diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/admin.go | 182 | ||||
-rw-r--r-- | app/analytics.go | 239 | ||||
-rw-r--r-- | app/app.go | 16 | ||||
-rw-r--r-- | app/authorization.go | 31 | ||||
-rw-r--r-- | app/brand.go | 49 | ||||
-rw-r--r-- | app/compliance.go | 62 | ||||
-rw-r--r-- | app/ldap.go | 40 | ||||
-rw-r--r-- | app/post.go | 305 | ||||
-rw-r--r-- | app/saml.go | 67 | ||||
-rw-r--r-- | app/session.go | 10 | ||||
-rw-r--r-- | app/user.go | 154 | ||||
-rw-r--r-- | app/user_test.go | 26 |
12 files changed, 1167 insertions, 14 deletions
diff --git a/app/admin.go b/app/admin.go new file mode 100644 index 000000000..c694285fa --- /dev/null +++ b/app/admin.go @@ -0,0 +1,182 @@ +// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package app + +import ( + "bufio" + "os" + "strings" + "time" + + "runtime/debug" + + l4g "github.com/alecthomas/log4go" + "github.com/mattermost/platform/einterfaces" + "github.com/mattermost/platform/model" + "github.com/mattermost/platform/store" + "github.com/mattermost/platform/utils" +) + +func GetLogs() ([]string, *model.AppError) { + var lines []string + + if utils.Cfg.LogSettings.EnableFile { + file, err := os.Open(utils.GetLogFileLocation(utils.Cfg.LogSettings.FileLocation)) + if err != nil { + return nil, model.NewLocAppError("getLogs", "api.admin.file_read_error", nil, err.Error()) + } + + defer file.Close() + + scanner := bufio.NewScanner(file) + for scanner.Scan() { + lines = append(lines, scanner.Text()) + } + } else { + lines = append(lines, "") + } + + if einterfaces.GetClusterInterface() != nil { + clines, err := einterfaces.GetClusterInterface().GetLogs() + if err != nil { + return nil, err + } + + lines = append(lines, clines...) + } + + return lines, nil +} + +func GetClusterStatus() []*model.ClusterInfo { + infos := make([]*model.ClusterInfo, 0) + + if einterfaces.GetClusterInterface() != nil { + infos = einterfaces.GetClusterInterface().GetClusterInfos() + } + + return infos +} + +func InvalidateAllCaches() *model.AppError { + debug.FreeOSMemory() + InvalidateAllCachesSkipSend() + + if einterfaces.GetClusterInterface() != nil { + err := einterfaces.GetClusterInterface().InvalidateAllCaches() + if err != nil { + return err + } + } + + return nil +} + +func InvalidateAllCachesSkipSend() { + l4g.Info(utils.T("api.context.invalidate_all_caches")) + sessionCache.Purge() + ClearStatusCache() + store.ClearChannelCaches() + store.ClearUserCaches() + store.ClearPostCaches() +} + +func GetConfig() *model.Config { + json := utils.Cfg.ToJson() + cfg := model.ConfigFromJson(strings.NewReader(json)) + cfg.Sanitize() + + return cfg +} + +func ReloadConfig() { + debug.FreeOSMemory() + utils.LoadConfig(utils.CfgFileName) + + // start/restart email batching job if necessary + InitEmailBatching() +} + +func SaveConfig(cfg *model.Config) *model.AppError { + cfg.SetDefaults() + utils.Desanitize(cfg) + + if err := cfg.IsValid(); err != nil { + return err + } + + if err := utils.ValidateLdapFilter(cfg); err != nil { + return err + } + + if *utils.Cfg.ClusterSettings.Enable { + return model.NewLocAppError("saveConfig", "ent.cluster.save_config.error", nil, "") + } + + //oldCfg := utils.Cfg + utils.SaveConfig(utils.CfgFileName, cfg) + utils.LoadConfig(utils.CfgFileName) + + if einterfaces.GetMetricsInterface() != nil { + if *utils.Cfg.MetricsSettings.Enable { + einterfaces.GetMetricsInterface().StartServer() + } else { + einterfaces.GetMetricsInterface().StopServer() + } + } + + // Future feature is to sync the configuration files + // if einterfaces.GetClusterInterface() != nil { + // err := einterfaces.GetClusterInterface().ConfigChanged(cfg, oldCfg, true) + // if err != nil { + // return err + // } + // } + + // start/restart email batching job if necessary + InitEmailBatching() + + return nil +} + +func RecycleDatabaseConnection() { + oldStore := Srv.Store + + l4g.Warn(utils.T("api.admin.recycle_db_start.warn")) + Srv.Store = store.NewSqlStore() + + time.Sleep(20 * time.Second) + oldStore.Close() + + l4g.Warn(utils.T("api.admin.recycle_db_end.warn")) +} + +func TestEmail(userId string, cfg *model.Config) *model.AppError { + if len(cfg.EmailSettings.SMTPServer) == 0 { + return model.NewLocAppError("testEmail", "api.admin.test_email.missing_server", nil, utils.T("api.context.invalid_param.app_error", map[string]interface{}{"Name": "SMTPServer"})) + } + + // if the user hasn't changed their email settings, fill in the actual SMTP password so that + // the user can verify an existing SMTP connection + if cfg.EmailSettings.SMTPPassword == model.FAKE_SETTING { + if cfg.EmailSettings.SMTPServer == utils.Cfg.EmailSettings.SMTPServer && + cfg.EmailSettings.SMTPPort == utils.Cfg.EmailSettings.SMTPPort && + cfg.EmailSettings.SMTPUsername == utils.Cfg.EmailSettings.SMTPUsername { + cfg.EmailSettings.SMTPPassword = utils.Cfg.EmailSettings.SMTPPassword + } else { + return model.NewLocAppError("testEmail", "api.admin.test_email.reenter_password", nil, "") + } + } + + if user, err := GetUser(userId); err != nil { + return err + } else { + T := utils.GetUserTranslations(user.Locale) + if err := utils.SendMailUsingConfig(user.Email, T("api.admin.test_email.subject"), T("api.admin.test_email.body"), cfg); err != nil { + return err + } + } + + return nil +} diff --git a/app/analytics.go b/app/analytics.go new file mode 100644 index 000000000..891c0dfae --- /dev/null +++ b/app/analytics.go @@ -0,0 +1,239 @@ +// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package app + +import ( + l4g "github.com/alecthomas/log4go" + "github.com/mattermost/platform/einterfaces" + "github.com/mattermost/platform/model" + "github.com/mattermost/platform/store" + "github.com/mattermost/platform/utils" +) + +const ( + DAY_MILLISECONDS = 24 * 60 * 60 * 1000 + MONTH_MILLISECONDS = 31 * DAY_MILLISECONDS +) + +func GetAnalytics(name string, teamId string) (model.AnalyticsRows, *model.AppError) { + skipIntensiveQueries := false + var systemUserCount int64 + if r := <-Srv.Store.User().AnalyticsUniqueUserCount(""); r.Err != nil { + return nil, r.Err + } else { + systemUserCount = r.Data.(int64) + if systemUserCount > int64(*utils.Cfg.AnalyticsSettings.MaxUsersForStatistics) { + l4g.Debug("More than %v users on the system, intensive queries skipped", *utils.Cfg.AnalyticsSettings.MaxUsersForStatistics) + skipIntensiveQueries = true + } + } + + if name == "standard" { + var rows model.AnalyticsRows = make([]*model.AnalyticsRow, 10) + rows[0] = &model.AnalyticsRow{"channel_open_count", 0} + rows[1] = &model.AnalyticsRow{"channel_private_count", 0} + rows[2] = &model.AnalyticsRow{"post_count", 0} + rows[3] = &model.AnalyticsRow{"unique_user_count", 0} + rows[4] = &model.AnalyticsRow{"team_count", 0} + rows[5] = &model.AnalyticsRow{"total_websocket_connections", 0} + rows[6] = &model.AnalyticsRow{"total_master_db_connections", 0} + rows[7] = &model.AnalyticsRow{"total_read_db_connections", 0} + rows[8] = &model.AnalyticsRow{"daily_active_users", 0} + rows[9] = &model.AnalyticsRow{"monthly_active_users", 0} + + openChan := Srv.Store.Channel().AnalyticsTypeCount(teamId, model.CHANNEL_OPEN) + privateChan := Srv.Store.Channel().AnalyticsTypeCount(teamId, model.CHANNEL_PRIVATE) + teamChan := Srv.Store.Team().AnalyticsTeamCount() + + var userChan store.StoreChannel + if teamId != "" { + userChan = Srv.Store.User().AnalyticsUniqueUserCount(teamId) + } + + var postChan store.StoreChannel + if !skipIntensiveQueries { + postChan = Srv.Store.Post().AnalyticsPostCount(teamId, false, false) + } + + dailyActiveChan := Srv.Store.User().AnalyticsActiveCount(DAY_MILLISECONDS) + monthlyActiveChan := Srv.Store.User().AnalyticsActiveCount(MONTH_MILLISECONDS) + + if r := <-openChan; r.Err != nil { + return nil, r.Err + } else { + rows[0].Value = float64(r.Data.(int64)) + } + + if r := <-privateChan; r.Err != nil { + return nil, r.Err + } else { + rows[1].Value = float64(r.Data.(int64)) + } + + if postChan == nil { + rows[2].Value = -1 + } else { + if r := <-postChan; r.Err != nil { + return nil, r.Err + } else { + rows[2].Value = float64(r.Data.(int64)) + } + } + + if userChan == nil { + rows[3].Value = float64(systemUserCount) + } else { + if r := <-userChan; r.Err != nil { + return nil, r.Err + } else { + rows[3].Value = float64(r.Data.(int64)) + } + } + + if r := <-teamChan; r.Err != nil { + return nil, r.Err + } else { + rows[4].Value = float64(r.Data.(int64)) + } + + // If in HA mode then aggregrate all the stats + if einterfaces.GetClusterInterface() != nil && *utils.Cfg.ClusterSettings.Enable { + stats, err := einterfaces.GetClusterInterface().GetClusterStats() + if err != nil { + return nil, err + } + + totalSockets := TotalWebsocketConnections() + totalMasterDb := Srv.Store.TotalMasterDbConnections() + totalReadDb := Srv.Store.TotalReadDbConnections() + + for _, stat := range stats { + totalSockets = totalSockets + stat.TotalWebsocketConnections + totalMasterDb = totalMasterDb + stat.TotalMasterDbConnections + totalReadDb = totalReadDb + stat.TotalReadDbConnections + } + + rows[5].Value = float64(totalSockets) + rows[6].Value = float64(totalMasterDb) + rows[7].Value = float64(totalReadDb) + + } else { + rows[5].Value = float64(TotalWebsocketConnections()) + rows[6].Value = float64(Srv.Store.TotalMasterDbConnections()) + rows[7].Value = float64(Srv.Store.TotalReadDbConnections()) + } + + if r := <-dailyActiveChan; r.Err != nil { + return nil, r.Err + } else { + rows[8].Value = float64(r.Data.(int64)) + } + + if r := <-monthlyActiveChan; r.Err != nil { + return nil, r.Err + } else { + rows[9].Value = float64(r.Data.(int64)) + } + + return rows, nil + } else if name == "post_counts_day" { + if skipIntensiveQueries { + rows := model.AnalyticsRows{&model.AnalyticsRow{"", -1}} + return rows, nil + } + + if r := <-Srv.Store.Post().AnalyticsPostCountsByDay(teamId); r.Err != nil { + return nil, r.Err + } else { + return r.Data.