summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--api/api.go3
-rw-r--r--api/context.go15
-rw-r--r--api/file.go132
-rw-r--r--api/file_benchmark_test.go5
-rw-r--r--api/file_test.go373
-rw-r--r--model/client.go13
-rw-r--r--webapp/action_creators/global_actions.jsx10
-rw-r--r--webapp/client/client.jsx8
-rw-r--r--webapp/components/get_public_link_modal.jsx80
-rw-r--r--webapp/components/needs_team.jsx2
-rw-r--r--webapp/components/view_image.jsx28
-rw-r--r--webapp/components/view_image_popover_bar.jsx4
-rw-r--r--webapp/stores/modal_store.jsx1
-rw-r--r--webapp/utils/async_client.jsx30
-rw-r--r--webapp/utils/constants.jsx1
15 files changed, 452 insertions, 253 deletions
diff --git a/api/api.go b/api/api.go
index fc81dda3a..6626ef326 100644
--- a/api/api.go
+++ b/api/api.go
@@ -43,6 +43,8 @@ type Routes struct {
Preferences *mux.Router // 'api/v3/preferences'
License *mux.Router // 'api/v3/license'
+
+ Public *mux.Router // 'api/v3/public'
}
var BaseRoutes *Routes
@@ -67,6 +69,7 @@ func InitApi() {
BaseRoutes.Admin = BaseRoutes.ApiRoot.PathPrefix("/admin").Subrouter()
BaseRoutes.Preferences = BaseRoutes.ApiRoot.PathPrefix("/preferences").Subrouter()
BaseRoutes.License = BaseRoutes.ApiRoot.PathPrefix("/license").Subrouter()
+ BaseRoutes.Public = BaseRoutes.ApiRoot.PathPrefix("/public").Subrouter()
InitUser()
InitTeam()
diff --git a/api/context.go b/api/context.go
index 8bbd5a1d2..03d0046be 100644
--- a/api/context.go
+++ b/api/context.go
@@ -80,6 +80,10 @@ func ApiUserRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.R
return &handler{h, true, false, true, true, false, true}
}
+func ApiAppHandlerTrustRequesterIndependent(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
+ return &handler{h, false, false, true, false, true, true}
+}
+
type handler struct {
handleFunc func(*Context, http.ResponseWriter, *http.Request)
requireUser bool
@@ -187,7 +191,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
c.SystemAdminRequired()
}
- if c.Err == nil && len(c.TeamId) > 0 {
+ if c.Err == nil && len(c.TeamId) > 0 && !h.isTeamIndependent {
c.HasPermissionsToTeam(c.TeamId, "TeamRoute")
}
@@ -389,8 +393,13 @@ func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) {
}
func (c *Context) SetInvalidParam(where string, name string) {
- c.Err = model.NewLocAppError(where, "api.context.invalid_param.app_error", map[string]interface{}{"Name": name}, "")
- c.Err.StatusCode = http.StatusBadRequest
+ c.Err = NewInvalidParamError(where, name)
+}
+
+func NewInvalidParamError(where string, name string) *model.AppError {
+ err := model.NewLocAppError(where, "api.context.invalid_param.app_error", map[string]interface{}{"Name": name}, "")
+ err.StatusCode = http.StatusBadRequest
+ return err
}
func (c *Context) SetUnknownError(where string, details string) {
diff --git a/api/file.go b/api/file.go
index 82fcefc7b..ca2aeee20 100644
--- a/api/file.go
+++ b/api/file.go
@@ -61,10 +61,12 @@ func InitFile() {
l4g.Debug(utils.T("api.file.init.debug"))
BaseRoutes.Files.Handle("/upload", ApiUserRequired(uploadFile)).Methods("POST")
- BaseRoutes.Files.Handle("/get/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+(\\.[A-Za-z0-9]{3,})?}", ApiAppHandlerTrustRequester(getFile)).Methods("GET")
- BaseRoutes.Files.Handle("/get_info/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+(\\.[A-Za-z0-9]{3,})?}", ApiAppHandler(getFileInfo)).Methods("GET")
+ BaseRoutes.Files.Handle("/get/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+(\\.[A-Za-z0-9]{3,})?}", ApiUserRequiredTrustRequester(getFile)).Methods("GET")
+ BaseRoutes.Files.Handle("/get_info/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+(\\.[A-Za-z0-9]{3,})?}", ApiUserRequired(getFileInfo)).Methods("GET")
BaseRoutes.Files.Handle("/get_public_link", ApiUserRequired(getPublicLink)).Methods("POST")
BaseRoutes.Files.Handle("/get_export", ApiUserRequired(getExport)).Methods("GET")
+
+ BaseRoutes.Public.Handle("/files/get/{team_id:[A-Za-z0-9]+}/{channel_id:[A-Za-z0-9]+}/{user_id:[A-Za-z0-9]+}/{filename:([A-Za-z0-9]+/)?.+(\\.[A-Za-z0-9]{3,})?}", ApiAppHandlerTrustRequesterIndependent(getPublicFile)).Methods("GET")
}
func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -349,72 +351,104 @@ func getFileInfo(c *Context, w http.ResponseWriter, r *http.Request) {
}
func getFile(c *Context, w http.ResponseWriter, r *http.Request) {
- if len(utils.Cfg.FileSettings.DriverName) == 0 {
- c.Err = model.NewLocAppError("uploadFile", "api.file.upload_file.storage.app_error", nil, "")
- c.Err.StatusCode = http.StatusNotImplemented
- return
- }
-
params := mux.Vars(r)
+ teamId := c.TeamId
channelId := params["channel_id"]
- if len(channelId) != 26 {
- c.SetInvalidParam("getFile", "channel_id")
+ userId := params["user_id"]
+ filename := params["filename"]
+
