24 files changed, 1457 insertions, 1072 deletions

diff --git a/api/admin.go b/api/admin.go
index 4e4d21b0b..3aa1dc67d 100644
--- a/api/admin.go
+++ b/api/admin.go
@@ -4,32 +4,17 @@
 package api
 
 import (
-	"bufio"
-	"io"
-	"io/ioutil"
 	"net/http"
-	"os"
 	"strconv"
-	"strings"
-	"time"
-
-	"runtime/debug"
 
 	l4g "github.com/alecthomas/log4go"
 	"github.com/gorilla/mux"
 	"github.com/mattermost/platform/app"
-	"github.com/mattermost/platform/einterfaces"
 	"github.com/mattermost/platform/model"
-	"github.com/mattermost/platform/store"
 	"github.com/mattermost/platform/utils"
 	"github.com/mssola/user_agent"
 )
 
-const (
-	DAY_MILLISECONDS   = 24 * 60 * 60 * 1000
-	MONTH_MILLISECONDS = 31 * DAY_MILLISECONDS
-)
-
 func InitAdmin() {
 	l4g.Debug(utils.T("api.admin.init.debug"))
 
@@ -61,68 +46,28 @@ func InitAdmin() {
 }
 
 func getLogs(c *Context, w http.ResponseWriter, r *http.Request) {
-	lines, err := GetLogs()
+	lines, err := app.GetLogs()
 	if err != nil {
 		c.Err = err
 		return
 	}
 
-	if einterfaces.GetClusterInterface() != nil {
-		clines, err := einterfaces.GetClusterInterface().GetLogs()
-		if err != nil {
-			c.Err = err
-			return
-		}
-
-		lines = append(lines, clines...)
-	}
-
 	w.Write([]byte(model.ArrayToJson(lines)))
 }
 
-func GetLogs() ([]string, *model.AppError) {
-	var lines []string
-
-	if utils.Cfg.LogSettings.EnableFile {
-		file, err := os.Open(utils.GetLogFileLocation(utils.Cfg.LogSettings.FileLocation))
-		if err != nil {
-			return nil, model.NewLocAppError("getLogs", "api.admin.file_read_error", nil, err.Error())
-		}
-
-		defer file.Close()
-
-		scanner := bufio.NewScanner(file)
-		for scanner.Scan() {
-			lines = append(lines, scanner.Text())
-		}
-	} else {
-		lines = append(lines, "")
-	}
-
-	return lines, nil
-}
-
 func getClusterStatus(c *Context, w http.ResponseWriter, r *http.Request) {
-	infos := make([]*model.ClusterInfo, 0)
-	if einterfaces.GetClusterInterface() != nil {
-		infos = einterfaces.GetClusterInterface().GetClusterInfos()
-	}
-
+	infos := app.GetClusterStatus()
 	w.Write([]byte(model.ClusterInfosToJson(infos)))
 }
 
 func getAllAudits(c *Context, w http.ResponseWriter, r *http.Request) {
-	if result := <-app.Srv.Store.Audit().Get("", 200); result.Err != nil {
-		c.Err = result.Err
+	if audits, err := app.GetAudits("", 200); err != nil {
+		c.Err = err
+		return
+	} else if HandleEtag(audits.Etag(), "Get All Audits", w, r) {
 		return
 	} else {
-		audits := result.Data.(model.Audits)
 		etag := audits.Etag()
-
-		if HandleEtag(etag, "Get All Audits", w, r) {
-			return
-		}
-
 		if len(etag) > 0 {
 			w.Header().Set(model.HEADER_ETAG_SERVER, etag)
 		}
@@ -133,38 +78,22 @@ func getAllAudits(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func getConfig(c *Context, w http.ResponseWriter, r *http.Request) {
-	json := utils.Cfg.ToJson()
-	cfg := model.ConfigFromJson(strings.NewReader(json))
-
-	cfg.Sanitize()
-
+	cfg := app.GetConfig()
 	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
 	w.Write([]byte(cfg.ToJson()))
 }
 
 func reloadConfig(c *Context, w http.ResponseWriter, r *http.Request) {
-	debug.FreeOSMemory()
-	utils.LoadConfig(utils.CfgFileName)
-
-	// start/restart email batching job if necessary
-	app.InitEmailBatching()
-
+	app.ReloadConfig()
 	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
 	ReturnStatusOK(w)
 }
 
 func invalidateAllCaches(c *Context, w http.ResponseWriter, r *http.Request) {
-	debug.FreeOSMemory()
-
-	app.InvalidateAllCaches()
-
-	if einterfaces.GetClusterInterface() != nil {
-		err := einterfaces.GetClusterInterface().InvalidateAllCaches()
-		if err != nil {
-			c.Err = err
-			return
-		}
-
+	err := app.InvalidateAllCaches()
+	if err != nil {
+		c.Err = err
+		return
 	}
 
 	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
@@ -178,66 +107,18 @@ func saveConfig(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	cfg.SetDefaults()
-	utils.Desanitize(cfg)
-
-	if err := cfg.IsValid(); err != nil {
-		c.Err = err
-		return
-	}
-
-	if err := utils.ValidateLdapFilter(cfg); err != nil {
+	err := app.SaveConfig(cfg)
+	if err != nil {
 		c.Err = err
 		return
 	}
 
-	if *utils.Cfg.ClusterSettings.Enable {
-		c.Err = model.NewLocAppError("saveConfig", "ent.cluster.save_config.error", nil, "")
-		return
-	}
-
 	c.LogAudit("")
-
-	//oldCfg := utils.Cfg
-	utils.SaveConfig(utils.CfgFileName, cfg)
-	utils.LoadConfig(utils.CfgFileName)
-
-	if einterfaces.GetMetricsInterface() != nil {
-		if *utils.Cfg.MetricsSettings.Enable {
-			einterfaces.GetMetricsInterface().StartServer()
-		} else {
-			einterfaces.GetMetricsInterface().StopServer()
-		}
-	}
-
-	// Future feature is to sync the configuration files
-	// if einterfaces.GetClusterInterface() != nil {
-	// 	err := einterfaces.GetClusterInterface().ConfigChanged(cfg, oldCfg, true)
-	// 	if err != nil {
-	// 		c.Err = err
-	// 		return
-	// 	}
-	// }
-
-	// start/restart email batching job if necessary
-	app.InitEmailBatching()
-
-	rdata := map[string]string{}
-	rdata["status"] = "OK"
-	w.Write([]byte(model.MapToJson(rdata)))
+	ReturnStatusOK(w)
 }
 
 func recycleDatabaseConnection(c *Context, w http.ResponseWriter, r *http.Request) {
-	oldStore := app.Srv.Store
-
-	l4g.Warn(utils.T("api.admin.recycle_db_start.warn"))
-	app.Srv.Store = store.NewSqlStore()
-
-	time.Sleep(20 * time.Second)
-	oldStore.Close()
-
-	l4g.Warn(utils.T("api.admin.recycle_db_end.warn"))
-
+	app.RecycleDatabaseConnection()
 	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
 	ReturnStatusOK(w)
 }
@@ -249,32 +130,10 @@ func testEmail(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if len(cfg.EmailSettings.SMTPServer) == 0 {
-		c.Err = model.NewLocAppError("testEmail", "api.admin.test_email.missing_server", nil, utils.T("api.context.invalid_param.app_error", map[string]interface{}{"Name": "SMTPServer"}))
-		return
-	}
-
-	// if the user hasn't changed their email settings, fill in the actual SMTP password so that
-	// the user can verify an existing SMTP connection
-	if cfg.EmailSettings.SMTPPassword == model.FAKE_SETTING {
-		if cfg.EmailSettings.SMTPServer == utils.Cfg.EmailSettings.SMTPServer &&
-			cfg.EmailSettings.SMTPPort == utils.Cfg.EmailSettings.SMTPPort &&
-			cfg.EmailSettings.SMTPUsername == utils.Cfg.EmailSettings.SMTPUsername {
-			cfg.EmailSettings.SMTPPassword = utils.Cfg.EmailSettings.SMTPPassword
-		} else {
-			c.Err = model.NewLocAppError("testEmail", "api.admin.test_email.reenter_password", nil, "")
-			return
-		}
-	}
-
-	if result := <-app.Srv.Store.User().Get(c.Session.UserId); result.Err != nil {
-		c.Err = result.Err
+	err := app.TestEmail(c.Session.UserId, cfg)
+	if err != nil {
+		c.Err = err
 		return
-	} else {
-		if err := utils.SendMailUsingConfig(result.Data.(*model.User).Email, c.T("api.admin.test_email.subject"), c.T("api.admin.test_email.body"), cfg); err != nil {
-			c.Err = err
-			return
-		}
 	}
 
 	m := make(map[string]string)
@@ -283,26 +142,15 @@ func testEmail(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func getComplianceReports(c *Context, w http.ResponseWriter, r *http.Request) {
-	if !*utils.Cfg.ComplianceSettings.Enable || !utils.IsLicensed || !*utils.License.Features.Compliance {
-		c.Err = model.NewLocAppError("getComplianceReports", "ent.compliance.licence_disable.app_error", nil, "")
-		return
-	}
-
-	if result := <-app.Srv.Store.Compliance().GetAll(); result.Err != nil {
-		c.Err = result.Err
+	crs, err := app.GetComplianceReports()
+	if err != nil {
+		c.Err = err
 		return
-	} else {
-		crs := result.Data.(model.Compliances)
-		w.Write([]byte(crs.ToJson()))
 	}
+	w.Write([]byte(crs.ToJson()))
 }
 
 func saveComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
-	if !*utils.Cfg.ComplianceSettings.Enable || !utils.IsLicensed || !*utils.License.Features.Compliance || einterfaces.GetComplianceInterface() == nil {
-		c.Err = model.NewLocAppError("saveComplianceReport", "ent.compliance.licence_disable.app_error", nil, "")
-		return
-	}
-
 	job := model.ComplianceFromJson(r.Body)
 	if job == nil {
 		c.SetInvalidParam("saveComplianceReport", "compliance")
@@ -310,25 +158,18 @@ func saveComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	job.UserId = c.Session.UserId
-	job.Type = model.COMPLIANCE_TYPE_ADHOC
 
-	if result := <-app.Srv.Store.Compliance().Save(job); result.Err != nil {
-		c.Err = result.Err
+	rjob, err := app.SaveComplianceReport(job)
+	if err != nil {
+		c.Err = err
 		return
-	} else {
-		job = result.Data.(*model.Compliance)
-		go einterfaces.GetComplianceInterface().RunComplianceJob(job)
 	}
 
-	w.Write([]byte(job.ToJson()))
+	c.LogAudit("")
+	w.Write([]byte(rjob.ToJson()))
 }
 
 func downloadComplianceReport(c *Context, w http.ResponseWriter, r *http.Request) {
-	if !*utils.Cfg.ComplianceSettings.Enable || !utils.IsLicensed || !*utils.License.Features.Compliance || einterfaces.GetComplianceInterface() == nil {
-		c.Err = model.NewLocAppError("downloadComplianceReport", "ent.compliance.licence_disable.app_error", nil, "")
-		return
-	}
-
 	params := mux.Vars(r)
 
 	id := params["id"]
@@ -337,35 +178,36 @@ func downloadComplianceReport(c *Context, w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	if result := <-app.Srv.Store.Compliance().Get(id); result.Err != nil {
-		c.Err = result.Err
+	job, err := app.GetComplianceReport(id)
+	if err != nil {
+		c.Err = err
 		return
-	} else {
-		job := result.Data.(*model.Compliance)
-		c.LogAudit("downloaded " + job.Desc)
+	}
 
-		if f, err := ioutil.ReadFile(*utils.Cfg.ComplianceSettings.Directory + "compliance/" + job.JobName() + ".zip"); err != nil {
-			c.Err = model.NewLocAppError("readFile", "api.file.read_file.reading_local.app_error", nil, err.Error())
-			return
-		} else {
-			w.Header().Set("Cache-Control", "max-age=2592000, public")
-			w.Header().Set("Content-Length", strconv.Itoa(len(f)))
-			w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer
+	reportBytes, err := app.GetComplianceFile(job)
+	if err != nil {
+		c.Err = err
+		return
+	}
 
-			// attach extra headers to trigger a download on IE, Edge, and Safari
-			ua := user_agent.New(r.UserAgent())
-			bname, _ := ua.Browser()
+	c.LogAudit("downloaded " + job.Desc)
 
-			w.Header().Set("Content-Disposition", "attachment;filename=\""+job.JobName()+".zip\"")
+	w.Header().Set("Cache-Control", "max-age=2592000, public")
+	w.Header().Set("Content-Length", strconv.Itoa(len(reportBytes)))
+	w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer
 
-			if bname == "Edge" || bname == "Internet Explorer" || bname == "Safari" {
-				// trim off anything before the final / so we just get the file's name
-				w.Header().Set("Content-Type", "application/octet-stream")
-			}
+	// attach extra headers to trigger a download on IE, Edge, and Safari
+	ua := user_agent.New(r.UserAgent())
+	bname, _ := ua.Browser()
 
-			w.Write(f)
-		}
+	w.Header().Set("Content-Disposition", "attachment;filename=\""+job.JobName()+".zip\"")
+
+	if bname == "Edge" || bname == "Internet Explorer" || bname == "Safari" {
+		// trim off anything before the final / so we just get the file's name
+		w.Header().Set("Content-Type", "application/octet-stream")
 	}
+
+	w.Write(reportBytes)
 }
 
 func getAnalytics(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -373,237 +215,18 @@ func getAnalytics(c *Context, w http.ResponseWriter, r *http.Request) {
 	teamId := params["id"]
 	name := params["name"]
 
-	skipIntensiveQueries := false
-	var systemUserCount int64
-	if r := <-app.Srv.Store.User().AnalyticsUniqueUserCount(""); r.Err != nil {
-		c.Err = r.Err
+	rows, err := app.GetAnalytics(name, teamId)
+	if err != nil {
+		c.Err = err
 		return
-	} else {
-		systemUserCount = r.Data.(int64)
-		if systemUserCount > int64(*utils.Cfg.AnalyticsSettings.MaxUsersForStatistics) {
-			l4g.Debug("More than %v users on the system, intensive queries skipped", *utils.Cfg.AnalyticsSettings.MaxUsersForStatistics)
-			skipIntensiveQueries = true
-		}
 	}
 
