diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/command.go | 112 | ||||
-rw-r--r-- | api/command_test.go | 37 | ||||
-rw-r--r-- | api/file.go | 1 | ||||
-rw-r--r-- | api/post_test.go | 4 | ||||
-rw-r--r-- | api/team.go | 118 | ||||
-rw-r--r-- | api/user.go | 22 |
6 files changed, 230 insertions, 64 deletions
diff --git a/api/command.go b/api/command.go index f051bd42e..749cbf790 100644 --- a/api/command.go +++ b/api/command.go @@ -4,15 +4,15 @@ package api import ( + "net/http" + "strconv" + "strings" + "time" + l4g "code.google.com/p/log4go" "github.com/gorilla/mux" "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" - "net/http" - "reflect" - "runtime" - "strconv" - "strings" ) type commandHandler func(c *Context, command *model.Command) bool @@ -24,6 +24,8 @@ var commands = []commandHandler{ echoCommand, } +var echoSem chan bool + func InitCommand(r *mux.Router) { l4g.Debug("Initializing command api routes") r.Handle("/command", ApiUserRequired(command)).Methods("POST") @@ -41,7 +43,6 @@ func command(c *Context, w http.ResponseWriter, r *http.Request) { } checkCommand(c, command) - if c.Err != nil { return } else { @@ -56,8 +57,6 @@ func checkCommand(c *Context, command *model.Command) bool { return false } - tchan := Srv.Store.Team().Get(c.Session.TeamId) - if len(command.ChannelId) > 0 { cchan := Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, command.ChannelId, c.Session.UserId) @@ -66,24 +65,9 @@ func checkCommand(c *Context, command *model.Command) bool { } } - allowValet := false - if tResult := <-tchan; tResult.Err != nil { - c.Err = model.NewAppError("checkCommand", "Could not find the team for this session, team_id="+c.Session.TeamId, "") - return false - } else { - allowValet = tResult.Data.(*model.Team).AllowValet - } - - ec := runtime.FuncForPC(reflect.ValueOf(echoCommand).Pointer()).Name() - for _, v := range commands { - if !allowValet && ec == runtime.FuncForPC(reflect.ValueOf(v).Pointer()).Name() { - continue - } - if v(c, command) { - return true - } else if c.Err != nil { + if v(c, command) || c.Err != nil { return true } } @@ -112,55 +96,65 @@ func logoutCommand(c *Context, command *model.Command) bool { } func echoCommand(c *Context, command *model.Command) bool { - cmd := "/echo" + maxThreads := 100 - if strings.Index(command.Command, cmd) == 0 { - parts := strings.SplitN(command.Command, " ", 3) - - channelName := "" - if len(parts) >= 2 { - channelName = parts[1] + if !command.Suggest && strings.Index(command.Command, cmd) == 0 { + parameters := strings.SplitN(command.Command, " ", 2) + if len(parameters) != 2 || len(parameters[1]) == 0 { + return false } - - message := "" - if len(parts) >= 3 { - message = parts[2] + message := strings.Trim(parameters[1], " ") + delay := 0 + if endMsg := strings.LastIndex(message, "\""); string(message[0]) == "\"" && endMsg > 1 { + if checkDelay, err := strconv.Atoi(strings.Trim(message[endMsg:], " \"")); err == nil { + delay = checkDelay + } + message = message[1:endMsg] + } else if strings.Index(message, " ") > -1 { + delayIdx := strings.LastIndex(message, " ") + delayStr := strings.Trim(message[delayIdx:], " ") + + if checkDelay, err := strconv.Atoi(delayStr); err == nil { + delay = checkDelay + message = message[:delayIdx] + } } - if result := <-Srv.Store.Channel().GetChannels(c.Session.TeamId, c.Session.UserId); result.Err != nil { - c.Err = result.Err + if delay > 10000 { + c.Err = model.NewAppError("echoCommand", "Delays must be under 10000 seconds", "") return false - } else { - channels := result.Data.(*model.ChannelList) + } - for _, v := range channels.Channels { - if v.Type == model.CHANNEL_DIRECT { - continue - } + if echoSem == nil { + // We want one additional thread allowed so we never reach channel lockup + echoSem = make(chan bool, maxThreads+1) + } - if v.Name == channelName && !command.Suggest { - post := &model.Post{} - post.ChannelId = v.Id - post.Message = message + if len(echoSem) >= maxThreads { + c.Err = model.NewAppError("echoCommand", "High volume of echo request, cannot process request", "") + return false + } - if _, err := CreateValetPost(c, post); err != nil { - c.Err = err - return false - } + echoSem <- true + go func() { + defer func() { <-echoSem }() + post := &model.Post{} + post.ChannelId = command.ChannelId + post.Message = message - command.Response = model.RESP_EXECUTED - return true - } + time.Sleep(time.Duration(delay) * time.Second) - if len(channelName) == 0 || (strings.Index(v.Name, channelName) == 0 && len(parts) < 3) { - command.AddSuggestion(&model.SuggestCommand{Suggestion: cmd + " " + v.Name, Description: "Echo a message using Valet in a channel"}) - } + if _, err := CreatePost(c, post, false); err != nil { + l4g.Error("Unable to create /echo post, err=%v", err) } - } + }() + + command.Response = model.RESP_EXECUTED + return true } else if strings.Index(cmd, command.Command) == 0 { - command.AddSuggestion(&model.SuggestCommand{Suggestion: cmd, Description: "Echo a message using Valet in a channel"}) + command.AddSuggestion(&model.SuggestCommand{Suggestion: cmd, Description: "Echo back text from your account, /echo \"message\" [delay in seoncds]"}) } return false diff --git a/api/command_test.go b/api/command_test.go index a58ef9be5..fe52dd41b 100644 --- a/api/command_test.go +++ b/api/command_test.go @@ -4,9 +4,10 @@ package api import ( + "testing" + "github.com/mattermost/platform/model" "github.com/mattermost/platform/store" - "testing" ) func TestSuggestRootCommands(t *testing.T) { @@ -50,6 +51,12 @@ func TestSuggestRootCommands(t *testing.T) { if rs3.Suggestions[0].Suggestion != "/join" { t.Fatal("should have join cmd") } + + rs4 := Client.Must(Client.Command("", "/ech", true)).Data.(*model.Command) + + if rs4.Suggestions[0].Suggestion != "/echo" { + t.Fatal("should have echo cmd") + } } func TestLogoutCommands(t *testing.T) { @@ -145,3 +152,31 @@ func TestJoinCommands(t *testing.T) { t.Fatal("didn't join channel") } } + +func TestEchoCommand(t *testing.T) { + Setup() + + team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} + team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) + + user1 := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"} + user1 = Client.Must(Client.CreateUser(user1, "")).Data.(*model.User) + store.Must(Srv.Store.User().VerifyEmail(user1.Id)) + + Client.LoginByEmail(team.Name, user1.Email, "pwd") + + channel1 := &model.Channel{DisplayName: "AA", Name: "aa" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} + channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) + + echoTestString := "/echo test" + + r1 := Client.Must(Client.Command(channel1.Id, echoTestString, false)).Data.(*model.Command) + if r1.Response != model.RESP_EXECUTED { + t.Fatal("Echo command failed to execute") + } + + p1 := Client.Must(Client.GetPosts(channel1.Id, 0, 2, "")).Data.(*model.PostList) + if len(p1.Order) != 1 { + t.Fatal("Echo command failed to send") + } +} diff --git a/api/file.go b/api/file.go index 50482a057..800c512c5 100644 --- a/api/file.go +++ b/api/file.go @@ -347,6 +347,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) { } w.Header().Set("Cache-Control", "max-age=2592000, public") + w.Header().Set("Content-Length", strconv.Itoa(len(f))) w.Write(f) } diff --git a/api/post_test.go b/api/post_test.go index ac9adf358..85d92de3a 100644 --- a/api/post_test.go +++ b/api/post_test.go @@ -331,7 +331,7 @@ func TestGetPosts(t *testing.T) { t.Fatal("wrong order") } - if len(r1.Posts) != 4 { + if len(r1.Posts) != 2 { // 3a1 and 3; 3a1's parent already there t.Fatal("wrong size") } @@ -345,7 +345,7 @@ func TestGetPosts(t *testing.T) { t.Fatal("wrong order") } - if len(r2.Posts) != 4 { + if len(r2.Posts) != 3 { // 2 and 1a1; + 1a1's parent t.Log(r2.Posts) t.Fatal("wrong size") } diff --git a/api/team.go b/api/team.go index 8587a6de4..e34b3a610 100644 --- a/api/team.go +++ b/api/team.go @@ -23,6 +23,7 @@ func InitTeam(r *mux.Router) { sr := r.PathPrefix("/teams").Subrouter() sr.Handle("/create", ApiAppHandler(createTeam)).Methods("POST") sr.Handle("/create_from_signup", ApiAppHandler(createTeamFromSignup)).Methods("POST") + sr.Handle("/create_with_sso/{service:[A-Za-z]+}", ApiAppHandler(createTeamFromSSO)).Methods("POST") sr.Handle("/signup", ApiAppHandler(signupTeam)).Methods("POST") sr.Handle("/find_team_by_name", ApiAppHandler(findTeamByName)).Methods("POST") sr.Handle("/find_teams", ApiAppHandler(findTeams)).Methods("POST") @@ -35,6 +36,11 @@ func InitTeam(r *mux.Router) { } func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.AllowEmailSignUp { + c.Err = model.NewAppError("signupTeam", "Team sign-up with email is disabled.