1 files changed, 30 insertions, 34 deletions

diff --git a/api/user.go b/api/user.go
index 2740696e1..40410cc5b 100644
--- a/api/user.go
+++ b/api/user.go
@@ -58,7 +58,7 @@ func InitUser(r *mux.Router) {
 }
 
 func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
-	if utils.Cfg.ServiceSettings.DisableEmailSignUp {
+	if !utils.Cfg.EmailSettings.EnableSignUpWithEmail {
 		c.Err = model.NewAppError("signupTeam", "User sign-up with email is disabled.", "")
 		c.Err.StatusCode = http.StatusNotImplemented
 		return
@@ -90,7 +90,7 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
 		data := r.URL.Query().Get("d")
 		props := model.MapFromJson(strings.NewReader(data))
 
-		if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.ServiceSettings.InviteSalt)) {
+		if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.InviteSalt)) {
 			c.Err = model.NewAppError("createUser", "The signup link does not appear to be valid", "")
 			return
 		}
@@ -155,19 +155,13 @@ func IsVerifyHashRequired(user *model.User, team *model.Team, hash string) bool
 	return shouldVerifyHash
 }
 
-func CreateValet(c *Context, team *model.Team) *model.User {
-	valet := &model.User{}
-	valet.TeamId = team.Id
-	valet.Email = utils.Cfg.EmailSettings.FeedbackEmail
-	valet.EmailVerified = true
-	valet.Username = model.BOT_USERNAME
-	valet.Password = model.NewId()
-
-	return CreateUser(c, team, valet)
-}
-
 func CreateUser(c *Context, team *model.Team, user *model.User) *model.User {
 
+	if !utils.Cfg.TeamSettings.EnableUserCreation {
+		c.Err = model.NewAppError("CreateUser", "User creation has been disabled. Please ask your systems administrator for details.", "")
+		return nil
+	}
+
 	channelRole := ""
 	if team.Email == user.Email {
 		user.Roles = model.ROLE_TEAM_ADMIN
@@ -290,7 +284,7 @@ func LoginByEmail(c *Context, w http.ResponseWriter, r *http.Request, email, nam
 
 func checkUserPassword(c *Context, user *model.User, password string) bool {
 
-	if user.FailedAttempts >= utils.Cfg.ServiceSettings.AllowedLoginAttempts {
+	if user.FailedAttempts >= utils.Cfg.ServiceSettings.MaximumLoginAttempts {
 		c.LogAuditWithUserId(user.Id, "fail")
 		c.Err = model.NewAppError("checkUserPassword", "Your account is locked because of too many failed password attempts. Please reset your password.", "user_id="+user.Id)
 		c.Err.StatusCode = http.StatusForbidden
@@ -321,7 +315,7 @@ func checkUserPassword(c *Context, user *model.User, password string) bool {
 func Login(c *Context, w http.ResponseWriter, r *http.Request, user *model.User, deviceId string) {
 	c.LogAuditWithUserId(user.Id, "attempt")
 
-	if !user.EmailVerified && !utils.Cfg.EmailSettings.ByPassEmail {
+	if !user.EmailVerified && utils.Cfg.EmailSettings.RequireEmailVerification {
 		c.Err = model.NewAppError("Login", "Login failed because email address has not been verified", "user_id="+user.Id)
 		c.Err.StatusCode = http.StatusForbidden
 		return
@@ -652,7 +646,7 @@ func createProfileImage(username string, userId string) ([]byte, *model.AppError
 
 	initial := string(strings.ToUpper(username)[0])
 
-	fontBytes, err := ioutil.ReadFile(utils.FindDir("web/static/fonts") + utils.Cfg.ImageSettings.InitialFont)
+	fontBytes, err := ioutil.ReadFile(utils.FindDir("web/static/fonts") + utils.Cfg.FileSettings.InitialFont)
 	if err != nil {
 		return nil, model.NewAppError("createProfileImage", "Could not create default profile image font", err.Error())
 	}
@@ -661,8 +655,8 @@ func createProfileImage(username string, userId string) ([]byte, *model.AppError
 		return nil, model.NewAppError("createProfileImage", "Could not create default profile image font", err.Error())
 	}
 
-	width := int(utils.Cfg.ImageSettings.ProfileWidth)
-	height := int(utils.Cfg.ImageSettings.ProfileHeight)
+	width := int(utils.Cfg.FileSettings.ProfileWidth)
+	height := int(utils.Cfg.FileSettings.ProfileHeight)
 	color := colors[int64(seed)%int64(len(colors))]
 	dstImg := image.NewRGBA(image.Rect(0, 0, width, height))
 	srcImg := image.White
@@ -701,7 +695,7 @@ func getProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
 	} else {
 		var img []byte
 