-	if name == "standard" {
-		var rows model.AnalyticsRows = make([]*model.AnalyticsRow, 10)
-		rows[0] = &model.AnalyticsRow{"channel_open_count", 0}
-		rows[1] = &model.AnalyticsRow{"channel_private_count", 0}
-		rows[2] = &model.AnalyticsRow{"post_count", 0}
-		rows[3] = &model.AnalyticsRow{"unique_user_count", 0}
-		rows[4] = &model.AnalyticsRow{"team_count", 0}
-		rows[5] = &model.AnalyticsRow{"total_websocket_connections", 0}
-		rows[6] = &model.AnalyticsRow{"total_master_db_connections", 0}
-		rows[7] = &model.AnalyticsRow{"total_read_db_connections", 0}
-		rows[8] = &model.AnalyticsRow{"daily_active_users", 0}
-		rows[9] = &model.AnalyticsRow{"monthly_active_users", 0}
-
-		openChan := app.Srv.Store.Channel().AnalyticsTypeCount(teamId, model.CHANNEL_OPEN)
-		privateChan := app.Srv.Store.Channel().AnalyticsTypeCount(teamId, model.CHANNEL_PRIVATE)
-		teamChan := app.Srv.Store.Team().AnalyticsTeamCount()
-
-		var userChan store.StoreChannel
-		if teamId != "" {
-			userChan = app.Srv.Store.User().AnalyticsUniqueUserCount(teamId)
-		}
-
-		var postChan store.StoreChannel
-		if !skipIntensiveQueries {
-			postChan = app.Srv.Store.Post().AnalyticsPostCount(teamId, false, false)
-		}
-
-		dailyActiveChan := app.Srv.Store.User().AnalyticsActiveCount(DAY_MILLISECONDS)
-		monthlyActiveChan := app.Srv.Store.User().AnalyticsActiveCount(MONTH_MILLISECONDS)
-
-		if r := <-openChan; r.Err != nil {
-			c.Err = r.Err
-			return
-		} else {
-			rows[0].Value = float64(r.Data.(int64))
-		}
-
-		if r := <-privateChan; r.Err != nil {
-			c.Err = r.Err
-			return
-		} else {
-			rows[1].Value = float64(r.Data.(int64))
-		}
-
-		if postChan == nil {
-			rows[2].Value = -1
-		} else {
-			if r := <-postChan; r.Err != nil {
-				c.Err = r.Err
-				return
-			} else {
-				rows[2].Value = float64(r.Data.(int64))
-			}
-		}
-
-		if userChan == nil {
-			rows[3].Value = float64(systemUserCount)
-		} else {
-			if r := <-userChan; r.Err != nil {
-				c.Err = r.Err
-				return
-			} else {
-				rows[3].Value = float64(r.Data.(int64))
-			}
-		}
-
-		if r := <-teamChan; r.Err != nil {
-			c.Err = r.Err
-			return
-		} else {
-			rows[4].Value = float64(r.Data.(int64))
-		}
-
-		// If in HA mode then aggregrate all the stats
-		if einterfaces.GetClusterInterface() != nil && *utils.Cfg.ClusterSettings.Enable {
-			stats, err := einterfaces.GetClusterInterface().GetClusterStats()
-			if err != nil {
-				c.Err = err
-				return
-			}
-
-			totalSockets := app.TotalWebsocketConnections()
-			totalMasterDb := app.Srv.Store.TotalMasterDbConnections()
-			totalReadDb := app.Srv.Store.TotalReadDbConnections()
-
-			for _, stat := range stats {
-				totalSockets = totalSockets + stat.TotalWebsocketConnections
-				totalMasterDb = totalMasterDb + stat.TotalMasterDbConnections
-				totalReadDb = totalReadDb + stat.TotalReadDbConnections
-			}
-
-			rows[5].Value = float64(totalSockets)
-			rows[6].Value = float64(totalMasterDb)
-			rows[7].Value = float64(totalReadDb)
-
-		} else {
-			rows[5].Value = float64(app.TotalWebsocketConnections())
-			rows[6].Value = float64(app.Srv.Store.TotalMasterDbConnections())
-			rows[7].Value = float64(app.Srv.Store.TotalReadDbConnections())
-		}
-
-		if r := <-dailyActiveChan; r.Err != nil {
-			c.Err = r.Err
-			return
-		} else {
-			rows[8].Value = float64(r.Data.(int64))
-		}
-
-		if r := <-monthlyActiveChan; r.Err != nil {
-			c.Err = r.Err
-			return
-		} else {
-			rows[9].Value = float64(r.Data.(int64))
-		}
-
-		w.Write([]byte(rows.ToJson()))
-	} else if name == "post_counts_day" {
-		if skipIntensiveQueries {
-			rows := model.AnalyticsRows{&model.AnalyticsRow{"", -1}}
-			w.Write([]byte(rows.ToJson()))
-			return
-		}
-
-		if r := <-app.Srv.Store.Post().AnalyticsPostCountsByDay(teamId); r.Err != nil {
-			c.Err = r.Err
-			return
-		} else {
-			w.Write([]byte(r.Data.(model.AnalyticsRows).ToJson()))
-		}
-	} else if name == "user_counts_with_posts_day" {
-		if skipIntensiveQueries {
-			rows := model.AnalyticsRows{&model.AnalyticsRow{"", -1}}
-			w.Write([]byte(rows.ToJson()))
-			return
-		}
-
-		if r := <-app.Srv.Store.Post().AnalyticsUserCountsWithPostsByDay(teamId); r.Err != nil {
-			c.Err = r.Err
-			return
-		} else {
-			w.Write([]byte(r.Data.(model.AnalyticsRows).ToJson()))
-		}
-	} else if name == "extra_counts" {
-		var rows model.AnalyticsRows = make([]*model.AnalyticsRow, 6)
-		rows[0] = &model.AnalyticsRow{"file_post_count", 0}
-		rows[1] = &model.AnalyticsRow{"hashtag_post_count", 0}
-		rows[2] = &model.AnalyticsRow{"incoming_webhook_count", 0}
-		rows[3] = &model.AnalyticsRow{"outgoing_webhook_count", 0}
-		rows[4] = &model.AnalyticsRow{"command_count", 0}
-		rows[5] = &model.AnalyticsRow{"session_count", 0}
-
-		iHookChan := app.Srv.Store.Webhook().AnalyticsIncomingCount(teamId)
-		oHookChan := app.Srv.Store.Webhook().AnalyticsOutgoingCount(teamId)
-		commandChan := app.Srv.Store.Command().AnalyticsCommandCount(teamId)
-		sessionChan := app.Srv.Store.Session().AnalyticsSessionCount()
-
-		var fileChan store.StoreChannel
-		var hashtagChan store.StoreChannel
-		if !skipIntensiveQueries {
-			fileChan = app.Srv.Store.Post().AnalyticsPostCount(teamId, true, false)
-			hashtagChan = app.Srv.Store.Post().AnalyticsPostCount(teamId, false, true)
-		}
-
-		if fileChan == nil {
-			rows[0].Value = -1
-		} else {
-			if r := <-fileChan; r.Err != nil {
-				c.Err = r.Err
-				return
-			} else {
-				rows[0].Value = float64(r.Data.(int64))
-			}
-		}
-
-		if hashtagChan == nil {
-			rows[1].Value = -1
-		} else {
-			if r := <-hashtagChan; r.Err != nil {
-				c.Err = r.Err
-				return
-			} else {
-				rows[1].Value = float64(r.Data.(int64))
-			}
-		}
-
-		if r := <-iHookChan; r.Err != nil {
-			c.Err = r.Err
-			return
-		} else {
-			rows[2].Value = float64(r.Data.(int64))
-		}
-
-		if r := <-oHookChan; r.Err != nil {
-			c.Err = r.Err
-			return
-		} else {
-			rows[3].Value = float64(r.Data.(int64))
-		}
-
-		if r := <-commandChan; r.Err != nil {
-			c.Err = r.Err
-			return
-		} else {
-			rows[4].Value = float64(r.Data.(int64))
-		}
-
-		if r := <-sessionChan; r.Err != nil {
-			c.Err = r.Err
-			return
-		} else {
-			rows[5].Value = float64(r.Data.(int64))
-		}
-
-		w.Write([]byte(rows.ToJson()))
-	} else {
+	if rows == nil {
 		c.SetInvalidParam("getAnalytics", "name")
+		return
 	}
 
+	w.Write([]byte(rows.ToJson()))
 }
 
 func uploadBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -639,40 +262,18 @@ func uploadBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	brandInterface := einterfaces.GetBrandInterface()
-	if brandInterface == nil {
-		c.Err = model.NewLocAppError("uploadBrandImage", "api.admin.upload_brand_image.not_available.app_error", nil, "")
-		c.Err.StatusCode = http.StatusNotImplemented
-		return
-	}
-
-	if err := brandInterface.SaveBrandImage(imageArray[0]); err != nil {
+	if err := app.SaveBrandImage(imageArray[0]); err != nil {
 		c.Err = err
 		return
 	}
 
 	c.LogAudit("")
 
-	rdata := map[string]string{}
-	rdata["status"] = "OK"
-	w.Write([]byte(model.MapToJson(rdata)))
+	ReturnStatusOK(w)
 }
 
 func getBrandImage(c *Context, w http.ResponseWriter, r *http.Request) {
-	if len(utils.Cfg.FileSettings.DriverName) == 0 {
-		c.Err = model.NewLocAppError("getBrandImage", "api.admin.get_brand_image.storage.app_error", nil, "")
-		c.Err.StatusCode = http.StatusNotImplemented
-		return
-	}
-
-	brandInterface := einterfaces.GetBrandInterface()
-	if brandInterface == nil {
-		c.Err = model.NewLocAppError("getBrandImage", "api.admin.get_brand_image.not_available.app_error", nil, "")
-		c.Err.StatusCode = http.StatusNotImplemented
-		return
-	}
-
-	if img, err := brandInterface.GetBrandImage(); err != nil {
+	if img, err := app.GetBrandImage(); err != nil {
 		w.Write(nil)
 	} else {
 		w.Header().Set("Content-Type", "image/png")
@@ -716,7 +317,7 @@ func adminResetPassword(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := ResetPassword(c, userId, newPassword); err != nil {
+	if err := app.UpdatePasswordByUserIdSendEmail(userId, newPassword, c.T("api.user.reset_password.method"), c.GetSiteURL()); err != nil {
 		c.Err = err
 		return
 	}
@@ -729,15 +330,7 @@ func adminResetPassword(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func ldapSyncNow(c *Context, w http.ResponseWriter, r *http.Request) {
-	go func() {
-		if utils.IsLicensed && *utils.License.Features.LDAP && *utils.Cfg.LdapSettings.Enable {
-			if ldapI := einterfaces.GetLdapInterface(); ldapI != nil {
-				ldapI.SyncNow()
-			} else {
-				l4g.Error("%v", model.NewLocAppError("ldapSyncNow", "ent.ldap.disabled.app_error", nil, "").Error())
-			}
-		}
-	}()
+	app.SyncLdap()
 
 	rdata := map[string]string{}
 	rdata["status"] = "ok"
@@ -745,33 +338,18 @@ func ldapSyncNow(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func ldapTest(c *Context, w http.ResponseWriter, r *http.Request) {
-	if ldapI := einterfaces.GetLdapInterface(); ldapI != nil && utils.IsLicensed && *utils.License.Features.LDAP && *utils.Cfg.LdapSettings.Enable {
-		if err := ldapI.RunTest(); err != nil {
-			c.Err = err
-			c.Err.StatusCode = 500
-		}
-	} else {
-		c.Err = model.NewLocAppError("ldapTest", "ent.ldap.disabled.app_error", nil, "")
-		c.Err.StatusCode = http.StatusNotImplemented
+	if err := app.TestLdap(); err != nil {
+		c.Err = err
+		return
 	}
 
-	if c.Err == nil {
-		rdata := map[string]string{}
-		rdata["status"] = "ok"
-		w.Write([]byte(model.MapToJson(rdata)))
-	}
+	rdata := map[string]string{}
+	rdata["status"] = "ok"
+	w.Write([]byte(model.MapToJson(rdata)))
 }
 
 func samlMetadata(c *Context, w http.ResponseWriter, r *http.Request) {
-	samlInterface := einterfaces.GetSamlInterface()
-
-	if samlInterface == nil {
-		c.Err = model.NewLocAppError("loginWithSaml", "api.admin.saml.not_available.app_error", nil, "")
-		c.Err.StatusCode = http.StatusFound
-		return
-	}
-
-	if result, err := samlInterface.GetMetadata(); err != nil {
+	if result, err := app.GetSamlMetadata(); err != nil {
 		c.Err = model.NewLocAppError("loginWithSaml", "api.admin.saml.metadata.app_error", nil, "err="+err.Message)
 		return
 	} else {
@@ -805,58 +383,38 @@ func addCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	fileData := fileArray[0]
 
-	file, err := fileData.Open()
-	defer file.Close()
-	if err != nil {
-		c.Err = model.NewLocAppError("addCertificate", "api.admin.add_certificate.open.app_error", nil, err.Error())
-		return
-	}
-
-	out, err := os.Create(utils.FindDir("config") + fileData.Filename)
-	if err != nil {
-		c.Err = model.NewLocAppError("addCertificate", "api.admin.add_certificate.saving.app_error", nil, err.Error())
+	if err := app.AddSamlCertificate(fileData); err != nil {
+		c.Err = err
 		return
 	}
-	defer out.Close()
-
-	io.Copy(out, file)
 	ReturnStatusOK(w)
 }
 
 func removeCertificate(c *Context, w http.ResponseWriter, r *http.Request) {
 	props := model.MapFromJson(r.Body)
 
-	filename := props["filename"]
-	if err := os.Remove(utils.FindConfigFile(filename)); err != nil {
-		c.Err = model.NewLocAppError("removeCertificate", "api.admin.remove_certificate.delete.app_error",
-			map[string]interface{}{"Filename": filename}, err.Error())
+	if err := app.RemoveSamlCertificate(props["filename"]); err != nil {
+		c.Err = err
 		return
 	}
+
 	ReturnStatusOK(w)
 }
 
 func samlCertificateStatus(c *Context, w http.ResponseWriter, r *http.Request) {
-	status := make(map[string]interface{})
-
-	status["IdpCertificateFile"] = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.IdpCertificateFile)
-	status["PrivateKeyFile"] = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.PrivateKeyFile)
-	status["PublicCertificateFile"] = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.PublicCertificateFile)
-
+	status := app.GetSamlCertificateStatus()
 	w.Write([]byte(model.StringInterfaceToJson(status)))
 }
 
 func getRecentlyActiveUsers(c *Context, w http.ResponseWriter, r *http.Request) {
-	if result := <-app.Srv.Store.User().GetRecentlyActiveUsersForTeam(c.TeamId); result.Err != nil {
-		c.Err = result.Err
+	if profiles, err := app.GetRecentlyActiveUsersForTeam(c.TeamId); err != nil {
+		c.Err = err
 		return
 	} else {
-		profiles := result.Data.(map[string]*model.User)
-
 		for _, p := range profiles {
 			sanitizeProfile(c, p)
 		}
 
 		w.Write([]byte(model.UserMapToJson(profiles)))
 	}
-
 }
diff --git a/api/api.go b/api/api.go
index 3d2217ef5..59c547b8c 100644
--- a/api/api.go
+++ b/api/api.go
@@ -4,7 +4,6 @@
 package api
 
 import (
-	"io/ioutil"
 	"net/http"
 
