github.com/dschalla/mattermost-server@v4.8.1-rc1+incompatible/app/user.go (about) 1 // Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "bytes" 8 b64 "encoding/base64" 9 "fmt" 10 "hash/fnv" 11 "image" 12 "image/color" 13 "image/draw" 14 _ "image/gif" 15 _ "image/jpeg" 16 "image/png" 17 "io" 18 "io/ioutil" 19 "mime/multipart" 20 "net/http" 21 "strconv" 22 "strings" 23 24 l4g "github.com/alecthomas/log4go" 25 "github.com/disintegration/imaging" 26 "github.com/golang/freetype" 27 "github.com/mattermost/mattermost-server/einterfaces" 28 "github.com/mattermost/mattermost-server/model" 29 "github.com/mattermost/mattermost-server/store" 30 "github.com/mattermost/mattermost-server/utils" 31 ) 32 33 const ( 34 TOKEN_TYPE_PASSWORD_RECOVERY = "password_recovery" 35 TOKEN_TYPE_VERIFY_EMAIL = "verify_email" 36 PASSWORD_RECOVER_EXPIRY_TIME = 1000 * 60 * 60 // 1 hour 37 VERIFY_EMAIL_EXPIRY_TIME = 1000 * 60 * 60 // 1 hour 38 IMAGE_PROFILE_PIXEL_DIMENSION = 128 39 ) 40 41 func (a *App) CreateUserWithHash(user *model.User, hash string, data string) (*model.User, *model.AppError) { 42 if err := a.IsUserSignUpAllowed(); err != nil { 43 return nil, err 44 } 45 46 props := model.MapFromJson(strings.NewReader(data)) 47 48 if hash != utils.HashSha256(fmt.Sprintf("%v:%v", data, a.Config().EmailSettings.InviteSalt)) { 49 return nil, model.NewAppError("CreateUserWithHash", "api.user.create_user.signup_link_invalid.app_error", nil, "", http.StatusInternalServerError) 50 } 51 52 if t, err := strconv.ParseInt(props["time"], 10, 64); err != nil || model.GetMillis()-t > 1000*60*60*48 { // 48 hours 53 return nil, model.NewAppError("CreateUserWithHash", "api.user.create_user.signup_link_expired.app_error", nil, "", http.StatusInternalServerError) 54 } 55 56 teamId := props["id"] 57 58 var team *model.Team 59 if result := <-a.Srv.Store.Team().Get(teamId); result.Err != nil { 60 return nil, result.Err 61 } else { 62 team = result.Data.(*model.Team) 63 } 64 65 user.Email = props["email"] 66 user.EmailVerified = true 67 68 var ruser *model.User 69 var err *model.AppError 70 if ruser, err = a.CreateUser(user); err != nil { 71 return nil, err 72 } 73 74 if err := a.JoinUserToTeam(team, ruser, ""); err != nil { 75 return nil, err 76 } 77 78 a.AddDirectChannels(team.Id, ruser) 79 80 return ruser, nil 81 } 82 83 func (a *App) CreateUserWithInviteId(user *model.User, inviteId string) (*model.User, *model.AppError) { 84 if err := a.IsUserSignUpAllowed(); err != nil { 85 return nil, err 86 } 87 88 var team *model.Team 89 if result := <-a.Srv.Store.Team().GetByInviteId(inviteId); result.Err != nil { 90 return nil, result.Err 91 } else { 92 team = result.Data.(*model.Team) 93 } 94 95 user.EmailVerified = false 96 97 var ruser *model.User 98 var err *model.AppError 99 if ruser, err = a.CreateUser(user); err != nil { 100 return nil, err 101 } 102 103 if err := a.JoinUserToTeam(team, ruser, ""); err != nil { 104 return nil, err 105 } 106 107 a.AddDirectChannels(team.Id, ruser) 108 109 if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, a.GetSiteURL()); err != nil { 110 l4g.Error(err.Error()) 111 } 112 113 return ruser, nil 114 } 115 116 func (a *App) CreateUserAsAdmin(user *model.User) (*model.User, *model.AppError) { 117 ruser, err := a.CreateUser(user) 118 if err != nil { 119 return nil, err 120 } 121 122 if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, a.GetSiteURL()); err != nil { 123 l4g.Error(err.Error()) 124 } 125 126 return ruser, nil 127 } 128 129 func (a *App) CreateUserFromSignup(user *model.User) (*model.User, *model.AppError) { 130 if err := a.IsUserSignUpAllowed(); err != nil { 131 return nil, err 132 } 133 134 if !a.IsFirstUserAccount() && !*a.Config().TeamSettings.EnableOpenServer { 135 err := model.NewAppError("CreateUserFromSignup", "api.user.create_user.no_open_server", nil, "email="+user.Email, http.StatusForbidden) 136 return nil, err 137 } 138 139 user.EmailVerified = false 140 141 ruser, err := a.CreateUser(user) 142 if err != nil { 143 return nil, err 144 } 145 146 if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, a.GetSiteURL()); err != nil { 147 l4g.Error(err.Error()) 148 } 149 150 return ruser, nil 151 } 152 153 func (a *App) IsUserSignUpAllowed() *model.AppError { 154 if !a.Config().EmailSettings.EnableSignUpWithEmail || !a.Config().TeamSettings.EnableUserCreation { 155 err := model.NewAppError("IsUserSignUpAllowed", "api.user.create_user.signup_email_disabled.app_error", nil, "", http.StatusNotImplemented) 156 return err 157 } 158 return nil 159 } 160 161 func (a *App) IsFirstUserAccount() bool { 162 if a.SessionCacheLength() == 0 { 163 if cr := <-a.Srv.Store.User().GetTotalUsersCount(); cr.Err != nil { 164 l4g.Error(cr.Err) 165 return false 166 } else { 167 count := cr.Data.(int64) 168 if count <= 0 { 169 return true 170 } 171 } 172 } 173 174 return false 175 } 176 177 func (a *App) CreateUser(user *model.User) (*model.User, *model.AppError) { 178 if !user.IsLDAPUser() && !user.IsSAMLUser() && !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) { 179 return nil, model.NewAppError("CreateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest) 180 } 181 182 user.Roles = model.SYSTEM_USER_ROLE_ID 183 184 // Below is a special case where the first user in the entire 185 // system is granted the system_admin role 186 if result := <-a.Srv.Store.User().GetTotalUsersCount(); result.Err != nil { 187 return nil, result.Err 188 } else { 189 count := result.Data.(int64) 190 if count <= 0 { 191 user.Roles = model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID 192 } 193 } 194 195 if _, ok := utils.GetSupportedLocales()[user.Locale]; !ok { 196 user.Locale = *a.Config().LocalizationSettings.DefaultClientLocale 197 } 198 199 if ruser, err := a.createUser(user); err != nil { 200 return nil, err 201 } else { 202 // This message goes to everyone, so the teamId, channelId and userId are irrelevant 203 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_NEW_USER, "", "", "", nil) 204 message.Add("user_id", ruser.Id) 205 a.Go(func() { 206 a.Publish(message) 207 }) 208 209 return ruser, nil 210 } 211 } 212 213 func (a *App) createUser(user *model.User) (*model.User, *model.AppError) { 214 user.MakeNonNil() 215 216 if err := a.IsPasswordValid(user.Password); user.AuthService == "" && err != nil { 217 return nil, err 218 } 219 220 if result := <-a.Srv.Store.User().Save(user); result.Err != nil { 221 l4g.Error(utils.T("api.user.create_user.save.error"), result.Err) 222 return nil, result.Err 223 } else { 224 ruser := result.Data.