diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/channel.go | 39 | ||||
-rw-r--r-- | api/file.go | 3 | ||||
-rw-r--r-- | api/team.go | 4 | ||||
-rw-r--r-- | api/templates/email_change_body.html | 5 | ||||
-rw-r--r-- | api/templates/email_change_subject.html | 2 | ||||
-rw-r--r-- | api/templates/email_change_verify_body.html | 56 | ||||
-rw-r--r-- | api/templates/email_change_verify_subject.html | 1 | ||||
-rw-r--r-- | api/templates/find_teams_body.html | 4 | ||||
-rw-r--r-- | api/templates/invite_body.html | 2 | ||||
-rw-r--r-- | api/templates/password_change_body.html | 2 | ||||
-rw-r--r-- | api/templates/post_body.html | 2 | ||||
-rw-r--r-- | api/templates/reset_body.html | 2 | ||||
-rw-r--r-- | api/templates/signup_team_body.html | 2 | ||||
-rw-r--r-- | api/templates/verify_body.html | 2 | ||||
-rw-r--r-- | api/templates/welcome_body.html | 2 | ||||
-rw-r--r-- | api/user.go | 40 | ||||
-rw-r--r-- | api/web_hub.go | 10 |
17 files changed, 137 insertions, 41 deletions
diff --git a/api/channel.go b/api/channel.go index 5e13fa18a..0d22d7c00 100644 --- a/api/channel.go +++ b/api/channel.go @@ -472,6 +472,8 @@ func leaveChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } + UpdateChannelAccessCacheAndForget(c.Session.TeamId, c.Session.UserId, channel.Id) + post := &model.Post{ChannelId: channel.Id, Message: fmt.Sprintf( `%v has left the channel.`, user.Username), Type: model.POST_JOIN_LEAVE} @@ -706,20 +708,21 @@ func addChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { return } - post := &model.Post{ChannelId: id, Message: fmt.Sprintf( - `%v added to the channel by %v`, - nUser.Username, oUser.Username), Type: model.POST_JOIN_LEAVE} - if _, err := CreatePost(c, post, false); err != nil { - l4g.Error("Failed to post add message %v", err) - c.Err = model.NewAppError("addChannelMember", "Failed to add member to channel", "") - return - } - c.LogAudit("name=" + channel.Name + " user_id=" + userId) - message := model.NewMessage(c.Session.TeamId, "", userId, model.ACTION_USER_ADDED) + go func() { + post := &model.Post{ChannelId: id, Message: fmt.Sprintf( + `%v added to the channel by %v`, + nUser.Username, oUser.Username), Type: model.POST_JOIN_LEAVE} + if _, err := CreatePost(c, post, false); err != nil { + l4g.Error("Failed to post add member to channel message, err=%v", err) + } - PublishAndForget(message) + UpdateChannelAccessCache(c.Session.TeamId, userId, channel.Id) + message := model.NewMessage(c.Session.TeamId, channel.Id, userId, model.ACTION_USER_ADDED) + + PublishAndForget(message) + }() <-Srv.Store.Channel().UpdateLastViewedAt(id, oUser.Id) w.Write([]byte(cm.ToJson())) @@ -773,13 +776,17 @@ func removeChannelMember(c *Context, w http.ResponseWriter, r *http.Request) { return } - message := model.NewMessage(c.Session.TeamId, "", userId, model.ACTION_USER_REMOVED) - message.Add("channel_id", id) - message.Add("remover", c.Session.UserId) - PublishAndForget(message) - c.LogAudit("name=" + channel.Name + " user_id=" + userId) + go func() { + UpdateChannelAccessCache(c.Session.TeamId, userId, id) + + message := model.NewMessage(c.Session.TeamId, "", userId, model.ACTION_USER_REMOVED) + message.Add("channel_id", id) + message.Add("remover", c.Session.UserId) + PublishAndForget(message) + }() + result := make(map[string]string) result["channel_id"] = channel.Id result["removed_user_id"] = userId diff --git a/api/file.go b/api/file.go index 5dc1db650..bb9aa00d8 100644 --- a/api/file.go +++ b/api/file.go @@ -23,7 +23,6 @@ import ( "image/jpeg" "io" "io/ioutil" - "mime" "net/http" "net/url" "os" @@ -407,7 +406,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) { w.Header().Set("Cache-Control", "max-age=2592000, public") w.Header().Set("Content-Length", strconv.Itoa(len(f))) - w.Header().Set("Content-Type", mime.TypeByExtension(filepath.Ext(filename))) + w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer // attach extra headers to trigger a download on IE and Edge ua := user_agent.New(r.UserAgent()) diff --git a/api/team.go b/api/team.go index 8e5d634aa..bb60e0720 100644 --- a/api/team.go +++ b/api/team.go @@ -432,9 +432,9 @@ func emailTeams(c *Context, w http.ResponseWriter, r *http.Request) { } subjectPage := NewServerTemplatePage("find_teams_subject") - subjectPage.Props["SiteURL"] = c.GetSiteURL() + subjectPage.ClientProps["SiteURL"] = c.GetSiteURL() bodyPage := NewServerTemplatePage("find_teams_body") - bodyPage.Props["SiteURL"] = c.GetSiteURL() + bodyPage.ClientProps["SiteURL"] = c.GetSiteURL() if result := <-Srv.Store.Team().GetTeamsForEmail(email); result.Err != nil { c.Err = result.Err diff --git a/api/templates/email_change_body.html b/api/templates/email_change_body.html index 0ec4ace2a..d4e6abd02 100644 --- a/api/templates/email_change_body.html +++ b/api/templates/email_change_body.html @@ -9,7 +9,7 @@ <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> <td style="padding: 20px 20px 10px; text-align:left;"> - <img src="{{.Props.SiteURL}}/static/images/{{.ClientProps.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> + <img src="{{.Props.SiteURL}}/static/images/logo-email.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> <tr> @@ -18,7 +18,7 @@ <tr> <td style="border-bottom: 1px solid #ddd; padding: 0 0 20px;"> <h2 style="font-weight: normal; margin-top: 10px;">You updated your email</h2> - <p>You updated your email for {{.Props.TeamDisplayName}} on {{ .Props.TeamURL }}<br> If this change wasn't initiated by you, please reply to this email and let us know.</p> + <p>You email address for {{.Props.TeamDisplayName}} has been changed to {{.Props.NewEmail}}.<br>If you did not make this change, please contact the system administrator.</p> </td> </tr> <tr> @@ -51,4 +51,3 @@ </table> {{end}} - diff --git a/api/templates/email_change_subject.html b/api/templates/email_change_subject.html index 5690b148a..962ae868e 100644 --- a/api/templates/email_change_subject.html +++ b/api/templates/email_change_subject.html @@ -1 +1 @@ -{{define "email_change_subject"}}You updated your email for {{.Props.TeamDisplayName}} on {{ .Props.Domain }}{{end}} +{{define "email_change_subject"}}[{{.ClientProps.SiteName}}] Your email address has changed for {{.Props.TeamDisplayName}}{{end}} diff --git a/api/templates/email_change_verify_body.html b/api/templates/email_change_verify_body.html new file mode 100644 index 000000000..356f2454c --- /dev/null +++ b/api/templates/email_change_verify_body.html @@ -0,0 +1,56 @@ +{{define "email_change_verify_body"}} + +<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="margin-top: 20px; line-height: 1.7; color: #555;"> + <tr> + <td> + <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="max-width: 660px; font-family: Helvetica, Arial, sans-serif; font-size: 14px; background: #FFF;"> + <tr> + <td style="border: 1px solid #ddd;"> + <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> + <tr> + <td style="padding: 20px 20px 10px; text-align:left;"> + <img src="{{.Props.SiteURL}}/static/images/{{.ClientProps.