diff options
| -rw-r--r-- | CHANGELOG.md | 17 | ||||
| -rw-r--r-- | Makefile | 4 | ||||
| -rw-r--r-- | NOTICE.txt | 123 | ||||
| -rw-r--r-- | api/admin.go | 24 | ||||
| -rw-r--r-- | api/context.go | 27 | ||||
| -rw-r--r-- | api/file.go | 2 | ||||
| -rw-r--r-- | api/post.go | 4 | ||||
| -rw-r--r-- | api/team.go | 8 | ||||
| -rw-r--r-- | api/user.go | 4 | ||||
| -rw-r--r-- | api/webhook.go | 2 | ||||
| -rw-r--r-- | build/MIT-COMPILED-LICENSE.md | 14 | ||||
| -rw-r--r-- | doc/README.md | 2 | ||||
| -rw-r--r-- | doc/import/slack-import.md | 18 | ||||
| -rw-r--r-- | doc/install/prod-ubuntu.md | 17 | ||||
| -rw-r--r-- | docker/1.0/Dockerfile | 2 | ||||
| -rw-r--r-- | docker/1.0/config_docker.json | 8 | ||||
| -rw-r--r-- | docker/dev/config_docker.json | 8 | ||||
| -rw-r--r-- | docker/local/config_docker.json | 8 | ||||
| -rw-r--r-- | mattermost.go | 2 | ||||
| -rw-r--r-- | model/user.go | 4 | ||||
| -rw-r--r-- | web/react/components/admin_console/sql_settings.jsx | 6 | ||||
| -rw-r--r-- | web/react/components/setting_upload.jsx | 45 | ||||
| -rw-r--r-- | web/react/components/team_signup_url_page.jsx | 4 | ||||
| -rw-r--r-- | web/react/components/team_signup_with_sso.jsx | 10 | ||||
| -rw-r--r-- | web/react/utils/client.jsx | 14 | ||||
| -rw-r--r-- | web/react/utils/utils.jsx | 2 | ||||
| -rw-r--r-- | web/templates/head.html | 19 |
27 files changed, 314 insertions, 84 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 64cc57ab8..c4f1f491e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,18 +1,17 @@ # Mattermost Changelog -## UNDER DEVELOPMENT - Release v1.0.0-RC1 +## UNDER DEVELOPMENT - Release v1.0.0-RC2 The "UNDER DEVELOPMENT" section of the Mattermost changelog appears in the product's `master` branch to note key changes committed to master and are on their way to the next stable release. When a stable release is pushed the "UNDER DEVELOPMENT" heading is removed from the final changelog of the release. -- **Release candidate anticipated:** September 28, 2015 - **Final release anticipated:** October 2, 2015 ### Release Highlights - System Console - UI for configuring deployments, managing teams, resetting user passwords and other admin features -- Markdown support in messages, comments and channel descriptions - Including font formatting, emoticons, headings and tables -- Preset themes and detailed theme color options, plus ability to import themes from Slack -- Numerous performance improvements and optimizations +- Markdown - Markdown support in messages, comments and channel descriptions - Including font formatting, emoticons, headings and tables +- Themes - Preset themes and detailed theme color options, plus ability to import themes from Slack +- Performance - Numerous performance improvements and optimizations ### New Features @@ -39,12 +38,14 @@ User Interface - Added ability to import themes from Slack Integrations + - (Preview) Initial support for incoming webhooks ### Improvements Documentation +- Added production installation instructions - Updated software and hardware requirements documentation - Re-organized install instructions out of README and into separate files - Added Code Contribution Guidelines @@ -59,11 +60,15 @@ Performance Code Quality - Reformatted Javascript per Mattermost Style Guide - + UI - Added version, build number, build date and build hash under Account Settings -> Security +Licensing + +- Compiled version of Mattermost v1.0.0 now available under MIT license + ### Bug Fixes - Numerous performance improvements @@ -92,7 +92,7 @@ travis: mkdir -p $(DIST_PATH)/api cp -RL api/templates $(DIST_PATH)/api - cp LICENSE.txt $(DIST_PATH) + cp build/MIT-COMPILED-LICENSE.md $(DIST_PATH) cp NOTICE.txt $(DIST_PATH) cp README.md $(DIST_PATH) @@ -261,7 +261,7 @@ dist: install mkdir -p $(DIST_PATH)/api cp -RL api/templates $(DIST_PATH)/api - cp LICENSE.txt $(DIST_PATH) + cp build/MIT-COMPILED-LICENSE.md $(DIST_PATH) cp NOTICE.txt $(DIST_PATH) cp README.md $(DIST_PATH) diff --git a/NOTICE.txt b/NOTICE.txt index b7a7fbc1d..f908bbd28 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -798,3 +798,126 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +--- + +This product contains a modified