(*model.User) 225 226 if user.EmailVerified { 227 if err := a.VerifyUserEmail(ruser.Id); err != nil { 228 l4g.Error(utils.T("api.user.create_user.verified.error"), err) 229 } 230 } 231 232 pref := model.Preference{UserId: ruser.Id, Category: model.PREFERENCE_CATEGORY_TUTORIAL_STEPS, Name: ruser.Id, Value: "0"} 233 if presult := <-a.Srv.Store.Preference().Save(&model.Preferences{pref}); presult.Err != nil { 234 l4g.Error(utils.T("api.user.create_user.tutorial.error"), presult.Err.Message) 235 } 236 237 ruser.Sanitize(map[string]bool{}) 238 239 return ruser, nil 240 } 241 } 242 243 func (a *App) CreateOAuthUser(service string, userData io.Reader, teamId string) (*model.User, *model.AppError) { 244 if !a.Config().TeamSettings.EnableUserCreation { 245 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_user.disabled.app_error", nil, "", http.StatusNotImplemented) 246 } 247 248 var user *model.User 249 provider := einterfaces.GetOauthProvider(service) 250 if provider == nil { 251 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.not_available.app_error", map[string]interface{}{"Service": strings.Title(service)}, "", http.StatusNotImplemented) 252 } else { 253 user = provider.GetUserFromJson(userData) 254 } 255 256 if user == nil { 257 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.create.app_error", map[string]interface{}{"Service": service}, "", http.StatusInternalServerError) 258 } 259 260 suchan := a.Srv.Store.User().GetByAuth(user.AuthData, service) 261 euchan := a.Srv.Store.User().GetByEmail(user.Email) 262 263 found := true 264 count := 0 265 for found { 266 if found = a.IsUsernameTaken(user.Username); found { 267 user.Username = user.Username + strconv.Itoa(count) 268 count += 1 269 } 270 } 271 272 if result := <-suchan; result.Err == nil { 273 return result.Data.(*model.User), nil 274 } 275 276 if result := <-euchan; result.Err == nil { 277 authService := result.Data.(*model.User).AuthService 278 if authService == "" { 279 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.already_attached.app_error", map[string]interface{}{"Service": service, "Auth": model.USER_AUTH_SERVICE_EMAIL}, "email="+user.Email, http.StatusBadRequest) 280 } else { 281 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.already_attached.app_error", map[string]interface{}{"Service": service, "Auth": authService}, "email="+user.Email, http.StatusBadRequest) 282 } 283 } 284 285 user.EmailVerified = true 286 287 ruser, err := a.CreateUser(user) 288 if err != nil { 289 return nil, err 290 } 291 292 if len(teamId) > 0 { 293 err = a.AddUserToTeamByTeamId(teamId, user) 294 if err != nil { 295 return nil, err 296 } 297 298 err = a.AddDirectChannels(teamId, user) 299 if err != nil { 300 l4g.Error(err.Error()) 301 } 302 } 303 304 return ruser, nil 305 } 306 307 // Check that a user's email domain matches a list of space-delimited domains as a string. 308 func CheckUserDomain(user *model.User, domains string) bool { 309 if len(domains) == 0 { 310 return true 311 } 312 313 domainArray := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(domains, "@", " ", -1), ",", " ", -1)))) 314 315 for _, d := range domainArray { 316 if strings.HasSuffix(strings.ToLower(user.Email), "@"+d) { 317 return true 318 } 319 } 320 321 return false 322 } 323 324 // Check if the username is already used by another user. Return false if the username is invalid. 325 func (a *App) IsUsernameTaken(name string) bool { 326 327 if !model.IsValidUsername(name) { 328 return false 329 } 330 331 if result := <-a.Srv.Store.User().GetByUsername(name); result.Err != nil { 332 return false 333 } 334 335 return true 336 } 337 338 func (a *App) GetUser(userId string) (*model.User, *model.AppError) { 339 if result := <-a.Srv.Store.User().Get(userId); result.Err != nil { 340 return nil, result.Err 341 } else { 342 return result.Data.(*model.User), nil 343 } 344 } 345 346 func (a *App) GetUserByUsername(username string) (*model.User, *model.AppError) { 347 if result := <-a.Srv.Store.User().GetByUsername(username); result.Err != nil && result.Err.Id == "store.sql_user.get_by_username.app_error" { 348 result.Err.StatusCode = http.StatusNotFound 349 return nil, result.Err 350 } else { 351 return result.Data.(*model.User), nil 352 } 353 } 354 355 func (a *App) GetUserByEmail(email string) (*model.User, *model.AppError) { 356 357 if result := <-a.Srv.Store.User().GetByEmail(email); result.Err != nil && result.Err.Id == "store.sql_user.missing_account.const" { 358 result.Err.StatusCode = http.StatusNotFound 359 return nil, result.Err 360 } else if result.Err != nil { 361 result.Err.StatusCode = http.StatusBadRequest 362 return nil, result.Err 363 } else { 364 return result.Data.(*model.User), nil 365 } 366 } 367 368 func (a *App) GetUserByAuth(authData *string, authService string) (*model.User, *model.AppError) { 369 if result := <-a.Srv.Store.User().GetByAuth(authData, authService); result.Err != nil { 370 return nil, result.Err 371 } else { 372 return result.Data.(*model.User), nil 373 } 374 } 375 376 func (a *App) GetUserForLogin(loginId string, onlyLdap bool) (*model.User, *model.AppError) { 377 license := a.License() 378 ldapAvailable := *a.Config().LdapSettings.Enable && a.Ldap != nil && license != nil && *license.Features.LDAP 379 380 if result := <-a.Srv.Store.User().GetForLogin( 381 loginId, 382 *a.Config().EmailSettings.EnableSignInWithUsername && !onlyLdap, 383 *a.Config().EmailSettings.EnableSignInWithEmail && !onlyLdap, 384 ldapAvailable, 385 ); result.Err != nil && result.Err.Id == "store.sql_user.get_for_login.multiple_users" { 386 // don't fall back to LDAP in this case since we already know there's an LDAP user, but that it shouldn't work 387 result.Err.StatusCode = http.StatusBadRequest 388 return nil, result.Err 389 } else if result.Err != nil { 390 if !ldapAvailable { 391 // failed to find user and no LDAP server to fall back on 392 result.Err.StatusCode = http.StatusBadRequest 393 return nil, result.Err 394 } 395 396 // fall back to LDAP server to see if we can find a user 397 if ldapUser, ldapErr := a.Ldap.GetUser(loginId); ldapErr != nil { 398 ldapErr.StatusCode = http.StatusBadRequest 399 return nil, ldapErr 400 } else { 401 return ldapUser, nil 402 } 403 } else { 404 return result.Data.