func signupTeamConfirm(c *api.Context, w http.ResponseWriter, r *http.Request) { email := r.FormValue("email") page := NewHtmlTemplatePage("signup_team_confirm", c.T("web.signup_team_confirm.title"), c.Locale) page.Props["Email"] = email page.Render(c, w) }
func doLoadChannel(c *api.Context, w http.ResponseWriter, r *http.Request, team *model.Team, channel *model.Channel, postid string) { userChan := api.Srv.Store.User().Get(c.Session.UserId) prefChan := api.Srv.Store.Preference().GetAll(c.Session.UserId) var user *model.User if ur := <-userChan; ur.Err != nil { c.Err = ur.Err c.RemoveSessionCookie(w, r) l4g.Error(utils.T("web.do_load_channel.error"), c.Session.UserId) return } else { user = ur.Data.(*model.User) } var preferences model.Preferences if result := <-prefChan; result.Err != nil { l4g.Error("Error in getting preferences for id=%v", c.Session.UserId) } else { preferences = result.Data.(model.Preferences) } page := NewHtmlTemplatePage("channel", "", c.Locale) page.Props["Title"] = channel.DisplayName + " - " + team.DisplayName + " " + page.ClientCfg["SiteName"] page.Props["TeamDisplayName"] = team.DisplayName page.Props["ChannelName"] = channel.Name page.Props["ChannelId"] = channel.Id page.Props["PostId"] = postid page.Team = team page.User = user page.Channel = channel page.Preferences = &preferences page.Render(c, w) }
func login(c *api.Context, w http.ResponseWriter, r *http.Request) { if !CheckBrowserCompatability(c, r) { return } params := mux.Vars(r) teamName := params["team"] var team *model.Team if tResult := <-api.Srv.Store.Team().GetByName(teamName); tResult.Err != nil { l4g.Error("Couldn't find team name=%v, err=%v", teamName, tResult.Err.Message) http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host, http.StatusTemporaryRedirect) return } else { team = tResult.Data.(*model.Team) } // We still might be able to switch to this team because we've logged in before _, session := api.FindMultiSessionForTeamId(r, team.Id) if session != nil { w.Header().Set(model.HEADER_TOKEN, session.Token) http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusTemporaryRedirect) return } page := NewHtmlTemplatePage("login", "Login") page.Props["TeamDisplayName"] = team.DisplayName page.Props["TeamName"] = team.Name if team.AllowOpenInvite { page.Props["InviteId"] = team.InviteId } page.Render(c, w) }
func loginWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] teamName := params["team"] loginHint := r.URL.Query().Get("login_hint") if len(teamName) == 0 { c.Err = model.NewAppError("loginWithOAuth", "Invalid team name", "team_name="+teamName) c.Err.StatusCode = http.StatusBadRequest return } // Make sure team exists if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { c.Err = result.Err return } stateProps := map[string]string{} stateProps["action"] = model.OAUTH_ACTION_LOGIN if authUrl, err := api.GetAuthorizationCode(c, service, teamName, stateProps, loginHint); err != nil { c.Err = err return } else { http.Redirect(w, r, authUrl, http.StatusFound) } }
func login(c *api.Context, w http.ResponseWriter, r *http.Request) { if !CheckBrowserCompatability(c, r) { return } params := mux.Vars(r) teamName := params["team"] var team *model.Team if tResult := <-api.Srv.Store.Team().GetByName(teamName); tResult.Err != nil { l4g.Error("Couldn't find team name=%v, teamURL=%v, err=%v", teamName, c.GetTeamURL(), tResult.Err.Message) // This should probably do somthing nicer http.Redirect(w, r, "http://"+r.Host, http.StatusTemporaryRedirect) return } else { team = tResult.Data.(*model.Team) } // If we are already logged into this team then go to home if len(c.Session.UserId) != 0 && c.Session.TeamId == team.Id { page := NewHtmlTemplatePage("home", "Home") page.Props["TeamURL"] = c.GetTeamURL() page.Render(c, w) return } page := NewHtmlTemplatePage("login", "Login") page.Props["TeamDisplayName"] = team.DisplayName page.Props["TeamName"] = teamName page.Props["AuthServices"] = model.ArrayToJson(utils.GetAllowedAuthServices()) page.Render(c, w) }
