err
}
func (s *OpenTracingLayerDesktopTokensStore) Insert(token string, createdAt int64, userId string) error {
origCtx := s.Root.Store.Context()
span, newCtx := tracing.StartSpanWithParentByContext(s.Root.Store.Context(), "DesktopTokensStore.Insert")
s.Root.Store.SetContext(newCtx)
defer func() {
s.Root.Store.SetContext(origCtx)
}()
defer span.Finish()
err := s.DesktopTokensStore.Insert(token, createdAt, userId)
if err != nil {
span.LogFields(spanlog.Error(err))
ext.Error.Set(span, true)
}
return err
}
func (s *OpenTracingLayerDraftStore) Delete(userID string, channelID string, rootID string) error {
origCtx := s.Root.Store.Context()
span, newCtx := tracing.StartSpanWithParentByContext(s.Root.Store.Context(), "DraftStore.Delete")
@ -12885,6 +12985,7 @@ func New(childStore store.Store, ctx context.Context) *OpenTracingLayer {
newStore.CommandStore = &OpenTracingLayerCommandStore{CommandStore: childStore.Command(), Root: &newStore}
newStore.CommandWebhookStore = &OpenTracingLayerCommandWebhookStore{CommandWebhookStore: childStore.CommandWebhook(), Root: &newStore}
newStore.ComplianceStore = &OpenTracingLayerComplianceStore{ComplianceStore: childStore.Compliance(), Root: &newStore}
newStore.DesktopTokensStore = &OpenTracingLayerDesktopTokensStore{DesktopTokensStore: childStore.DesktopTokens(), Root: &newStore}
newStore.DraftStore = &OpenTracingLayerDraftStore{DraftStore: childStore.Draft(), Root: &newStore}
newStore.EmojiStore = &OpenTracingLayerEmojiStore{EmojiStore: childStore.Emoji(), Root: &newStore}
newStore.FileInfoStore = &OpenTracingLayerFileInfoStore{FileInfoStore: childStore.FileInfo(), Root: &newStore}

116
server/channels/store/retrylayer/retrylayer.go
View File

@ -29,6 +29,7 @@ type RetryLayer struct {
CommandStore store.CommandStore
CommandWebhookStore store.CommandWebhookStore
ComplianceStore store.ComplianceStore
DesktopTokensStore store.DesktopTokensStore
DraftStore store.DraftStore
EmojiStore store.EmojiStore
FileInfoStore store.FileInfoStore
@ -98,6 +99,10 @@ func (s *RetryLayer) Compliance() store.ComplianceStore {
return s.ComplianceStore
}
func (s *RetryLayer) DesktopTokens() store.DesktopTokensStore {
return s.DesktopTokensStore
}
func (s *RetryLayer) Draft() store.DraftStore {
return s.DraftStore
}
@ -278,6 +283,11 @@ type RetryLayerComplianceStore struct {
Root *RetryLayer
}
type RetryLayerDesktopTokensStore struct {
store.DesktopTokensStore
Root *RetryLayer
}
type RetryLayerDraftStore struct {
store.DraftStore
Root *RetryLayer
@ -3607,6 +3617,111 @@ func (s *RetryLayerComplianceStore) Update(compliance *model.Compliance) (*model
}
func (s *RetryLayerDesktopTokensStore) Delete(token string) error {
tries := 0
for {
err := s.DesktopTokensStore.Delete(token)
if err == nil {
return nil
}
if !isRepeatableError(err) {
return err
}
tries++
if tries >= 3 {
err = errors.Wrap(err, "giving up after 3 consecutive repeatable transaction failures")
return err
}
timepkg.Sleep(100 * timepkg.Millisecond)
}
}
func (s *RetryLayerDesktopTokensStore) DeleteByUserId(userId string) error {
tries := 0
for {
err := s.DesktopTokensStore.DeleteByUserId(userId)
if err == nil {
return nil
}
if !isRepeatableError(err) {
return err
}
tries++
if tries >= 3 {
err = errors.Wrap(err, "giving up after 3 consecutive repeatable transaction failures")
return err
}
timepkg.Sleep(100 * timepkg.Millisecond)
}
}
func (s *RetryLayerDesktopTokensStore) DeleteOlderThan(minCreatedAt int64) error {
tries := 0
for {
err := s.DesktopTokensStore.DeleteOlderThan(minCreatedAt)
if err == nil {
return nil
}
if !isRepeatableError(err) {
return err
}
tries++
if tries >= 3 {
err = errors.Wrap(err, "giving up after 3 consecutive repeatable transaction failures")
return err
}
timepkg.Sleep(100 * timepkg.Millisecond)
}
}
func (s *RetryLayerDesktopTokensStore) GetUserId(token string, minCreatedAt int64) (*string, error) {
tries := 0
for {
result, err := s.DesktopTokensStore.GetUserId(token, minCreatedAt)
if err == nil {
return result, nil
}
if !isRepeatableError(err) {
return result, err
}
tries++
if tries >= 3 {
err = errors.Wrap(err, "giving up after 3 consecutive repeatable transaction failures")
return result, err
}
timepkg.Sleep(100 * timepkg.Millisecond)
}
}
func (s *RetryLayerDesktopTokensStore) Insert(token string, createdAt int64, userId string) error {
tries := 0
for {
err := s.DesktopTokensStore.Insert(token, createdAt, userId)
if err == nil {
return nil
}
if !isRepeatableError(err) {
return err
}
tries++
if tries >= 3 {
err = errors.Wrap(err, "giving up after 3 consecutive repeatable transaction failures")
return err
}
timepkg.Sleep(100 * timepkg.Millisecond)
}
}
func (s *RetryLayerDraftStore) Delete(userID string, channelID string, rootID string) error {
tries := 0
@ -14684,6 +14799,7 @@ func New(childStore store.Store) *RetryLayer {
newStore.CommandStore = &RetryLayerCommandStore{CommandStore: childStore.Command(), Root: &newStore}
newStore.CommandWebhookStore = &RetryLayerCommandWebhookStore{CommandWebhookStore: childStore.CommandWebhook(), Root: &newStore}
newStore.ComplianceStore = &RetryLayerComplianceStore{ComplianceStore: childStore.Compliance(), Root: &newStore}
newStore.DesktopTokensStore = &RetryLayerDesktopTokensStore{DesktopTokensStore: childStore.DesktopTokens(), Root: &newStore}
newStore.DraftStore = &RetryLayerDraftStore{DraftStore: childStore.Draft(), Root: &newStore}
newStore.EmojiStore = &RetryLayerEmojiStore{EmojiStore: childStore.Emoji(), Root: &newStore}
newStore.FileInfoStore = &RetryLayerFileInfoStore{FileInfoStore: childStore.FileInfo(), Root: &newStore}

1
server/channels/store/retrylayer/retrylayer_test.go
View File

@ -59,6 +59,7 @@ func genStore() *mocks.Store {
mock.On("PostAcknowledgement").Return(&mocks.PostAcknowledgementStore{})
mock.On("PostPersistentNotification").Return(&mocks.PostPersistentNotificationStore{})
mock.On("TrueUpReview").Return(&mocks.TrueUpReviewStore{})
mock.On("DesktopTokens").Return(&mocks.DesktopTokensStore{})
return mock
}