(*model.User), nil 405 } 406 } 407 408 func (a *App) GetUsers(offset int, limit int) ([]*model.User, *model.AppError) { 409 if result := <-a.Srv.Store.User().GetAllProfiles(offset, limit); result.Err != nil { 410 return nil, result.Err 411 } else { 412 return result.Data.([]*model.User), nil 413 } 414 } 415 416 func (a *App) GetUsersMap(offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 417 users, err := a.GetUsers(offset, limit) 418 if err != nil { 419 return nil, err 420 } 421 422 userMap := make(map[string]*model.User, len(users)) 423 424 for _, user := range users { 425 a.SanitizeProfile(user, asAdmin) 426 userMap[user.Id] = user 427 } 428 429 return userMap, nil 430 } 431 432 func (a *App) GetUsersPage(page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 433 users, err := a.GetUsers(page*perPage, perPage) 434 if err != nil { 435 return nil, err 436 } 437 438 return a.sanitizeProfiles(users, asAdmin), nil 439 } 440 441 func (a *App) GetUsersEtag() string { 442 return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForAllProfiles()).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress) 443 } 444 445 func (a *App) GetUsersInTeam(teamId string, offset int, limit int) ([]*model.User, *model.AppError) { 446 if result := <-a.Srv.Store.User().GetProfiles(teamId, offset, limit); result.Err != nil { 447 return nil, result.Err 448 } else { 449 return result.Data.([]*model.User), nil 450 } 451 } 452 453 func (a *App) GetUsersNotInTeam(teamId string, offset int, limit int) ([]*model.User, *model.AppError) { 454 if result := <-a.Srv.Store.User().GetProfilesNotInTeam(teamId, offset, limit); result.Err != nil { 455 return nil, result.Err 456 } else { 457 return result.Data.([]*model.User), nil 458 } 459 } 460 461 func (a *App) GetUsersInTeamMap(teamId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 462 users, err := a.GetUsersInTeam(teamId, offset, limit) 463 if err != nil { 464 return nil, err 465 } 466 467 userMap := make(map[string]*model.User, len(users)) 468 469 for _, user := range users { 470 a.SanitizeProfile(user, asAdmin) 471 userMap[user.Id] = user 472 } 473 474 return userMap, nil 475 } 476 477 func (a *App) GetUsersInTeamPage(teamId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 478 users, err := a.GetUsersInTeam(teamId, page*perPage, perPage) 479 if err != nil { 480 return nil, err 481 } 482 483 return a.sanitizeProfiles(users, asAdmin), nil 484 } 485 486 func (a *App) GetUsersNotInTeamPage(teamId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 487 users, err := a.GetUsersNotInTeam(teamId, page*perPage, perPage) 488 if err != nil { 489 return nil, err 490 } 491 492 return a.sanitizeProfiles(users, asAdmin), nil 493 } 494 495 func (a *App) GetUsersInTeamEtag(teamId string) string { 496 return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForProfiles(teamId)).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress) 497 } 498 499 func (a *App) GetUsersNotInTeamEtag(teamId string) string { 500 return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForProfilesNotInTeam(teamId)).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress) 501 } 502 503 func (a *App) GetUsersInChannel(channelId string, offset int, limit int) ([]*model.User, *model.AppError) { 504 if result := <-a.Srv.Store.User().GetProfilesInChannel(channelId, offset, limit); result.Err != nil { 505 return nil, result.Err 506 } else { 507 return result.Data.([]*model.User), nil 508 } 509 } 510 511 func (a *App) GetUsersInChannelMap(channelId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 512 users, err := a.GetUsersInChannel(channelId, offset, limit) 513 if err != nil { 514 return nil, err 515 } 516 517 userMap := make(map[string]*model.User, len(users)) 518 519 for _, user := range users { 520 a.SanitizeProfile(user, asAdmin) 521 userMap[user.Id] = user 522 } 523 524 return userMap, nil 525 } 526 527 func (a *App) GetUsersInChannelPage(channelId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 528 users, err := a.GetUsersInChannel(channelId, page*perPage, perPage) 529 if err != nil { 530 return nil, err 531 } 532 533 return a.sanitizeProfiles(users, asAdmin), nil 534 } 535 536 func (a *App) GetUsersNotInChannel(teamId string, channelId string, offset int, limit int) ([]*model.User, *model.AppError) { 537 if result := <-a.Srv.Store.User().GetProfilesNotInChannel(teamId, channelId, offset, limit); result.Err != nil { 538 return nil, result.Err 539 } else { 540 return result.Data.([]*model.User), nil 541 } 542 } 543 544 func (a *App) GetUsersNotInChannelMap(teamId string, channelId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 545 users, err := a.GetUsersNotInChannel(teamId, channelId, offset, limit) 546 if err != nil { 547 return nil, err 548 } 549 550 userMap := make(map[string]*model.User, len(users)) 551 552 for _, user := range users { 553 a.SanitizeProfile(user, asAdmin) 554 userMap[user.Id] = user 555 } 556 557 return userMap, nil 558 } 559 560 func (a *App) GetUsersNotInChannelPage(teamId string, channelId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 561 users, err := a.GetUsersNotInChannel(teamId, channelId, page*perPage, perPage) 562 if err != nil { 563 return nil, err 564 } 565 566 return a.sanitizeProfiles(users, asAdmin), nil 567 } 568 569 func (a *App) GetUsersWithoutTeamPage(page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 570 users, err := a.GetUsersWithoutTeam(page*perPage, perPage) 571 if err != nil { 572 return nil, err 573 } 574 575 return a.sanitizeProfiles(users, asAdmin), nil 576 } 577 578 func (a *App) GetUsersWithoutTeam(offset int, limit int) ([]*model.User, *model.AppError) { 579 if result := <-a.Srv.Store.User().GetProfilesWithoutTeam(offset, limit); result.Err != nil { 580 return nil, result.Err 581 } else { 582 return result.Data.([]*model.User), nil 583 } 584 } 585 586 func (a *App) GetUsersByIds(userIds []string, asAdmin bool) ([]*model.User, *model.AppError) { 587 if result := <-a.Srv.Store.User().GetProfileByIds(userIds, true); result.Err != nil { 588 return nil, result.Err 589 } else { 590 users := result.Data.