(model.AnalyticsRows), nil + } + } else if name == "user_counts_with_posts_day" { + if skipIntensiveQueries { + rows := model.AnalyticsRows{&model.AnalyticsRow{"", -1}} + return rows, nil + } + + if r := <-Srv.Store.Post().AnalyticsUserCountsWithPostsByDay(teamId); r.Err != nil { + return nil, r.Err + } else { + return r.Data.(model.AnalyticsRows), nil + } + } else if name == "extra_counts" { + var rows model.AnalyticsRows = make([]*model.AnalyticsRow, 6) + rows[0] = &model.AnalyticsRow{"file_post_count", 0} + rows[1] = &model.AnalyticsRow{"hashtag_post_count", 0} + rows[2] = &model.AnalyticsRow{"incoming_webhook_count", 0} + rows[3] = &model.AnalyticsRow{"outgoing_webhook_count", 0} + rows[4] = &model.AnalyticsRow{"command_count", 0} + rows[5] = &model.AnalyticsRow{"session_count", 0} + + iHookChan := Srv.Store.Webhook().AnalyticsIncomingCount(teamId) + oHookChan := Srv.Store.Webhook().AnalyticsOutgoingCount(teamId) + commandChan := Srv.Store.Command().AnalyticsCommandCount(teamId) + sessionChan := Srv.Store.Session().AnalyticsSessionCount() + + var fileChan store.StoreChannel + var hashtagChan store.StoreChannel + if !skipIntensiveQueries { + fileChan = Srv.Store.Post().AnalyticsPostCount(teamId, true, false) + hashtagChan = Srv.Store.Post().AnalyticsPostCount(teamId, false, true) + } + + if fileChan == nil { + rows[0].Value = -1 + } else { + if r := <-fileChan; r.Err != nil { + return nil, r.Err + } else { + rows[0].Value = float64(r.Data.(int64)) + } + } + + if hashtagChan == nil { + rows[1].Value = -1 + } else { + if r := <-hashtagChan; r.Err != nil { + return nil, r.Err + } else { + rows[1].Value = float64(r.Data.(int64)) + } + } + + if r := <-iHookChan; r.Err != nil { + return nil, r.Err + } else { + rows[2].Value = float64(r.Data.(int64)) + } + + if r := <-oHookChan; r.Err != nil { + return nil, r.Err + } else { + rows[3].Value = float64(r.Data.(int64)) + } + + if r := <-commandChan; r.Err != nil { + return nil, r.Err + } else { + rows[4].Value = float64(r.Data.(int64)) + } + + if r := <-sessionChan; r.Err != nil { + return nil, r.Err + } else { + rows[5].Value = float64(r.Data.(int64)) + } + + return rows, nil + } + + return nil, nil +} + +func GetRecentlyActiveUsersForTeam(teamId string) (map[string]*model.User, *model.AppError) { + if result := <-Srv.Store.User().GetRecentlyActiveUsersForTeam(teamId); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(map[string]*model.User), nil + } +} diff --git a/app/app.go b/app/app.go new file mode 100644 index 000000000..8568c7bba --- /dev/null +++ b/app/app.go @@ -0,0 +1,16 @@ +// Copyright (c) 2016 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package app + +import ( + "io/ioutil" + "net/http" +) + +func CloseBody(r *http.Response) { + if r.Body != nil { + ioutil.ReadAll(r.Body) + r.Body.Close() + } +} diff --git a/app/authorization.go b/app/authorization.go index 0f48b3c9d..b43d64341 100644 --- a/app/authorization.go +++ b/app/authorization.go @@ -83,6 +83,19 @@ func SessionHasPermissionToUser(session model.Session, userId string) bool { return false } +func SessionHasPermissionToPost(session model.Session, postId string, permission *model.Permission) bool { + post, err := GetSinglePost(postId) + if err != nil { + return false + } + + if post.UserId == session.UserId { + return true + } + + return SessionHasPermissionToChannel(session, post.ChannelId, permission) +} + func HasPermissionTo(askingUserId string, permission *model.Permission) bool { user, err := GetUser(askingUserId) if err != nil { @@ -135,6 +148,24 @@ func HasPermissionToChannel(askingUserId string, channelId string, permission *m return HasPermissionTo(askingUserId, permission) } +func HasPermissionToChannelByPost(askingUserId string, postId string, permission *model.Permission) bool { + var channelMember *model.ChannelMember + if result := <-Srv.Store.Channel().GetMemberForPost(postId, askingUserId); result.Err == nil { + channelMember = result.Data.(*model.ChannelMember) + + if CheckIfRolesGrantPermission(channelMember.GetRoles(), permission.Id) { + return true + } + } + + if result := <-Srv.Store.Channel().GetForPost(postId); result.Err == nil { + channel := result.Data.(*model.Channel) + return HasPermissionToTeam(askingUserId, channel.TeamId, permission) + } + + return HasPermissionTo(askingUserId, permission) +} + func HasPermissionToUser(askingUserId string, userId string) bool { if askingUserId == userId { return true diff --git a/app/brand.go b/app/brand.go new file mode 100644 index 000000000..aeecc6972 --- /dev/null +++ b/app/brand.go @@ -0,0 +1,49 @@ +// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package app + +import ( + "mime/multipart" + "net/http" + + "github.com/mattermost/platform/einterfaces" + "github.com/mattermost/platform/model" + "github.com/mattermost/platform/utils" +) + +func SaveBrandImage(imageData *multipart.FileHeader) *model.AppError { + brandInterface := einterfaces.GetBrandInterface() + if brandInterface == nil { + err := model.NewLocAppError("SaveBrandImage", "api.admin.upload_brand_image.not_available.app_error", nil, "") + err.StatusCode = http.StatusNotImplemented + return err + } + + if err := brandInterface.SaveBrandImage(imageData); err != nil { + return err + } + + return nil +} + +func GetBrandImage() ([]byte, *model.AppError) { + if len(utils.Cfg.FileSettings.DriverName) == 0 { + err := model.NewLocAppError("GetBrandImage", "api.admin.get_brand_image.storage.app_error", nil, "") + err.StatusCode = http.StatusNotImplemented + return nil, err + } + + brandInterface := einterfaces.GetBrandInterface() + if brandInterface == nil { + err := model.NewLocAppError("GetBrandImage", "api.admin.get_brand_image.not_available.app_error", nil, "") + err.StatusCode = http.StatusNotImplemented + return nil, err + } + + if img, err := brandInterface.GetBrandImage(); err != nil { + return nil, err + } else { + return img, nil + } +} diff --git a/app/compliance.go b/app/compliance.go new file mode 100644 index 000000000..ffef69b44 --- /dev/null +++ b/app/compliance.go @@ -0,0 +1,62 @@ +// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package app + +import ( + "io/ioutil" + + "github.com/mattermost/platform/einterfaces" + "github.com/mattermost/platform/model" + "github.com/mattermost/platform/utils" +) + +func GetComplianceReports() (model.Compliances, *model.AppError) { + if !*utils.Cfg.ComplianceSettings.Enable || !utils.IsLicensed || !*utils.License.Features.Compliance { + return nil, model.NewLocAppError("GetComplianceReports", "ent.compliance.licence_disable.app_error", nil, "") + } + + if result := <-Srv.Store.Compliance().GetAll(); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(model.Compliances), nil + } +} + +func SaveComplianceReport(job *model.Compliance) (*model.Compliance, *model.AppError) { + if !*utils.Cfg.ComplianceSettings.Enable || !utils.IsLicensed || !*utils.License.Features.Compliance || einterfaces.GetComplianceInterface() == nil { + return nil, model.NewLocAppError("saveComplianceReport", "ent.compliance.licence_disable.app_error", nil, "") + } + + job.Type = model.COMPLIANCE_TYPE_ADHOC + + if result := <-Srv.Store.Compliance().Save(job); result.Err != nil { + return nil, result.Err + } else { + job = result.Data.(*model.Compliance) + go einterfaces.GetComplianceInterface().RunComplianceJob(job) + } + + return job, nil +} + +func GetComplianceReport(reportId string) (*model.Compliance, *model.AppError) { + if !*utils.Cfg.ComplianceSettings.Enable || !utils.IsLicensed || !*utils.License.Features.Compliance || einterfaces.GetComplianceInterface() == nil { + return nil, model.NewLocAppError("downloadComplianceReport", "ent.compliance.licence_disable.app_error", nil, "") + } + + if result := <-Srv.Store.Compliance().Get(reportId); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.Compliance), nil + } +} + +func GetComplianceFile(job *model.Compliance) ([]byte, *model.AppError) { + if f, err := ioutil.ReadFile(*utils.Cfg.ComplianceSettings.Directory + "compliance/" + job.JobName() + ".zip"); err != nil { + return nil, model.NewLocAppError("readFile", "api.file.read_file.reading_local.app_error", nil, err.Error()) + + } else { + return f, nil + } +} diff --git a/app/ldap.go b/app/ldap.go new file mode 100644 index 000000000..fe68dfa81 --- /dev/null +++ b/app/ldap.go @@ -0,0 +1,40 @@ +// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package app + +import ( + "net/http" + + l4g "github.com/alecthomas/log4go" + "github.com/mattermost/platform/einterfaces" + "github.com/mattermost/platform/model" + "github.com/mattermost/platform/utils" +) + +func SyncLdap() { + go func() { + if utils.IsLicensed && *utils.License.Features.LDAP && *utils.Cfg.LdapSettings.Enable { + if ldapI := einterfaces.GetLdapInterface(); ldapI != nil { + ldapI.SyncNow() + } else { + l4g.Error("%v", model.NewLocAppError("ldapSyncNow", "ent.ldap.disabled.app_error", nil, "").Error()) + } + } + }() +} + +func TestLdap() *model.AppError { + if ldapI := einterfaces.GetLdapInterface(); ldapI != nil && utils.IsLicensed && *utils.License.Features.LDAP && *utils.Cfg.LdapSettings.Enable { + if err := ldapI.RunTest(); err != nil { + err.StatusCode = 500 + return err + } + } else { + err := model.NewLocAppError("ldapTest", "ent.ldap.disabled.app_error", nil, "") + err.StatusCode = http.StatusNotImplemented + return err + } + + return nil +} diff --git a/app/post.go b/app/post.go index f37ce8ad3..6d34cc035 100644 --- a/app/post.go +++ b/app/post.go @@ -4,15 +4,55 @@ package app import ( + "net/http" "regexp" l4g "github.com/alecthomas/log4go" + "github.com/dyatlov/go-opengraph/opengraph" "github.com/mattermost/platform/einterfaces" "github.com/mattermost/platform/model" "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" ) +func CreatePostAsUser(post *model.Post, teamId string) (*model.Post, *model.AppError) { + // Check that channel has not been deleted + var channel *model.Channel + if result := <-Srv.Store.Channel().Get(post.ChannelId, true); result.Err != nil { + err := model.NewLocAppError("CreatePostAsUser", "api.context.invalid_param.app_error", map[string]interface{}{"Name": "post.channel_id"}, result.Err.Error()) + err.StatusCode = http.StatusBadRequest + return nil, err + } else { + channel = result.Data.