func signupTeamConfirm(c *api.Context, w http.ResponseWriter, r *http.Request) {
email := r.FormValue("email")
page := NewHtmlTemplatePage("signup_team_confirm", c.T("web.signup_team_confirm.title"), c.Locale)
page.Props["Email"] = email
page.Render(c, w)
}
func docs(c *api.Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
doc := params["doc"]
page := NewHtmlTemplatePage("docs", c.T("web.doc.title"), c.Locale)
page.Props["Site"] = doc
page.Render(c, w)
}
func signup(c *api.Context, w http.ResponseWriter, r *http.Request) {
if !CheckBrowserCompatability(c, r) {
return
}
page := NewHtmlTemplatePage("signup_team", c.T("web.root.singup_title"), c.Locale)
page.Render(c, w)
}
func claimAccount(c *api.Context, w http.ResponseWriter, r *http.Request) {
if !CheckBrowserCompatability(c, r) {
return
}
params := mux.Vars(r)
teamName := params["team"]
email := r.URL.Query().Get("email")
newType := r.URL.Query().Get("new_type")
var team *model.Team
if tResult := <-api.Srv.Store.Team().GetByName(teamName); tResult.Err != nil {
l4g.Error(utils.T("web.claim_account.team.error"), teamName, tResult.Err.Message)
http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host, http.StatusTemporaryRedirect)
return
} else {
team = tResult.Data.(*model.Team)
}
authType := ""
if len(email) != 0 {
if uResult := <-api.Srv.Store.User().GetByEmail(team.Id, email); uResult.Err != nil {
l4g.Error(utils.T("web.claim_account.user.error"), team.Id, email, uResult.Err.Message)
http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host, http.StatusTemporaryRedirect)
return
} else {
user := uResult.Data.(*model.User)
authType = user.AuthService
// if user is not logged in to their SSO account, ask them to log in
if len(authType) != 0 && user.Id != c.Session.UserId {
stateProps := map[string]string{}
stateProps["action"] = model.OAUTH_ACTION_SSO_TO_EMAIL
stateProps["email"] = email
if authUrl, err := api.GetAuthorizationCode(c, authType, team.Name, stateProps, ""); err != nil {
c.Err = err
return
} else {
http.Redirect(w, r, authUrl, http.StatusFound)
}
}
}
}
page := NewHtmlTemplatePage("claim_account", c.T("web.claim_account.title"), c.Locale)
page.Props["Email"] = email
page.Props["CurrentType"] = authType
page.Props["NewType"] = newType
page.Props["TeamDisplayName"] = team.DisplayName
page.Props["TeamName"] = team.Name
page.Render(c, w)
}
func signupUserComplete(c *api.Context, w http.ResponseWriter, r *http.Request) {
id := r.FormValue("id")
data := r.FormValue("d")
hash := r.FormValue("h")
var props map[string]string
if len(id) > 0 {
props = make(map[string]string)
if result := <-api.Srv.Store.Team().GetByInviteId(id); result.Err != nil {
c.Err = result.Err
return
} else {
team := result.Data.(*model.Team)
if !(team.Type == model.TEAM_OPEN || (team.Type == model.TEAM_INVITE && len(team.AllowedDomains) > 0)) {
c.Err = model.NewLocAppError("signupUserComplete", "web.signup_user_complete.no_invites.app_error", nil, "id="+id)
return
}
props["email"] = ""
props["display_name"] = team.DisplayName
props["name"] = team.Name
props["id"] = team.Id
data = model.MapToJson(props)
hash = ""
}
} else {
if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) {
c.Err = model.NewLocAppError("signupTeamComplete", "web.signup_user_complete.link_invalid.app_error", nil, "")
return
}
props = model.MapFromJson(strings.NewReader(data))
t, err := strconv.ParseInt(props["time"], 10, 64)
if err != nil || model.GetMillis()-t > 1000*60*60*48 { // 48 hour
c.Err = model.NewLocAppError("signupTeamComplete", "web.signup_user_complete.link_expired.app_error", nil, "")
return
}
}
page := NewHtmlTemplatePage("signup_user_complete", c.T("web.signup_user_complete.title"), c.Locale)
page.Props["Email"] = props["email"]
page.Props["TeamDisplayName"] = props["display_name"]
page.Props["TeamName"] = props["name"]
page.Props["TeamId"] = props["id"]
page.Props["Data"] = data
page.Props["Hash"] = hash
page.Render(c, w)
}
func root(c *api.Context, w http.ResponseWriter, r *http.Request) {
if !CheckBrowserCompatability(c, r) {
return
}
if len(c.Session.UserId) == 0 {
page := NewHtmlTemplatePage("signup_team", c.T("web.root.singup_title"), c.Locale)
if result := <-api.Srv.Store.Team().GetAllTeamListing(); result.Err != nil {
c.Err = result.Err
return
} else {
teams := result.Data.([]*model.Team)
