PLT-3762 - Add API call to get a user by their username (#4611)

* PLT-3762 - Add API call to get a user by their username

* fix lint

* update rote

* update per code review

* update per code review

* remove first/last name is not used in this test

5 files changed, 93 insertions, 0 deletions

diff --git a/api/user.go b/api/user.go
index 5fcea3367..2507bd740 100644
--- a/api/user.go
+++ b/api/user.go
@@ -73,6 +73,7 @@ func InitUser() {
 	BaseRoutes.Users.Handle("/claim/ldap_to_email", ApiAppHandler(ldapToEmail)).Methods("POST")
 
 	BaseRoutes.NeedUser.Handle("/get", ApiUserRequired(getUser)).Methods("GET")
+	BaseRoutes.Users.Handle("/name/{username:[A-Za-z0-9_\\-.]+}", ApiUserRequired(getByUsername)).Methods("GET")
 	BaseRoutes.NeedUser.Handle("/sessions", ApiUserRequired(getSessions)).Methods("GET")
 	BaseRoutes.NeedUser.Handle("/audits", ApiUserRequired(getAudits)).Methods("GET")
 	BaseRoutes.NeedUser.Handle("/image", ApiUserRequiredTrustRequester(getProfileImage)).Methods("GET")
@@ -954,6 +955,24 @@ func getUser(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func getByUsername(c *Context, w http.ResponseWriter, r *http.Request) {
+	params := mux.Vars(r)
+	username := params["username"]
+
+	if result := <-Srv.Store.User().GetByUsername(username); result.Err != nil {
+		c.Err = result.Err
+		return
+	} else if HandleEtag(result.Data.(*model.User).Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress), w, r) {
+		return
+	} else {
+		user := sanitizeProfile(c, result.Data.(*model.User))
+
+		w.Header().Set(model.HEADER_ETAG_SERVER, user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress))
+		w.Write([]byte(result.Data.(*model.User).ToJson()))
+		return
+	}
+}
+
 func getProfiles(c *Context, w http.ResponseWriter, r *http.Request) {
 	params := mux.Vars(r)
 
diff --git a/api/user_test.go b/api/user_test.go
index bc804ca11..a10cee961 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -2339,3 +2339,42 @@ func TestAutocompleteUsers(t *testing.T) {
 		t.Fatal("should have errored - bad team id")
 	}
 }
+
+func TestGetByUsername(t *testing.T) {
+	th := Setup().InitBasic()
+	Client := th.BasicClient
+
+	if result, err := Client.GetByUsername(th.BasicUser.Username, ""); err != nil {
+		t.Fatal("Failed to get user")
+	} else {
+		if result.Data.(*model.User).Password != "" {
+			t.Fatal("User shouldn't have any password data once set")
+		}
+	}
+
+	emailPrivacy := utils.Cfg.PrivacySettings.ShowEmailAddress
+	namePrivacy := utils.Cfg.PrivacySettings.ShowFullName
+	defer func() {
+		utils.Cfg.PrivacySettings.ShowEmailAddress = emailPrivacy
+		utils.Cfg.PrivacySettings.ShowFullName = namePrivacy
+	}()
+
+	utils.Cfg.PrivacySettings.ShowEmailAddress = false
+	utils.Cfg.PrivacySettings.ShowFullName = false
+
+	if result, err := Client.GetByUsername(th.BasicUser2.Username, ""); err != nil {
+		t.Fatal(err)
+	} else {
+		u := result.Data.(*model.User)
+		if u.Password != "" {
+			t.Fatal("password must be empty")
+		}
+		if *u.AuthData != "" {
+			t.Fatal("auth data must be empty")
+		}
+		if u.Email != "" {
+			t.Fatal("email should be sanitized")
+		}
+	}
+
+}
diff --git a/model/client.go b/model/client.go
index 1624dc917..32532508f 100644
--- a/model/client.go
+++ b/model/client.go
@@ -500,6 +500,17 @@ func (c *Client) GetUser(id string, etag string) (*Result, *AppError) {
 	}
 }
 
+// getByUsername returns a user based on a provided username string. Must be authenticated.
+func (c *Client) GetByUsername(username string, etag string) (*Result, *AppError) {
+	if r, err := c.DoApiGet(fmt.Sprintf("/users/name/%v", username), "", etag); err != nil {
+		return nil, err
+	} else {
+		defer closeBody(r)
+		return &Result{r.Header.Get(HEADER_REQUEST_ID),
+			r.Header.Get(HEADER_ETAG_SERVER), UserFromJson(r.Body)}, nil
+	}
+}
+
 // GetMe returns the current user.
 func (c *Client) GetMe(etag string) (*Result, *AppError) {
 	if r, err := c.DoApiGet("/users/me", "", etag); err != nil {
diff --git a/webapp/client/client.jsx b/webapp/client/client.jsx
index 538e82a72..092c2da4a 100644
--- a/webapp/client/client.jsx
+++ b/webapp/client/client.jsx
@@ -921,6 +921,15 @@ export default class Client {
             end(this.handleResponse.bind(this, 'getUser', success, error));
     }
 
+    getByUsername(userName, success, error) {
+        request.
+            get(`${this.getUsersRoute()}/name/${userName}`).
+            set(this.defaultHeaders).
+            type('application/json').
+            accept('application/json').
+            end(this.handleResponse.bind(this, 'getByUsername', success, error));
+    }
+
     login(loginId, password, mfaToken, success, error) {
         this.doLogin({login_id: loginId, password, token: mfaToken}, success, error);
 
diff --git a/webapp/tests/client_user.test.jsx b/webapp/tests/client_user.test.jsx
index 5e70c5c3e..2e5b80dd7 100644
--- a/webapp/tests/client_user.test.jsx
+++ b/webapp/tests/client_user.test.jsx
@@ -36,6 +36,21 @@ describe('Client.User', function() {
         });
     });
 
+    it('getByUsername', function(done) {
+        TestHelper.initBasic(() => {
+            TestHelper.basicClient().getByUsername(
+                TestHelper.basicUser().username,
+                function(data) {
+                    assert.equal(data.username, TestHelper.basicUser().username);
+                    done();
+                },
+                function(err) {
+                    done(new Error(err.message));
+                }
+            );
+        });
+    });
+
     it('getInitialLoad', function(done) {
         TestHelper.initBasic(() => {
             TestHelper.basicClient().getInitialLoad(