+ if !c.HasPermissionsToChannel(Srv.Store.Channel().CheckPermissionsTo(teamId, channelId, userId), "getFile") {
return
}
- userId := params["user_id"]
- if len(userId) != 26 {
- c.SetInvalidParam("getFile", "user_id")
+ if err, bytes := getFileData(teamId, channelId, userId, filename); err != nil {
+ c.Err = err
+ return
+ } else if err := writeFileResponse(filename, bytes, w, r); err != nil {
+ c.Err = err
return
}
+}
+func getPublicFile(c *Context, w http.ResponseWriter, r *http.Request) {
+ params := mux.Vars(r)
+
+ teamId := params["team_id"]
+ channelId := params["channel_id"]
+ userId := params["user_id"]
filename := params["filename"]
- if len(filename) == 0 {
- c.SetInvalidParam("getFile", "filename")
- return
- }
hash := r.URL.Query().Get("h")
data := r.URL.Query().Get("d")
- teamId := r.URL.Query().Get("t")
-
- cchan := Srv.Store.Channel().CheckPermissionsTo(c.TeamId, channelId, c.Session.UserId)
- path := ""
- if len(teamId) == 26 {
- path = "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + filename
- } else {
- path = "teams/" + c.TeamId + "/channels/" + channelId + "/users/" + userId + "/" + filename
+ if !utils.Cfg.FileSettings.EnablePublicLink {
+ c.Err = model.NewLocAppError("getPublicFile", "api.file.get_file.public_disabled.app_error", nil, "")
+ c.Err.StatusCode = http.StatusNotImplemented
+ return
}
- fileData := make(chan []byte)
- getFileAndForget(path, fileData)
-
- if len(hash) > 0 && len(data) > 0 && len(teamId) == 26 {
- if !utils.Cfg.FileSettings.EnablePublicLink {
- c.Err = model.NewLocAppError("getFile", "api.file.get_file.public_disabled.app_error", nil, "")
- return
- }
-
+ if len(hash) > 0 && len(data) > 0 {
if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.FileSettings.PublicLinkSalt)) {
- c.Err = model.NewLocAppError("getFile", "api.file.get_file.public_invalid.app_error", nil, "")
+ c.Err = model.NewLocAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "")
+ c.Err.StatusCode = http.StatusBadRequest
return
}
- } else if !c.HasPermissionsToChannel(cchan, "getFile") {
+ } else {
+ c.Err = model.NewLocAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "")
+ c.Err.StatusCode = http.StatusBadRequest
return
}
- f := <-fileData
-
- if f == nil {
- c.Err = model.NewLocAppError("getFile", "api.file.get_file.not_found.app_error", nil, "path="+path)
- c.Err.StatusCode = http.StatusNotFound
+ if err, bytes := getFileData(teamId, channelId, userId, filename); err != nil {
+ c.Err = err
+ return
+ } else if err := writeFileResponse(filename, bytes, w, r); err != nil {
+ c.Err = err
return
}
+}
+
+func getFileData(teamId string, channelId string, userId string, filename string) (*model.AppError, []byte) {
+ if len(utils.Cfg.FileSettings.DriverName) == 0 {
+ err := model.NewLocAppError("getFileData", "api.file.upload_file.storage.app_error", nil, "")
+ err.StatusCode = http.StatusNotImplemented
+ return err, nil
+ }
+
+ if len(teamId) != 26 {
+ return NewInvalidParamError("getFileData", "team_id"), nil
+ }
+
+ if len(channelId) != 26 {
+ return NewInvalidParamError("getFileData", "channel_id"), nil
+ }
+
+ if len(userId) != 26 {
+ return NewInvalidParamError("getFileData", "user_id"), nil
+ }
+
+ if len(filename) == 0 {
+ return NewInvalidParamError("getFileData", "filename"), nil
+ }
+ path := "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + filename
+
+ fileChan := make(chan []byte)
+ getFileAndForget(path, fileChan)
+
+ if bytes := <-fileChan; bytes == nil {
+ err := model.NewLocAppError("writeFileResponse", "api.file.get_file.not_found.app_error", nil, "path="+path)
+ err.StatusCode = http.StatusNotFound
+ return err, nil
+ } else {
+ return nil, bytes
+ }
+}
+
+func writeFileResponse(filename string, bytes []byte, w http.ResponseWriter, r *http.Request) *model.AppError {
w.Header().Set("Cache-Control", "max-age=2592000, public")
- w.Header().Set("Content-Length", strconv.Itoa(len(f)))
+ w.Header().Set("Content-Length", strconv.Itoa(len(bytes)))
w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer
// attach extra headers to trigger a download on IE, Edge, and Safari
@@ -426,7 +460,6 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Disposition", "attachment;filename=\""+filePart+"\"")
if bname == "Edge" || bname == "Internet Explorer" || bname == "Safari" {
- // trim off anything before the final / so we just get the file's name
w.Header().Set("Content-Type", "application/octet-stream")
}
@@ -434,7 +467,9 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("Content-Security-Policy", "Frame-ancestors 'none'")
- w.Write(f)
+ w.Write(bytes)
+
+ return nil
}
func getFileAndForget(path string, fileData chan []byte) {
@@ -458,7 +493,7 @@ func getPublicLink(c *Context, w http.ResponseWriter, r *http.Request) {
if !utils.Cfg.FileSettings.EnablePublicLink {
c.Err = model.NewLocAppError("getPublicLink", "api.file.get_public_link.disabled.app_error", nil, "")
