summaryrefslogtreecommitdiffstats
path: root/api/user.go
diff options
context:
space:
mode:
Diffstat (limited to 'api/user.go')
-rw-r--r--api/user.go168
1 files changed, 13 insertions, 155 deletions
diff --git a/api/user.go b/api/user.go
index 7f422b355..99f751ee0 100644
--- a/api/user.go
+++ b/api/user.go
@@ -914,41 +914,14 @@ func emailToOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- c.LogAudit("attempt")
-
- var user *model.User
- var err *model.AppError
- if user, err = app.GetUserByEmail(email); err != nil {
- c.LogAudit("fail - couldn't get user")
- c.Err = err
- return
- }
-
- if err := app.CheckPasswordAndAllCriteria(user, password, mfaToken); err != nil {
- c.LogAuditWithUserId(user.Id, "failed - bad authentication")
+ link, err := app.SwitchEmailToOAuth(email, password, mfaToken, service)
+ if err != nil {
c.Err = err
return
}
- stateProps := map[string]string{}
- stateProps["action"] = model.OAUTH_ACTION_EMAIL_TO_SSO
- stateProps["email"] = email
-
- m := map[string]string{}
- if service == model.USER_AUTH_SERVICE_SAML {
- m["follow_link"] = c.GetSiteURLHeader() + "/login/sso/saml?action=" + model.OAUTH_ACTION_EMAIL_TO_SSO + "&email=" + email
- } else {
- if authUrl, err := GetAuthorizationCode(c, service, stateProps, ""); err != nil {
- c.LogAuditWithUserId(user.Id, "fail - oauth issue")
- c.Err = err
- return
- } else {
- m["follow_link"] = authUrl
- }
- }
-
- c.LogAuditWithUserId(user.Id, "success")
- w.Write([]byte(model.MapToJson(m)))
+ c.LogAudit("success for email=" + email)
+ w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
}
func oauthToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -966,51 +939,19 @@ func oauthToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- c.LogAudit("attempt")
-
- var user *model.User
- var err *model.AppError
- if user, err = app.GetUserByEmail(email); err != nil {
- c.LogAudit("fail - couldn't get user")
- c.Err = err
- return
- }
-
- if user.Id != c.Session.UserId {
- c.LogAudit("fail - user ids didn't match")
- c.Err = model.NewLocAppError("oauthToEmail", "api.user.oauth_to_email.context.app_error", nil, "")
- c.Err.StatusCode = http.StatusForbidden
- return
- }
-
- if err := app.UpdatePassword(user, password); err != nil {
- c.LogAudit("fail - database issue")
- c.Err = err
- return
- }
-
- go func() {
- if err := app.SendSignInChangeEmail(user.Email, c.T("api.templates.signin_change_email.body.method_email"), user.Locale, utils.GetSiteURL()); err != nil {
- l4g.Error(err.Error())
- }
- }()
-
- if err := app.RevokeAllSessions(c.Session.UserId); err != nil {
+ link, err := app.SwitchOAuthToEmail(email, password, c.Session.UserId)
+ if err != nil {
c.Err = err
return
}
- c.LogAuditWithUserId(c.Session.UserId, "Revoked all sessions for user")
c.RemoveSessionCookie(w, r)
if c.Err != nil {
return
}
- m := map[string]string{}
- m["follow_link"] = "/login?extra=signin_change"
-
c.LogAudit("success")
- w.Write([]byte(model.MapToJson(m)))
+ w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
}
func emailToLdap(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -1044,55 +985,19 @@ func emailToLdap(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- var user *model.User
- var err *model.AppError
- if user, err = app.GetUserByEmail(email); err != nil {
- c.LogAudit("fail - couldn't get user")
- c.Err = err
- return
- }
-
- if err := app.CheckPasswordAndAllCriteria(user, emailPassword, token); err != nil {
- c.LogAuditWithUserId(user.Id, "failed - bad authentication")
- c.Err = err
- return
- }
-
- if err := app.RevokeAllSessions(user.Id); err != nil {
+ link, err := app.SwitchEmailToLdap(email, emailPassword, token, ldapId, ldapPassword)
+ if err != nil {
c.Err = err
return
}
- c.LogAuditWithUserId(user.Id, "Revoked all sessions for user")
c.RemoveSessionCookie(w, r)
if c.Err != nil {
return
}
- ldapInterface := einterfaces.GetLdapInterface()
- if ldapInterface == nil {
- c.Err = model.NewLocAppError("emailToLdap", "api.user.email_to_ldap.not_available.app_error", nil, "")
- c.Err.StatusCode = http.StatusNotImplemented
- return
- }
-
- if err := ldapInterface.SwitchToLdap(user.Id, ldapId, ldapPassword); err != nil {
- c.LogAuditWithUserId(user.Id, "fail - ldap switch failed")
- c.Err = err
- return
- }
-
- go func() {
- if err := app.SendSignInChangeEmail(user.Email, "AD/LDAP", user.Locale, utils.GetSiteURL()); err != nil {
- l4g.Error(err.Error())
- }
- }()
-
- m := map[string]string{}
- m["follow_link"] = "/login?extra=signin_change"
-
c.LogAudit("success")
- w.Write([]byte(model.MapToJson(m)))
+ w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
}
func ldapToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -1120,66 +1025,19 @@ func ldapToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- var user *model.User
- var err *model.AppError
- if user, err = app.GetUserByEmail(email); err != nil {
- c.LogAudit("fail - couldn't get user")
- c.Err = err
- return
- }
-
- if user.AuthService != model.USER_AUTH_SERVICE_LDAP {
- c.Err = model.NewLocAppError("ldapToEmail", "api.user.ldap_to_email.not_ldap_account.app_error", nil, "")
- return
- }
-
- ldapInterface := einterfaces.GetLdapInterface()
- if ldapInterface == nil || user.AuthData == nil {
- c.Err = model.NewLocAppError("ldapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "")
- c.Err.StatusCode = http.StatusNotImplemented
- return
- }
-
- if err := ldapInterface.CheckPassword(*user.AuthData, ldapPassword); err != nil {
- c.LogAuditWithUserId(user.Id, "fail - ldap authentication failed")
- c.Err = err
- return
- }
-
- if err := app.CheckUserMfa(user, token); err != nil {
- c.LogAuditWithUserId(user.Id, "fail - mfa token failed")
- c.Err = err
- return
- }
-
- if err := app.UpdatePassword(user, emailPassword); err != nil {
- c.LogAudit("fail - database issue")
- c.Err = err
- return
- }
-
- if err := app.RevokeAllSessions(user.Id); err != nil {
+ link, err := app.SwitchLdapToEmail(ldapPassword, token, email, emailPassword)
+ if err != nil {
c.Err = err
return
}
- c.LogAuditWithUserId(user.Id, "Revoked all sessions for user")
c.RemoveSessionCookie(w, r)
if c.Err != nil {
return
}
- go func() {
- if err := app.SendSignInChangeEmail(user.Email, c.T("api.templates.signin_change_email.body.method_email"), user.Locale, utils.GetSiteURL()); err != nil {
- l4g.Error(err.Error())
- }
- }()
-
- m := map[string]string{}
- m["follow_link"] = "/login?extra=signin_change"
-
c.LogAudit("success")
- w.Write([]byte(model.MapToJson(m)))
+ w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
}
func verifyEmail(c *Context, w http.ResponseWriter, r *http.Request) {
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-05-17 11:35:13 +0000