 	"github.com/gorilla/mux"
@@ -144,10 +143,3 @@ func ReturnStatusOK(w http.ResponseWriter) {
 	m[model.STATUS] = model.STATUS_OK
 	w.Write([]byte(model.MapToJson(m)))
 }
-
-func closeBody(r *http.Response) {
-	if r.Body != nil {
-		ioutil.ReadAll(r.Body)
-		r.Body.Close()
-	}
-}
diff --git a/api/post.go b/api/post.go
index 13cfecfdf..4d1425c18 100644
--- a/api/post.go
+++ b/api/post.go
@@ -8,11 +8,9 @@ import (
 	"strconv"
 
 	l4g "github.com/alecthomas/log4go"
-	"github.com/dyatlov/go-opengraph/opengraph"
 	"github.com/gorilla/mux"
 	"github.com/mattermost/platform/app"
 	"github.com/mattermost/platform/model"
-	"github.com/mattermost/platform/store"
 	"github.com/mattermost/platform/utils"
 )
 
@@ -44,67 +42,28 @@ func createPost(c *Context, w http.ResponseWriter, r *http.Request) {
 		c.SetInvalidParam("createPost", "post")
 		return
 	}
-	post.UserId = c.Session.UserId
 
-	cchan := app.Srv.Store.Channel().Get(post.ChannelId, true)
+	post.UserId = c.Session.UserId
 
 	if !app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_CREATE_POST) {
 		c.SetPermissionError(model.PERMISSION_CREATE_POST)
 		return
 	}
 
-	// Check that channel has not been deleted
-	var channel *model.Channel
-	if result := <-cchan; result.Err != nil {
-		c.SetInvalidParam("createPost", "post.channelId")
-		return
-	} else {
-		channel = result.Data.(*model.Channel)
-	}
-
-	if channel.DeleteAt != 0 {
-		c.Err = model.NewLocAppError("createPost", "api.post.create_post.can_not_post_to_deleted.error", nil, "")
-		c.Err.StatusCode = http.StatusBadRequest
-		return
-	}
-
 	if post.CreateAt != 0 && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
 		post.CreateAt = 0
 	}
 
-	if rp, err := app.CreatePost(post, c.TeamId, true); err != nil {
+	rp, err := app.CreatePostAsUser(post, c.TeamId)
+	if err != nil {
 		c.Err = err
-
-		if c.Err.Id == "api.post.create_post.root_id.app_error" ||
-			c.Err.Id == "api.post.create_post.channel_root_id.app_error" ||
-			c.Err.Id == "api.post.create_post.parent_id.app_error" {
-			c.Err.StatusCode = http.StatusBadRequest
-		}
-
 		return
-	} else {
-		// Update the LastViewAt only if the post does not have from_webhook prop set (eg. Zapier app)
-		if _, ok := post.Props["from_webhook"]; !ok {
-			if result := <-app.Srv.Store.Channel().UpdateLastViewedAt([]string{post.ChannelId}, c.Session.UserId); result.Err != nil {
-				l4g.Error(utils.T("api.post.create_post.last_viewed.error"), post.ChannelId, c.Session.UserId, result.Err)
-			}
-		}
-
-		w.Write([]byte(rp.ToJson()))
 	}
+
+	w.Write([]byte(rp.ToJson()))
 }
 
 func updatePost(c *Context, w http.ResponseWriter, r *http.Request) {
-
-	if utils.IsLicensed {
-		if *utils.Cfg.ServiceSettings.AllowEditPost == model.ALLOW_EDIT_POST_NEVER {
-			c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil,
-				c.T("api.post.update_post.permissions_denied.app_error"))
-			c.Err.StatusCode = http.StatusForbidden
-			return
-		}
-	}
-
 	post := model.PostFromJson(r.Body)
 
 	if post == nil {
@@ -112,77 +71,20 @@ func updatePost(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	pchan := app.Srv.Store.Post().Get(post.Id)
-
 	if !app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_EDIT_POST) {
 		c.SetPermissionError(model.PERMISSION_EDIT_POST)
 		return
 	}
 
-	var oldPost *model.Post
-	if result := <-pchan; result.Err != nil {
-		c.Err = result.Err
-		return
-	} else {
-		oldPost = result.Data.(*model.PostList).Posts[post.Id]
-
-		if oldPost == nil {
-			c.Err = model.NewLocAppError("updatePost", "api.post.update_post.find.app_error", nil, "id="+post.Id)
-			c.Err.StatusCode = http.StatusBadRequest
-			return
-		}
-
-		if oldPost.UserId != c.Session.UserId {
-			c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil, "oldUserId="+oldPost.UserId)
-			c.Err.StatusCode = http.StatusForbidden
-			return
-		}
-
-		if oldPost.DeleteAt != 0 {
-			c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil,
-				c.T("api.post.update_post.permissions_details.app_error", map[string]interface{}{"PostId": post.Id}))
-			c.Err.StatusCode = http.StatusForbidden
-			return
-		}
-
-		if oldPost.IsSystemMessage() {
-			c.Err = model.NewLocAppError("updatePost", "api.post.update_post.system_message.app_error", nil, "id="+post.Id)
-			c.Err.StatusCode = http.StatusForbidden
-			return
-		}
-
-		if utils.IsLicensed {
-			if *utils.Cfg.ServiceSettings.AllowEditPost == model.ALLOW_EDIT_POST_TIME_LIMIT && model.GetMillis() > oldPost.CreateAt+int64(*utils.Cfg.ServiceSettings.PostEditTimeLimit*1000) {
-				c.Err = model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil,
-					c.T("api.post.update_post.permissions_time_limit.app_error", map[string]interface{}{"timeLimit": *utils.Cfg.ServiceSettings.PostEditTimeLimit}))
-				c.Err.StatusCode = http.StatusForbidden
-				return
-			}
-		}
-	}
-
-	newPost := &model.Post{}
-	*newPost = *oldPost
-
-	newPost.Message = post.Message
-	newPost.EditAt = model.GetMillis()
-	newPost.Hashtags, _ = model.ParseHashtags(post.Message)
+	post.UserId = c.Session.UserId
 
-	if result := <-app.Srv.Store.Post().Update(newPost, oldPost); result.Err != nil {
-		c.Err = result.Err
+	rpost, err := app.UpdatePost(post)
+	if err != nil {
+		c.Err = err
 		return
-	} else {
-		rpost := result.Data.(*model.Post)
-
-		message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_POST_EDITED, "", rpost.ChannelId, "", nil)
-		message.Add("post", rpost.ToJson())
-
-		go app.Publish(message)
-
-		app.InvalidateCacheForChannelPosts(rpost.ChannelId)
-
-		w.Write([]byte(rpost.ToJson()))
 	}
+
+	w.Write([]byte(rpost.ToJson()))
 }
 
 func getFlaggedPosts(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -200,16 +102,12 @@ func getFlaggedPosts(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	posts := &model.PostList{}
-
-	if result := <-app.Srv.Store.Post().GetFlaggedPosts(c.Session.UserId, offset, limit); result.Err != nil {
-		c.Err = result.Err
+	if posts, err := app.GetFlaggedPosts(c.Session.UserId, offset, limit); err != nil {
+		c.Err = err
 		return
 	} else {
-		posts = result.Data.(*model.PostList)
+		w.Write([]byte(posts.ToJson()))
 	}
-
-	w.Write([]byte(posts.ToJson()))
 }
 
 func getPosts(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -233,27 +131,21 @@ func getPosts(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	etagChan := app.Srv.Store.Post().GetEtag(id, true)
-
 	if !app.SessionHasPermissionToChannel(c.Session, id, model.PERMISSION_CREATE_POST) {
 		c.SetPermissionError(model.PERMISSION_CREATE_POST)
 		return
 	}
 
-	etag := (<-etagChan).Data.(string)
+	etag := app.GetPostsEtag(id)
 
 	if HandleEtag(etag, "Get Posts", w, r) {
 		return
 	}
 
-	pchan := app.Srv.Store.Post().GetPosts(id, offset, limit, true)
-
-	if result := <-pchan; result.Err != nil {
-		c.Err = result.Err
+	if list, err := app.GetPosts(id, offset, limit); err != nil {
+		c.Err = err
 		return
 	} else {
-		list := result.Data.(*model.PostList)
-
 		w.Header().Set(model.HEADER_ETAG_SERVER, etag)
 		w.Write([]byte(list.ToJson()))
 	}
@@ -275,19 +167,15 @@ func getPostsSince(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	pchan := app.Srv.Store.Post().GetPostsSince(id, time, true)
-
 	if !app.SessionHasPermissionToChannel(c.Session, id, model.PERMISSION_READ_CHANNEL) {
 		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
 		return
 	}
 
-	if result := <-pchan; result.Err != nil {
-		c.Err = result.Err
+	if list, err := app.GetPostsSince(id, time); err != nil {
+		c.Err = err
 		return
 	} else {
-		list := result.Data.(*model.PostList)
-
 		w.Write([]byte(list.ToJson()))
 	}
 
@@ -308,21 +196,17 @@ func getPost(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	pchan := app.Srv.Store.Post().Get(postId)
-
 	if !app.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) {
 		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
 		return
 	}
 
-	if result := <-pchan; result.Err != nil {
-		c.Err = result.Err
+	if list, err := app.GetPostThread(postId); err != nil {
+		c.Err = err
 		return
-	} else if HandleEtag(result.Data.(*model.PostList).Etag(), "Get Post", w, r) {
+	} else if HandleEtag(list.Etag(), "Get Post", w, r) {
 		return
 	} else {
-		list := result.Data.(*model.PostList)
-
 		if !list.IsChannelId(channelId) {
 			c.Err = model.NewLocAppError("getPost", "api.post.get_post.permissions.app_error", nil, "")
 			c.Err.StatusCode = http.StatusForbidden
@@ -343,12 +227,10 @@ func getPostById(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if result := <-app.Srv.Store.Post().Get(postId); result.Err != nil {
-		c.Err = result.Err
+	if list, err := app.GetPostThread(postId); err != nil {
+		c.Err = err
 		return
 	} else {
-		list := result.Data.(*model.PostList)
-
 		if len(list.Order) != 1 {
 			c.Err = model.NewLocAppError("getPostById", "api.post_get_post_by_id.get.app_error", nil, "")
 			return
@@ -378,39 +260,17 @@ func getPermalinkTmp(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if result := <-app.Srv.Store.Post().Get(postId); result.Err != nil {
-		c.Err = result.Err
+	if !app.HasPermissionToChannelByPost(c.Session.UserId, postId, model.PERMISSION_JOIN_PUBLIC_CHANNELS) {
+		c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS)
 		return
-	} else {
-		list := result.Data.(*model.PostList)
-
-		if len(list.Order) != 1 {
-			c.Err = model.NewLocAppError("getPermalinkTmp", "api.post_get_post_by_id.get.app_error", nil, "")
-			return
-		}
-		post := list.Posts[list.Order[0]]
-
-		var channel *model.Channel
-		var err *model.AppError
-		if channel, err = app.GetChannel(post.ChannelId); err != nil {
-			c.Err = err
-			return
-		}
-
-		if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_JOIN_PUBLIC_CHANNELS) {
-			c.SetPermissionError(model.PERMISSION_JOIN_PUBLIC_CHANNELS)
-			return
-		}
-
-		if err = app.JoinChannel(channel, c.Session.UserId); err != nil {
-			c.Err = err
-			return
-		}
-
-		if HandleEtag(list.Etag(), "Get Permalink TMP", w, r) {
-			return
-		}
+	}
 
+	if list, err := app.GetPermalinkPost(postId, c.Session.UserId); err != nil {
+		c.Err = err
+		return
+	} else if HandleEtag(list.Etag(), "Get Permalink TMP", w, r) {
+		return
+	} else {
 		w.Header().Set(model.HEADER_ETAG_SERVER, list.Etag())
 		w.Write([]byte(list.ToJson()))
 	}
@@ -436,69 +296,27 @@ func deletePost(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	pchan := app.Srv.Store.Post().Get(postId)
+	if !app.SessionHasPermissionToPost(c.Session, postId, model.PERMISSION_DELETE_OTHERS_POSTS) {
+		c.SetPermissionError(model.PERMISSION_DELETE_OTHERS_POSTS)
+		return
+	}
 
-	if result := <-pchan; result.Err != nil {
-		c.Err = result.Err
+	if post, err := app.DeletePost(postId); err != nil {
+		c.Err = err
 		return
 	} else {
-
-		post := result.Data.(*model.PostList).Posts[postId]
-
-		if post == nil {
-			c.SetInvalidParam("deletePost", "postId")
-			return
-		}
-
 		if post.ChannelId != channelId {
 			c.Err = model.NewLocAppError("deletePost", "api.post.delete_post.permissions.app_error", nil, "")
 			c.Err.StatusCode = http.StatusForbidden
 			return
 		}
 
-		if post.UserId != c.Session.UserId && !app.SessionHasPermissionToChannel(c.Session, post.ChannelId, model.PERMISSION_DELETE_OTHERS_POSTS) {
-			c.Err = model.NewLocAppError("deletePost", "api.post.delete_post.permissions.app_error", nil, "")
-			c.Err.StatusCode = http.StatusForbidden
-			return
-		}
-
-		if dresult := <-app.Srv.Store.Post().Delete(postId, model.GetMillis()); dresult.Err != nil {
-			c.Err = dresult.Err
-			return
-		}
-
-		message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_POST_DELETED, "", post.ChannelId, "", nil)
-		message.Add("post", post.ToJson())
-
-		go app.Publish(message)
-		go DeletePostFiles(post)
-		go DeleteFlaggedPost(c.Session.UserId, post)
-
-		app.InvalidateCacheForChannelPosts(post.ChannelId)
-
 		result := make(map[string]string)
 		result["id"] = postId
 		w.Write([]byte(model.MapToJson(result)))
 	}
 }
 
-func DeleteFlaggedPost(userId string, post *model.Post) {
-	if result := <-app.Srv.Store.Preference().Delete(userId, model.PREFERENCE_CATEGORY_FLAGGED_POST, post.Id); result.Err != nil {
-		l4g.Warn(utils.T("api.post.delete_flagged_post.app_error.warn"), result.Err)
-		return
-	}
-}
-
-func DeletePostFiles(post *model.Post) {
-	if len(post.FileIds) != 0 {
-		return
-	}
-
-	if result := <-app.Srv.Store.FileInfo().DeleteForPost(post.Id); result.Err != nil {
-		l4g.Warn(utils.T("api.post.delete_post_files.app_error.warn"), post.Id, result.Err)
-	}
-}
-
 func getPostsBefore(c *Context, w http.ResponseWriter, r *http.Request) {
 	getPostsBeforeOrAfter(c, w, r, true)
 }
@@ -534,32 +352,22 @@ func getPostsBeforeOrAfter(c *Context, w http.ResponseWriter, r *http.Request, b
 		return
 	}
 
