From 3928535456f9fcb025ed86edeb4d258f2c524150 Mon Sep 17 00:00:00 2001 From: Corey Hulen Date: Wed, 11 May 2016 11:04:30 -0700 Subject: PLT-2905 fixing upgrade of SSO accounts (#2962) * PLT-2905 fixing upgrade of SSO accounts * Fixing multiple Auths mapped to different emails --- api/admin_test.go | 3 ++- api/authentication.go | 6 +++--- api/oauth.go | 7 +++++-- api/user.go | 15 ++++++++------- api/user_test.go | 6 ++++-- 5 files changed, 22 insertions(+), 15 deletions(-) (limited to 'api') diff --git a/api/admin_test.go b/api/admin_test.go index 933c3d59c..f3d3ec4ed 100644 --- a/api/admin_test.go +++ b/api/admin_test.go @@ -457,7 +457,8 @@ func TestAdminResetPassword(t *testing.T) { t.Fatal("Should have errored - password too short") } - user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", AuthData: "1", AuthService: "random"} + authData := model.NewId() + user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", AuthData: &authData, AuthService: "random"} user2 = Client.Must(Client.CreateUser(user2, "")).Data.(*model.User) LinkUserToTeam(user2, team) store.Must(Srv.Store.User().VerifyEmail(user2.Id)) diff --git a/api/authentication.go b/api/authentication.go index 10ed578e1..9243947ad 100644 --- a/api/authentication.go +++ b/api/authentication.go @@ -39,17 +39,17 @@ func checkUserPassword(user *model.User, password string) *model.AppError { } } -func checkLdapUserPasswordAndAllCriteria(ldapId, password, mfaToken string) (*model.User, *model.AppError) { +func checkLdapUserPasswordAndAllCriteria(ldapId *string, password string, mfaToken string) (*model.User, *model.AppError) { ldapInterface := einterfaces.GetLdapInterface() - if ldapInterface == nil { + if ldapInterface == nil || ldapId == nil { err := model.NewLocAppError("doLdapAuthentication", "api.user.login_ldap.not_available.app_error", nil, "") err.StatusCode = http.StatusNotImplemented return nil, err } var user *model.User - if ldapUser, err := ldapInterface.DoLogin(ldapId, password); err != nil { + if ldapUser, err := ldapInterface.DoLogin(*ldapId, password); err != nil { err.StatusCode = http.StatusUnauthorized return nil, err } else { diff --git a/api/oauth.go b/api/oauth.go index 0375f4e6f..37ca5ce0a 100644 --- a/api/oauth.go +++ b/api/oauth.go @@ -600,8 +600,11 @@ func CompleteSwitchWithOAuth(c *Context, w http.ResponseWriter, r *http.Request, return } else { ssoUser := provider.GetUserFromJson(userData) - authData = ssoUser.AuthData ssoEmail = ssoUser.Email + + if ssoUser.AuthData != nil { + authData = *ssoUser.AuthData + } } if len(authData) == 0 { @@ -628,7 +631,7 @@ func CompleteSwitchWithOAuth(c *Context, w http.ResponseWriter, r *http.Request, return } - if result := <-Srv.Store.User().UpdateAuthData(user.Id, service, authData, ssoEmail); result.Err != nil { + if result := <-Srv.Store.User().UpdateAuthData(user.Id, service, &authData, ssoEmail); result.Err != nil { c.Err = result.Err return } diff --git a/api/user.go b/api/user.go index c53a643c7..4b9c3a3c8 100644 --- a/api/user.go +++ b/api/user.go @@ -535,7 +535,7 @@ func LoginByOAuth(c *Context, w http.ResponseWriter, r *http.Request, service st } var user *model.User - if result := <-Srv.Store.User().GetByAuth(authData, service); result.Err != nil { + if result := <-Srv.Store.User().GetByAuth(&authData, service); result.Err != nil { if result.Err.Id == store.MISSING_AUTH_ACCOUNT_ERROR { return CreateOAuthUser(c, w, r, service, bytes.NewReader(buf.Bytes()), "") } @@ -1289,7 +1289,8 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { } rusers[0].Password = "" - rusers[0].AuthData = "" + rusers[0].AuthData = new(string) + *rusers[0].AuthData = "" w.Write([]byte(rusers[0].ToJson())) } } @@ -1337,7 +1338,7 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { user := result.Data.(*model.User) - if user.AuthData != "" { + if user.AuthData != nil && *user.AuthData != "" { c.LogAudit("failed - tried to update user password who was logged in through oauth") c.Err = model.NewLocAppError("updatePassword", "api.user.update_password.oauth.app_error", nil, "auth_service="+user.AuthService) c.Err.StatusCode = http.StatusBadRequest @@ -1653,7 +1654,7 @@ func sendPasswordReset(c *Context, w http.ResponseWriter, r *http.Request) { user = result.Data.(*model.User) } - if len(user.AuthData) != 0 { + if user.AuthData != nil && len(*user.AuthData) != 0 { c.Err = model.NewLocAppError("sendPasswordReset", "api.user.send_password_reset.sso.app_error", nil, "userId="+user.Id) return } @@ -1749,7 +1750,7 @@ func ResetPassword(c *Context, userId, newPassword string) *model.AppError { user = result.Data.