diff options
author | Joram Wilander <jwawilander@gmail.com> | 2017-03-27 09:17:34 -0400 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2017-03-27 09:17:34 -0400 |
commit | d145c3583835766c1f200a413131e7d6bad82229 (patch) | |
tree | 1671fd532293482f035f40accd068e19da1d86df /api4 | |
parent | 84dc60a640bbfb3b670a65f1c9ea6ce35ad1b5cc (diff) | |
download | chat-d145c3583835766c1f200a413131e7d6bad82229.tar.gz chat-d145c3583835766c1f200a413131e7d6bad82229.tar.bz2 chat-d145c3583835766c1f200a413131e7d6bad82229.zip |
Implement PUT /users/sessions/device endpoint for APIv4 (#5866)
Diffstat (limited to 'api4')
-rw-r--r-- | api4/user.go | 49 | ||||
-rw-r--r-- | api4/user_test.go | 29 |
2 files changed, 78 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index c04fa0d77..3d10473a2 100644 --- a/api4/user.go +++ b/api4/user.go @@ -7,6 +7,7 @@ import ( "fmt" "net/http" "strconv" + "time" l4g "github.com/alecthomas/log4go" "github.com/mattermost/platform/app" @@ -46,6 +47,7 @@ func InitUser() { BaseRoutes.User.Handle("/sessions", ApiSessionRequired(getSessions)).Methods("GET") BaseRoutes.User.Handle("/sessions/revoke", ApiSessionRequired(revokeSession)).Methods("POST") + BaseRoutes.Users.Handle("/sessions/device", ApiSessionRequired(attachDeviceId)).Methods("PUT") BaseRoutes.User.Handle("/audits", ApiSessionRequired(getUserAudits)).Methods("GET") } @@ -778,6 +780,53 @@ func revokeSession(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } +func attachDeviceId(c *Context, w http.ResponseWriter, r *http.Request) { + props := model.MapFromJson(r.Body) + + deviceId := props["device_id"] + if len(deviceId) == 0 { + c.SetInvalidParam("device_id") + return + } + + // A special case where we logout of all other sessions with the same device id + if err := app.RevokeSessionsForDeviceId(c.Session.UserId, deviceId, c.Session.Id); err != nil { + c.Err = err + return + } + + app.ClearSessionCacheForUser(c.Session.UserId) + c.Session.SetExpireInDays(*utils.Cfg.ServiceSettings.SessionLengthMobileInDays) + + maxAge := *utils.Cfg.ServiceSettings.SessionLengthMobileInDays * 60 * 60 * 24 + + secure := false + if app.GetProtocol(r) == "https" { + secure = true + } + + expiresAt := time.Unix(model.GetMillis()/1000+int64(maxAge), 0) + sessionCookie := &http.Cookie{ + Name: model.SESSION_COOKIE_TOKEN, + Value: c.Session.Token, + Path: "/", + MaxAge: maxAge, + Expires: expiresAt, + HttpOnly: true, + Secure: secure, + } + + http.SetCookie(w, sessionCookie) + + if err := app.AttachDeviceId(c.Session.Id, deviceId, c.Session.ExpiresAt); err != nil { + c.Err = err + return + } + + c.LogAudit("") + ReturnStatusOK(w) +} + func getUserAudits(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireUserId() if c.Err != nil { diff --git a/api4/user_test.go b/api4/user_test.go index 16ae8bdad..3bdc73045 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -1275,7 +1275,36 @@ func TestRevokeSessions(t *testing.T) { _, resp = th.SystemAdminClient.RevokeSession(th.SystemAdminUser.Id, session.Id) CheckNoError(t, resp) +} + +func TestAttachDeviceId(t *testing.T) { + th := Setup().InitBasic() + defer TearDown() + Client := th.Client + + deviceId := model.PUSH_NOTIFY_APPLE + ":1234567890" + pass, resp := Client.AttachDeviceId(deviceId) + CheckNoError(t, resp) + + if !pass { + t.Fatal("should have passed") + } + if sessions, err := app.GetSessions(th.BasicUser.Id); err != nil { + t.Fatal(err) + } else { + if sessions[0].DeviceId != deviceId { + t.Fatal("Missing device Id") + } + } + + _, resp = Client.AttachDeviceId("") + CheckBadRequestStatus(t, resp) + + Client.Logout() + + _, resp = Client.AttachDeviceId("") + CheckUnauthorizedStatus(t, resp) } func TestGetUserAudits(t *testing.T) { |