123
server/channels/store/sqlstore/desktop_tokens_store.go Normal file
View File

@ -0,0 +1,123 @@
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package sqlstore
import (
"database/sql"
"github.com/mattermost/mattermost/server/v8/channels/store"
"github.com/mattermost/mattermost/server/v8/einterfaces"
sq "github.com/mattermost/squirrel"
"github.com/pkg/errors"
)
type SqlDesktopTokensStore struct {
*SqlStore
metrics einterfaces.MetricsInterface
}
func newSqlDesktopTokensStore(sqlStore *SqlStore, metrics einterfaces.MetricsInterface) store.DesktopTokensStore {
return &SqlDesktopTokensStore{
SqlStore: sqlStore,
metrics: metrics,
}
}
func (s *SqlDesktopTokensStore) GetUserId(token string, minCreateAt int64) (*string, error) {
query := s.getQueryBuilder().
Select("UserId").
From("DesktopTokens").
Where(sq.And{
sq.Eq{"Token": token},
sq.GtOrEq{"CreateAt": minCreateAt},
})
dt := struct{ UserId string }{}
err := s.GetReplicaX().GetBuilder(&dt, query)
if err != nil {
if err == sql.ErrNoRows {
return nil, store.NewErrNotFound("DesktopTokens", token)
}
return nil, errors.Wrapf(err, "No token for %s", token)
}
return &dt.UserId, nil
}
func (s *SqlDesktopTokensStore) Insert(token string, createAt int64, userId string) error {
builder := s.getQueryBuilder().
Insert("DesktopTokens").
Columns("Token", "CreateAt", "UserId").
Values(token, createAt, userId)
query, args, err := builder.ToSql()
if err != nil {
return errors.Wrap(err, "insert_desktoptokens_tosql")
}
if _, err = s.GetMasterX().Exec(query, args...); err != nil {
return errors.Wrap(err, "failed to insert token row")
}
return nil
}
func (s *SqlDesktopTokensStore) Delete(token string) error {
builder := s.getQueryBuilder().
Delete("DesktopTokens").
Where(sq.Eq{
"Token": token,
})
query, args, err := builder.ToSql()
if err != nil {
return errors.Wrap(err, "delete_desktoptokens_tosql")
}
if _, err = s.GetMasterX().Exec(query, args...); err != nil {
return errors.Wrap(err, "failed to delete token row")
}
return nil
}
func (s *SqlDesktopTokensStore) DeleteByUserId(userId string) error {
builder := s.getQueryBuilder().
Delete("DesktopTokens").
Where(sq.Eq{
"UserId": userId,
})
query, args, err := builder.ToSql()
if err != nil {
return errors.Wrap(err, "delete_by_userid_desktoptokens_tosql")
}
if _, err = s.GetMasterX().Exec(query, args...); err != nil {
return errors.Wrap(err, "failed to delete token row")
}
return nil
}
func (s *SqlDesktopTokensStore) DeleteOlderThan(minCreateAt int64) error {
builder := s.getQueryBuilder().
Delete("DesktopTokens").
Where(sq.Lt{
"CreateAt": minCreateAt,
})
query, args, err := builder.ToSql()
if err != nil {
return errors.Wrap(err, "delete_old_desktoptokens_tosql")
}
if _, err = s.GetMasterX().Exec(query, args...); err != nil {
return errors.Wrap(err, "failed to delete token row")
}
return nil
}

14
server/channels/store/sqlstore/desktop_tokens_store_test.go Normal file
View File

@ -0,0 +1,14 @@
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package sqlstore
import (
"testing"
"github.com/mattermost/mattermost/server/v8/channels/store/storetest"
)
func TestDesktopTokensStore(t *testing.T) {
StoreTestWithSqlStore(t, storetest.TestDesktopTokensStore)
}

6
server/channels/store/sqlstore/store.go
View File

@ -108,6 +108,7 @@ type SqlStoreStores struct {
postAcknowledgement store.PostAcknowledgementStore
postPersistentNotification store.PostPersistentNotificationStore
trueUpReview store.TrueUpReviewStore
desktopTokens store.DesktopTokensStore
}
type SqlStore struct {
@ -229,6 +230,7 @@ func New(settings model.SqlSettings, metrics einterfaces.MetricsInterface) (*Sql
store.stores.postAcknowledgement = newSqlPostAcknowledgementStore(store)
store.stores.postPersistentNotification = newSqlPostPersistentNotificationStore(store)
store.stores.trueUpReview = newSqlTrueUpReviewStore(store)
store.stores.desktopTokens = newSqlDesktopTokensStore(store, metrics)
store.stores.preference.(*SqlPreferenceStore).deleteUnusedFeatures()
@ -1080,6 +1082,10 @@ func (ss *SqlStore) TrueUpReview() store.TrueUpReviewStore {
return ss.stores.trueUpReview
}
func (ss *SqlStore) DesktopTokens() store.DesktopTokensStore {
return ss.stores.desktopTokens
}
func (ss *SqlStore) DropAllTables() {
if ss.DriverName() == model.DatabaseDriverPostgres {
ss.masterX.Exec(`DO

9
server/channels/store/store.go
View File

@ -87,6 +87,7 @@ type Store interface {
PostAcknowledgement() PostAcknowledgementStore
PostPersistentNotification() PostPersistentNotificationStore
TrueUpReview() TrueUpReviewStore
DesktopTokens() DesktopTokensStore
}
type RetentionPolicyStore interface {
@ -650,6 +651,14 @@ type TokenStore interface {
RemoveAllTokensByType(tokenType string) error
}
type DesktopTokensStore interface {
GetUserId(token string, minCreatedAt int64) (*string, error)
Insert(token string, createdAt int64, userId string) error
Delete(token string) error
DeleteByUserId(userId string) error
DeleteOlderThan(minCreatedAt int64) error
}
type EmojiStore interface {
Save(emoji *model.Emoji) (*model.Emoji, error)
Get(ctx context.Context, id string, allowFromCache bool) (*model.Emoji, error)

110
server/channels/store/storetest/desktop_tokens_store.go Normal file
View File

