From 6a1755d2e32c3f3bcaa67c33f32cb5eb5ab76ea2 Mon Sep 17 00:00:00 2001 From: =Corey Hulen Date: Fri, 16 Oct 2015 09:10:54 -0700 Subject: Inital support for multi-tab loging --- web/web.go | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 72 insertions(+), 12 deletions(-) (limited to 'web/web.go') diff --git a/web/web.go b/web/web.go index 7ab50a073..1f7c3ae5e 100644 --- a/web/web.go +++ b/web/web.go @@ -32,10 +32,22 @@ func NewHtmlTemplatePage(templateName string, title string) *HtmlTemplatePage { props := make(map[string]string) props["Title"] = title - return &HtmlTemplatePage{TemplateName: templateName, Props: props, ClientProps: utils.ClientProperties} + return &HtmlTemplatePage{TemplateName: templateName, Props: props, ClientCfg: utils.ClientCfg} } func (me *HtmlTemplatePage) Render(c *api.Context, w http.ResponseWriter) { + //if me.Team != nil { + //me.Team.Sanitize() + //} + + if me.User != nil { + me.User.Sanitize(map[string]bool{}) + } + + if me.Session != nil { + me.Session.Sanitize() + } + if err := Templates.ExecuteTemplate(w, me.TemplateName, me); err != nil { c.SetUnknownError(me.TemplateName, err.Error()) } @@ -139,6 +151,40 @@ func CheckBrowserCompatability(c *api.Context, r *http.Request) bool { } +// func getTeamAndUserStart(c *api.Context) (store.StoreChannel, store.StoreChannel) { +// teamChan := api.Srv.Store.Team().Get(c.Session.TeamId) +// userChan := api.Srv.Store.User().Get(c.Session.UserId) +// return teamChan, userChan +// } + +// func getTeamAndUserWait(c *api.Context, team store.StoreChannel, user store.StoreChannel) (*model.Team, *model.User) { +// if tr := <-team; tr.Err != nil { +// c.Err = tr.Err +// return nil, nil +// } else { +// if ur := <-user; ur.Err != nil { +// c.Err = ur.Err +// return nil, nil +// } else { +// return tr.Data.(*model.Team), ur.Data.(*model.User) +// } +// } +// } + +func getTeamAndUser(c *api.Context) (*model.Team, *model.User) { + if tr := <-api.Srv.Store.Team().Get(c.Session.TeamId); tr.Err != nil { + c.Err = tr.Err + return nil, nil + } else { + if ur := <-api.Srv.Store.User().Get(c.Session.UserId); ur.Err != nil { + c.Err = ur.Err + return nil, nil + } else { + return tr.Data.(*model.Team), ur.Data.(*model.User) + } + } +} + func root(c *api.Context, w http.ResponseWriter, r *http.Request) { if !CheckBrowserCompatability(c, r) { @@ -149,7 +195,15 @@ func root(c *api.Context, w http.ResponseWriter, r *http.Request) { page := NewHtmlTemplatePage("signup_team", "Signup") page.Render(c, w) } else { + team, user := getTeamAndUser(c) + if c.Err != nil { + return + } + page := NewHtmlTemplatePage("home", "Home") + page.Team = team + page.User = user + page.Session = &c.Session page.Props["TeamURL"] = c.GetTeamURL() page.Render(c, w) } @@ -321,8 +375,10 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { name := params["channelname"] teamName := params["team"] - var team *model.Team - teamChan := api.Srv.Store.Team().Get(c.Session.TeamId) + team, user := getTeamAndUser(c) + if c.Err != nil { + return + } var channelId string if result := <-api.Srv.Store.Channel().CheckPermissionsToByName(c.Session.TeamId, name, c.Session.UserId); result.Err != nil { @@ -332,13 +388,6 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { channelId = result.Data.(string) } - if tResult := <-teamChan; tResult.Err != nil { - c.Err = tResult.Err - return - } else { - team = tResult.Data.