github.com/adacta-ru/mattermost-server@v5.11.1+incompatible/app/ldap.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "fmt" 8 "net/http" 9 10 "github.com/mattermost/mattermost-server/mlog" 11 "github.com/mattermost/mattermost-server/model" 12 "github.com/mattermost/mattermost-server/utils" 13 ) 14 15 func (a *App) SyncLdap() { 16 a.Srv.Go(func() { 17 18 if license := a.License(); license != nil && *license.Features.LDAP && *a.Config().LdapSettings.EnableSync { 19 if ldapI := a.Ldap; ldapI != nil { 20 ldapI.StartSynchronizeJob(false) 21 } else { 22 mlog.Error(fmt.Sprintf("%v", model.NewAppError("SyncLdap", "ent.ldap.disabled.app_error", nil, "", http.StatusNotImplemented).Error())) 23 } 24 } 25 }) 26 } 27 28 func (a *App) TestLdap() *model.AppError { 29 license := a.License() 30 if ldapI := a.Ldap; ldapI != nil && license != nil && *license.Features.LDAP && (*a.Config().LdapSettings.Enable || *a.Config().LdapSettings.EnableSync) { 31 if err := ldapI.RunTest(); err != nil { 32 err.StatusCode = 500 33 return err 34 } 35 } else { 36 err := model.NewAppError("TestLdap", "ent.ldap.disabled.app_error", nil, "", http.StatusNotImplemented) 37 return err 38 } 39 40 return nil 41 } 42 43 // GetLdapGroup retrieves a single LDAP group by the given LDAP group id. 44 func (a *App) GetLdapGroup(ldapGroupID string) (*model.Group, *model.AppError) { 45 var group *model.Group 46 47 if a.Ldap != nil { 48 var err *model.AppError 49 group, err = a.Ldap.GetGroup(ldapGroupID) 50 if err != nil { 51 return nil, err 52 } 53 } else { 54 ae := model.NewAppError("GetLdapGroup", "ent.ldap.app_error", nil, "", http.StatusNotImplemented) 55 mlog.Error(fmt.Sprintf("%v", ae.Error())) 56 return nil, ae 57 } 58 59 return group, nil 60 } 61 62 // GetAllLdapGroupsPage retrieves all LDAP groups under the configured base DN using the default or configured group 63 // filter. 64 func (a *App) GetAllLdapGroupsPage(page int, perPage int, opts model.GroupSearchOpts) ([]*model.Group, int, *model.AppError) { 65 var groups []*model.Group 66 var total int 67 68 if a.Ldap != nil { 69 var err *model.AppError 70 groups, total, err = a.Ldap.GetAllGroupsPage(page, perPage, opts) 71 if err != nil { 72 return nil, 0, err 73 } 74 } else { 75 ae := model.NewAppError("GetAllLdapGroupsPage", "ent.ldap.app_error", nil, "", http.StatusNotImplemented) 76 mlog.Error(fmt.Sprintf("%v", ae.Error())) 77 return nil, 0, ae 78 } 79 80 return groups, total, nil 81 } 82 83 func (a *App) SwitchEmailToLdap(email, password, code, ldapLoginId, ldapPassword string) (string, *model.AppError) { 84 if a.License() != nil && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer { 85 return "", model.NewAppError("emailToLdap", "api.user.email_to_ldap.not_available.app_error", nil, "", http.StatusForbidden) 86 } 87 88 user, err := a.GetUserByEmail(email) 89 if err != nil { 90 return "", err 91 } 92 93 if err := a.CheckPasswordAndAllCriteria(user, password, code); err != nil { 94 return "", err 95 } 96 97 if err := a.RevokeAllSessions(user.Id); err != nil { 98 return "", err 99 } 100 101 ldapInterface := a.Ldap 102 if ldapInterface == nil { 103 return "", model.NewAppError("SwitchEmailToLdap", "api.user.email_to_ldap.not_available.app_error", nil, "", http.StatusNotImplemented) 104 } 105 106 if err := ldapInterface.SwitchToLdap(user.Id, ldapLoginId, ldapPassword); err != nil { 107 return "", err 108 } 109 110 a.Srv.Go(func() { 111 if err := a.SendSignInChangeEmail(user.Email, "AD/LDAP", user.Locale, a.GetSiteURL()); err != nil { 112 mlog.Error(err.Error()) 113 } 114 }) 115 116 return "/login?extra=signin_change", nil 117 } 118 119 func (a *App) SwitchLdapToEmail(ldapPassword, code, email, newPassword string) (string, *model.AppError) { 120 if a.License() != nil && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer { 121 return "", model.NewAppError("ldapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "", http.StatusForbidden) 122 } 123 124 user, err := a.GetUserByEmail(email) 125 if err != nil { 126 return "", err 127 } 128 129 if user.AuthService != model.USER_AUTH_SERVICE_LDAP { 130 return "", model.NewAppError("SwitchLdapToEmail", "api.user.ldap_to_email.not_ldap_account.app_error", nil, "", http.StatusBadRequest) 131 } 132 133 ldapInterface := a.Ldap 134 if ldapInterface == nil || user.AuthData == nil { 135 return "", model.NewAppError("SwitchLdapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "", http.StatusNotImplemented) 136 } 137 138 if err := ldapInterface.CheckPasswordAuthData(*user.AuthData, ldapPassword); err != nil { 139 return "", err 140 } 141 142 if err := a.CheckUserMfa(user, code); err != nil { 143 return "", err 144 } 145 146 if err := a.UpdatePassword(user, newPassword); err != nil { 147 return "", err 148 } 149 150 if err := a.RevokeAllSessions(user.Id); err != nil { 151 return "", err 152 } 153 154 T := utils.GetUserTranslations(user.Locale) 155 156 a.Srv.Go(func() { 157 if err := a.SendSignInChangeEmail(user.Email, T("api.templates.signin_change_email.body.method_email"), user.Locale, a.GetSiteURL()); err != nil { 158 mlog.Error(err.Error()) 159 } 160 }) 161 162 return "/login?extra=signin_change", nil 163 }