(*model.Channel) + } + + if channel.DeleteAt != 0 { + err := model.NewLocAppError("createPost", "api.post.create_post.can_not_post_to_deleted.error", nil, "") + err.StatusCode = http.StatusBadRequest + return nil, err + } + + if rp, err := CreatePost(post, teamId, true); err != nil { + if err.Id == "api.post.create_post.root_id.app_error" || + err.Id == "api.post.create_post.channel_root_id.app_error" || + err.Id == "api.post.create_post.parent_id.app_error" { + err.StatusCode = http.StatusBadRequest + } + + return nil, err + } else { + // Update the LastViewAt only if the post does not have from_webhook prop set (eg. Zapier app) + if _, ok := post.Props["from_webhook"]; !ok { + if result := <-Srv.Store.Channel().UpdateLastViewedAt([]string{post.ChannelId}, post.UserId); result.Err != nil { + l4g.Error(utils.T("api.post.create_post.last_viewed.error"), post.ChannelId, post.UserId, result.Err) + } + } + + return rp, nil + } + +} + func CreatePost(post *model.Post, teamId string, triggerWebhooks bool) (*model.Post, *model.AppError) { var pchan store.StoreChannel if len(post.RootId) > 0 { @@ -194,3 +234,268 @@ func SendEphemeralPost(teamId, userId string, post *model.Post) *model.Post { return post } + +func UpdatePost(post *model.Post) (*model.Post, *model.AppError) { + if utils.IsLicensed { + if *utils.Cfg.ServiceSettings.AllowEditPost == model.ALLOW_EDIT_POST_NEVER { + err := model.NewLocAppError("updatePost", "api.post.update_post.permissions_denied.app_error", nil, "") + err.StatusCode = http.StatusForbidden + return nil, err + } + } + + var oldPost *model.Post + if result := <-Srv.Store.Post().Get(post.Id); result.Err != nil { + return nil, result.Err + } else { + oldPost = result.Data.(*model.PostList).Posts[post.Id] + + if oldPost == nil { + err := model.NewLocAppError("updatePost", "api.post.update_post.find.app_error", nil, "id="+post.Id) + err.StatusCode = http.StatusBadRequest + return nil, err + } + + if oldPost.UserId != post.UserId { + err := model.NewLocAppError("updatePost", "api.post.update_post.permissions.app_error", nil, "oldUserId="+oldPost.UserId) + err.StatusCode = http.StatusBadRequest + return nil, err + } + + if oldPost.DeleteAt != 0 { + err := model.NewLocAppError("updatePost", "api.post.update_post.permissions_details.app_error", map[string]interface{}{"PostId": post.Id}, "") + err.StatusCode = http.StatusBadRequest + return nil, err + } + + if oldPost.IsSystemMessage() { + err := model.NewLocAppError("updatePost", "api.post.update_post.system_message.app_error", nil, "id="+post.Id) + err.StatusCode = http.StatusBadRequest + return nil, err + } + + if utils.IsLicensed { + if *utils.Cfg.ServiceSettings.AllowEditPost == model.ALLOW_EDIT_POST_TIME_LIMIT && model.GetMillis() > oldPost.CreateAt+int64(*utils.Cfg.ServiceSettings.PostEditTimeLimit*1000) { + err := model.NewLocAppError("updatePost", "api.post.update_post.permissions_time_limit.app_error", map[string]interface{}{"timeLimit": *utils.Cfg.ServiceSettings.PostEditTimeLimit}, "") + err.StatusCode = http.StatusBadRequest + return nil, err + } + } + } + + newPost := &model.Post{} + *newPost = *oldPost + + newPost.Message = post.Message + newPost.EditAt = model.GetMillis() + newPost.Hashtags, _ = model.ParseHashtags(post.Message) + + if result := <-Srv.Store.Post().Update(newPost, oldPost); result.Err != nil { + return nil, result.Err + } else { + rpost := result.Data.(*model.Post) + + message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_POST_EDITED, "", rpost.ChannelId, "", nil) + message.Add("post", rpost.ToJson()) + + go Publish(message) + + InvalidateCacheForChannelPosts(rpost.ChannelId) + + return rpost, nil + } +} + +func GetPosts(channelId string, offset int, limit int) (*model.PostList, *model.AppError) { + if result := <-Srv.Store.Post().GetPosts(channelId, offset, limit, true); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.PostList), nil + } +} + +func GetPostsEtag(channelId string) string { + return (<-Srv.Store.Post().GetEtag(channelId, true)).Data.(string) +} + +func GetPostsSince(channelId string, time int64) (*model.PostList, *model.AppError) { + if result := <-Srv.Store.Post().GetPostsSince(channelId, time, true); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.PostList), nil + } +} + +func GetSinglePost(postId string) (*model.Post, *model.AppError) { + if result := <-Srv.Store.Post().GetSingle(postId); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.Post), nil + } +} + +func GetPostThread(postId string) (*model.PostList, *model.AppError) { + if result := <-Srv.Store.Post().Get(postId); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.PostList), nil + } +} + +func GetFlaggedPosts(userId string, offset int, limit int) (*model.PostList, *model.AppError) { + if result := <-Srv.Store.Post().GetFlaggedPosts(userId, offset, limit); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.PostList), nil + } +} + +func GetPermalinkPost(postId string, userId string) (*model.PostList, *model.AppError) { + if result := <-Srv.Store.Post().Get(postId); result.Err != nil { + return nil, result.Err + } else { + list := result.Data.