@ -0,0 +1,110 @@
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package storetest
import (
"testing"
"github.com/mattermost/mattermost/server/v8/channels/store"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestDesktopTokensStore(t *testing.T, ss store.Store, s SqlStore) {
t.Run("GetUserId", func(t *testing.T) { testGetUserId(t, ss) })
t.Run("Insert", func(t *testing.T) { testInsert(t, ss) })
t.Run("Delete", func(t *testing.T) { testDeleteToken(t, ss) })
t.Run("DeleteByUserId", func(t *testing.T) { testDeleteByUserId(t, ss) })
t.Run("DeleteOlderThan", func(t *testing.T) { testDeleteOlderThan(t, ss) })
}
func testGetUserId(t *testing.T, ss store.Store) {
err := ss.DesktopTokens().Insert("token_with_id", 1000, "user_id")
require.NoError(t, err)
t.Run("get user id", func(t *testing.T) {
userId, err := ss.DesktopTokens().GetUserId("token_with_id", 1000)
assert.NoError(t, err)
assert.Equal(t, "user_id", *userId)
})
t.Run("get user id - expired", func(t *testing.T) {
userId, err := ss.DesktopTokens().GetUserId("token_with_id", 10000)
assert.Error(t, err)
assert.IsType(t, &store.ErrNotFound{}, err)
assert.Nil(t, userId)
})
}
func testInsert(t *testing.T, ss store.Store) {
t.Run("insert", func(t *testing.T) {
err := ss.DesktopTokens().Insert("token", 1000, "user_id")
assert.NoError(t, err)
})
t.Run("insert - token too long", func(t *testing.T) {
err := ss.DesktopTokens().Insert(
"this token is way way way WAAAAAAAAAAAAAY WAAAAAAAAAAAAAY WAAAAAAAAAAAAAY TOO LONG",
1000,
"user_id",
)
assert.Error(t, err)
})
}
func testDeleteToken(t *testing.T, ss store.Store) {
err := ss.DesktopTokens().Insert("deleteable_token", 3000, "user_id")
require.NoError(t, err)
t.Run("delete", func(t *testing.T) {
userId, err := ss.DesktopTokens().GetUserId("deleteable_token", 3000)
assert.NoError(t, err)
assert.Equal(t, "user_id", *userId)
err = ss.DesktopTokens().Delete("deleteable_token")
assert.NoError(t, err)
_, err = ss.DesktopTokens().GetUserId("deleteable_token", 3000)
assert.Error(t, err)
})
}
func testDeleteByUserId(t *testing.T, ss store.Store) {
err := ss.DesktopTokens().Insert("deleteable_token_2", 4000, "deleteable_user_id")
require.NoError(t, err)
t.Run("delete by user id", func(t *testing.T) {
userId, err := ss.DesktopTokens().GetUserId("deleteable_token_2", 3000)
assert.NoError(t, err)
assert.Equal(t, "deleteable_user_id", *userId)
err = ss.DesktopTokens().DeleteByUserId("deleteable_user_id")
assert.NoError(t, err)
_, err = ss.DesktopTokens().GetUserId("deleteable_token_2", 3000)
assert.Error(t, err)
})
}
func testDeleteOlderThan(t *testing.T, ss store.Store) {
err := ss.DesktopTokens().Insert("deleteable_token_old", 1000, "deleteable_user_id")
require.NoError(t, err)
err = ss.DesktopTokens().Insert("deleteable_token_new", 5000, "deleteable_user_id")
require.NoError(t, err)
t.Run("delete older than", func(t *testing.T) {
_, err := ss.DesktopTokens().GetUserId("deleteable_token_old", 1000)
assert.NoError(t, err)
_, err = ss.DesktopTokens().GetUserId("deleteable_token_new", 5000)
assert.NoError(t, err)
err = ss.DesktopTokens().DeleteOlderThan(2000)
assert.NoError(t, err)
_, err = ss.DesktopTokens().GetUserId("deleteable_token_old", 1000)
assert.Error(t, err)
_, err = ss.DesktopTokens().GetUserId("deleteable_token_new", 5000)
assert.NoError(t, err)
})
}

109
server/channels/store/storetest/mocks/DesktopTokensStore.go Normal file
View File

@ -0,0 +1,109 @@
// Code generated by mockery v2.23.2. DO NOT EDIT.
// Regenerate this file using `make store-mocks`.
package mocks
import mock "github.com/stretchr/testify/mock"
// DesktopTokensStore is an autogenerated mock type for the DesktopTokensStore type
type DesktopTokensStore struct {
mock.Mock
}
// Delete provides a mock function with given fields: token
func (_m *DesktopTokensStore) Delete(token string) error {
ret := _m.Called(token)
var r0 error
if rf, ok := ret.Get(0).(func(string) error); ok {
r0 = rf(token)
} else {
r0 = ret.Error(0)
}
return r0
}
// DeleteByUserId provides a mock function with given fields: userId
func (_m *DesktopTokensStore) DeleteByUserId(userId string) error {
ret := _m.Called(userId)
var r0 error
if rf, ok := ret.Get(0).(func(string) error); ok {
r0 = rf(userId)
} else {
r0 = ret.Error(0)
}
return r0
}
// DeleteOlderThan provides a mock function with given fields: minCreatedAt
func (_m *DesktopTokensStore) DeleteOlderThan(minCreatedAt int64) error {
ret := _m.Called(minCreatedAt)
var r0 error
if rf, ok := ret.Get(0).(func(int64) error); ok {
r0 = rf(minCreatedAt)
} else {
r0 = ret.Error(0)
}
return r0
}
// GetUserId provides a mock function with given fields: token, minCreatedAt
func (_m *DesktopTokensStore) GetUserId(token string, minCreatedAt int64) (*string, error) {
ret := _m.Called(token, minCreatedAt)
var r0 *string
var r1 error
if rf, ok := ret.Get(0).(func(string, int64) (*string, error)); ok {
return rf(token, minCreatedAt)
}
if rf, ok := ret.Get(0).(func(string, int64) *string); ok {
r0 = rf(token, minCreatedAt)
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).(*string)
}
}
if rf, ok := ret.Get(1).(func(string, int64) error); ok {
r1 = rf(token, minCreatedAt)
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// Insert provides a mock function with given fields: token, createdAt, userId
func (_m *DesktopTokensStore) Insert(token string, createdAt int64, userId string) error {
ret := _m.Called(token, createdAt, userId)
var r0 error
if rf, ok := ret.Get(0).(func(string, int64, string) error); ok {
r0 = rf(token, createdAt, userId)
} else {
r0 = ret.Error(0)
}
return r0
}
type mockConstructorTestingTNewDesktopTokensStore interface {
mock.TestingT
Cleanup(func())
}
// NewDesktopTokensStore creates a new instance of DesktopTokensStore. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
func NewDesktopTokensStore(t mockConstructorTestingTNewDesktopTokensStore) *DesktopTokensStore {
mock := &DesktopTokensStore{}
mock.Mock.Test(t)
t.Cleanup(func() { mock.AssertExpectations(t) })
return mock
}

16
server/channels/store/storetest/mocks/Store.go
View File

@ -187,6 +187,22 @@ func (_m *Store) Context() context.Context {
return r0
}
// DesktopTokens provides a mock function with given fields:
func (_m *Store) DesktopTokens() store.DesktopTokensStore {
ret := _m.Called()
var r0 store.DesktopTokensStore
if rf, ok := ret.Get(0).(func() store.DesktopTokensStore); ok {
r0 = rf()
} else {
if ret.Get(0) != nil {
r0 = ret.Get(0).(store.DesktopTokensStore)
}
}
return r0
}
// Draft provides a mock function with given fields:
func (_m *Store) Draft() store.DraftStore {
ret := _m.Called()

3
server/channels/store/storetest/store.go
View File

@ -61,6 +61,7 @@ type Store struct {
PostAcknowledgementStore mocks.PostAcknowledgementStore
PostPersistentNotificationStore mocks.PostPersistentNotificationStore
TrueUpReviewStore mocks.TrueUpReviewStore
DesktopTokensStore mocks.DesktopTokensStore
}
func (s *Store) SetContext(context context.Context) { s.context = context }
@ -103,6 +104,7 @@ func (s *Store) ChannelMemberHistory() store.ChannelMemberHistoryStore {
return &s.ChannelMemberHistoryStore
}
func (s *Store) TrueUpReview() store.TrueUpReviewStore { return &s.TrueUpReviewStore }
func (s *Store) DesktopTokens() store.DesktopTokensStore { return &s.DesktopTokensStore }
func (s *Store) NotifyAdmin() store.NotifyAdminStore { return &s.NotifyAdminStore }
func (s *Store) Group() store.GroupStore { return &s.GroupStore }
func (s *Store) LinkMetadata() store.LinkMetadataStore { return &s.LinkMetadataStore }
@ -177,5 +179,6 @@ func (s *Store) AssertExpectations(t mock.TestingT) bool {
&s.PostPriorityStore,
&s.PostAcknowledgementStore,
&s.PostPersistentNotificationStore,
&s.DesktopTokensStore,
)
}

