diff options
| author | enahum <nahumhbl@gmail.com> | 2016-08-30 21:15:40 -0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-08-30 21:15:40 -0300 |
| commit | 1326ab66a141e73f1ef7d9d39bb86596f56179e0 (patch) | |
| tree | b77723b70bdcfc2bca2ab47580d86eb54a61cd44 /api/oauth.go | |
| parent | e9bc77a8f7f07cb08038e007c52a986cf4b9545b (diff) | |
| download | chat-1326ab66a141e73f1ef7d9d39bb86596f56179e0.tar.gz chat-1326ab66a141e73f1ef7d9d39bb86596f56179e0.tar.bz2 chat-1326ab66a141e73f1ef7d9d39bb86596f56179e0.zip | |
PLT-3984 Add the ability to regenerate OAuth Client Secret (#3899)
Diffstat (limited to 'api/oauth.go')
| -rw-r--r-- | api/oauth.go | 52 |
1 files changed, 51 insertions, 1 deletions
diff --git a/api/oauth.go b/api/oauth.go index d3495895f..7942b0e0c 100644 --- a/api/oauth.go +++ b/api/oauth.go @@ -32,7 +32,8 @@ func InitOAuth() { BaseRoutes.OAuth.Handle("/allow", ApiUserRequired(allowOAuth)).Methods("GET") BaseRoutes.OAuth.Handle("/authorized", ApiUserRequired(getAuthorizedApps)).Methods("GET") BaseRoutes.OAuth.Handle("/delete", ApiUserRequired(deleteOAuthApp)).Methods("POST") - BaseRoutes.OAuth.Handle("/{id:[A-Za-z0-9]+}/deauthorize", AppHandlerIndependent(deauthorizeOAuthApp)).Methods("POST") + BaseRoutes.OAuth.Handle("/{id:[A-Za-z0-9]+}/deauthorize", ApiUserRequired(deauthorizeOAuthApp)).Methods("POST") + BaseRoutes.OAuth.Handle("/{id:[A-Za-z0-9]+}/regen_secret", ApiUserRequired(regenerateOAuthSecret)).Methods("POST") BaseRoutes.OAuth.Handle("/{service:[A-Za-z0-9]+}/complete", AppHandlerIndependent(completeOAuth)).Methods("GET") BaseRoutes.OAuth.Handle("/{service:[A-Za-z0-9]+}/login", AppHandlerIndependent(loginWithOAuth)).Methods("GET") BaseRoutes.OAuth.Handle("/{service:[A-Za-z0-9]+}/signup", AppHandlerIndependent(signupWithOAuth)).Methods("GET") @@ -957,6 +958,55 @@ func deauthorizeOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } +func regenerateOAuthSecret(c *Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider { + c.Err = model.NewLocAppError("registerOAuthApp", "api.oauth.register_oauth_app.turn_off.app_error", nil, "") + c.Err.StatusCode = http.StatusNotImplemented + return + } + + isSystemAdmin := c.IsSystemAdmin() + + if *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations { + if !isSystemAdmin { + c.Err = model.NewLocAppError("registerOAuthApp", "api.command.admin_only.app_error", nil, "") + c.Err.StatusCode = http.StatusForbidden + return + } + } + + params := mux.Vars(r) + id := params["id"] + + if len(id) == 0 { + c.SetInvalidParam("regenerateOAuthSecret", "id") + return + } + + var app *model.OAuthApp + if result := <-Srv.Store.OAuth().GetApp(id); result.Err != nil { + c.Err = model.NewLocAppError("regenerateOAuthSecret", "api.oauth.allow_oauth.database.app_error", nil, "") + return + } else { + app = result.Data.(*model.OAuthApp) + + //validate that is a System Admin or the same user that registered the app + if !isSystemAdmin && app.CreatorId != c.Session.UserId { + c.Err = model.NewLocAppError("regenerateOAuthSecret", "api.oauth.regenerate_secret.app_error", nil, "") + return + } + + app.ClientSecret = model.NewId() + if update := <-Srv.Store.OAuth().UpdateApp(app); update.Err != nil { + c.Err = update.Err + return + } + + w.Write([]byte(app.ToJson())) + return + } +} + func newSession(appName string, user *model.User) (*model.Session, *model.AppError) { // set new token an session session := &model.Session{UserId: user.Id, Roles: user.Roles, IsOAuth: true} |