github.com/gigforks/mattermost-server@v4.9.1-0.20180619094218-800d97fa55d0+incompatible/app/ldap.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "fmt" 8 "net/http" 9 10 "github.com/mattermost/mattermost-server/mlog" 11 "github.com/mattermost/mattermost-server/model" 12 "github.com/mattermost/mattermost-server/utils" 13 ) 14 15 func (a *App) SyncLdap() { 16 a.Go(func() { 17 18 if license := a.License(); license != nil && *license.Features.LDAP && *a.Config().LdapSettings.EnableSync { 19 if ldapI := a.Ldap; ldapI != nil { 20 ldapI.StartSynchronizeJob(false) 21 } else { 22 mlog.Error(fmt.Sprintf("%v", model.NewAppError("SyncLdap", "ent.ldap.disabled.app_error", nil, "", http.StatusNotImplemented).Error())) 23 } 24 } 25 }) 26 } 27 28 func (a *App) TestLdap() *model.AppError { 29 license := a.License() 30 if ldapI := a.Ldap; ldapI != nil && license != nil && *license.Features.LDAP && (*a.Config().LdapSettings.Enable || *a.Config().LdapSettings.EnableSync) { 31 if err := ldapI.RunTest(); err != nil { 32 err.StatusCode = 500 33 return err 34 } 35 } else { 36 err := model.NewAppError("TestLdap", "ent.ldap.disabled.app_error", nil, "", http.StatusNotImplemented) 37 return err 38 } 39 40 return nil 41 } 42 43 func (a *App) SwitchEmailToLdap(email, password, code, ldapLoginId, ldapPassword string) (string, *model.AppError) { 44 if a.License() != nil && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer { 45 return "", model.NewAppError("emailToLdap", "api.user.email_to_ldap.not_available.app_error", nil, "", http.StatusForbidden) 46 } 47 48 user, err := a.GetUserByEmail(email) 49 if err != nil { 50 return "", err 51 } 52 53 if err := a.CheckPasswordAndAllCriteria(user, password, code); err != nil { 54 return "", err 55 } 56 57 if err := a.RevokeAllSessions(user.Id); err != nil { 58 return "", err 59 } 60 61 ldapInterface := a.Ldap 62 if ldapInterface == nil { 63 return "", model.NewAppError("SwitchEmailToLdap", "api.user.email_to_ldap.not_available.app_error", nil, "", http.StatusNotImplemented) 64 } 65 66 if err := ldapInterface.SwitchToLdap(user.Id, ldapLoginId, ldapPassword); err != nil { 67 return "", err 68 } 69 70 a.Go(func() { 71 if err := a.SendSignInChangeEmail(user.Email, "AD/LDAP", user.Locale, a.GetSiteURL()); err != nil { 72 mlog.Error(err.Error()) 73 } 74 }) 75 76 return "/login?extra=signin_change", nil 77 } 78 79 func (a *App) SwitchLdapToEmail(ldapPassword, code, email, newPassword string) (string, *model.AppError) { 80 if a.License() != nil && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer { 81 return "", model.NewAppError("ldapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "", http.StatusForbidden) 82 } 83 84 user, err := a.GetUserByEmail(email) 85 if err != nil { 86 return "", err 87 } 88 89 if user.AuthService != model.USER_AUTH_SERVICE_LDAP { 90 return "", model.NewAppError("SwitchLdapToEmail", "api.user.ldap_to_email.not_ldap_account.app_error", nil, "", http.StatusBadRequest) 91 } 92 93 ldapInterface := a.Ldap 94 if ldapInterface == nil || user.AuthData == nil { 95 return "", model.NewAppError("SwitchLdapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "", http.StatusNotImplemented) 96 } 97 98 if err := ldapInterface.CheckPasswordAuthData(*user.AuthData, ldapPassword); err != nil { 99 return "", err 100 } 101 102 if err := a.CheckUserMfa(user, code); err != nil { 103 return "", err 104 } 105 106 if err := a.UpdatePassword(user, newPassword); err != nil { 107 return "", err 108 } 109 110 if err := a.RevokeAllSessions(user.Id); err != nil { 111 return "", err 112 } 113 114 T := utils.GetUserTranslations(user.Locale) 115 116 a.Go(func() { 117 if err := a.SendSignInChangeEmail(user.Email, T("api.templates.signin_change_email.body.method_email"), user.Locale, a.GetSiteURL()); err != nil { 118 mlog.Error(err.Error()) 119 } 120 }) 121 122 return "/login?extra=signin_change", nil 123 }