diff options
author | Chris Duarte <csduarte@users.noreply.github.com> | 2018-01-04 09:45:59 -0800 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2018-01-04 12:45:59 -0500 |
commit | 5e78d7fe12a39e28a6520b023b0df0fc66a826d5 (patch) | |
tree | d4eacf4c02f5300917093efc13e73f9761c7756c /api4/user.go | |
parent | e5dad3cf681fb038ce5dd3dcf7b5468d59b8ea8e (diff) | |
download | chat-5e78d7fe12a39e28a6520b023b0df0fc66a826d5.tar.gz chat-5e78d7fe12a39e28a6520b023b0df0fc66a826d5.tar.bz2 chat-5e78d7fe12a39e28a6520b023b0df0fc66a826d5.zip |
Add admin update endpoint that can update authservice and authdata (#7842)
* add admin update endpoint that can upate authservice and authdata
* Control only SystemAdmin access
* Refactored AdminUpdate endpoint to only be able to update AuthData, AuthService and Password by User.Id
* Refactor to move `PUT /api/v4/users/{user_id}/auth`. Created a struct to hold UserAuth info.
Diffstat (limited to 'api4/user.go')
-rw-r--r-- | api4/user.go | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index 6cb064f8c..0b07f8dc7 100644 --- a/api4/user.go +++ b/api4/user.go @@ -38,6 +38,8 @@ func (api *API) InitUser() { api.BaseRoutes.Users.Handle("/email/verify", api.ApiHandler(verifyUserEmail)).Methods("POST") api.BaseRoutes.Users.Handle("/email/verify/send", api.ApiHandler(sendVerificationEmail)).Methods("POST") + api.BaseRoutes.User.Handle("/auth", api.ApiSessionRequiredTrustRequester(updateUserAuth)).Methods("PUT") + api.BaseRoutes.Users.Handle("/mfa", api.ApiHandler(checkUserMfa)).Methods("POST") api.BaseRoutes.User.Handle("/mfa", api.ApiSessionRequiredMfa(updateUserMfa)).Methods("PUT") api.BaseRoutes.User.Handle("/mfa/generate", api.ApiSessionRequiredMfa(generateMfaSecret)).Methods("POST") @@ -697,6 +699,31 @@ func updateUserActive(c *Context, w http.ResponseWriter, r *http.Request) { } } +func updateUserAuth(c *Context, w http.ResponseWriter, r *http.Request) { + if !c.IsSystemAdmin() { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + c.RequireUserId() + if c.Err != nil { + return + } + + userAuth := model.UserAuthFromJson(r.Body) + if userAuth == nil { + c.SetInvalidParam("user") + return + } + + if user, err := c.App.UpdateUserAuth(c.Params.UserId, userAuth); err != nil { + c.Err = err + } else { + c.LogAuditWithUserId(c.Params.UserId, fmt.Sprintf("updated user auth to service=%v", user.AuthService)) + w.Write([]byte(user.ToJson())) + } +} + func checkUserMfa(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) |