diff options
author | Corey Hulen <corey@hulen.com> | 2016-04-21 22:37:01 -0700 |
---|---|---|
committer | Corey Hulen <corey@hulen.com> | 2016-04-21 22:37:01 -0700 |
commit | 2e5617c29be69637acd384e85f795a0b343bec8d (patch) | |
tree | 6b8bdae1e664013b97c2dda94985375abda91aa5 /api/context.go | |
parent | 5c755463ed3a4c74a383fb4460b5be02d8868481 (diff) | |
download | chat-2e5617c29be69637acd384e85f795a0b343bec8d.tar.gz chat-2e5617c29be69637acd384e85f795a0b343bec8d.tar.bz2 chat-2e5617c29be69637acd384e85f795a0b343bec8d.zip |
PLT-2057 User as a first class object (#2648)
* Adding TeamMember to system
* Fixing all unit tests on the backend
* Fixing merge conflicts
* Fixing merge conflict
* Adding javascript unit tests
* Adding TeamMember to system
* Fixing all unit tests on the backend
* Fixing merge conflicts
* Fixing merge conflict
* Adding javascript unit tests
* Adding client side unit test
* Cleaning up the clint side tests
* Fixing msg
* Adding more client side unit tests
* Adding more using tests
* Adding last bit of client side unit tests and adding make cmd
* Fixing bad merge
* Fixing libraries
* Updating to new client side API
* Fixing borken unit test
* Fixing unit tests
* ugg...trying to beat gofmt
* ugg...trying to beat gofmt
* Cleaning up remainder of the server side routes
* Adding inital load api
* Increased coverage of webhook unit tests (#2660)
* Adding loading ... to root html
* Fixing bad merge
* Removing explicit content type so superagent will guess corectly (#2685)
* Fixing merge and unit tests
* Adding create team UI
* Fixing signup flows
* Adding LDAP unit tests and enterprise unit test helper (#2702)
* Add the ability to reset MFA from the commandline (#2706)
* Fixing compliance unit tests
* Fixing client side tests
* Adding open server to system console
* Moving websocket connection
* Fixing unit test
* Fixing unit tests
* Fixing unit tests
* Adding nickname and more LDAP unit tests (#2717)
* Adding join open teams
* Cleaning up all TODOs in the code
* Fixing web sockets
* Removing unused webockets file
* PLT-2533 Add the ability to reset a user's MFA from the system console (#2715)
* Add the ability to reset a user's MFA from the system console
* Add client side unit test for adminResetMfa
* Reorganizing authentication to fix LDAP error message (#2723)
* Fixing failing unit test
* Initial upgrade db code
* Adding upgrade script
* Fixing upgrade script after running on core
* Update OAuth and Claim routes to work with user model changes (#2739)
* Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740)
* Fixing team invite ldap login call (#2741)
* Fixing bluebar and some img stuff
* Fix all the different file upload web utils (#2743)
* Fixing invalid session redirect (#2744)
* Redirect on bad channel name (#2746)
* Fixing a bunch of issue and removing dead code
* Patch to fix error message on leave channel (#2747)
* Setting EnableOpenServer to false by default
* Fixing config
* Fixing upgrade
* Fixing reported bugs
* Bug fixes for PLT-2057
* PLT-2563 Redo password recovery to use a database table (#2745)
* Redo password recovery to use a database table
* Update reset password audits
* Split out admin and user reset password APIs to be separate
* Delete password recovery when user is permanently deleted
* Consolidate password resetting into a single function
* Removed private channels as an option for outgoing webhooks (#2752)
* PLT-2577/PLT-2552 Fixes for backstage (#2753)
* Added URL to incoming webhook list
* Fixed client functions for adding/removing integrations
* Disallowed slash commands without trigger words
* Fixed clientside handling of errors on AddCommand page
* Minor auth cleanup (#2758)
* Changed EditPostModal to just close if you save without making any changes (#2759)
* Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756)
* Fixed url in channel info modal (#2755)
* Fixing reported issues