- c.Err.StatusCode = http.StatusForbidden
+ c.Err.StatusCode = http.StatusNotImplemented
return
}
@@ -488,16 +523,13 @@ func getPublicLink(c *Context, w http.ResponseWriter, r *http.Request) {
data := model.MapToJson(newProps)
hash := model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.FileSettings.PublicLinkSalt))
- url := fmt.Sprintf("%s/files/get/%s/%s/%s?d=%s&h=%s&t=%s", c.GetSiteURL()+model.API_URL_SUFFIX, channelId, userId, filename, url.QueryEscape(data), url.QueryEscape(hash), c.TeamId)
+ url := fmt.Sprintf("%s/public/files/get/%s/%s/%s/%s?d=%s&h=%s", c.GetSiteURL()+model.API_URL_SUFFIX, c.TeamId, channelId, userId, filename, url.QueryEscape(data), url.QueryEscape(hash))
if !c.HasPermissionsToChannel(cchan, "getPublicLink") {
return
}
- rData := make(map[string]string)
- rData["public_link"] = url
-
- w.Write([]byte(model.MapToJson(rData)))
+ w.Write([]byte(url))
}
func getExport(c *Context, w http.ResponseWriter, r *http.Request) {
diff --git a/api/file_benchmark_test.go b/api/file_benchmark_test.go
index d73097072..f14d501ff 100644
--- a/api/file_benchmark_test.go
+++ b/api/file_benchmark_test.go
@@ -68,16 +68,13 @@ func BenchmarkGetPublicLink(b *testing.B) {
b.Fatal("Unable to upload file for benchmark")
}
- data := make(map[string]string)
- data["filename"] = filenames[0]
-
// wait a bit for files to ready
time.Sleep(5 * time.Second)
// Benchmark Start
b.ResetTimer()
for i := 0; i < b.N; i++ {
- if _, downErr := Client.GetPublicLink(data); downErr != nil {
+ if _, downErr := Client.GetPublicLink(filenames[0]); downErr != nil {
b.Fatal(downErr)
}
}
diff --git a/api/file_test.go b/api/file_test.go
index 015048ec4..fe7355122 100644
--- a/api/file_test.go
+++ b/api/file_test.go
@@ -5,16 +5,15 @@ package api
import (
"bytes"
+ "encoding/base64"
"fmt"
"github.com/goamz/goamz/aws"
"github.com/goamz/goamz/s3"
"github.com/mattermost/platform/model"
- "github.com/mattermost/platform/store"
"github.com/mattermost/platform/utils"
"io"
"mime/multipart"
"net/http"
- "net/url"
"os"
"strings"
"testing"
@@ -138,12 +137,6 @@ func TestGetFile(t *testing.T) {
user := th.BasicUser
channel := th.BasicChannel
- enablePublicLink := utils.Cfg.FileSettings.EnablePublicLink
- defer func() {
- utils.Cfg.FileSettings.EnablePublicLink = enablePublicLink
- }()
- utils.Cfg.FileSettings.EnablePublicLink = true
-
if utils.Cfg.FileSettings.DriverName != "" {
body := &bytes.Buffer{}
writer := multipart.NewWriter(body)
@@ -202,60 +195,6 @@ func TestGetFile(t *testing.T) {
}
}
- team2 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
- team2 = Client.Must(Client.CreateTeam(team2)).Data.(*model.Team)
-
- user2 := &model.User{Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"}
- user2 = Client.Must(Client.CreateUser(user2, "")).Data.(*model.User)
- LinkUserToTeam(user2, team2)
- store.Must(Srv.Store.User().VerifyEmail(user2.Id))
-
- newProps := make(map[string]string)
- newProps["filename"] = filenames[0]
- newProps["time"] = fmt.Sprintf("%v", model.GetMillis())
-
- data := model.MapToJson(newProps)
- hash := model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.FileSettings.PublicLinkSalt))
-
- Client.Login(user2.Email, "pwd")
- Client.SetTeamId(team2.Id)
-
- if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash)+"&t="+team.Id, false); downErr != nil {
- t.Fatal(downErr)
- }
-
- if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash), false); downErr == nil {
- t.Fatal("Should have errored - missing team id")
- }
-
- if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash)+"&t=junk", false); downErr == nil {
- t.Fatal("Should have errored - bad team id")
- }
-
- if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash)+"&t=12345678901234567890123456", false); downErr == nil {
- t.Fatal("Should have errored - bad team id")
- }
-
- if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&t="+team.Id, false); downErr == nil {
- t.Fatal("Should have errored - missing hash")
- }
-
- if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h=junk&t="+team.Id, false); downErr == nil {
- t.Fatal("Should have errored - bad hash")
- }
-
- if _, downErr := Client.GetFile(filenames[0]+"?h="+url.QueryEscape(hash)+"&t="+team.Id, false); downErr == nil {
- t.Fatal("Should have errored - missing data")
- }
-
- if _, downErr := Client.GetFile(filenames[0]+"?d=junk&h="+url.QueryEscape(hash)+"&t="+team.Id, false); downErr == nil {
- t.Fatal("Should have errored - bad data")
- }
-
- if _, downErr := Client.GetFile(filenames[0], true); downErr == nil {
- t.Fatal("Should have errored - user not logged in and link not public")
- }
-
if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 {
var auth aws.Auth
auth.AccessKey = utils.Cfg.FileSettings.AmazonS3AccessKeyId
