summaryrefslogtreecommitdiffstats
path: root/api/user.go
diff options
context:
space:
mode:
Diffstat (limited to 'api/user.go')
-rw-r--r--api/user.go220
1 files changed, 15 insertions, 205 deletions
diff --git a/api/user.go b/api/user.go
index 7f422b355..8b32dff36 100644
--- a/api/user.go
+++ b/api/user.go
@@ -1,13 +1,11 @@
-// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
+// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See License.txt for license information.
package api
import (
- "bytes"
b64 "encoding/base64"
"fmt"
- "io"
"net/http"
"strconv"
"strings"
@@ -132,52 +130,6 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) {
w.Write([]byte(user.ToJson()))
}
-func LoginByOAuth(c *Context, w http.ResponseWriter, r *http.Request, service string, userData io.Reader) *model.User {
- buf := bytes.Buffer{}
- buf.ReadFrom(userData)
-
- authData := ""
- provider := einterfaces.GetOauthProvider(service)
- if provider == nil {
- c.Err = model.NewLocAppError("LoginByOAuth", "api.user.login_by_oauth.not_available.app_error",
- map[string]interface{}{"Service": strings.Title(service)}, "")
- return nil
- } else {
- authData = provider.GetAuthDataFromJson(bytes.NewReader(buf.Bytes()))
- }
-
- if len(authData) == 0 {
- c.Err = model.NewLocAppError("LoginByOAuth", "api.user.login_by_oauth.parse.app_error",
- map[string]interface{}{"Service": service}, "")
- return nil
- }
-
- var user *model.User
- var err *model.AppError
- if user, err = app.GetUserByAuth(&authData, service); err != nil {
- if err.Id == store.MISSING_AUTH_ACCOUNT_ERROR {
- if user, err = app.CreateOAuthUser(service, bytes.NewReader(buf.Bytes()), ""); err != nil {
- c.Err = err
- return nil
- }
- }
- c.Err = err
- return nil
- }
-
- if err = app.UpdateOAuthUserAttrs(bytes.NewReader(buf.Bytes()), user, provider, service); err != nil {
- c.Err = err
- return nil
- }
-
- doLogin(c, w, r, user, "")
- if c.Err != nil {
- return nil
- }
-
- return user
-}
-
// User MUST be authenticated completely before calling Login
func doLogin(c *Context, w http.ResponseWriter, r *http.Request, user *model.User, deviceId string) {
session, err := app.DoLogin(w, r, user, deviceId)
@@ -914,41 +866,14 @@ func emailToOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- c.LogAudit("attempt")
-
- var user *model.User
- var err *model.AppError
- if user, err = app.GetUserByEmail(email); err != nil {
- c.LogAudit("fail - couldn't get user")
- c.Err = err
- return
- }
-
- if err := app.CheckPasswordAndAllCriteria(user, password, mfaToken); err != nil {
- c.LogAuditWithUserId(user.Id, "failed - bad authentication")
+ link, err := app.SwitchEmailToOAuth(email, password, mfaToken, service)
+ if err != nil {
c.Err = err
return
}
- stateProps := map[string]string{}
- stateProps["action"] = model.OAUTH_ACTION_EMAIL_TO_SSO
- stateProps["email"] = email
-
- m := map[string]string{}
- if service == model.USER_AUTH_SERVICE_SAML {
- m["follow_link"] = c.GetSiteURLHeader() + "/login/sso/saml?action=" + model.OAUTH_ACTION_EMAIL_TO_SSO + "&email=" + email
- } else {
- if authUrl, err := GetAuthorizationCode(c, service, stateProps, ""); err != nil {
- c.LogAuditWithUserId(user.Id, "fail - oauth issue")
- c.Err = err
- return
- } else {
- m["follow_link"] = authUrl
- }
- }
-
- c.LogAuditWithUserId(user.Id, "success")
- w.Write([]byte(model.MapToJson(m)))
+ c.LogAudit("success for email=" + email)
+ w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
}
func oauthToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -966,51 +891,19 @@ func oauthToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- c.LogAudit("attempt")
-
- var user *model.User
- var err *model.AppError
- if user, err = app.GetUserByEmail(email); err != nil {
- c.LogAudit("fail - couldn't get user")
- c.Err = err
- return
- }
-
- if user.Id != c.Session.UserId {
- c.LogAudit("fail - user ids didn't match")
- c.Err = model.NewLocAppError("oauthToEmail", "api.user.oauth_to_email.context.app_error", nil, "")
- c.Err.StatusCode = http.StatusForbidden
- return
- }
-
- if err := app.UpdatePassword(user, password); err != nil {
- c.LogAudit("fail - database issue")
- c.Err = err
- return
- }
-
- go func() {
- if err := app.SendSignInChangeEmail(user.Email, c.T("api.templates.signin_change_email.body.method_email"), user.Locale, utils.GetSiteURL()); err != nil {
- l4g.Error(err.Error())
- }
- }()
-