portion of 'react-bootstrap', a library of reuseable front-end components with the look and feel of Bootstrap, but rebuilt with React.js. + +by Stephen J. Collings, Matthew Honnibal, Pieter Vanderwerff + +* HOMEPAGE: + * https://github.com/react-bootstrap/react-bootstrap + +* LICENSE: + +The MIT License (MIT) + +Copyright (c) 2014 Stephen J. Collings, Matthew Honnibal, Pieter Vanderwerff + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. + +--- + +This product contains a modified portion of 'goexif', which provides decoding of basic exif and tiff encoded data. + +by Robert Carlsen & Contributors + +* HOMEPAGE: + * https://github.com/rwcarlsen/goexif + +* LICENSE: + +Copyright (c) 2012, Robert Carlsen & Contributors +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +--- + +This product contains a modified portion of 'graphics-go', an implementation of basic image manipulation operations in the Go programming language. + +by The Graphics-Go Authors + +* HOMEPAGE: + * https://code.google.com/p/graphics-go/ + +* LICENSE: + +Copyright (c) 2011 The Graphics-Go Authors. All rights reserved. +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: +Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. +Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +--- + +This product contains a modified portion of 'Bootstrap Colorpicker', a nice and customizable colorpicker plugin for Twitter Bootstrap. + +by Stefan Petre + +* HOMEPAGE: + * https://github.com/mjolnic/bootstrap-colorpicker/ + +* LICENSE: + +Copyright 2012 Stefan Petre + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/api/admin.go b/api/admin.go index 3ef8c12a8..d9714d6d2 100644 --- a/api/admin.go +++ b/api/admin.go @@ -23,8 +23,10 @@ func InitAdmin(r *mux.Router) { sr.Handle("/logs", ApiUserRequired(getLogs)).Methods("GET") sr.Handle("/config", ApiUserRequired(getConfig)).Methods("GET") sr.Handle("/save_config", ApiUserRequired(saveConfig)).Methods("POST") - sr.Handle("/client_props", ApiAppHandler(getClientProperties)).Methods("GET") sr.Handle("/test_email", ApiUserRequired(testEmail)).Methods("POST") + sr.Handle("/client_props", ApiAppHandler(getClientProperties)).Methods("GET") + sr.Handle("/log_client", ApiAppHandler(logClient)).Methods("POST") + } func getLogs(c *Context, w http.ResponseWriter, r *http.Request) { @@ -59,6 +61,26 @@ func getClientProperties(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(model.MapToJson(utils.ClientProperties))) } +func logClient(c *Context, w http.ResponseWriter, r *http.Request) { + m := model.MapFromJson(r.Body) + + lvl := m["level"] + msg := m["message"] + + if len(msg) > 400 { + msg = msg[0:399] + } + + if lvl == "ERROR" { + err := model.NewAppError("client", msg, "") + c.LogError(err) + } + + rm := make(map[string]string) + rm["SUCCESS"] = "true" + w.Write([]byte(model.MapToJson(rm))) +} + func getConfig(c *Context, w http.ResponseWriter, r *http.Request) { if !c.HasSystemAdminPermissions("getConfig") { return diff --git a/api/context.go b/api/context.go index d90fbd9ee..02c3dc902 100644 --- a/api/context.go +++ b/api/context.go @@ -292,14 +292,6 @@ func (c *Context) HasPermissionsToChannel(sc store.StoreChannel, where string) b return true } -func (c *Context) IsSystemAdmin() bool { - // TODO XXX FIXME && IsPrivateIpAddress(c.IpAddress) - if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) { - return true - } - return false -} - func (c *Context) HasSystemAdminPermissions(where string) bool { if c.IsSystemAdmin() { return true @@ -310,14 +302,19 @@ func (c *Context) HasSystemAdminPermissions(where string) bool { return false } -func (c *Context) IsTeamAdmin(userId string) bool { - if uresult := <-Srv.Store.User().Get(userId); uresult.Err != nil { - c.Err = uresult.Err - return false - } else { - user := uresult.Data.