summaryrefslogtreecommitdiffstats
path: root/api
diff options
context:
space:
mode:
authorJesús Espino <jespinog@gmail.com>2018-04-18 22:46:10 +0200
committerChristopher Speller <crspeller@gmail.com>2018-04-18 13:46:10 -0700
commit0910eae31de8ed7b409654515dbd11f5c86dbf71 (patch)
tree3d5fb47842693cd2ea1a357994c85d04902773a7 /api
parentb13a228b0451098ea32933a36fe64566e366583d (diff)
downloadchat-0910eae31de8ed7b409654515dbd11f5c86dbf71.tar.gz
chat-0910eae31de8ed7b409654515dbd11f5c86dbf71.tar.bz2
chat-0910eae31de8ed7b409654515dbd11f5c86dbf71.zip
MM-9779: Incorporate a Token into the invitations system (#8604)
* Incorporate a Token into the invitations system * Adding unit tests * Fixing some api4 client tests * Removing unnecesary hash validation * Change the Hash concept on invitations with tokenId * Not send invitation if it wasn't able to create the Token * Fixing some naming problems * Changing the hash query params received from the client side * Removed unneded data param in the token usage
Diffstat (limited to 'api')
-rw-r--r--api/team.go7
-rw-r--r--api/user.go6
-rw-r--r--api/user_test.go16
3 files changed, 16 insertions, 13 deletions
diff --git a/api/team.go b/api/team.go
index b1d8086d3..c3eaab128 100644
--- a/api/team.go
+++ b/api/team.go
@@ -182,15 +182,14 @@ func removeUserFromTeam(c *Context, w http.ResponseWriter, r *http.Request) {
func addUserToTeamFromInvite(c *Context, w http.ResponseWriter, r *http.Request) {
params := model.MapFromJson(r.Body)
- hash := params["hash"]
- data := params["data"]
+ tokenId := params["token"]
inviteId := params["invite_id"]
var team *model.Team
var err *model.AppError
- if len(hash) > 0 {
- team, err = c.App.AddUserToTeamByHash(c.Session.UserId, hash, data)
+ if len(tokenId) > 0 {
+ team, err = c.App.AddUserToTeamByToken(c.Session.UserId, tokenId)
} else if len(inviteId) > 0 {
team, err = c.App.AddUserToTeamByInviteId(inviteId, c.Session.UserId)
} else {
diff --git a/api/user.go b/api/user.go
index 560d722a4..35a3687b9 100644
--- a/api/user.go
+++ b/api/user.go
@@ -76,13 +76,13 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- hash := r.URL.Query().Get("h")
+ tokenId := r.URL.Query().Get("t")
inviteId := r.URL.Query().Get("iid")
var ruser *model.User
var err *model.AppError
- if len(hash) > 0 {
- ruser, err = c.App.CreateUserWithHash(user, hash, r.URL.Query().Get("d"))
+ if len(tokenId) > 0 {
+ ruser, err = c.App.CreateUserWithToken(user, tokenId)
} else if len(inviteId) > 0 {
ruser, err = c.App.CreateUserWithInviteId(user, inviteId)
} else {
diff --git a/api/user_test.go b/api/user_test.go
index 518379305..05ec0e096 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -5,7 +5,6 @@ package api
import (
"bytes"
- "fmt"
"image"
"image/color"
"io"
@@ -176,21 +175,26 @@ func TestLogin(t *testing.T) {
t.Fatal("Should have errored, signed up without hashed email")
}
+ token := model.NewToken(
+ app.TOKEN_TYPE_TEAM_INVITATION,
+ model.MapToJson(map[string]string{"teamId": rteam2.Data.(*model.Team).Id, "email": user2.Email}),
+ )
+ <-th.App.Srv.Store.Token().Save(token)
props := make(map[string]string)
props["email"] = user2.Email
- props["id"] = rteam2.Data.(*model.Team).Id
props["display_name"] = rteam2.Data.(*model.Team).DisplayName
- props["time"] = fmt.Sprintf("%v", model.GetMillis())
data := model.MapToJson(props)
- hash := utils.HashSha256(fmt.Sprintf("%v:%v", data, th.App.Config().EmailSettings.InviteSalt))
- ruser2, err := Client.CreateUserFromSignup(&user2, data, hash)
+ ruser2, err := Client.CreateUserFromSignup(&user2, data, token.Token)
if err != nil {
t.Fatal(err)
}
+ if result := <-th.App.Srv.Store.Token().GetByToken(token.Token); result.Err == nil {
+ t.Fatal("The token must be deleted after be used")
+ }
if _, err := Client.Login(ruser2.Data.(*model.User).Email, user2.Password); err != nil {
- t.Fatal("From verified hash")
+ t.Fatal("From verified token")
}
Client.AuthToken = authToken