(*model.PostList) + + if len(list.Order) != 1 { + return nil, model.NewLocAppError("getPermalinkTmp", "api.post_get_post_by_id.get.app_error", nil, "") + } + post := list.Posts[list.Order[0]] + + var channel *model.Channel + var err *model.AppError + if channel, err = GetChannel(post.ChannelId); err != nil { + return nil, err + } + + if err = JoinChannel(channel, userId); err != nil { + return nil, err + } + + return list, nil + } +} + +func GetPostsAroundPost(postId, channelId string, offset, limit int, before bool) (*model.PostList, *model.AppError) { + var pchan store.StoreChannel + if before { + pchan = Srv.Store.Post().GetPostsBefore(channelId, postId, limit, offset) + } else { + pchan = Srv.Store.Post().GetPostsAfter(channelId, postId, limit, offset) + } + + if result := <-pchan; result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.PostList), nil + } +} + +func DeletePost(postId string) (*model.Post, *model.AppError) { + if result := <-Srv.Store.Post().GetSingle(postId); result.Err != nil { + return nil, result.Err + } else { + post := result.Data.(*model.Post) + + if result := <-Srv.Store.Post().Delete(postId, model.GetMillis()); result.Err != nil { + return nil, result.Err + } + + message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_POST_DELETED, "", post.ChannelId, "", nil) + message.Add("post", post.ToJson()) + + go Publish(message) + go DeletePostFiles(post) + go DeleteFlaggedPosts(post.Id) + + InvalidateCacheForChannelPosts(post.ChannelId) + + return post, nil + } +} + +func DeleteFlaggedPosts(postId string) { + if result := <-Srv.Store.Preference().DeleteCategoryAndName(model.PREFERENCE_CATEGORY_FLAGGED_POST, postId); result.Err != nil { + l4g.Warn(utils.T("api.post.delete_flagged_post.app_error.warn"), result.Err) + return + } +} + +func DeletePostFiles(post *model.Post) { + if len(post.FileIds) != 0 { + return + } + + if result := <-Srv.Store.FileInfo().DeleteForPost(post.Id); result.Err != nil { + l4g.Warn(utils.T("api.post.delete_post_files.app_error.warn"), post.Id, result.Err) + } +} + +func SearchPostsInTeam(terms string, userId string, teamId string, isOrSearch bool) (*model.PostList, *model.AppError) { + paramsList := model.ParseSearchParams(terms) + channels := []store.StoreChannel{} + + for _, params := range paramsList { + params.OrTerms = isOrSearch + // don't allow users to search for everything + if params.Terms != "*" { + channels = append(channels, Srv.Store.Post().Search(teamId, userId, params)) + } + } + + posts := &model.PostList{} + for _, channel := range channels { + if result := <-channel; result.Err != nil { + return nil, result.Err + } else { + data := result.Data.(*model.PostList) + posts.Extend(data) + } + } + + return posts, nil +} + +func GetFileInfosForPost(postId string) ([]*model.FileInfo, *model.AppError) { + pchan := Srv.Store.Post().Get(postId) + fchan := Srv.Store.FileInfo().GetForPost(postId) + + var infos []*model.FileInfo + if result := <-fchan; result.Err != nil { + return nil, result.Err + } else { + infos = result.Data.([]*model.FileInfo) + } + + if len(infos) == 0 { + // No FileInfos were returned so check if they need to be created for this post + var post *model.Post + if result := <-pchan; result.Err != nil { + return nil, result.Err + } else { + post = result.Data.(*model.PostList).Posts[postId] + } + + if len(post.Filenames) > 0 { + // The post has Filenames that need to be replaced with FileInfos + infos = MigrateFilenamesToFileInfos(post) + } + } + + return infos, nil +} + +func GetOpenGraphMetadata(url string) *opengraph.OpenGraph { + og := opengraph.NewOpenGraph() + + res, err := http.Get(url) + defer CloseBody(res) + if err != nil { + return og + } + + if err := og.ProcessHTML(res.Body); err != nil { + return og + } + + return og +} diff --git a/app/saml.go b/app/saml.go new file mode 100644 index 000000000..cc39d4540 --- /dev/null +++ b/app/saml.go @@ -0,0 +1,67 @@ +// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package app + +import ( + "io" + "mime/multipart" + "net/http" + "os" + + "github.com/mattermost/platform/einterfaces" + "github.com/mattermost/platform/model" + "github.com/mattermost/platform/utils" +) + +func GetSamlMetadata() (string, *model.AppError) { + samlInterface := einterfaces.GetSamlInterface() + + if samlInterface == nil { + err := model.NewLocAppError("GetSamlMetadata", "api.admin.saml.not_available.app_error", nil, "") + err.StatusCode = http.StatusNotImplemented + return "", err + } + + if result, err := samlInterface.GetMetadata(); err != nil { + return "", model.NewLocAppError("GetSamlMetadata", "api.admin.saml.metadata.app_error", nil, "err="+err.Message) + } else { + return result, nil + } +} + +func