(*model.Team) - } - if team.Name != teamName { l4g.Error("It appears you are logged into " + team.Name + ", but are trying to access " + teamName) http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusFound) @@ -392,7 +441,7 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { } page := NewHtmlTemplatePage("channel", "") - page.Props["Title"] = name + " - " + team.DisplayName + " " + page.ClientProps["SiteName"] + page.Props["Title"] = name + " - " + team.DisplayName + " " + page.ClientCfg["SiteName"] page.Props["TeamDisplayName"] = team.DisplayName page.Props["TeamName"] = team.Name page.Props["TeamType"] = team.Type @@ -400,6 +449,9 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { page.Props["ChannelName"] = name page.Props["ChannelId"] = channelId page.Props["UserId"] = c.Session.UserId + page.Team = team + page.User = user + page.Session = &c.Session page.Render(c, w) } @@ -498,7 +550,7 @@ func resetPassword(c *api.Context, w http.ResponseWriter, r *http.Request) { } page := NewHtmlTemplatePage("password_reset", "") - page.Props["Title"] = "Reset Password " + page.ClientProps["SiteName"] + page.Props["Title"] = "Reset Password " + page.ClientCfg["SiteName"] page.Props["TeamDisplayName"] = teamDisplayName page.Props["TeamName"] = teamName page.Props["Hash"] = hash @@ -699,7 +751,15 @@ func adminConsole(c *api.Context, w http.ResponseWriter, r *http.Request) { return } + team, user := getTeamAndUser(c) + if c.Err != nil { + return + } + page := NewHtmlTemplatePage("admin_console", "Admin Console") + page.User = user + page.Team = team + page.Session = &c.Session page.Render(c, w) } -- cgit v1.2.3-1-g7c22 From a8f3f76c592928a0907fbaddd71ab6b8f68d28d6 Mon Sep 17 00:00:00 2001 From: =Corey Hulen Date: Fri, 16 Oct 2015 19:05:55 -0700 Subject: Refactoring web classes to use multi-session --- web/web.go | 173 +++++++++++++++++++++++++++++++++---------------------------- 1 file changed, 95 insertions(+), 78 deletions(-) (limited to 'web/web.go') diff --git a/web/web.go b/web/web.go index 83b8c7f34..836574855 100644 --- a/web/web.go +++ b/web/web.go @@ -15,6 +15,7 @@ import ( "gopkg.in/fsnotify.v1" "html/template" "net/http" + "net/url" "regexp" "strconv" "strings" @@ -36,9 +37,9 @@ func NewHtmlTemplatePage(templateName string, title string) *HtmlTemplatePage { } func (me *HtmlTemplatePage) Render(c *api.Context, w http.ResponseWriter) { - //if me.Team != nil { - //me.Team.Sanitize() - //} + if me.Team != nil { + me.Team.Sanitize() + } if me.User != nil { me.User.Sanitize(map[string]bool{}) @@ -151,18 +152,12 @@ func CheckBrowserCompatability(c *api.Context, r *http.Request) bool { } -// func getTeamAndUserStart(c *api.Context) (store.StoreChannel, store.StoreChannel) { -// teamChan := api.Srv.Store.Team().Get(c.Session.TeamId) -// userChan := api.Srv.Store.User().Get(c.Session.UserId) -// return teamChan, userChan -// } - -// func getTeamAndUserWait(c *api.Context, team store.StoreChannel, user store.StoreChannel) (*model.Team, *model.User) { -// if tr := <-team; tr.Err != nil { +// func getTeamAndUser(c *api.Context) (*model.Team, *model.User) { +// if tr := <-api.Srv.Store.Team().Get(c.Session.TeamId); tr.Err != nil { // c.Err = tr.Err // return nil, nil // } else { -// if ur := <-user; ur.Err != nil { +// if ur := <-api.Srv.Store.User().Get(c.Session.UserId); ur.Err != nil { // c.Err = ur.Err // return nil, nil // } else { @@ -171,20 +166,6 @@ func CheckBrowserCompatability(c *api.Context, r *http.Request) bool { // } // } -func getTeamAndUser(c *api.Context) (*model.Team, *model.User) { - if tr := <-api.Srv.Store.Team().Get(c.Session.TeamId); tr.Err != nil { - c.Err = tr.Err - return nil, nil - } else { - if ur := <-api.Srv.Store.User().Get(c.Session.UserId); ur.Err != nil { - c.Err = ur.Err - return nil, nil - } else { - return tr.Data.(*model.Team), ur.Data.(*model.User) - } - } -} - func root(c *api.Context, w http.ResponseWriter, r *http.Request) { if !CheckBrowserCompatability(c, r) { @@ -195,16 +176,30 @@ func root(c *api.Context, w http.ResponseWriter, r *http.Request) { page := NewHtmlTemplatePage("signup_team", "Signup") page.Render(c, w) } else { - team, user := getTeamAndUser(c) - if c.Err != nil { + teamChan := api.Srv.Store.Team().Get(c.Session.TeamId) + userChan := api.Srv.Store.User().Get(c.Session.UserId) + + var team *model.Team + if tr := <-teamChan; tr.Err != nil { + c.Err = tr.Err return + } else { + team = tr.Data.