diff options
author | JoramWilander <jwawilander@gmail.com> | 2015-08-14 08:43:49 -0400 |
---|---|---|
committer | JoramWilander <jwawilander@gmail.com> | 2015-08-14 12:38:16 -0400 |
commit | b704e9489b21b3bec17f5c8b573a1724781ee6f7 (patch) | |
tree | 002f9fb35ce932800160bc45d91a50804bbb6594 | |
parent | e27db2ed63fd3c9c686c049a9b9049a907985ecc (diff) | |
download | chat-b704e9489b21b3bec17f5c8b573a1724781ee6f7.tar.gz chat-b704e9489b21b3bec17f5c8b573a1724781ee6f7.tar.bz2 chat-b704e9489b21b3bec17f5c8b573a1724781ee6f7.zip |
added google sign-in functionality to the client, with minor model modifications
-rw-r--r-- | api/user.go | 53 | ||||
-rw-r--r-- | model/google.go | 16 | ||||
-rw-r--r-- | web/react/components/login.jsx | 13 | ||||
-rw-r--r-- | web/react/components/signup_user_complete.jsx | 28 | ||||
-rw-r--r-- | web/react/components/signup_user_oauth.jsx | 5 | ||||
-rw-r--r-- | web/react/pages/channel.jsx | 9 | ||||
-rw-r--r-- | web/react/stores/user_store.jsx | 14 | ||||
-rw-r--r-- | web/react/utils/async_client.jsx | 14 | ||||
-rw-r--r-- | web/react/utils/client.jsx | 15 | ||||
-rw-r--r-- | web/react/utils/constants.jsx | 2 | ||||
-rw-r--r-- | web/web.go | 48 |
11 files changed, 136 insertions, 81 deletions
diff --git a/api/user.go b/api/user.go index 79f2201da..303ec2b0a 100644 --- a/api/user.go +++ b/api/user.go @@ -7,6 +7,7 @@ import ( "bytes" "code.google.com/p/freetype-go/freetype" l4g "code.google.com/p/log4go" + b64 "encoding/base64" "fmt" "github.com/gorilla/mux" "github.com/mattermost/platform/model" @@ -1304,7 +1305,7 @@ func getStatuses(c *Context, w http.ResponseWriter, r *http.Request) { } } -func GetAuthorizationCode(c *Context, w http.ResponseWriter, r *http.Request, teamName, service, redirectUri string) { +func GetAuthorizationCode(c *Context, w http.ResponseWriter, r *http.Request, teamName, service, redirectUri, loginHint string) { if s, ok := utils.Cfg.SSOSettings[service]; !ok || !s.Allow { c.Err = model.NewAppError("GetAuthorizationCode", "Unsupported OAuth service provider", "service="+service) @@ -1315,26 +1316,48 @@ func GetAuthorizationCode(c *Context, w http.ResponseWriter, r *http.Request, te clientId := utils.Cfg.SSOSettings[service].Id endpoint := utils.Cfg.SSOSettings[service].AuthEndpoint scope := utils.Cfg.SSOSettings[service].Scope - state := model.HashPassword(clientId) - authUrl := endpoint + "?response_type=code&client_id=" + clientId + "&redirect_uri=" + url.QueryEscape(redirectUri+"?team="+teamName) + "&state=" + url.QueryEscape(state) + stateProps := map[string]string{"team": teamName, "hash": model.HashPassword(clientId)} + state := b64.StdEncoding.EncodeToString([]byte(model.MapToJson(stateProps))) + + authUrl := endpoint + "?response_type=code&client_id=" + clientId + "&redirect_uri=" + url.QueryEscape(redirectUri) + "&state=" + url.QueryEscape(state) if len(scope) > 0 { authUrl += "&scope=" + utils.UrlEncode(scope) } + if len(loginHint) > 0 { + authUrl += "&login_hint=" + utils.UrlEncode(loginHint) + } + http.Redirect(w, r, authUrl, http.StatusFound) } -func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser, *model.AppError) { +func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser, *model.Team, *model.AppError) { if s, ok := utils.Cfg.SSOSettings[service]; !ok || !s.Allow { - return nil, model.NewAppError("AuthorizeOAuthUser", "Unsupported OAuth service provider", "service="+service) + return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Unsupported OAuth service provider", "service="+service) + } + + stateStr := "" + if b, err := b64.StdEncoding.DecodeString(state); err != nil { + return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Invalid state", err.Error()) + } else { + stateStr = string(b) } - if !model.ComparePassword(state, utils.Cfg.SSOSettings[service].Id) { - return nil, model.NewAppError("AuthorizeOAuthUser", "Invalid state", "") + stateProps := model.MapFromJson(strings.NewReader(stateStr)) + + if !model.ComparePassword(stateProps["hash"], utils.Cfg.SSOSettings[service].Id) { + return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Invalid state", "") + } + + teamName := stateProps["team"] + if len(teamName) == 0 { + return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Invalid state; missing team name", "") } + tchan := Srv.Store.Team().GetByName(teamName) + p := url.Values{} p.Set("client_id", utils.Cfg.SSOSettings[service].Id) p.Set("client_secret", utils.Cfg.SSOSettings[service].Secret) @@ -1350,17 +1373,17 @@ func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser var ar *model.AccessResponse if resp, err := client.Do(req); err != nil { - return nil, model.NewAppError("AuthorizeOAuthUser", "Token request failed", err.Error()) + return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Token request failed", err.Error()) } else { ar = model.AccessResponseFromJson(resp.Body) } - if ar.TokenType != model.ACCESS_TOKEN_TYPE { - return nil, model.NewAppError("AuthorizeOAuthUser", "Bad token type", "token_type="+ar.TokenType) + if strings.ToLower(ar.TokenType) != model.ACCESS_TOKEN_TYPE { + return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Bad token type", "token_type="+ar.TokenType) } if len(ar.AccessToken) == 0 { - return nil, model.NewAppError("AuthorizeOAuthUser", "Missing access token", "") + return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Missing access token", "") } p = url.Values{} @@ -1372,9 +1395,13 @@ func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser req.Header.Set("Authorization", "Bearer "+ar.AccessToken) if resp, err := client.Do(req); err != nil { - return nil, model.NewAppError("AuthorizeOAuthUser", "Token request to "+service+" failed", err.Error()) + return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Token request to "+service+" failed", err.Error()) } else { - return resp.Body, nil + if result := <-tchan; result.Err != nil { + return nil, nil, result.Err + } else { + return resp.Body, result.Data.(*model.Team), nil + } } } diff --git a/model/google.go b/model/google.go index bdb500704..2a1eb3caa 100644 --- a/model/google.go +++ b/model/google.go @@ -6,6 +6,7 @@ package model import ( "encoding/json" "io" + "strings" ) const ( @@ -13,15 +14,20 @@ const ( ) type GoogleUser struct { - Id string `json:"id"` - Nickname string `json:"nickname"` - Emails []map[string]string `json:"emails"` - Names map[string]string `json:"name"` + Id string `json:"id"` + Nickname string `json:"nickname"` + DisplayName string `json:"displayName"` + Emails []map[string]string `json:"emails"` + Names map[string]string `json:"name"` } func UserFromGoogleUser(gu *GoogleUser) *User { user := &User{} - user.Username = gu.Nickname + if len(gu.Nickname) > 0 { + user.Username = gu.Nickname + } else { + user.Username = strings.ToLower(strings.Replace(gu.DisplayName, " ", "", -1)) + } user.FirstName = gu.Names["givenName"] user.LastName = gu.Names["familyName"] user.Nickname = gu.Nickname diff --git a/web/react/components/login.jsx b/web/react/components/login.jsx index fe0a47777..5f396ac49 100644 --- a/web/react/components/login.jsx +++ b/web/react/components/login.jsx @@ -92,14 +92,21 @@ module.exports = React.createClass({ var auth_services = JSON.parse(this.props.authServices); - var login_message; - if (auth_services.indexOf("gitlab") >= 0) { - login_message = ( + var login_message = []; + if (auth_services.indexOf(Constants.GITLAB_SERVICE) >= 0) { + login_message.push( <div className="form-group form-group--small"> <span><a href={"/"+teamName+"/login/gitlab"}>{"Log in with GitLab"}</a></span> </div> ); } + if (auth_services.indexOf(Constants.GOOGLE_SERVICE) >= 0) { + login_message.push( + <div className="form-group form-group--small"> + <span><a href={"/"+teamName+"/login/google"}>{"Log in with Google"}</a></span> + </div> + ); + } return ( <div className="signup-team__container"> diff --git a/web/react/components/signup_user_complete.jsx b/web/react/components/signup_user_complete.jsx index b21553d8a..fd389e21f 100644 --- a/web/react/components/signup_user_complete.jsx +++ b/web/react/components/signup_user_complete.jsx @@ -5,6 +5,7 @@ var utils = require('../utils/utils.jsx'); var client = require('../utils/client.jsx'); var UserStore = require('../stores/user_store.jsx'); var BrowserStore = require('../stores/browser_store.jsx'); +var Constants = require('../utils/constants.jsx'); module.exports = React.createClass({ handleSubmit: function(e) { @@ -151,19 +152,34 @@ module.exports = React.createClass({ // add options to log in using another service var authServices = JSON.parse(this.props.authServices); - var signupMessage = null; - if (authServices.indexOf('gitlab') >= 0) { - signupMessage = ( - <div> + var signupMessage = []; + if (authServices.indexOf(Constants.GITLAB_SERVICE) >= 0) { + signupMessage.push( <a className='btn btn-custom-login gitlab' href={'/' + this.props.teamName + '/signup/gitlab' + window.location.search}> <span