(*model.User) - return model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && user.TeamId == c.Session.TeamId +func (c *Context) IsSystemAdmin() bool { + // TODO XXX FIXME && IsPrivateIpAddress(c.IpAddress) + if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) { + return true + } + return false +} + +func (c *Context) IsTeamAdmin() bool { + if model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) || c.IsSystemAdmin() { + return true } + return false } func (c *Context) RemoveSessionCookie(w http.ResponseWriter) { diff --git a/api/file.go b/api/file.go index be8fc5456..5dc1db650 100644 --- a/api/file.go +++ b/api/file.go @@ -488,7 +488,7 @@ func getPublicLink(c *Context, w http.ResponseWriter, r *http.Request) { } func getExport(c *Context, w http.ResponseWriter, r *http.Request) { - if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin(c.Session.UserId) { + if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin() { c.Err = model.NewAppError("getExport", "Only a team admin can retrieve exported data.", "userId="+c.Session.UserId) c.Err.StatusCode = http.StatusForbidden return diff --git a/api/post.go b/api/post.go index 0379f6af5..2b683fb7d 100644 --- a/api/post.go +++ b/api/post.go @@ -633,7 +633,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { post := result.Data.(*model.PostList).Posts[postId] - if !c.HasPermissionsToChannel(cchan, "deletePost") && !c.IsTeamAdmin(post.UserId) { + if !c.HasPermissionsToChannel(cchan, "deletePost") && !c.IsTeamAdmin() { return } @@ -648,7 +648,7 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) { return } - if post.UserId != c.Session.UserId && !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if post.UserId != c.Session.UserId && !c.IsTeamAdmin() { c.Err = model.NewAppError("deletePost", "You do not have the appropriate permissions", "") c.Err.StatusCode = http.StatusForbidden return diff --git a/api/team.go b/api/team.go index fba4b41c6..8e5d634aa 100644 --- a/api/team.go +++ b/api/team.go @@ -509,7 +509,7 @@ func InviteMembers(c *Context, team *model.Team, user *model.User, invites []str sender := user.GetDisplayName() senderRole := "" - if model.IsInRole(user.Roles, model.ROLE_TEAM_ADMIN) || model.IsInRole(user.Roles, model.ROLE_SYSTEM_ADMIN) { + if c.IsTeamAdmin() { senderRole = "administrator" } else { senderRole = "member" @@ -569,7 +569,7 @@ func updateTeamDisplayName(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if !c.IsTeamAdmin() { c.Err = model.NewAppError("updateTeamDisplayName", "You do not have the appropriate permissions", "userId="+c.Session.UserId) c.Err.StatusCode = http.StatusForbidden return @@ -603,7 +603,7 @@ func getMyTeam(c *Context, w http.ResponseWriter, r *http.Request) { } func importTeam(c *Context, w http.ResponseWriter, r *http.Request) { - if !c.HasPermissionsToTeam(c.Session.TeamId, "import") || !c.IsTeamAdmin(c.Session.UserId) { + if !c.HasPermissionsToTeam(c.Session.TeamId, "import") || !c.IsTeamAdmin() { c.Err = model.NewAppError("importTeam", "Only a team admin can import data.", "userId="+c.Session.UserId) c.Err.StatusCode = http.StatusForbidden return @@ -670,7 +670,7 @@ func importTeam(c *Context, w http.ResponseWriter, r *http.Request) { } func exportTeam(c *Context, w http.ResponseWriter, r *http.Request) { - if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin(c.Session.UserId) { + if !c.HasPermissionsToTeam(c.Session.TeamId, "export") || !c.IsTeamAdmin() { c.Err = model.NewAppError("exportTeam", "Only a team admin can export data.", "userId="+c.Session.UserId) c.Err.StatusCode = http.StatusForbidden return diff --git a/api/user.go b/api/user.go index e140bc8cf..ed3576a30 100644 --- a/api/user.go +++ b/api/user.go @@ -973,7 +973,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && !c.IsSystemAdmin() { + if !c.IsTeamAdmin() { c.Err = model.NewAppError("updateRoles", "You do not have the appropriate permissions", "userId="+user_id) c.Err.StatusCode = http.StatusForbidden return @@ -1070,7 +1070,7 @@ func updateActive(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) && !c.IsSystemAdmin() { + if !c.IsTeamAdmin() { c.Err = model.NewAppError("updateActive", "You do not have the appropriate permissions", "userId="+user_id) c.Err.StatusCode = http.StatusForbidden return diff --git a/api/webhook.go b/api/webhook.go index b67655ff5..e694b202c 100644 --- a/api/webhook.go +++ b/api/webhook.go @@ -86,7 +86,7 @@ func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = result.Err return } else { - if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !c.IsTeamAdmin() { c.LogAudit("fail - inappropriate conditions") c.Err = model.NewAppError("deleteIncomingHook", "Inappropriate permissions to delete incoming webhook", "user_id="+c.Session.UserId) return diff --git a/build/MIT-COMPILED-LICENSE.md b/build/MIT-COMPILED-LICENSE.md new file mode 100644 index 000000000..8a1a7dc27 --- /dev/null +++ b/build/MIT-COMPILED-LICENSE.md @@ -0,0 +1,14 @@ +Mattermost Compiled License +(MIT with Trademark Protection) + +**Note: this license does not cover source code, for information on source code licensing see LICENSE.txt in the Mattermost source code. + +Copyright (c) 2015 Mattermost, Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software; + +The receiver of the Software will not remove or alter any product identification, trademark, copyright or other notices embedded within or appearing within or on the Software; + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/doc/README.md b/doc/README.md index 7713c40ab..dc1591705 100644 --- a/doc/README.md +++ b/doc/README.md @@ -9,6 +9,7 @@ ### Installation - [Software and Hardware Requirements](install/requirements.md) +- [Production Installation](install/prod-ubuntu.md) - [Local Machine Setup ](install/single-container-install.md) - [AWS Elastic Beanstalk Setup](install/aws-ebs-setup.md) - [Developer Machine Setup](install/dev-setup.md) @@ -27,3 +28,4 @@ ## End User Help - [Mattermost Markdown Formatting](help/enduser/markdown.md) +- [Slack Import](https://github.com/mattermost/platform/blob/master/doc/import/slack-import.md) diff --git a/doc/import/slack-import.md b/doc/import/slack-import.md new file mode 100644 index 000000000..c30de0567 --- /dev/null +++ b/doc/import/slack-import.md @@ -0,0 +1,18 @@ +#### Slack Import (Preview) + +*Note: As a SaaS service, Slack is able to change its export format quickly. If you encounter issues not mentioned in the documentation below, please let us know by [filing an issue](https://github.com/mattermost/platform/issues).* + +The Slack Import feature in Mattermost is in "Preview" and focus is on supporting migration of teams of less than 100 registered users. The feature can be accessed from by Team Administrators and Team Owners via the `Team Settings -> Import` menu option. + +Mattermost currently supports the processing of an "Export" file from Slack containing account information and public channel archives from a Slack team. + +- In the feature preview, emails and usernames from Slack are used to create new Mattermost accounts, connected to messages history in imported Slack channels. Users can activate these accounts and by going to the Password Reset screen in Mattermost to set new credentials. +- Once logged in, users will have access to previous Slack messages shared in public channels, now imported to Mattermost. + +Limitations: + +- Newly added markdown suppport in Slack's Posts 2.0 feature announced on September 28, 2015 is not yet supported. +- Slack does not export files or images your team has stored in Slack's database. Mattermost will provide links to the location of your assets in Slack's web UI. +- Slack does not export any content from private groups or direct messages that your team has stored in Slack's database. +- The Preview release of Slack Import does not offer pre-checks or roll-back and will not import Slack accounts with username or email address collisions with existing Mattermost accounts. Also, Slack channel names with underscores will not import. Also, mentions do not yet resolve as Mattermost usernames (still show Slack ID). + diff --git a/doc/install/prod-ubuntu.md b/doc/install/prod-ubuntu.md index 866b1bdbe..d2490062d 100644 --- a/doc/install/prod-ubuntu.md +++ b/doc/install/prod-ubuntu.md @@ -6,7 +6,7 @@ * ``` sudo apt-get update``` * ``` sudo apt-get upgrade``` -## Setup Database Server +## Set up Database Server 1. For the purposes of this guide we will assume this server has an IP address of 10.10.10.1 1. Install PostgreSQL 9.3+ (or MySQL 5.2+) * ``` sudo apt-get install postgresql postgresql-contrib``` @@ -25,13 +25,13 @@ 1. You can exit the postgres account by typing: * ``` exit``` -## Setup Mattermost Server +## Set up Mattermost Server 