func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) name := params["channelname"] teamName := params["team"] team := checkSessionSwitch(c, w, r, teamName) if team == nil { // Error already set by getTeam return } var channel *model.Channel if result := <-api.Srv.Store.Channel().CheckPermissionsToByName(c.Session.TeamId, name, c.Session.UserId); result.Err != nil { c.Err = result.Err return } else { channelId := result.Data.(string) if len(channelId) == 0 { if channel = autoJoinChannelName(c, w, r, name); channel == nil { http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound) return } } else { if result := <-api.Srv.Store.Channel().Get(channelId); result.Err != nil { c.Err = result.Err return } else { channel = result.Data.(*model.Channel) } } } doLoadChannel(c, w, r, team, channel, "") }
func docs(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) doc := params["doc"] page := NewHtmlTemplatePage("docs", c.T("web.doc.title"), c.Locale) page.Props["Site"] = doc page.Render(c, w) }
func signup(c *api.Context, w http.ResponseWriter, r *http.Request) { if !CheckBrowserCompatability(c, r) { return } page := NewHtmlTemplatePage("signup_team", c.T("web.root.singup_title"), c.Locale) page.Render(c, w) }
func adminConsole(c *api.Context, w http.ResponseWriter, r *http.Request) { if !c.HasSystemAdminPermissions("adminConsole") { return } page := NewHtmlTemplatePage("admin_console", "Admin Console") page.Render(c, w) }
func claimAccount(c *api.Context, w http.ResponseWriter, r *http.Request) { if !CheckBrowserCompatability(c, r) { return } params := mux.Vars(r) teamName := params["team"] email := r.URL.Query().Get("email") newType := r.URL.Query().Get("new_type") var team *model.Team if tResult := <-api.Srv.Store.Team().GetByName(teamName); tResult.Err != nil { l4g.Error(utils.T("web.claim_account.team.error"), teamName, tResult.Err.Message) http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host, http.StatusTemporaryRedirect) return } else { team = tResult.Data.(*model.Team) } authType := "" if len(email) != 0 { if uResult := <-api.Srv.Store.User().GetByEmail(team.Id, email); uResult.Err != nil { l4g.Error(utils.T("web.claim_account.user.error"), team.Id, email, uResult.Err.Message) http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host, http.StatusTemporaryRedirect) return } else { user := uResult.Data.(*model.User) authType = user.AuthService // if user is not logged in to their SSO account, ask them to log in if len(authType) != 0 && user.Id != c.Session.UserId { stateProps := map[string]string{} stateProps["action"] = model.OAUTH_ACTION_SSO_TO_EMAIL stateProps["email"] = email if authUrl, err := api.GetAuthorizationCode(c, authType, team.Name, stateProps, ""); err != nil { c.Err = err return } else { http.Redirect(w, r, authUrl, http.StatusFound) } } } } page := NewHtmlTemplatePage("claim_account", c.T("web.claim_account.title"), c.Locale) page.Props["Email"] = email page.Props["CurrentType"] = authType page.Props["NewType"] = newType page.Props["TeamDisplayName"] = team.DisplayName page.Props["TeamName"] = team.Name page.Render(c, w) }
func signupUserComplete(c *api.Context, w http.ResponseWriter, r *http.Request) { id := r.FormValue("id") data := r.FormValue("d") hash := r.FormValue("h") var props map[string]string if len(id) > 0 { props = make(map[string]string) if result := <-api.Srv.Store.Team().Get(id); result.Err != nil { c.Err = result.Err return } else { team := result.Data.(*model.Team) if !(team.Type == model.TEAM_OPEN || (team.Type == model.TEAM_INVITE && len(team.AllowedDomains) > 0)) { c.Err = model.NewAppError("signupUserComplete", "The team type doesn't allow open invites", "id="+id) return } props["email"] = "" props["display_name"] = team.DisplayName props["name"] = team.Name props["id"] = team.Id data = model.MapToJson(props) hash = "" } } else { if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.ServiceSettings.InviteSalt)) { c.Err = model.NewAppError("signupTeamComplete", "The signup link does not appear to be valid", "") return } props = model.MapFromJson(strings.NewReader(data)) t, err := strconv.ParseInt(props["time"], 10, 64) if err != nil || model.GetMillis()-t > 1000*60*60*48 { // 48 hour c.Err = model.NewAppError("signupTeamComplete", "The signup link has expired", "") return } } page := NewHtmlTemplatePage("signup_user_complete", "Complete User Sign Up") page.Props["Email"] = props["email"] page.Props["TeamDisplayName"] = props["display_name"] page.Props["TeamName"] = props["name"] page.Props["TeamId"] = props["id"] page.Props["Data"] = data page.Props["Hash"] = hash page.Props["AuthServices"] = model.ArrayToJson(utils.GetAllowedAuthServices()) page.Render(c, w) }
