github.com/jlevesy/mattermost-server@v5.3.2-0.20181003190404-7468f35cb0c8+incompatible/app/user.go (about) 1 // Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "bytes" 8 b64 "encoding/base64" 9 "fmt" 10 "hash/fnv" 11 "image" 12 "image/color" 13 "image/draw" 14 _ "image/gif" 15 _ "image/jpeg" 16 "image/png" 17 "io" 18 "io/ioutil" 19 "mime/multipart" 20 "net/http" 21 "path/filepath" 22 "strconv" 23 "strings" 24 25 "github.com/disintegration/imaging" 26 "github.com/golang/freetype" 27 "github.com/golang/freetype/truetype" 28 "github.com/mattermost/mattermost-server/einterfaces" 29 "github.com/mattermost/mattermost-server/mlog" 30 "github.com/mattermost/mattermost-server/model" 31 "github.com/mattermost/mattermost-server/store" 32 "github.com/mattermost/mattermost-server/utils" 33 ) 34 35 const ( 36 TOKEN_TYPE_PASSWORD_RECOVERY = "password_recovery" 37 TOKEN_TYPE_VERIFY_EMAIL = "verify_email" 38 TOKEN_TYPE_TEAM_INVITATION = "team_invitation" 39 PASSWORD_RECOVER_EXPIRY_TIME = 1000 * 60 * 60 // 1 hour 40 TEAM_INVITATION_EXPIRY_TIME = 1000 * 60 * 60 * 48 // 48 hours 41 IMAGE_PROFILE_PIXEL_DIMENSION = 128 42 ) 43 44 func (a *App) CreateUserWithToken(user *model.User, tokenId string) (*model.User, *model.AppError) { 45 if err := a.IsUserSignUpAllowed(); err != nil { 46 return nil, err 47 } 48 49 result := <-a.Srv.Store.Token().GetByToken(tokenId) 50 if result.Err != nil { 51 return nil, model.NewAppError("CreateUserWithToken", "api.user.create_user.signup_link_invalid.app_error", nil, result.Err.Error(), http.StatusBadRequest) 52 } 53 54 token := result.Data.(*model.Token) 55 if token.Type != TOKEN_TYPE_TEAM_INVITATION { 56 return nil, model.NewAppError("CreateUserWithToken", "api.user.create_user.signup_link_invalid.app_error", nil, "", http.StatusBadRequest) 57 } 58 59 if model.GetMillis()-token.CreateAt >= TEAM_INVITATION_EXPIRY_TIME { 60 a.DeleteToken(token) 61 return nil, model.NewAppError("CreateUserWithToken", "api.user.create_user.signup_link_expired.app_error", nil, "", http.StatusBadRequest) 62 } 63 64 tokenData := model.MapFromJson(strings.NewReader(token.Extra)) 65 66 var team *model.Team 67 if result := <-a.Srv.Store.Team().Get(tokenData["teamId"]); result.Err != nil { 68 return nil, result.Err 69 } else { 70 team = result.Data.(*model.Team) 71 } 72 73 user.Email = tokenData["email"] 74 user.EmailVerified = true 75 76 var ruser *model.User 77 var err *model.AppError 78 if ruser, err = a.CreateUser(user); err != nil { 79 return nil, err 80 } 81 82 if err := a.JoinUserToTeam(team, ruser, ""); err != nil { 83 return nil, err 84 } 85 86 a.AddDirectChannels(team.Id, ruser) 87 88 if err := a.DeleteToken(token); err != nil { 89 return nil, err 90 } 91 92 return ruser, nil 93 } 94 95 func (a *App) CreateUserWithInviteId(user *model.User, inviteId string) (*model.User, *model.AppError) { 96 if err := a.IsUserSignUpAllowed(); err != nil { 97 return nil, err 98 } 99 100 var team *model.Team 101 if result := <-a.Srv.Store.Team().GetByInviteId(inviteId); result.Err != nil { 102 return nil, result.Err 103 } else { 104 team = result.Data.(*model.Team) 105 } 106 107 user.EmailVerified = false 108 109 var ruser *model.User 110 var err *model.AppError 111 if ruser, err = a.CreateUser(user); err != nil { 112 return nil, err 113 } 114 115 if err := a.JoinUserToTeam(team, ruser, ""); err != nil { 116 return nil, err 117 } 118 119 a.AddDirectChannels(team.Id, ruser) 120 121 if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, a.GetSiteURL()); err != nil { 122 mlog.Error(err.Error()) 123 } 124 125 return ruser, nil 126 } 127 128 func (a *App) CreateUserAsAdmin(user *model.User) (*model.User, *model.AppError) { 129 ruser, err := a.CreateUser(user) 130 if err != nil { 131 return nil, err 132 } 133 134 if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, a.GetSiteURL()); err != nil { 135 mlog.Error(err.Error()) 136 } 137 138 return ruser, nil 139 } 140 141 func (a *App) CreateUserFromSignup(user *model.User) (*model.User, *model.AppError) { 142 if err := a.IsUserSignUpAllowed(); err != nil { 143 return nil, err 144 } 145 146 if !a.IsFirstUserAccount() && !