(*model.User) } - if len(user.AuthData) != 0 && !c.IsSystemAdmin() { + if user.AuthData != nil && len(*user.AuthData) != 0 && !c.IsSystemAdmin() { return model.NewLocAppError("ResetPassword", "api.user.reset_password.sso.app_error", nil, "userId="+user.Id) } @@ -2148,13 +2149,13 @@ func ldapToEmail(c *Context, w http.ResponseWriter, r *http.Request) { } ldapInterface := einterfaces.GetLdapInterface() - if ldapInterface == nil { + if ldapInterface == nil || user.AuthData == nil { c.Err = model.NewLocAppError("ldapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "") c.Err.StatusCode = http.StatusNotImplemented return } - if err := ldapInterface.CheckPassword(user.AuthData, ldapPassword); err != nil { + if err := ldapInterface.CheckPassword(*user.AuthData, ldapPassword); err != nil { c.LogAuditWithUserId(user.Id, "fail - ldap authentication failed") c.Err = err return diff --git a/api/user_test.go b/api/user_test.go index 9dd57dc20..c34d32c11 100644 --- a/api/user_test.go +++ b/api/user_test.go @@ -1109,7 +1109,8 @@ func TestSendPasswordReset(t *testing.T) { t.Fatal("Should have errored - bad email") } - user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", AuthData: "1", AuthService: "random"} + authData := model.NewId() + user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", AuthData: &authData, AuthService: "random"} user2 = Client.Must(Client.CreateUser(user2, "")).Data.(*model.User) LinkUserToTeam(user2, team) store.Must(Srv.Store.User().VerifyEmail(user2.Id)) @@ -1178,7 +1179,8 @@ func TestResetPassword(t *testing.T) { recovery = result.Data.(*model.PasswordRecovery) } - if result := <-Srv.Store.User().UpdateAuthData(user.Id, "random", "1", ""); result.Err != nil { + authData := model.NewId() + if result := <-Srv.Store.User().UpdateAuthData(user.Id, "random", &authData, ""); result.Err != nil { t.Fatal(result.Err) } -- cgit v1.2.3-1-g7c22 From 97450762dbb8323756d0f52cc7b59b86d0319b97 Mon Sep 17 00:00:00 2001 From: thoemy Date: Thu, 12 May 2016 14:30:44 +0200 Subject: Fix parsing attachment field links into markdown (#2958) (#2959) Field contents are stored in 'value' not 'text'. --- api/post.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'api') diff --git a/api/post.go b/api/post.go index ac499e615..734cb7148 100644 --- a/api/post.go +++ b/api/post.go @@ -200,10 +200,10 @@ func CreateWebhookPost(c *Context, channelId, text, overrideUsername, overrideIc // parse attachment field links into Markdown format for j, fInt := range fields { field := fInt.(map[string]interface{}) - if _, ok := field["text"]; ok { - fText := field["text"].(string) - fText = linkWithTextRegex.ReplaceAllString(fText, "[${2}](${1})") - field["text"] = fText + if _, ok := field["value"]; ok { + fValue := field["value"].(string) + fValue = linkWithTextRegex.ReplaceAllString(fValue, "[${2}](${1})") + field["value"] = fValue fields[j] = field } } -- cgit v1.2.3-1-g7c22 From 04dfa2a9eb50d60b2d4c2533f465799966b363a6 Mon Sep 17 00:00:00 2001 From: thoemy Date: Thu, 12 May 2016 13:44:44 +0200 Subject: Improve incoming webhook slack compatibility (#2972) (#2973) By checking for form urlencoded content instead of JSON, requests without or with a wrong Content-Type header and a JSON body are correctly parsed. --- api/webhook.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'api') diff --git a/api/webhook.go b/api/webhook.go index ea628e39c..a4367026f 100644 --- a/api/webhook.go +++ b/api/webhook.go @@ -358,10 +358,10 @@ func incomingWebhook(c *Context, w http.ResponseWriter, r *http.Request) { var parsedRequest *model.IncomingWebhookRequest contentType := r.Header.Get("Content-Type") - if strings.Split(contentType, "; ")[0] == "application/json" { - parsedRequest = model.IncomingWebhookRequestFromJson(r.Body) - } else { + if strings.Split(contentType, "; ")[0] == "application/x-www-form-urlencoded" { parsedRequest = model.IncomingWebhookRequestFromJson(strings.NewReader(r.FormValue("payload"))) + } else { + parsedRequest = model.IncomingWebhookRequestFromJson(r.Body) } if parsedRequest == nil { -- cgit v1.2.3-1-g7c22 From 6631f28d92d68e4e39848038f7f263f8588aa2ac Mon Sep 17 00:00:00 2001 From: Harrison Healey Date: Thu, 12 May 2016 12:06:26 -0400 Subject: Improved handling of edge case where an LDAP user shares a username with a non-LDAP user (#2980) --- api/user.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'api') diff --git a/api/user.go b/api/user.go index 4b9c3a3c8..9e93ae779 100644 --- a/api/user.go +++ b/api/user.go @@ -494,8 +494,11 @@ func getUserForLogin(loginId string, onlyLdap bool) (*model.User, *model.AppErro *utils.Cfg.EmailSettings.EnableSignInWithUsername && !onlyLdap, *utils.Cfg.EmailSettings.EnableSignInWithEmail && !onlyLdap, ldapAvailable, - ); result.Err != nil { - + ); result.Err != nil && result.Err.Id == "store.sql_user.get_for_login.multiple_users" { + // don't fall back to LDAP in this case since we already know there's an LDAP user, but that it shouldn't work + result.Err.StatusCode = http.StatusBadRequest + return nil, result.Err + } else if result.Err != nil { if !ldapAvailable { // failed to find user and no LDAP server to fall back on result.Err.StatusCode = http.StatusBadRequest -- cgit v1.2.3-1-g7c22