func root(c *api.Context, w http.ResponseWriter, r *http.Request) { if !CheckBrowserCompatability(c, r) { return } if len(c.Session.UserId) == 0 { page := NewHtmlTemplatePage("signup_team", "Signup") if result := <-api.Srv.Store.Team().GetAllTeamListing(); result.Err != nil { c.Err = result.Err return } else { teams := result.Data.([]*model.Team) for _, team := range teams { page.Props[team.Name] = team.DisplayName } if len(teams) == 1 && *utils.Cfg.TeamSettings.EnableTeamListing { http.Redirect(w, r, c.GetSiteURL()+"/"+teams[0].Name, http.StatusTemporaryRedirect) return } } page.Render(c, w) } else { teamChan := api.Srv.Store.Team().Get(c.Session.TeamId) userChan := api.Srv.Store.User().Get(c.Session.UserId) var team *model.Team if tr := <-teamChan; tr.Err != nil { c.Err = tr.Err return } else { team = tr.Data.(*model.Team) } var user *model.User if ur := <-userChan; ur.Err != nil { c.Err = ur.Err return } else { user = ur.Data.(*model.User) } page := NewHtmlTemplatePage("home", "Home") page.Team = team page.User = user page.Render(c, w) } }
func completeOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] code := r.URL.Query().Get("code") state := r.URL.Query().Get("state") uri := c.GetSiteURL() + "/signup/" + service + "/complete" // Remove /signup after a few releases (~1.8) if body, team, props, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { c.Err = err return } else { action := props["action"] switch action { case model.OAUTH_ACTION_SIGNUP: api.CreateOAuthUser(c, w, r, service, body, team) if c.Err == nil { root(c, w, r) } break case model.OAUTH_ACTION_LOGIN: l4g.Debug(fmt.Sprintf("CODE === %v", code)) l4g.Debug(fmt.Sprintf("BODY === %v", body)) api.LoginByOAuth(c, w, r, service, body, team) if c.Err == nil { root(c, w, r) } break case model.OAUTH_ACTION_EMAIL_TO_SSO: api.CompleteSwitchWithOAuth(c, w, r, service, body, team, props["email"]) if c.Err == nil { http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host+"/"+team.Name+"/login?extra=signin_change", http.StatusTemporaryRedirect) } break case model.OAUTH_ACTION_SSO_TO_EMAIL: api.LoginByOAuth(c, w, r, service, body, team) if c.Err == nil { http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host+"/"+team.Name+"/"+"/claim?email="+url.QueryEscape(props["email"]), http.StatusTemporaryRedirect) } break default: api.LoginByOAuth(c, w, r, service, body, team) if c.Err == nil { root(c, w, r) } break } } }
func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] code := r.URL.Query().Get("code") state := r.URL.Query().Get("state") teamName := r.FormValue("team") uri := c.GetSiteURL() + "/signup/" + service + "/complete?team=" + teamName if len(teamName) == 0 { c.Err = model.NewAppError("signupCompleteOAuth", "Invalid team name", "team_name="+teamName) c.Err.StatusCode = http.StatusBadRequest return } // Make sure team exists var team *model.Team if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { c.Err = result.Err return } else { team = result.Data.(*model.Team) } if body, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { c.Err = err return } else { var user *model.User if service == model.USER_AUTH_SERVICE_GITLAB { glu := model.GitLabUserFromJson(body) user = model.UserFromGitLabUser(glu) } if user == nil { c.Err = model.NewAppError("signupCompleteOAuth", "Could not create user out of "+service+" user object", "") return } if result := <-api.Srv.Store.User().GetByAuth(team.Id, user.AuthData, service); result.Err == nil { c.Err = model.NewAppError("signupCompleteOAuth", "This "+service+" account has already been used to sign up for team "+team.DisplayName, "email="+user.Email) return } if result := <-api.Srv.Store.User().GetByEmail(team.Id, user.Email); result.Err == nil { c.Err = model.NewAppError("signupCompleteOAuth", "Team "+team.DisplayName+" already has a user with the email address attached to your "+service+" account", "email="+user.Email) return } user.TeamId = team.Id page := NewHtmlTemplatePage("signup_user_oauth", "Complete User Sign Up") page.Props["User"] = user.ToJson() page.Props["TeamName"] = team.Name page.Props["TeamDisplayName"] = team.DisplayName page.Render(c, w) } }
