func login(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) if len(props["password"]) == 0 { c.Err = model.NewAppError("login", "Password field must not be blank", "") c.Err.StatusCode = http.StatusForbidden return } var user *model.User if len(props["id"]) != 0 { user = LoginById(c, w, r, props["id"], props["password"], props["device_id"]) } else if len(props["email"]) != 0 && len(props["name"]) != 0 { user = LoginByEmail(c, w, r, props["email"], props["name"], props["password"], props["device_id"]) } else { c.Err = model.NewAppError("login", "Either user id or team name and user email must be provided", "") c.Err.StatusCode = http.StatusForbidden return } if c.Err != nil { return } if user != nil { user.Sanitize(map[string]bool{}) } else { user = &model.User{} } w.Write([]byte(user.ToJson())) }
func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] code := r.URL.Query().Get("code") state := r.URL.Query().Get("state") teamName := r.FormValue("team") uri := c.GetSiteURL() + "/signup/" + service + "/complete?team=" + teamName if len(teamName) == 0 { c.Err = model.NewAppError("signupCompleteOAuth", "Invalid team name", "team_name="+teamName) c.Err.StatusCode = http.StatusBadRequest return } // Make sure team exists var team *model.Team if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { c.Err = result.Err return } else { team = result.Data.(*model.Team) } if body, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { c.Err = err return } else { var user *model.User if service == model.USER_AUTH_SERVICE_GITLAB { glu := model.GitLabUserFromJson(body) user = model.UserFromGitLabUser(glu) } if user == nil { c.Err = model.NewAppError("signupCompleteOAuth", "Could not create user out of "+service+" user object", "") return } if result := <-api.Srv.Store.User().GetByAuth(team.Id, user.AuthData, service); result.Err == nil { c.Err = model.NewAppError("signupCompleteOAuth", "This "+service+" account has already been used to sign up for team "+team.DisplayName, "email="+user.Email) return } if result := <-api.Srv.Store.User().GetByEmail(team.Id, user.Email); result.Err == nil { c.Err = model.NewAppError("signupCompleteOAuth", "Team "+team.DisplayName+" already has a user with the email address attached to your "+service+" account", "email="+user.Email) return } user.TeamId = team.Id page := NewHtmlTemplatePage("signup_user_oauth", "Complete User Sign Up") page.Props["User"] = user.ToJson() page.Props["TeamName"] = team.Name page.Props["TeamDisplayName"] = team.DisplayName page.Render(c, w) } }
func TestUserStoreGet(t *testing.T) { Setup() u1 := model.User{} u1.TeamId = model.NewId() u1.Email = model.NewId() Must(store.User().Save(&u1)) if r1 := <-store.User().Get(u1.Id); r1.Err != nil { t.Fatal(r1.Err) } else { if r1.Data.(*model.User).ToJson() != u1.ToJson() { t.Fatal("invalid returned user") } } if err := (<-store.User().Get("")).Err; err == nil { t.Fatal("Missing id should have failed") } }
func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) user_id := props["user_id"] if len(user_id) != 26 { c.SetInvalidParam("updateRoles", "user_id") return } new_roles := props["new_roles"] // no check since we allow the clearing of Roles var user *model.User if result := <-Srv.Store.User().Get(user_id); result.Err != nil { c.Err = result.Err return } else { user = result.Data.(*model.User) } if !c.HasPermissionsToTeam(user.TeamId, "updateRoles") { return } if !strings.Contains(c.Session.Roles, model.ROLE_ADMIN) && !c.IsSystemAdmin() { c.Err = model.NewAppError("updateRoles", "You do not have the appropriate permissions", "userId="+user_id) c.Err.StatusCode = http.StatusForbidden return } // make sure there is at least 1 other active admin if strings.Contains(user.Roles, model.ROLE_ADMIN) && !strings.Contains(new_roles, model.ROLE_ADMIN) { if result := <-Srv.Store.User().GetProfiles(user.TeamId); result.Err != nil { c.Err = result.Err return } else { activeAdmins := -1 profileUsers := result.Data.(map[string]*model.User) for _, profileUser := range profileUsers { if profileUser.DeleteAt == 0 && strings.Contains(profileUser.Roles, model.ROLE_ADMIN) { activeAdmins = activeAdmins + 1 } } if activeAdmins <= 0 { c.Err = model.NewAppError("updateRoles", "There must be at least one active admin", "userId="+user_id) return } } } user.Roles = new_roles var ruser *model.User if result := <-Srv.Store.User().Update(user, true); result.Err != nil { c.Err = result.Err return } else { c.LogAuditWithUserId(user.Id, "roles="+new_roles) ruser = result.Data.([2]*model.User)[0] } uchan := Srv.Store.Session().UpdateRoles(user.Id, new_roles) gchan := Srv.Store.Session().GetSessions(user.Id) if result := <-uchan; result.Err != nil { // soft error since the user roles were still updated l4g.Error(result.Err) } if result := <-gchan; result.Err != nil { // soft error since the user roles were still updated l4g.Error(result.Err) } else { sessions := result.Data.([]*model.Session) for _, s := range sessions { sessionCache.Remove(s.Id) } } options := utils.SanitizeOptions options["passwordupdate"] = false ruser.Sanitize(options) w.Write([]byte(ruser.ToJson())) }