diff options
Diffstat (limited to 'api/user.go')
-rw-r--r-- | api/user.go | 64 |
1 files changed, 30 insertions, 34 deletions
diff --git a/api/user.go b/api/user.go index 2740696e1..40410cc5b 100644 --- a/api/user.go +++ b/api/user.go @@ -58,7 +58,7 @@ func InitUser(r *mux.Router) { } func createUser(c *Context, w http.ResponseWriter, r *http.Request) { - if utils.Cfg.ServiceSettings.DisableEmailSignUp { + if !utils.Cfg.EmailSettings.EnableSignUpWithEmail { c.Err = model.NewAppError("signupTeam", "User sign-up with email is disabled.", "") c.Err.StatusCode = http.StatusNotImplemented return @@ -90,7 +90,7 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) { data := r.URL.Query().Get("d") props := model.MapFromJson(strings.NewReader(data)) - if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.ServiceSettings.InviteSalt)) { + if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) { c.Err = model.NewAppError("createUser", "The signup link does not appear to be valid", "") return } @@ -155,19 +155,13 @@ func IsVerifyHashRequired(user *model.User, team *model.Team, hash string) bool return shouldVerifyHash } -func CreateValet(c *Context, team *model.Team) *model.User { - valet := &model.User{} - valet.TeamId = team.Id - valet.Email = utils.Cfg.EmailSettings.FeedbackEmail - valet.EmailVerified = true - valet.Username = model.BOT_USERNAME - valet.Password = model.NewId() - - return CreateUser(c, team, valet) -} - func CreateUser(c *Context, team *model.Team, user *model.User) *model.User { + if !utils.Cfg.TeamSettings.EnableUserCreation { + c.Err = model.NewAppError("CreateUser", "User creation has been disabled. Please ask your systems administrator for details.", "") + return nil + } + channelRole := "" if team.Email == user.Email { user.Roles = model.ROLE_TEAM_ADMIN @@ -290,7 +284,7 @@ func LoginByEmail(c *Context, w http.ResponseWriter, r *http.Request, email, nam func checkUserPassword(c *Context, user *model.User, password string) bool { - if user.FailedAttempts >= utils.Cfg.ServiceSettings.AllowedLoginAttempts { + if user.FailedAttempts >= utils.Cfg.ServiceSettings.MaximumLoginAttempts { c.LogAuditWithUserId(user.Id, "fail") c.Err = model.NewAppError("checkUserPassword", "Your account is locked because of too many failed password attempts. Please reset your password.", "user_id="+user.Id) c.Err.StatusCode = http.StatusForbidden @@ -321,7 +315,7 @@ func checkUserPassword(c *Context, user *model.User, password string) bool { func Login(c *Context, w http.ResponseWriter, r *http.Request, user *model.User, deviceId string) { c.LogAuditWithUserId(user.Id, "attempt") - if !user.EmailVerified && !utils.Cfg.EmailSettings.ByPassEmail { + if !user.EmailVerified && utils.Cfg.EmailSettings.RequireEmailVerification { c.Err = model.NewAppError("Login", "Login failed because email address has not been verified", "user_id="+user.Id) c.Err.StatusCode = http.StatusForbidden return @@ -652,7 +646,7 @@ func createProfileImage(username string, userId string) ([]byte, *model.AppError initial := string(strings.ToUpper(username)[0]) - fontBytes, err := ioutil.ReadFile(utils.FindDir("web/static/fonts") + utils.Cfg.ImageSettings.InitialFont) + fontBytes, err := ioutil.ReadFile(utils.FindDir("web/static/fonts") + utils.Cfg.FileSettings.InitialFont) if err != nil { return nil, model.NewAppError("createProfileImage", "Could not create default profile image font", err.Error()) } @@ -661,8 +655,8 @@ func createProfileImage(username string, userId string) ([]byte, *model.AppError return nil, model.NewAppError("createProfileImage", "Could not create default profile image font", err.Error()) } - width := int(utils.Cfg.ImageSettings.ProfileWidth) - height := int(utils.Cfg.ImageSettings.ProfileHeight) + width := int(utils.Cfg.FileSettings.ProfileWidth) + height := int(utils.Cfg.FileSettings.ProfileHeight) color := colors[int64(seed)%int64(len(colors))] dstImg := image.NewRGBA(image.Rect(0, 0, width, height)) srcImg := image.White @@ -701,7 +695,7 @@ func getProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { } else { var img []byte - if !utils.IsS3Configured() && !utils.Cfg.ServiceSettings.UseLocalStorage { + if len(utils.Cfg.FileSettings.DriverName) == 0 { var err *model.AppError if img, err = createProfileImage(result.Data.