func resetPassword(c *api.Context, w http.ResponseWriter, r *http.Request) { isResetLink := true hash := r.URL.Query().Get("h") data := r.URL.Query().Get("d") if len(hash) == 0 || len(data) == 0 { isResetLink = false } else { if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.ServiceSettings.ResetSalt)) { c.Err = model.NewAppError("resetPassword", "The reset link does not appear to be valid", "") return } props := model.MapFromJson(strings.NewReader(data)) t, err := strconv.ParseInt(props["time"], 10, 64) if err != nil || model.GetMillis()-t > 1000*60*60 { // one hour c.Err = model.NewAppError("resetPassword", "The signup link has expired", "") return } } teamName := "Developer/Beta" domain := "" if utils.Cfg.ServiceSettings.Mode != utils.MODE_DEV { domain, _ = model.GetSubDomain(c.TeamUrl) var team *model.Team if tResult := <-api.Srv.Store.Team().GetByDomain(domain); tResult.Err != nil { c.Err = tResult.Err return } else { team = tResult.Data.(*model.Team) } if team != nil { teamName = team.Name } } page := NewHtmlTemplatePage("password_reset", "") page.Title = "Reset Password - " + page.SiteName page.Props["TeamName"] = teamName page.Props["Hash"] = hash page.Props["Data"] = data page.Props["Domain"] = domain page.Props["IsReset"] = strconv.FormatBool(isResetLink) page.Render(c, w) }
func root(c *api.Context, w http.ResponseWriter, r *http.Request) { if !CheckBrowserCompatability(c, r) { return } if len(c.Session.UserId) == 0 { page := NewHtmlTemplatePage("signup_team", "Signup") page.Render(c, w) } else { page := NewHtmlTemplatePage("home", "Home") page.Props["TeamURL"] = c.GetTeamURL() page.Render(c, w) } }
func (me *HtmlTemplatePage) Render(c *api.Context, w http.ResponseWriter) { if me.Team != nil { me.Team.Sanitize() } if me.User != nil { me.User.Sanitize(map[string]bool{}) } me.SessionTokenIndex = c.SessionTokenIndex if err := Templates.ExecuteTemplate(w, me.TemplateName, me); err != nil { c.SetUnknownError(me.TemplateName, err.Error()) } }
func verifyEmail(c *api.Context, w http.ResponseWriter, r *http.Request) { resend := r.URL.Query().Get("resend") domain := r.URL.Query().Get("domain") email := r.URL.Query().Get("email") hashedId := r.URL.Query().Get("hid") userId := r.URL.Query().Get("uid") if resend == "true" { teamId := "" if result := <-api.Srv.Store.Team().GetByDomain(domain); result.Err != nil { c.Err = result.Err return } else { teamId = result.Data.(*model.Team).Id } if result := <-api.Srv.Store.User().GetByEmail(teamId, email); result.Err != nil { c.Err = result.Err return } else { user := result.Data.(*model.User) api.FireAndForgetVerifyEmail(user.Id, strings.Split(user.FullName, " ")[0], user.Email, domain, c.TeamUrl) http.Redirect(w, r, "/", http.StatusFound) return } } var isVerified string if len(userId) != 26 { isVerified = "false" } else if len(hashedId) == 0 { isVerified = "false" } else if model.ComparePassword(hashedId, userId) { isVerified = "true" if c.Err = (<-api.Srv.Store.User().VerifyEmail(userId)).Err; c.Err != nil { return } else { c.LogAudit("") } } else { isVerified = "false" } page := NewHtmlTemplatePage("verify", "Email Verified") page.Props["IsVerified"] = isVerified page.Render(c, w) }
func authorizeOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider { c.Err = model.NewAppError("authorizeOAuth", "The system admin has turned off OAuth service providing.", "") c.Err.StatusCode = http.StatusNotImplemented return } if !CheckBrowserCompatability(c, r) { return } responseType := r.URL.Query().Get("response_type") clientId := r.URL.Query().Get("client_id") redirect := r.URL.Query().Get("redirect_uri") scope := r.URL.Query().Get("scope") state := r.URL.Query().Get("state") if len(responseType) == 0 || len(clientId) == 0 || len(redirect) == 0 { c.Err = model.NewAppError("authorizeOAuth", "Missing one or more of response_type, client_id, or redirect_uri", "") return } var app *model.OAuthApp if result := <-api.Srv.Store.OAuth().GetApp(clientId); result.Err != nil { c.Err = result.Err return } else { app = result.Data.(*model.OAuthApp) } var team *model.Team if result := <-api.Srv.Store.Team().Get(c.Session.TeamId); result.Err != nil { c.Err = result.Err return } else { team = result.Data.(*model.Team) } page := NewHtmlTemplatePage("authorize", "Authorize Application") page.Props["TeamName"] = team.Name page.Props["AppName"] = app.Name page.Props["ResponseType"] = responseType page.Props["ClientId"] = clientId page.Props["RedirectUri"] = redirect page.Props["Scope"] = scope page.Props["State"] = state page.Render(c, w) }
func verifyEmail(c *api.Context, w http.ResponseWriter, r *http.Request) { resend := r.URL.Query().Get("resend") resendSuccess := r.URL.Query().Get("resend_success") name := r.URL.Query().Get("teamname") email := r.URL.Query().Get("email") hashedId := r.URL.Query().Get("hid") userId := r.URL.Query().Get("uid") var team *model.Team if result := <-api.Srv.Store.Team().GetByName(name); result.Err != nil { c.Err = result.Err return } else { team = result.Data.(*model.Team) } if resend == "true" { if result := <-api.Srv.Store.User().GetByEmail(team.Id, email); result.Err != nil { c.Err = result.Err return } else { user := result.Data.(*model.User) api.FireAndForgetVerifyEmail(user.Id, user.Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) newAddress := strings.Replace(r.URL.String(), "&resend=true", "&resend_success=true", -1) http.Redirect(w, r, newAddress, http.StatusFound) return } } var isVerified string if len(userId) != 26 { isVerified = "false" } else if len(hashedId) == 0 { isVerified = "false" } else if model.ComparePassword(hashedId, userId) { isVerified = "true" if c.Err = (<-api.Srv.Store.User().VerifyEmail(userId)).Err; c.Err != nil { return } else { c.LogAudit("") } } else { isVerified = "false" } page := NewHtmlTemplatePage("verify", "Email Verified") page.Props["IsVerified"] = isVerified page.Props["TeamURL"] = c.GetTeamURLFromTeam(team) page.Props["UserEmail"] = email page.Props["ResendSuccess"] = resendSuccess page.Render(c, w) }
func root(c *api.Context, w http.ResponseWriter, r *http.Request) { if !CheckBrowserCompatability(c, r) { w.Header().Set("Cache-Control", "no-store") w.WriteHeader(http.StatusBadRequest) w.Write([]byte(c.T("web.check_browser_compatibility.app_error"))) return } if api.IsApiCall(r) { api.Handle404(w, r) return } w.Header().Set("Cache-Control", "no-cache, max-age=31556926, public") http.ServeFile(w, r, utils.FindDir(model.CLIENT_DIR)+"root.html") }
func adminConsole(c *api.Context, w http.ResponseWriter, r *http.Request) { if !c.HasSystemAdminPermissions("adminConsole") { return } params := mux.Vars(r) activeTab := params["tab"] teamId := params["team"] page := NewHtmlTemplatePage("admin_console", "Admin Console") page.Props["ActiveTab"] = activeTab page.Props["TeamId"] = teamId page.Render(c, w) }
func resetPassword(c *api.Context, w http.ResponseWriter, r *http.Request) { isResetLink := true hash := r.URL.Query().Get("h") data := r.URL.Query().Get("d") params := mux.Vars(r) teamName := params["team"] if len(hash) == 0 || len(data) == 0 { isResetLink = false } else { if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.PasswordResetSalt)) { c.Err = model.NewAppError("resetPassword", "The reset link does not appear to be valid", "") return } props := model.MapFromJson(strings.NewReader(data)) t, err := strconv.ParseInt(props["time"], 10, 64) if err != nil || model.GetMillis()-t > 1000*60*60 { // one hour c.Err = model.NewAppError("resetPassword", "The signup link has expired", "") return } } teamDisplayName := "Developer/Beta" var team *model.Team if tResult := <-api.Srv.Store.Team().GetByName(teamName); tResult.Err != nil { c.Err = tResult.Err return } else { team = tResult.Data.(*model.Team) } if team != nil { teamDisplayName = team.DisplayName } page := NewHtmlTemplatePage("password_reset", "", c.Locale) page.Props["Title"] = "Reset Password " + page.ClientCfg["SiteName"] page.Props["TeamDisplayName"] = teamDisplayName page.Props["TeamName"] = teamName page.Props["Hash"] = hash page.Props["Data"] = data page.Props["TeamName"] = teamName page.Props["IsReset"] = strconv.FormatBool(isResetLink) page.Render(c, w) }