*a.Config().TeamSettings.EnableOpenServer { 147 err := model.NewAppError("CreateUserFromSignup", "api.user.create_user.no_open_server", nil, "email="+user.Email, http.StatusForbidden) 148 return nil, err 149 } 150 151 user.EmailVerified = false 152 153 ruser, err := a.CreateUser(user) 154 if err != nil { 155 return nil, err 156 } 157 158 if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, a.GetSiteURL()); err != nil { 159 mlog.Error(err.Error()) 160 } 161 162 return ruser, nil 163 } 164 165 func (a *App) IsUserSignUpAllowed() *model.AppError { 166 if !a.Config().EmailSettings.EnableSignUpWithEmail || !*a.Config().TeamSettings.EnableUserCreation { 167 err := model.NewAppError("IsUserSignUpAllowed", "api.user.create_user.signup_email_disabled.app_error", nil, "", http.StatusNotImplemented) 168 return err 169 } 170 return nil 171 } 172 173 func (a *App) IsFirstUserAccount() bool { 174 if a.SessionCacheLength() == 0 { 175 if cr := <-a.Srv.Store.User().GetTotalUsersCount(); cr.Err != nil { 176 mlog.Error(fmt.Sprint(cr.Err)) 177 return false 178 } else { 179 count := cr.Data.(int64) 180 if count <= 0 { 181 return true 182 } 183 } 184 } 185 186 return false 187 } 188 189 func (a *App) CreateUser(user *model.User) (*model.User, *model.AppError) { 190 if !user.IsLDAPUser() && !user.IsSAMLUser() && !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) { 191 return nil, model.NewAppError("CreateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest) 192 } 193 194 user.Roles = model.SYSTEM_USER_ROLE_ID 195 196 // Below is a special case where the first user in the entire 197 // system is granted the system_admin role 198 if result := <-a.Srv.Store.User().GetTotalUsersCount(); result.Err != nil { 199 return nil, result.Err 200 } else { 201 count := result.Data.(int64) 202 if count <= 0 { 203 user.Roles = model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID 204 } 205 } 206 207 if _, ok := utils.GetSupportedLocales()[user.Locale]; !ok { 208 user.Locale = *a.Config().LocalizationSettings.DefaultClientLocale 209 } 210 211 if ruser, err := a.createUser(user); err != nil { 212 return nil, err 213 } else { 214 // This message goes to everyone, so the teamId, channelId and userId are irrelevant 215 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_NEW_USER, "", "", "", nil) 216 message.Add("user_id", ruser.Id) 217 a.Publish(message) 218 219 return ruser, nil 220 } 221 } 222 223 func (a *App) createUser(user *model.User) (*model.User, *model.AppError) { 224 user.MakeNonNil() 225 226 if err := a.IsPasswordValid(user.Password); user.AuthService == "" && err != nil { 227 return nil, err 228 } 229 230 if result := <-a.Srv.Store.User().Save(user); result.Err != nil { 231 mlog.Error(fmt.Sprintf("Couldn't save the user err=%v", result.Err)) 232 return nil, result.Err 233 } else { 234 ruser := result.Data.(*model.User) 235 236 if user.EmailVerified { 237 if err := a.VerifyUserEmail(ruser.Id); err != nil { 238 mlog.Error(fmt.Sprintf("Failed to set email verified err=%v", err)) 239 } 240 } 241 242 pref := model.Preference{UserId: ruser.Id, Category: model.PREFERENCE_CATEGORY_TUTORIAL_STEPS, Name: ruser.Id, Value: "0"} 243 if presult := <-a.Srv.Store.Preference().Save(&model.Preferences{pref}); presult.Err != nil { 244 mlog.Error(fmt.Sprintf("Encountered error saving tutorial preference, err=%v", presult.Err.Message)) 245 } 246 247 ruser.Sanitize(map[string]bool{}) 248 return ruser, nil 249 } 250 } 251 252 func (a *App) CreateOAuthUser(service string, userData io.Reader, teamId string) (*model.User, *model.AppError) { 253 if !