([]*model.User) 591 return a.sanitizeProfiles(users, asAdmin), nil 592 } 593 } 594 595 func (a *App) GetUsersByUsernames(usernames []string, asAdmin bool) ([]*model.User, *model.AppError) { 596 if result := <-a.Srv.Store.User().GetProfilesByUsernames(usernames, ""); result.Err != nil { 597 return nil, result.Err 598 } else { 599 users := result.Data.([]*model.User) 600 return a.sanitizeProfiles(users, asAdmin), nil 601 } 602 } 603 604 func (a *App) sanitizeProfiles(users []*model.User, asAdmin bool) []*model.User { 605 for _, u := range users { 606 a.SanitizeProfile(u, asAdmin) 607 } 608 609 return users 610 } 611 612 func (a *App) GenerateMfaSecret(userId string) (*model.MfaSecret, *model.AppError) { 613 if a.Mfa == nil { 614 return nil, model.NewAppError("generateMfaSecret", "api.user.generate_mfa_qr.not_available.app_error", nil, "", http.StatusNotImplemented) 615 } 616 617 var user *model.User 618 var err *model.AppError 619 if user, err = a.GetUser(userId); err != nil { 620 return nil, err 621 } 622 623 secret, img, err := a.Mfa.GenerateSecret(user) 624 if err != nil { 625 return nil, err 626 } 627 628 mfaSecret := &model.MfaSecret{Secret: secret, QRCode: b64.StdEncoding.EncodeToString(img)} 629 return mfaSecret, nil 630 } 631 632 func (a *App) ActivateMfa(userId, token string) *model.AppError { 633 if a.Mfa == nil { 634 err := model.NewAppError("ActivateMfa", "api.user.update_mfa.not_available.app_error", nil, "", http.StatusNotImplemented) 635 return err 636 } 637 638 var user *model.User 639 if result := <-a.Srv.Store.User().Get(userId); result.Err != nil { 640 return result.Err 641 } else { 642 user = result.Data.(*model.User) 643 } 644 645 if len(user.AuthService) > 0 && user.AuthService != model.USER_AUTH_SERVICE_LDAP { 646 return model.NewAppError("ActivateMfa", "api.user.activate_mfa.email_and_ldap_only.app_error", nil, "", http.StatusBadRequest) 647 } 648 649 if err := a.Mfa.Activate(user, token); err != nil { 650 return err 651 } 652 653 return nil 654 } 655 656 func (a *App) DeactivateMfa(userId string) *model.AppError { 657 if a.Mfa == nil { 658 err := model.NewAppError("DeactivateMfa", "api.user.update_mfa.not_available.app_error", nil, "", http.StatusNotImplemented) 659 return err 660 } 661 662 if err := a.Mfa.Deactivate(userId); err != nil { 663 return err 664 } 665 666 return nil 667 } 668 669 func CreateProfileImage(username string, userId string, initialFont string) ([]byte, *model.AppError) { 670 colors := []color.NRGBA{ 671 {197, 8, 126, 255}, 672 {227, 207, 18, 255}, 673 {28, 181, 105, 255}, 674 {35, 188, 224, 255}, 675 {116, 49, 196, 255}, 676 {197, 8, 126, 255}, 677 {197, 19, 19, 255}, 678 {250, 134, 6, 255}, 679 {227, 207, 18, 255}, 680 {123, 201, 71, 255}, 681 {28, 181, 105, 255}, 682 {35, 188, 224, 255}, 683 {116, 49, 196, 255}, 684 {197, 8, 126, 255}, 685 {197, 19, 19, 255}, 686 {250, 134, 6, 255}, 687 {227, 207, 18, 255}, 688 {123, 201, 71, 255}, 689 {28, 181, 105, 255}, 690 {35, 188, 224, 255}, 691 {116, 49, 196, 255}, 692 {197, 8, 126, 255}, 693 {197, 19, 19, 255}, 694 {250, 134, 6, 255}, 695 {227, 207, 18, 255}, 696 {123, 201, 71, 255}, 697 } 698 699 h := fnv.New32a() 700 h.Write([]byte(userId)) 701 seed := h.Sum32() 702 703 initial := string(strings.ToUpper(username)[0]) 704 705 fontDir, _ := utils.FindDir("fonts") 706 fontBytes, err := ioutil.ReadFile(fontDir + initialFont) 707 if err != nil { 708 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.default_font.app_error", nil, err.Error(), http.StatusInternalServerError) 709 } 710 font, err := freetype.ParseFont(fontBytes) 711 if err != nil { 712 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.default_font.app_error", nil, err.Error(), http.StatusInternalServerError) 713 } 714 715 color := colors[int64(seed)%int64(len(colors))] 716 dstImg := image.NewRGBA(image.Rect(0, 0, IMAGE_PROFILE_PIXEL_DIMENSION, IMAGE_PROFILE_PIXEL_DIMENSION)) 717 srcImg := image.White 718 draw.Draw(dstImg, dstImg.Bounds(), &image.Uniform{color}, image.ZP, draw.Src) 719 size := float64(IMAGE_PROFILE_PIXEL_DIMENSION / 2) 720 721 c := freetype.NewContext() 722 c.SetFont(font) 723 c.SetFontSize(size) 724 c.SetClip(dstImg.Bounds()) 725 c.SetDst(dstImg) 726 c.SetSrc(srcImg) 727 728 pt := freetype.Pt(IMAGE_PROFILE_PIXEL_DIMENSION/6, IMAGE_PROFILE_PIXEL_DIMENSION*2/3) 729 _, err = c.DrawString(initial, pt) 730 if err != nil { 731 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.initial.app_error", nil, err.Error(), http.StatusInternalServerError) 732 } 733 734 buf := new(bytes.Buffer) 735 736 if imgErr := png.Encode(buf, dstImg); imgErr != nil { 737 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.encode.app_error", nil, imgErr.Error(), http.StatusInternalServerError) 738 } else { 739 return buf.Bytes(), nil 740 } 741 } 742 743 func (a *App) GetProfileImage(user *model.User) ([]byte, bool, *model.AppError) { 744 var img []byte 745 readFailed := false 746 747 if len(*a.Config().FileSettings.DriverName) == 0 { 748 var err *model.AppError 749 if img, err = CreateProfileImage(user.Username, user.Id, a.Config().FileSettings.InitialFont); err != nil { 750 return nil, false, err 751 } 752 } else { 753 path := "users/" + user.Id + "/profile.png" 754 755 if data, err := a.ReadFile(path); err != nil { 756 readFailed = true 757 758 if img, err = CreateProfileImage(user.Username, user.Id, a.Config().FileSettings.InitialFont); err != nil { 759 return nil, false, err 760 } 761 762 if user.LastPictureUpdate == 0 { 763 if err := a.WriteFile(img, path); err != nil { 764 return nil, false, err 765 } 766 } 767 768 } else { 769 img = data 770 } 771 } 772 773 return img, readFailed, nil 774 } 775 776 func (a *App) SetProfileImage(userId string, imageData *multipart.FileHeader) *model.AppError { 777 file, err := imageData.Open() 778 if err != nil { 779 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.open.app_error", nil, err.Error(), http.StatusBadRequest) 780 } 781 defer file.Close() 782 return a.SetProfileImageFromFile(userId, file) 783 } 784 785 func (a *App) SetProfileImageFromFile(userId string, file multipart.File) *model.AppError { 786 // Decode image config first to check dimensions before loading the whole thing into memory later on 787 config, _, err := image.DecodeConfig(file) 788 if err != nil { 789 