-	// We can do better than this etag in this situation
-	etagChan := app.Srv.Store.Post().GetEtag(id, true)
-
 	if !app.SessionHasPermissionToChannel(c.Session, id, model.PERMISSION_READ_CHANNEL) {
 		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
 		return
 	}
 
-	etag := (<-etagChan).Data.(string)
+	// We can do better than this etag in this situation
+	etag := app.GetPostsEtag(id)
+
 	if HandleEtag(etag, "Get Posts Before or After", w, r) {
 		return
 	}
 
-	var pchan store.StoreChannel
-	if before {
-		pchan = app.Srv.Store.Post().GetPostsBefore(id, postId, numPosts, offset)
-	} else {
-		pchan = app.Srv.Store.Post().GetPostsAfter(id, postId, numPosts, offset)
-	}
-
-	if result := <-pchan; result.Err != nil {
-		c.Err = result.Err
+	if list, err := app.GetPostsAroundPost(postId, id, offset, numPosts, before); err != nil {
+		c.Err = err
 		return
 	} else {
-		list := result.Data.(*model.PostList)
-
 		w.Header().Set(model.HEADER_ETAG_SERVER, etag)
 		w.Write([]byte(list.ToJson()))
 	}
@@ -579,26 +387,10 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request) {
 		isOrSearch = val.(bool)
 	}
 
-	paramsList := model.ParseSearchParams(terms)
-	channels := []store.StoreChannel{}
-
-	for _, params := range paramsList {
-		params.OrTerms = isOrSearch
-		// don't allow users to search for everything
-		if params.Terms != "*" {
-			channels = append(channels, app.Srv.Store.Post().Search(c.TeamId, c.Session.UserId, params))
-		}
-	}
-
-	posts := &model.PostList{}
-	for _, channel := range channels {
-		if result := <-channel; result.Err != nil {
-			c.Err = result.Err
-			return
-		} else {
-			data := result.Data.(*model.PostList)
-			posts.Extend(data)
-		}
+	posts, err := app.SearchPostsInTeam(terms, c.Session.UserId, c.TeamId, isOrSearch)
+	if err != nil {
+		c.Err = err
+		return
 	}
 
 	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
@@ -620,69 +412,35 @@ func getFileInfosForPost(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	pchan := app.Srv.Store.Post().Get(postId)
-	fchan := app.Srv.Store.FileInfo().GetForPost(postId)
-
 	if !app.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) {
 		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
 		return
 	}
 
-	var infos []*model.FileInfo
-	if result := <-fchan; result.Err != nil {
-		c.Err = result.Err
+	if infos, err := app.GetFileInfosForPost(postId); err != nil {
+		c.Err = err
 		return
-	} else {
-		infos = result.Data.([]*model.FileInfo)
-	}
-
-	if len(infos) == 0 {
-		// No FileInfos were returned so check if they need to be created for this post
-		var post *model.Post
-		if result := <-pchan; result.Err != nil {
-			c.Err = result.Err
-			return
-		} else {
-			post = result.Data.(*model.PostList).Posts[postId]
-		}
-
-		if len(post.Filenames) > 0 {
-			// The post has Filenames that need to be replaced with FileInfos
-			infos = app.MigrateFilenamesToFileInfos(post)
-		}
-	}
-
-	etag := model.GetEtagForFileInfos(infos)
-
-	if HandleEtag(etag, "Get File Infos For Post", w, r) {
+	} else if HandleEtag(model.GetEtagForFileInfos(infos), "Get File Infos For Post", w, r) {
 		return
 	} else {
 		w.Header().Set("Cache-Control", "max-age=2592000, public")
-		w.Header().Set(model.HEADER_ETAG_SERVER, etag)
+		w.Header().Set(model.HEADER_ETAG_SERVER, model.GetEtagForFileInfos(infos))
 		w.Write([]byte(model.FileInfosToJson(infos)))
 	}
 }
 
 func getOpenGraphMetadata(c *Context, w http.ResponseWriter, r *http.Request) {
 	props := model.StringInterfaceFromJson(r.Body)
-	og := opengraph.NewOpenGraph()
 
-	res, err := http.Get(props["url"].(string))
-	defer closeBody(res)
-	if err != nil {
-		writeOpenGraphToResponse(w, og)
+	url := ""
+	ok := false
+	if url, ok = props["url"].(string); len(url) == 0 || !ok {
+		c.SetInvalidParam("getOpenGraphMetadata", "url")
 		return
 	}
 
-	if err := og.ProcessHTML(res.Body); err != nil {
-		writeOpenGraphToResponse(w, og)
-		return
-	}
-
-	writeOpenGraphToResponse(w, og)
-}
+	og := app.GetOpenGraphMetadata(url)
 
-func writeOpenGraphToResponse(w http.ResponseWriter, og *opengraph.OpenGraph) {
 	ogJson, err := og.ToJSON()
 	if err != nil {
 		w.Write([]byte(`{"url": ""}`))
diff --git a/api/user.go b/api/user.go
index 789e10f5e..7722e917b 100644
--- a/api/user.go
+++ b/api/user.go
@@ -7,10 +7,8 @@ import (
 	"bytes"
 	b64 "encoding/base64"
 	"fmt"
-	"html/template"
 	"io"
 	"net/http"
-	"net/url"
 	"strconv"
 	"strings"
 	"time"
@@ -94,16 +92,9 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	user.EmailVerified = false
 
-	shouldSendWelcomeEmail := true
-
 	hash := r.URL.Query().Get("h")
 	inviteId := r.URL.Query().Get("iid")
 
-	if !CheckUserDomain(user, utils.Cfg.TeamSettings.RestrictCreationToDomains) {
-		c.Err = model.NewLocAppError("createUser", "api.user.create_user.accepted_domain.app_error", nil, "")
-		return
-	}
-
 	var ruser *model.User
 	var err *model.AppError
 	if len(hash) > 0 {
@@ -113,10 +104,8 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
 			c.Err = err
 			return
 		}
-
-		shouldSendWelcomeEmail = false
 	} else if len(inviteId) > 0 {
-		ruser, err = app.CreateUserWithInviteId(user, inviteId)
+		ruser, err = app.CreateUserWithInviteId(user, inviteId, c.GetSiteURL())
 		if err != nil {
 			c.Err = err
 			return
@@ -132,9 +121,7 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
 			c.Err = err
 			return
 		}
-	}
 
-	if shouldSendWelcomeEmail {
 		if err := app.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, c.GetSiteURL()); err != nil {
 			l4g.Error(err.Error())
 		}
@@ -144,49 +131,6 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
 
 }
 
-// Check that a user's email domain matches a list of space-delimited domains as a string.
-func CheckUserDomain(user *model.User, domains string) bool {
-	if len(domains) == 0 {
-		return true
-	}
-
-	domainArray := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(domains, "@", " ", -1), ",", " ", -1))))
-
-	matched := false
-	for _, d := range domainArray {
-		if strings.HasSuffix(strings.ToLower(user.Email), "@"+d) {
-			matched = true
-			break
-		}
-	}
-
-	return matched
-}
-
-func IsVerifyHashRequired(user *model.User, team *model.Team, hash string) bool {
-	shouldVerifyHash := true
-
-	if team.Type == model.TEAM_INVITE && len(team.AllowedDomains) > 0 && len(hash) == 0 && user != nil {
-		matched := CheckUserDomain(user, team.AllowedDomains)
-
-		if matched {
-			shouldVerifyHash = false
-		} else {
-			return true
-		}
-	}
-
-	if team.Type == model.TEAM_OPEN {
-		shouldVerifyHash = false
-	}
-
-	if len(hash) > 0 {
-		shouldVerifyHash = true
-	}
-
-	return shouldVerifyHash
-}
-
 func login(c *Context, w http.ResponseWriter, r *http.Request) {
 	props := model.MapFromJson(r.Body)
 
@@ -594,10 +538,7 @@ func getByEmail(c *Context, w http.ResponseWriter, r *http.Request) {
 	params := mux.Vars(r)
 	email := params["email"]
 
-	var user *model.User
-	var err *model.AppError
-
-	if user, err = app.GetUserByEmail(email); err != nil {
+	if user, err := app.GetUserByEmail(email); err != nil {
 		c.Err = err
 		return
 	} else if HandleEtag(user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress), "Get By Email", w, r) {
@@ -631,11 +572,8 @@ func getProfiles(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var profiles map[string]*model.User
-	var profileErr *model.AppError
-
-	if profiles, profileErr = app.GetUsers(offset, limit); profileErr != nil {
-		c.Err = profileErr
+	if profiles, err := app.GetUsers(offset, limit); err != nil {
+		c.Err = err
 		return
 	} else {
 		for k, p := range profiles {
@@ -674,11 +612,8 @@ func getProfilesInTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var profiles map[string]*model.User
-	var profileErr *model.AppError
-
-	if profiles, profileErr = app.GetUsersInTeam(teamId, offset, limit); profileErr != nil {
-		c.Err = profileErr
+	if profiles, err := app.GetUsersInTeam(teamId, offset, limit); err != nil {
+		c.Err = err
 		return
 	} else {
 		for k, p := range profiles {
@@ -694,18 +629,6 @@ func getProfilesInChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 	params := mux.Vars(r)
 	channelId := params["channel_id"]
 
-	if c.Session.GetTeamByTeamId(c.TeamId) == nil {
-		if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
-			c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
-			return
-		}
-	}
-
-	if !app.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) {
-		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
-		return
-	}
-
 	offset, err := strconv.Atoi(params["offset"])
 	if err != nil {
 		c.SetInvalidParam("getProfiles", "offset")
@@ -718,6 +641,18 @@ func getProfilesInChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if c.Session.GetTeamByTeamId(c.TeamId) == nil {
+		if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+			c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+			return
+		}
+	}
+
+	if !app.SessionHasPermissionToChannel(c.Session, channelId, model.PERMISSION_READ_CHANNEL) {
+		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+		return
+	}
+
 	var profiles map[string]*model.User
 	var profileErr *model.AppError
 
@@ -761,11 +696,8 @@ func getProfilesNotInChannel(c *Context, w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	var profiles map[string]*model.User
-	var profileErr *model.AppError
-
-	if profiles, err = app.GetUsersNotInChannel(c.TeamId, channelId, offset, limit); profileErr != nil {
-		c.Err = profileErr
+	if profiles, err := app.GetUsersNotInChannel(c.TeamId, channelId, offset, limit); err != nil {
+		c.Err = err
 		return
 	} else {
 		for k, p := range profiles {
@@ -897,11 +829,6 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := utils.IsPasswordValid(user.Password); user.Password != "" && err != nil {
-		c.Err = err
-		return
-	}
-
 	if ruser, err := app.UpdateUser(user, c.GetSiteURL()); err != nil {
 		c.Err = err
 		return
@@ -942,11 +869,6 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	newPassword := props["new_password"]
 
-	if err := utils.IsPasswordValid(newPassword); err != nil {
-		c.Err = err
-		return
-	}
-
 	if userId != c.Session.UserId {
 		c.Err = model.NewLocAppError("updatePassword", "api.user.update_password.context.app_error", nil, "")
 		c.Err.StatusCode = http.StatusForbidden
@@ -984,7 +906,7 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := app.UpdatePasswordSendEmail(user, model.HashPassword(newPassword), c.T("api.user.update_password.menu"), c.GetSiteURL()); err != nil {
+	if err := app.UpdatePasswordSendEmail(user, newPassword, c.T("api.user.update_password.menu"), c.GetSiteURL()); err != nil {
 		c.Err = err
 		return
 	} else {
@@ -1039,13 +961,6 @@ func updateActive(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	active := props["active"] == "true"
 
-	var user *model.User
-	var err *model.AppError
-	if user, err = app.GetUser(userId); err != nil {
-		c.Err = err
-		return
-	}
-
 	// true when you're trying to de-activate yourself
 	isSelfDeactive := !active && userId == c.Session.UserId
 
@@ -1055,13 +970,7 @@ func updateActive(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if user.IsLDAPUser() {
-		c.Err = model.NewLocAppError("updateActive", "api.user.update_active.no_deactivate_ldap.app_error", nil, "userId="+userId)
-		c.Err.StatusCode = http.StatusBadRequest
-		return
-	}
-
-	if ruser, err := app.UpdateActive(user, active); err != nil {
+	if ruser, err := app.UpdateActiveNoLdap(userId, active); err != nil {
 		c.Err = err
 	} else {
 		c.LogAuditWithUserId(ruser.Id, fmt.Sprintf("active=%v", active))
@@ -1078,42 +987,13 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var user *model.User
-	var err *model.AppError
-	if user, err = app.GetUserByEmail(email); err != nil {
-		w.Write([]byte(model.MapToJson(props)))
-		return
-	}
-
-	if user.AuthData != nil && len(*user.AuthData) != 0 {
-		c.Err = model.NewLocAppError("sendPasswordReset", "api.user.send_password_reset.sso.app_error", nil, "userId="+user.Id)
-		return
-	}
-
-	var recovery *model.PasswordRecovery
-	if recovery, err = app.CreatePasswordRecovery(user.Id); err != nil {
+	if sent, err := app.SendPasswordReset(email, c.GetSiteURL()); err != nil {
 		c.Err = err
 		return
+	} else if sent {
+		c.LogAudit("sent=" + email)
 	}
 
-	link := fmt.Sprintf("%s/reset_password_complete?code=%s", c.GetSiteURL(), url.QueryEscape(recovery.Code))
-
-	subject := c.T("api.templates.reset_subject")
-
-	bodyPage := utils.NewHTMLTemplate("reset_body", c.Locale)
-	bodyPage.Props["SiteURL"] = c.GetSiteURL()
-	bodyPage.Props["Title"] = c.T("api.templates.reset_body.title")
-	bodyPage.Html["Info"] = template.HTML(c.T("api.templates.reset_body.info"))
-	bodyPage.Props["ResetUrl"] = link
-	bodyPage.Props["Button"] = c.T("api.templates.reset_body.button")
-
-	if err := utils.SendMail(email, subject, bodyPage.Render()); err != nil {
-		c.Err = model.NewLocAppError("sendPasswordReset", "api.user.send_password_reset.send.app_error", nil, "err="+err.Message)
-		return
-	}
-
-	c.LogAuditWithUserId(user.Id, "sent="+email)
-
 	w.Write([]byte(model.MapToJson(props)))
 }
 