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> + </td> + </tr> + <tr> + <td> + <table border="0" cellpadding="0" cellspacing="0" style="padding: 20px 50px 0; text-align: center; margin: 0 auto"> + <tr> + <td style="border-bottom: 1px solid #ddd; padding: 0 0 20px;"> + <h2 style="font-weight: normal; margin-top: 10px;">You updated your email</h2> + <p>To finish updating your email address for {{.Props.TeamDisplayName}}, please click the link below to confirm this is the right address.</p> + <p style="margin: 20px 0 15px"> + <a href="{{.Props.VerifyUrl}}" style="background: #2389D7; border-radius: 3px; color: #fff; border: none; outline: none; min-width: 200px; padding: 15px 25px; font-size: 14px; font-family: inherit; cursor: pointer; -webkit-appearance: none;text-decoration: none;">Verify Email</a> + </p> + </td> + </tr> + <tr> + <td style="color: #999; padding-top: 20px; line-height: 25px; font-size: 13px;"> + Any questions at all, mail us any time: <a href="mailto:{{.ClientProps.FeedbackEmail}}" style="text-decoration: none; color:#2389D7;">{{.ClientProps.FeedbackEmail}}</a>.<br> + Best wishes,<br> + The {{.ClientProps.SiteName}} Team<br> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> + <p style="margin: 25px 0;"> + <img width="65" src="{{.Props.SiteURL}}/static/images/circles.png" alt=""> + </p> + <p style="padding: 0 50px;"> + (c) 2015 SpinPunch, Inc. 855 El Camino Real, 13A-168, Palo Alto, CA, 94301.<br> + If you no longer wish to receive these emails, click on the following link: <a href="mailto:{{.ClientProps.FeedbackEmail}}?subject=Unsubscribe&body=Unsubscribe" style="text-decoration: none; color:#2389D7;">Unsubscribe</a> + </p> + </td> + </tr> + </table> + </td> + </tr> + </table> + </td> + </tr> +</table> + +{{end}} diff --git a/api/templates/email_change_verify_subject.html b/api/templates/email_change_verify_subject.html new file mode 100644 index 000000000..5e2ac1452 --- /dev/null +++ b/api/templates/email_change_verify_subject.html @@ -0,0 +1 @@ +{{define "email_change_verify_subject"}}[{{.ClientProps.SiteName}}] Verify new email address for {{.Props.TeamDisplayName}}{{end}} diff --git a/api/templates/find_teams_body.html b/api/templates/find_teams_body.html index 9d34b7a23..3046ee5f8 100644 --- a/api/templates/find_teams_body.html +++ b/api/templates/find_teams_body.html @@ -9,7 +9,7 @@ <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> <td style="padding: 20px 20px 10px; text-align:left;"> - <img src="{{.Props.SiteURL}}/static/images/{{.ClientProps.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> + <img src="{{.ClientProps.SiteURL}}/static/images/logo-email.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> <tr> @@ -42,7 +42,7 @@ <tr> <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> <p style="margin: 25px 0;"> - <img width="65" src="{{.Props.SiteURL}}/static/images/circles.png" alt=""> + <img width="65" src="{{.ClientProps.SiteURL}}/static/images/circles.png" alt=""> </p> <p style="padding: 0 50px;"> (c) 2015 SpinPunch, Inc. 855 El Camino Real, 13A-168, Palo Alto, CA, 94301.<br> diff --git a/api/templates/invite_body.html b/api/templates/invite_body.html index 9e1ce33b2..fdfcfa9f1 100644 --- a/api/templates/invite_body.html +++ b/api/templates/invite_body.html @@ -9,7 +9,7 @@ <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> <td style="padding: 20px 20px 10px; text-align:left;"> - <img src="{{.Props.SiteURL}}/static/images/{{.ClientProps.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> + <img src="{{.Props.SiteURL}}/static/images/logo-email.