for _, team := range teams {
page.Props[team.Name] = team.DisplayName
}
if len(teams) == 1 && *utils.Cfg.TeamSettings.EnableTeamListing && !utils.Cfg.TeamSettings.EnableTeamCreation {
http.Redirect(w, r, c.GetSiteURL()+"/"+teams[0].Name, http.StatusTemporaryRedirect)
return
}
}
page.Render(c, w)
} else {
teamChan := api.Srv.Store.Team().Get(c.Session.TeamId)
userChan := api.Srv.Store.User().Get(c.Session.UserId)
var team *model.Team
if tr := <-teamChan; tr.Err != nil {
c.Err = tr.Err
return
} else {
team = tr.Data.(*model.Team)
}
var user *model.User
if ur := <-userChan; ur.Err != nil {
c.Err = ur.Err
return
} else {
user = ur.Data.(*model.User)
}
page := NewHtmlTemplatePage("home", c.T("web.root.home_title"), c.Locale)
page.Team = team
page.User = user
page.Render(c, w)
}
}
func verifyEmail(c *api.Context, w http.ResponseWriter, r *http.Request) {
resend := r.URL.Query().Get("resend")
resendSuccess := r.URL.Query().Get("resend_success")
name := r.URL.Query().Get("teamname")
email := r.URL.Query().Get("email")
hashedId := r.URL.Query().Get("hid")
userId := r.URL.Query().Get("uid")
var team *model.Team
if result := <-api.Srv.Store.Team().GetByName(name); result.Err != nil {
c.Err = result.Err
return
} else {
team = result.Data.(*model.Team)
}
if resend == "true" {
if result := <-api.Srv.Store.User().GetByEmail(team.Id, email); result.Err != nil {
c.Err = result.Err
return
} else {
user := result.Data.(*model.User)
if user.LastActivityAt > 0 {
api.SendEmailChangeVerifyEmailAndForget(c, user.Id, user.Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team))
} else {
api.SendVerifyEmailAndForget(c, user.Id, user.Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team))
}
newAddress := strings.Replace(r.URL.String(), "&resend=true", "&resend_success=true", -1)
http.Redirect(w, r, newAddress, http.StatusFound)
return
}
}
if len(userId) == 26 && len(hashedId) != 0 && model.ComparePassword(hashedId, userId) {
if c.Err = (<-api.Srv.Store.User().VerifyEmail(userId)).Err; c.Err != nil {
return
} else {
c.LogAudit("Email Verified")
http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host+"/"+name+"/login?extra=verified&email="+url.QueryEscape(email), http.StatusTemporaryRedirect)
return
}
}
page := NewHtmlTemplatePage("verify", c.T("web.email_verified.title"), c.Locale)
page.Props["TeamURL"] = c.GetTeamURLFromTeam(team)
page.Props["UserEmail"] = email
page.Props["ResendSuccess"] = resendSuccess
page.Render(c, w)
}
func authorizeOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) {
if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider {
c.Err = model.NewLocAppError("authorizeOAuth", "web.authorize_oauth.disabled.app_error", nil, "")
c.Err.StatusCode = http.StatusNotImplemented
return
}
if !CheckBrowserCompatability(c, r) {
return
}
responseType := r.URL.Query().Get("response_type")
clientId := r.URL.Query().Get("client_id")
redirect := r.URL.Query().Get("redirect_uri")
scope := r.URL.Query().Get("scope")
state := r.URL.Query().Get("state")
if len(responseType) == 0 || len(clientId) == 0 || len(redirect) == 0 {
c.Err = model.NewLocAppError("authorizeOAuth", "web.authorize_oauth.missing.app_error", nil, "")
return
}
var app *model.OAuthApp
if result := <-api.Srv.Store.OAuth().GetApp(clientId); result.Err != nil {
c.Err = result.Err
return
} else {
app = result.Data.(*model.OAuthApp)
}
var team *model.Team
if result := <-api.Srv.Store.Team().Get(c.Session.TeamId); result.Err != nil {
c.Err = result.Err
return
} else {
team = result.Data.(*model.Team)
}
page := NewHtmlTemplatePage("authorize", c.T("web.authorize_oauth.title"), c.Locale)
page.Props["TeamName"] = team.Name
page.Props["AppName"] = app.Name
page.Props["ResponseType"] = responseType
page.Props["ClientId"] = clientId
page.Props["RedirectUri"] = redirect
page.Props["Scope"] = scope
page.Props["State"] = state
page.Render(c, w)
}
func root(c *api.Context, w http.ResponseWriter, r *http.Request) {
if !CheckBrowserCompatability(c, r) {
w.Header().Set("Cache-Control", "no-store")
w.WriteHeader(http.StatusBadRequest)
w.Write([]byte(c.T("web.check_browser_compatibility.app_error")))
return
}
if api.IsApiCall(r) {
api.Handle404(w, r)
return
}
w.Header().Set("Cache-Control", "no-cache, max-age=31556926, public")
http.ServeFile(w, r, utils.FindDir(model.CLIENT_DIR)+"root.html")
