diff options
Diffstat (limited to 'web/web.go')
-rw-r--r-- | web/web.go | 81 |
1 files changed, 70 insertions, 11 deletions
diff --git a/web/web.go b/web/web.go index bf985a5a0..a1bbf5a81 100644 --- a/web/web.go +++ b/web/web.go @@ -189,9 +189,40 @@ func login(c *api.Context, w http.ResponseWriter, r *http.Request) { return } + // We still might be able to switch to this team because we've logged in before + if multiCookie, err := r.Cookie(model.MULTI_SESSION_TOKEN); err == nil { + multiToken := multiCookie.Value + + if len(multiToken) > 0 { + tokens := strings.Split(multiToken, " ") + + for _, token := range tokens { + if sr := <-api.Srv.Store.Session().Get(token); sr.Err == nil { + s := sr.Data.(*model.Session) + + if !s.IsExpired() && s.TeamId == team.Id { + w.Header().Set(model.HEADER_TOKEN, s.Token) + sessionCookie := &http.Cookie{ + Name: model.SESSION_TOKEN, + Value: s.Token, + Path: "/", + MaxAge: model.SESSION_TIME_WEB_IN_SECS, + HttpOnly: true, + } + + http.SetCookie(w, sessionCookie) + + http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusTemporaryRedirect) + return + } + } + } + } + } + page := NewHtmlTemplatePage("login", "Login") page.Props["TeamDisplayName"] = team.DisplayName - page.Props["TeamName"] = teamName + page.Props["TeamName"] = team.Name page.Render(c, w) } @@ -288,6 +319,10 @@ func logout(c *api.Context, w http.ResponseWriter, r *http.Request) { func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) name := params["channelname"] + teamName := params["team"] + + var team *model.Team + teamChan := api.Srv.Store.Team().Get(c.Session.TeamId) var channelId string if result := <-api.Srv.Store.Channel().CheckPermissionsToByName(c.Session.TeamId, name, c.Session.UserId); result.Err != nil { @@ -297,6 +332,19 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { channelId = result.Data.(string) } + if tResult := <-teamChan; tResult.Err != nil { + c.Err = tResult.Err + return + } else { + team = tResult.Data.(*model.Team) + } + + if team.Name != teamName { + l4g.Error("It appears you are logged into " + team.Name + ", but are trying to access " + teamName) + http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusFound) + return + } + if len(channelId) == 0 { if strings.Index(name, "__") > 0 { // It's a direct message channel that doesn't exist yet so let's create it @@ -319,7 +367,7 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { // lets make sure the user is valid if result := <-api.Srv.Store.User().Get(c.Session.UserId); result.Err != nil { c.Err = result.Err - c.RemoveSessionCookie(w) + c.RemoveSessionCookie(w, r) l4g.Error("Error in getting users profile for id=%v forcing logout", c.Session.UserId) return } @@ -332,18 +380,10 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { } } - var team *model.Team - - if tResult := <-api.Srv.Store.Team().Get(c.Session.TeamId); tResult.Err != nil { - c.Err = tResult.Err - return - } else { - team = tResult.Data.(*model.Team) - } - page := NewHtmlTemplatePage("channel", "") page.Props["Title"] = name + " - " + team.DisplayName + " " + page.ClientProps["SiteName"] page.Props["TeamDisplayName"] = team.DisplayName + page.Props["TeamName"] = team.Name page.Props["TeamType"] = team.Type page.Props["TeamId"] = team.Id page.Props["ChannelName"] = name @@ -451,6 +491,7 @@ func resetPassword(c *api.Context, w http.ResponseWriter, r *http.Request) { page := NewHtmlTemplatePage("password_reset", "") page.Props["Title"] = "Reset Password " + page.ClientProps["SiteName"] page.Props["TeamDisplayName"] = teamDisplayName + page.Props["TeamName"] = teamName page.Props["Hash"] = hash page.Props["Data"] = data page.Props["TeamName"] = teamName @@ -843,6 +884,12 @@ func getAccessToken(c *api.Context, w http.ResponseWriter, r *http.Request) { } func incomingWebhook(c *api.Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { + c.Err = model.NewAppError("incomingWebhook", "Incoming webhooks have been disabled by the system admin.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } + params := mux.Vars(r) id := params["id"] @@ -865,6 +912,9 @@ func incomingWebhook(c *api.Context, w http.ResponseWriter, r *http.Request) { channelName := props["channel"] + overrideUsername := props["username"] + overrideIconUrl := props["icon_url"] + var hook *model.IncomingWebhook if result := <-hchan; result.Err != nil { c.Err = model.NewAppError("incomingWebhook", "Invalid webhook", "err="+result.Err.Message) @@ -910,6 +960,15 @@ func incomingWebhook(c *api.Context, w http.ResponseWriter, r *http.Request) { pchan := api.Srv.Store.Channel().CheckPermissionsTo(hook.TeamId, channel.Id, hook.UserId) post := &model.Post{UserId: hook.UserId, ChannelId: channel.Id, Message: text} + post.AddProp("from_webhook", "true") + + if len(overrideUsername) != 0 && utils.Cfg.ServiceSettings.EnablePostUsernameOverride { + post.AddProp("override_username", overrideUsername) + } + + if len(overrideIconUrl) != 0 && utils.Cfg.ServiceSettings.EnablePostIconOverride { + post.AddProp("override_icon_url", overrideIconUrl) + } if !c.HasPermissionsToChannel(pchan, "createIncomingHook") && channel.Type != model.CHANNEL_OPEN { c.Err = model.NewAppError("incomingWebhook", "Inappropriate channel permissions", "") |