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.decode_config.app_error", nil, err.Error(), http.StatusBadRequest) 790 } else if config.Width*config.Height > model.MaxImageSize { 791 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.too_large.app_error", nil, err.Error(), http.StatusBadRequest) 792 } 793 794 file.Seek(0, 0) 795 796 // Decode image into Image object 797 img, _, err := image.Decode(file) 798 if err != nil { 799 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.decode.app_error", nil, err.Error(), http.StatusBadRequest) 800 } 801 802 file.Seek(0, 0) 803 804 orientation, _ := getImageOrientation(file) 805 img = makeImageUpright(img, orientation) 806 807 // Scale profile image 808 profileWidthAndHeight := 128 809 img = imaging.Fill(img, profileWidthAndHeight, profileWidthAndHeight, imaging.Center, imaging.Lanczos) 810 811 buf := new(bytes.Buffer) 812 err = png.Encode(buf, img) 813 if err != nil { 814 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.encode.app_error", nil, err.Error(), http.StatusInternalServerError) 815 } 816 817 path := "users/" + userId + "/profile.png" 818 819 if err := a.WriteFile(buf.Bytes(), path); err != nil { 820 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.upload_profile.app_error", nil, "", http.StatusInternalServerError) 821 } 822 823 <-a.Srv.Store.User().UpdateLastPictureUpdate(userId) 824 825 a.InvalidateCacheForUser(userId) 826 827 if user, err := a.GetUser(userId); err != nil { 828 l4g.Error(utils.T("api.user.get_me.getting.error"), userId) 829 } else { 830 options := a.Config().GetSanitizeOptions() 831 user.SanitizeProfile(options) 832 833 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil) 834 message.Add("user", user) 835 836 a.Publish(message) 837 } 838 839 return nil 840 } 841 842 func (a *App) UpdatePasswordAsUser(userId, currentPassword, newPassword string) *model.AppError { 843 var user *model.User 844 var err *model.AppError 845 846 if user, err = a.GetUser(userId); err != nil { 847 return err 848 } 849 850 if user == nil { 851 err = model.NewAppError("updatePassword", "api.user.update_password.valid_account.app_error", nil, "", http.StatusBadRequest) 852 return err 853 } 854 855 if user.AuthData != nil && *user.AuthData != "" { 856 err = model.NewAppError("updatePassword", "api.user.update_password.oauth.app_error", nil, "auth_service="+user.AuthService, http.StatusBadRequest) 857 return err 858 } 859 860 if err := a.doubleCheckPassword(user, currentPassword); err != nil { 861 if err.Id == "api.user.check_user_password.invalid.app_error" { 862 err = model.NewAppError("updatePassword", "api.user.update_password.incorrect.app_error", nil, "", http.StatusBadRequest) 863 } 864 return err 865 } 866 867 T := utils.GetUserTranslations(user.Locale) 868 869 return a.UpdatePasswordSendEmail(user, newPassword, T("api.user.update_password.menu")) 870 } 871 872 func (a *App) UpdateNonSSOUserActive(userId string, active bool) (*model.User, *model.AppError) { 873 var user *model.User 874 var err *model.AppError 875 if user, err = a.GetUser(userId); err != nil { 876 return nil, err 877 } 878 879 if user.IsSSOUser() { 880 err := model.NewAppError("UpdateActive", "api.user.update_active.no_deactivate_sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest) 881 err.StatusCode = http.StatusBadRequest 882 return nil, err 883 } 884 885 return a.UpdateActive(user, active) 886 } 887 888 func (a *App) UpdateActive(user *model.User, active bool) (*model.User, *model.AppError) { 889 if active { 890 user.DeleteAt = 0 891 } else { 892 user.DeleteAt = model.GetMillis() 893 } 894 895 if result := <-a.Srv.Store.User().Update(user, true); result.Err != nil { 896 return nil, result.Err 897 } else { 898 if user.DeleteAt > 0 { 899 if err := a.RevokeAllSessions(user.Id); err != nil { 900 return nil, err 901 } 902 } 903 904 if extra := <-a.Srv.Store.Channel().ExtraUpdateByUser(user.Id, model.GetMillis()); extra.Err != nil { 905 return nil, extra.Err 906 } 907 908 ruser := result.Data.([2]*model.User)[0] 909 options := a.Config().GetSanitizeOptions() 910 options["passwordupdate"] = false 911 ruser.Sanitize(options) 912 913 if !active { 914 a.SetStatusOffline(ruser.Id, false) 915 } 916 917 teamsForUser, err := a.GetTeamsForUser(user.Id) 918 if err != nil { 919 return nil, err 920 } 921 922 for _, team := range teamsForUser { 923 channelsForUser, err := a.GetChannelsForUser(team.Id, user.Id) 924 if err != nil { 925 return nil, err 926 } 927 928 for _, channel := range *channelsForUser { 929 a.InvalidateCacheForChannelMembers(channel.Id) 930 } 931 } 932 933 a.sendUpdatedUserEvent(*ruser) 934 935 return ruser, nil 936 } 937 } 938 939 func (a *App) SanitizeProfile(user *model.User, asAdmin bool) { 940 options := a.Config().GetSanitizeOptions() 941 if asAdmin { 942 options["email"] = true 943 options["fullname"] = true 944 options["authservice"] = true 945 } 946 user.SanitizeProfile(options) 947 } 948 949 func (a *App) UpdateUserAsUser(user *model.User, asAdmin bool) (*model.User, *model.AppError) { 950 updatedUser, err := a.UpdateUser(user, true) 951 if err != nil { 952 return nil, err 953 } 954 955 a.sendUpdatedUserEvent(*updatedUser) 956 957 return updatedUser, nil 958 } 959 960 func (a *App) PatchUser(userId string, patch *model.UserPatch, asAdmin bool) (*model.User, *model.AppError) { 961 user, err := a.GetUser(userId) 962 if err != nil { 963 return nil, err 964 } 965 966 user.Patch(patch) 967 968 updatedUser, err := a.UpdateUser(user, true) 969 if err != nil { 970 return nil, err 971 } 972 973 a.sendUpdatedUserEvent(*updatedUser) 974 975 return updatedUser, nil 976 } 977 978 func (a *App) UpdateUserAuth(userId string, userAuth *model.UserAuth) (*model.UserAuth, *model.AppError) { 979 if userAuth.AuthData == nil || *userAuth.AuthData == "" || userAuth.AuthService == "" { 980 userAuth.AuthData = nil 981 userAuth.AuthService = "" 982 983 if err := a.IsPasswordValid(userAuth.Password); err != nil { 984 return nil, err 985 } 986 password := model.HashPassword(userAuth.Password) 987 988 if result := <-a.Srv.Store.User().UpdatePassword(userId, password); result.Err != nil { 989 return nil, result.Err 990 } 991 } else { 992 userAuth.Password = "" 993 994 if result := <-a.Srv.Store.User().UpdateAuthData(userId, userAuth.AuthService, userAuth.AuthData, "", false); result.Err != nil { 995 return nil, result.Err 996 } 997 } 998 999 return userAuth, nil 1000 } 1001 1002 func (a *App) sendUpdatedUserEvent(user model.User) { 1003 a.SanitizeProfile(&user, false) 1004 1005 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil) 1006 message.Add("user", user) 1007 a.Go(func() { 1008 a.Publish(message) 1009 }) 1010 } 1011 1012 func (a *App) UpdateUser(user *model.User, sendNotifications bool) (*model.User, *model.AppError) { 1013 if !