-		if !utils.IsS3Configured() && !utils.Cfg.ServiceSettings.UseLocalStorage {
+		if len(utils.Cfg.FileSettings.DriverName) == 0 {
 			var err *model.AppError
 			if img, err = createProfileImage(result.Data.(*model.User).Username, id); err != nil {
 				c.Err = err
@@ -738,8 +732,8 @@ func getProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
 }
 
 func uploadProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
-	if !utils.IsS3Configured() && !utils.Cfg.ServiceSettings.UseLocalStorage {
-		c.Err = model.NewAppError("uploadProfileImage", "Unable to upload file. Amazon S3 not configured and local server storage turned off. ", "")
+	if len(utils.Cfg.FileSettings.DriverName) == 0 {
+		c.Err = model.NewAppError("uploadProfileImage", "Unable to upload file. Image storage is not configured.", "")
 		c.Err.StatusCode = http.StatusNotImplemented
 		return
 	}
@@ -781,7 +775,7 @@ func uploadProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	// Scale profile image
-	img = resize.Resize(utils.Cfg.ImageSettings.ProfileWidth, utils.Cfg.ImageSettings.ProfileHeight, img, resize.Lanczos3)
+	img = resize.Resize(utils.Cfg.FileSettings.ProfileWidth, utils.Cfg.FileSettings.ProfileHeight, img, resize.Lanczos3)
 
 	buf := new(bytes.Buffer)
 	err = png.Encode(buf, img)
@@ -1132,7 +1126,7 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) {
 	newProps["time"] = fmt.Sprintf("%v", model.GetMillis())
 
 	data := model.MapToJson(newProps)
-	hash := model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.ServiceSettings.ResetSalt))
+	hash := model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.EmailSettings.PasswordResetSalt))
 
 	link := fmt.Sprintf("%s/reset_password?d=%s&h=%s", c.GetTeamURLFromTeam(team), url.QueryEscape(data), url.QueryEscape(hash))
 
@@ -1211,7 +1205,7 @@ func resetPassword(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", props["data"], utils.Cfg.ServiceSettings.ResetSalt)) {
+	if !model.ComparePassword(hash, fmt.Sprintf("%v:%v", props["data"], utils.Cfg.EmailSettings.PasswordResetSalt)) {
 		c.Err = model.NewAppError("resetPassword", "The reset password link does not appear to be valid", "")
 		return
 	}
@@ -1359,15 +1353,16 @@ func getStatuses(c *Context, w http.ResponseWriter, r *http.Request) {
 
 func GetAuthorizationCode(c *Context, w http.ResponseWriter, r *http.Request, teamName, service, redirectUri, loginHint string) {
 
-	if s, ok := utils.Cfg.SSOSettings[service]; !ok || !s.Allow {
+	sso := utils.Cfg.GetSSOService(service)
+	if sso != nil && !sso.Enable {
 		c.Err = model.NewAppError("GetAuthorizationCode", "Unsupported OAuth service provider", "service="+service)
 		c.Err.StatusCode = http.StatusBadRequest
 		return
 	}
 
-	clientId := utils.Cfg.SSOSettings[service].Id
-	endpoint := utils.Cfg.SSOSettings[service].AuthEndpoint
-	scope := utils.Cfg.SSOSettings[service].Scope
+	clientId := sso.Id
+	endpoint := sso.AuthEndpoint
+	scope := sso.Scope
 
 	stateProps := map[string]string{"team": teamName, "hash": model.HashPassword(clientId)}
 	state := b64.StdEncoding.EncodeToString([]byte(model.MapToJson(stateProps)))
@@ -1386,7 +1381,8 @@ func GetAuthorizationCode(c *Context, w http.ResponseWriter, r *http.Request, te
 }
 
 func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser, *model.Team, *model.AppError) {
-	if s, ok := utils.Cfg.SSOSettings[service]; !ok || !s.Allow {
+	sso := utils.Cfg.GetSSOService(service)
+	if sso != nil && !sso.Enable {
 		return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Unsupported OAuth service provider", "service="+service)
 	}
 
@@ -1399,7 +1395,7 @@ func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser
 
 	stateProps := model.MapFromJson(strings.NewReader(stateStr))
 
-	if !model.ComparePassword(stateProps["hash"], utils.Cfg.SSOSettings[service].Id) {
+	if !model.ComparePassword(stateProps["hash"], sso.Id) {
 		return nil, nil, model.NewAppError("AuthorizeOAuthUser", "Invalid state", "")
 	}
 
@@ -1411,14 +1407,14 @@ func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser
 	tchan := Srv.Store.Team().GetByName(teamName)
 
 	p := url.Values{}
-	p.Set("client_id", utils.Cfg.SSOSettings[service].Id)
-	p.Set("client_secret", utils.Cfg.SSOSettings[service].Secret)
+	p.Set("client_id", sso.Id)
+	p.Set("client_secret", sso.Secret)
 	p.Set("code", code)
 	p.Set("grant_type", model.ACCESS_TOKEN_GRANT_TYPE)
 	p.Set("redirect_uri", redirectUri)
 
 	client := &http.Client{}
-	req, _ := http.NewRequest("POST", utils.Cfg.SSOSettings[service].TokenEndpoint, strings.NewReader(p.Encode()))
+	req, _ := http.NewRequest("POST", sso.TokenEndpoint, strings.NewReader(p.Encode()))
 
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	req.Header.Set("Accept", "application/json")
@@ -1440,7 +1436,7 @@ func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser
 
 	p = url.Values{}
 	p.Set("access_token", ar.AccessToken)
-	req, _ = http.NewRequest("GET", utils.Cfg.SSOSettings[service].UserApiEndpoint, strings.NewReader(""))
+	req, _ = http.NewRequest("GET", sso.UserApiEndpoint, strings.NewReader(""))
 
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	req.Header.Set("Accept", "application/json")