From e2042c4b6579aa367bdf764ddecbca4e1bd38772 Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Fri, 1 Sep 2017 14:28:15 -0400 Subject: Add built-in plugin for getting LDAP attributes (#7317) --- app/plugins.go | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 65 insertions(+), 1 deletion(-) (limited to 'app/plugins.go') diff --git a/app/plugins.go b/app/plugins.go index 51f6414a3..1101f2b65 100644 --- a/app/plugins.go +++ b/app/plugins.go @@ -15,11 +15,13 @@ import ( l4g "github.com/alecthomas/log4go" "github.com/gorilla/mux" + "github.com/mattermost/platform/einterfaces" "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" "github.com/mattermost/platform/app/plugin" "github.com/mattermost/platform/app/plugin/jira" + "github.com/mattermost/platform/app/plugin/ldapextras" ) type PluginAPI struct { @@ -59,6 +61,67 @@ func (api *PluginAPI) CreatePost(post *model.Post) (*model.Post, *model.AppError return CreatePostMissingChannel(post, true) } +func (api *PluginAPI) GetLdapUserAttributes(userId string, attributes []string) (map[string]string, *model.AppError) { + ldapInterface := einterfaces.GetLdapInterface() + if ldapInterface == nil { + return nil, model.NewAppError("GetLdapUserAttributes", "ent.ldap.disabled.app_error", nil, "", http.StatusNotImplemented) + } + + user, err := GetUser(userId) + if err != nil { + return nil, err + } + + return ldapInterface.GetUserAttributes(*user.AuthData, attributes) +} + +func (api *PluginAPI) GetSessionFromRequest(r *http.Request) (*model.Session, *model.AppError) { + token := "" + isTokenFromQueryString := false + + // Attempt to parse token out of the header + authHeader := r.Header.Get(model.HEADER_AUTH) + if len(authHeader) > 6 && strings.ToUpper(authHeader[0:6]) == model.HEADER_BEARER { + // Default session token + token = authHeader[7:] + + } else if len(authHeader) > 5 && strings.ToLower(authHeader[0:5]) == model.HEADER_TOKEN { + // OAuth token + token = authHeader[6:] + } + + // Attempt to parse the token from the cookie + if len(token) == 0 { + if cookie, err := r.Cookie(model.SESSION_COOKIE_TOKEN); err == nil { + token = cookie.Value + + if r.Header.Get(model.HEADER_REQUESTED_WITH) != model.HEADER_REQUESTED_WITH_XML { + return nil, model.NewAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token+" Appears to be a CSRF attempt", http.StatusUnauthorized) + } + } + } + + // Attempt to parse token out of the query string + if len(token) == 0 { + token = r.URL.Query().Get("access_token") + isTokenFromQueryString = true + } + + if len(token) == 0 { + return nil, model.NewAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token, http.StatusUnauthorized) + } + + session, err := GetSession(token) + + if err != nil { + return nil, model.NewAppError("ServeHTTP", "api.context.session_expired.app_error", nil, "token="+token, http.StatusUnauthorized) + } else if !session.IsOAuth && isTokenFromQueryString { + return nil, model.NewAppError("ServeHTTP", "api.context.token_provided.app_error", nil, "token="+token, http.StatusUnauthorized) + } + + return session, nil +} + func (api *PluginAPI) I18n(id string, r *http.Request) string { if r != nil { f, _ := utils.GetTranslationsAndLocale(nil, r) @@ -70,7 +133,8 @@ func (api *PluginAPI) I18n(id string, r *http.Request) string { func InitPlugins() { plugins := map[string]plugin.Plugin{ - "jira": &jira.Plugin{}, + "jira": &jira.Plugin{}, + "ldapextras": &ldapextras.Plugin{}, } for id, p := range plugins { l4g.Info("Initializing plugin: " + id) -- cgit v1.2.3-1-g7c22