91
server/channels/store/timerlayer/timerlayer.go
View File

@ -26,6 +26,7 @@ type TimerLayer struct {
CommandStore store.CommandStore
CommandWebhookStore store.CommandWebhookStore
ComplianceStore store.ComplianceStore
DesktopTokensStore store.DesktopTokensStore
DraftStore store.DraftStore
EmojiStore store.EmojiStore
FileInfoStore store.FileInfoStore
@ -95,6 +96,10 @@ func (s *TimerLayer) Compliance() store.ComplianceStore {
return s.ComplianceStore
}
func (s *TimerLayer) DesktopTokens() store.DesktopTokensStore {
return s.DesktopTokensStore
}
func (s *TimerLayer) Draft() store.DraftStore {
return s.DraftStore
}
@ -275,6 +280,11 @@ type TimerLayerComplianceStore struct {
Root *TimerLayer
}
type TimerLayerDesktopTokensStore struct {
store.DesktopTokensStore
Root *TimerLayer
}
type TimerLayerDraftStore struct {
store.DraftStore
Root *TimerLayer
@ -2968,6 +2978,86 @@ func (s *TimerLayerComplianceStore) Update(compliance *model.Compliance) (*model
return result, err
}
func (s *TimerLayerDesktopTokensStore) Delete(token string) error {
start := time.Now()
err := s.DesktopTokensStore.Delete(token)
elapsed := float64(time.Since(start)) / float64(time.Second)
if s.Root.Metrics != nil {
success := "false"
if err == nil {
success = "true"
}
s.Root.Metrics.ObserveStoreMethodDuration("DesktopTokensStore.Delete", success, elapsed)
}
return err
}
func (s *TimerLayerDesktopTokensStore) DeleteByUserId(userId string) error {
start := time.Now()
err := s.DesktopTokensStore.DeleteByUserId(userId)
elapsed := float64(time.Since(start)) / float64(time.Second)
if s.Root.Metrics != nil {
success := "false"
if err == nil {
success = "true"
}
s.Root.Metrics.ObserveStoreMethodDuration("DesktopTokensStore.DeleteByUserId", success, elapsed)
}
return err
}
func (s *TimerLayerDesktopTokensStore) DeleteOlderThan(minCreatedAt int64) error {
start := time.Now()
err := s.DesktopTokensStore.DeleteOlderThan(minCreatedAt)
elapsed := float64(time.Since(start)) / float64(time.Second)
if s.Root.Metrics != nil {
success := "false"
if err == nil {
success = "true"
}
s.Root.Metrics.ObserveStoreMethodDuration("DesktopTokensStore.DeleteOlderThan", success, elapsed)
}
return err
}
func (s *TimerLayerDesktopTokensStore) GetUserId(token string, minCreatedAt int64) (*string, error) {
start := time.Now()
result, err := s.DesktopTokensStore.GetUserId(token, minCreatedAt)
elapsed := float64(time.Since(start)) / float64(time.Second)
if s.Root.Metrics != nil {
success := "false"
if err == nil {
success = "true"
}
s.Root.Metrics.ObserveStoreMethodDuration("DesktopTokensStore.GetUserId", success, elapsed)
}
return result, err
}
func (s *TimerLayerDesktopTokensStore) Insert(token string, createdAt int64, userId string) error {
start := time.Now()
err := s.DesktopTokensStore.Insert(token, createdAt, userId)
elapsed := float64(time.Since(start)) / float64(time.Second)
if s.Root.Metrics != nil {
success := "false"
if err == nil {
success = "true"
}
s.Root.Metrics.ObserveStoreMethodDuration("DesktopTokensStore.Insert", success, elapsed)
}
return err
}
func (s *TimerLayerDraftStore) Delete(userID string, channelID string, rootID string) error {
start := time.Now()
@ -11613,6 +11703,7 @@ func New(childStore store.Store, metrics einterfaces.MetricsInterface) *TimerLay
newStore.CommandStore = &TimerLayerCommandStore{CommandStore: childStore.Command(), Root: &newStore}
newStore.CommandWebhookStore = &TimerLayerCommandWebhookStore{CommandWebhookStore: childStore.CommandWebhook(), Root: &newStore}
newStore.ComplianceStore = &TimerLayerComplianceStore{ComplianceStore: childStore.Compliance(), Root: &newStore}
newStore.DesktopTokensStore = &TimerLayerDesktopTokensStore{DesktopTokensStore: childStore.DesktopTokens(), Root: &newStore}
newStore.DraftStore = &TimerLayerDraftStore{DraftStore: childStore.Draft(), Root: &newStore}
newStore.EmojiStore = &TimerLayerEmojiStore{EmojiStore: childStore.Emoji(), Root: &newStore}
newStore.FileInfoStore = &TimerLayerFileInfoStore{FileInfoStore: childStore.FileInfo(), Root: &newStore}

38
server/channels/web/oauth.go
View File

@ -11,6 +11,7 @@ import (
"net/url"
"path/filepath"
"strings"
"time"
"github.com/mattermost/mattermost/server/public/model"
"github.com/mattermost/mattermost/server/public/shared/i18n"
@ -344,6 +345,34 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
} else { // For web
c.App.AttachSessionCookies(c.AppContext, w, r)
}
desktopToken := ""
if val, ok := props["desktop_token"]; ok {
desktopToken = val
}
if desktopToken != "" {
serverToken, serverTokenErr := c.App.GenerateAndSaveDesktopToken(time.Now().Unix(), user)
if serverTokenErr != nil {
serverTokenErr.Translate(c.AppContext.T)
c.LogErrorByCode(serverTokenErr)
renderError(serverTokenErr)
return
}
queryString := map[string]string{
"client_token": desktopToken,
"server_token": *serverToken,
}
if val, ok := props["redirect_to"]; ok {
queryString["redirect_to"] = val
}
if strings.HasPrefix(desktopToken, "dev-") {
queryString["isDesktopDev"] = "true"
}
redirectURL = utils.AppendQueryParamsToURL(c.GetSiteURLHeader()+"/login/desktop", queryString)
}
}
w.Header().Set("Content-Type", "text/html; charset=utf-8")
@ -358,6 +387,7 @@ func loginWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
loginHint := r.URL.Query().Get("login_hint")
redirectURL := r.URL.Query().Get("redirect_to")
desktopToken := r.URL.Query().Get("desktop_token")
if redirectURL != "" && !utils.IsValidWebAuthRedirectURL(c.App.Config(), redirectURL) {
c.Err = model.NewAppError("loginWithOAuth", "api.invalid_redirect_url", nil, "", http.StatusBadRequest)
@ -370,7 +400,7 @@ func loginWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
authURL, err := c.App.GetOAuthLoginEndpoint(w, r, c.Params.Service, teamId, model.OAuthActionLogin, redirectURL, loginHint, false)
authURL, err := c.App.GetOAuthLoginEndpoint(w, r, c.Params.Service, teamId, model.OAuthActionLogin, redirectURL, loginHint, false, desktopToken)
if err != nil {
c.Err = err
return
@ -399,7 +429,7 @@ func mobileLoginWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
authURL, err := c.App.GetOAuthLoginEndpoint(w, r, c.Params.Service, teamId, model.OAuthActionMobile, redirectURL, "", true)
authURL, err := c.App.GetOAuthLoginEndpoint(w, r, c.Params.Service, teamId, model.OAuthActionMobile, redirectURL, "", true, "")
if err != nil {
c.Err = err
return
@ -427,7 +457,9 @@ func signupWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
authURL, err := c.App.GetOAuthSignupEndpoint(w, r, c.Params.Service, teamId)
desktopToken := r.URL.Query().Get("desktop_token")
authURL, err := c.App.GetOAuthSignupEndpoint(w, r, c.Params.Service, teamId, desktopToken)
if err != nil {
c.Err = err
return