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } m := model.MapFromJson(r.Body) email := strings.ToLower(strings.TrimSpace(m["email"])) @@ -44,6 +50,10 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !isTreamCreationAllowed(c, email) { + return + } + subjectPage := NewServerTemplatePage("signup_team_subject", c.GetSiteURL()) bodyPage := NewServerTemplatePage("signup_team_body", c.GetSiteURL()) bodyPage.Props["TourUrl"] = utils.Cfg.TeamSettings.TourLink @@ -70,7 +80,70 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(model.MapToJson(m))) } +func createTeamFromSSO(c *Context, w http.ResponseWriter, r *http.Request) { + params := mux.Vars(r) + service := params["service"] + + if !utils.IsServiceAllowed(service) { + c.SetInvalidParam("createTeamFromSSO", "service") + return + } + + team := model.TeamFromJson(r.Body) + + if team == nil { + c.SetInvalidParam("createTeamFromSSO", "team") + return + } + + team.PreSave() + + team.Name = model.CleanTeamName(team.Name) + + if err := team.IsValid(); err != nil { + c.Err = err + return + } + + team.Id = "" + + found := true + count := 0 + for found { + if found = FindTeamByName(c, team.Name, "true"); c.Err != nil { + return + } else if found { + team.Name = team.Name + strconv.Itoa(count) + count += 1 + } + } + + team.AllowValet = utils.Cfg.TeamSettings.AllowValetDefault + + if result := <-Srv.Store.Team().Save(team); result.Err != nil { + c.Err = result.Err + return + } else { + rteam := result.Data.(*model.Team) + + if _, err := CreateDefaultChannels(c, rteam.Id); err != nil { + c.Err = nil + return + } + + data := map[string]string{"follow_link": c.GetSiteURL() + "/" + rteam.Name + "/signup/" + service} + w.Write([]byte(model.MapToJson(data))) + + } + +} + func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.AllowEmailSignUp { + c.Err = model.NewAppError("createTeamFromSignup", "Team sign-up with email is disabled.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } teamSignup := model.TeamSignupFromJson(r.Body) @@ -89,6 +162,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } + + if !isTreamCreationAllowed(c, teamSignup.Team.Email) { + return + } + teamSignup.Team.Id = "" password := teamSignup.User.Password @@ -161,6 +239,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) { } func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.AllowEmailSignUp { + c.Err = model.NewAppError("createTeam", "Team sign-up with email is disabled.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } team := model.TeamFromJson(r.Body) @@ -169,6 +252,10 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !isTreamCreationAllowed(c, team.Email) { + return + } + if utils.Cfg.ServiceSettings.Mode != utils.MODE_DEV { c.Err = model.NewAppError("createTeam", "The mode does not allow network creation without a valid invite", "") return @@ -181,7 +268,7 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { rteam := result.Data.(*model.Team) if _, err := CreateDefaultChannels(c, rteam.Id); err != nil { - c.Err = nil + c.Err = err return } @@ -196,6 +283,35 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { } } +func isTreamCreationAllowed(c *Context, email string) bool { + + email = strings.ToLower(email) + + if utils.Cfg.TeamSettings.DisableTeamCreation { + c.Err = model.NewAppError("isTreamCreationAllowed", "Team creation has been disabled. Please ask your systems administrator for details.", "") + return false + } + + // commas and @ signs are optional + // can be in the form of "@corp.mattermost.com, mattermost.com mattermost.org" -> corp.mattermost.com mattermost.com mattermost.org + domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(utils.Cfg.TeamSettings.RestrictCreationToDomains, "@", " ", -1), ",", " ", -1)))) + + matched := false + for _, d := range domains { + if strings.HasSuffix(email, "@"+d) { + matched = true + break + } + } + + if len(utils.Cfg.TeamSettings.RestrictCreationToDomains) > 0 && !matched { + c.Err = model.NewAppError("isTreamCreationAllowed", "Email must be from a specific domain (e.g. @example.com). Please ask your systems administrator for details.", "") + return false + } + + return true +} + func findTeamByName(c *Context, w http.ResponseWriter, r *http.Request) { m := model.MapFromJson(r.Body) diff --git a/api/user.go b/api/user.go index 05ccd03e8..3796dde2a 100644 --- a/api/user.go +++ b/api/user.go @@ -58,6 +58,11 @@ func InitUser(r *mux.Router) { } func createUser(c *Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.AllowEmailSignUp { + c.Err = model.NewAppError("signupTeam", "User sign-up with email is disabled.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } user := model.UserFromJson(r.Body) @@ -181,7 +186,7 @@ func CreateUser(c *Context, team *model.Team, user *model.User) *model.User { if result := <-Srv.Store.User().Save(user); result.Err != nil { c.Err = result.Err - l4g.Error("Filae err=%v", result.Err) + l4g.Error("Couldn't save the user err=%v", result.Err) return nil } else { ruser := result.Data.(*model.User) @@ -1426,3 +1431,18 @@ func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser } } + +func IsUsernameTaken(name string, teamId string) bool { + + if !model.IsValidUsername(name) { + return false + } + + if result := <-Srv.Store.User().GetByUsername(teamId, name); result.Err != nil { + return false + } else { + return true + } + + return false +} |