From 9110dd54a15f3d0fcf6f60936e01d816b667b93c Mon Sep 17 00:00:00 2001 From: JoramWilander Date: Mon, 4 Jan 2016 12:44:22 -0500 Subject: Added license validation and settings --- api/api.go | 1 + api/context.go | 1 + api/file.go | 20 +++++++++---- api/license.go | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 111 insertions(+), 6 deletions(-) create mode 100644 api/license.go (limited to 'api') diff --git a/api/api.go b/api/api.go index a6bb22982..f29063fe1 100644 --- a/api/api.go +++ b/api/api.go @@ -46,6 +46,7 @@ func InitApi() { InitOAuth(r) InitWebhook(r) InitPreference(r) + InitLicense(r) templatesDir := utils.FindDir("api/templates") l4g.Debug("Parsing server templates at %v", templatesDir) diff --git a/api/context.go b/api/context.go index 561884c14..e8ec6576d 100644 --- a/api/context.go +++ b/api/context.go @@ -35,6 +35,7 @@ type Page struct { TemplateName string Props map[string]string ClientCfg map[string]string + ClientLicense map[string]string User *model.User Team *model.Team Channel *model.Channel diff --git a/api/file.go b/api/file.go index d023515af..46e81691e 100644 --- a/api/file.go +++ b/api/file.go @@ -541,12 +541,8 @@ func writeFile(f []byte, path string) *model.AppError { return model.NewAppError("writeFile", "Encountered an error writing to S3", err.Error()) } } else if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_LOCAL { - if err := os.MkdirAll(filepath.Dir(utils.Cfg.FileSettings.Directory+path), 0774); err != nil { - return model.NewAppError("writeFile", "Encountered an error creating the directory for the new file", err.Error()) - } - - if err := ioutil.WriteFile(utils.Cfg.FileSettings.Directory+path, f, 0644); err != nil { - return model.NewAppError("writeFile", "Encountered an error writing to local server storage", err.Error()) + if err := writeFileLocally(f, utils.Cfg.FileSettings.Directory+path); err != nil { + return err } } else { return model.NewAppError("writeFile", "File storage not configured properly. Please configure for either S3 or local server file storage.", "") @@ -555,6 +551,18 @@ func writeFile(f []byte, path string) *model.AppError { return nil } +func writeFileLocally(f []byte, path string) *model.AppError { + if err := os.MkdirAll(filepath.Dir(path), 0774); err != nil { + return model.NewAppError("writeFile", "Encountered an error creating the directory for the new file", err.Error()) + } + + if err := ioutil.WriteFile(path, f, 0644); err != nil { + return model.NewAppError("writeFile", "Encountered an error writing to local server storage", err.Error()) + } + + return nil +} + func readFile(path string) ([]byte, *model.AppError) { if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 { diff --git a/api/license.go b/api/license.go new file mode 100644 index 000000000..9ed2d2afb --- /dev/null +++ b/api/license.go @@ -0,0 +1,95 @@ +// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package api + +import ( + "bytes" + l4g "code.google.com/p/log4go" + "github.com/gorilla/mux" + "github.com/mattermost/platform/model" + "github.com/mattermost/platform/utils" + "io" + "net/http" + "strings" +) + +func InitLicense(r *mux.Router) { + l4g.Debug("Initializing license api routes") + + sr := r.PathPrefix("/license").Subrouter() + sr.Handle("/add", ApiAdminSystemRequired(addLicense)).Methods("POST") + sr.Handle("/remove", ApiAdminSystemRequired(removeLicense)).Methods("POST") +} + +func addLicense(c *Context, w http.ResponseWriter, r *http.Request) { + c.LogAudit("attempt") + err := r.ParseMultipartForm(model.MAX_FILE_SIZE) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + + m := r.MultipartForm + + fileArray, ok := m.File["license"] + if !ok { + c.Err = model.NewAppError("addLicense", "No file under 'license' in request", "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + if len(fileArray) <= 0 { + c.Err = model.NewAppError("addLicense", "Empty array under 'license' in request", "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + fileData := fileArray[0] + + file, err := fileData.Open() + defer file.Close() + if err != nil { + c.Err = model.NewAppError("addLicense", "Could not open license file", err.Error()) + return + } + + buf := bytes.NewBuffer(nil) + io.Copy(buf, file) + + data := buf.Bytes() + + var license *model.License + if success, licenseStr := utils.ValidateLicense(data); success { + license = model.LicenseFromJson(strings.NewReader(licenseStr)) + + if ok := utils.SetLicense(license); !ok { + c.LogAudit("failed - expired