func verifyEmail(c *api.Context, w http.ResponseWriter, r *http.Request) { resend := r.URL.Query().Get("resend") resendSuccess := r.URL.Query().Get("resend_success") name := r.URL.Query().Get("teamname") email := r.URL.Query().Get("email") hashedId := r.URL.Query().Get("hid") userId := r.URL.Query().Get("uid") var team *model.Team if result := <-api.Srv.Store.Team().GetByName(name); result.Err != nil { c.Err = result.Err return } else { team = result.Data.(*model.Team) } if resend == "true" { if result := <-api.Srv.Store.User().GetByEmail(team.Id, email); result.Err != nil { c.Err = result.Err return } else { user := result.Data.(*model.User) if user.LastActivityAt > 0 { api.SendEmailChangeVerifyEmailAndForget(user.Id, user.Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) } else { api.SendVerifyEmailAndForget(user.Id, user.Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) } newAddress := strings.Replace(r.URL.String(), "&resend=true", "&resend_success=true", -1) http.Redirect(w, r, newAddress, http.StatusFound) return } } if len(userId) == 26 && len(hashedId) != 0 && model.ComparePassword(hashedId, userId) { if c.Err = (<-api.Srv.Store.User().VerifyEmail(userId)).Err; c.Err != nil { return } else { c.LogAudit("Email Verified") http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host+"/"+name+"/login?verified=true&email="+email, http.StatusTemporaryRedirect) return } } page := NewHtmlTemplatePage("verify", "Email Verified") page.Props["TeamURL"] = c.GetTeamURLFromTeam(team) page.Props["UserEmail"] = email page.Props["ResendSuccess"] = resendSuccess page.Render(c, w) }
func docs(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) doc := params["doc"] var user *model.User if len(c.Session.UserId) != 0 { userChan := api.Srv.Store.User().Get(c.Session.UserId) if userChan := <-userChan; userChan.Err == nil { user = userChan.Data.(*model.User) } } page := NewHtmlTemplatePage("docs", c.T("web.doc.title"), c.Locale) page.Props["Site"] = doc page.User = user page.Render(c, w) }
func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] code := r.URL.Query().Get("code") state := r.URL.Query().Get("state") uri := c.GetSiteURL() + "/login/" + service + "/complete" if body, team, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { c.Err = err return } else { authData := "" if service == model.USER_AUTH_SERVICE_GITLAB { glu := model.GitLabUserFromJson(body) authData = glu.GetAuthData() } if len(authData) == 0 { c.Err = model.NewAppError("loginCompleteOAuth", "Could not parse auth data out of "+service+" user object", "") return } var user *model.User if result := <-api.Srv.Store.User().GetByAuth(team.Id, authData, service); result.Err != nil { c.Err = result.Err return } else { user = result.Data.(*model.User) api.Login(c, w, r, user, "") if c.Err != nil { return } page := NewHtmlTemplatePage("home", "Home") page.Team = team page.User = user page.Render(c, w) root(c, w, r) } } }
func joinOpenChannel(c *api.Context, w http.ResponseWriter, r *http.Request, channel store.StoreChannel) *model.Channel { if cr := <-channel; cr.Err != nil { http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound) return nil } else { channel := cr.Data.(*model.Channel) if channel.Type == model.CHANNEL_OPEN { api.JoinChannel(c, channel.Id, "") if c.Err != nil { return nil } } else { http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound) return nil } return channel } }
func signupWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] teamName := params["team"] if !utils.Cfg.TeamSettings.EnableUserCreation { c.Err = model.NewAppError("signupTeam", "User sign-up is disabled.", "") c.Err.StatusCode = http.StatusNotImplemented return } if len(teamName) == 0 { c.Err = model.NewAppError("signupWithOAuth", "Invalid team name", "team_name="+teamName) c.Err.StatusCode = http.StatusBadRequest return } hash := r.URL.Query().Get("h") var team *model.Team if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { c.Err = result.Err return } else { team = result.Data.(*model.Team) } if api.IsVerifyHashRequired(nil, team, hash) { data := r.URL.Query().Get("d") props := model.MapFromJson(strings.NewReader(data)) if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) { c.Err = model.NewAppError("signupWithOAuth", "The signup link does not appear to be valid", "") return } t, err := strconv.ParseInt(props["time"], 10, 64) if err != nil || model.GetMillis()-t > 1000*60*60*48 { // 48 hours c.Err = model.NewAppError("signupWithOAuth", "The signup link has expired", "") return } if team.Id != props["id"] { c.Err = model.NewAppError("signupWithOAuth", "Invalid team name", data) return } } stateProps := map[string]string{} stateProps["action"] = model.OAUTH_ACTION_SIGNUP if authUrl, err := api.GetAuthorizationCode(c, service, teamName, stateProps, ""); err != nil { c.Err = err return } else { http.Redirect(w, r, authUrl, http.StatusFound) } }
func login(c *api.Context, w http.ResponseWriter, r *http.Request) { if !CheckBrowserCompatability(c, r) { return } params := mux.Vars(r) teamName := params["team"] var team *model.Team if tResult := <-api.Srv.Store.Team().GetByName(teamName); tResult.Err != nil { l4g.Error(utils.T("web.login.error"), teamName, tResult.Err.Message) http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host, http.StatusTemporaryRedirect) return } else { team = tResult.Data.(*model.Team) } // We still might be able to switch to this team because we've logged in before _, session := api.FindMultiSessionForTeamId(r, team.Id) if session != nil { w.Header().Set(model.HEADER_TOKEN, session.Token) lastViewChannelName := "town-square" if lastViewResult := <-api.Srv.Store.Preference().Get(session.UserId, model.PREFERENCE_CATEGORY_LAST, model.PREFERENCE_NAME_LAST_CHANNEL); lastViewResult.Err == nil { if lastViewChannelResult := <-api.Srv.Store.Channel().Get(lastViewResult.Data.(model.Preference).Value); lastViewChannelResult.Err == nil { lastViewChannelName = lastViewChannelResult.Data.(*model.Channel).Name } } http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/"+lastViewChannelName, http.StatusTemporaryRedirect) return } page := NewHtmlTemplatePage("login", c.T("web.login.login_title"), c.Locale) page.Props["TeamDisplayName"] = team.DisplayName page.Props["TeamName"] = team.Name if team.AllowOpenInvite { page.Props["InviteId"] = team.InviteId } page.Render(c, w) }
func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] code := r.URL.Query().Get("code") state := r.URL.Query().Get("state") teamName := r.FormValue("team") uri := c.GetSiteURL() + "/login/" + service + "/complete?team=" + teamName if len(teamName) == 0 { c.Err = model.NewAppError("loginCompleteOAuth", "Invalid team name", "team_name="+teamName) c.Err.StatusCode = http.StatusBadRequest return } // Make sure team exists var team *model.Team if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { c.Err = result.Err return } else { team = result.Data.(*model.Team) } if body, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { c.Err = err return } else { authData := "" if service == model.USER_AUTH_SERVICE_GITLAB { glu := model.GitLabUserFromJson(body) authData = glu.GetAuthData() } if len(authData) == 0 { c.Err = model.NewAppError("loginCompleteOAuth", "Could not parse auth data out of "+service+" user object", "") return } var user *model.User if result := <-api.Srv.Store.User().GetByAuth(team.Id, authData, service); result.Err != nil { c.Err = result.Err return } else { user = result.Data.(*model.User) api.Login(c, w, r, user, "") if c.Err != nil { return } root(c, w, r) } } }