Add built-in plugin for getting LDAP attributes (#7317)

3 files changed, 90 insertions, 0 deletions

diff --git a/app/plugin/api.go b/app/plugin/api.go
index 41838b818..4604bf8ce 100644
--- a/app/plugin/api.go
+++ b/app/plugin/api.go
@@ -32,6 +32,14 @@ type API interface {
 	// Creates a post
 	CreatePost(post *model.Post) (*model.Post, *model.AppError)
 
+	// Get LDAP attributes for a user
+	GetLdapUserAttributes(userId string, attributes []string) (map[string]string, *model.AppError)
+
+	// Temporary for built-in plugins, copied from api4/context.go ServeHTTP function.
+	// If a request has a valid token for an active session, the session is returned otherwise
+	// it errors.
+	GetSessionFromRequest(r *http.Request) (*model.Session, *model.AppError)
+
 	// Returns a localized string. If a request is given, its headers will be used to pick a locale.
 	I18n(id string, r *http.Request) string
 }
diff --git a/app/plugin/ldapextras/configuration.go b/app/plugin/ldapextras/configuration.go
new file mode 100644
index 000000000..078c29925
--- /dev/null
+++ b/app/plugin/ldapextras/configuration.go
@@ -0,0 +1,9 @@
+// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package ldapextras
+
+type Configuration struct {
+	Enabled    bool
+	Attributes []string
+}
diff --git a/app/plugin/ldapextras/plugin.go b/app/plugin/ldapextras/plugin.go
new file mode 100644
index 000000000..3198125aa
--- /dev/null
+++ b/app/plugin/ldapextras/plugin.go
@@ -0,0 +1,73 @@
+// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package ldapextras
+
+import (
+	"fmt"
+	"net/http"
+	"sync/atomic"
+
+	l4g "github.com/alecthomas/log4go"
+	"github.com/gorilla/mux"
+
+	"github.com/mattermost/platform/app/plugin"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+type Plugin struct {
+	plugin.Base
+	api           plugin.API
+	configuration atomic.Value
+}
+
+func (p *Plugin) Initialize(api plugin.API) {
+	p.api = api
+	p.OnConfigurationChange()
+	api.PluginRouter().HandleFunc("/users/{user_id:[A-Za-z0-9]+}/attributes", p.handleGetAttributes).Methods("GET")
+}
+
+func (p *Plugin) config() *Configuration {
+	return p.configuration.Load().(*Configuration)
+}
+
+func (p *Plugin) OnConfigurationChange() {
+	var configuration Configuration
+	if err := p.api.LoadPluginConfiguration(&configuration); err != nil {
+		l4g.Error(err.Error())
+	}
+	p.configuration.Store(&configuration)
+}
+
+func (p *Plugin) handleGetAttributes(w http.ResponseWriter, r *http.Request) {
+	config := p.config()
+	if !config.Enabled || len(config.Attributes) == 0 {
+		http.Error(w, "This plugin is not configured", http.StatusNotImplemented)
+		return
+	}
+
+	session, err := p.api.GetSessionFromRequest(r)
+
+	if session == nil || err != nil {
+		http.Error(w, "Invalid session", http.StatusUnauthorized)
+		return
+	}
+
+	// Only requires a valid session, no other permission checks required
+
+	params := mux.Vars(r)
+	id := params["user_id"]
+
+	if len(id) != 26 {
+		http.Error(w, "Invalid user id", http.StatusUnauthorized)
+	}
+
+	attributes, err := p.api.GetLdapUserAttributes(id, config.Attributes)
+	if err != nil {
+		err.Translate(utils.T)
+		http.Error(w, fmt.Sprintf("Errored getting attributes: %v", err.Error()), http.StatusInternalServerError)
+	}
+
+	w.Write([]byte(model.MapToJson(attributes)))
+}