From dfc6db737411bd4ad68a803be5182f06055a1769 Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Mon, 10 Apr 2017 08:19:49 -0400
Subject: Refactor switching login type code into app layer and add v4 endpoint
 (#6000)

* Refactor switching login type code into app layer and add v4 endpoint

* Fix unit test
---
 app/ldap.go | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 76 insertions(+), 2 deletions(-)

(limited to 'app/ldap.go')

diff --git a/app/ldap.go b/app/ldap.go
index fe68dfa81..94b328177 100644
--- a/app/ldap.go
+++ b/app/ldap.go
@@ -18,7 +18,7 @@ func SyncLdap() {
 			if ldapI := einterfaces.GetLdapInterface(); ldapI != nil {
 				ldapI.SyncNow()
 			} else {
-				l4g.Error("%v", model.NewLocAppError("ldapSyncNow", "ent.ldap.disabled.app_error", nil, "").Error())
+				l4g.Error("%v", model.NewLocAppError("SyncLdap", "ent.ldap.disabled.app_error", nil, "").Error())
 			}
 		}
 	}()
@@ -31,10 +31,84 @@ func TestLdap() *model.AppError {
 			return err
 		}
 	} else {
-		err := model.NewLocAppError("ldapTest", "ent.ldap.disabled.app_error", nil, "")
+		err := model.NewLocAppError("TestLdap", "ent.ldap.disabled.app_error", nil, "")
 		err.StatusCode = http.StatusNotImplemented
 		return err
 	}
 
 	return nil
 }
+
+func SwitchEmailToLdap(email, password, code, ldapId, ldapPassword string) (string, *model.AppError) {
+	user, err := GetUserByEmail(email)
+	if err != nil {
+		return "", err
+	}
+
+	if err := CheckPasswordAndAllCriteria(user, password, code); err != nil {
+		return "", err
+	}
+
+	if err := RevokeAllSessions(user.Id); err != nil {
+		return "", err
+	}
+
+	ldapInterface := einterfaces.GetLdapInterface()
+	if ldapInterface == nil {
+		return "", model.NewAppError("SwitchEmailToLdap", "api.user.email_to_ldap.not_available.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	if err := ldapInterface.SwitchToLdap(user.Id, ldapId, ldapPassword); err != nil {
+		return "", err
+	}
+
+	go func() {
+		if err := SendSignInChangeEmail(user.Email, "AD/LDAP", user.Locale, utils.GetSiteURL()); err != nil {
+			l4g.Error(err.Error())
+		}
+	}()
+
+	return "/login?extra=signin_change", nil
+}
+
+func SwitchLdapToEmail(ldapPassword, code, email, newPassword string) (string, *model.AppError) {
+	user, err := GetUserByEmail(email)
+	if err != nil {
+		return "", err
+	}
+
+	if user.AuthService != model.USER_AUTH_SERVICE_LDAP {
+		return "", model.NewAppError("SwitchLdapToEmail", "api.user.ldap_to_email.not_ldap_account.app_error", nil, "", http.StatusBadRequest)
+	}
+
+	ldapInterface := einterfaces.GetLdapInterface()
+	if ldapInterface == nil || user.AuthData == nil {
+		return "", model.NewAppError("SwitchLdapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	if err := ldapInterface.CheckPassword(*user.AuthData, ldapPassword); err != nil {
+		return "", err
+	}
+
+	if err := CheckUserMfa(user, code); err != nil {
+		return "", err
+	}
+
+	if err := UpdatePassword(user, newPassword); err != nil {
+		return "", err
+	}
+
+	if err := RevokeAllSessions(user.Id); err != nil {
+		return "", err
+	}
+
+	T := utils.GetUserTranslations(user.Locale)
+
+	go func() {
+		if err := SendSignInChangeEmail(user.Email, T("api.templates.signin_change_email.body.method_email"), user.Locale, utils.GetSiteURL()); err != nil {
+			l4g.Error(err.Error())
+		}
+	}()
+
+	return "/login?extra=signin_change", nil
+}
-- 
cgit v1.2.3-1-g7c22