@@ -309,146 +248,242 @@ func TestGetFile(t *testing.T) {
}
}
-func TestGetPublicLink(t *testing.T) {
+func TestGetPublicFile(t *testing.T) {
th := Setup().InitBasic()
Client := th.BasicClient
- team := th.BasicTeam
- user := th.BasicUser
channel := th.BasicChannel
- if utils.Cfg.FileSettings.DriverName != "" {
- enablePublicLink := utils.Cfg.FileSettings.EnablePublicLink
- defer func() {
- utils.Cfg.FileSettings.EnablePublicLink = enablePublicLink
- }()
- utils.Cfg.FileSettings.EnablePublicLink = true
+ enablePublicLink := utils.Cfg.FileSettings.EnablePublicLink
+ driverName := utils.Cfg.FileSettings.DriverName
+ defer func() {
+ utils.Cfg.FileSettings.EnablePublicLink = enablePublicLink
+ utils.Cfg.FileSettings.DriverName = driverName
+ }()
+ utils.Cfg.FileSettings.EnablePublicLink = true
+ if driverName == "" {
+ driverName = model.IMAGE_DRIVER_LOCAL
+ }
- body := &bytes.Buffer{}
- writer := multipart.NewWriter(body)
- part, err := writer.CreateFormFile("files", "test.png")
- if err != nil {
- t.Fatal(err)
- }
+ filenames, err := uploadTestFile(Client, channel.Id)
+ if err != nil {
+ t.Fatal("failed to upload test file", err)
+ }
- path := utils.FindDir("tests")
- file, err := os.Open(path + "/test.png")
- if err != nil {
- t.Fatal(err)
- }
- defer file.Close()
+ post1 := &model.Post{ChannelId: channel.Id, Message: "a" + model.NewId() + "a", Filenames: filenames}
- _, err = io.Copy(part, file)
- if err != nil {
- t.Fatal(err)
- }
+ if rpost1, postErr := Client.CreatePost(post1); postErr != nil {
+ t.Fatal(postErr)
+ } else {
+ post1 = rpost1.Data.(*model.Post)
+ }
- field, err := writer.CreateFormField("channel_id")
- if err != nil {
- t.Fatal(err)
- }
+ var link string
+ if result, err := Client.GetPublicLink(filenames[0]); err != nil {
+ t.Fatal("failed to get public link")
+ } else {
+ link = result.Data.(string)
+ }
- _, err = field.Write([]byte(channel.Id))
- if err != nil {
- t.Fatal(err)
- }
+ // test a user that's logged in
+ if resp, err := http.Get(link); err != nil && resp.StatusCode != http.StatusOK {
+ t.Fatal("failed to get image with public link while logged in", err)
+ }
- err = writer.Close()
- if err != nil {
- t.Fatal(err)
- }
+ if resp, err := http.Get(link[:strings.LastIndex(link, "?")]); err == nil && resp.StatusCode != http.StatusBadRequest {
+ t.Fatal("should've failed to get image with public link while logged in without query params", resp.Status)
+ }
- resp, upErr := Client.UploadPostAttachment(body.Bytes(), writer.FormDataContentType())
- if upErr != nil {
- t.Fatal(upErr)
- }
+ if resp, err := http.Get(link[:strings.LastIndex(link, "&")]); err == nil && resp.StatusCode != http.StatusBadRequest {
+ t.Fatal("should've failed to get image with public link while logged in without second query param")
+ }
- filenames := resp.Data.(*model.FileUploadResponse).Filenames
+ if resp, err := http.Get(link[:strings.LastIndex(link, "?")] + "?" + link[strings.LastIndex(link, "&"):]); err == nil && resp.StatusCode != http.StatusBadRequest {
+ t.Fatal("should've failed to get image with public link while logged in without first query param")
+ }
- post1 := &model.Post{ChannelId: channel.Id, Message: "a" + model.NewId() + "a", Filenames: filenames}
+ utils.Cfg.FileSettings.EnablePublicLink = false
+ if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusNotImplemented {
+ t.Fatal("should've failed to get image with disabled public link while logged in")
+ }
- rpost1, postErr := Client.CreatePost(post1)
- if postErr != nil {
- t.Fatal(postErr)
- }
+ utils.Cfg.FileSettings.EnablePublicLink = true
- if rpost1.Data.(*model.Post).Filenames[0] != filenames[0] {
- t.Fatal("filenames don't match")
- }
+ // test a user that's logged out
+ Client.Must(Client.Logout())
- // wait a bit for files to ready
- time.Sleep(5 * time.Second)
+ if resp, err := http.Get(link); err != nil && resp.StatusCode != http.StatusOK {
+ t.Fatal("failed to get image with public link while not logged in", err)
+ }
- data := make(map[string]string)
- data["filename"] = filenames[0]
+ if resp, err := http.Get(link[:strings.LastIndex(link, "?")]); err == nil && resp.StatusCode != http.StatusBadRequest {
+ t.Fatal("should've failed to get image with public link while not logged in without query params")
+ }
- if _, err := Client.GetPublicLink(data); err != nil {
- t.Fatal(err)
- }
+ if resp, err := http.Get(link[:strings.LastIndex(link, "&")]); err == nil && resp.StatusCode != http.StatusBadRequest {
+ t.Fatal("should've failed to get image with public link while not logged in without second query param")
+ }
- data["filename"] = "junk"
+ if resp, err := http.Get(link[:strings.LastIndex(link, "?")] + "?" + link[strings.LastIndex(link, "&"):]); err == nil && resp.StatusCode != http.StatusBadRequest {
+ t.Fatal("should've failed to get image with public link while not logged in without first query param")