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) { 1014 result := <-a.Srv.Store.User().Get(user.Id) 1015 if result.Err != nil { 1016 return nil, result.Err 1017 } 1018 prev := result.Data.(*model.User) 1019 if !prev.IsLDAPUser() && !prev.IsSAMLUser() && user.Email != prev.Email { 1020 return nil, model.NewAppError("UpdateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest) 1021 } 1022 } 1023 1024 if result := <-a.Srv.Store.User().Update(user, false); result.Err != nil { 1025 return nil, result.Err 1026 } else { 1027 rusers := result.Data.([2]*model.User) 1028 1029 if sendNotifications { 1030 if rusers[0].Email != rusers[1].Email { 1031 a.Go(func() { 1032 if err := a.SendEmailChangeEmail(rusers[1].Email, rusers[0].Email, rusers[0].Locale, a.GetSiteURL()); err != nil { 1033 l4g.Error(err.Error()) 1034 } 1035 }) 1036 1037 if a.Config().EmailSettings.RequireEmailVerification { 1038 if err := a.SendEmailVerification(rusers[0]); err != nil { 1039 l4g.Error(err.Error()) 1040 } 1041 } 1042 } 1043 1044 if rusers[0].Username != rusers[1].Username { 1045 a.Go(func() { 1046 if err := a.SendChangeUsernameEmail(rusers[1].Username, rusers[0].Username, rusers[0].Email, rusers[0].Locale, a.GetSiteURL()); err != nil { 1047 l4g.Error(err.Error()) 1048 } 1049 }) 1050 } 1051 } 1052 1053 a.InvalidateCacheForUser(user.Id) 1054 1055 return rusers[0], nil 1056 } 1057 } 1058 1059 func (a *App) UpdateUserNotifyProps(userId string, props map[string]string) (*model.User, *model.AppError) { 1060 var user *model.User 1061 var err *model.AppError 1062 if user, err = a.GetUser(userId); err != nil { 1063 return nil, err 1064 } 1065 1066 user.NotifyProps = props 1067 1068 var ruser *model.User 1069 if ruser, err = a.UpdateUser(user, true); err != nil { 1070 return nil, err 1071 } 1072 1073 return ruser, nil 1074 } 1075 1076 func (a *App) UpdateMfa(activate bool, userId, token string) *model.AppError { 1077 if activate { 1078 if err := a.ActivateMfa(userId, token); err != nil { 1079 return err 1080 } 1081 } else { 1082 if err := a.DeactivateMfa(userId); err != nil { 1083 return err 1084 } 1085 } 1086 1087 a.Go(func() { 1088 var user *model.User 1089 var err *model.AppError 1090 1091 if user, err = a.GetUser(userId); err != nil { 1092 l4g.Error(err.Error()) 1093 return 1094 } 1095 1096 if err := a.SendMfaChangeEmail(user.Email, activate, user.Locale, a.GetSiteURL()); err != nil { 1097 l4g.Error(err.Error()) 1098 } 1099 }) 1100 1101 return nil 1102 } 1103 1104 func (a *App) UpdatePasswordByUserIdSendEmail(userId, newPassword, method string) *model.AppError { 1105 var user *model.User 1106 var err *model.AppError 1107 if user, err = a.GetUser(userId); err != nil { 1108 return err 1109 } 1110 1111 return a.UpdatePasswordSendEmail(user, newPassword, method) 1112 } 1113 1114 func (a *App) UpdatePassword(user *model.User, newPassword string) *model.AppError { 1115 if err := a.IsPasswordValid(newPassword); err != nil { 1116 return err 1117 } 1118 1119 hashedPassword := model.HashPassword(newPassword) 1120 1121 if result := <-a.Srv.Store.User().UpdatePassword(user.Id, hashedPassword); result.Err != nil { 1122 return model.NewAppError("UpdatePassword", "api.user.update_password.failed.app_error", nil, result.Err.Error(), http.StatusInternalServerError) 1123 } 1124 1125 return nil 1126 } 1127 1128 func (a *App) UpdatePasswordSendEmail(user *model.User, newPassword, method string) *model.AppError { 1129 if err := a.UpdatePassword(user, newPassword); err != nil { 1130 return err 1131 } 1132 1133 a.Go(func() { 1134 if err := a.SendPasswordChangeEmail(user.Email, method, user.Locale, a.GetSiteURL()); err != nil { 1135 l4g.Error(err.Error()) 1136 } 1137 }) 1138 1139 return nil 1140 } 1141 1142 func (a *App) ResetPasswordFromToken(userSuppliedTokenString, newPassword string) *model.AppError { 1143 var token *model.Token 1144 var err *model.AppError 1145 if token, err = a.GetPasswordRecoveryToken(userSuppliedTokenString); err != nil { 1146 return err 1147 } else { 1148 if model.GetMillis()-token.CreateAt >= PASSWORD_RECOVER_EXPIRY_TIME { 1149 return model.NewAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "", http.StatusBadRequest) 1150 } 1151 } 1152 1153 var user *model.User 1154 if user, err = a.GetUser(token.Extra); err != nil { 1155 return err 1156 } 1157 1158 if user.IsSSOUser() { 1159 return model.NewAppError("ResetPasswordFromCode", "api.user.reset_password.sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest) 1160 } 1161 1162 T := utils.GetUserTranslations(user.Locale) 1163 1164 if err := a.UpdatePasswordSendEmail(user, newPassword, T("api.user.reset_password.method")); err != nil { 1165 return err 1166 } 1167 1168 if err := a.DeleteToken(token); err != nil { 1169 l4g.Error(err.Error()) 1170 } 1171 1172 return nil 1173 } 1174 1175 func (a *App) SendPasswordReset(email string, siteURL string) (bool, *model.AppError) { 1176 var user *model.User 1177 var err *model.AppError 1178 if user, err = a.GetUserByEmail(email); err != nil { 1179 return false, nil 1180 } 1181 1182 if user.AuthData != nil && len(*user.AuthData) != 0 { 1183 return false, model.NewAppError("SendPasswordReset", "api.user.send_password_reset.sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest) 1184 } 1185 1186 var token *model.Token 1187 if token, err = a.CreatePasswordRecoveryToken(user.Id); err != nil { 1188 return false, err 1189 } 1190 1191 if _, err := a.SendPasswordResetEmail(user.Email, token, user.Locale, siteURL); err != nil { 1192 return false, model.NewAppError("SendPasswordReset", "api.user.send_password_reset.send.app_error", nil, "err="+err.Message, http.StatusInternalServerError) 1193 } 1194 1195 return true, nil 1196 } 1197 1198 func (a *App) CreatePasswordRecoveryToken(userId string) (*model.Token, *model.AppError) { 1199 token := model.NewToken(TOKEN_TYPE_PASSWORD_RECOVERY, userId) 1200 1201 if result := <-a.Srv.Store.Token().Save(token); result.Err != nil { 1202 return nil, result.Err 1203 } 1204 1205 return token, nil 1206 } 1207 1208 func (a *App) GetPasswordRecoveryToken(token string) (*model.Token, *model.AppError) { 1209 if result := <-a.Srv.Store.Token().GetByToken(token); result.Err != nil { 1210 return nil, model.NewAppError("GetPasswordRecoveryToken", "api.user.reset_password.invalid_link.app_error", nil, result.Err.Error(), http.StatusBadRequest) 1211 } else { 1212 token := result.Data.