* Moving to version 3 of the apis
* Fixing command unit tests (#2760)
* Adding team admins
* Fixing DM issue
* Fixing eslint error
* Properly set EditPostModal's originalText state in all cases (#2762)
* Update client config check to assume features is defined if server is licensed (#2772)
* Fixing url link
* Fixing issue with websocket crashing when sending messages to different teams
Diffstat (limited to 'api/context.go')
-rw-r--r-- | api/context.go | 157 |
1 files changed, 100 insertions, 57 deletions
diff --git a/api/context.go b/api/context.go index 56c8c86d2..8bbd5a1d2 100644 --- a/api/context.go +++ b/api/context.go @@ -11,10 +11,12 @@ import ( "strings" l4g "github.com/alecthomas/log4go" + "github.com/gorilla/mux" + goi18n "github.com/nicksnyder/go-i18n/i18n" + "github.com/mattermost/platform/model" "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" - goi18n "github.com/nicksnyder/go-i18n/i18n" ) var sessionCache *utils.Cache = utils.NewLru(model.SESSION_CACHE_SIZE) @@ -39,6 +41,7 @@ type Context struct { siteURL string T goi18n.TranslateFunc Locale string + TeamId string } func ApiAppHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler { @@ -94,6 +97,8 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { c.T, c.Locale = utils.GetTranslationsAndLocale(w, r) c.RequestId = model.NewId() c.IpAddress = GetIpAddress(r) + c.TeamId = mux.Vars(r)["team_id"] + h.isApi = IsApiCall(r) token := "" isTokenFromQueryString := false @@ -116,7 +121,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { if (h.requireSystemAdmin || h.requireUser) && !h.trustRequester { if r.Header.Get(model.HEADER_REQUESTED_WITH) != model.HEADER_REQUESTED_WITH_XML { - c.Err = model.NewLocAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token) + c.Err = model.NewLocAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token+" Appears to bea CSRF attempt") token = "" } } @@ -182,6 +187,10 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { c.SystemAdminRequired() } + if c.Err == nil && len(c.TeamId) > 0 { + c.HasPermissionsToTeam(c.TeamId, "TeamRoute") + } + if c.Err == nil && h.isUserActivity && token != "" && len(c.Session.UserId) > 0 { go func() { if err := (<-Srv.Store.User().UpdateUserAndSessionActivity(c.Session.UserId, c.Session.Id, model.GetMillis())).Err; err != nil { @@ -308,13 +317,14 @@ func (c *Context) HasPermissionsToUser(userId string, where string) bool { } func (c *Context) HasPermissionsToTeam(teamId string, where string) bool { - if c.Session.TeamId == teamId { + if c.IsSystemAdmin() { return true } - // You're a mattermost system admin and you're on the VPN - if c.IsSystemAdmin() { - return true + for _, teamMember := range c.Session.TeamMembers { + if teamId == teamMember.TeamId { + return true + } } c.Err = model.NewLocAppError(where, "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", teamId="+teamId) @@ -353,10 +363,17 @@ func (c *Context) IsSystemAdmin() bool { } func (c *Context) IsTeamAdmin() bool { - if model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) || c.IsSystemAdmin() { + + if c.IsSystemAdmin() { return true } - return false + + team := c.Session.GetTeamByTeamId(c.TeamId) + if team == nil { + return false + } + + return model.IsInRole(team.Roles, model.ROLE_TEAM_ADMIN) } func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) { @@ -386,7 +403,7 @@ func (c *Context) setTeamURL(url string, valid bool) { } func (c *Context) SetTeamURLFromSession() { - if result := <-Srv.Store.Team().Get(c.Session.TeamId); result.Err == nil { + if result := <-Srv.Store.Team().Get(c.TeamId); result.Err == nil { c.setTeamURL(c.GetSiteURL()+"/"+result.Data.