summaryrefslogtreecommitdiffstats
path: root/api
diff options
context:
space:
mode:
Diffstat (limited to 'api')
-rw-r--r--api/command.go112
-rw-r--r--api/command_test.go37
-rw-r--r--api/file.go1
-rw-r--r--api/post_test.go4
-rw-r--r--api/team.go118
-rw-r--r--api/user.go22
6 files changed, 230 insertions, 64 deletions
diff --git a/api/command.go b/api/command.go
index f051bd42e..749cbf790 100644
--- a/api/command.go
+++ b/api/command.go
@@ -4,15 +4,15 @@
package api
import (
+ "net/http"
+ "strconv"
+ "strings"
+ "time"
+
l4g "code.google.com/p/log4go"
"github.com/gorilla/mux"
"github.com/mattermost/platform/model"
"github.com/mattermost/platform/utils"
- "net/http"
- "reflect"
- "runtime"
- "strconv"
- "strings"
)
type commandHandler func(c *Context, command *model.Command) bool
@@ -24,6 +24,8 @@ var commands = []commandHandler{
echoCommand,
}
+var echoSem chan bool
+
func InitCommand(r *mux.Router) {
l4g.Debug("Initializing command api routes")
r.Handle("/command", ApiUserRequired(command)).Methods("POST")
@@ -41,7 +43,6 @@ func command(c *Context, w http.ResponseWriter, r *http.Request) {
}
checkCommand(c, command)
-
if c.Err != nil {
return
} else {
@@ -56,8 +57,6 @@ func checkCommand(c *Context, command *model.Command) bool {
return false
}
- tchan := Srv.Store.Team().Get(c.Session.TeamId)
-
if len(command.ChannelId) > 0 {
cchan := Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, command.ChannelId, c.Session.UserId)
@@ -66,24 +65,9 @@ func checkCommand(c *Context, command *model.Command) bool {
}
}
- allowValet := false
- if tResult := <-tchan; tResult.Err != nil {
- c.Err = model.NewAppError("checkCommand", "Could not find the team for this session, team_id="+c.Session.TeamId, "")
- return false
- } else {
- allowValet = tResult.Data.(*model.Team).AllowValet
- }
-
- ec := runtime.FuncForPC(reflect.ValueOf(echoCommand).Pointer()).Name()
-
for _, v := range commands {
- if !allowValet && ec == runtime.FuncForPC(reflect.ValueOf(v).Pointer()).Name() {
- continue
- }
- if v(c, command) {
- return true
- } else if c.Err != nil {
+ if v(c, command) || c.Err != nil {
return true
}
}
@@ -112,55 +96,65 @@ func logoutCommand(c *Context, command *model.Command) bool {
}
func echoCommand(c *Context, command *model.Command) bool {
-
cmd := "/echo"
+ maxThreads := 100
- if strings.Index(command.Command, cmd) == 0 {
- parts := strings.SplitN(command.Command, " ", 3)
-
- channelName := ""
- if len(parts) >= 2 {
- channelName = parts[1]
+ if !command.Suggest && strings.Index(command.Command, cmd) == 0 {
+ parameters := strings.SplitN(command.Command, " ", 2)
+ if len(parameters) != 2 || len(parameters[1]) == 0 {
+ return false
}
-
- message := ""
- if len(parts) >= 3 {
- message = parts[2]
+ message := strings.Trim(parameters[1], " ")
+ delay := 0
+ if endMsg := strings.LastIndex(message, "\""); string(message[0]) == "\"" && endMsg > 1 {
+ if checkDelay, err := strconv.Atoi(strings.Trim(message[endMsg:], " \"")); err == nil {
+ delay = checkDelay
+ }
+ message = message[1:endMsg]
+ } else if strings.Index(message, " ") > -1 {
+ delayIdx := strings.LastIndex(message, " ")
+ delayStr := strings.Trim(message[delayIdx:], " ")
+
+ if checkDelay, err := strconv.Atoi(delayStr); err == nil {
+ delay = checkDelay
+ message = message[:delayIdx]
+ }
}
- if result := <-Srv.Store.Channel().GetChannels(c.Session.TeamId, c.Session.UserId); result.Err != nil {
- c.Err = result.Err
+ if delay > 10000 {
+ c.Err = model.NewAppError("echoCommand", "Delays must be under 10000 seconds", "")
return false
- } else {
- channels := result.Data.(*model.ChannelList)
