summaryrefslogtreecommitdiffstats
path: root/api/user.go
diff options
context:
space:
mode:
Diffstat (limited to 'api/user.go')
-rw-r--r--api/user.go51
1 files changed, 21 insertions, 30 deletions
diff --git a/api/user.go b/api/user.go
index 0c7278711..06e5336f1 100644
--- a/api/user.go
+++ b/api/user.go
@@ -428,43 +428,23 @@ func Login(c *Context, w http.ResponseWriter, r *http.Request, user *model.User,
}
w.Header().Set(model.HEADER_TOKEN, session.Token)
- sessionCookie := &http.Cookie{
- Name: model.SESSION_TOKEN,
- Value: session.Token,
- Path: "/",
- MaxAge: maxAge,
- HttpOnly: true,
- }
-
- http.SetCookie(w, sessionCookie)
+ tokens := GetMultiSessionCookieTokens(r)
multiToken := ""
- if originalMultiSessionCookie, err := r.Cookie(model.MULTI_SESSION_TOKEN); err == nil {
- multiToken = originalMultiSessionCookie.Value
- }
-
- // Attempt to clean all the old tokens or duplicate tokens
- if len(multiToken) > 0 {
- tokens := strings.Split(multiToken, " ")
-
- multiToken = ""
- seen := make(map[string]string)
- seen[session.TeamId] = session.TeamId
- for _, token := range tokens {
- if sr := <-Srv.Store.Session().Get(token); sr.Err == nil {
- s := sr.Data.(*model.Session)
- if !s.IsExpired() && seen[s.TeamId] == "" {
- multiToken += " " + token
- seen[s.TeamId] = s.TeamId
- }
- }
+ seen := make(map[string]string)
+ seen[session.TeamId] = session.TeamId
+ for _, token := range tokens {
+ s := GetSession(token)
+ if s != nil && !s.IsExpired() && seen[s.TeamId] == "" {
+ multiToken += " " + token
+ seen[s.TeamId] = s.TeamId
}
}
- multiToken = strings.TrimSpace(session.Token + " " + multiToken)
+ multiToken = strings.TrimSpace(multiToken + " " + session.Token)
multiSessionCookie := &http.Cookie{
- Name: model.MULTI_SESSION_TOKEN,
+ Name: model.SESSION_COOKIE_TOKEN,
Value: multiToken,
Path: "/",
MaxAge: maxAge,
@@ -834,6 +814,7 @@ func getProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
w.Header().Set("Cache-Control", "max-age=86400, public") // 24 hrs
}
+ w.Header().Set("Content-Type", "image/png")
w.Write(img)
}
}
@@ -1241,6 +1222,11 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) {
user = result.Data.(*model.User)
}
+ if len(user.AuthData) != 0 {
+ c.Err = model.NewAppError("sendPasswordReset", "Cannot reset password for SSO accounts", "userId="+user.Id+", teamId="+team.Id)
+ return
+ }
+
newProps := make(map[string]string)
newProps["user_id"] = user.Id
newProps["time"] = fmt.Sprintf("%v", model.GetMillis())
@@ -1325,6 +1311,11 @@ func resetPassword(c *Context, w http.ResponseWriter, r *http.Request) {
user = result.Data.(*model.User)
}
+ if len(user.AuthData) != 0 {
+ c.Err = model.NewAppError("resetPassword", "Cannot reset password for SSO accounts", "userId="+user.Id+", teamId="+team.Id)
+ return
+ }
+
if user.TeamId != team.Id {
c.Err = model.NewAppError("resetPassword", "Trying to reset password for user on wrong team.", "userId="+user.Id+", teamId="+team.Id)
c.Err.StatusCode = http.StatusForbidden
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-06-28 21:44:12 +0000