30
server/channels/web/saml.go
View File

@ -9,6 +9,7 @@ import (
"net/http"
"strconv"
"strings"
"time"
"github.com/mattermost/mattermost/server/public/model"
"github.com/mattermost/mattermost/server/public/shared/mlog"
@ -59,6 +60,11 @@ func loginWithSaml(c *Context, w http.ResponseWriter, r *http.Request) {
relayProps["redirect_to"] = redirectURL
}
desktopToken := r.URL.Query().Get("desktop_token")
if desktopToken != "" {
relayProps["desktop_token"] = desktopToken
}
relayProps[model.UserAuthServiceIsMobile] = strconv.FormatBool(isMobile)
if len(relayProps) > 0 {
@ -185,6 +191,30 @@ func completeSaml(c *Context, w http.ResponseWriter, r *http.Request) {
c.App.AttachSessionCookies(c.AppContext, w, r)
desktopToken := relayProps["desktop_token"]
if desktopToken != "" {
serverToken, serverTokenErr := c.App.GenerateAndSaveDesktopToken(time.Now().Unix(), user)
if serverTokenErr != nil {
handleError(serverTokenErr)
return
}
queryString := map[string]string{
"client_token": desktopToken,
"server_token": *serverToken,
}
if val, ok := relayProps["redirect_to"]; ok {
queryString["redirect_to"] = val
}
if strings.HasPrefix(desktopToken, "dev-") {
queryString["isDesktopDev"] = "true"
}
redirectURL = utils.AppendQueryParamsToURL(c.GetSiteURLHeader()+"/login/desktop", queryString)
http.Redirect(w, r, redirectURL, http.StatusFound)
return
}
if hasRedirectURL {
if isMobile {
// Mobile clients with redirect url support

12
server/i18n/en.json
View File

@ -5079,6 +5079,18 @@
"id": "app.custom_group.unique_name",
"translation": "group name is not unique"
},
{
"id": "app.desktop_token.generateServerToken.invalid_or_expired",
"translation": "Token does not exist or is expired"
},
{
"id": "app.desktop_token.validate.invalid",
"translation": "Token is not valid or is expired"
},
{
"id": "app.desktop_token.validate.no_user",
"translation": "Cannot find a user for this token"
},
{
"id": "app.draft.delete.app_error",
"translation": "Unable to delete the Draft."

2
server/public/model/job.go
View File

@ -36,6 +36,7 @@ const (
JobTypeInstallPluginNotifyAdmin = "install_plugin_notify_admin"
JobTypeHostedPurchaseScreening = "hosted_purchase_screening"
JobTypeS3PathMigration = "s3_path_migration"
JobTypeCleanupDesktopTokens = "cleanup_desktop_tokens"
JobStatusPending = "pending"
JobStatusInProgress = "in_progress"
@ -66,6 +67,7 @@ var AllJobTypes = [...]string{
JobTypeExtractContent,
JobTypeLastAccessiblePost,
JobTypeLastAccessibleFile,
JobTypeCleanupDesktopTokens,
}
type Job struct {

2
server/public/model/user.go
View File

@ -62,6 +62,8 @@ const (
UserLocaleMaxLength = 5
UserTimezoneMaxRunes = 256
UserRolesMaxLength = 256
DesktopTokenTTL = time.Minute * 3
)
//msgp:tuple User

34
webapp/channels/src/actions/views/login.ts
View File

@ -45,6 +45,40 @@ export function login(loginId: string, password: string, mfaToken = ''): ActionF
};
}
export function loginWithDesktopToken(token: string): ActionFunc {
return async (dispatch: DispatchFunc) => {
dispatch({type: UserTypes.LOGIN_REQUEST, data: null});
try {
// This is partial user profile we recieved when we login. We still need to make getMe for complete user profile.
const loggedInUserProfile = await Client4.loginWithDesktopToken(token);
dispatch(
batchActions([
{
type: UserTypes.LOGIN_SUCCESS,
},
{
type: UserTypes.RECEIVED_ME,
data: loggedInUserProfile,
},
]),
);
dispatch(loadRolesIfNeeded(loggedInUserProfile.roles.split(' ')));
} catch (error) {
dispatch({
type: UserTypes.LOGIN_FAILURE,
error,
});
dispatch(logError(error as ServerError));
return {error};
}
return {data: true};
};
}
export function loginById(id: string, password: string): ActionFunc {
return async (dispatch: DispatchFunc) => {
dispatch({type: UserTypes.LOGIN_REQUEST, data: null});

38
webapp/channels/src/components/desktop_auth_token.scss Normal file
View File

@ -0,0 +1,38 @@
.DesktopAuthToken {
display: flex;
width: 540px;
height: 80vh;
flex-direction: column;
align-items: center;
justify-content: center;
margin: auto;
text-align: center;
}
.DesktopAuthToken__main {
display: flex;
margin-top: auto;
margin-bottom: 14px;
color: var(--sidebar-header-bg);
font-size: 40px;
font-weight: 600;
letter-spacing: -0.02em;
line-height: 48px;
}
.DesktopAuthToken__sub {
margin-bottom: 24px;
color: rgba(var(--center-channel-color-rgb), 0.72);
font-size: 18px;
line-height: 28px;
&.complete {
max-width: 442px;
}
}
.DesktopAuthToken__bottom {
margin-top: auto;
font-size: 16px;
line-height: 24px;
}