+ }
- if _, err := Client.GetPublicLink(data); err == nil {
- t.Fatal("Should have errored - bad file path")
- }
+ utils.Cfg.FileSettings.EnablePublicLink = false
+ if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusNotImplemented {
+ t.Fatal("should've failed to get image with disabled public link while not logged in")
+ }
- th.LoginBasic2()
+ utils.Cfg.FileSettings.EnablePublicLink = true
- data["filename"] = filenames[0]
- if _, err := Client.GetPublicLink(data); err == nil {
- t.Fatal("should have errored, user not member of channel")
- }
+ // test a user that's logged in after the salt has changed
+ utils.Cfg.FileSettings.PublicLinkSalt = model.NewId()
- if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 {
- // perform clean-up on s3
- var auth aws.Auth
- auth.AccessKey = utils.Cfg.FileSettings.AmazonS3AccessKeyId
- auth.SecretKey = utils.Cfg.FileSettings.AmazonS3SecretAccessKey
+ th.LoginBasic()
+ if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusBadRequest {
+ t.Fatal("should've failed to get image with public link while logged in after salt changed")
+ }
- s := s3.New(auth, aws.Regions[utils.Cfg.FileSettings.AmazonS3Region])
- bucket := s.Bucket(utils.Cfg.FileSettings.AmazonS3Bucket)
+ Client.Must(Client.Logout())
+ if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusBadRequest {
+ t.Fatal("should've failed to get image with public link while not logged in after salt changed")
+ }
- filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/")
- filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1]
- fileId := strings.Split(filename, ".")[0]
+ if err := cleanupTestFile(filenames[0], th.BasicTeam.Id, channel.Id, th.BasicUser.Id); err != nil {
+ t.Fatal("failed to cleanup test file", err)
+ }
+}
- err = bucket.Del("teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + filename)
- if err != nil {
- t.Fatal(err)
- }
+func TestGetPublicLink(t *testing.T) {
+ th := Setup().InitBasic()
+ Client := th.BasicClient
+ channel := th.BasicChannel
- err = bucket.Del("teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_thumb.jpg")
- if err != nil {
- t.Fatal(err)
- }
+ enablePublicLink := utils.Cfg.FileSettings.EnablePublicLink
+ driverName := utils.Cfg.FileSettings.DriverName
+ defer func() {
+ utils.Cfg.FileSettings.EnablePublicLink = enablePublicLink
+ utils.Cfg.FileSettings.DriverName = driverName
+ }()
+ if driverName == "" {
+ driverName = model.IMAGE_DRIVER_LOCAL
+ }
- err = bucket.Del("teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_preview.jpg")
- if err != nil {
- t.Fatal(err)
- }
- } else {
- filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/")
- filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1]
- fileId := strings.Split(filename, ".")[0]
+ filenames, err := uploadTestFile(Client, channel.Id)
+ if err != nil {
+ t.Fatal("failed to upload test file", err)
+ }
- path := utils.Cfg.FileSettings.Directory + "teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + filename
- if err := os.Remove(path); err != nil {
- t.Fatal("Couldn't remove file at " + path)
- }
+ post1 := &model.Post{ChannelId: channel.Id, Message: "a" + model.NewId() + "a", Filenames: filenames}
- path = utils.Cfg.FileSettings.Directory + "teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_thumb.jpg"
- if err := os.Remove(path); err != nil {
- t.Fatal("Couldn't remove file at " + path)
- }
+ if rpost1, postErr := Client.CreatePost(post1); postErr != nil {
+ t.Fatal(postErr)
+ } else {
+ post1 = rpost1.Data.(*model.Post)
+ }
- path = utils.Cfg.FileSettings.Directory + "teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_preview.jpg"
- if err := os.Remove(path); err != nil {
- t.Fatal("Couldn't remove file at " + path)
- }
+ utils.Cfg.FileSettings.EnablePublicLink = false
+ if _, err := Client.GetPublicLink(filenames[0]); err == nil || err.StatusCode != http.StatusNotImplemented {
+ t.Fatal("should've failed when public links are disabled", err)
+ }
+
+ utils.Cfg.FileSettings.EnablePublicLink = true
+
+ if _, err := Client.GetPublicLink("garbage"); err == nil {
+ t.Fatal("should've failed for invalid link")
+ }
+
+ if _, err := Client.GetPublicLink(filenames[0]); err != nil {
+ t.Fatal("should've gotten link for file", err)
+ }
+
+ th.LoginBasic2()
+
+ if _, err := Client.GetPublicLink(filenames[0]); err == nil {
+ t.Fatal("should've failed, user not member of channel")
+ }
+
+ th.LoginBasic()
+
+ if err := cleanupTestFile(filenames[0], th.BasicTeam.Id, channel.Id, th.BasicUser.Id); err != nil {
+ t.Fatal("failed to cleanup test file", err)
+ }
+}
+
+func uploadTestFile(Client *model.Client, channelId string) ([]string, error) {
+ body := &bytes.Buffer{}
+ writer := multipart.NewWriter(body)
+ part, err := writer.CreateFormFile("files", "test.png")