(*model.Team) + + } + + var user *model.User + if ur := <-userChan; ur.Err != nil { + c.Err = ur.Err + return + } else { + user = ur.Data.(*model.User) } page := NewHtmlTemplatePage("home", "Home") page.Team = team page.User = user page.Session = &c.Session - page.Props["TeamURL"] = c.GetTeamURL() page.Render(c, w) } } @@ -228,50 +223,35 @@ func login(c *api.Context, w http.ResponseWriter, r *http.Request) { var team *model.Team if tResult := <-api.Srv.Store.Team().GetByName(teamName); tResult.Err != nil { - l4g.Error("Couldn't find team name=%v, teamURL=%v, err=%v", teamName, c.GetTeamURL(), tResult.Err.Message) + l4g.Error("Couldn't find team name=%v, err=%v", teamName, tResult.Err.Message) http.Redirect(w, r, api.GetProtocol(r)+"://"+r.Host, http.StatusTemporaryRedirect) return } else { team = tResult.Data.(*model.Team) } - // If we are already logged into this team then go to home + // If we are already logged into this team then go to town-square if len(c.Session.UserId) != 0 && c.Session.TeamId == team.Id { - page := NewHtmlTemplatePage("home", "Home") - page.Props["TeamURL"] = c.GetTeamURL() - page.Render(c, w) + http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusTemporaryRedirect) return } // We still might be able to switch to this team because we've logged in before - if multiCookie, err := r.Cookie(model.MULTI_SESSION_TOKEN); err == nil { - multiToken := multiCookie.Value - - if len(multiToken) > 0 { - tokens := strings.Split(multiToken, " ") - - for _, token := range tokens { - if sr := <-api.Srv.Store.Session().Get(token); sr.Err == nil { - s := sr.Data.(*model.Session) - - if !s.IsExpired() && s.TeamId == team.Id { - w.Header().Set(model.HEADER_TOKEN, s.Token) - sessionCookie := &http.Cookie{ - Name: model.SESSION_TOKEN, - Value: s.Token, - Path: "/", - MaxAge: model.SESSION_TIME_WEB_IN_SECS, - HttpOnly: true, - } + session := api.FindMultiSessionForTeamId(r, team.Id) + if session != nil { + w.Header().Set(model.HEADER_TOKEN, session.Token) + sessionCookie := &http.Cookie{ + Name: model.SESSION_TOKEN, + Value: session.Token, + Path: "/", + MaxAge: model.SESSION_TIME_WEB_IN_SECS, + HttpOnly: true, + } - http.SetCookie(w, sessionCookie) + http.SetCookie(w, sessionCookie) - http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusTemporaryRedirect) - return - } - } - } - } + http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusTemporaryRedirect) + return } page := NewHtmlTemplatePage("login", "Login") @@ -367,7 +347,7 @@ func signupUserComplete(c *api.Context, w http.ResponseWriter, r *http.Request) func logout(c *api.Context, w http.ResponseWriter, r *http.Request) { api.Logout(c, w, r) - http.Redirect(w, r, c.GetTeamURL(), http.StatusFound) + http.Redirect(w, r, c.GetTeamURL(), http.StatusTemporaryRedirect) } func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { @@ -375,11 +355,28 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { name := params["channelname"] teamName := params["team"] - team, user := getTeamAndUser(c) - if c.Err != nil { + var team *model.Team + if result := <-api.Srv.Store.Team().GetByName(teamName); result.Err != nil { + c.Err = result.Err return + } else { + team = result.Data.