diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2017-03-27 09:17:34 -0400 |
|---|---|---|
| committer | Christopher Speller <crspeller@gmail.com> | 2017-03-27 09:17:34 -0400 |
| commit | d145c3583835766c1f200a413131e7d6bad82229 (patch) | |
| tree | 1671fd532293482f035f40accd068e19da1d86df /api4/user.go | |
| parent | 84dc60a640bbfb3b670a65f1c9ea6ce35ad1b5cc (diff) | |
| download | chat-d145c3583835766c1f200a413131e7d6bad82229.tar.gz chat-d145c3583835766c1f200a413131e7d6bad82229.tar.bz2 chat-d145c3583835766c1f200a413131e7d6bad82229.zip | |
Implement PUT /users/sessions/device endpoint for APIv4 (#5866)
Diffstat (limited to 'api4/user.go')
| -rw-r--r-- | api4/user.go | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index c04fa0d77..3d10473a2 100644 --- a/api4/user.go +++ b/api4/user.go @@ -7,6 +7,7 @@ import ( "fmt" "net/http" "strconv" + "time" l4g "github.com/alecthomas/log4go" "github.com/mattermost/platform/app" @@ -46,6 +47,7 @@ func InitUser() { BaseRoutes.User.Handle("/sessions", ApiSessionRequired(getSessions)).Methods("GET") BaseRoutes.User.Handle("/sessions/revoke", ApiSessionRequired(revokeSession)).Methods("POST") + BaseRoutes.Users.Handle("/sessions/device", ApiSessionRequired(attachDeviceId)).Methods("PUT") BaseRoutes.User.Handle("/audits", ApiSessionRequired(getUserAudits)).Methods("GET") } @@ -778,6 +780,53 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } +func attachDeviceId(c *Context, w http.ResponseWriter, r *http.Request) { + props := model.MapFromJson(r.Body) + + deviceId := props["device_id"] + if len(deviceId) == 0 { + c.SetInvalidParam("device_id") + return + } + + // A special case where we logout of all other sessions with the same device id + if err := app.RevokeSessionsForDeviceId(c.Session.UserId, deviceId, c.Session.Id); err != nil { + c.Err = err + return + } + + app.ClearSessionCacheForUser(c.Session.UserId) + c.Session.SetExpireInDays(*utils.Cfg.ServiceSettings.SessionLengthMobileInDays) + + maxAge := *utils.Cfg.ServiceSettings.SessionLengthMobileInDays * 60 * 60 * 24 + + secure := false + if app.GetProtocol(r) == "https" { + secure = true + } + + expiresAt := time.Unix(model.GetMillis()/1000+int64(maxAge), 0) + sessionCookie := &http.Cookie{ + Name: model.SESSION_COOKIE_TOKEN, + Value: c.Session.Token, + Path: "/", + MaxAge: maxAge, + Expires: expiresAt, + HttpOnly: true, + Secure: secure, + } + + http.SetCookie(w, sessionCookie) + + if err := app.AttachDeviceId(c.Session.Id, deviceId, c.Session.ExpiresAt); err != nil { + c.Err = err + return + } + + c.LogAudit("") + ReturnStatusOK(w) +} + func getUserAudits(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireUserId() if c.Err != nil { |