4 files changed, 263 insertions, 4 deletions

diff --git a/api/admin.go b/api/admin.go
index 0ea6341e2..e8cb8b3c7 100644
--- a/api/admin.go
+++ b/api/admin.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
+// Copyright (c) 2016 Mattermost, Inc. All Rights Reserved.
 // See License.txt for license information.
 
 package api
@@ -21,6 +21,7 @@ func InitAdmin(r *mux.Router) {
 
 	sr := r.PathPrefix("/admin").Subrouter()
 	sr.Handle("/logs", ApiUserRequired(getLogs)).Methods("GET")
+	sr.Handle("/audits", ApiUserRequired(getAllAudits)).Methods("GET")
 	sr.Handle("/config", ApiUserRequired(getConfig)).Methods("GET")
 	sr.Handle("/save_config", ApiUserRequired(saveConfig)).Methods("POST")
 	sr.Handle("/test_email", ApiUserRequired(testEmail)).Methods("POST")
@@ -58,6 +59,32 @@ func getLogs(c *Context, w http.ResponseWriter, r *http.Request) {
 	w.Write([]byte(model.ArrayToJson(lines)))
 }
 
+func getAllAudits(c *Context, w http.ResponseWriter, r *http.Request) {
+
+	if !c.HasSystemAdminPermissions("getAllAudits") {
+		return
+	}
+
+	if result := <-Srv.Store.Audit().Get("", 200); result.Err != nil {
+		c.Err = result.Err
+		return
+	} else {
+		audits := result.Data.(model.Audits)
+		etag := audits.Etag()
+
+		if HandleEtag(etag, w, r) {
+			return
+		}
+
+		if len(etag) > 0 {
+			w.Header().Set(model.HEADER_ETAG_SERVER, etag)
+		}
+
+		w.Write([]byte(audits.ToJson()))
+		return
+	}
+}
+
 func getClientConfig(c *Context, w http.ResponseWriter, r *http.Request) {
 	w.Write([]byte(model.MapToJson(utils.ClientCfg)))
 }
@@ -161,9 +188,10 @@ func getAnalytics(c *Context, w http.ResponseWriter, r *http.Request) {
 		rows[1] = &model.AnalyticsRow{"channel_private_count", 0}
 		rows[2] = &model.AnalyticsRow{"post_count", 0}
 		rows[3] = &model.AnalyticsRow{"unique_user_count", 0}
+
 		openChan := Srv.Store.Channel().AnalyticsTypeCount(teamId, model.CHANNEL_OPEN)
 		privateChan := Srv.Store.Channel().AnalyticsTypeCount(teamId, model.CHANNEL_PRIVATE)
-		postChan := Srv.Store.Post().AnalyticsPostCount(teamId)
+		postChan := Srv.Store.Post().AnalyticsPostCount(teamId, false, false)
 		userChan := Srv.Store.User().AnalyticsUniqueUserCount(teamId)
 
 		if r := <-openChan; r.Err != nil {
@@ -209,6 +237,47 @@ func getAnalytics(c *Context, w http.ResponseWriter, r *http.Request) {
 		} else {
 			w.Write([]byte(r.Data.(model.AnalyticsRows).ToJson()))
 		}
+	} else if name == "extra_counts" {
+		var rows model.AnalyticsRows = make([]*model.AnalyticsRow, 4)
+		rows[0] = &model.AnalyticsRow{"file_post_count", 0}
+		rows[1] = &model.AnalyticsRow{"hashtag_post_count", 0}
+		rows[2] = &model.AnalyticsRow{"incoming_webhook_count", 0}
+		rows[3] = &model.AnalyticsRow{"outgoing_webhook_count", 0}
+
+		fileChan := Srv.Store.Post().AnalyticsPostCount(teamId, true, false)
+		hashtagChan := Srv.Store.Post().AnalyticsPostCount(teamId, false, true)
+		iHookChan := Srv.Store.Webhook().AnalyticsIncomingCount(teamId)
+		oHookChan := Srv.Store.Webhook().AnalyticsOutgoingCount(teamId)
+
+		if r := <-fileChan; r.Err != nil {
+			c.Err = r.Err
+			return
+		} else {
+			rows[0].Value = float64(r.Data.(int64))
+		}
+
+		if r := <-hashtagChan; r.Err != nil {
+			c.Err = r.Err
+			return
+		} else {
+			rows[1].Value = float64(r.Data.(int64))
+		}
+
+		if r := <-iHookChan; r.Err != nil {
+			c.Err = r.Err
+			return
+		} else {
+			rows[2].Value = float64(r.Data.(int64))
+		}
+
+		if r := <-oHookChan; r.Err != nil {
+			c.Err = r.Err
+			return
+		} else {
+			rows[3].Value = float64(r.Data.(int64))
+		}
+
+		w.Write([]byte(rows.ToJson()))
 	} else {
 		c.SetInvalidParam("getAnalytics", "name")
 	}
diff --git a/api/admin_test.go b/api/admin_test.go
index 2552e642c..8a9c82b44 100644
--- a/api/admin_test.go
+++ b/api/admin_test.go
@@ -41,6 +41,36 @@ func TestGetLogs(t *testing.T) {
 	}
 }
 