+ if err != nil {
+ return nil, err
+ }
+
+ // base 64 encoded version of handtinywhite.gif from http://probablyprogramming.com/2009/03/15/the-tiniest-gif-ever
+ file, _ := base64.StdEncoding.DecodeString("R0lGODlhAQABAIABAP///wAAACwAAAAAAQABAAACAkQBADs=")
+
+ if _, err := io.Copy(part, bytes.NewReader(file)); err != nil {
+ return nil, err
+ }
+
+ field, err := writer.CreateFormField("channel_id")
+ if err != nil {
+ return nil, err
+ }
+
+ if _, err := field.Write([]byte(channelId)); err != nil {
+ return nil, err
+ }
+
+ if err := writer.Close(); err != nil {
+ return nil, err
+ }
+
+ if resp, err := Client.UploadPostAttachment(body.Bytes(), writer.FormDataContentType()); err != nil {
+ return nil, err
+ } else {
+ return resp.Data.(*model.FileUploadResponse).Filenames, nil
+ }
+}
+
+func cleanupTestFile(fullFilename, teamId, channelId, userId string) error {
+ filenames := strings.Split(fullFilename, "/")
+ filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1]
+ fileId := strings.Split(filename, ".")[0]
+
+ if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 {
+ // perform clean-up on s3
+ var auth aws.Auth
+ auth.AccessKey = utils.Cfg.FileSettings.AmazonS3AccessKeyId
+ auth.SecretKey = utils.Cfg.FileSettings.AmazonS3SecretAccessKey
+
+ s := s3.New(auth, aws.Regions[utils.Cfg.FileSettings.AmazonS3Region])
+ bucket := s.Bucket(utils.Cfg.FileSettings.AmazonS3Bucket)
+
+ if err := bucket.Del("teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + filename); err != nil {
+ return err
+ }
+
+ if err := bucket.Del("teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + fileId + "_thumb.jpg"); err != nil {
+ return err
+ }
+
+ if err := bucket.Del("teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + fileId + "_preview.jpg"); err != nil {
+ return err
}
} else {
- data := make(map[string]string)
- if _, err := Client.GetPublicLink(data); err.StatusCode != http.StatusNotImplemented {
- t.Fatal("Status code should have been 501 - Not Implemented")
+ path := utils.Cfg.FileSettings.Directory + "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + filename
+ if err := os.Remove(path); err != nil {
+ return fmt.Errorf("Couldn't remove file at " + path)
+ }
+
+ path = utils.Cfg.FileSettings.Directory + "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + fileId + "_thumb.jpg"
+ if err := os.Remove(path); err != nil {
+ return fmt.Errorf("Couldn't remove file at " + path)
+ }
+
+ path = utils.Cfg.FileSettings.Directory + "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + fileId + "_preview.jpg"
+ if err := os.Remove(path); err != nil {
+ return fmt.Errorf("Couldn't remove file at " + path)
}
}
+
+ return nil
}
diff --git a/model/client.go b/model/client.go
index 804b0d218..54f143cfe 100644
--- a/model/client.go
+++ b/model/client.go
@@ -993,12 +993,19 @@ func (c *Client) GetFileInfo(url string) (*Result, *AppError) {
}
}
-func (c *Client) GetPublicLink(data map[string]string) (*Result, *AppError) {
- if r, err := c.DoApiPost(c.GetTeamRoute()+"/files/get_public_link", MapToJson(data)); err != nil {
+func (c *Client) GetPublicLink(filename string) (*Result, *AppError) {
+ if r, err := c.DoApiPost(c.GetTeamRoute()+"/files/get_public_link", MapToJson(map[string]string{"filename": filename})); err != nil {
return nil, err
} else {
+ var link string
+ if body, err := ioutil.ReadAll(r.Body); err == nil {
+ link = string(body)
+ } else {
+ // all the other Client methods return an empty string on invalid json, so we can too
+ }
+
return &Result{r.Header.Get(HEADER_REQUEST_ID),
- r.Header.Get(HEADER_ETAG_SERVER), MapFromJson(r.Body)}, nil
+ r.Header.Get(HEADER_ETAG_SERVER), link}, nil
}
}
diff --git a/webapp/action_creators/global_actions.jsx b/webapp/action_creators/global_actions.jsx
index ae7352e5d..78c56dd12 100644
--- a/webapp/action_creators/global_actions.jsx
+++ b/webapp/action_creators/global_actions.jsx
@@ -281,6 +281,16 @@ export function showGetPostLinkModal(post) {
});
}
+export function showGetPublicLinkModal(channelId, userId, filename) {
+ AppDispatcher.handleViewAction({
+ type: ActionTypes.TOGGLE_GET_PUBLIC_LINK_MODAL,
+ value: true,
+ channelId,
+ userId,
+ filename
+ });
+}
+
export function showGetTeamInviteLinkModal() {
AppDispatcher.handleViewAction({
type: Constants.ActionTypes.TOGGLE_GET_TEAM_INVITE_LINK_MODAL,
diff --git a/webapp/client/client.jsx b/webapp/client/client.jsx
index 73cc6120f..56eb4a137 100644
--- a/webapp/client/client.jsx
+++ b/webapp/client/client.jsx
@@ -1325,7 +1325,13 @@ export default class Client {
end(this.handleResponse.bind(this, 'getFileInfo', success, error));
}
- getPublicLink = (data, success, error) => {
+ getPublicLink = (channelId, userId, filename, success, error) => {
+ const data = {
+ channel_id: channelId,
+ user_id: userId,
+ filename
+ };
+
request.
