diff options
| author | Ruzette Tanyag <ruzette@users.noreply.github.com> | 2017-02-17 10:31:01 -0500 |
|---|---|---|
| committer | Joram Wilander <jwawilander@gmail.com> | 2017-02-17 10:31:01 -0500 |
| commit | 4e7dbc3bb0e93bafa684594b19c5648dc030ee17 (patch) | |
| tree | 618d2b57861650c52ed4a74ddd7730b944991a11 /api4/user.go | |
| parent | 2f96814a8bca991a2acba3b66c38c22cfddef769 (diff) | |
| download | chat-4e7dbc3bb0e93bafa684594b19c5648dc030ee17.tar.gz chat-4e7dbc3bb0e93bafa684594b19c5648dc030ee17.tar.bz2 chat-4e7dbc3bb0e93bafa684594b19c5648dc030ee17.zip | |
Implement user sessions endpoints for APIv4 (#5449)
* added get session and revoke session endpoints, unittests and drivers
* removed BasicUser2 and added teardown
* added badrequest unit test case for sessions
* added session loop to check if user id and session user id matches
* fixed indentation issues for user_test
* match indentation from spaces to tabs
Diffstat (limited to 'api4/user.go')
| -rw-r--r-- | api4/user.go | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index e394b9661..5337cedf0 100644 --- a/api4/user.go +++ b/api4/user.go @@ -34,6 +34,9 @@ func InitUser() { BaseRoutes.UserByUsername.Handle("", ApiSessionRequired(getUserByUsername)).Methods("GET") BaseRoutes.UserByEmail.Handle("", ApiSessionRequired(getUserByEmail)).Methods("GET") + BaseRoutes.User.Handle("/sessions", ApiSessionRequired(getSessions)).Methods("GET") + BaseRoutes.User.Handle("/sessions/revoke", ApiSessionRequired(revokeSession)).Methods("POST") + } func createUser(c *Context, w http.ResponseWriter, r *http.Request) { @@ -476,3 +479,53 @@ func Logout(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } + +func getSessions(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + if sessions, err := app.GetSessions(c.Params.UserId); err != nil { + c.Err = err + return + } else { + for _, session := range sessions { + session.Sanitize() + } + + w.Write([]byte(model.SessionsToJson(sessions))) + return + } +} + +func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + props := model.MapFromJson(r.Body) + sessionId := props["session_id"] + + if sessionId == "" { + c.SetInvalidParam("session_id") + } + + if err := app.RevokeSessionById(sessionId); err != nil { + c.Err = err + return + } + + ReturnStatusOK(w) +}
\ No newline at end of file |