(*model.User).Username, id); err != nil { c.Err = err @@ -738,8 +732,8 @@ func getProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { } func uploadProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { - if !utils.IsS3Configured() && !utils.Cfg.ServiceSettings.UseLocalStorage { - c.Err = model.NewAppError("uploadProfileImage", "Unable to upload file. Amazon S3 not configured and local server storage turned off. ", "") + if len(utils.Cfg.FileSettings.DriverName) == 0 { + c.Err = model.NewAppError("uploadProfileImage", "Unable to upload file. Image storage is not configured.", "") c.Err.StatusCode = http.StatusNotImplemented return } @@ -781,7 +775,7 @@ func uploadProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { } // Scale profile image - img = resize.Resize(utils.Cfg.ImageSettings.ProfileWidth, utils.Cfg.ImageSettings.ProfileHeight, img, resize.Lanczos3) + img = resize.Resize(utils.Cfg.FileSettings.ProfileWidth, utils.Cfg.FileSettings.ProfileHeight, img, resize.Lanczos3) buf := new(bytes.Buffer) err = png.Encode(buf, img) @@ -1132,7 +1126,7 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) { newProps["time"] = fmt.Sprintf("%v", model.GetMillis()) data := model.MapToJson(newProps) - hash := model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.ServiceSettings.ResetSalt)) + hash := model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.PasswordResetSalt)) link := fmt.Sprintf("%s/reset_password?d=%s&h=%s", c.GetTeamURLFromTeam(team), url.QueryEscape(data), url.QueryEscape(hash)) @@ -1211,7 +1205,7 @@ func resetPassword(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", props["data"], utils.Cfg.ServiceSettings.ResetSalt)) { + if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", props["data"], utils.Cfg.EmailSettings.PasswordResetSalt)) { c.Err = model.NewAppError("resetPassword", "The reset password link does not appear to be valid", "") return } @@ -1359,15 +1353,16 @@ func getStatuses(c *Context, w http.ResponseWriter, r *http.Request) { func GetAuthorizationCode(c *Context, w http.ResponseWriter, r *http.Request, teamName, service, redirectUri, loginHint string) { - if s, ok := utils.Cfg.SSOSettings[service]; !ok || !s.Allow { + sso := utils.Cfg.GetSSOService(service) + if sso != nil && !sso.Enable { c.Err = model.NewAppError("GetAuthorizationCode", "Unsupported OAuth service provider", "service="+service) c.Err.StatusCode = http.StatusBadRequest return } - clientId := utils.Cfg.SSOSettings[service].Id - endpoint := utils.Cfg.SSOSettings[service].AuthEndpoint - scope := utils.Cfg.SSOSettings[service].Scope + clientId := sso.Id + endpoint := sso.AuthEndpoint + scope := sso.Scope stateProps := map[string]string{"team": teamName, "hash": model.HashPassword(clientId)} state := b64.StdEncoding.EncodeToString([]byte(model.MapToJson(stateProps))) @@ -1386,7 +1381,8 @@ func GetAuthorizationCode(c *Context, w http.ResponseWriter, r *http.Request, te } func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser, *model.Team, *model.AppError) { - if s, ok := utils.Cfg.SSOSettings[service]; !ok || !s.Allow { + sso := utils.Cfg.GetSSOService(service) + if sso != nil && !sso.Enable { return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Unsupported OAuth service provider", "service="+service) } @@ -1399,7 +1395,7 @@ func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser stateProps := model.MapFromJson(strings.NewReader(stateStr)) - if !model.ComparePassword(stateProps["hash"], utils.Cfg.SSOSettings[service].Id) { + if !model.ComparePassword(stateProps["hash"], sso.Id) { return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Invalid state", "") } @@ -1411,14 +1407,14 @@ func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser tchan := Srv.Store.Team().GetByName(teamName) p := url.Values{} - p.Set("client_id", utils.Cfg.SSOSettings[service].Id) - p.Set("client_secret", utils.Cfg.SSOSettings[service].Secret) + p.Set("client_id", sso.Id) + p.Set("client_secret", sso.Secret) p.Set("code", code) p.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE) p.Set("redirect_uri", redirectUri) client := &http.Client{} - req, _ := http.NewRequest("POST", utils.Cfg.SSOSettings[service].TokenEndpoint, strings.NewReader(p.Encode())) + req, _ := http.NewRequest("POST", sso.TokenEndpoint, strings.NewReader(p.Encode())) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Accept", "application/json") @@ -1440,7 +1436,7 @@ func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser p = url.Values{} p.Set("access_token", ar.AccessToken) - req, _ = http.NewRequest("GET", utils.Cfg.SSOSettings[service].UserApiEndpoint, strings.NewReader("")) + req, _ = http.NewRequest("GET", sso.UserApiEndpoint, strings.NewReader("")) req.Header.Set("Content-Type", "application/x-www-form-urlencoded") req.Header.Set("Accept", "application/json") |