diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/api.go | 1 | ||||
-rw-r--r-- | api/context.go | 1 | ||||
-rw-r--r-- | api/file.go | 20 | ||||
-rw-r--r-- | api/license.go | 100 | ||||
-rw-r--r-- | api/user.go | 33 |
5 files changed, 140 insertions, 15 deletions
diff --git a/api/api.go b/api/api.go index a6bb22982..f29063fe1 100644 --- a/api/api.go +++ b/api/api.go @@ -46,6 +46,7 @@ func InitApi() { InitOAuth(r) InitWebhook(r) InitPreference(r) + InitLicense(r) templatesDir := utils.FindDir("api/templates") l4g.Debug("Parsing server templates at %v", templatesDir) diff --git a/api/context.go b/api/context.go index 561884c14..e8ec6576d 100644 --- a/api/context.go +++ b/api/context.go @@ -35,6 +35,7 @@ type Page struct { TemplateName string Props map[string]string ClientCfg map[string]string + ClientLicense map[string]string User *model.User Team *model.Team Channel *model.Channel diff --git a/api/file.go b/api/file.go index d023515af..46e81691e 100644 --- a/api/file.go +++ b/api/file.go @@ -541,12 +541,8 @@ func writeFile(f []byte, path string) *model.AppError { return model.NewAppError("writeFile", "Encountered an error writing to S3", err.Error()) } } else if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_LOCAL { - if err := os.MkdirAll(filepath.Dir(utils.Cfg.FileSettings.Directory+path), 0774); err != nil { - return model.NewAppError("writeFile", "Encountered an error creating the directory for the new file", err.Error()) - } - - if err := ioutil.WriteFile(utils.Cfg.FileSettings.Directory+path, f, 0644); err != nil { - return model.NewAppError("writeFile", "Encountered an error writing to local server storage", err.Error()) + if err := writeFileLocally(f, utils.Cfg.FileSettings.Directory+path); err != nil { + return err } } else { return model.NewAppError("writeFile", "File storage not configured properly. Please configure for either S3 or local server file storage.", "") @@ -555,6 +551,18 @@ func writeFile(f []byte, path string) *model.AppError { return nil } +func writeFileLocally(f []byte, path string) *model.AppError { + if err := os.MkdirAll(filepath.Dir(path), 0774); err != nil { + return model.NewAppError("writeFile", "Encountered an error creating the directory for the new file", err.Error()) + } + + if err := ioutil.WriteFile(path, f, 0644); err != nil { + return model.NewAppError("writeFile", "Encountered an error writing to local server storage", err.Error()) + } + + return nil +} + func readFile(path string) ([]byte, *model.AppError) { if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 { diff --git a/api/license.go b/api/license.go new file mode 100644 index 000000000..06bde2b6c --- /dev/null +++ b/api/license.go @@ -0,0 +1,100 @@ +// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package api + +import ( + "bytes" + l4g "code.google.com/p/log4go" + "github.com/gorilla/mux" + "github.com/mattermost/platform/model" + "github.com/mattermost/platform/utils" + "io" + "net/http" + "strings" +) + +func InitLicense(r *mux.Router) { + l4g.Debug("Initializing license api routes") + + sr := r.PathPrefix("/license").Subrouter() + sr.Handle("/add", ApiAdminSystemRequired(addLicense)).Methods("POST") + sr.Handle("/remove", ApiAdminSystemRequired(removeLicense)).Methods("POST") +} + +func addLicense(c *Context, w http.ResponseWriter, r *http.Request) { + c.LogAudit("attempt") + err := r.ParseMultipartForm(model.MAX_FILE_SIZE) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + m := r.MultipartForm + + fileArray, ok := m.File["license"] + if !ok { + c.Err = model.NewAppError("addLicense", "No file under 'license' in request", "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + if len(fileArray) <= 0 { + c.Err = model.NewAppError("addLicense", "Empty array under 'license' in request", "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + fileData := fileArray[0] + + file, err := fileData.Open() + defer file.Close() + if err != nil { + c.Err = model.NewAppError("addLicense", "Could not open license file", err.Error()) + return + } + + buf := bytes.NewBuffer(nil) + io.Copy(buf, file) + + data := buf.Bytes() + + var license *model.License + if success, licenseStr := utils.ValidateLicense(data); success { + license = model.LicenseFromJson(strings.NewReader(licenseStr)) + + if ok := utils.SetLicense(license); !ok { + c.LogAudit("failed - expired or non-started license") + c.Err = model.NewAppError("addLicense", "License is either expired or has not yet started.", "") + return + } + + if err := writeFileLocally(data, utils.LicenseLocation()); err != nil { + c.LogAudit("failed - could not save license file") + c.Err = model.NewAppError("addLicense", "License did not save properly.", "path="+utils.LicenseLocation()) + utils.RemoveLicense() + return + } + } else { + c.LogAudit("failed - invalid license") + c.Err = model.NewAppError("addLicense", "Invalid license file.", "") + return + } + + c.LogAudit("success") + w.Write([]byte(license.ToJson())) +} + +func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) { + c.LogAudit("") + + if ok := utils.RemoveLicense(); !ok { + c.LogAudit("failed - could not remove license file") + c.Err = model.NewAppError("removeLicense", "License did not remove properly.", "") + return + } + + rdata := map[string]string{} + rdata["status"] = "ok" + w.Write([]byte(model.MapToJson(rdata))) +} diff --git a/api/user.go b/api/user.go index d014ab995..a6b4fb654 100644 --- a/api/user.go +++ b/api/user.go @@ -122,6 +122,11 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) { user.EmailVerified = true } + if !CheckUserDomain(user, utils.Cfg.TeamSettings.RestrictCreationToDomains) { + c.Err = model.NewAppError("createUser", "The email you provided does not belong to an accepted domain. Please contact your administrator or sign up with a different email.", "") + return + } + ruser, err := CreateUser(team, user) if err != nil { c.Err = err @@ -136,19 +141,29 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) { } +func CheckUserDomain(user *model.User, domains string) bool { + if len(domains) == 0 { + return true + } + + domainArray := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(domains, "@", " ", -1), ",", " ", -1)))) + + matched := false + for _, d := range domainArray { + if strings.HasSuffix(user.Email, "@"+d) { + matched = true + break + } + } + + return matched +} + func IsVerifyHashRequired(user *model.User, team *model.Team, hash string) bool { shouldVerifyHash := true if team.Type == model.TEAM_INVITE && len(team.AllowedDomains) > 0 && len(hash) == 0 && user != nil { - domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(team.AllowedDomains, "@", " ", -1), ",", " ", -1)))) - - matched := false - for _, d := range domains { - if strings.HasSuffix(user.Email, "@"+d) { - matched = true - break - } - } + matched := CheckUserDomain(user, team.AllowedDomains) if matched { shouldVerifyHash = false |