post(`${this.getFilesRoute()}/get_public_link`).
set(this.defaultHeaders).
diff --git a/webapp/components/get_public_link_modal.jsx b/webapp/components/get_public_link_modal.jsx
new file mode 100644
index 000000000..7f83651cd
--- /dev/null
+++ b/webapp/components/get_public_link_modal.jsx
@@ -0,0 +1,80 @@
+// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+import React from 'react';
+
+import * as AsyncClient from 'utils/async_client.jsx';
+import Constants from 'utils/constants.jsx';
+import ModalStore from 'stores/modal_store.jsx';
+import PureRenderMixin from 'react-addons-pure-render-mixin';
+import * as Utils from 'utils/utils.jsx';
+
+import GetLinkModal from './get_link_modal.jsx';
+
+export default class GetPublicLinkModal extends React.Component {
+ constructor(props) {
+ super(props);
+
+ this.handlePublicLink = this.handlePublicLink.bind(this);
+ this.handleToggle = this.handleToggle.bind(this);
+ this.hide = this.hide.bind(this);
+
+ this.shouldComponentUpdate = PureRenderMixin.shouldComponentUpdate.bind(this);
+
+ this.state = {
+ show: false,
+ channelId: '',
+ userId: '',
+ filename: '',
+ link: ''
+ };
+ }
+
+ componentDidMount() {
+ ModalStore.addModalListener(Constants.ActionTypes.TOGGLE_GET_PUBLIC_LINK_MODAL, this.handleToggle);
+ }
+
+ componentDidUpdate(prevProps, prevState) {
+ if (this.state.show && !prevState.show) {
+ AsyncClient.getPublicLink(this.state.channelId, this.state.userId, this.state.filename, this.handlePublicLink);
+ }
+ }
+
+ componentWillUnmount() {
+ ModalStore.removeModalListener(Constants.ActionTypes.TOGGLE_GET_PUBLIC_LINK_MODAL, this.handleToggle);
+ }
+
+ handlePublicLink(link) {
+ this.setState({
+ link
+ });
+ }
+
+ handleToggle(value, args) {
+ this.setState({
+ show: value,
+ channelId: args.channelId,
+ userId: args.userId,
+ filename: args.filename,
+ link: ''
+ });
+ }
+
+ hide() {
+ this.setState({
+ show: false
+ });
+ }
+
+ render() {
+ return (
+ <GetLinkModal
+ show={this.state.show}
+ onHide={this.hide}
+ title={Utils.localizeMessage('get_public_link_modal.title', 'Copy Public Link')}
+ helpText={Utils.localizeMessage('get_public_link_modal.help', 'The link below allows anyone to see this file without being registered on this server.')}
+ link={this.state.link}
+ />
+ );
+ }
+}
diff --git a/webapp/components/needs_team.jsx b/webapp/components/needs_team.jsx
index 92c6fc0ce..c2f450f98 100644
--- a/webapp/components/needs_team.jsx
+++ b/webapp/components/needs_team.jsx
@@ -24,6 +24,7 @@ import Navbar from 'components/navbar.jsx';
// Modals
import GetPostLinkModal from 'components/get_post_link_modal.jsx';
+import GetPublicLinkModal from 'components/get_public_link_modal.jsx';
import GetTeamInviteLinkModal from 'components/get_team_invite_link_modal.jsx';
import EditPostModal from 'components/edit_post_modal.jsx';
import DeletePostModal from 'components/delete_post_modal.jsx';
@@ -125,6 +126,7 @@ export default class NeedsTeam extends React.Component {
{content}
<GetPostLinkModal/>
+ <GetPublicLinkModal/>
<GetTeamInviteLinkModal/>
<InviteMemberModal/>
<ImportThemeModal/>
diff --git a/webapp/components/view_image.jsx b/webapp/components/view_image.jsx
index bd4aeaa41..b88df19d4 100644
--- a/webapp/components/view_image.jsx
+++ b/webapp/components/view_image.jsx
@@ -3,7 +3,7 @@
import $ from 'jquery';
import * as AsyncClient from 'utils/async_client.jsx';
-import Client from 'utils/web_client.jsx';
+import * as GlobalActions from 'action_creators/global_actions.jsx';
import * as Utils from 'utils/utils.jsx';
import AudioVideoPreview from './audio_video_preview.jsx';
import Constants from 'utils/constants.jsx';
@@ -43,7 +43,7 @@ class ViewImageModal extends React.Component {
this.onFileStoreChange = this.onFileStoreChange.bind(this);