@@ -1127,64 +1007,22 @@ func resetPassword(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	newPassword := props["new_password"]
-	if err := utils.IsPasswordValid(newPassword); err != nil {
-		c.Err = err
-		return
-	}
-
-	c.LogAudit("attempt")
-
-	userId := ""
-
-	if recovery, err := app.GetPasswordRecovery(code); err != nil {
-		c.LogAuditWithUserId(userId, "fail - bad code")
-		c.Err = err
-		return
-	} else {
-		if model.GetMillis()-recovery.CreateAt < model.PASSWORD_RECOVER_EXPIRY_TIME {
-			userId = recovery.UserId
-		} else {
-			c.LogAuditWithUserId(userId, "fail - link expired")
-			c.Err = model.NewLocAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "")
-			return
-		}
 
-		if err := app.DeletePasswordRecoveryForUser(userId); err != nil {
-			l4g.Error(err.Error())
-		}
-	}
+	c.LogAudit("attempt - code=" + code)
 
-	if err := ResetPassword(c, userId, newPassword); err != nil {
+	if err := app.ResetPasswordFromCode(code, newPassword, c.GetSiteURL()); err != nil {
+		c.LogAudit("fail - code=" + code)
 		c.Err = err
 		return
 	}
 
-	c.LogAuditWithUserId(userId, "success")
+	c.LogAudit("success - code=" + code)
 
 	rdata := map[string]string{}
 	rdata["status"] = "ok"
 	w.Write([]byte(model.MapToJson(rdata)))
 }
 
-func ResetPassword(c *Context, userId, newPassword string) *model.AppError {
-	var user *model.User
-	var err *model.AppError
-	if user, err = app.GetUser(userId); err != nil {
-		return err
-	}
-
-	if user.AuthData != nil && len(*user.AuthData) != 0 && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
-		return model.NewLocAppError("ResetPassword", "api.user.reset_password.sso.app_error", nil, "userId="+user.Id)
-
-	}
-
-	if err := app.UpdatePasswordSendEmail(user, model.HashPassword(newPassword), c.T("api.user.reset_password.method"), c.GetSiteURL()); err != nil {
-		return err
-	}
-
-	return nil
-}
-
 func updateUserNotify(c *Context, w http.ResponseWriter, r *http.Request) {
 	props := model.MapFromJson(r.Body)
 
@@ -1225,22 +1063,13 @@ func updateUserNotify(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	var user *model.User
-	var err *model.AppError
-	if user, err = app.GetUser(userId); err != nil {
-		c.Err = err
-		return
-	}
-
-	user.NotifyProps = props
-
-	var ruser *model.User
-	if ruser, err = app.UpdateUser(user, c.GetSiteURL()); err != nil {
+	ruser, err := app.UpdateUserNotifyProps(userId, props, c.GetSiteURL())
+	if err != nil {
 		c.Err = err
 		return
 	}
 
-	c.LogAuditWithUserId(user.Id, "")
+	c.LogAuditWithUserId(ruser.Id, "")
 
 	options := utils.Cfg.GetSanitizeOptions()
 	options["passwordupdate"] = false
@@ -1340,7 +1169,7 @@ func oauthToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := app.UpdatePassword(user, model.HashPassword(password)); err != nil {
+	if err := app.UpdatePassword(user, password); err != nil {
 		c.LogAudit("fail - database issue")
 		c.Err = err
 		return
@@ -1509,7 +1338,7 @@ func ldapToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := app.UpdatePassword(user, model.HashPassword(emailPassword)); err != nil {
+	if err := app.UpdatePassword(user, emailPassword); err != nil {
 		c.LogAudit("fail - database issue")
 		c.Err = err
 		return
diff --git a/api/user_test.go b/api/user_test.go
index a7d6224ea..5a398a716 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -83,32 +83,6 @@ func TestCreateUser(t *testing.T) {
 	}
 }
 
-func TestCheckUserDomain(t *testing.T) {
-	th := Setup().InitBasic()
-	user := th.BasicUser
-
-	cases := []struct {
-		domains string
-		matched bool
-	}{
-		{"simulator.amazonses.com", true},
-		{"gmail.com", false},
-		{"", true},
-		{"gmail.com simulator.amazonses.com", true},
-	}
-	for _, c := range cases {
-		matched := CheckUserDomain(user, c.domains)
-		if matched != c.matched {
-			if c.matched {
-				t.Logf("'%v' should have matched '%v'", user.Email, c.domains)
-			} else {
-				t.Logf("'%v' should not have matched '%v'", user.Email, c.domains)
-			}
-			t.FailNow()
-		}
-	}
-}
-
 func TestLogin(t *testing.T) {
 	th := Setup().InitBasic()
 	Client := th.BasicClient
@@ -1356,6 +1330,7 @@ func TestResetPassword(t *testing.T) {
 	}
 
 	if _, err := Client.ResetPassword(recovery.Code, "newpwd1"); err != nil {
+		t.Log(recovery.Code)
 		t.Fatal(err)
 	}
 
diff --git a/api/webrtc.go b/api/webrtc.go
index 7ea6b2e42..8b00e724d 100644
--- a/api/webrtc.go
+++ b/api/webrtc.go
@@ -89,7 +89,7 @@ func getWebrtcToken(sessionId string) (string, *model.AppError) {
 	if rp, err := httpClient.Do(rq); err != nil {
 		return "", model.NewLocAppError("WebRTC.Token", "model.client.connecting.app_error", nil, err.Error())
 	} else if rp.StatusCode >= 300 {
-		defer closeBody(rp)
+		defer app.CloseBody(rp)
 		return "", model.AppErrorFromJson(rp.Body)
 	} else {
 		janusResponse := model.GatewayResponseFromJson(rp.Body)
diff --git a/app/admin.go b/app/admin.go
new file mode 100644
index 000000000..c694285fa
--- /dev/null
+++ b/app/admin.go
@@ -0,0 +1,182 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package app
+
+import (
+	"bufio"
+	"os"
+	"strings"
+	"time"
+
+	"runtime/debug"
+
+	l4g "github.com/alecthomas/log4go"
+	"github.com/mattermost/platform/einterfaces"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/store"
+	"github.com/mattermost/platform/utils"
+)
+
+func GetLogs() ([]string, *model.AppError) {
+	var lines []string
+
+	if utils.Cfg.LogSettings.EnableFile {
+		file, err := os.Open(utils.GetLogFileLocation(utils.Cfg.LogSettings.FileLocation))
+		if err != nil {
+			return nil, model.NewLocAppError("getLogs", "api.admin.file_read_error", nil, err.Error())
+		}
+
+		defer file.Close()
+
+		scanner := bufio.NewScanner(file)
+		for scanner.Scan() {
+			lines = append(lines, scanner.Text())
+		}
+	} else {
+		lines = append(lines, "")
+	}
+
+	if einterfaces.GetClusterInterface() != nil {
+		clines, err := einterfaces.GetClusterInterface().GetLogs()
+		if err != nil {
+			return nil, err
+		}
+
+		lines = append(lines, clines...)
+	}
+
+	return lines, nil
+}
+
+func GetClusterStatus() []*model.ClusterInfo {
+	infos := make([]*model.ClusterInfo, 0)
+
+	if einterfaces.GetClusterInterface() != nil {
+		infos = einterfaces.GetClusterInterface().GetClusterInfos()
+	}
+
+	return infos
+}
+
+func InvalidateAllCaches() *model.AppError {
+	debug.FreeOSMemory()
+	InvalidateAllCachesSkipSend()
+
+	if einterfaces.GetClusterInterface() != nil {
+		err := einterfaces.GetClusterInterface().InvalidateAllCaches()
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func InvalidateAllCachesSkipSend() {
+	l4g.Info(utils.T("api.context.invalidate_all_caches"))
+	sessionCache.Purge()
+	ClearStatusCache()
+	store.ClearChannelCaches()
+	store.ClearUserCaches()
+	store.ClearPostCaches()
+}
+
+func GetConfig() *model.Config {
+	json := utils.Cfg.ToJson()
+	cfg := model.ConfigFromJson(strings.NewReader(json))
+	cfg.Sanitize()
+
+	return cfg
+}
+
+func ReloadConfig() {
+	debug.FreeOSMemory()
+	utils.LoadConfig(utils.CfgFileName)
+
+	// start/restart email batching job if necessary
+	InitEmailBatching()
+}
+
+func SaveConfig(cfg *model.Config) *model.AppError {
+	cfg.SetDefaults()
+	utils.Desanitize(cfg)
+
+	if err := cfg.IsValid(); err != nil {
+		return err
+	}
+
+	if err := utils.ValidateLdapFilter(cfg); err != nil {
+		return err
+	}
+
+	if *utils.Cfg.ClusterSettings.Enable {
+		return model.NewLocAppError("saveConfig", "ent.cluster.save_config.error", nil, "")
+	}
+
+	//oldCfg := utils.Cfg
+	utils.SaveConfig(utils.CfgFileName, cfg)
+	utils.LoadConfig(utils.CfgFileName)
+
+	if einterfaces.GetMetricsInterface() != nil {
+		if *utils.Cfg.MetricsSettings.Enable {
+			einterfaces.GetMetricsInterface().StartServer()
+		} else {
+			einterfaces.GetMetricsInterface().StopServer()
+		}
+	}
+
+	// Future feature is to sync the configuration files
+	// if einterfaces.GetClusterInterface() != nil {
+	// 	err := einterfaces.GetClusterInterface().ConfigChanged(cfg, oldCfg, true)
+	// 	if err != nil {
+	// 		return err
+	// 	}
+	// }
+
+	// start/restart email batching job if necessary
+	InitEmailBatching()
+
+	return nil
+}
+
+func RecycleDatabaseConnection() {
+	oldStore := Srv.Store
+
+	l4g.Warn(utils.T("api.admin.recycle_db_start.warn"))
+	Srv.Store = store.NewSqlStore()
+
+	time.Sleep(20 * time.Second)
+	oldStore.Close()
+
+	l4g.Warn(utils.T("api.admin.recycle_db_end.warn"))
+}
+
+func TestEmail(userId string, cfg *model.Config) *model.AppError {
+	if len(cfg.EmailSettings.SMTPServer) == 0 {
+		return model.NewLocAppError("testEmail", "api.admin.test_email.missing_server", nil, utils.T("api.context.invalid_param.app_error", map[string]interface{}{"Name": "SMTPServer"}))
+	}
+
+	// if the user hasn't changed their email settings, fill in the actual SMTP password so that
+	// the user can verify an existing SMTP connection
+	if cfg.EmailSettings.SMTPPassword == model.FAKE_SETTING {
+		if cfg.EmailSettings.SMTPServer == utils.Cfg.EmailSettings.SMTPServer &&
+			cfg.EmailSettings.SMTPPort == utils.Cfg.EmailSettings.SMTPPort &&
+			cfg.EmailSettings.SMTPUsername == utils.Cfg.EmailSettings.SMTPUsername {
+			cfg.EmailSettings.SMTPPassword = utils.Cfg.EmailSettings.SMTPPassword
+		} else {
+			return model.NewLocAppError("testEmail", "api.admin.test_email.reenter_password", nil, "")
+		}
+	}
+
+	if user, err := GetUser(userId); err != nil {
+		return err
+	} else {
+		T := utils.GetUserTranslations(user.Locale)
+		if err := utils.SendMailUsingConfig(user.Email, T("api.admin.test_email.subject"), T("api.admin.test_email.body"), cfg); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/app/analytics.go b/app/analytics.go
new file mode 100644
index 000000000..891c0dfae
--- /dev/null
+++ b/app/analytics.go
@@ -0,0 +1,239 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package app
+
+import (
+	l4g "github.com/alecthomas/log4go"
+	"github.com/mattermost/platform/einterfaces"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/store"
+	"github.com/mattermost/platform/utils"
+)
+
+const (
+	DAY_MILLISECONDS   = 24 * 60 * 60 * 1000
+	MONTH_MILLISECONDS = 31 * DAY_MILLISECONDS
+)
+
+func GetAnalytics(name string, teamId string) (model.AnalyticsRows, *model.AppError) {
+	skipIntensiveQueries := false
+	var systemUserCount int64
+	if r := <-Srv.Store.User().AnalyticsUniqueUserCount(""); r.Err != nil {
+		return nil, r.Err
+	} else {
+		systemUserCount = r.Data.(int64)
+		if systemUserCount > int64(*utils.Cfg.AnalyticsSettings.MaxUsersForStatistics) {
+			l4g.Debug("More than %v users on the system, intensive queries skipped", *utils.Cfg.AnalyticsSettings.MaxUsersForStatistics)
+			skipIntensiveQueries = true
+		}
+	}
+
+	if name == "standard" {
+		var rows model.AnalyticsRows = make([]*model.AnalyticsRow, 10)
+		rows[0] = &model.AnalyticsRow{"channel_open_count", 0}
+		rows[1] = &model.AnalyticsRow{"channel_private_count", 0}
+		rows[2] = &model.AnalyticsRow{"post_count", 0}
+		rows[3] = &model.AnalyticsRow{"unique_user_count", 0}
+		rows[4] = &model.AnalyticsRow{"team_count", 0}
+		rows[5] = &model.AnalyticsRow{"total_websocket_connections", 0}
+		rows[6] = &model.AnalyticsRow{"total_master_db_connections", 0}
+		rows[7] = &model.AnalyticsRow{"total_read_db_connections", 0}
+		rows[8] = &model.AnalyticsRow{"daily_active_users", 0}
+		rows[9] = &model.AnalyticsRow{"monthly_active_users", 0}
+
+		openChan := Srv.Store.Channel().AnalyticsTypeCount(teamId, model.CHANNEL_OPEN)
+		privateChan := Srv.Store.Channel().AnalyticsTypeCount(teamId, model.CHANNEL_PRIVATE)
+		teamChan := Srv.Store.Team().AnalyticsTeamCount()
+
+		var userChan store.StoreChannel
+		if teamId != "" {
+			userChan = Srv.Store.User().AnalyticsUniqueUserCount(teamId)
+		}
+
+		var postChan store.StoreChannel
+		if !skipIntensiveQueries {
+			postChan = Srv.Store.Post().AnalyticsPostCount(teamId, false, false)
+		}
+
+		dailyActiveChan := Srv.Store.User().AnalyticsActiveCount(DAY_MILLISECONDS)
+		monthlyActiveChan := Srv.Store.User().AnalyticsActiveCount(MONTH_MILLISECONDS)
+
+		if r := <-openChan; r.Err != nil {
+			return nil, r.Err
+		} else {
+			rows[0].Value = float64(r.Data.(int64))
+		}
+
+		if r := <-privateChan; r.Err != nil {
+			return nil, r.Err
+		} else {
+			rows[1].Value = float64(r.Data.(int64))
+		}
+
+		if postChan == nil {
+			rows[2].Value = -1
+		} else {
+			if r := <-postChan; r.Err != nil {
+				return nil, r.Err
+			} else {
+				rows[2].Value = float64(r.Data.(int64))
+			}
+		}
+
+		if userChan == nil {
+			rows[3].Value = float64(systemUserCount)
+		} else {
+			if r := <-userChan; r.Err != nil {
+				return nil, r.Err
+			} else {
+				rows[3].Value = float64(r.Data.(int64))
+			}
+		}
+
+		if r := <-teamChan; r.Err != nil {
+			return nil, r.Err
+		} else {
+			rows[4].Value = float64(r.Data.(int64))
+		}
+
+		// If in HA mode then aggregrate all the stats
+		if einterfaces.GetClusterInterface() != nil && *utils.Cfg.ClusterSettings.Enable {
+			stats, err := einterfaces.GetClusterInterface().GetClusterStats()
+			if err != nil {
+				return nil, err
+			}
+
+			totalSockets := TotalWebsocketConnections()
+			totalMasterDb := Srv.Store.TotalMasterDbConnections()
+			totalReadDb := Srv.Store.TotalReadDbConnections()
+
+			for _, stat := range stats {
+				totalSockets = totalSockets + stat.TotalWebsocketConnections
+				totalMasterDb = totalMasterDb + stat.TotalMasterDbConnections
+				totalReadDb = totalReadDb + stat.TotalReadDbConnections
+			}
+
+			rows[5].Value = float64(totalSockets)
+			rows[6].Value = float64(totalMasterDb)
+			rows[7].Value = float64(totalReadDb)
+
+		} else {
+			rows[5].Value = float64(TotalWebsocketConnections())
+			rows[6].Value = float64(Srv.Store.TotalMasterDbConnections())
+			rows[7].Value = float64(Srv.Store.TotalReadDbConnections())
+		}
+
+		if r := <-dailyActiveChan; r.Err != nil {
+			return nil, r.Err
+		} else {
+			rows[8].Value = float64(r.Data.(int64))
+		}
+
+		if r := <-monthlyActiveChan; r.Err != nil {
+			return nil, r.Err
+		} else {
+			rows[9].Value = float64(r.Data.(int64))
+		}
+
+		return rows, nil
+	} else if name == "post_counts_day" {
+		if skipIntensiveQueries {
+			rows := model.AnalyticsRows{&model.AnalyticsRow{"", -1}}
+			return rows, nil
+		}
+
+		if r := <-Srv.Store.Post().AnalyticsPostCountsByDay(teamId); r.Err != nil {
+			return nil, r.Err
+		} else {
+			return r.Data.(model.AnalyticsRows), nil
+		}
+	} else if name == "user_counts_with_posts_day" {
+		if skipIntensiveQueries {
+			rows := model.AnalyticsRows{&model.AnalyticsRow{"", -1}}
+			return rows, nil
+		}
+
+		if r := <-Srv.Store.Post().AnalyticsUserCountsWithPostsByDay(teamId); r.Err != nil {
+			return nil, r.Err
+		} else {
+			return r.Data.(model.AnalyticsRows), nil
+		}
+	} else if name == "extra_counts" {
+		var rows model.AnalyticsRows = make([]*model.AnalyticsRow, 6)
+		rows[0] = &model.AnalyticsRow{"file_post_count", 0}
+		rows[1] = &model.AnalyticsRow{"hashtag_post_count", 0}
+		rows[2] = &model.AnalyticsRow{"incoming_webhook_count", 0}
+		rows[3] = &model.AnalyticsRow{"outgoing_webhook_count", 0}
+		rows[4] = &model.AnalyticsRow{"command_count", 0}
+		rows[5] = &model.AnalyticsRow{"session_count", 0}
+
+		iHookChan := Srv.Store.Webhook().AnalyticsIncomingCount(teamId)
+		oHookChan := Srv.Store.Webhook().AnalyticsOutgoingCount(teamId)
+		commandChan := Srv.Store.Command().AnalyticsCommandCount(teamId)
+		sessionChan := Srv.Store.Session().AnalyticsSessionCount()
+
+		var fileChan store.StoreChannel
+		var hashtagChan store.StoreChannel
+		if !skipIntensiveQueries {
+			fileChan = Srv.Store.Post().AnalyticsPostCount(teamId, true, false)
+			hashtagChan = Srv.Store.Post().AnalyticsPostCount(teamId, false, true)
+		}
+
+		if fileChan == nil {
+			rows[0].Value = -1
+		} else {
+			if r := <-fileChan; r.Err != nil {
+				return nil, r.Err
+			} else {
+				rows[0].Value = float64(r.Data.(int64))
+			}
+		}
+
+		if hashtagChan == nil {
+			rows[1].Value = -1
+		} else {
+			if r := <-hashtagChan; r.Err != nil {
+				return nil, r.Err
+			} else {
+				rows[1].Value = float64(r.Data.(int64))
+			}
+		}
+
+		if r := <-iHookChan; r.Err != nil {
+			return nil, r.Err
+		} else {
+			rows[2].Value = float64(r.Data.(int64))
+		}
+
+		if r := <-oHookChan; r.Err != nil {
+			return nil, r.Err
+		} else {
+			rows[3].Value = float64(r.Data.(int64))
+		}
+
+		if r := <-commandChan; r.Err != nil {
+			return nil, r.Err
+		} else {
+			rows[4].Value = float64(r.Data.(int64))
+		}
+
+		if r := <-sessionChan; r.Err != nil {
+			return nil, r.Err
+		} else {
+			rows[5].Value = float64(r.Data.(int64))
+		}
+
+		return rows, nil
+	}
+
+	return nil, nil
+}
+
+func GetRecentlyActiveUsersForTeam(teamId string) (map[string]*model.User, *model.AppError) {
+	if result := <-Srv.Store.User().GetRecentlyActiveUsersForTeam(teamId); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(map[string]*model.User), nil
+	}
+}
diff --git a/app/app.go b/app/app.go
new file mode 100644
index 000000000..8568c7bba
--- /dev/null
+++ b/app/app.go
@@ -0,0 +1,16 @@
+// Copyright (c) 2016 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package app
+
+import (
+	"io/ioutil"
+	"net/http"
+)
+
+func CloseBody(r *http.Response) {
+	if r.Body != nil {
+		ioutil.ReadAll(r.Body)
+		r.Body.Close()
+	}
+}
diff --git a/app/authorization.go b/app/authorization.go
index 0f48b3c9d..b43d64341 100644
--- a/app/authorization.go
+++ b/app/authorization.go
@@ -83,6 +83,19 @@ func SessionHasPermissionToUser(session model.Session, userId string) bool {
 	return false
 }
 