*a.Config().TeamSettings.EnableUserCreation { 254 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_user.disabled.app_error", nil, "", http.StatusNotImplemented) 255 } 256 257 var user *model.User 258 provider := einterfaces.GetOauthProvider(service) 259 if provider == nil { 260 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.not_available.app_error", map[string]interface{}{"Service": strings.Title(service)}, "", http.StatusNotImplemented) 261 } else { 262 user = provider.GetUserFromJson(userData) 263 } 264 265 if user == nil { 266 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.create.app_error", map[string]interface{}{"Service": service}, "", http.StatusInternalServerError) 267 } 268 269 suchan := a.Srv.Store.User().GetByAuth(user.AuthData, service) 270 euchan := a.Srv.Store.User().GetByEmail(user.Email) 271 272 found := true 273 count := 0 274 for found { 275 if found = a.IsUsernameTaken(user.Username); found { 276 user.Username = user.Username + strconv.Itoa(count) 277 count += 1 278 } 279 } 280 281 if result := <-suchan; result.Err == nil { 282 return result.Data.(*model.User), nil 283 } 284 285 if result := <-euchan; result.Err == nil { 286 authService := result.Data.(*model.User).AuthService 287 if authService == "" { 288 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.already_attached.app_error", map[string]interface{}{"Service": service, "Auth": model.USER_AUTH_SERVICE_EMAIL}, "email="+user.Email, http.StatusBadRequest) 289 } else { 290 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.already_attached.app_error", map[string]interface{}{"Service": service, "Auth": authService}, "email="+user.Email, http.StatusBadRequest) 291 } 292 } 293 294 user.EmailVerified = true 295 296 ruser, err := a.CreateUser(user) 297 if err != nil { 298 return nil, err 299 } 300 301 if len(teamId) > 0 { 302 err = a.AddUserToTeamByTeamId(teamId, user) 303 if err != nil { 304 return nil, err 305 } 306 307 err = a.AddDirectChannels(teamId, user) 308 if err != nil { 309 mlog.Error(err.Error()) 310 } 311 } 312 313 return ruser, nil 314 } 315 316 // Check that a user's email domain matches a list of space-delimited domains as a string. 317 func CheckUserDomain(user *model.User, domains string) bool { 318 if len(domains) == 0 { 319 return true 320 } 321 322 domainArray := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(domains, "@", " ", -1), ",", " ", -1)))) 323 324 for _, d := range domainArray { 325 if strings.HasSuffix(strings.ToLower(user.Email), "@"+d) { 326 return true 327 } 328 } 329 330 return false 331 } 332 333 // Check if the username is already used by another user. Return false if the username is invalid. 334 func (a *App) IsUsernameTaken(name string) bool { 335 336 if !model.IsValidUsername(name) { 337 return false 338 } 339 340 if result := <-a.Srv.Store.User().GetByUsername(name); result.Err != nil { 341 return false 342 } 343 344 return true 345 } 346 347 func (a *App) GetUser(userId string) (*model.User, *model.AppError) { 348 if result := <-a.Srv.Store.User().Get(userId); result.Err != nil { 349 return nil, result.Err 350 } else { 351 return result.Data.