AddSamlCertificate(fileData *multipart.FileHeader) *model.AppError { + file, err := fileData.Open() + defer file.Close() + if err != nil { + return model.NewLocAppError("AddSamlCertificate", "api.admin.add_certificate.open.app_error", nil, err.Error()) + } + + out, err := os.Create(utils.FindDir("config") + fileData.Filename) + if err != nil { + return model.NewLocAppError("AddSamlCertificate", "api.admin.add_certificate.saving.app_error", nil, err.Error()) + } + defer out.Close() + + io.Copy(out, file) + return nil +} + +func RemoveSamlCertificate(filename string) *model.AppError { + if err := os.Remove(utils.FindConfigFile(filename)); err != nil { + return model.NewLocAppError("removeCertificate", "api.admin.remove_certificate.delete.app_error", + map[string]interface{}{"Filename": filename}, err.Error()) + } + + return nil +} + +func GetSamlCertificateStatus() map[string]interface{} { + status := make(map[string]interface{}) + + status["IdpCertificateFile"] = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.IdpCertificateFile) + status["PrivateKeyFile"] = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.PrivateKeyFile) + status["PublicCertificateFile"] = utils.FileExistsInConfigFolder(*utils.Cfg.SamlSettings.PublicCertificateFile) + + return status +} diff --git a/app/session.go b/app/session.go index 289bb6a2d..83e5f343a 100644 --- a/app/session.go +++ b/app/session.go @@ -6,7 +6,6 @@ package app import ( "github.com/mattermost/platform/einterfaces" "github.com/mattermost/platform/model" - "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" l4g "github.com/alecthomas/log4go" @@ -124,15 +123,6 @@ func AddSessionToCache(session *model.Session) { sessionCache.AddWithExpiresInSecs(session.Token, session, int64(*utils.Cfg.ServiceSettings.SessionCacheInMinutes*60)) } -func InvalidateAllCaches() { - l4g.Info(utils.T("api.context.invalidate_all_caches")) - sessionCache.Purge() - ClearStatusCache() - store.ClearChannelCaches() - store.ClearUserCaches() - store.ClearPostCaches() -} - func SessionCacheLength() int { return sessionCache.Len() } diff --git a/app/user.go b/app/user.go index dbff914d9..8fbed301d 100644 --- a/app/user.go +++ b/app/user.go @@ -7,6 +7,7 @@ import ( "bytes" "fmt" "hash/fnv" + "html/template" "image" "image/color" "image/draw" @@ -17,6 +18,7 @@ import ( "io/ioutil" "mime/multipart" "net/http" + "net/url" "strconv" "strings" @@ -66,7 +68,7 @@ func CreateUserWithHash(user *model.User, hash string, data string) (*model.User return ruser, nil } -func CreateUserWithInviteId(user *model.User, inviteId string) (*model.User, *model.AppError) { +func CreateUserWithInviteId(user *model.User, inviteId string, siteURL string) (*model.User, *model.AppError) { var team *model.Team if result := <-Srv.Store.Team().GetByInviteId(inviteId); result.Err != nil { return nil, result.Err @@ -86,6 +88,10 @@ func CreateUserWithInviteId(user *model.User, inviteId string) (*model.User, *mo AddDirectChannels(team.Id, ruser) + if err := SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, siteURL); err != nil { + l4g.Error(err.Error()) + } + return ruser, nil } @@ -106,6 +112,9 @@ func IsFirstUserAccount() bool { } func CreateUser(user *model.User) (*model.User, *model.AppError) { + if !user.IsSSOUser() && !CheckUserDomain(user, utils.Cfg.TeamSettings.RestrictCreationToDomains) { + return nil, model.NewLocAppError("CreateUser", "api.user.create_user.accepted_domain.app_error", nil, "") + } user.Roles = model.ROLE_SYSTEM_USER.Id @@ -217,6 +226,25 @@ func CreateOAuthUser(service string, userData io.Reader, teamId string) (*model. return ruser, nil } +// Check that a user's email domain matches a list of space-delimited domains as a string. +func CheckUserDomain(user *model.User, domains string) bool { + if len(domains) == 0 { + return true + } + + domainArray := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(domains, "@", " ", -1), ",", " ", -1)))) + + matched := false + for _, d := range domainArray { + if strings.HasSuffix(strings.ToLower(user.Email), "@"+d) { + matched = true + break + } + } + + return matched +} + // Check if the username is already used by another user. Return false if the username is invalid. func IsUsernameTaken(name string) bool { @@ -547,6 +575,22 @@ func SetProfileImage(userId string, imageData *multipart.FileHeader) *model.AppE return nil } +func UpdateActiveNoLdap(userId string, active bool) (*model.User, *model.AppError) { + var user *model.User + var err *model.AppError + if user, err = GetUser(userId); err != nil { + return nil, err + } + + if user.IsLDAPUser() { + err := model.NewLocAppError("UpdateActive", "api.user.update_active.no_deactivate_ldap.app_error", nil, "userId="+user.Id) + err.StatusCode = http.StatusBadRequest + return nil, err + } + + return UpdateActive(user, active) +} + func UpdateActive(user *model.User, active bool) (*model.User, *model.AppError) { if active { user.DeleteAt = 0 @@ -616,7 +660,40 @@ func UpdateUser(user *model.User, siteURL