- if err := app.RevokeAllSessions(c.Session.UserId); err != nil {
+ link, err := app.SwitchOAuthToEmail(email, password, c.Session.UserId)
+ if err != nil {
c.Err = err
return
}
- c.LogAuditWithUserId(c.Session.UserId, "Revoked all sessions for user")
c.RemoveSessionCookie(w, r)
if c.Err != nil {
return
}
- m := map[string]string{}
- m["follow_link"] = "/login?extra=signin_change"
-
c.LogAudit("success")
- w.Write([]byte(model.MapToJson(m)))
+ w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
}
func emailToLdap(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -1044,55 +937,19 @@ func emailToLdap(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- var user *model.User
- var err *model.AppError
- if user, err = app.GetUserByEmail(email); err != nil {
- c.LogAudit("fail - couldn't get user")
- c.Err = err
- return
- }
-
- if err := app.CheckPasswordAndAllCriteria(user, emailPassword, token); err != nil {
- c.LogAuditWithUserId(user.Id, "failed - bad authentication")
- c.Err = err
- return
- }
-
- if err := app.RevokeAllSessions(user.Id); err != nil {
+ link, err := app.SwitchEmailToLdap(email, emailPassword, token, ldapId, ldapPassword)
+ if err != nil {
c.Err = err
return
}
- c.LogAuditWithUserId(user.Id, "Revoked all sessions for user")
c.RemoveSessionCookie(w, r)
if c.Err != nil {
return
}
- ldapInterface := einterfaces.GetLdapInterface()
- if ldapInterface == nil {
- c.Err = model.NewLocAppError("emailToLdap", "api.user.email_to_ldap.not_available.app_error", nil, "")
- c.Err.StatusCode = http.StatusNotImplemented
- return
- }
-
- if err := ldapInterface.SwitchToLdap(user.Id, ldapId, ldapPassword); err != nil {
- c.LogAuditWithUserId(user.Id, "fail - ldap switch failed")
- c.Err = err
- return
- }
-
- go func() {
- if err := app.SendSignInChangeEmail(user.Email, "AD/LDAP", user.Locale, utils.GetSiteURL()); err != nil {
- l4g.Error(err.Error())
- }
- }()
-
- m := map[string]string{}
- m["follow_link"] = "/login?extra=signin_change"
-
c.LogAudit("success")
- w.Write([]byte(model.MapToJson(m)))
+ w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
}
func ldapToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -1120,66 +977,19 @@ func ldapToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- var user *model.User
- var err *model.AppError
- if user, err = app.GetUserByEmail(email); err != nil {
- c.LogAudit("fail - couldn't get user")
- c.Err = err
- return
- }
-
- if user.AuthService != model.USER_AUTH_SERVICE_LDAP {
- c.Err = model.NewLocAppError("ldapToEmail", "api.user.ldap_to_email.not_ldap_account.app_error", nil, "")
- return
- }
-
- ldapInterface := einterfaces.GetLdapInterface()
- if ldapInterface == nil || user.AuthData == nil {
- c.Err = model.NewLocAppError("ldapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "")
- c.Err.StatusCode = http.StatusNotImplemented
- return
- }
-
- if err := ldapInterface.CheckPassword(*user.AuthData, ldapPassword); err != nil {
- c.LogAuditWithUserId(user.Id, "fail - ldap authentication failed")
- c.Err = err
- return
- }
-
- if err := app.CheckUserMfa(user, token); err != nil {
- c.LogAuditWithUserId(user.Id, "fail - mfa token failed")
- c.Err = err
- return
- }
-
- if err := app.UpdatePassword(user, emailPassword); err != nil {
- c.LogAudit("fail - database issue")
- c.Err = err
- return
- }
-
- if err := app.RevokeAllSessions(user.Id); err != nil {
+ link, err := app.SwitchLdapToEmail(ldapPassword, token, email, emailPassword)
+ if err != nil {
c.Err = err
return
}
- c.LogAuditWithUserId(user.Id, "Revoked all sessions for user")
c.RemoveSessionCookie(w, r)
if c.Err != nil {
return
}
- go func() {
- if err := app.SendSignInChangeEmail(user.Email, c.T("api.templates.signin_change_email.body.method_email"), user.Locale, utils.GetSiteURL()); err != nil {
- l4g.Error(err.Error())
- }
- }()
-
- m := map[string]string{}
- m["follow_link"] = "/login?extra=signin_change"
-
c.LogAudit("success")
- w.Write([]byte(model.MapToJson(m)))
+ w.Write([]byte(model.MapToJson(map[string]string{"follow_link": link})))
}
func verifyEmail(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -1330,7 +1140,7 @@ func loginWithSaml(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- teamId, err := getTeamIdFromQuery(r.URL.Query())
+ teamId, err := app.GetTeamIdFromQuery(r.URL.Query())
if err != nil {
c.Err = err
return
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-10-01 09:05:07 +0000