diff options
Diffstat (limited to 'web')
-rw-r--r-- | web/react/components/admin_console/service_settings.jsx | 68 | ||||
-rw-r--r-- | web/react/components/post.jsx | 6 | ||||
-rw-r--r-- | web/react/components/post_header.jsx | 23 | ||||
-rw-r--r-- | web/react/components/post_list.jsx | 8 | ||||
-rw-r--r-- | web/sass-files/sass/partials/_post.scss | 8 | ||||
-rw-r--r-- | web/web.go | 11 |
6 files changed, 108 insertions, 16 deletions
diff --git a/web/react/components/admin_console/service_settings.jsx b/web/react/components/admin_console/service_settings.jsx index 245ffa871..abc92cc20 100644 --- a/web/react/components/admin_console/service_settings.jsx +++ b/web/react/components/admin_console/service_settings.jsx @@ -37,6 +37,8 @@ export default class ServiceSettings extends React.Component { config.ServiceSettings.GoogleDeveloperKey = React.findDOMNode(this.refs.GoogleDeveloperKey).value.trim(); //config.ServiceSettings.EnableOAuthServiceProvider = React.findDOMNode(this.refs.EnableOAuthServiceProvider).checked; config.ServiceSettings.EnableIncomingWebhooks = React.findDOMNode(this.refs.EnableIncomingWebhooks).checked; + config.ServiceSettings.EnablePostUsernameOverride = React.findDOMNode(this.refs.EnablePostUsernameOverride).checked; + config.ServiceSettings.EnablePostIconOverride = React.findDOMNode(this.refs.EnablePostIconOverride).checked; config.ServiceSettings.EnableTesting = React.findDOMNode(this.refs.EnableTesting).checked; var MaximumLoginAttempts = 10; @@ -203,6 +205,72 @@ export default class ServiceSettings extends React.Component { </div> </div> + <div className='form-group'> + <label + className='control-label col-sm-4' + htmlFor='EnablePostUsernameOverride' + > + {'Enable Overriding Usernames from Webhooks: '} + </label> + <div className='col-sm-8'> + <label className='radio-inline'> + <input + type='radio' + name='EnablePostUsernameOverride' + value='true' + ref='EnablePostUsernameOverride' + defaultChecked={this.props.config.ServiceSettings.EnablePostUsernameOverride} + onChange={this.handleChange} + /> + {'true'} + </label> + <label className='radio-inline'> + <input + type='radio' + name='EnablePostUsernameOverride' + value='false' + defaultChecked={!this.props.config.ServiceSettings.EnablePostUsernameOverride} + onChange={this.handleChange} + /> + {'false'} + </label> + <p className='help-text'>{'When true, webhooks will be allowed to change the username they are posting as. Note, combined with allowing icon overriding, this could open users up to phishing attacks.'}</p> + </div> + </div> + + <div className='form-group'> + <label + className='control-label col-sm-4' + htmlFor='EnablePostIconOverride' + > + {'Enable Overriding Icon from Webhooks: '} + </label> + <div className='col-sm-8'> + <label className='radio-inline'> + <input + type='radio' + name='EnablePostIconOverride' + value='true' + ref='EnablePostIconOverride' + defaultChecked={this.props.config.ServiceSettings.EnablePostIconOverride} + onChange={this.handleChange} + /> + {'true'} + </label> + <label className='radio-inline'> + <input + type='radio' + name='EnablePostIconOverride' + value='false' + defaultChecked={!this.props.config.ServiceSettings.EnablePostIconOverride} + onChange={this.handleChange} + /> + {'false'} + </label> + <p className='help-text'>{'When true, webhooks will be allowed to change the icon they post with. Note, combined with allowing username overriding, this could open users up to phishing attacks.'