+func TestGetAllAudits(t *testing.T) {
+	Setup()
+
+	team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
+	team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team)
+
+	user := &model.User{TeamId: team.Id, Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"}
+	user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User)
+	store.Must(Srv.Store.User().VerifyEmail(user.Id))
+
+	Client.LoginByEmail(team.Name, user.Email, "pwd")
+
+	if _, err := Client.GetAllAudits(); err == nil {
+		t.Fatal("Shouldn't have permissions")
+	}
+
+	c := &Context{}
+	c.RequestId = model.NewId()
+	c.IpAddress = "cmd_line"
+	UpdateRoles(c, user, model.ROLE_SYSTEM_ADMIN)
+
+	Client.LoginByEmail(team.Name, user.Email, "pwd")
+
+	if audits, err := Client.GetAllAudits(); err != nil {
+		t.Fatal(err)
+	} else if len(audits.Data.(model.Audits)) <= 0 {
+		t.Fatal()
+	}
+}
+
 func TestGetClientProperties(t *testing.T) {
 	Setup()
 
@@ -362,3 +392,113 @@ func TestUserCountsWithPostsByDay(t *testing.T) {
 		}
 	}
 }
+
+func TestGetTeamAnalyticsExtra(t *testing.T) {
+	Setup()
+
+	team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
+	team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team)
+
+	user := &model.User{TeamId: team.Id, Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"}
+	user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User)
+	store.Must(Srv.Store.User().VerifyEmail(user.Id))
+
+	Client.LoginByEmail(team.Name, user.Email, "pwd")
+
+	channel1 := &model.Channel{DisplayName: "TestGetPosts", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
+	channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel)
+
+	post1 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a"}
+	post1 = Client.Must(Client.CreatePost(post1)).Data.(*model.Post)
+
+	post2 := &model.Post{ChannelId: channel1.Id, Message: "#test a" + model.NewId() + "a"}
+	post2 = Client.Must(Client.CreatePost(post2)).Data.(*model.Post)
+
+	if _, err := Client.GetTeamAnalytics("", "extra_counts"); err == nil {
+		t.Fatal("Shouldn't have permissions")
+	}
+
+	c := &Context{}
+	c.RequestId = model.NewId()
+	c.IpAddress = "cmd_line"
+	UpdateRoles(c, user, model.ROLE_SYSTEM_ADMIN)
+
+	Client.LoginByEmail(team.Name, user.Email, "pwd")
+
+	if result, err := Client.GetTeamAnalytics(team.Id, "extra_counts"); err != nil {
+		t.Fatal(err)
+	} else {
+		rows := result.Data.(model.AnalyticsRows)
+
+		if rows[0].Name != "file_post_count" {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[0].Value != 0 {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[1].Name != "hashtag_post_count" {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[1].Value != 1 {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[2].Name != "incoming_webhook_count" {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[2].Value != 0 {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[3].Name != "outgoing_webhook_count" {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[3].Value != 0 {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+	}
+
+	if result, err := Client.GetSystemAnalytics("extra_counts"); err != nil {
+		t.Fatal(err)
+	} else {
+		rows := result.Data.(model.AnalyticsRows)
+
+		if rows[0].Name != "file_post_count" {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[1].Name != "hashtag_post_count" {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[1].Value < 1 {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[2].Name != "incoming_webhook_count" {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[3].Name != "outgoing_webhook_count" {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+	}
+}
diff --git a/api/user.go b/api/user.go
index 27afbd469..a6817caa2 100644
--- a/api/user.go
+++ b/api/user.go
@@ -444,6 +444,38 @@ func LoginByEmail(c *Context, w http.ResponseWriter, r *http.Request, email, nam
 	return nil
 }
 