+func SessionHasPermissionToPost(session model.Session, postId string, permission *model.Permission) bool {
+	post, err := GetSinglePost(postId)
+	if err != nil {
+		return false
+	}
+
+	if post.UserId == session.UserId {
+		return true
+	}
+
+	return SessionHasPermissionToChannel(session, post.ChannelId, permission)
+}
+
 func HasPermissionTo(askingUserId string, permission *model.Permission) bool {
 	user, err := GetUser(askingUserId)
 	if err != nil {
@@ -135,6 +148,24 @@ func HasPermissionToChannel(askingUserId string, channelId string, permission *m
 	return HasPermissionTo(askingUserId, permission)
 }
 
+func HasPermissionToChannelByPost(askingUserId string, postId string, permission *model.Permission) bool {
+	var channelMember *model.ChannelMember
+	if result := <-Srv.Store.Channel().GetMemberForPost(postId, askingUserId); result.Err == nil {
+		channelMember = result.Data.(*model.ChannelMember)
+
+		if CheckIfRolesGrantPermission(channelMember.GetRoles(), permission.Id) {
+			return true
+		}
+	}
+
+	if result := <-Srv.Store.Channel().GetForPost(postId); result.Err == nil {
+		channel := result.Data.(*model.Channel)
+		return HasPermissionToTeam(askingUserId, channel.TeamId, permission)
+	}
+
+	return HasPermissionTo(askingUserId, permission)
+}
+
 func HasPermissionToUser(askingUserId string, userId string) bool {
 	if askingUserId == userId {
 		return true
diff --git a/app/brand.go b/app/brand.go
new file mode 100644
index 000000000..aeecc6972
--- /dev/null
+++ b/app/brand.go
@@ -0,0 +1,49 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package app
+
+import (
+	"mime/multipart"
+	"net/http"
+
+	"github.com/mattermost/platform/einterfaces"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+func SaveBrandImage(imageData *multipart.FileHeader) *model.AppError {
+	brandInterface := einterfaces.GetBrandInterface()
+	if brandInterface == nil {
+		err := model.NewLocAppError("SaveBrandImage", "api.admin.upload_brand_image.not_available.app_error", nil, "")
+		err.StatusCode = http.StatusNotImplemented
+		return err
+	}
+
+	if err := brandInterface.SaveBrandImage(imageData); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func GetBrandImage() ([]byte, *model.AppError) {
+	if len(utils.Cfg.FileSettings.DriverName) == 0 {
+		err := model.NewLocAppError("GetBrandImage", "api.admin.get_brand_image.storage.app_error", nil, "")
+		err.StatusCode = http.StatusNotImplemented
+		return nil, err
+	}
+
+	brandInterface := einterfaces.GetBrandInterface()
+	if brandInterface == nil {
+		err := model.NewLocAppError("GetBrandImage", "api.admin.get_brand_image.not_available.app_error", nil, "")
+		err.StatusCode = http.StatusNotImplemented
+		return nil, err
+	}
+
+	if img, err := brandInterface.GetBrandImage(); err != nil {
+		return nil, err
+	} else {
+		return img, nil
+	}
+}
diff --git a/app/compliance.go b/app/compliance.go
new file mode 100644
index 000000000..ffef69b44
--- /dev/null
+++ b/app/compliance.go
@@ -0,0 +1,62 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package app
+
+import (
+	"io/ioutil"
+
+	"github.com/mattermost/platform/einterfaces"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+func GetComplianceReports() (model.Compliances, *model.AppError) {
+	if !*utils.Cfg.ComplianceSettings.Enable || !utils.IsLicensed || !*utils.License.Features.Compliance {
+		return nil, model.NewLocAppError("GetComplianceReports", "ent.compliance.licence_disable.app_error", nil, "")
+	}
+
+	if result := <-Srv.Store.Compliance().GetAll(); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(model.Compliances), nil
+	}
+}
+
+func SaveComplianceReport(job *model.Compliance) (*model.Compliance, *model.AppError) {
+	if !*utils.Cfg.ComplianceSettings.Enable || !utils.IsLicensed || !*utils.License.Features.Compliance || einterfaces.GetComplianceInterface() == nil {
+		return nil, model.NewLocAppError("saveComplianceReport", "ent.compliance.licence_disable.app_error", nil, "")
+	}
+
+	job.Type = model.COMPLIANCE_TYPE_ADHOC
+
+	if result := <-Srv.Store.Compliance().Save(job); result.Err != nil {
+		return nil, result.Err
+	} else {
+		job = result.Data.(*model.Compliance)
+		go einterfaces.GetComplianceInterface().RunComplianceJob(job)
+	}
+
+	return job, nil
+}
+
+func GetComplianceReport(reportId string) (*model.Compliance, *model.AppError) {
+	if !*utils.Cfg.ComplianceSettings.Enable || !utils.IsLicensed || !*utils.License.Features.Compliance || einterfaces.GetComplianceInterface() == nil {
+		return nil, model.NewLocAppError("downloadComplianceReport", "ent.compliance.licence_disable.app_error", nil, "")
+	}
+
+	if result := <-Srv.Store.Compliance().Get(reportId); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.Compliance), nil
+	}
+}
+
+func GetComplianceFile(job *model.Compliance) ([]byte, *model.AppError) {
+	if f, err := ioutil.ReadFile(*utils.Cfg.ComplianceSettings.Directory + "compliance/" + job.JobName() + ".zip"); err != nil {
+		return nil, model.NewLocAppError("readFile", "api.file.read_file.reading_local.app_error", nil, err.Error())
+
+	} else {
+		return f, nil
+	}
+}
diff --git a/app/ldap.go b/app/ldap.go
new file mode 100644
index 000000000..fe68dfa81
--- /dev/null
+++ b/app/ldap.go
@@ -0,0 +1,40 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package app
+
+import (
+	"net/http"
+
+	l4g "github.com/alecthomas/log4go"
+	"github.com/mattermost/platform/einterfaces"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+func SyncLdap() {
+	go func() {
+		if utils.IsLicensed && *utils.License.Features.LDAP && *utils.Cfg.LdapSettings.Enable {
+			if ldapI := einterfaces.GetLdapInterface(); ldapI != nil {
+				ldapI.SyncNow()
+			} else {
+				l4g.Error("%v", model.NewLocAppError("ldapSyncNow", "ent.ldap.disabled.app_error", nil, "").Error())
+			}
+		}
+	}()
+}
+
+func TestLdap() *model.AppError {
+	if ldapI := einterfaces.GetLdapInterface(); ldapI != nil && utils.IsLicensed && *utils.License.Features.LDAP && *utils.Cfg.LdapSettings.Enable {
+		if err := ldapI.RunTest(); err != nil {
+			err.StatusCode = 500
+			return err
+		}
+	} else {
+		err := model.NewLocAppError("ldapTest", "ent.ldap.disabled.app_error", nil, "")
+		err.StatusCode = http.StatusNotImplemented
+		return err
+	}
+
+	return nil
+}
diff --git a/app/post.go b/app/post.go
index f37ce8ad3..6d34cc035 100644
--- a/app/post.go
+++ b/app/post.go
@@ -4,15 +4,55 @@
 package app
 
 import (
+	"net/http"
 	"regexp"
 
 	l4g "github.com/alecthomas/log4go"
+	"github.com/dyatlov/go-opengraph/opengraph"
 	"github.com/mattermost/platform/einterfaces"
 	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/store"
 	"github.com/mattermost/platform/utils"
 )
 