(*model.User), nil 352 } 353 } 354 355 func (a *App) GetUserByUsername(username string) (*model.User, *model.AppError) { 356 if result := <-a.Srv.Store.User().GetByUsername(username); result.Err != nil && result.Err.Id == "store.sql_user.get_by_username.app_error" { 357 result.Err.StatusCode = http.StatusNotFound 358 return nil, result.Err 359 } else { 360 return result.Data.(*model.User), nil 361 } 362 } 363 364 func (a *App) GetUserByEmail(email string) (*model.User, *model.AppError) { 365 366 if result := <-a.Srv.Store.User().GetByEmail(email); result.Err != nil && result.Err.Id == "store.sql_user.missing_account.const" { 367 result.Err.StatusCode = http.StatusNotFound 368 return nil, result.Err 369 } else if result.Err != nil { 370 result.Err.StatusCode = http.StatusBadRequest 371 return nil, result.Err 372 } else { 373 return result.Data.(*model.User), nil 374 } 375 } 376 377 func (a *App) GetUserByAuth(authData *string, authService string) (*model.User, *model.AppError) { 378 if result := <-a.Srv.Store.User().GetByAuth(authData, authService); result.Err != nil { 379 return nil, result.Err 380 } else { 381 return result.Data.(*model.User), nil 382 } 383 } 384 385 func (a *App) GetUsers(offset int, limit int) ([]*model.User, *model.AppError) { 386 if result := <-a.Srv.Store.User().GetAllProfiles(offset, limit); result.Err != nil { 387 return nil, result.Err 388 } else { 389 return result.Data.([]*model.User), nil 390 } 391 } 392 393 func (a *App) GetUsersMap(offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 394 users, err := a.GetUsers(offset, limit) 395 if err != nil { 396 return nil, err 397 } 398 399 userMap := make(map[string]*model.User, len(users)) 400 401 for _, user := range users { 402 a.SanitizeProfile(user, asAdmin) 403 userMap[user.Id] = user 404 } 405 406 return userMap, nil 407 } 408 409 func (a *App) GetUsersPage(page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 410 users, err := a.GetUsers(page*perPage, perPage) 411 if err != nil { 412 return nil, err 413 } 414 415 return a.sanitizeProfiles(users, asAdmin), nil 416 } 417 418 func (a *App) GetUsersEtag() string { 419 return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForAllProfiles()).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress) 420 } 421 422 func (a *App) GetUsersInTeam(teamId string, offset int, limit int) ([]*model.User, *model.AppError) { 423 if result := <-a.Srv.Store.User().GetProfiles(teamId, offset, limit); result.Err != nil { 424 return nil, result.Err 425 } else { 426 return result.Data.([]*model.User), nil 427 } 428 } 429 430 func (a *App) GetUsersNotInTeam(teamId string, offset int, limit int) ([]*model.User, *model.AppError) { 431 if result := <-a.Srv.Store.User().GetProfilesNotInTeam(teamId, offset, limit); result.Err != nil { 432 return nil, result.Err 433 } else { 434 return result.Data.([]*model.User), nil 435 } 436 } 437 438 func (a *App) GetUsersInTeamMap(teamId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 439 users, err := a.GetUsersInTeam(teamId, offset, limit) 440 if err != nil { 441 return nil, err 442 } 443 444 userMap := make(map[string]*model.User, len(users)) 445 446 for _, user := range users { 447 a.SanitizeProfile(user, asAdmin) 448 userMap[user.Id] = user 449 } 450 451 return userMap, nil 452 } 453 454 func (a *App) GetUsersInTeamPage(teamId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 455 users, err := a.GetUsersInTeam(teamId, page*perPage, perPage) 456 if err != nil { 457 return nil, err 458 } 459 460 return a.sanitizeProfiles(users, asAdmin), nil 461 } 462 463 func (a *App) GetUsersNotInTeamPage(teamId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 464 users, err := a.GetUsersNotInTeam(teamId, page*perPage, perPage) 465 if err != nil { 466 return nil, err 467 } 468 469 return a.sanitizeProfiles(users, asAdmin), nil 470 } 471 472 func (a *App) GetUsersInTeamEtag(teamId string) string { 473 return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForProfiles(teamId)).