(*model.Team).Name, true) } } @@ -413,6 +430,10 @@ func (c *Context) GetSiteURL() string { return c.siteURL } +func IsApiCall(r *http.Request) bool { + return strings.Index(r.URL.Path, "/api/") == 0 +} + func GetIpAddress(r *http.Request) string { address := r.Header.Get(model.HEADER_FORWARDED) @@ -427,69 +448,69 @@ func GetIpAddress(r *http.Request) string { return address } -func IsTestDomain(r *http.Request) bool { +// func IsTestDomain(r *http.Request) bool { - if strings.Index(r.Host, "localhost") == 0 { - return true - } +// if strings.Index(r.Host, "localhost") == 0 { +// return true +// } - if strings.Index(r.Host, "dockerhost") == 0 { - return true - } +// if strings.Index(r.Host, "dockerhost") == 0 { +// return true +// } - if strings.Index(r.Host, "test") == 0 { - return true - } +// if strings.Index(r.Host, "test") == 0 { +// return true +// } - if strings.Index(r.Host, "127.0.") == 0 { - return true - } +// if strings.Index(r.Host, "127.0.") == 0 { +// return true +// } - if strings.Index(r.Host, "192.168.") == 0 { - return true - } +// if strings.Index(r.Host, "192.168.") == 0 { +// return true +// } - if strings.Index(r.Host, "10.") == 0 { - return true - } +// if strings.Index(r.Host, "10.") == 0 { +// return true +// } - if strings.Index(r.Host, "176.") == 0 { - return true - } +// if strings.Index(r.Host, "176.") == 0 { +// return true +// } - return false -} +// return false +// } -func IsBetaDomain(r *http.Request) bool { +// func IsBetaDomain(r *http.Request) bool { - if strings.Index(r.Host, "beta") == 0 { - return true - } +// if strings.Index(r.Host, "beta") == 0 { +// return true +// } - if strings.Index(r.Host, "ci") == 0 { - return true - } +// if strings.Index(r.Host, "ci") == 0 { +// return true +// } - return false -} +// return false +// } -var privateIpAddress = []*net.IPNet{ - {IP: net.IPv4(10, 0, 0, 1), Mask: net.IPv4Mask(255, 0, 0, 0)}, - {IP: net.IPv4(176, 16, 0, 1), Mask: net.IPv4Mask(255, 255, 0, 0)}, - {IP: net.IPv4(192, 168, 0, 1), Mask: net.IPv4Mask(255, 255, 255, 0)}, - {IP: net.IPv4(127, 0, 0, 1), Mask: net.IPv4Mask(255, 255, 255, 252)}, -} +// var privateIpAddress = []*net.IPNet{ +// {IP: net.IPv4(10, 0, 0, 1), Mask: net.IPv4Mask(255, 0, 0, 0)}, +// {IP: net.IPv4(176, 16, 0, 1), Mask: net.IPv4Mask(255, 255, 0, 0)}, +// {IP: net.IPv4(192, 168, 0, 1), Mask: net.IPv4Mask(255, 255, 255, 0)}, +// {IP: net.IPv4(127, 0, 0, 1), Mask: net.IPv4Mask(255, 255, 255, 252)}, +// } -func IsPrivateIpAddress(ipAddress string) bool { +// func IsPrivateIpAddress(ipAddress string) bool { - for _, pips := range privateIpAddress { - if pips.Contains(net.ParseIP(ipAddress)) { - return true - } - } +// for _, pips := range privateIpAddress { +// if pips.Contains(net.ParseIP(ipAddress)) { +// return true +// } +// } - return false -} +// return false +// } func RenderWebError(err *model.AppError, w http.ResponseWriter, r *http.Request) { T, _ := utils.GetTranslationsAndLocale(w, r) @@ -513,9 +534,17 @@ func RenderWebError(err *model.AppError, w http.ResponseWriter, r *http.Request) func Handle404(w http.ResponseWriter, r *http.Request) { err := model.NewLocAppError("Handle404", "api.context.404.app_error", nil, "") + err.Translate(utils.T) err.StatusCode = http.StatusNotFound l4g.Error("%v: code=404 ip=%v", r.URL.Path, GetIpAddress(r)) - RenderWebError(err, w, r) + + if IsApiCall(r) { + w.WriteHeader(err.StatusCode) + err.DetailedError = "There doesn't appear to be an api call for the url='" + r.URL.Path + "'. Typo? are you missing a team_id or user_id as part of the url?" + w.Write([]byte(err.ToJson())) + } else { + RenderWebError(err, w, r) + } } func GetSession(token string) *model.Session { @@ -542,6 +571,20 @@ func GetSession(token string) *model.Session { return session } +func RemoveAllSessionsForUserId(userId string) { + + keys := sessionCache.Keys() + + for _, key := range keys { + if ts, ok := sessionCache.Get(key); ok { + session := ts.(*model.Session) + if session.UserId == userId { + sessionCache.Remove(key) + } + } + } +} + func AddSessionToCache(session *model.Session) { sessionCache.AddWithExpiresInSecs(session.Token, session, int64(*utils.Cfg.ServiceSettings.SessionCacheInMinutes*60)) } |