func loginWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] teamName := params["team"] loginHint := r.URL.Query().Get("login_hint") if len(teamName) == 0 { c.Err = model.NewAppError("loginWithOAuth", "Invalid team name", "team_name="+teamName) c.Err.StatusCode = http.StatusBadRequest return } // Make sure team exists if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { c.Err = result.Err return } stateProps := map[string]string{} stateProps["action"] = model.OAUTH_ACTION_LOGIN if authUrl, err := api.GetAuthorizationCode(c, service, teamName, stateProps, loginHint); err != nil { c.Err = err return } else { http.Redirect(w, r, authUrl, http.StatusFound) } }
func signupWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] teamName := params["team"] if !utils.Cfg.TeamSettings.EnableUserCreation { c.Err = model.NewAppError("signupTeam", "User sign-up is disabled.", "") c.Err.StatusCode = http.StatusNotImplemented return } if len(teamName) == 0 { c.Err = model.NewAppError("signupWithOAuth", "Invalid team name", "team_name="+teamName) c.Err.StatusCode = http.StatusBadRequest return } hash := r.URL.Query().Get("h") var team *model.Team if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { c.Err = result.Err return } else { team = result.Data.(*model.Team) } if api.IsVerifyHashRequired(nil, team, hash) { data := r.URL.Query().Get("d") props := model.MapFromJson(strings.NewReader(data)) if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) { c.Err = model.NewAppError("signupWithOAuth", "The signup link does not appear to be valid", "") return } t, err := strconv.ParseInt(props["time"], 10, 64) if err != nil || model.GetMillis()-t > 1000*60*60*48 { // 48 hours c.Err = model.NewAppError("signupWithOAuth", "The signup link has expired", "") return } if team.Id != props["id"] { c.Err = model.NewAppError("signupWithOAuth", "Invalid team name", data) return } } stateProps := map[string]string{} stateProps["action"] = model.OAUTH_ACTION_SIGNUP if authUrl, err := api.GetAuthorizationCode(c, service, teamName, stateProps, ""); err != nil { c.Err = err return } else { http.Redirect(w, r, authUrl, http.StatusFound) } }
func claimAccount(c *api.Context, w http.ResponseWriter, r *http.Request) { if !CheckBrowserCompatability(c, r) { return } params := mux.Vars(r) teamName := params["team"] email := r.URL.Query().Get("email") newType := r.URL.Query().Get("new_type") var team *model.Team if tResult := <-api.Srv.Store.Team().GetByName(teamName); tResult.Err != nil { l4g.Error("Couldn't find team name=%v, err=%v", teamName, tResult.Err.Message) http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host, http.StatusTemporaryRedirect) return } else { team = tResult.Data.(*model.Team) } authType := "" if len(email) != 0 { if uResult := <-api.Srv.Store.User().GetByEmail(team.Id, email); uResult.Err != nil { l4g.Error("Couldn't find user teamid=%v, email=%v, err=%v", team.Id, email, uResult.Err.Message) http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host, http.StatusTemporaryRedirect) return } else { user := uResult.Data.(*model.User) authType = user.AuthService // if user is not logged in to their SSO account, ask them to log in if len(authType) != 0 && user.Id != c.Session.UserId { stateProps := map[string]string{} stateProps["action"] = model.OAUTH_ACTION_SSO_TO_EMAIL stateProps["email"] = email if authUrl, err := api.GetAuthorizationCode(c, authType, team.Name, stateProps, ""); err != nil { c.Err = err return } else { http.Redirect(w, r, authUrl, http.StatusFound) } } } } page := NewHtmlTemplatePage("claim_account", "Claim Account") page.Props["Email"] = email page.Props["CurrentType"] = authType page.Props["NewType"] = newType page.Props["TeamDisplayName"] = team.DisplayName page.Props["TeamName"] = team.Name page.Render(c, w) }
func signupWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] teamName := params["team"] if len(teamName) == 0 { c.Err = model.NewAppError("signupWithOAuth", "Invalid team name", "team_name="+teamName) c.Err.StatusCode = http.StatusBadRequest return } hash := r.URL.Query().Get("h") var team *model.Team if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { c.Err = result.Err return } else { team = result.Data.(*model.Team) } if api.IsVerifyHashRequired(nil, team, hash) { data := r.URL.Query().Get("d") props := model.MapFromJson(strings.NewReader(data)) if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.ServiceSettings.InviteSalt)) { c.Err = model.NewAppError("signupWithOAuth", "The signup link does not appear to be valid", "") return } t, err := strconv.ParseInt(props["time"], 10, 64) if err != nil || model.GetMillis()-t > 1000*60*60*48 { // 48 hours c.Err = model.NewAppError("signupWithOAuth", "The signup link has expired", "") return } if team.Id != props["id"] { c.Err = model.NewAppError("signupWithOAuth", "Invalid team name", data) return } } redirectUri := c.GetSiteURL() + "/signup/" + service + "/complete" api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri, "") }
func loginWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] teamName := params["team"] if len(teamName) == 0 { c.Err = model.NewAppError("loginWithOAuth", "Invalid team name", "team_name="+teamName) c.Err.StatusCode = http.StatusBadRequest return } // Make sure team exists if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { c.Err = result.Err return } redirectUri := c.GetSiteURL() + "/login/" + service + "/complete" api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri) }