- this.getPublicLink = this.getPublicLink.bind(this);
+ this.handleGetPublicLink = this.handleGetPublicLink.bind(this);
this.onMouseEnterImage = this.onMouseEnterImage.bind(this);
this.onMouseLeaveImage = this.onMouseLeaveImage.bind(this);
@@ -194,24 +194,10 @@ class ViewImageModal extends React.Component {
}
}
- getPublicLink() {
- var data = {};
- data.channel_id = this.props.channelId;
- data.user_id = this.props.userId;
- data.filename = this.props.filenames[this.state.imgId];
- Client.getPublicLink(
- data,
- (serverData) => {
- if (Utils.isMobile()) {
- window.location.href = serverData.public_link;
- } else {
- window.open(serverData.public_link);
- }
- },
- () => {
- //Do Nothing on error
- }
- );
+ handleGetPublicLink() {
+ this.props.onModalDismissed();
+
+ GlobalActions.showGetPublicLinkModal(this.props.channelId, this.props.userId, this.props.filenames[this.state.imgId]);
}
onMouseEnterImage() {
@@ -349,7 +335,7 @@ class ViewImageModal extends React.Component {
totalFiles={this.props.filenames.length}
filename={name}
fileURL={fileUrl}
- getPublicLink={this.getPublicLink}
+ onGetPublicLink={this.handleGetPublicLink}
/>
</div>
</div>
diff --git a/webapp/components/view_image_popover_bar.jsx b/webapp/components/view_image_popover_bar.jsx
index 55299ef74..5b9b2362f 100644
--- a/webapp/components/view_image_popover_bar.jsx
+++ b/webapp/components/view_image_popover_bar.jsx
@@ -15,7 +15,7 @@ export default class ViewImagePopoverBar extends React.Component {
href='#'
className='public-link text'
data-title='Public Image'
- onClick={this.props.getPublicLink}
+ onClick={this.props.onGetPublicLink}
>
<FormattedMessage
id='view_image_popover.publicLink'
@@ -79,5 +79,5 @@ ViewImagePopoverBar.propTypes = {
totalFiles: React.PropTypes.number.isRequired,
filename: React.PropTypes.string.isRequired,
fileURL: React.PropTypes.string.isRequired,
- getPublicLink: React.PropTypes.func.isRequired
+ onGetPublicLink: React.PropTypes.func.isRequired
};
diff --git a/webapp/stores/modal_store.jsx b/webapp/stores/modal_store.jsx
index 2a7921c40..0595daaf9 100644
--- a/webapp/stores/modal_store.jsx
+++ b/webapp/stores/modal_store.jsx
@@ -37,6 +37,7 @@ class ModalStoreClass extends EventEmitter {
case ActionTypes.TOGGLE_GET_POST_LINK_MODAL:
case ActionTypes.TOGGLE_GET_TEAM_INVITE_LINK_MODAL:
case ActionTypes.TOGGLE_REGISTER_APP_MODAL:
+ case ActionTypes.TOGGLE_GET_PUBLIC_LINK_MODAL:
this.emit(type, value, args);
break;
}
diff --git a/webapp/utils/async_client.jsx b/webapp/utils/async_client.jsx
index 57888f722..ac651a7bb 100644
--- a/webapp/utils/async_client.jsx
+++ b/webapp/utils/async_client.jsx
@@ -1343,3 +1343,33 @@ export function regenCommandToken(id) {
}
);
}
+
+export function getPublicLink(channelId, userId, filename, success, error) {
+ const callName = 'getPublicLink' + channelId + userId + filename;
+
+ if (isCallInProgress(callName)) {
+ return;
+ }
+
+ callTracker[callName] = utils.getTimestamp();
+
+ Client.getPublicLink(
+ channelId,
+ userId,
+ filename,
+ (link) => {
+ callTracker[callName] = 0;
+
+ success(link);
+ },
+ (err) => {
+ callTracker[callName] = 0;
+
+ if (error) {
+ error(err);
+ } else {
+ dispatchError(err, 'getPublicLink');
+ }
+ }
+ );
+} \ No newline at end of file
diff --git a/webapp/utils/constants.jsx b/webapp/utils/constants.jsx
index 3ae99d7fa..fb4086c7a 100644
--- a/webapp/utils/constants.jsx
+++ b/webapp/utils/constants.jsx
@@ -110,6 +110,7 @@ export default {
TOGGLE_GET_POST_LINK_MODAL: null,
TOGGLE_GET_TEAM_INVITE_LINK_MODAL: null,
TOGGLE_REGISTER_APP_MODAL: null,
+ TOGGLE_GET_PUBLIC_LINK_MODAL: null,
SUGGESTION_PRETEXT_CHANGED: null,
SUGGESTION_RECEIVED_SUGGESTIONS: null,
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-28 15:49:49 +0000