+ }
- for _, v := range channels.Channels {
- if v.Type == model.CHANNEL_DIRECT {
- continue
- }
+ if echoSem == nil {
+ // We want one additional thread allowed so we never reach channel lockup
+ echoSem = make(chan bool, maxThreads+1)
+ }
- if v.Name == channelName && !command.Suggest {
- post := &model.Post{}
- post.ChannelId = v.Id
- post.Message = message
+ if len(echoSem) >= maxThreads {
+ c.Err = model.NewAppError("echoCommand", "High volume of echo request, cannot process request", "")
+ return false
+ }
- if _, err := CreateValetPost(c, post); err != nil {
- c.Err = err
- return false
- }
+ echoSem <- true
+ go func() {
+ defer func() { <-echoSem }()
+ post := &model.Post{}
+ post.ChannelId = command.ChannelId
+ post.Message = message
- command.Response = model.RESP_EXECUTED
- return true
- }
+ time.Sleep(time.Duration(delay) * time.Second)
- if len(channelName) == 0 || (strings.Index(v.Name, channelName) == 0 && len(parts) < 3) {
- command.AddSuggestion(&model.SuggestCommand{Suggestion: cmd + " " + v.Name, Description: "Echo a message using Valet in a channel"})
- }
+ if _, err := CreatePost(c, post, false); err != nil {
+ l4g.Error("Unable to create /echo post, err=%v", err)
}
- }
+ }()
+
+ command.Response = model.RESP_EXECUTED
+ return true
} else if strings.Index(cmd, command.Command) == 0 {
- command.AddSuggestion(&model.SuggestCommand{Suggestion: cmd, Description: "Echo a message using Valet in a channel"})
+ command.AddSuggestion(&model.SuggestCommand{Suggestion: cmd, Description: "Echo back text from your account, /echo \"message\" [delay in seoncds]"})
}
return false
diff --git a/api/command_test.go b/api/command_test.go
index a58ef9be5..fe52dd41b 100644
--- a/api/command_test.go
+++ b/api/command_test.go
@@ -4,9 +4,10 @@
package api
import (
+ "testing"
+
"github.com/mattermost/platform/model"
"github.com/mattermost/platform/store"
- "testing"
)
func TestSuggestRootCommands(t *testing.T) {
@@ -50,6 +51,12 @@ func TestSuggestRootCommands(t *testing.T) {
if rs3.Suggestions[0].Suggestion != "/join" {
t.Fatal("should have join cmd")
}
+
+ rs4 := Client.Must(Client.Command("", "/ech", true)).Data.(*model.Command)
+
+ if rs4.Suggestions[0].Suggestion != "/echo" {
+ t.Fatal("should have echo cmd")
+ }
}
func TestLogoutCommands(t *testing.T) {
@@ -145,3 +152,31 @@ func TestJoinCommands(t *testing.T) {
t.Fatal("didn't join channel")
}
}
+
+func TestEchoCommand(t *testing.T) {
+ Setup()
+
+ team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
+ team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team)
+
+ user1 := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"}
+ user1 = Client.Must(Client.CreateUser(user1, "")).Data.(*model.User)
+ store.Must(Srv.Store.User().VerifyEmail(user1.Id))
+
+ Client.LoginByEmail(team.Name, user1.Email, "pwd")
+
+ channel1 := &model.Channel{DisplayName: "AA", Name: "aa" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id}
+ channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel)
+
+ echoTestString := "/echo test"
+
+ r1 := Client.Must(Client.Command(channel1.Id, echoTestString, false)).Data.(*model.Command)
+ if r1.Response != model.RESP_EXECUTED {
+ t.Fatal("Echo command failed to execute")
+ }
+
+ p1 := Client.Must(Client.GetPosts(channel1.Id, 0, 2, "")).Data.(*model.PostList)
+ if len(p1.Order) != 1 {
+ t.Fatal("Echo command failed to send")
+ }
+}
diff --git a/api/file.go b/api/file.go
index 50482a057..800c512c5 100644
--- a/api/file.go
+++ b/api/file.go
@@ -347,6 +347,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) {
}