(*model.Token) 1213 if token.Type != TOKEN_TYPE_PASSWORD_RECOVERY { 1214 return nil, model.NewAppError("GetPasswordRecoveryToken", "api.user.reset_password.broken_token.app_error", nil, "", http.StatusBadRequest) 1215 } 1216 return token, nil 1217 } 1218 } 1219 1220 func (a *App) DeleteToken(token *model.Token) *model.AppError { 1221 if result := <-a.Srv.Store.Token().Delete(token.Token); result.Err != nil { 1222 return result.Err 1223 } 1224 1225 return nil 1226 } 1227 1228 func (a *App) UpdateUserRoles(userId string, newRoles string, sendWebSocketEvent bool) (*model.User, *model.AppError) { 1229 var user *model.User 1230 var err *model.AppError 1231 if user, err = a.GetUser(userId); err != nil { 1232 err.StatusCode = http.StatusBadRequest 1233 return nil, err 1234 } 1235 1236 user.Roles = newRoles 1237 uchan := a.Srv.Store.User().Update(user, true) 1238 schan := a.Srv.Store.Session().UpdateRoles(user.Id, newRoles) 1239 1240 var ruser *model.User 1241 if result := <-uchan; result.Err != nil { 1242 return nil, result.Err 1243 } else { 1244 ruser = result.Data.([2]*model.User)[0] 1245 } 1246 1247 if result := <-schan; result.Err != nil { 1248 // soft error since the user roles were still updated 1249 l4g.Error(result.Err) 1250 } 1251 1252 a.ClearSessionCacheForUser(user.Id) 1253 1254 if sendWebSocketEvent { 1255 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_ROLE_UPDATED, "", "", user.Id, nil) 1256 message.Add("user_id", user.Id) 1257 message.Add("roles", newRoles) 1258 a.Publish(message) 1259 } 1260 1261 return ruser, nil 1262 } 1263 1264 func (a *App) PermanentDeleteUser(user *model.User) *model.AppError { 1265 l4g.Warn(utils.T("api.user.permanent_delete_user.attempting.warn"), user.Email, user.Id) 1266 if user.IsInRole(model.SYSTEM_ADMIN_ROLE_ID) { 1267 l4g.Warn(utils.T("api.user.permanent_delete_user.system_admin.warn"), user.Email) 1268 } 1269 1270 if _, err := a.UpdateActive(user, false); err != nil { 1271 return err 1272 } 1273 1274 if result := <-a.Srv.Store.Session().PermanentDeleteSessionsByUser(user.Id); result.Err != nil { 1275 return result.Err 1276 } 1277 1278 if result := <-a.Srv.Store.UserAccessToken().DeleteAllForUser(user.Id); result.Err != nil { 1279 return result.Err 1280 } 1281 1282 if result := <-a.Srv.Store.OAuth().PermanentDeleteAuthDataByUser(user.Id); result.Err != nil { 1283 return result.Err 1284 } 1285 1286 if result := <-a.Srv.Store.Webhook().PermanentDeleteIncomingByUser(user.Id); result.Err != nil { 1287 return result.Err 1288 } 1289 1290 if result := <-a.Srv.Store.Webhook().PermanentDeleteOutgoingByUser(user.Id); result.Err != nil { 1291 return result.Err 1292 } 1293 1294 if result := <-a.Srv.Store.Command().PermanentDeleteByUser(user.Id); result.Err != nil { 1295 return result.Err 1296 } 1297 1298 if result := <-a.Srv.Store.Preference().PermanentDeleteByUser(user.Id); result.Err != nil { 1299 return result.Err 1300 } 1301 1302 if result := <-a.Srv.Store.Channel().PermanentDeleteMembersByUser(user.Id); result.Err != nil { 1303 return result.Err 1304 } 1305 1306 if result := <-a.Srv.Store.Post().PermanentDeleteByUser(user.Id); result.Err != nil { 1307 return result.Err 1308 } 1309 1310 if result := <-a.Srv.Store.User().PermanentDelete(user.Id); result.Err != nil { 1311 return result.Err 1312 } 1313 1314 if result := <-a.Srv.Store.Audit().PermanentDeleteByUser(user.Id); result.Err != nil { 1315 return result.Err 1316 } 1317 1318 if result := <-a.Srv.Store.Team().RemoveAllMembersByUser(user.Id); result.Err != nil { 1319 return result.Err 1320 } 1321 1322 l4g.Warn(utils.T("api.user.permanent_delete_user.deleted.warn"), user.Email, user.Id) 1323 1324 return nil 1325 } 1326 1327 func (a *App) PermanentDeleteAllUsers() *model.AppError { 1328 if result := <-a.Srv.Store.User().GetAll(); result.Err != nil { 1329 return result.Err 1330 } else { 1331 users := result.Data.([]*model.User) 1332 for _, user := range users { 1333 a.PermanentDeleteUser(user) 1334 } 1335 } 1336 1337 return nil 1338 } 1339 1340 func (a *App) SendEmailVerification(user *model.User) *model.AppError { 1341 token, err := a.CreateVerifyEmailToken(user.Id) 1342 if err != nil { 1343 return err 1344 } 1345 1346 if _, err := a.GetStatus(user.Id); err != nil { 1347 return a.SendVerifyEmail(user.Email, user.Locale, a.GetSiteURL(), token.Token) 1348 } else { 1349 return a.SendEmailChangeVerifyEmail(user.Email, user.Locale, a.GetSiteURL(), token.Token) 1350 } 1351 } 1352 1353 func (a *App) VerifyEmailFromToken(userSuppliedTokenString string) *model.AppError { 1354 var token *model.Token 1355 var err *model.AppError 1356 if token, err = a.GetVerifyEmailToken(userSuppliedTokenString); err != nil { 1357 return err 1358 } else { 1359 if model.GetMillis()-token.CreateAt >= PASSWORD_RECOVER_EXPIRY_TIME { 1360 return model.NewAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "", http.StatusBadRequest) 1361 } 1362 if err := a.VerifyUserEmail(token.Extra); err != nil { 1363 return err 1364 } 1365 if err := a.DeleteToken(token); err != nil { 1366 l4g.Error(err.Error()) 1367 } 1368 } 1369 1370 return nil 1371 } 1372 1373 func (a *App) CreateVerifyEmailToken(userId string) (*model.Token, *model.AppError) { 1374 token := model.NewToken(TOKEN_TYPE_VERIFY_EMAIL, userId) 1375 1376 if result := <-a.Srv.Store.Token().Save(token); result.Err != nil { 1377 return nil, result.Err 1378 } 1379 1380 return token, nil 1381 } 1382 1383 func (a *App) GetVerifyEmailToken(token string) (*model.Token, *model.AppError) { 1384 if result := <-a.Srv.Store.Token().GetByToken(token); result.Err != nil { 1385 return nil, model.NewAppError("GetVerifyEmailToken", "api.user.verify_email.bad_link.app_error", nil, result.Err.Error(), http.StatusBadRequest) 1386 } else { 1387 token := result.Data.