className='icon' /> <span>with GitLab</span> </a> + ); + } + + if (authServices.indexOf(Constants.GOOGLE_SERVICE) >= 0) { + signupMessage.push( + <a className='btn btn-custom-login gitlab' href={'/' + this.props.teamName + '/signup/google' + window.location.search}> + <span className='icon' /> + <span>with Google</span> + </a> + ); + } + + if (signupMessage.length > 0) { + signupMessage = ( + <div> + {signupMessage} <div className='or__container'> <span>or</span> </div> - </div> - ); + </div> + ); } var termsDisclaimer = null; diff --git a/web/react/components/signup_user_oauth.jsx b/web/react/components/signup_user_oauth.jsx index 6322aedee..8b2800bde 100644 --- a/web/react/components/signup_user_oauth.jsx +++ b/web/react/components/signup_user_oauth.jsx @@ -33,7 +33,10 @@ module.exports = React.createClass({ client.createUser(user, "", "", function(data) { client.track('signup', 'signup_user_oauth_02'); - window.location.href = '/' + this.props.teamName + '/login/'+user.auth_service; + UserStore.setCurrentUser(data); + UserStore.setLastEmail(data.email); + + window.location.href = '/' + this.props.teamName + '/login/' + user.auth_service + '?login_hint=' + user.email; }.bind(this), function(err) { this.state.server_error = err.message; diff --git a/web/react/pages/channel.jsx b/web/react/pages/channel.jsx index 929499715..52d537f27 100644 --- a/web/react/pages/channel.jsx +++ b/web/react/pages/channel.jsx @@ -54,14 +54,15 @@ global.window.setup_channel_page = function(team_name, team_type, team_id, chann id: team_id }); + // ChannelLoader must be rendered first React.render( - <ErrorBar/>, - document.getElementById('error_bar') + <ChannelLoader/>, + document.getElementById('channel_loader') ); React.render( - <ChannelLoader/>, - document.getElementById('channel_loader') + <ErrorBar/>, + document.getElementById('error_bar') ); React.render( diff --git a/web/react/stores/user_store.jsx b/web/react/stores/user_store.jsx index f8616c6ab..248495dac 100644 --- a/web/react/stores/user_store.jsx +++ b/web/react/stores/user_store.jsx @@ -4,6 +4,7 @@ var AppDispatcher = require('../dispatcher/app_dispatcher.jsx'); var EventEmitter = require('events').EventEmitter; var assign = require('object-assign'); +var client = require('../utils/client.jsx'); var Constants = require('../utils/constants.jsx'); var ActionTypes = Constants.ActionTypes; @@ -72,7 +73,7 @@ var UserStore = assign({}, EventEmitter.prototype, { BrowserStore.setGlobalItem('current_user_id', id); } }, - getCurrentId: function() { + getCurrentId: function(skipFetch) { var currentId = this.gCurrentId; if (currentId == null) { @@ -80,6 +81,17 @@ var UserStore = assign({}, EventEmitter.prototype, { this.gCurrentId = currentId; } + // this is a special case to force fetch the + // current user if it's missing + // it's synchronous to block rendering + if (currentId == null && !skipFetch) { + var me = client.getMeSynchronous(); + if (me != null) { + this.setCurrentUser(me); + currentId = me.id; + } + } + return currentId; }, getCurrentUser: function() { diff --git a/web/react/utils/async_client.jsx b/web/react/utils/async_client.jsx index 0b87bbd7b..09710ddf0 100644 --- a/web/react/utils/async_client.jsx +++ b/web/react/utils/async_client.jsx @@ -390,15 +390,15 @@ module.exports.getPosts = function(force, id, maxPosts) { } } -function getMe() { - if (isCallInProgress('getMe')) { +function getMeSynchronous() { + if (isCallInProgress('getMeSynchronous')) { return; } - callTracker.getMe = utils.getTimestamp(); - client.getMe( + callTracker.getMeSynchronous = utils.getTimestamp(); + client.getMeSynchronous( function(data, textStatus, xhr) { - callTracker.getMe = 0; + callTracker.getMeSynchronous = 0; if (xhr.status === 304 || !data) return; @@ -409,11 +409,11 @@ function getMe() { }, function(err) { callTracker.getMe = 0; - dispatchError(err, 'getMe'); + dispatchError(err, 'getMeSynchronous'); } ); } -module.exports.getMe = getMe; +module.exports.getMeSynchronous = getMeSynchronous; module.exports.getStatuses = function() { if (isCallInProgress('getStatuses')) return; diff --git a/web/react/utils/client.jsx b/web/react/utils/client.jsx index 5aab80d01..ce044457a 100644 --- a/web/react/utils/client.jsx +++ b/web/react/utils/client.jsx @@ -279,24 +279,33 @@ module.exports.getAudits = function(userId, success, error) { }); }; -module.exports.getMe = function(success, error) { +module.exports.getMeSynchronous = function(success, error) { + var currentUser = null; $.ajax({ + async: false, url: "/api/v1/users/me", dataType: 'json', contentType: 'application/json', type: 'GET', - success: success, + success: function gotUser(data, textStatus, xhr) { + currentUser = data; + if (success) { + success(data, textStatus, xhr); + } + }, error: function(xhr, status, err) { var ieChecker = window.navigator.userAgent; // This and the condition below is used to check specifically for browsers IE10 & 11 to suppress a 200 'OK' error from appearing on login if (xhr.status != 200 || !