1. For the purposes of this guide we will assume this server has an IP address of 10.10.10.2 1. Download the latest Mattermost Server by typing: * ``` wget https://github.com/mattermost/platform/releases/download/v1.0.0/mattermost.tar.gz``` 1. Unzip the Mattermost Server by typing: * ``` tar -xvzf mattermost.tar.gz``` -1. For the sake of making this guide simple we located the files at `/home/ubuntu/mattermost`, in the future we will give guidance for storing under `/opt`. +1. For the sake of making this guide simple we located the files at `/home/ubuntu/mattermost`. In the future we will give guidance for storing under `/opt`. 1. We have also elected to run the Mattermost Server as the `ubuntu` account for simplicity. We recommend settings up and running the service under a `mattermost` user account with limited permissions. 1. Create the storage directory for files. We assume you will have attached a large drive for storage of images and files. For this setup we will assume the directory is located at `/mattermost/data`. * Create the directory by typing: @@ -70,7 +70,7 @@ exec bin/platform * You should see a page titles *Mattermost - Signup* * You can also stop the process by running the command ` sudo stop mattermost`, but we will skip this step for now. -## Setup Nginx Server +## Set up Nginx Server 1. For the purposes of this guide we will assume this server has an IP address of 10.10.10.3 1. We use Nginx for proxying request to the Mattermost Server. The main benefits are: * SSL termination @@ -90,8 +90,7 @@ exec bin/platform 1. Configure Nginx to proxy connections from the internet to the Mattermost Server * Create a configuration for Mattermost * ``` sudo touch /etc/nginx/sites-available/mattermost``` - * Below is a sample configuration with the minimum settings required to configure Mattermost. - * + * Below is a sample configuration with the minimum settings required to configure Mattermost ``` server { server_name mattermost.example.com; @@ -118,7 +117,7 @@ exec bin/platform * ``` curl http://localhost``` * You should see a page titles *Mattermost - Signup* -## Setup Nginx with SSL (Recommended) +## Set up Nginx with SSL (Recommended) 1. You will need a SSL cert from a certificate authority. 1. For simplicity we will generate a test certificate. * ``` mkdir ~/cert``` @@ -177,9 +176,9 @@ exec bin/platform * Save the Settings 1. Update File Settings * Change *Local Directory Location* from `./data/` to `/mattermost/data` -1. Update Log Settings +1. Update Log Settings. * Set *Log to The Console* to false -1. Update Rate Limit Settings +1. Update Rate Limit Settings. * Set *Vary By Remote Address* to false * Set *Vary By HTTP Header* to X-Real-IP 1. Feel free to modify other settings. diff --git a/docker/1.0/Dockerfile b/docker/1.0/Dockerfile index 3d7c36f31..8eeef8fb7 100644 --- a/docker/1.0/Dockerfile +++ b/docker/1.0/Dockerfile @@ -34,7 +34,7 @@ VOLUME /var/lib/mysql WORKDIR /mattermost # Copy over files -ADD https://github.com/mattermost/platform/releases/download/v1.0.0-rc1/mattermost.tar.gz / +ADD https://github.com/mattermost/platform/releases/download/v1.0.0-rc2/mattermost.tar.gz / RUN tar -zxvf /mattermost.tar.gz --strip-components=1 && rm /mattermost.tar.gz ADD config_docker.json / ADD docker-entry.sh / diff --git a/docker/1.0/config_docker.json b/docker/1.0/config_docker.json index 06fee9bd5..806071376 100644 --- a/docker/1.0/config_docker.json +++ b/docker/1.0/config_docker.json @@ -22,7 +22,7 @@ "MaxIdleConns": 10, "MaxOpenConns": 10, "Trace": false, - "AtRestEncryptKey": "7rAh6iwQCkV4cA1Gsg3fgGOXJAQ43QV" + "AtRestEncryptKey": "7rAh6iwQCkV4cA1Gsg3fgGOXJAQ43QVg" }, "LogSettings": { "EnableConsole": false, @@ -36,7 +36,7 @@ "DriverName": "local", "Directory": "/mattermost/data/", "EnablePublicLink": true, - "PublicLinkSalt": "LhaAWC6lYEKHTkBKsvyXNIOfUIT37AX", + "PublicLinkSalt": "A705AklYF8MFDOfcwh3I488G8vtLlVip", "ThumbnailWidth": 120, "ThumbnailHeight": 100, "PreviewWidth": 1024, @@ -60,8 +60,8 @@ "SMTPServer": "", "SMTPPort": "", "ConnectionSecurity": "", - "InviteSalt": "bjlSR4QqkXFBr7TP4oDzlfZmcNuH9Yo", - "PasswordResetSalt": "vZ4DcKyVVRlKHHJpexcuXzojkE5PZ5e", + "InviteSalt": "bjlSR4QqkXFBr7TP4oDzlfZmcNuH9YoS", + "PasswordResetSalt": "vZ4DcKyVVRlKHHJpexcuXzojkE5PZ5eL", "ApplePushServer": "", "ApplePushCertPublic": "", "ApplePushCertPrivate": "" diff --git a/docker/dev/config_docker.json b/docker/dev/config_docker.json index 0001eeb0a..733267f74 100644 --- a/docker/dev/config_docker.json +++ b/docker/dev/config_docker.json @@ -22,7 +22,7 @@ "MaxIdleConns": 10, "MaxOpenConns": 10, "Trace": false, - "AtRestEncryptKey": "7rAh6iwQCkV4cA1Gsg3fgGOXJAQ43QV" + "AtRestEncryptKey": "7rAh6iwQCkV4cA1Gsg3fgGOXJAQ43QVg" }, "LogSettings": { "EnableConsole": false, @@ -36,7 +36,7 @@ "DriverName": "local", "Directory": "/mattermost/data/", "EnablePublicLink": true, - "PublicLinkSalt": "LhaAWC6lYEKHTkBKsvyXNIOfUIT37AX", + "PublicLinkSalt": "A705AklYF8MFDOfcwh3I488G8vtLlVip", "ThumbnailWidth": 120, "ThumbnailHeight": 100, "PreviewWidth": 1024, @@ -60,8 +60,8 @@ "SMTPServer": "", "SMTPPort": "", "ConnectionSecurity": "", - "InviteSalt": "bjlSR4QqkXFBr7TP4oDzlfZmcNuH9Yo", - "PasswordResetSalt": "vZ4DcKyVVRlKHHJpexcuXzojkE5PZ5e", + "InviteSalt": "bjlSR4QqkXFBr7TP4oDzlfZmcNuH9YoS", + "PasswordResetSalt": "vZ4DcKyVVRlKHHJpexcuXzojkE5PZ5eL", "ApplePushServer": "", "ApplePushCertPublic": "", "ApplePushCertPrivate": "" diff --git a/docker/local/config_docker.json b/docker/local/config_docker.json index 0001eeb0a..733267f74 100644 --- a/docker/local/config_docker.json +++ b/docker/local/config_docker.json @@ -22,7 +22,7 @@ "MaxIdleConns": 10, "MaxOpenConns": 10, "Trace": false, - "AtRestEncryptKey": "7rAh6iwQCkV4cA1Gsg3fgGOXJAQ43QV" + "AtRestEncryptKey": "7rAh6iwQCkV4cA1Gsg3fgGOXJAQ43QVg" }, "LogSettings": { "EnableConsole": false, @@ -36,7 +36,7 @@ "DriverName": "local", "Directory": "/mattermost/data/", "EnablePublicLink": true, - "PublicLinkSalt": "LhaAWC6lYEKHTkBKsvyXNIOfUIT37AX", + "PublicLinkSalt": "A705AklYF8MFDOfcwh3I488G8vtLlVip", "ThumbnailWidth": 120, "ThumbnailHeight": 100, "PreviewWidth": 1024, @@ -60,8 +60,8 @@ "SMTPServer": "", "SMTPPort": "", "ConnectionSecurity": "", - "InviteSalt": "bjlSR4QqkXFBr7TP4oDzlfZmcNuH9Yo", - "PasswordResetSalt": "vZ4DcKyVVRlKHHJpexcuXzojkE5PZ5e", + "InviteSalt": "bjlSR4QqkXFBr7TP4oDzlfZmcNuH9YoS", + "PasswordResetSalt": "vZ4DcKyVVRlKHHJpexcuXzojkE5PZ5eL", "ApplePushServer": "", "ApplePushCertPublic": "", "ApplePushCertPrivate": "" diff --git a/mattermost.go b/mattermost.go index ff7b0f3f3..94bbe344d 100644 --- a/mattermost.go +++ b/mattermost.go @@ -355,7 +355,7 @@ Usage: -reset_password Resets the password for a user. It requires the -team_name, -email and -password flag. Example: - platform -reset_password -team_name="name" -email="user@example.com" -paossword="newpassword" + platform -reset_password -team_name="name" -email="user@example.com" -password="newpassword" ` diff --git a/model/user.go b/model/user.go index 5cb774478..d8000a7e2 100644 --- a/model/user.go +++ b/model/user.go @@ -304,10 +304,14 @@ func isValidRole(role string) bool { return false } +// Make sure you acually want to use this function. In context.go there are functions to check permssions +// This function should not be used to check permissions. func (u *User) IsInRole(inRole string) bool { return IsInRole(u.Roles, inRole) } +// Make sure you acually want to use this function. In context.go there are functions to check permssions +// This function should not be used to check permissions. func IsInRole(userRoles string, inRole string) bool { roles := strings.Split(userRoles, " ") diff --git a/web/react/components/admin_console/sql_settings.jsx b/web/react/components/admin_console/sql_settings.jsx index 430a7453b..0e0ceb9af 100644 --- a/web/react/components/admin_console/sql_settings.jsx +++ b/web/react/components/admin_console/sql_settings.jsx @@ -73,6 +73,12 @@ export default class SqlSettings extends React.Component { handleGenerate(e) { e.preventDefault(); + + var cfm = global.window.confirm('Warning: re-generating this salt may cause some columns in the database to return empty results.'); + if (cfm === false) { + return; + } + React.findDOMNode(this.refs.AtRestEncryptKey).value = crypto.randomBytes(256).toString('base64').substring(0, 32); var s = {saveNeeded: true, serverError: this.state.serverError}; this.setState(s); diff --git a/web/react/components/setting_upload.jsx b/web/react/components/setting_upload.jsx index fad27b355..ccb26cc58 100644 --- a/web/react/components/setting_upload.jsx +++ b/web/react/components/setting_upload.jsx @@ -7,11 +7,11 @@ export default class SettingsUpload extends React.Component { this.doFileSelect = this.doFileSelect.bind(this); this.doSubmit = this.doSubmit.bind(this); - this.onFileSelect = this.onFileSelect.bind(this); this.state = { clientError: this.props.clientError, - serverError: this.props.serverError + serverError: this.props.serverError, + filename: '' }; } @@ -24,9 +24,14 @@ export default class SettingsUpload extends React.Component { doFileSelect(e) { e.preventDefault(); + var filename = $(e.target).val(); + if (filename.substring(3, 11) === 'fakepath') { + filename = filename.substring(12); + } this.setState({ clientError: '', - serverError: '' + serverError: '', + filename }); } @@ -40,28 +45,28 @@ export default class SettingsUpload extends React.Component { } } - onFileSelect(e) { - var filename = $(e.target).val(); - if (filename.substring(3, 11) === 'fakepath') { - filename = filename.substring(12); - } - $(e.target).closest('li').find('.file-status').addClass('hide'); - $(e.target).closest('li').find('.file-name').removeClass('hide').html(filename); - } - render() { - var clientError = null; + let clientError = null; if (this.state.clientError) { clientError = ( <div className='file-status'>{this.state.clientError}</div> ); } - var serverError = null; + let serverError = null; if (this.state.serverError) { serverError = ( <div className='file-status'>{this.state.serverError}</div> ); } + let fileNameText = null; + let submitButtonClass = 'btn btn-sm btn-primary disabled'; + if (this.state.filename) { + fileNameText = ( + <div className='file-status file-name'>{this.state.filename}</div> + ); + submitButtonClass = 'btn btn-sm btn-primary'; + } + return ( <ul className='section-max'> <li className='col-sm-12 section-title'>{this.props.title}</li> @@ -70,21 +75,21 @@ export default class SettingsUpload extends React.Component { <ul className='setting-list'> <li className='setting-list-item'> <span className='btn btn-sm btn-primary btn-file sel-btn'> - Select file + {'Select file'} <input ref='uploadinput' accept={this.props.fileTypesAccepted} type='file' - onChange={this.onFileSelect} + onChange={this.doFileSelect} /> </span> <a - className={'btn btn-sm btn-primary'} + className={submitButtonClass} onClick={this.doSubmit} > - Import + {'Import'} </a> - <div className='file-status file-name hide'></div> + {fileNameText} {serverError} {clientError} </li> @@ -102,4 +107,4 @@ SettingsUpload.propTypes = { clientError: React.PropTypes.string, serverError: React.PropTypes.string, helpText: React.PropTypes.object -}; +};
\ No newline at end of file diff --git a/web/react/components/team_signup_url_page.jsx b/web/react/components/team_signup_url_page.jsx index 1b722d611..a3f89a217 100644 --- a/web/react/components/team_signup_url_page.jsx +++ b/web/react/components/team_signup_url_page.jsx @@ -35,8 +35,8 @@ export default class TeamSignupUrlPage extends React.Component { if (cleanedName !== name || !urlRegex.test(name)) { this.setState({nameError: "Use only lower case letters, numbers and dashes. Must start with a letter and can't end in a dash."}); return; - } else if (cleanedName.length <= 3 || cleanedName.length > 15) { - this.setState({nameError: 'Name must be 4 or more characters up to a maximum of 15'}); + } else if (cleanedName.length <= 2 || cleanedName.length > 15) { + this.setState({nameError: 'Name must be 3 or more characters up to a maximum of 15'}); return; } diff --git a/web/react/components/team_signup_with_sso.jsx b/web/react/components/team_signup_with_sso.jsx index a4972dd8d..14f281f7a 100644 --- a/web/react/components/team_signup_with_sso.jsx +++ b/web/react/components/team_signup_with_sso.jsx @@ -23,12 +23,14 @@ export default class SSOSignUpPage extends React.Component { team.display_name = this.state.name; - if (team.display_name.length <= 3) { + if (!team.display_name) { + state.nameError = 'Please enter a team