224
webapp/channels/src/components/desktop_auth_token.tsx Normal file
View File

@ -0,0 +1,224 @@
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
import React, {useEffect, useState} from 'react';
import {FormattedMessage} from 'react-intl';
import {useDispatch} from 'react-redux';
import {useHistory, useLocation} from 'react-router-dom';
import crypto from 'crypto';
import classNames from 'classnames';
import {UserProfile} from '@mattermost/types/users';
import {DispatchFunc} from 'mattermost-redux/types/actions';
import {loginWithDesktopToken} from 'actions/views/login';
import './desktop_auth_token.scss';
const BOTTOM_MESSAGE_TIMEOUT = 10000;
const DESKTOP_AUTH_PREFIX = 'desktop_auth_client_token';
declare global {
interface Window {
desktopAPI?: {
isDev?: () => Promise<boolean>;
};
}
}
enum DesktopAuthStatus {
None,
WaitingForBrowser,
LoggedIn,
Authenticating,
Error,
}
type Props = {
href: string;
onLogin: (userProfile: UserProfile) => void;
}
const DesktopAuthToken: React.FC<Props> = ({href, onLogin}: Props) => {
const dispatch = useDispatch<DispatchFunc>();
const history = useHistory();
const {search} = useLocation();
const query = new URLSearchParams(search);
const serverToken = query.get('server_token');
const receivedClientToken = query.get('client_token');
const storedClientToken = sessionStorage.getItem(DESKTOP_AUTH_PREFIX);
const [status, setStatus] = useState(serverToken ? DesktopAuthStatus.LoggedIn : DesktopAuthStatus.None);
const [showBottomMessage, setShowBottomMessage] = useState<boolean>();
const tryDesktopLogin = async () => {
if (!(serverToken && receivedClientToken === storedClientToken)) {
setStatus(DesktopAuthStatus.Error);
return;
}
sessionStorage.removeItem(DESKTOP_AUTH_PREFIX);
const {data: userProfile, error: loginError} = await dispatch(loginWithDesktopToken(serverToken));
if (loginError && loginError.server_error_id && loginError.server_error_id.length !== 0) {
setStatus(DesktopAuthStatus.Error);
return;
}
setStatus(DesktopAuthStatus.LoggedIn);
await onLogin(userProfile as UserProfile);
};
const openExternalLoginURL = async () => {
const isDev = await window.desktopAPI?.isDev?.();
const desktopToken = `${isDev ? 'dev-' : ''}${crypto.randomBytes(32).toString('hex')}`.slice(0, 64);
sessionStorage.setItem(DESKTOP_AUTH_PREFIX, desktopToken);
const parsedURL = new URL(href);
const params = new URLSearchParams(parsedURL.searchParams);
params.set('desktop_token', desktopToken);
window.open(`${parsedURL.origin}${parsedURL.pathname}?${params.toString()}`);
setStatus(DesktopAuthStatus.WaitingForBrowser);
};
const forwardToDesktopApp = () => {
const url = new URL(window.location.href);
if (url.searchParams.get('isDesktopDev')) {
url.protocol = 'mattermost-dev';
} else {
url.protocol = 'mattermost';
}
window.location.href = url.toString();
};
useEffect(() => {
setShowBottomMessage(false);
const timeout = setTimeout(() => {
setShowBottomMessage(true);
}, BOTTOM_MESSAGE_TIMEOUT) as unknown as number;
return () => {
clearTimeout(timeout);
};
}, [status]);
useEffect(() => {
if (serverToken) {
if (storedClientToken) {
tryDesktopLogin();
} else {
forwardToDesktopApp();
}
return;
}
openExternalLoginURL();
}, [serverToken]);
let mainMessage;
let subMessage;
let bottomMessage;
if (status === DesktopAuthStatus.WaitingForBrowser) {
mainMessage = (
<FormattedMessage
id='desktop_auth_token.polling.redirectingToBrowser'
defaultMessage='Redirecting to browser...'
/>
);
subMessage = (
<FormattedMessage
id='desktop_auth_token.polling.awaitingToken'
defaultMessage='Authenticating in the browser, awaiting valid token.'
/>
);
bottomMessage = null;
}
if (status === DesktopAuthStatus.LoggedIn) {
mainMessage = (
<FormattedMessage
id='desktop_auth_token.complete.youAreNowLoggedIn'
defaultMessage='You are now logged in'
/>
);
subMessage = (
<FormattedMessage
id='desktop_auth_token.complete.openMattermost'
defaultMessage='Click on <b>Open Mattermost</b> in the browser prompt to <a>launch the desktop app</a>'
values={{
a: (chunks: React.ReactNode) => {
return (
<a onClick={forwardToDesktopApp}>
{chunks}
</a>
);
},
b: (chunks: React.ReactNode) => (<b>{chunks}</b>),
}}
/>
);
bottomMessage = (
<FormattedMessage
id='desktop_auth_token.complete.havingTrouble'
defaultMessage='Having trouble logging in? <a>Open Mattermost in your browser</a>'
values={{
a: (chunks: React.ReactNode) => {
return (
<a onClick={() => history.push('/')}>
{chunks}
</a>
);
},
}}
/>
);
}
if (status === DesktopAuthStatus.Error) {
mainMessage = (
<FormattedMessage
id='desktop_auth_token.error.somethingWentWrong'
defaultMessage='Something went wrong'
/>
);
subMessage = (
<FormattedMessage
id='desktop_auth_token.error.restartFlow'
defaultMessage={'Click <a>here</a> to try again.'}
values={{
a: (chunks: React.ReactNode) => {
return (
<a onClick={() => history.push('/')}>
{chunks}
</a>
);
},
}}
/>
);
bottomMessage = null;
}
return (
<div className='DesktopAuthToken'>
<h1 className='DesktopAuthToken__main'>
{mainMessage}
</h1>
<p className={classNames('DesktopAuthToken__sub', {complete: status === DesktopAuthStatus.LoggedIn})}>
{subMessage}
</p>
<div className='DesktopAuthToken__bottom'>
{showBottomMessage ? bottomMessage : null}
</div>
</div>
);
};
export default DesktopAuthToken;

3
webapp/channels/src/components/external_login_button/external_login_button.tsx
View File

@ -13,6 +13,7 @@ export type ExternalLoginButtonType = {
label: string;
style?: React.CSSProperties;
direction?: 'row' | 'column';
onClick: (event: React.MouseEvent<HTMLAnchorElement>) => void;
};
const ExternalLoginButton = ({
@ -22,12 +23,14 @@ const ExternalLoginButton = ({
label,
style,
direction = 'row',
onClick,
}: ExternalLoginButtonType) => (
<a
id={id}
className={classNames('external-login-button', {'direction-column': direction === 'column'}, id)}
href={url}
style={style}
onClick={onClick}
>
{icon}
<span className='external-login-button-label'>

