diff options
| author | Jesús Espino <jespinog@gmail.com> | 2018-04-18 22:46:10 +0200 |
|---|---|---|
| committer | Christopher Speller <crspeller@gmail.com> | 2018-04-18 13:46:10 -0700 |
| commit | 0910eae31de8ed7b409654515dbd11f5c86dbf71 (patch) | |
| tree | 3d5fb47842693cd2ea1a357994c85d04902773a7 /api | |
| parent | b13a228b0451098ea32933a36fe64566e366583d (diff) | |
| download | chat-0910eae31de8ed7b409654515dbd11f5c86dbf71.tar.gz chat-0910eae31de8ed7b409654515dbd11f5c86dbf71.tar.bz2 chat-0910eae31de8ed7b409654515dbd11f5c86dbf71.zip | |
MM-9779: Incorporate a Token into the invitations system (#8604)
* Incorporate a Token into the invitations system
* Adding unit tests
* Fixing some api4 client tests
* Removing unnecesary hash validation
* Change the Hash concept on invitations with tokenId
* Not send invitation if it wasn't able to create the Token
* Fixing some naming problems
* Changing the hash query params received from the client side
* Removed unneded data param in the token usage
Diffstat (limited to 'api')
| -rw-r--r-- | api/team.go | 7 | ||||
| -rw-r--r-- | api/user.go | 6 | ||||
| -rw-r--r-- | api/user_test.go | 16 |
3 files changed, 16 insertions, 13 deletions
diff --git a/api/team.go b/api/team.go index b1d8086d3..c3eaab128 100644 --- a/api/team.go +++ b/api/team.go @@ -182,15 +182,14 @@ func removeUserFromTeam(c *Context, w http.ResponseWriter, r *http.Request) { func addUserToTeamFromInvite(c *Context, w http.ResponseWriter, r *http.Request) { params := model.MapFromJson(r.Body) - hash := params["hash"] - data := params["data"] + tokenId := params["token"] inviteId := params["invite_id"] var team *model.Team var err *model.AppError - if len(hash) > 0 { - team, err = c.App.AddUserToTeamByHash(c.Session.UserId, hash, data) + if len(tokenId) > 0 { + team, err = c.App.AddUserToTeamByToken(c.Session.UserId, tokenId) } else if len(inviteId) > 0 { team, err = c.App.AddUserToTeamByInviteId(inviteId, c.Session.UserId) } else { diff --git a/api/user.go b/api/user.go index 560d722a4..35a3687b9 100644 --- a/api/user.go +++ b/api/user.go @@ -76,13 +76,13 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - hash := r.URL.Query().Get("h") + tokenId := r.URL.Query().Get("t") inviteId := r.URL.Query().Get("iid") var ruser *model.User var err *model.AppError - if len(hash) > 0 { - ruser, err = c.App.CreateUserWithHash(user, hash, r.URL.Query().Get("d")) + if len(tokenId) > 0 { + ruser, err = c.App.CreateUserWithToken(user, tokenId) } else if len(inviteId) > 0 { ruser, err = c.App.CreateUserWithInviteId(user, inviteId) } else { diff --git a/api/user_test.go b/api/user_test.go index 518379305..05ec0e096 100644 --- a/api/user_test.go +++ b/api/user_test.go @@ -5,7 +5,6 @@ package api import ( "bytes" - "fmt" "image" "image/color" "io" @@ -176,21 +175,26 @@ func TestLogin(t *testing.T) { t.Fatal("Should have errored, signed up without hashed email") } + token := model.NewToken( + app.TOKEN_TYPE_TEAM_INVITATION, + model.MapToJson(map[string]string{"teamId": rteam2.Data.(*model.Team).Id, "email": user2.Email}), + ) + <-th.App.Srv.Store.Token().Save(token) props := make(map[string]string) props["email"] = user2.Email - props["id"] = rteam2.Data.(*model.Team).Id props["display_name"] = rteam2.Data.(*model.Team).DisplayName - props["time"] = fmt.Sprintf("%v", model.GetMillis()) data := model.MapToJson(props) - hash := utils.HashSha256(fmt.Sprintf("%v:%v", data, th.App.Config().EmailSettings.InviteSalt)) - ruser2, err := Client.CreateUserFromSignup(&user2, data, hash) + ruser2, err := Client.CreateUserFromSignup(&user2, data, token.Token) if err != nil { t.Fatal(err) } + if result := <-th.App.Srv.Store.Token().GetByToken(token.Token); result.Err == nil { + t.Fatal("The token must be deleted after be used") + } if _, err := Client.Login(ruser2.Data.(*model.User).Email, user2.Password); err != nil { - t.Fatal("From verified hash") + t.Fatal("From verified token") } Client.AuthToken = authToken |