+func LoginByUsername(c *Context, w http.ResponseWriter, r *http.Request, username, name, password, deviceId string) *model.User {
+	var team *model.Team
+
+	if result := <-Srv.Store.Team().GetByName(name); result.Err != nil {
+		c.Err = result.Err
+		return nil
+	} else {
+		team = result.Data.(*model.Team)
+	}
+
+	if result := <-Srv.Store.User().GetByUsername(team.Id, username); result.Err != nil {
+		c.Err = result.Err
+		c.Err.StatusCode = http.StatusForbidden
+		return nil
+	} else {
+		user := result.Data.(*model.User)
+
+		if len(user.AuthData) != 0 {
+			c.Err = model.NewLocAppError("LoginByUsername", "api.user.login_by_email.sign_in.app_error",
+				map[string]interface{}{"AuthService": user.AuthService}, "")
+			return nil
+		}
+
+		if checkUserLoginAttempts(c, user) && checkUserPassword(c, user, password) {
+			Login(c, w, r, user, deviceId)
+			return user
+		}
+	}
+
+	return nil
+}
+
 func LoginByOAuth(c *Context, w http.ResponseWriter, r *http.Request, service string, userData io.ReadCloser, team *model.Team) *model.User {
 	authData := ""
 	provider := einterfaces.GetOauthProvider(service)
@@ -629,6 +661,8 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) {
 		user = LoginById(c, w, r, props["id"], props["password"], props["device_id"])
 	} else if len(props["email"]) != 0 && len(props["name"]) != 0 {
 		user = LoginByEmail(c, w, r, props["email"], props["name"], props["password"], props["device_id"])
+	} else if len(props["username"]) != 0 && len(props["name"]) != 0 {
+		user = LoginByUsername(c, w, r, props["username"], props["name"], props["password"], props["device_id"])
 	} else {
 		c.Err = model.NewLocAppError("login", "api.user.login.not_provided.app_error", nil, "")
 		c.Err.StatusCode = http.StatusForbidden
diff --git a/api/user_test.go b/api/user_test.go
index b2ae113f1..1a1cf9634 100644
--- a/api/user_test.go
+++ b/api/user_test.go
@@ -99,7 +99,7 @@ func TestLogin(t *testing.T) {
 	team := model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
 	rteam, _ := Client.CreateTeam(&team)
 
-	user := model.User{TeamId: rteam.Data.(*model.Team).Id, Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"}
+	user := model.User{TeamId: rteam.Data.(*model.Team).Id, Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Username: "corey", Password: "pwd"}
 	ruser, _ := Client.CreateUser(&user, "")
 	store.Must(Srv.Store.User().VerifyEmail(ruser.Data.(*model.User).Id))
 
@@ -107,7 +107,7 @@ func TestLogin(t *testing.T) {
 		t.Fatal(err)
 	} else {
 		if result.Data.(*model.User).Email != user.Email {
-			t.Fatal("email's didn't match")
+			t.Fatal("emails didn't match")
 		}
 	}
 
@@ -119,14 +119,30 @@ func TestLogin(t *testing.T) {
 		}
 	}
 
+	if result, err := Client.LoginByUsername(team.Name, user.Username, user.Password); err != nil {
+		t.Fatal(err)
+	} else {
+		if result.Data.(*model.User).Email != user.Email {
+			t.Fatal("emails didn't match")
+		}
+	}
+
 	if _, err := Client.LoginByEmail(team.Name, user.Email, user.Password+"invalid"); err == nil {
 		t.Fatal("Invalid Password")
 	}
 
+	if _, err := Client.LoginByUsername(team.Name, user.Username, user.Password+"invalid"); err == nil {
+		t.Fatal("Invalid Password")
+	}
+
 	if _, err := Client.LoginByEmail(team.Name, "", user.Password); err == nil {
 		t.Fatal("should have failed")
 	}
 
+	if _, err := Client.LoginByUsername(team.Name, "", user.Password); err == nil {
+		t.Fatal("should have failed")
+	}
+
 	authToken := Client.AuthToken
 	Client.AuthToken = "invalid"