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress) 474 } 475 476 func (a *App) GetUsersNotInTeamEtag(teamId string) string { 477 return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForProfilesNotInTeam(teamId)).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress) 478 } 479 480 func (a *App) GetUsersInChannel(channelId string, offset int, limit int) ([]*model.User, *model.AppError) { 481 if result := <-a.Srv.Store.User().GetProfilesInChannel(channelId, offset, limit); result.Err != nil { 482 return nil, result.Err 483 } else { 484 return result.Data.([]*model.User), nil 485 } 486 } 487 488 func (a *App) GetUsersInChannelByStatus(channelId string, offset int, limit int) ([]*model.User, *model.AppError) { 489 if result := <-a.Srv.Store.User().GetProfilesInChannelByStatus(channelId, offset, limit); result.Err != nil { 490 return nil, result.Err 491 } else { 492 return result.Data.([]*model.User), nil 493 } 494 } 495 496 func (a *App) GetUsersInChannelMap(channelId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 497 users, err := a.GetUsersInChannel(channelId, offset, limit) 498 if err != nil { 499 return nil, err 500 } 501 502 userMap := make(map[string]*model.User, len(users)) 503 504 for _, user := range users { 505 a.SanitizeProfile(user, asAdmin) 506 userMap[user.Id] = user 507 } 508 509 return userMap, nil 510 } 511 512 func (a *App) GetUsersInChannelPage(channelId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 513 users, err := a.GetUsersInChannel(channelId, page*perPage, perPage) 514 if err != nil { 515 return nil, err 516 } 517 518 return a.sanitizeProfiles(users, asAdmin), nil 519 } 520 521 func (a *App) GetUsersInChannelPageByStatus(channelId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 522 users, err := a.GetUsersInChannelByStatus(channelId, page*perPage, perPage) 523 if err != nil { 524 return nil, err 525 } 526 527 return a.sanitizeProfiles(users, asAdmin), nil 528 } 529 530 func (a *App) GetUsersNotInChannel(teamId string, channelId string, offset int, limit int) ([]*model.User, *model.AppError) { 531 if result := <-a.Srv.Store.User().GetProfilesNotInChannel(teamId, channelId, offset, limit); result.Err != nil { 532 return nil, result.Err 533 } else { 534 return result.Data.([]*model.User), nil 535 } 536 } 537 538 func (a *App) GetUsersNotInChannelMap(teamId string, channelId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 539 users, err := a.GetUsersNotInChannel(teamId, channelId, offset, limit) 540 if err != nil { 541 return nil, err 542 } 543 544 userMap := make(map[string]*model.User, len(users)) 545 546 for _, user := range users { 547 a.SanitizeProfile(user, asAdmin) 548 userMap[user.Id] = user 549 } 550 551 return userMap, nil 552 } 553 554 func (a *App) GetUsersNotInChannelPage(teamId string, channelId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 555 users, err := a.GetUsersNotInChannel(teamId, channelId, page*perPage, perPage) 556 if err != nil { 557 return nil, err 558 } 559 560 return a.sanitizeProfiles(users, asAdmin), nil 561 } 562 563 func (a *App) GetUsersWithoutTeamPage(page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 564 users, err := a.GetUsersWithoutTeam(page*perPage, perPage) 565 if err != nil { 566 return nil, err 567 } 568 569 return a.sanitizeProfiles(users, asAdmin), nil 570 } 571 572 func (a *App) GetUsersWithoutTeam(offset int, limit int) ([]*model.User, *model.AppError) { 573 if result := <-a.Srv.Store.User().GetProfilesWithoutTeam(offset, limit); result.Err != nil { 574 return nil, result.Err 575 } else { 576 return result.Data.