(*model.Team) + } + + // We are logged into a different team. Lets see if we have another + // session in the cookie that will give us access. + if c.Session.TeamId != team.Id { + session := api.FindMultiSessionForTeamId(r, team.Id) + if session == nil { + // redirect to login + http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/?redirect="+url.QueryEscape(r.URL.Path), http.StatusTemporaryRedirect) + } else { + c.Session = *session + } } + userChan := api.Srv.Store.User().Get(c.Session.UserId) + var channelId string if result := <-api.Srv.Store.Channel().CheckPermissionsToByName(c.Session.TeamId, name, c.Session.UserId); result.Err != nil { c.Err = result.Err @@ -388,10 +385,14 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { channelId = result.Data.(string) } - if team.Name != teamName { - l4g.Error("It appears you are logged into " + team.Name + ", but are trying to access " + teamName) - http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusFound) + var user *model.User + if ur := <-userChan; ur.Err != nil { + c.Err = ur.Err + c.RemoveSessionCookie(w, r) + l4g.Error("Error in getting users profile for id=%v forcing logout", c.Session.UserId) return + } else { + user = ur.Data.(*model.User) } if len(channelId) == 0 { @@ -412,15 +413,6 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { channelId = sc.Id } } else { - - // lets make sure the user is valid - if result := <-api.Srv.Store.User().Get(c.Session.UserId); result.Err != nil { - c.Err = result.Err - c.RemoveSessionCookie(w, r) - l4g.Error("Error in getting users profile for id=%v forcing logout", c.Session.UserId) - return - } - // We will attempt to auto-join open channels if cr := <-api.Srv.Store.Channel().GetByName(c.Session.TeamId, name); cr.Err != nil { http.Redirect(w, r, c.GetTeamURL()+"/channels/town-square", http.StatusFound) @@ -677,7 +669,11 @@ func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) return } - root(c, w, r) + page := NewHtmlTemplatePage("home", "Home") + page.Team = team + page.User = ruser + page.Session = &c.Session + page.Render(c, w) } } @@ -740,6 +736,12 @@ func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) return } + page := NewHtmlTemplatePage("home", "Home") + page.Team = team + page.User = user + page.Session = &c.Session + page.Render(c, w) + root(c, w, r) } } @@ -751,9 +753,24 @@ func adminConsole(c *api.Context, w http.ResponseWriter, r *http.Request) { return } - team, user := getTeamAndUser(c) - if c.Err != nil { + teamChan := api.Srv.Store.Team().Get(c.Session.TeamId) + userChan := api.Srv.Store.User().Get(c.Session.UserId) + + var team *model.Team + if tr := <-teamChan; tr.Err != nil { + c.Err = tr.Err + return + } else { + team = tr.Data.(*model.Team) + + } + + var user *model.User + if ur := <-userChan; ur.Err != nil { + c.Err = ur.Err return + } else { + user = ur.Data.(*model.User) } page := NewHtmlTemplatePage("admin_console", "Admin Console") -- cgit v1.2.3-1-g7c22 From 097d17bf2c4e07a153beb80afb15a546f291a418 Mon Sep 17 00:00:00 2001 From: =Corey Hulen Date: Mon, 19 Oct 2015 10:29:10 -0700 Subject: Fixing merge issue --- web/web.go | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'web/web.go') diff --git a/web/web.go b/web/web.go index 7ea360a63..2ae9bb344 100644 --- a/web/web.go +++ b/web/web.go @@ -756,7 +756,6 @@ func adminConsole(c *api.Context, w http.ResponseWriter, r *http.Request) { return } -<<<<<<< HEAD teamChan := api.Srv.Store.Team().Get(c.Session.TeamId) userChan := api.Srv.Store.User().Get(c.Session.UserId) @@ -777,20 +776,16 @@ func adminConsole(c *api.Context, w http.ResponseWriter, r *http.Request) { user = ur.Data.