name'; + this.setState(state); return; } - if (!team.display_name) { - state.nameError = 'Please enter a team name'; + if (team.display_name.length <= 2) { + state.nameError = 'Name must be 3 or more characters up to a maximum of 15'; this.setState(state); return; } @@ -68,7 +70,7 @@ export default class SSOSignUpPage extends React.Component { } var disabled = false; - if (this.state.name.length <= 3) { + if (this.state.name.length <= 2) { disabled = true; } diff --git a/web/react/utils/client.jsx b/web/react/utils/client.jsx index ea97b6421..5cb165b4c 100644 --- a/web/react/utils/client.jsx +++ b/web/react/utils/client.jsx @@ -332,6 +332,20 @@ export function saveConfig(config, success, error) { }); } +export function logClientError(msg) { + var l = {}; + l.level = 'ERROR'; + l.message = msg; + + $.ajax({ + url: '/api/v1/admin/log_client', + dataType: 'json', + contentType: 'application/json', + type: 'POST', + data: JSON.stringify(l) + }); +} + export function testEmail(config, success, error) { $.ajax({ url: '/api/v1/admin/test_email', diff --git a/web/react/utils/utils.jsx b/web/react/utils/utils.jsx index 91e47730e..8b20e2adf 100644 --- a/web/react/utils/utils.jsx +++ b/web/react/utils/utils.jsx @@ -483,7 +483,7 @@ export function applyTheme(theme) { changeCss('.post-image__column', 'border-color:' + changeOpacity(theme.centerChannelColor, 0.2), 2); changeCss('.post-image__column .post-image__details', 'color:' + theme.centerChannelColor, 2); changeCss('.post-image__column a, .post-image__column a:hover, .post-image__column a:focus', 'color:' + theme.centerChannelColor, 1); - changeCss('.search-bar__container .search__form .search-bar', 'background:' + changeOpacity(theme.centerChannelColor, 0.2), 1); + changeCss('@media(max-width: 768px){.search-bar__container .search__form .search-bar', 'background:' + changeOpacity(theme.centerChannelColor, 0.2), 1); changeCss('.search-bar__container .search__form', 'border-color:' + changeOpacity(theme.centerChannelColor, 0.2), 1); changeCss('.channel-intro .channel-intro__content', 'background:' + changeOpacity(theme.centerChannelColor, 0.05), 1); changeCss('.date-separator .separator__text', 'color:' + theme.centerChannelColor, 2); diff --git a/web/templates/head.html b/web/templates/head.html index 2b83119d8..faac4975a 100644 --- a/web/templates/head.html +++ b/web/templates/head.html @@ -43,13 +43,32 @@ <script src="/static/js/jquery-dragster/jquery.dragster.js"></script> <style id="antiClickjack">body{display:none !important;}</style> + + <script> + window.onerror = function(msg, url, line, column, stack) { + var l = {}; + l.level = 'ERROR'; + l.message = 'msg: ' + msg + ' row: ' + line + ' col: ' + column + ' stack: ' + stack + ' url: ' + url; + + $.ajax({ + url: '/api/v1/admin/log_client', + dataType: 'json', + contentType: 'application/json', + type: 'POST', + data: JSON.stringify(l) + }); + } + </script> + <script src="/static/js/bundle.js"></script> + <script type="text/javascript"> if (self === top) { var blocker = document.getElementById("antiClickjack"); blocker.parentNode.removeChild(blocker); } </script> + <script type="text/javascript"> if (window.config.SegmentDeveloperKey != null && window.config.SegmentDeveloperKey !== "") { !function(){var analytics=window.analytics=window.analytics||[];if(!analytics.initialize)if(analytics.invoked)window.console&&console.error&&console.error("Segment snippet included twice.");else{analytics.invoked=!0;analytics.methods=["trackSubmit","trackClick","trackLink","trackForm","pageview","identify","group","track","ready","alias","page","once","off","on"];analytics.factory=function(t){return function(){var e=Array.prototype.slice.call(arguments);e.unshift(t);analytics.push(e);return analytics}};for(var t=0;t<analytics.methods.length;t++){var e=analytics.methods[t];analytics[e]=analytics.factory(e)}analytics.load=function(t){var e=document.createElement("script");e.type="text/javascript";e.async=!0;e.src=("https:"===document.location.protocol?"https://":"http://")+"cdn.segment.com/analytics.js/v1/"+t+"/analytics.min.js";var n=document.getElementsByTagName("script")[0];n.parentNode.insertBefore(e,n)};analytics.SNIPPET_VERSION="3.0.1"; |