string) (*model.User, *model.AppError) } } -func UpdatePassword(user *model.User, hashedPassword string) *model.AppError { +func UpdateUserNotifyProps(userId string, props map[string]string, siteURL string) (*model.User, *model.AppError) { + var user *model.User + var err *model.AppError + if user, err = GetUser(userId); err != nil { + return nil, err + } + + user.NotifyProps = props + + var ruser *model.User + if ruser, err = UpdateUser(user, siteURL); err != nil { + return nil, err + } + + return ruser, nil +} + +func UpdatePasswordByUserIdSendEmail(userId, newPassword, method, siteURL string) *model.AppError { + var user *model.User + var err *model.AppError + if user, err = GetUser(userId); err != nil { + return err + } + + return UpdatePasswordSendEmail(user, newPassword, method, siteURL) +} + +func UpdatePassword(user *model.User, newPassword string) *model.AppError { + if err := utils.IsPasswordValid(newPassword); err != nil { + return err + } + + hashedPassword := model.HashPassword(newPassword) + if result := <-Srv.Store.User().UpdatePassword(user.Id, hashedPassword); result.Err != nil { return model.NewLocAppError("UpdatePassword", "api.user.update_password.failed.app_error", nil, result.Err.Error()) } @@ -624,8 +701,8 @@ func UpdatePassword(user *model.User, hashedPassword string) *model.AppError { return nil } -func UpdatePasswordSendEmail(user *model.User, hashedPassword, method, siteURL string) *model.AppError { - if err := UpdatePassword(user, hashedPassword); err != nil { +func UpdatePasswordSendEmail(user *model.User, newPassword, method, siteURL string) *model.AppError { + if err := UpdatePassword(user, newPassword); err != nil { return err } @@ -638,6 +715,75 @@ func UpdatePasswordSendEmail(user *model.User, hashedPassword, method, siteURL s return nil } +func SendPasswordReset(email string, siteURL string) (bool, *model.AppError) { + var user *model.User + var err *model.AppError + if user, err = GetUserByEmail(email); err != nil { + return false, nil + } + + if user.AuthData != nil && len(*user.AuthData) != 0 { + return false, model.NewLocAppError("SendPasswordReset", "api.user.send_password_reset.sso.app_error", nil, "userId="+user.Id) + } + + var recovery *model.PasswordRecovery + if recovery, err = CreatePasswordRecovery(user.Id); err != nil { + return false, err + } + + T := utils.GetUserTranslations(user.Locale) + + link := fmt.Sprintf("%s/reset_password_complete?code=%s", siteURL, url.QueryEscape(recovery.Code)) + + subject := T("api.templates.reset_subject") + + bodyPage := utils.NewHTMLTemplate("reset_body", user.Locale) + bodyPage.Props["SiteURL"] = siteURL + bodyPage.Props["Title"] = T("api.templates.reset_body.title") + bodyPage.Html["Info"] = template.HTML(T("api.templates.reset_body.info")) + bodyPage.Props["ResetUrl"] = link + bodyPage.Props["Button"] = T("api.templates.reset_body.button") + + if err := utils.SendMail(email, subject, bodyPage.Render()); err != nil { + return false, model.NewLocAppError("SendPasswordReset", "api.user.send_password_reset.send.app_error", nil, "err="+err.Message) + } + + return true, nil +} + +func ResetPasswordFromCode(code, newPassword, siteURL string) *model.AppError { + var recovery *model.PasswordRecovery + var err *model.AppError + if recovery, err = GetPasswordRecovery(code); err != nil { + return err + } else { + if model.GetMillis()-recovery.CreateAt >= model.PASSWORD_RECOVER_EXPIRY_TIME { + return model.NewLocAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "") + } + } + + var user *model.User + if user, err = GetUser(recovery.UserId); err != nil { + return err + } + + if user.IsSSOUser() { + return model.NewLocAppError("ResetPasswordFromCode", "api.user.reset_password.sso.app_error", nil, "userId="+user.Id) + } + + T := utils.GetUserTranslations(user.Locale) + + if err := UpdatePasswordSendEmail(user, newPassword, T("api.user.reset_password.method"), siteURL); err != nil { + return err + } + + if err := DeletePasswordRecoveryForUser(recovery.UserId); err != nil { + l4g.Error(err.Error()) + } + + return nil +} + func CreatePasswordRecovery(userId string) (*model.PasswordRecovery, *model.AppError) { recovery := &model.PasswordRecovery{} recovery.UserId = userId diff --git a/app/user_test.go b/app/user_test.go index ce2249ca0..5b994d219 100644 --- a/app/user_test.go +++ b/app/user_test.go @@ -25,3 +25,29 @@ func TestIsUsernameTaken(t *testing.T) { t.FailNow() } } + +func TestCheckUserDomain(t *testing.T) { + th := Setup().InitBasic() + user := th.BasicUser + + cases := []struct { + domains string + matched bool + }{ + {"simulator.amazonses.com", true}, + {"gmail.com", false}, + {"", true}, + {"gmail.com simulator.amazonses.com", true}, + } + for _, c := range cases { + matched := CheckUserDomain(user, c.domains) + if matched != c.matched { + if c.matched { + t.Logf("'%v' should have matched '%v'", user.Email, c.domains) + } else { + t.Logf("'%v' should not have matched '%v'", user.Email, c.domains) + } + t.FailNow() + } + } +} |