w.Header().Set("Cache-Control", "max-age=2592000, public")
+ w.Header().Set("Content-Length", strconv.Itoa(len(f)))
w.Write(f)
}
diff --git a/api/post_test.go b/api/post_test.go
index ac9adf358..85d92de3a 100644
--- a/api/post_test.go
+++ b/api/post_test.go
@@ -331,7 +331,7 @@ func TestGetPosts(t *testing.T) {
t.Fatal("wrong order")
}
- if len(r1.Posts) != 4 {
+ if len(r1.Posts) != 2 { // 3a1 and 3; 3a1's parent already there
t.Fatal("wrong size")
}
@@ -345,7 +345,7 @@ func TestGetPosts(t *testing.T) {
t.Fatal("wrong order")
}
- if len(r2.Posts) != 4 {
+ if len(r2.Posts) != 3 { // 2 and 1a1; + 1a1's parent
t.Log(r2.Posts)
t.Fatal("wrong size")
}
diff --git a/api/team.go b/api/team.go
index 8587a6de4..e34b3a610 100644
--- a/api/team.go
+++ b/api/team.go
@@ -23,6 +23,7 @@ func InitTeam(r *mux.Router) {
sr := r.PathPrefix("/teams").Subrouter()
sr.Handle("/create", ApiAppHandler(createTeam)).Methods("POST")
sr.Handle("/create_from_signup", ApiAppHandler(createTeamFromSignup)).Methods("POST")
+ sr.Handle("/create_with_sso/{service:[A-Za-z]+}", ApiAppHandler(createTeamFromSSO)).Methods("POST")
sr.Handle("/signup", ApiAppHandler(signupTeam)).Methods("POST")
sr.Handle("/find_team_by_name", ApiAppHandler(findTeamByName)).Methods("POST")
sr.Handle("/find_teams", ApiAppHandler(findTeams)).Methods("POST")
@@ -35,6 +36,11 @@ func InitTeam(r *mux.Router) {
}
func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) {
+ if !utils.Cfg.ServiceSettings.AllowEmailSignUp {
+ c.Err = model.NewAppError("signupTeam", "Team sign-up with email is disabled.", "")
+ c.Err.StatusCode = http.StatusNotImplemented
+ return
+ }
m := model.MapFromJson(r.Body)
email := strings.ToLower(strings.TrimSpace(m["email"]))
@@ -44,6 +50,10 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
+ if !isTreamCreationAllowed(c, email) {
+ return
+ }
+
subjectPage := NewServerTemplatePage("signup_team_subject", c.GetSiteURL())
bodyPage := NewServerTemplatePage("signup_team_body", c.GetSiteURL())
bodyPage.Props["TourUrl"] = utils.Cfg.TeamSettings.TourLink
@@ -70,7 +80,70 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) {
w.Write([]byte(model.MapToJson(m)))
}
+func createTeamFromSSO(c *Context, w http.ResponseWriter, r *http.Request) {
+ params := mux.Vars(r)
+ service := params["service"]
+
+ if !utils.IsServiceAllowed(service) {
+ c.SetInvalidParam("createTeamFromSSO", "service")
+ return
+ }
+
+ team := model.TeamFromJson(r.Body)
+
+ if team == nil {
+ c.SetInvalidParam("createTeamFromSSO", "team")
+ return
+ }
+
+ team.PreSave()
+
+ team.Name = model.CleanTeamName(team.Name)
+
+ if err := team.IsValid(); err != nil {
+ c.Err = err
+ return
+ }
+
+ team.Id = ""
+
+ found := true
+ count := 0
+ for found {
+ if found = FindTeamByName(c, team.Name, "true"); c.Err != nil {
+ return
+ } else if found {
+ team.Name = team.Name + strconv.Itoa(count)
+ count += 1
+ }
+ }
+
+ team.AllowValet = utils.Cfg.TeamSettings.AllowValetDefault
+
+ if result := <-Srv.Store.Team().Save(team); result.Err != nil {
+ c.Err = result.Err
+ return
+ } else {
+ rteam := result.Data.(*model.Team)
+
+ if _, err := CreateDefaultChannels(c, rteam.Id); err != nil {
+ c.Err = nil
+ return
+ }
+
+ data := map[string]string{"follow_link": c.GetSiteURL() + "/" + rteam.Name + "/signup/" + service}
+ w.Write([]byte(model.MapToJson(data)))
+
+ }
+
+}
+
func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) {
+ if !utils.Cfg.ServiceSettings.AllowEmailSignUp {
+ c.Err = model.NewAppError("createTeamFromSignup", "Team sign-up with email is disabled.", "")
+ c.Err.StatusCode = http.StatusNotImplemented
+ return