+func CreatePostAsUser(post *model.Post, teamId string) (*model.Post, *model.AppError) {
+	// Check that channel has not been deleted
+	var channel *model.Channel
+	if result := <-Srv.Store.Channel().Get(post.ChannelId, true); result.Err != nil {
+		err := model.NewLocAppError("CreatePostAsUser", "api.context.invalid_param.app_error", map[string]interface{}{"Name": "post.channel_id"}, result.Err.Error())
+		err.StatusCode = http.StatusBadRequest
+		return nil, err
+	} else {
+		channel = result.Data.(*model.Channel)
+	}
+
+	if channel.DeleteAt != 0 {
+		err := model.NewLocAppError("createPost", "api.post.create_post.can_not_post_to_deleted.error", nil, "")
+		err.StatusCode = http.StatusBadRequest
+		return nil, err
+	}
+
+	if rp, err := CreatePost(post, teamId, true); err != nil {
+		if err.Id == "api.post.create_post.root_id.app_error" ||
+			err.Id == "api.post.create_post.channel_root_id.app_error" ||
+			err.Id == "api.post.create_post.parent_id.app_error" {
+			err.StatusCode = http.StatusBadRequest
+		}
+
+		return nil, err
+	} else {
+		// Update the LastViewAt only if the post does not have from_webhook prop set (eg. Zapier app)
+		if _, ok := post.Props["from_webhook"]; !ok {
+			if result := <-Srv.Store.Channel().UpdateLastViewedAt([]string{post.ChannelId}, post.UserId); result.Err != nil {
+				l4g.Error(utils.T("api.post.create_post.last_viewed.error"), post.ChannelId, post.UserId, result.Err)
+			}
+		}
+
+		return rp, nil
+	}
+
+}
+
 func CreatePost(post *model.Post, teamId string, triggerWebhooks bool) (*model.Post, *model.AppError) {
 	var pchan store.StoreChannel
 	if len(post.RootId) > 0 {
@@ -194,3 +234,268 @@ func SendEphemeralPost(teamId, userId string, post *model.Post) *model.Post {
 
 	return post
 }
+
+func UpdatePost(post *model.Post) (*model.Post, *model.AppError) {
+	if utils.IsLicensed {
+		if *utils.Cfg.ServiceSettings.AllowEditPost == model.ALLOW_EDIT_POST_NEVER {
+			err := model.NewLocAppError("updatePost", "api.post.update_post.permissions_denied.app_error", nil, "")
+			err.StatusCode = http.StatusForbidden
+			return nil, err
+		}
+	}
+
+	var oldPost *model.Post
+	if result := <-Srv.Store.Post().Get(post.Id); result.Err != nil {
+		return nil, result.Err
+	} else {
+		oldPost = result.Data.(*model.PostList).Posts[post.Id]
+
+		if oldPost == nil {
+			err := model.NewLocAppError("updatePost", "api.post.update_post.find.app_error", nil, "id="+post.Id)
+			err.StatusCode = http.StatusBadRequest
+			return nil, err
+		}
+
+		if oldPost.UserId != post.UserId {
+			err := model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil, "oldUserId="+oldPost.UserId)
+			err.StatusCode = http.StatusBadRequest
+			return nil, err
+		}
+
+		if oldPost.DeleteAt != 0 {
+			err := model.NewLocAppError("updatePost", "api.post.update_post.permissions_details.app_error", map[string]interface{}{"PostId": post.Id}, "")
+			err.StatusCode = http.StatusBadRequest
+			return nil, err
+		}
+
+		if oldPost.IsSystemMessage() {
+			err := model.NewLocAppError("updatePost", "api.post.update_post.system_message.app_error", nil, "id="+post.Id)
+			err.StatusCode = http.StatusBadRequest
+			return nil, err
+		}
+
+		if utils.IsLicensed {
+			if *utils.Cfg.ServiceSettings.AllowEditPost == model.ALLOW_EDIT_POST_TIME_LIMIT && model.GetMillis() > oldPost.CreateAt+int64(*utils.Cfg.ServiceSettings.PostEditTimeLimit*1000) {
+				err := model.NewLocAppError("updatePost", "api.post.update_post.permissions_time_limit.app_error", map[string]interface{}{"timeLimit": *utils.Cfg.ServiceSettings.PostEditTimeLimit}, "")
+				err.StatusCode = http.StatusBadRequest
+				return nil, err
+			}
+		}
+	}
+
+	newPost := &model.Post{}
+	*newPost = *oldPost
+
+	newPost.Message = post.Message
+	newPost.EditAt = model.GetMillis()
+	newPost.Hashtags, _ = model.ParseHashtags(post.Message)
+
+	if result := <-Srv.Store.Post().Update(newPost, oldPost); result.Err != nil {
+		return nil, result.Err
+	} else {
+		rpost := result.Data.(*model.Post)
+
+		message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_POST_EDITED, "", rpost.ChannelId, "", nil)
+		message.Add("post", rpost.ToJson())
+
+		go Publish(message)
+
+		InvalidateCacheForChannelPosts(rpost.ChannelId)
+
+		return rpost, nil
+	}
+}
+
+func GetPosts(channelId string, offset int, limit int) (*model.PostList, *model.AppError) {
+	if result := <-Srv.Store.Post().GetPosts(channelId, offset, limit, true); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.PostList), nil
+	}
+}
+
+func GetPostsEtag(channelId string) string {
+	return (<-Srv.Store.Post().GetEtag(channelId, true)).Data.(string)
+}
+
+func GetPostsSince(channelId string, time int64) (*model.PostList, *model.AppError) {
+	if result := <-Srv.Store.Post().GetPostsSince(channelId, time, true); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.PostList), nil
+	}
+}
+
+func GetSinglePost(postId string) (*model.Post, *model.AppError) {
+	if result := <-Srv.Store.Post().GetSingle(postId); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.Post), nil
+	}
+}
+
+func GetPostThread(postId string) (*model.PostList, *model.AppError) {
+	if result := <-Srv.Store.Post().Get(postId); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.PostList), nil
+	}
+}
+
+func GetFlaggedPosts(userId string, offset int, limit int) (*model.PostList, *model.AppError) {
+	if result := <-Srv.Store.Post().GetFlaggedPosts(userId, offset, limit); result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.PostList), nil
+	}
+}
+
+func GetPermalinkPost(postId string, userId string) (*model.PostList, *model.AppError) {
+	if result := <-Srv.Store.Post().Get(postId); result.Err != nil {
+		return nil, result.Err
+	} else {
+		list := result.Data.(*model.PostList)
+
+		if len(list.Order) != 1 {
+			return nil, model.NewLocAppError("getPermalinkTmp", "api.post_get_post_by_id.get.app_error", nil, "")
+		}
+		post := list.Posts[list.Order[0]]
+
+		var channel *model.Channel
+		var err *model.AppError
+		if channel, err = GetChannel(post.ChannelId); err != nil {
+			return nil, err
+		}
+
+		if err = JoinChannel(channel, userId); err != nil {
+			return nil, err
+		}
+
+		return list, nil
+	}
+}
+
+func GetPostsAroundPost(postId, channelId string, offset, limit int, before bool) (*model.PostList, *model.AppError) {
+	var pchan store.StoreChannel
+	if before {
+		pchan = Srv.Store.Post().GetPostsBefore(channelId, postId, limit, offset)
+	} else {
+		pchan = Srv.Store.Post().GetPostsAfter(channelId, postId, limit, offset)
+	}
+
+	if result := <-pchan; result.Err != nil {
+		return nil, result.Err
+	} else {
+		return result.Data.(*model.PostList), nil
+	}
+}
+
+func DeletePost(postId string) (*model.Post, *model.AppError) {
+	if result := <-Srv.Store.Post().GetSingle(postId); result.Err != nil {
+		return nil, result.Err
+	} else {
+		post := result.Data.(*model.Post)
+
+		if result := <-Srv.Store.Post().Delete(postId, model.GetMillis()); result.Err != nil {
+			return nil, result.Err
+		}
+
+		message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_POST_DELETED, "", post.ChannelId, "", nil)
+		message.Add("post", post.ToJson())
+
+		go Publish(message)
+		go DeletePostFiles(post)
+		go DeleteFlaggedPosts(post.Id)
+
+		InvalidateCacheForChannelPosts(post.ChannelId)
+
+		return post, nil
+	}
+}
+
+func DeleteFlaggedPosts(postId string) {
+	if result := <-Srv.Store.Preference().DeleteCategoryAndName(model.PREFERENCE_CATEGORY_FLAGGED_POST, postId); result.Err != nil {
+		l4g.Warn(utils.T("api.post.delete_flagged_post.app_error.warn"), result.Err)
+		return
+	}
+}
+
+func DeletePostFiles(post *model.Post) {
+	if len(post.FileIds) != 0 {
+		return
+	}
+
+	if result := <-Srv.Store.FileInfo().DeleteForPost(post.Id); result.Err != nil {
+		l4g.Warn(utils.T("api.post.delete_post_files.app_error.warn"), post.Id, result.Err)
+	}
+}
+
+func SearchPostsInTeam(terms string, userId string, teamId string, isOrSearch bool) (*model.PostList, *model.AppError) {
+	paramsList := model.ParseSearchParams(terms)
+	channels := []store.StoreChannel{}
+
+	for _, params := range paramsList {
+		params.OrTerms = isOrSearch
+		// don't allow users to search for everything
+		if params.Terms != "*" {
+			channels = append(channels, Srv.Store.Post().Search(teamId, userId, params))
+		}
+	}
+
+	posts := &model.PostList{}
+	for _, channel := range channels {
+		if result := <-channel; result.Err != nil {
+			return nil, result.Err
+		} else {
+			data := result.Data.(*model.PostList)
+			posts.Extend(data)
+		}
+	}
+
+	return posts, nil
+}
+
+func GetFileInfosForPost(postId string) ([]*model.FileInfo, *model.AppError) {
+	pchan := Srv.Store.Post().Get(postId)
+	fchan := Srv.Store.FileInfo().GetForPost(postId)
+
+	var infos []*model.FileInfo
+	if result := <-fchan; result.Err != nil {
+		return nil, result.Err
+	} else {
+		infos = result.Data.([]*model.FileInfo)
+	}
+
+	if len(infos) == 0 {
+		// No FileInfos were returned so check if they need to be created for this post
+		var post *model.Post
+		if result := <-pchan; result.Err != nil {
+			return nil, result.Err
+		} else {
+			post = result.Data.(*model.PostList).Posts[postId]
+		}
+
+		if len(post.Filenames) > 0 {
+			// The post has Filenames that need to be replaced with FileInfos
+			infos = MigrateFilenamesToFileInfos(post)
+		}
+	}
+
+	return infos, nil
+}
+
+func GetOpenGraphMetadata(url string) *opengraph.OpenGraph {
+	og := opengraph.NewOpenGraph()
+
+	res, err := http.Get(url)
+	defer CloseBody(res)
+	if err != nil {
+		return og
+	}
+
+	if err := og.ProcessHTML(res.Body); err != nil {
+		return og
+	}
+
+	return og
+}
diff --git a/app/saml.go b/app/saml.go
new file mode 100644
index 000000000..cc39d4540
--- /dev/null
+++ b/app/saml.go
@@ -0,0 +1,67 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package app
+
+import (
+	"io"
+	"mime/multipart"
+	"net/http"
+	"os"
+
+	"github.com/mattermost/platform/einterfaces"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+func GetSamlMetadata() (string, *model.AppError) {
+	samlInterface := einterfaces.GetSamlInterface()
+
+	if samlInterface == nil {
+		err := model.NewLocAppError("GetSamlMetadata", "api.admin.saml.not_available.app_error", nil, "")
+		err.StatusCode = http.StatusNotImplemented
+		return "", err
+	}
+
+	if result, err := samlInterface.GetMetadata(); err != nil {
+		return "", model.NewLocAppError("GetSamlMetadata", "api.admin.saml.metadata.app_error", nil, "err="+err.Message)
+	} else {
+		return result, nil
+	}
+}
+
+func AddSamlCertificate(fileData *multipart.FileHeader) *model.AppError {
+	file, err := fileData.Open()
+	defer file.Close()
+	if err != nil {
+		return model.NewLocAppError("AddSamlCertificate", "api.admin.add_certificate.open.app_error", nil, err.Error())
+	}
+
+	out, err := os.Create(utils.FindDir("config") + fileData.Filename)
+	if err != nil {
+		return model.NewLocAppError("AddSamlCertificate", "api.admin.add_certificate.saving.app_error", nil, err.Error())
+	}
+	defer out.Close()
+
+	io.Copy(out, file)
+	return nil
+}
+
+func RemoveSamlCertificate(filename string) *model.AppError {
+	if err := os.Remove(utils.FindConfigFile(filename)); err != nil {
+		return model.NewLocAppError("removeCertificate", "api.admin.remove_certificate.delete.app_error",
+			map[string]interface{}{"Filename": filename}, err.Error())
+	}
+
+	return nil
+}
+
+func GetSamlCertificateStatus() map[string]interface{} {
+	status := make(map[string]interface{})
+
+	status["IdpCertificateFile"] = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.IdpCertificateFile)
+	status["PrivateKeyFile"] = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.PrivateKeyFile)
+	status["PublicCertificateFile"] = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.PublicCertificateFile)
+
+	return status
+}
diff --git a/app/session.go b/app/session.go
index 289bb6a2d..83e5f343a 100644
--- a/app/session.go
+++ b/app/session.go
@@ -6,7 +6,6 @@ package app
 import (
 	"github.com/mattermost/platform/einterfaces"
 	"github.com/mattermost/platform/model"
-	"github.com/mattermost/platform/store"
 	"github.com/mattermost/platform/utils"
 
 	l4g "github.com/alecthomas/log4go"
@@ -124,15 +123,6 @@ func AddSessionToCache(session *model.Session) {
 	sessionCache.AddWithExpiresInSecs(session.Token, session, int64(*utils.Cfg.ServiceSettings.SessionCacheInMinutes*60))
 }
 
-func InvalidateAllCaches() {
-	l4g.Info(utils.T("api.context.invalidate_all_caches"))
-	sessionCache.Purge()
-	ClearStatusCache()
-	store.ClearChannelCaches()
-	store.ClearUserCaches()
-	store.ClearPostCaches()
-}
-
 func SessionCacheLength() int {
 	return sessionCache.Len()
 }
diff --git a/app/user.go b/app/user.go
index dbff914d9..8fbed301d 100644
--- a/app/user.go
+++ b/app/user.go
@@ -7,6 +7,7 @@ import (
 	"bytes"
 	"fmt"
 	"hash/fnv"
+	"html/template"
 	"image"
 	"image/color"
 	"image/draw"
@@ -17,6 +18,7 @@ import (
 	"io/ioutil"
 	"mime/multipart"
 	"net/http"
+	"net/url"
 	"strconv"
 	"strings"
 
@@ -66,7 +68,7 @@ func CreateUserWithHash(user *model.User, hash string, data string) (*model.User
 	return ruser, nil
 }
 
-func CreateUserWithInviteId(user *model.User, inviteId string) (*model.User, *model.AppError) {
+func CreateUserWithInviteId(user *model.User, inviteId string, siteURL string) (*model.User, *model.AppError) {
 	var team *model.Team
 	if result := <-Srv.Store.Team().GetByInviteId(inviteId); result.Err != nil {
 		return nil, result.Err
@@ -86,6 +88,10 @@ func CreateUserWithInviteId(user *model.User, inviteId string) (*model.User, *mo
 
 	AddDirectChannels(team.Id, ruser)
 
+	if err := SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, siteURL); err != nil {
+		l4g.Error(err.Error())
+	}
+
 	return ruser, nil
 }
 