62
webapp/channels/src/components/login/login.tsx
View File

@ -3,7 +3,7 @@
import React, {useState, useEffect, useRef, useCallback, FormEvent} from 'react';
import {useIntl} from 'react-intl';
import {Link, useLocation, useHistory} from 'react-router-dom';
import {Link, useLocation, useHistory, Route} from 'react-router-dom';
import {useSelector, useDispatch} from 'react-redux';
import classNames from 'classnames';
import throttle from 'lodash/throttle';
@ -32,7 +32,9 @@ import {setNeedsLoggedInLimitReachedCheck} from 'actions/views/admin';
import {trackEvent} from 'actions/telemetry_actions';
import AlertBanner, {ModeType, AlertBannerProps} from 'components/alert_banner';
import DesktopAuthToken from 'components/desktop_auth_token';
import ExternalLoginButton, {ExternalLoginButtonType} from 'components/external_login_button/external_login_button';
import ExternalLink from 'components/external_link';
import AlternateLinkLayout from 'components/header_footer_route/content_layouts/alternate_link';
import ColumnLayout from 'components/header_footer_route/content_layouts/column';
import {CustomizeHeaderType} from 'components/header_footer_route/header_footer_route';
@ -54,12 +56,12 @@ import {GlobalState} from 'types/store';
import Constants from 'utils/constants';
import {showNotification} from 'utils/notifications';
import {t} from 'utils/i18n';
import {isDesktopApp} from 'utils/user_agent';
import {setCSRFFromCookie} from 'utils/utils';
import LoginMfa from './login_mfa';
import './login.scss';
import ExternalLink from 'components/external_link';
const MOBILE_SCREEN_WIDTH = 1200;
@ -148,6 +150,8 @@ const Login = ({onCustomizeHeader}: LoginProps) => {
const query = new URLSearchParams(search);
const redirectTo = query.get('redirect_to');
const [desktopLoginLink, setDesktopLoginLink] = useState('');
const getExternalLoginOptions = () => {
const externalLoginOptions: ExternalLoginButtonType[] = [];
@ -156,55 +160,76 @@ const Login = ({onCustomizeHeader}: LoginProps) => {
}
if (enableSignUpWithGitLab) {
const url = `${Client4.getOAuthRoute()}/gitlab/login${search}`;
externalLoginOptions.push({
id: 'gitlab',
url: `${Client4.getOAuthRoute()}/gitlab/login${search}`,
url,
icon: <LoginGitlabIcon/>,
label: GitLabButtonText || formatMessage({id: 'login.gitlab', defaultMessage: 'GitLab'}),
style: {color: GitLabButtonColor, borderColor: GitLabButtonColor},
onClick: desktopExternalAuth(url),
});
}
if (enableSignUpWithGoogle) {
const url = `${Client4.getOAuthRoute()}/google/login${search}`;
externalLoginOptions.push({
id: 'google',
url: `${Client4.getOAuthRoute()}/google/login${search}`,
url,
icon: <LoginGoogleIcon/>,
label: formatMessage({id: 'login.google', defaultMessage: 'Google'}),
onClick: desktopExternalAuth(url),
});
}
if (enableSignUpWithOffice365) {
const url = `${Client4.getOAuthRoute()}/office365/login${search}`;
externalLoginOptions.push({
id: 'office365',
url: `${Client4.getOAuthRoute()}/office365/login${search}`,
url,
icon: <LoginOffice365Icon/>,
label: formatMessage({id: 'login.office365', defaultMessage: 'Office 365'}),
onClick: desktopExternalAuth(url),
});
}
if (enableSignUpWithOpenId) {
const url = `${Client4.getOAuthRoute()}/openid/login${search}`;
externalLoginOptions.push({
id: 'openid',
url: `${Client4.getOAuthRoute()}/openid/login${search}`,
url,
icon: <LoginOpenIDIcon/>,
label: OpenIdButtonText || formatMessage({id: 'login.openid', defaultMessage: 'Open ID'}),
style: {color: OpenIdButtonColor, borderColor: OpenIdButtonColor},
onClick: desktopExternalAuth(url),
});
}
if (enableSignUpWithSaml) {
const url = `${Client4.getUrl()}/login/sso/saml${search}`;
externalLoginOptions.push({
id: 'saml',
url: `${Client4.getUrl()}/login/sso/saml${search}`,
url,
icon: <LockIcon/>,
label: SamlLoginButtonText || formatMessage({id: 'login.saml', defaultMessage: 'SAML'}),
onClick: desktopExternalAuth(url),
});
}
return externalLoginOptions;
};
const desktopExternalAuth = (href: string) => {
return (event: React.MouseEvent) => {
if (isDesktopApp()) {
event.preventDefault();
setDesktopLoginLink(href);
history.push(`/login/desktop${search}`);
}
};
};
const dismissAlert = () => {
setAlertBanner(null);
setHasError(false);
@ -376,6 +401,11 @@ const Login = ({onCustomizeHeader}: LoginProps) => {
}, [onCustomizeHeader, search, showMfa, isMobileView, getAlternateLink]);
useEffect(() => {
// We don't want to redirect outside of this route if we're doing Desktop App auth
if (query.get('server_token')) {
return;
}
if (currentUser) {
if (redirectTo && redirectTo.match(/^\/([^/]|$)/)) {
history.push(redirectTo);
@ -594,6 +624,10 @@ const Login = ({onCustomizeHeader}: LoginProps) => {
return;
}
await postSubmit(userProfile);
};
const postSubmit = async (userProfile: UserProfile) => {
if (graphQLEnabled) {
await dispatch(loadMe());
} else {
@ -752,6 +786,20 @@ const Login = ({onCustomizeHeader}: LoginProps) => {
);
}
if (desktopLoginLink || query.get('server_token')) {
return (
<Route
path={'/login/desktop'}
render={() => (
<DesktopAuthToken
href={desktopLoginLink}
onLogin={postSubmit}
/>
)}
/>
);
}
return (
<>
<div

7
webapp/channels/src/components/signup/__snapshots__/signup.test.tsx.snap
View File

@ -142,6 +142,7 @@ exports[`components/signup/Signup should match snapshot for all signup options e
id="gitlab"
key="gitlab"
label="GitLab"
onClick={[Function]}
style={
Object {
"borderColor": "",
@ -315,6 +316,7 @@ exports[`components/signup/Signup should match snapshot for all signup options e
id="gitlab"
key="gitlab"
label="GitLab"
onClick={[Function]}
style={
Object {
"borderColor": "",
@ -328,6 +330,7 @@ exports[`components/signup/Signup should match snapshot for all signup options e
id="google"
key="google"
label="Google"
onClick={[Function]}
url="/oauth/google/signup"
/>
<ExternalLoginButton
@ -335,6 +338,7 @@ exports[`components/signup/Signup should match snapshot for all signup options e
id="office365"
key="office365"
label="Office 365"
onClick={[Function]}
url="/oauth/office365/signup"
/>
<ExternalLoginButton
@ -342,6 +346,7 @@ exports[`components/signup/Signup should match snapshot for all signup options e
id="openid"
key="openid"
label="Open ID"
onClick={[Function]}
style={
Object {
"borderColor": "",
@ -355,6 +360,7 @@ exports[`components/signup/Signup should match snapshot for all signup options e
id="ldap"
key="ldap"
label="AD/LDAP Credentials"
onClick={[Function]}
url="/login?extra=create_ldap"
/>
<ExternalLoginButton
@ -362,6 +368,7 @@ exports[`components/signup/Signup should match snapshot for all signup options e
id="saml"
key="saml"
label="SAML"
onClick={[Function]}
url="/login/sso/saml?action=signup"
/>
</div>