}</p> + </div> + </div> + <div className='form-group'> <label className='control-label col-sm-4' diff --git a/web/react/components/post.jsx b/web/react/components/post.jsx index ba53054cd..ac9c9252e 100644 --- a/web/react/components/post.jsx +++ b/web/react/components/post.jsx @@ -159,8 +159,10 @@ export default class Post extends React.Component { var profilePic = null; if (!this.props.hideProfilePic) { let src = '/api/v1/users/' + post.user_id + '/image?time=' + timestamp; - if (post.props && post.props.override_icon_url) { - src = post.props.override_icon_url; + if (post.props && post.props.from_webhook && global.window.config.EnablePostIconOverride === 'true') { + if (post.props.override_icon_url) { + src = post.props.override_icon_url; + } } profilePic = ( diff --git a/web/react/components/post_header.jsx b/web/react/components/post_header.jsx index c2cadb742..dd79b3e36 100644 --- a/web/react/components/post_header.jsx +++ b/web/react/components/post_header.jsx @@ -13,19 +13,26 @@ export default class PostHeader extends React.Component { var post = this.props.post; let userProfile = <UserProfile userId={post.user_id} />; - if (post.props && post.props.override_username) { - userProfile = ( - <UserProfile - userId={post.user_id} - overwriteName={post.props.override_username} - disablePopover={true} - /> - ); + let botIndicator; + + if (post.props && post.props.from_webhook) { + if (post.props.override_username && global.window.config.EnablePostUsernameOverride === 'true') { + userProfile = ( + <UserProfile + userId={post.user_id} + overwriteName={post.props.override_username} + disablePopover={true} + /> + ); + } + + botIndicator = <li className='post-header-col post-header__name bot-indicator'>{'BOT'}</li>; } return ( <ul className='post-header post-header-post'> <li className='post-header-col post-header__name'><strong>{userProfile}</strong></li> + {botIndicator} <li className='post-info--hidden'> <PostInfo post={post} diff --git a/web/react/components/post_list.jsx b/web/react/components/post_list.jsx index 0354d132c..b90197ac4 100644 --- a/web/react/components/post_list.jsx +++ b/web/react/components/post_list.jsx @@ -520,13 +520,13 @@ export default class PostList extends React.Component { // the previous post was made by the same user as the current post, // the previous post is not a comment, // the current post is not a comment, - // the current profile pic is not overridden - // and the previous profile pic is not overridden + // the current post is not from a webhook + // and the previous post is not from a webhook if ((prevPost.user_id === post.user_id) && !utils.isComment(prevPost) && !utils.isComment(post) && - (!post.props || !post.props.override_icon_url) && - (!prevPost.props || !prevPost.props.override_icon_url)) { + (!post.props || !post.props.from_webhook) && + (!prevPost.props || !prevPost.props.from_webhook)) { hideProfilePic = true; } } diff --git a/web/sass-files/sass/partials/_post.scss b/web/sass-files/sass/partials/_post.scss index 7532875d6..8bf4b0534 100644 --- a/web/sass-files/sass/partials/_post.scss +++ b/web/sass-files/sass/partials/_post.scss @@ -509,3 +509,11 @@ body.ios { } } } + +.bot-indicator { + background-color: lightgrey; + border-radius:2px; + padding-left:2px; + padding-right:2px; + font-family:"Courier New" +} diff --git a/web/web.go b/web/web.go index 564671285..176b1b8b5 100644 --- a/web/web.go +++ b/web/web.go @@ -843,6 +843,12 @@ func getAccessToken(c *api.Context, w http.ResponseWriter, r *http.Request) { } func incomingWebhook(c *api.Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { + c.Err = model.NewAppError("incomingWebhook", "Incoming webhooks have been disabled by the system admin.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } + params := mux.Vars(r) id := params["id"] @@ -913,12 +919,13 @@ func incomingWebhook(c *api.Context, w http.ResponseWriter, r *http.Request) { pchan := api.Srv.Store.Channel().CheckPermissionsTo(hook.TeamId, channel.Id, hook.UserId) post := &model.Post{UserId: hook.UserId, ChannelId: channel.Id, Message: text} + post.AddProp("from_webhook", "true") - if len(overrideUsername) != 0 { + if len(overrideUsername) != 0 && utils.Cfg.ServiceSettings.EnablePostUsernameOverride { post.AddProp("override_username", overrideUsername) } - if len(overrideIconUrl) != 0 { + if len(overrideIconUrl) != 0 && utils.Cfg.ServiceSettings.EnablePostIconOverride { post.AddProp("override_icon_url", overrideIconUrl) } |