}
func docs(c *api.Context, w http.ResponseWriter, r *http.Request) {
params := mux.Vars(r)
doc := params["doc"]
var user *model.User
if len(c.Session.UserId) != 0 {
userChan := api.Srv.Store.User().Get(c.Session.UserId)
if userChan := <-userChan; userChan.Err == nil {
user = userChan.Data.(*model.User)
}
}
page := NewHtmlTemplatePage("docs", c.T("web.doc.title"), c.Locale)
page.Props["Site"] = doc
page.User = user
page.Render(c, w)
}
func login(c *api.Context, w http.ResponseWriter, r *http.Request) {
if !CheckBrowserCompatability(c, r) {
return
}
params := mux.Vars(r)
teamName := params["team"]
var team *model.Team
if tResult := <-api.Srv.Store.Team().GetByName(teamName); tResult.Err != nil {
l4g.Error(utils.T("web.login.error"), teamName, tResult.Err.Message)
http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host, http.StatusTemporaryRedirect)
return
} else {
team = tResult.Data.(*model.Team)
}
// We still might be able to switch to this team because we've logged in before
_, session := api.FindMultiSessionForTeamId(r, team.Id)
if session != nil {
w.Header().Set(model.HEADER_TOKEN, session.Token)
lastViewChannelName := "town-square"
if lastViewResult := <-api.Srv.Store.Preference().Get(session.UserId, model.PREFERENCE_CATEGORY_LAST, model.PREFERENCE_NAME_LAST_CHANNEL); lastViewResult.Err == nil {
if lastViewChannelResult := <-api.Srv.Store.Channel().Get(lastViewResult.Data.(model.Preference).Value); lastViewChannelResult.Err == nil {
lastViewChannelName = lastViewChannelResult.Data.(*model.Channel).Name
}
}
http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/"+lastViewChannelName, http.StatusTemporaryRedirect)
return
}
page := NewHtmlTemplatePage("login", c.T("web.login.login_title"), c.Locale)
page.Props["TeamDisplayName"] = team.DisplayName
page.Props["TeamName"] = team.Name
if team.AllowOpenInvite {
page.Props["InviteId"] = team.InviteId
}
page.Render(c, w)
}
func signupTeamComplete(c *api.Context, w http.ResponseWriter, r *http.Request) {
data := r.FormValue("d")
hash := r.FormValue("h")
if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) {
c.Err = model.NewLocAppError("signupTeamComplete", "web.signup_team_complete.invalid_link.app_error", nil, "")
return
}
props := model.MapFromJson(strings.NewReader(data))
t, err := strconv.ParseInt(props["time"], 10, 64)
if err != nil || model.GetMillis()-t > 1000*60*60*24*30 { // 30 days
c.Err = model.NewLocAppError("signupTeamComplete", "web.signup_team_complete.link_expired.app_error", nil, "")
return
}
page := NewHtmlTemplatePage("signup_team_complete", c.T("web.signup_team_complete.title"), c.Locale)
page.Props["Email"] = props["email"]
page.Props["Data"] = data
page.Props["Hash"] = hash
page.Render(c, w)
}
func adminConsole(c *api.Context, w http.ResponseWriter, r *http.Request) {
if !c.HasSystemAdminPermissions("adminConsole") {
return
}
teamChan := api.Srv.Store.Team().Get(c.Session.TeamId)
userChan := api.Srv.Store.User().Get(c.Session.UserId)
var team *model.Team
if tr := <-teamChan; tr.Err != nil {
c.Err = tr.Err
return
} else {
team = tr.Data.(*model.Team)
}
var user *model.User
if ur := <-userChan; ur.Err != nil {
c.Err = ur.Err
return
} else {
user = ur.Data.(*model.User)
}
params := mux.Vars(r)
activeTab := params["tab"]
teamId := params["team"]
page := NewHtmlTemplatePage("admin_console", c.T("web.admin_console.title"), c.Locale)
page.User = user
page.Team = team
page.Props["ActiveTab"] = activeTab
page.Props["TeamId"] = teamId
page.Render(c, w)
}
func (me *HtmlTemplatePage) Render(c *api.Context, w http.ResponseWriter) {
if me.Team != nil {
me.Team.Sanitize()
}
if me.User != nil {
me.User.Sanitize(map[string]bool{})
me.Locale = me.User.Locale
}
me.Props["Locale"] = me.Locale
me.SessionTokenIndex = c.SessionTokenIndex
me.ClientCfg["FooterHelp"] = c.T("web.footer.help")
me.ClientCfg["FooterTerms"] = c.T("web.footer.terms")
me.ClientCfg["FooterPrivacy"] = c.T("web.footer.privacy")
me.ClientCfg["FooterAbout"] = c.T("web.footer.about")
if err := Templates.ExecuteTemplate(w, me.TemplateName, me); err != nil {
c.SetUnknownError(me.TemplateName, err.Error())
}
}
func findTeam(c *api.Context, w http.ResponseWriter, r *http.Request) {
page := NewHtmlTemplatePage("find_team", c.T("web.find_team.title"), c.Locale)
page.Render(c, w)
}