(*model.User) } - page := NewHtmlTemplatePage("admin_console", "Admin Console") - page.User = user - page.Team = team - page.Session = &c.Session -======= params := mux.Vars(r) activeTab := params["tab"] teamId := params["team"] page := NewHtmlTemplatePage("admin_console", "Admin Console") - + page.User = user + page.Team = team + page.Session = &c.Session page.Props["ActiveTab"] = activeTab page.Props["TeamId"] = teamId ->>>>>>> master page.Render(c, w) } -- cgit v1.2.3-1-g7c22 From fa3a0df2b63d3f1bbbad44bf20afa48fed42aa06 Mon Sep 17 00:00:00 2001 From: =Corey Hulen Date: Tue, 20 Oct 2015 04:37:51 -0700 Subject: Adding multi-session cookie --- web/web.go | 36 ++++++------------------------------ 1 file changed, 6 insertions(+), 30 deletions(-) (limited to 'web/web.go') diff --git a/web/web.go b/web/web.go index 701e36e95..56db99733 100644 --- a/web/web.go +++ b/web/web.go @@ -15,11 +15,7 @@ import ( "gopkg.in/fsnotify.v1" "html/template" "net/http" -<<<<<<< HEAD "net/url" - "regexp" -======= ->>>>>>> master "strconv" "strings" ) @@ -48,8 +44,8 @@ func (me *HtmlTemplatePage) Render(c *api.Context, w http.ResponseWriter) { me.User.Sanitize(map[string]bool{}) } - if me.Session != nil { - me.Session.Sanitize() + if len(c.Session.Token) > 0 { + me.SessionTokenHash = model.HashPassword(c.Session.Token) } if err := Templates.ExecuteTemplate(w, me.TemplateName, me); err != nil { @@ -95,9 +91,9 @@ func InitWeb() { mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/login", api.AppHandler(login)).Methods("GET") mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/logout", api.AppHandler(logout)).Methods("GET") mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/reset_password", api.AppHandler(resetPassword)).Methods("GET") - mainrouter.Handle("/{team}/login/{service}", api.AppHandler(loginWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. - mainrouter.Handle("/{team}/channels/{channelname}", api.UserRequired(getChannel)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. - mainrouter.Handle("/{team}/signup/{service}", api.AppHandler(signupWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. + mainrouter.Handle("/{team}/login/{service}", api.AppHandler(loginWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. + mainrouter.Handle("/{team}/channels/{channelname}", api.AppHandler(getChannel)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. + mainrouter.Handle("/{team}/signup/{service}", api.AppHandler(signupWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. watchAndParseTemplates() } @@ -205,7 +201,6 @@ func root(c *api.Context, w http.ResponseWriter, r *http.Request) { page := NewHtmlTemplatePage("home", "Home") page.Team = team page.User = user - page.Session = &c.Session page.Render(c, w) } } @@ -236,26 +231,10 @@ func login(c *api.Context, w http.ResponseWriter, r *http.Request) { team = tResult.Data.(*model.Team) } - // If we are already logged into this team then go to town-square - if len(c.Session.UserId) != 0 && c.Session.TeamId == team.Id { - http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusTemporaryRedirect) - return - } - // We still might be able to switch to this team because we've logged in before session := api.FindMultiSessionForTeamId(r, team.Id) if session != nil { w.Header().Set(model.HEADER_TOKEN, session.Token) - sessionCookie := &http.Cookie{ - Name: model.SESSION_TOKEN, - Value: session.Token, - Path: "/", - MaxAge: model.SESSION_TIME_WEB_IN_SECS, - HttpOnly: true, - } - - http.SetCookie(w, sessionCookie) - http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusTemporaryRedirect) return } @@ -375,6 +354,7 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { session := api.FindMultiSessionForTeamId(r, team.Id) if session == nil { // redirect to login + fmt.Println(">>>>>>>>>>forwarding") http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/?redirect="+url.QueryEscape(r.URL.Path), http.StatusTemporaryRedirect) } else { c.Session = *session @@ -449,7 +429,6 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { page.Props["UserId"] = c.Session.UserId page.Team = team page.User = user - page.Session = &c.Session page.Render(c, w) } @@ -678,7 +657,6 @@ func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) page := NewHtmlTemplatePage("home", "Home") page.Team = team page.User = ruser - page.Session = &c.Session page.Render(c, w) } } @@ -745,7 +723,6 @@ func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) page := NewHtmlTemplatePage("home", "Home") page.Team = team page.User = user - page.Session = &c.Session page.Render(c, w) root(c, w, r) @@ -786,7 +763,6 @@ func adminConsole(c *api.Context, w http.ResponseWriter, r *http.Request) { page := NewHtmlTemplatePage("admin_console", "Admin Console") page.User = user page.Team = team - page.Session = &c.Session page.Props["ActiveTab"] = activeTab page.Props["TeamId"] = teamId page.Render(c, w) -- cgit v1.2.3-1-g7c22 From 1fc12dd8ba2238eba7d154eee55e1381e7415372 Mon Sep 17 00:00:00 2001 From: =Corey Hulen Date: Tue, 20 Oct 2015 14:49:42 -0700 Subject: Multi-session login --- web/web.go | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'web/web.go') diff --git a/web/web.go b/web/web.go index 56db99733..e379bf35c 100644 --- a/web/web.go +++ b/web/web.go @@ -44,9 +44,7 @@ func (me *HtmlTemplatePage) Render(c *api.Context, w http.ResponseWriter) { me.User.Sanitize(map[string]bool{}) } - if len(c.Session.Token) > 0 { - me.SessionTokenHash = model.HashPassword(c.Session.Token) - } + me.SessionTokenIndex = c.SessionTokenIndex if err := Templates.ExecuteTemplate(w, me.TemplateName, me); err != nil { c.SetUnknownError(me.TemplateName, err.Error()) @@ -232,7 +230,7 @@ func login(c *api.Context, w http.ResponseWriter, r *http.Request) { } // We still might be able to switch to this team because we've logged in before - session := api.FindMultiSessionForTeamId(r, team.Id) + _, session := api.FindMultiSessionForTeamId(r, team.Id) if session != nil { w.Header().Set(model.HEADER_TOKEN, session.Token) http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusTemporaryRedirect) @@ -351,13 +349,13 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { // We are logged into a different team. Lets see if we have another // session in the cookie that will give us access. if c.Session.TeamId != team.Id { - session := api.FindMultiSessionForTeamId(r, team.Id) + index, session := api.FindMultiSessionForTeamId(r, team.Id) if session == nil { // redirect to login - fmt.Println(">>>>>>>>>>forwarding") http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/?redirect="+url.QueryEscape(r.URL.Path), http.StatusTemporaryRedirect) } else { c.Session = *session + c.SessionTokenIndex = index } } @@ -1028,6 +1026,7 @@ func incomingWebhook(c *api.Context, w http.ResponseWriter, r *http.Request) { // create a mock session c.Session = model.Session{UserId: hook.UserId, TeamId: hook.TeamId, IsOAuth: false} + c.SessionTokenIndex = 0 if !c.HasPermissionsToChannel(pchan, "createIncomingHook") && channel.Type != model.CHANNEL_OPEN { c.Err = model.NewAppError("incomingWebhook", "Inappropriate channel permissions", "") -- cgit v1.2.3-1-g7c22 From cbbee5cadb1c0096bfff9ce1cc80d4be7adb5717 Mon Sep 17 00:00:00 2001 From: =Corey Hulen Date: Thu, 22 Oct 2015 09:36:46 -0700 Subject: Addressing issues from group code review --- web/web.go | 1 - 1 file changed, 1 deletion(-) (limited to 'web/web.go') diff --git a/web/web.go b/web/web.go index 0a0e57f4b..5f290ec99 100644 --- a/web/web.go +++ b/web/web.go @@ -1026,7 +1026,6 @@ func incomingWebhook(c *api.Context, w http.ResponseWriter, r *http.Request) { // create a mock session c.Session = model.Session{UserId: hook.UserId, TeamId: hook.TeamId, IsOAuth: false} - c.SessionTokenIndex = 0 if !c.HasPermissionsToChannel(pchan, "createIncomingHook") && channel.Type != model.CHANNEL_OPEN { c.Err = model.NewAppError("incomingWebhook", "Inappropriate channel permissions", "") -- cgit v1.2.3-1-g7c22