(ieChecker.indexOf("Trident/7.0") > 0 || ieChecker.indexOf("Trident/6.0") > 0)) { if (error) { - e = handleError("getMe", xhr, status, err); + e = handleError('getMeSynchronous', xhr, status, err); error(e); }; }; } }); + + return currentUser; }; module.exports.inviteMembers = function(data, success, error) { diff --git a/web/react/utils/constants.jsx b/web/react/utils/constants.jsx index 508de9185..1fe0faccf 100644 --- a/web/react/utils/constants.jsx +++ b/web/react/utils/constants.jsx @@ -58,6 +58,8 @@ module.exports = { THUMBNAIL_HEIGHT: 100, DEFAULT_CHANNEL: 'town-square', OFFTOPIC_CHANNEL: 'off-topic', + GITLAB_SERVICE: 'gitlab', + GOOGLE_SERVICE: 'google', POST_CHUNK_SIZE: 60, MAX_POST_CHUNKS: 3, RESERVED_TEAM_NAMES: [ diff --git a/web/web.go b/web/web.go index 1acddb914..d6f8d553b 100644 --- a/web/web.go +++ b/web/web.go @@ -496,7 +496,7 @@ func signupWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { redirectUri := c.GetSiteURL() + "/signup/" + service + "/complete" - api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri) + api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri, "") } func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { @@ -505,26 +505,10 @@ func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) code := r.URL.Query().Get("code") state := r.URL.Query().Get("state") - teamName := r.FormValue("team") - uri := c.GetSiteURL() + "/signup/" + service + "/complete?team=" + teamName + uri := c.GetSiteURL() + "/signup/" + service + "/complete" - if len(teamName) == 0 { - c.Err = model.NewAppError("signupCompleteOAuth", "Invalid team name", "team_name="+teamName) - c.Err.StatusCode = http.StatusBadRequest - return - } - - // Make sure team exists - var team *model.Team - if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { - c.Err = result.Err - return - } else { - team = result.Data.(*model.Team) - } - - if body, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { + if body, team, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { c.Err = err return } else { @@ -566,6 +550,7 @@ func loginWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) service := params["service"] teamName := params["team"] + loginHint := r.URL.Query().Get("login_hint") if len(teamName) == 0 { c.Err = model.NewAppError("loginWithOAuth", "Invalid team name", "team_name="+teamName) @@ -581,7 +566,7 @@ func loginWithOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { redirectUri := c.GetSiteURL() + "/login/" + service + "/complete" - api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri) + api.GetAuthorizationCode(c, w, r, teamName, service, redirectUri, loginHint) } func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) { @@ -590,26 +575,10 @@ func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) code := r.URL.Query().Get("code") state := r.URL.Query().Get("state") - teamName := r.FormValue("team") - - uri := c.GetSiteURL() + "/login/" + service + "/complete?team=" + teamName - if len(teamName) == 0 { - c.Err = model.NewAppError("loginCompleteOAuth", "Invalid team name", "team_name="+teamName) - c.Err.StatusCode = http.StatusBadRequest - return - } + uri := c.GetSiteURL() + "/login/" + service + "/complete" - // Make sure team exists - var team *model.Team - if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { - c.Err = result.Err - return - } else { - team = result.Data.(*model.Team) - } - - if body, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { + if body, team, err := api.AuthorizeOAuthUser(service, code, state, uri); err != nil { c.Err = err return } else { @@ -617,6 +586,9 @@ func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) if service == model.USER_AUTH_SERVICE_GITLAB { glu := model.GitLabUserFromJson(body) authData = glu.GetAuthData() + } else if service == model.USER_AUTH_SERVICE_GOOGLE { + gu := model.GoogleUserFromJson(body) + authData = gu.GetAuthData() } if len(authData) == 0 { |