58
webapp/channels/src/components/signup/signup.tsx
View File

@ -4,7 +4,7 @@
import React, {useState, useEffect, useRef, useCallback, FocusEvent} from 'react';
import {useIntl} from 'react-intl';
import {useLocation, useHistory} from 'react-router-dom';
import {useLocation, useHistory, Route} from 'react-router-dom';
import {useSelector, useDispatch} from 'react-redux';
import classNames from 'classnames';
import throttle from 'lodash/throttle';
@ -54,9 +54,11 @@ import useCWSAvailabilityCheck from 'components/common/hooks/useCWSAvailabilityC
import ExternalLink from 'components/external_link';
import {Constants, HostedCustomerLinks, ItemStatus, ValidationErrors} from 'utils/constants';
import {isDesktopApp} from 'utils/user_agent';
import {isValidUsername, isValidPassword, getPasswordConfig, getRoleFromTrackFlow, getMediumFromTrackFlow} from 'utils/utils';
import './signup.scss';
import DesktopAuthToken from 'components/desktop_auth_token';
const MOBILE_SCREEN_WIDTH = 1200;
@ -148,6 +150,8 @@ const Signup = ({onCustomizeHeader}: SignupProps) => {
const canSubmit = Boolean(email && name && password) && !hasError && !loading;
const {error: passwordInfo} = isValidPassword('', getPasswordConfig(config), intl);
const [desktopLoginLink, setDesktopLoginLink] = useState('');
const subscribeToSecurityNewsletterFunc = () => {
try {
Client4.subscribeToNewsletter({email, subscribed_content: 'security_newsletter'});
@ -165,40 +169,48 @@ const Signup = ({onCustomizeHeader}: SignupProps) => {
}
if (enableSignUpWithGitLab) {
const url = `${Client4.getOAuthRoute()}/gitlab/signup${search}`;
externalLoginOptions.push({
id: 'gitlab',
url: `${Client4.getOAuthRoute()}/gitlab/signup${search}`,
url,
icon: <LoginGitlabIcon/>,
label: GitLabButtonText || formatMessage({id: 'login.gitlab', defaultMessage: 'GitLab'}),
style: {color: GitLabButtonColor, borderColor: GitLabButtonColor},
onClick: desktopExternalAuth(url),
});
}
if (isLicensed && enableSignUpWithGoogle) {
const url = `${Client4.getOAuthRoute()}/google/signup${search}`;
externalLoginOptions.push({
id: 'google',
url: `${Client4.getOAuthRoute()}/google/signup${search}`,
url,
icon: <LoginGoogleIcon/>,
label: formatMessage({id: 'login.google', defaultMessage: 'Google'}),
onClick: desktopExternalAuth(url),
});
}
if (isLicensed && enableSignUpWithOffice365) {
const url = `${Client4.getOAuthRoute()}/office365/signup${search}`;
externalLoginOptions.push({
id: 'office365',
url: `${Client4.getOAuthRoute()}/office365/signup${search}`,
url,
icon: <LoginOffice365Icon/>,
label: formatMessage({id: 'login.office365', defaultMessage: 'Office 365'}),
onClick: desktopExternalAuth(url),
});
}
if (isLicensed && enableSignUpWithOpenId) {
const url = `${Client4.getOAuthRoute()}/openid/signup${search}`;
externalLoginOptions.push({
id: 'openid',
url: `${Client4.getOAuthRoute()}/openid/signup${search}`,
url,
icon: <LoginOpenIDIcon/>,
label: OpenIdButtonText || formatMessage({id: 'login.openid', defaultMessage: 'Open ID'}),
style: {color: OpenIdButtonColor, borderColor: OpenIdButtonColor},
onClick: desktopExternalAuth(url),
});
}
@ -211,6 +223,7 @@ const Signup = ({onCustomizeHeader}: SignupProps) => {
url: `${Client4.getUrl()}/login?${newSearchParam.toString()}`,
icon: <LockIcon/>,
label: LdapLoginFieldName || formatMessage({id: 'signup.ldap', defaultMessage: 'AD/LDAP Credentials'}),
onClick: () => {},
});
}
@ -218,11 +231,13 @@ const Signup = ({onCustomizeHeader}: SignupProps) => {
const newSearchParam = new URLSearchParams(search);
newSearchParam.set('action', 'signup');
const url = `${Client4.getUrl()}/login/sso/saml?${newSearchParam.toString()}`;
externalLoginOptions.push({
id: 'saml',
url: `${Client4.getUrl()}/login/sso/saml?${newSearchParam.toString()}`,
url,
icon: <LockIcon/>,
label: SamlLoginButtonText || formatMessage({id: 'login.saml', defaultMessage: 'SAML'}),
onClick: desktopExternalAuth(url),
});
}
@ -295,6 +310,17 @@ const Signup = ({onCustomizeHeader}: SignupProps) => {
setIsMobileView(window.innerWidth < MOBILE_SCREEN_WIDTH);
}, 100);
const desktopExternalAuth = (href: string) => {
return (event: React.MouseEvent) => {
if (isDesktopApp()) {
event.preventDefault();
setDesktopLoginLink(href);
history.push(`/signup_user_complete/desktop${search}`);
}
};
};
useEffect(() => {
dispatch(removeGlobalItem('team'));
trackEvent('signup', 'signup_user_01_welcome', {...getRoleFromTrackFlow(), ...getMediumFromTrackFlow()});
@ -448,6 +474,12 @@ const Signup = ({onCustomizeHeader}: SignupProps) => {
return;
}
await postSignupSuccess();
};
const postSignupSuccess = async () => {
const redirectTo = (new URLSearchParams(search)).get('redirect_to');
if (graphQLEnabled) {
await dispatch(loadMe());
} else {
@ -696,6 +728,20 @@ const Signup = ({onCustomizeHeader}: SignupProps) => {
);
}
if (desktopLoginLink) {
return (
<Route
path={'/signup_user_complete/desktop'}
render={() => (
<DesktopAuthToken
href={desktopLoginLink}
onLogin={postSignupSuccess}
/>
)}
/>
);
}
let emailCustomLabelForInput: CustomMessageInputType = parsedEmail ? {
type: ItemStatus.INFO,
value: formatMessage(

7
webapp/channels/src/i18n/en.json
View File

@ -3277,6 +3277,13 @@
"demote_to_user_modal.demote": "Demote",
"demote_to_user_modal.desc": "This action demotes the user {username} to a guest. It will restrict the user's ability to join public channels and interact with users outside of the channels they are currently members of. Are you sure you want to demote user {username} to guest?",
"demote_to_user_modal.title": "Demote User {username} to Guest",
"desktop_auth_token.complete.havingTrouble": "Having trouble logging in? <a>Open Mattermost in your browser</a>",
"desktop_auth_token.complete.openMattermost": "Click on <b>Open Mattermost</b> in the browser prompt to <a>launch the desktop app</a>",
"desktop_auth_token.complete.youAreNowLoggedIn": "You are now logged in",
"desktop_auth_token.error.restartFlow": "Click <a>here</a> to try again.",
"desktop_auth_token.error.somethingWentWrong": "Something went wrong",
"desktop_auth_token.polling.awaitingToken": "Authenticating in the browser, awaiting valid token.",
"desktop_auth_token.polling.redirectingToBrowser": "Redirecting to browser...",
"device_icons.android": "Android Icon",
"device_icons.apple": "Apple Icon",
"device_icons.linux": "Linux Icon",

12
webapp/platform/client/src/client4.ts
View File

@ -755,6 +755,18 @@ export default class Client4 {
return profile;
};
loginWithDesktopToken = async (token: string) => {
const body: any = {
token,
deviceId: '',
};
return await this.doFetch<UserProfile>(
`${this.getUsersRoute()}/login/desktop_token`,
{method: 'post', body: JSON.stringify(body)},
);
};
loginById = (id: string, password: string, token = '') => {
this.trackEvent('api', 'api_users_login');
const body: any = {