@@ -106,6 +112,9 @@ func IsFirstUserAccount() bool {
 }
 
 func CreateUser(user *model.User) (*model.User, *model.AppError) {
+	if !user.IsSSOUser() && !CheckUserDomain(user, utils.Cfg.TeamSettings.RestrictCreationToDomains) {
+		return nil, model.NewLocAppError("CreateUser", "api.user.create_user.accepted_domain.app_error", nil, "")
+	}
 
 	user.Roles = model.ROLE_SYSTEM_USER.Id
 
@@ -217,6 +226,25 @@ func CreateOAuthUser(service string, userData io.Reader, teamId string) (*model.
 	return ruser, nil
 }
 
+// Check that a user's email domain matches a list of space-delimited domains as a string.
+func CheckUserDomain(user *model.User, domains string) bool {
+	if len(domains) == 0 {
+		return true
+	}
+
+	domainArray := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(domains, "@", " ", -1), ",", " ", -1))))
+
+	matched := false
+	for _, d := range domainArray {
+		if strings.HasSuffix(strings.ToLower(user.Email), "@"+d) {
+			matched = true
+			break
+		}
+	}
+
+	return matched
+}
+
 // Check if the username is already used by another user. Return false if the username is invalid.
 func IsUsernameTaken(name string) bool {
 
@@ -547,6 +575,22 @@ func SetProfileImage(userId string, imageData *multipart.FileHeader) *model.AppE
 	return nil
 }
 
+func UpdateActiveNoLdap(userId string, active bool) (*model.User, *model.AppError) {
+	var user *model.User
+	var err *model.AppError
+	if user, err = GetUser(userId); err != nil {
+		return nil, err
+	}
+
+	if user.IsLDAPUser() {
+		err := model.NewLocAppError("UpdateActive", "api.user.update_active.no_deactivate_ldap.app_error", nil, "userId="+user.Id)
+		err.StatusCode = http.StatusBadRequest
+		return nil, err
+	}
+
+	return UpdateActive(user, active)
+}
+
 func UpdateActive(user *model.User, active bool) (*model.User, *model.AppError) {
 	if active {
 		user.DeleteAt = 0
@@ -616,7 +660,40 @@ func UpdateUser(user *model.User, siteURL string) (*model.User, *model.AppError)
 	}
 }
 
-func UpdatePassword(user *model.User, hashedPassword string) *model.AppError {
+func UpdateUserNotifyProps(userId string, props map[string]string, siteURL string) (*model.User, *model.AppError) {
+	var user *model.User
+	var err *model.AppError
+	if user, err = GetUser(userId); err != nil {
+		return nil, err
+	}
+
+	user.NotifyProps = props
+
+	var ruser *model.User
+	if ruser, err = UpdateUser(user, siteURL); err != nil {
+		return nil, err
+	}
+
+	return ruser, nil
+}
+
+func UpdatePasswordByUserIdSendEmail(userId, newPassword, method, siteURL string) *model.AppError {
+	var user *model.User
+	var err *model.AppError
+	if user, err = GetUser(userId); err != nil {
+		return err
+	}
+
+	return UpdatePasswordSendEmail(user, newPassword, method, siteURL)
+}
+
+func UpdatePassword(user *model.User, newPassword string) *model.AppError {
+	if err := utils.IsPasswordValid(newPassword); err != nil {
+		return err
+	}
+
+	hashedPassword := model.HashPassword(newPassword)
+
 	if result := <-Srv.Store.User().UpdatePassword(user.Id, hashedPassword); result.Err != nil {
 		return model.NewLocAppError("UpdatePassword", "api.user.update_password.failed.app_error", nil, result.Err.Error())
 	}
@@ -624,8 +701,8 @@ func UpdatePassword(user *model.User, hashedPassword string) *model.AppError {
 	return nil
 }
 
-func UpdatePasswordSendEmail(user *model.User, hashedPassword, method, siteURL string) *model.AppError {
-	if err := UpdatePassword(user, hashedPassword); err != nil {
+func UpdatePasswordSendEmail(user *model.User, newPassword, method, siteURL string) *model.AppError {
+	if err := UpdatePassword(user, newPassword); err != nil {
 		return err
 	}
 
@@ -638,6 +715,75 @@ func UpdatePasswordSendEmail(user *model.User, hashedPassword, method, siteURL s
 	return nil
 }
 
+func SendPasswordReset(email string, siteURL string) (bool, *model.AppError) {
+	var user *model.User
+	var err *model.AppError
+	if user, err = GetUserByEmail(email); err != nil {
+		return false, nil
+	}
+
+	if user.AuthData != nil && len(*user.AuthData) != 0 {
+		return false, model.NewLocAppError("SendPasswordReset", "api.user.send_password_reset.sso.app_error", nil, "userId="+user.Id)
+	}
+
+	var recovery *model.PasswordRecovery
+	if recovery, err = CreatePasswordRecovery(user.Id); err != nil {
+		return false, err
+	}
+
+	T := utils.GetUserTranslations(user.Locale)
+
+	link := fmt.Sprintf("%s/reset_password_complete?code=%s", siteURL, url.QueryEscape(recovery.Code))
+
+	subject := T("api.templates.reset_subject")
+
+	bodyPage := utils.NewHTMLTemplate("reset_body", user.Locale)
+	bodyPage.Props["SiteURL"] = siteURL
+	bodyPage.Props["Title"] = T("api.templates.reset_body.title")
+	bodyPage.Html["Info"] = template.HTML(T("api.templates.reset_body.info"))
+	bodyPage.Props["ResetUrl"] = link
+	bodyPage.Props["Button"] = T("api.templates.reset_body.button")
+
+	if err := utils.SendMail(email, subject, bodyPage.Render()); err != nil {
+		return false, model.NewLocAppError("SendPasswordReset", "api.user.send_password_reset.send.app_error", nil, "err="+err.Message)
+	}
+
+	return true, nil
+}
+
+func ResetPasswordFromCode(code, newPassword, siteURL string) *model.AppError {
+	var recovery *model.PasswordRecovery
+	var err *model.AppError
+	if recovery, err = GetPasswordRecovery(code); err != nil {
+		return err
+	} else {
+		if model.GetMillis()-recovery.CreateAt >= model.PASSWORD_RECOVER_EXPIRY_TIME {
+			return model.NewLocAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "")
+		}
+	}
+
+	var user *model.User
+	if user, err = GetUser(recovery.UserId); err != nil {
+		return err
+	}
+
+	if user.IsSSOUser() {
+		return model.NewLocAppError("ResetPasswordFromCode", "api.user.reset_password.sso.app_error", nil, "userId="+user.Id)
+	}
+
+	T := utils.GetUserTranslations(user.Locale)
+
+	if err := UpdatePasswordSendEmail(user, newPassword, T("api.user.reset_password.method"), siteURL); err != nil {
+		return err
+	}
+
+	if err := DeletePasswordRecoveryForUser(recovery.UserId); err != nil {
+		l4g.Error(err.Error())
+	}
+
+	return nil
+}
+
 func CreatePasswordRecovery(userId string) (*model.PasswordRecovery, *model.AppError) {
 	recovery := &model.PasswordRecovery{}
 	recovery.UserId = userId
diff --git a/app/user_test.go b/app/user_test.go
index ce2249ca0..5b994d219 100644
--- a/app/user_test.go
+++ b/app/user_test.go
@@ -25,3 +25,29 @@ func TestIsUsernameTaken(t *testing.T) {
 		t.FailNow()
 	}
 }
+
+func TestCheckUserDomain(t *testing.T) {
+	th := Setup().InitBasic()
+	user := th.BasicUser
+
+	cases := []struct {
+		domains string
+		matched bool
+	}{
+		{"simulator.amazonses.com", true},
+		{"gmail.com", false},
+		{"", true},
+		{"gmail.com simulator.amazonses.com", true},
+	}
+	for _, c := range cases {
+		matched := CheckUserDomain(user, c.domains)
+		if matched != c.matched {
+			if c.matched {
+				t.Logf("'%v' should have matched '%v'", user.Email, c.domains)
+			} else {
+				t.Logf("'%v' should not have matched '%v'", user.Email, c.domains)
+			}
+			t.FailNow()
+		}
+	}
+}
diff --git a/model/user.go b/model/user.go
index 76c3772cb..876ba70e7 100644
--- a/model/user.go
+++ b/model/user.go
@@ -376,6 +376,13 @@ func IsInRole(userRoles string, inRole string) bool {
 	return false
 }
 
+func (u *User) IsSSOUser() bool {
+	if u.AuthService != "" && u.AuthService != USER_AUTH_SERVICE_EMAIL {
+		return true
+	}
+	return false
+}
+
 func (u *User) IsOAuthUser() bool {
 	if u.AuthService == USER_AUTH_SERVICE_GITLAB {
 		return true
diff --git a/store/sql_post_store.go b/store/sql_post_store.go
index c1aaee3e6..ed87b01f7 100644
--- a/store/sql_post_store.go
+++ b/store/sql_post_store.go
@@ -222,6 +222,27 @@ func (s SqlPostStore) Get(id string) StoreChannel {
 	return storeChannel
 }
 
+func (s SqlPostStore) GetSingle(id string) StoreChannel {
+	storeChannel := make(StoreChannel, 1)
+
+	go func() {
+		result := StoreResult{}
+
+		var post model.Post
+		err := s.GetReplica().SelectOne(&post, "SELECT * FROM Posts WHERE Id = :Id AND DeleteAt = 0", map[string]interface{}{"Id": id})
+		if err != nil {
+			result.Err = model.NewLocAppError("SqlPostStore.GetSingle", "store.sql_post.get.app_error", nil, "id="+id+err.Error())
+		}
+
+		result.Data = &post
+
+		storeChannel <- result
+		close(storeChannel)
+	}()
+
+	return storeChannel
+}
+
 type etagPosts struct {
 	Id       string
 	UpdateAt int64
diff --git a/store/sql_post_store_test.go b/store/sql_post_store_test.go
index eb22979db..e3886c6bc 100644
--- a/store/sql_post_store_test.go
+++ b/store/sql_post_store_test.go
@@ -63,6 +63,29 @@ func TestPostStoreGet(t *testing.T) {
 	}
 }
 
+func TestPostStoreGetSingle(t *testing.T) {
+	Setup()
+
+	o1 := &model.Post{}
+	o1.ChannelId = model.NewId()
+	o1.UserId = model.NewId()
+	o1.Message = "a" + model.NewId() + "b"
+
+	o1 = (<-store.Post().Save(o1)).Data.(*model.Post)
+
+	if r1 := <-store.Post().GetSingle(o1.Id); r1.Err != nil {
+		t.Fatal(r1.Err)
+	} else {
+		if r1.Data.(*model.Post).CreateAt != o1.CreateAt {
+			t.Fatal("invalid returned post")
+		}
+	}
+
+	if err := (<-store.Post().GetSingle("123")).Err; err == nil {
+		t.Fatal("Missing id should have failed")
+	}
+}
+
 func TestGetEtagCache(t *testing.T) {
 	Setup()
 	o1 := &model.Post{}
diff --git a/store/sql_preference_store.go b/store/sql_preference_store.go
index 5c46d1328..14a9ff48b 100644
--- a/store/sql_preference_store.go
+++ b/store/sql_preference_store.go
@@ -348,3 +348,25 @@ func (s SqlPreferenceStore) DeleteCategory(userId string, category string) Store
 
 	return storeChannel
 }
+
+func (s SqlPreferenceStore) DeleteCategoryAndName(category string, name string) StoreChannel {
+	storeChannel := make(StoreChannel, 1)
+
+	go func() {
+		result := StoreResult{}
+
+		if _, err := s.GetMaster().Exec(
+			`DELETE FROM
+				Preferences
+			WHERE
+				Name = :Name
+				AND Category = :Category`, map[string]interface{}{"Name": name, "Category": category}); err != nil {
+			result.Err = model.NewLocAppError("SqlPreferenceStore.DeleteCategoryAndName", "store.sql_preference.delete.app_error", nil, err.Error())
+		}
+
+		storeChannel <- result
+		close(storeChannel)
+	}()
+
+	return storeChannel
+}
diff --git a/store/sql_preference_store_test.go b/store/sql_preference_store_test.go
index fc1cf5f5b..adcaa8d89 100644
--- a/store/sql_preference_store_test.go
+++ b/store/sql_preference_store_test.go
@@ -427,3 +427,48 @@ func TestPreferenceDeleteCategory(t *testing.T) {
 		t.Fatal("should've returned no preferences")
 	}
 }
+
+func TestPreferenceDeleteCategoryAndName(t *testing.T) {
+	Setup()
+
+	category := model.NewId()
+	name := model.NewId()
+	userId := model.NewId()
+	userId2 := model.NewId()
+
+	preference1 := model.Preference{
+		UserId:   userId,
+		Category: category,
+		Name:     name,
+		Value:    "value1a",
+	}
+
+	preference2 := model.Preference{
+		UserId:   userId2,
+		Category: category,
+		Name:     name,
+		Value:    "value1a",
+	}
+
+	Must(store.Preference().Save(&model.Preferences{preference1, preference2}))
+
+	if prefs := Must(store.Preference().GetAll(userId)).(model.Preferences); len([]model.Preference(prefs)) != 1 {
+		t.Fatal("should've returned 1 preference")
+	}
+
+	if prefs := Must(store.Preference().GetAll(userId2)).(model.Preferences); len([]model.Preference(prefs)) != 1 {
+		t.Fatal("should've returned 1 preference")
+	}
+
+	if result := <-store.Preference().DeleteCategoryAndName(category, name); result.Err != nil {
+		t.Fatal(result.Err)
+	}
+
+	if prefs := Must(store.Preference().GetAll(userId)).(model.Preferences); len([]model.Preference(prefs)) != 0 {
+		t.Fatal("should've returned no preferences")
+	}
+
+	if prefs := Must(store.Preference().GetAll(userId2)).(model.Preferences); len([]model.Preference(prefs)) != 0 {
+		t.Fatal("should've returned no preferences")
+	}
+}
diff --git a/store/store.go b/store/store.go
index 730a923c5..48819e2d7 100644
--- a/store/store.go
+++ b/store/store.go
@@ -127,6 +127,7 @@ type PostStore interface {
 	Save(post *model.Post) StoreChannel
 	Update(newPost *model.Post, oldPost *model.Post) StoreChannel
 	Get(id string) StoreChannel
+	GetSingle(id string) StoreChannel
 	Delete(postId string, time int64) StoreChannel
 	PermanentDeleteByUser(userId string) StoreChannel
 	GetPosts(channelId string, offset int, limit int, allowFromCache bool) StoreChannel
@@ -276,6 +277,7 @@ type PreferenceStore interface {
 	GetAll(userId string) StoreChannel
 	Delete(userId, category, name string) StoreChannel
 	DeleteCategory(userId string, category string) StoreChannel
+	DeleteCategoryAndName(category string, name string) StoreChannel
 	PermanentDeleteByUser(userId string) StoreChannel
 	IsFeatureEnabled(feature, userId string) StoreChannel
 }