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> <tr> diff --git a/api/templates/password_change_body.html b/api/templates/password_change_body.html index 3fef3a5c8..c420d7a69 100644 --- a/api/templates/password_change_body.html +++ b/api/templates/password_change_body.html @@ -9,7 +9,7 @@ <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> <td style="padding: 20px 20px 10px; text-align:left;"> - <img src="{{.Props.SiteURL}}/static/images/{{.ClientProps.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> + <img src="{{.Props.SiteURL}}/static/images/logo-email.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> <tr> diff --git a/api/templates/post_body.html b/api/templates/post_body.html index a6b81e2f6..1dd30ca45 100644 --- a/api/templates/post_body.html +++ b/api/templates/post_body.html @@ -9,7 +9,7 @@ <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> <td style="padding: 20px 20px 10px; text-align:left;"> - <img src="{{.Props.SiteURL}}/static/images/{{.ClientProps.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> + <img src="{{.Props.SiteURL}}/static/images/logo-email.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> <tr> diff --git a/api/templates/reset_body.html b/api/templates/reset_body.html index dc6152627..d388689cf 100644 --- a/api/templates/reset_body.html +++ b/api/templates/reset_body.html @@ -9,7 +9,7 @@ <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> <td style="padding: 20px 20px 10px; text-align:left;"> - <img src="{{.Props.SiteURL}}/static/images/{{.ClientProps.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> + <img src="{{.Props.SiteURL}}/static/images/logo-email.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> <tr> diff --git a/api/templates/signup_team_body.html b/api/templates/signup_team_body.html index e6ffb3a5b..83c1679b9 100644 --- a/api/templates/signup_team_body.html +++ b/api/templates/signup_team_body.html @@ -9,7 +9,7 @@ <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> <td style="padding: 20px 20px 10px; text-align:left;"> - <img src="{{.Props.SiteURL}}/static/images/{{.ClientProps.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> + <img src="{{.Props.SiteURL}}/static/images/logo-email.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> <tr> diff --git a/api/templates/verify_body.html b/api/templates/verify_body.html index 8187c8908..def067a84 100644 --- a/api/templates/verify_body.html +++ b/api/templates/verify_body.html @@ -9,7 +9,7 @@ <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> <td style="padding: 20px 20px 10px; text-align:left;"> - <img src="{{.Props.SiteURL}}/static/images/{{.ClientProps.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> + <img src="{{.Props.SiteURL}}/static/images/logo-email.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> <tr> diff --git a/api/templates/welcome_body.html b/api/templates/welcome_body.html index 5fe3450b7..ff31ee8d5 100644 --- a/api/templates/welcome_body.html +++ b/api/templates/welcome_body.html @@ -9,7 +9,7 @@ <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> <tr> <td style="padding: 20px 20px 10px; text-align:left;"> - <img src="{{.Props.SiteURL}}/static/images/{{.ClientProps.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> + <img src="{{.Props.SiteURL}}/static/images/logo-email.png" width="130px" style="opacity: 0.5" alt=""> </td> </tr> <tr> diff --git a/api/user.go b/api/user.go index 2d7dd9ab1..34cbec151 100644 --- a/api/user.go +++ b/api/user.go @@ -887,7 +887,11 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { l4g.Error(tresult.Err.Message) } else { team := tresult.Data.(*model.Team) - fireAndForgetEmailChangeEmail(rusers[1].Email, team.DisplayName, c.GetTeamURLFromTeam(team), c.GetSiteURL()) + fireAndForgetEmailChangeEmail(rusers[1].Email, rusers[0].Email, team.DisplayName, c.GetTeamURLFromTeam(team), c.GetSiteURL()) + + if utils.Cfg.EmailSettings.RequireEmailVerification { + FireAndForgetEmailChangeVerifyEmail(rusers[0].Id, rusers[0].Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) + } } } @@ -991,7 +995,7 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) { } if model.IsInRole(new_roles, model.ROLE_SYSTEM_ADMIN) && !c.IsSystemAdmin() { - c.Err = model.NewAppError("updateRoles", "The system_admin role can only be set by another system admin", "") + c.Err = model.NewAppError("updateRoles", "The system admin role can only be set by another system admin", "") c.Err.StatusCode = http.StatusForbidden return } @@ -1014,6 +1018,12 @@ func updateRoles(c *Context, w http.ResponseWriter, r *http.Request) { return } + if user.IsInRole(model.ROLE_SYSTEM_ADMIN) && !c.IsSystemAdmin() { + c.Err = model.NewAppError("updateRoles", "The system admin role can only by modified by another system admin", "") + c.Err.StatusCode = http.StatusForbidden + return + } + ruser := UpdateRoles(c, user, new_roles) if c.Err != nil { return @@ -1322,7 +1332,7 @@ func fireAndForgetPasswordChangeEmail(email, teamDisplayName, teamURL, siteURL, }() } -func fireAndForgetEmailChangeEmail(email, teamDisplayName, teamURL, siteURL string) { +func fireAndForgetEmailChangeEmail(oldEmail, newEmail, teamDisplayName, teamURL, siteURL string) { go func() { subjectPage := NewServerTemplatePage("email_change_subject") @@ -1332,14 +1342,34 @@ func fireAndForgetEmailChangeEmail(email, teamDisplayName, teamURL, siteURL stri bodyPage.Props["SiteURL"] = siteURL bodyPage.Props["TeamDisplayName"] = teamDisplayName bodyPage.Props["TeamURL"] = teamURL + bodyPage.Props["NewEmail"] = newEmail - if err := utils.SendMail(email, subjectPage.Render(), bodyPage.Render()); err != nil { - l4g.Error("Failed to send update password email successfully err=%v", err) + if err := utils.SendMail(oldEmail, subjectPage.Render(), bodyPage.Render()); err != nil { + l4g.Error("Failed to send email change notification email successfully err=%v", err) } }() } +func FireAndForgetEmailChangeVerifyEmail(userId, newUserEmail, teamName, teamDisplayName, siteURL, teamURL string) { + go func() { + + link := fmt.Sprintf("%s/verify_email?uid=%s&hid=%s&teamname=%s&email=%s", siteURL, userId, model.HashPassword(userId), teamName, newUserEmail) + + subjectPage := NewServerTemplatePage("email_change_verify_subject") + subjectPage.Props["SiteURL"] = siteURL + subjectPage.Props["TeamDisplayName"] = teamDisplayName + bodyPage := NewServerTemplatePage("email_change_verify_body") + bodyPage.Props["SiteURL"] = siteURL + bodyPage.Props["TeamDisplayName"] = teamDisplayName + bodyPage.Props["VerifyUrl"] = link + + if err := utils.SendMail(newUserEmail, subjectPage.Render(), bodyPage.Render()); err != nil { + l4g.Error("Failed to send email change verification email successfully err=%v", err) + } + }() +} + func updateUserNotify(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) diff --git a/api/web_hub.go b/api/web_hub.go index 44d405283..15528c612 100644 --- a/api/web_hub.go +++ b/api/web_hub.go @@ -30,11 +30,15 @@ func PublishAndForget(message *model.Message) { }() } +func UpdateChannelAccessCache(teamId, userId, channelId string) { + if nh, ok := hub.teamHubs[teamId]; ok { + nh.UpdateChannelAccessCache(userId, channelId) + } +} + func UpdateChannelAccessCacheAndForget(teamId, userId, channelId string) { go func() { - if nh, ok := hub.teamHubs[teamId]; ok { - nh.UpdateChannelAccessCache(userId, channelId) - } + UpdateChannelAccessCache(teamId, userId, channelId) }() } |