(*model.Token) 1388 if token.Type != TOKEN_TYPE_VERIFY_EMAIL { 1389 return nil, model.NewAppError("GetVerifyEmailToken", "api.user.verify_email.broken_token.app_error", nil, "", http.StatusBadRequest) 1390 } 1391 return token, nil 1392 } 1393 } 1394 1395 func (a *App) VerifyUserEmail(userId string) *model.AppError { 1396 return (<-a.Srv.Store.User().VerifyEmail(userId)).Err 1397 } 1398 1399 func (a *App) SearchUsers(props *model.UserSearch, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1400 if props.WithoutTeam { 1401 return a.SearchUsersWithoutTeam(props.Term, searchOptions, asAdmin) 1402 } else if props.InChannelId != "" { 1403 return a.SearchUsersInChannel(props.InChannelId, props.Term, searchOptions, asAdmin) 1404 } else if props.NotInChannelId != "" { 1405 return a.SearchUsersNotInChannel(props.TeamId, props.NotInChannelId, props.Term, searchOptions, asAdmin) 1406 } else if props.NotInTeamId != "" { 1407 return a.SearchUsersNotInTeam(props.NotInTeamId, props.Term, searchOptions, asAdmin) 1408 } else { 1409 return a.SearchUsersInTeam(props.TeamId, props.Term, searchOptions, asAdmin) 1410 } 1411 } 1412 1413 func (a *App) SearchUsersInChannel(channelId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1414 if result := <-a.Srv.Store.User().SearchInChannel(channelId, term, searchOptions); result.Err != nil { 1415 return nil, result.Err 1416 } else { 1417 users := result.Data.([]*model.User) 1418 1419 for _, user := range users { 1420 a.SanitizeProfile(user, asAdmin) 1421 } 1422 1423 return users, nil 1424 } 1425 } 1426 1427 func (a *App) SearchUsersNotInChannel(teamId string, channelId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1428 if result := <-a.Srv.Store.User().SearchNotInChannel(teamId, channelId, term, searchOptions); result.Err != nil { 1429 return nil, result.Err 1430 } else { 1431 users := result.Data.([]*model.User) 1432 1433 for _, user := range users { 1434 a.SanitizeProfile(user, asAdmin) 1435 } 1436 1437 return users, nil 1438 } 1439 } 1440 1441 func (a *App) SearchUsersInTeam(teamId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1442 if result := <-a.Srv.Store.User().Search(teamId, term, searchOptions); result.Err != nil { 1443 return nil, result.Err 1444 } else { 1445 users := result.Data.([]*model.User) 1446 1447 for _, user := range users { 1448 a.SanitizeProfile(user, asAdmin) 1449 } 1450 1451 return users, nil 1452 } 1453 } 1454 1455 func (a *App) SearchUsersNotInTeam(notInTeamId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1456 if result := <-a.Srv.Store.User().SearchNotInTeam(notInTeamId, term, searchOptions); result.Err != nil { 1457 return nil, result.Err 1458 } else { 1459 users := result.Data.([]*model.User) 1460 1461 for _, user := range users { 1462 a.SanitizeProfile(user, asAdmin) 1463 } 1464 1465 return users, nil 1466 } 1467 } 1468 1469 func (a *App) SearchUsersWithoutTeam(term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1470 if result := <-a.Srv.Store.User().SearchWithoutTeam(term, searchOptions); result.Err != nil { 1471 return nil, result.Err 1472 } else { 1473 users := result.Data.([]*model.User) 1474 1475 for _, user := range users { 1476 a.SanitizeProfile(user, asAdmin) 1477 } 1478 1479 return users, nil 1480 } 1481 } 1482 1483 func (a *App) AutocompleteUsersInChannel(teamId string, channelId string, term string, searchOptions map[string]bool, asAdmin bool) (*model.UserAutocompleteInChannel, *model.AppError) { 1484 uchan := a.Srv.Store.User().SearchInChannel(channelId, term, searchOptions) 1485 nuchan := a.Srv.Store.User().SearchNotInChannel(teamId, channelId, term, searchOptions) 1486 1487 autocomplete := &model.UserAutocompleteInChannel{} 1488 1489 if result := <-uchan; result.Err != nil { 1490 return nil, result.Err 1491 } else { 1492 users := result.Data.([]*model.User) 1493 1494 for _, user := range users { 1495 a.SanitizeProfile(user, asAdmin) 1496 } 1497 1498 autocomplete.InChannel = users 1499 } 1500 1501 if result := <-nuchan; result.Err != nil { 1502 return nil, result.Err 1503 } else { 1504 users := result.Data.([]*model.User) 1505 1506 for _, user := range users { 1507 a.SanitizeProfile(user, asAdmin) 1508 } 1509 1510 autocomplete.OutOfChannel = users 1511 } 1512 1513 return autocomplete, nil 1514 } 1515 1516 func (a *App) AutocompleteUsersInTeam(teamId string, term string, searchOptions map[string]bool, asAdmin bool) (*model.UserAutocompleteInTeam, *model.AppError) { 1517 autocomplete := &model.UserAutocompleteInTeam{} 1518 1519 if result := <-a.Srv.Store.User().Search(teamId, term, searchOptions); result.Err != nil { 1520 return nil, result.Err 1521 } else { 1522 users := result.Data.([]*model.User) 1523 1524 for _, user := range users { 1525 a.SanitizeProfile(user, asAdmin) 1526 } 1527 1528 autocomplete.InTeam = users 1529 } 1530 1531 return autocomplete, nil 1532 } 1533 1534 func (a *App) UpdateOAuthUserAttrs(userData io.Reader, user *model.User, provider einterfaces.OauthProvider, service string) *model.AppError { 1535 oauthUser := provider.GetUserFromJson(userData) 1536 1537 if oauthUser == nil { 1538 return model.NewAppError("UpdateOAuthUserAttrs", "api.user.update_oauth_user_attrs.get_user.app_error", map[string]interface{}{"Service": service}, "", http.StatusBadRequest) 1539 } 1540 1541 userAttrsChanged := false 1542 1543 if oauthUser.Username != user.Username { 1544 if existingUser, _ := a.GetUserByUsername(oauthUser.Username); existingUser == nil { 1545 user.Username = oauthUser.Username 1546 userAttrsChanged = true 1547 } 1548 } 1549 1550 if oauthUser.GetFullName() != user.GetFullName() { 1551 user.FirstName = oauthUser.FirstName 1552 user.LastName = oauthUser.LastName 1553 userAttrsChanged = true 1554 } 1555 1556 if oauthUser.Email != user.Email { 1557 if existingUser, _ := a.GetUserByEmail(oauthUser.Email); existingUser == nil { 1558 user.Email = oauthUser.Email 1559 userAttrsChanged = true 1560 } 1561 } 1562 1563 if user.DeleteAt > 0 { 1564 // Make sure they are not disabled 1565 user.DeleteAt = 0 1566 userAttrsChanged = true 1567 } 1568 1569 if userAttrsChanged { 1570 var result store.StoreResult 1571 if result = <-a.Srv.Store.User().Update(user, true); result.Err != nil { 1572 return result.Err 1573 } 1574 1575 user = result.Data.([2]*model.User)[0] 1576 a.InvalidateCacheForUser(user.Id) 1577 } 1578 1579 return nil 1580 }