From c01d9ad6cf3f8bb2ad4145441816598d8ffa2d9e Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Mon, 30 Jan 2017 08:30:02 -0500
Subject: Implement APIv4 infrastructure (#5191)

* Implement APIv4 infrastructure

* Update parameter requirement functions per feedback
---
 api4/user.go | 169 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 169 insertions(+)
 create mode 100644 api4/user.go

(limited to 'api4/user.go')

diff --git a/api4/user.go b/api4/user.go
new file mode 100644
index 000000000..9d38df1a1
--- /dev/null
+++ b/api4/user.go
@@ -0,0 +1,169 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+	"net/http"
+
+	l4g "github.com/alecthomas/log4go"
+	"github.com/mattermost/platform/app"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+func InitUser() {
+	l4g.Debug(utils.T("api.user.init.debug"))
+
+	BaseRoutes.Users.Handle("", ApiHandler(createUser)).Methods("POST")
+	BaseRoutes.User.Handle("", ApiSessionRequired(getUser)).Methods("GET")
+	BaseRoutes.User.Handle("", ApiSessionRequired(updateUser)).Methods("PUT")
+
+	BaseRoutes.Users.Handle("/login", ApiHandler(login)).Methods("POST")
+	BaseRoutes.Users.Handle("/logout", ApiHandler(logout)).Methods("POST")
+
+}
+
+func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
+	user := model.UserFromJson(r.Body)
+	if user == nil {
+		c.SetInvalidParam("user")
+		return
+	}
+
+	hash := r.URL.Query().Get("h")
+	inviteId := r.URL.Query().Get("iid")
+
+	// No permission check required
+
+	var ruser *model.User
+	var err *model.AppError
+	if len(hash) > 0 {
+		ruser, err = app.CreateUserWithHash(user, hash, r.URL.Query().Get("d"))
+	} else if len(inviteId) > 0 {
+		ruser, err = app.CreateUserWithInviteId(user, inviteId, c.GetSiteURL())
+	} else {
+		ruser, err = app.CreateUserFromSignup(user, c.GetSiteURL())
+	}
+
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.WriteHeader(http.StatusCreated)
+	w.Write([]byte(ruser.ToJson()))
+}
+
+func getUser(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireUserId()
+	if c.Err != nil {
+		return
+	}
+
+	// No permission check required
+
+	var user *model.User
+	var err *model.AppError
+
+	if user, err = app.GetUser(c.Params.UserId); err != nil {
+		c.Err = err
+		return
+	}
+
+	etag := user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress)
+
+	if HandleEtag(etag, "Get User", w, r) {
+		return
+	} else {
+		app.SanitizeProfile(user, c.IsSystemAdmin())
+		w.Header().Set(model.HEADER_ETAG_SERVER, etag)
+		w.Write([]byte(user.ToJson()))
+		return
+	}
+}
+
+func updateUser(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireUserId()
+	if c.Err != nil {
+		return
+	}
+
+	user := model.UserFromJson(r.Body)
+	if user == nil {
+		c.SetInvalidParam("user")
+		return
+	}
+
+	if !app.SessionHasPermissionToUser(c.Session, user.Id) {
+		c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
+		return
+	}
+
+	if ruser, err := app.UpdateUserAsUser(user, c.GetSiteURL(), c.IsSystemAdmin()); err != nil {
+		c.Err = err
+		return
+	} else {
+		c.LogAudit("")
+		w.Write([]byte(ruser.ToJson()))
+	}
+}
+
+func login(c *Context, w http.ResponseWriter, r *http.Request) {
+	props := model.MapFromJson(r.Body)
+
+	id := props["id"]
+	loginId := props["login_id"]
+	password := props["password"]
+	mfaToken := props["token"]
+	deviceId := props["device_id"]
+	ldapOnly := props["ldap_only"] == "true"
+
+	c.LogAuditWithUserId(id, "attempt - login_id="+loginId)
+	user, err := app.AuthenticateUserForLogin(id, loginId, password, mfaToken, deviceId, ldapOnly)
+	if err != nil {
+		c.LogAuditWithUserId(id, "failure - login_id="+loginId)
+		c.Err = err
+		return
+	}
+
+	c.LogAuditWithUserId(user.Id, "authenticated")
+
+	var session *model.Session
+	session, err = app.DoLogin(w, r, user, deviceId)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	c.LogAuditWithUserId(user.Id, "success")
+
+	c.Session = *session
+
+	user.Sanitize(map[string]bool{})
+
+	w.Write([]byte(user.ToJson()))
+}
+
+func logout(c *Context, w http.ResponseWriter, r *http.Request) {
+	data := make(map[string]string)
+	data["user_id"] = c.Session.UserId
+
+	Logout(c, w, r)
+	if c.Err == nil {
+		w.Write([]byte(model.MapToJson(data)))
+	}
+}
+
+func Logout(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.LogAudit("")
+	c.RemoveSessionCookie(w, r)
+	if c.Session.Id != "" {
+		if err := app.RevokeSessionById(c.Session.Id); err != nil {
+			c.Err = err
+			return
+		}
+	}
+
+	ReturnStatusOK(w)
+}
-- 
cgit v1.2.3-1-g7c22