+ }
teamSignup := model.TeamSignupFromJson(r.Body)
@@ -89,6 +162,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) {
c.Err = err
return
}
+
+ if !isTreamCreationAllowed(c, teamSignup.Team.Email) {
+ return
+ }
+
teamSignup.Team.Id = ""
password := teamSignup.User.Password
@@ -161,6 +239,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) {
}
func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
+ if !utils.Cfg.ServiceSettings.AllowEmailSignUp {
+ c.Err = model.NewAppError("createTeam", "Team sign-up with email is disabled.", "")
+ c.Err.StatusCode = http.StatusNotImplemented
+ return
+ }
team := model.TeamFromJson(r.Body)
@@ -169,6 +252,10 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
+ if !isTreamCreationAllowed(c, team.Email) {
+ return
+ }
+
if utils.Cfg.ServiceSettings.Mode != utils.MODE_DEV {
c.Err = model.NewAppError("createTeam", "The mode does not allow network creation without a valid invite", "")
return
@@ -181,7 +268,7 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
rteam := result.Data.(*model.Team)
if _, err := CreateDefaultChannels(c, rteam.Id); err != nil {
- c.Err = nil
+ c.Err = err
return
}
@@ -196,6 +283,35 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
}
}
+func isTreamCreationAllowed(c *Context, email string) bool {
+
+ email = strings.ToLower(email)
+
+ if utils.Cfg.TeamSettings.DisableTeamCreation {
+ c.Err = model.NewAppError("isTreamCreationAllowed", "Team creation has been disabled. Please ask your systems administrator for details.", "")
+ return false
+ }
+
+ // commas and @ signs are optional
+ // can be in the form of "@corp.mattermost.com, mattermost.com mattermost.org" -> corp.mattermost.com mattermost.com mattermost.org
+ domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(utils.Cfg.TeamSettings.RestrictCreationToDomains, "@", " ", -1), ",", " ", -1))))
+
+ matched := false
+ for _, d := range domains {
+ if strings.HasSuffix(email, "@"+d) {
+ matched = true
+ break
+ }
+ }
+
+ if len(utils.Cfg.TeamSettings.RestrictCreationToDomains) > 0 && !matched {
+ c.Err = model.NewAppError("isTreamCreationAllowed", "Email must be from a specific domain (e.g. @example.com). Please ask your systems administrator for details.", "")
+ return false
+ }
+
+ return true
+}
+
func findTeamByName(c *Context, w http.ResponseWriter, r *http.Request) {
m := model.MapFromJson(r.Body)
diff --git a/api/user.go b/api/user.go
index 05ccd03e8..3796dde2a 100644
--- a/api/user.go
+++ b/api/user.go
@@ -58,6 +58,11 @@ func InitUser(r *mux.Router) {
}
func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
+ if !utils.Cfg.ServiceSettings.AllowEmailSignUp {
+ c.Err = model.NewAppError("signupTeam", "User sign-up with email is disabled.", "")
+ c.Err.StatusCode = http.StatusNotImplemented
+ return
+ }
user := model.UserFromJson(r.Body)
@@ -181,7 +186,7 @@ func CreateUser(c *Context, team *model.Team, user *model.User) *model.User {
if result := <-Srv.Store.User().Save(user); result.Err != nil {
c.Err = result.Err
- l4g.Error("Filae err=%v", result.Err)
+ l4g.Error("Couldn't save the user err=%v", result.Err)
return nil
} else {
ruser := result.Data.(*model.User)
@@ -1426,3 +1431,18 @@ func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser
}
}
+
+func IsUsernameTaken(name string, teamId string) bool {
+
+ if !model.IsValidUsername(name) {
+ return false
+ }
+
+ if result := <-Srv.Store.User().GetByUsername(teamId, name); result.Err != nil {
+ return false
+ } else {
+ return true
+ }
+
+ return false
+}
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-25 18:25:12 +0000