or non-started license") + c.Err = model.NewAppError("addLicense", "License is either expired or has not yet started.", "") + return + } + + go func() { + if err := writeFileLocally(data, utils.LICENSE_FILE_LOC); err != nil { + l4g.Error("Could not save license file") + } + }() + } else { + c.LogAudit("failed - invalid license") + c.Err = model.NewAppError("addLicense", "Invalid license file", "") + return + } + + c.LogAudit("success") + w.Write([]byte(license.ToJson())) +} + +func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) { + c.LogAudit("") + + utils.RemoveLicense() + + rdata := map[string]string{} + rdata["status"] = "ok" + w.Write([]byte(model.MapToJson(rdata))) +} -- cgit v1.2.3-1-g7c22 From 874d120535a615afddeb80599b7d2d982959ffdb Mon Sep 17 00:00:00 2001 From: JoramWilander Date: Wed, 13 Jan 2016 10:54:12 -0500 Subject: Add some unit tests --- api/user.go | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) (limited to 'api') diff --git a/api/user.go b/api/user.go index d014ab995..786414227 100644 --- a/api/user.go +++ b/api/user.go @@ -122,6 +122,11 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) { user.EmailVerified = true } + if !CheckUserDomain(user, utils.Cfg.TeamSettings.RestrictCreationToDomains) { + c.Err = model.NewAppError("createUser", "The email you provided does not belong to an accepted domain. Please contact your administrator or sign up with a different email.", "") + return + } + ruser, err := CreateUser(team, user) if err != nil { c.Err = err @@ -136,19 +141,25 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) { } +func CheckUserDomain(user *model.User, domains string) bool { + domainArray := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(domains, "@", " ", -1), ",", " ", -1)))) + + matched := false + for _, d := range domainArray { + if strings.HasSuffix(user.Email, "@"+d) { + matched = true + break + } + } + + return matched +} + func IsVerifyHashRequired(user *model.User, team *model.Team, hash string) bool { shouldVerifyHash := true if team.Type == model.TEAM_INVITE && len(team.AllowedDomains) > 0 && len(hash) == 0 && user != nil { - domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(team.AllowedDomains, "@", " ", -1), ",", " ", -1)))) - - matched := false - for _, d := range domains { - if strings.HasSuffix(user.Email, "@"+d) { - matched = true - break - } - } + matched := CheckUserDomain(user, team.AllowedDomains) if matched { shouldVerifyHash = false -- cgit v1.2.3-1-g7c22 From c26edcf6786fd8aa1535c09e9581fc6417cddda4 Mon Sep 17 00:00:00 2001 From: JoramWilander Date: Thu, 14 Jan 2016 08:23:48 -0500 Subject: Final updates --- api/license.go | 19 ++++++++++++------- api/user.go | 4 ++++ 2 files changed, 16 insertions(+), 7 deletions(-) (limited to 'api') diff --git a/api/license.go b/api/license.go index 9ed2d2afb..06bde2b6c 100644 --- a/api/license.go +++ b/api/license.go @@ -69,14 +69,15 @@ func addLicense(c *Context, w http.ResponseWriter, r *http.Request) { return } - go func() { - if err := writeFileLocally(data, utils.LICENSE_FILE_LOC); err != nil { - l4g.Error("Could not save license file") - } - }() + if err := writeFileLocally(data, utils.LicenseLocation()); err != nil { + c.LogAudit("failed - could not save license file") + c.Err = model.NewAppError("addLicense", "License did not save properly.", "path="+utils.LicenseLocation()) + utils.RemoveLicense() + return + } } else { c.LogAudit("failed - invalid license") - c.Err = model.NewAppError("addLicense", "Invalid license file", "") + c.Err = model.NewAppError("addLicense", "Invalid license file.", "") return } @@ -87,7 +88,11 @@ func addLicense(c *Context, w http.ResponseWriter, r *http.Request) { func removeLicense(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("") - utils.RemoveLicense() + if ok := utils.RemoveLicense(); !ok { + c.LogAudit("failed - could not remove license file") + c.Err = model.NewAppError("removeLicense", "License did not remove properly.", "") + return + } rdata := map[string]string{} rdata["status"] = "ok" diff --git a/api/user.go b/api/user.go index 786414227..a6b4fb654 100644 --- a/api/user.go +++ b/api/user.go @@ -142,6 +142,10 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) { } func CheckUserDomain(user *model.User, domains string) bool { + if len(domains) == 0 { + return true + } + domainArray := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(domains, "@", " ", -1), ",", " ", -1)))) matched := false -- cgit v1.2.3-1-g7c22