([]*model.User), nil 577 } 578 } 579 580 func (a *App) GetUsersByIds(userIds []string, asAdmin bool) ([]*model.User, *model.AppError) { 581 if result := <-a.Srv.Store.User().GetProfileByIds(userIds, true); result.Err != nil { 582 return nil, result.Err 583 } else { 584 users := result.Data.([]*model.User) 585 return a.sanitizeProfiles(users, asAdmin), nil 586 } 587 } 588 589 func (a *App) GetUsersByUsernames(usernames []string, asAdmin bool) ([]*model.User, *model.AppError) { 590 if result := <-a.Srv.Store.User().GetProfilesByUsernames(usernames, ""); result.Err != nil { 591 return nil, result.Err 592 } else { 593 users := result.Data.([]*model.User) 594 return a.sanitizeProfiles(users, asAdmin), nil 595 } 596 } 597 598 func (a *App) sanitizeProfiles(users []*model.User, asAdmin bool) []*model.User { 599 for _, u := range users { 600 a.SanitizeProfile(u, asAdmin) 601 } 602 603 return users 604 } 605 606 func (a *App) GenerateMfaSecret(userId string) (*model.MfaSecret, *model.AppError) { 607 if a.Mfa == nil { 608 return nil, model.NewAppError("generateMfaSecret", "api.user.generate_mfa_qr.not_available.app_error", nil, "", http.StatusNotImplemented) 609 } 610 611 var user *model.User 612 var err *model.AppError 613 if user, err = a.GetUser(userId); err != nil { 614 return nil, err 615 } 616 617 secret, img, err := a.Mfa.GenerateSecret(user) 618 if err != nil { 619 return nil, err 620 } 621 622 mfaSecret := &model.MfaSecret{Secret: secret, QRCode: b64.StdEncoding.EncodeToString(img)} 623 return mfaSecret, nil 624 } 625 626 func (a *App) ActivateMfa(userId, token string) *model.AppError { 627 if a.Mfa == nil { 628 err := model.NewAppError("ActivateMfa", "api.user.update_mfa.not_available.app_error", nil, "", http.StatusNotImplemented) 629 return err 630 } 631 632 var user *model.User 633 if result := <-a.Srv.Store.User().Get(userId); result.Err != nil { 634 return result.Err 635 } else { 636 user = result.Data.(*model.User) 637 } 638 639 if len(user.AuthService) > 0 && user.AuthService != model.USER_AUTH_SERVICE_LDAP { 640 return model.NewAppError("ActivateMfa", "api.user.activate_mfa.email_and_ldap_only.app_error", nil, "", http.StatusBadRequest) 641 } 642 643 if err := a.Mfa.Activate(user, token); err != nil { 644 return err 645 } 646 647 return nil 648 } 649 650 func (a *App) DeactivateMfa(userId string) *model.AppError { 651 if a.Mfa == nil { 652 err := model.NewAppError("DeactivateMfa", "api.user.update_mfa.not_available.app_error", nil, "", http.StatusNotImplemented) 653 return err 654 } 655 656 if err := a.Mfa.Deactivate(userId); err != nil { 657 return err 658 } 659 660 return nil 661 } 662 663 func CreateProfileImage(username string, userId string, initialFont string) ([]byte, *model.AppError) { 664 colors := []color.NRGBA{ 665 {197, 8, 126, 255}, 666 {227, 207, 18, 255}, 667 {28, 181, 105, 255}, 668 {35, 188, 224, 255}, 669 {116, 49, 196, 255}, 670 {197, 8, 126, 255}, 671 {197, 19, 19, 255}, 672 {250, 134, 6, 255}, 673 {227, 207, 18, 255}, 674 {123, 201, 71, 255}, 675 {28, 181, 105, 255}, 676 {35, 188, 224, 255}, 677 {116, 49, 196, 255}, 678 {197, 8, 126, 255}, 679 {197, 19, 19, 255}, 680 {250, 134, 6, 255}, 681 {227, 207, 18, 255}, 682 {123, 201, 71, 255}, 683 {28, 181, 105, 255}, 684 {35, 188, 224, 255}, 685 {116, 49, 196, 255}, 686 {197, 8, 126, 255}, 687 {197, 19, 19, 255}, 688 {250, 134, 6, 255}, 689 {227, 207, 18, 255}, 690 {123, 201, 71, 255}, 691 } 692 693 h := fnv.New32a() 694 h.Write([]byte(userId)) 695 seed := h.Sum32() 696 697 initial := string(strings.ToUpper(username)[0]) 698 699 font, err := getFont(initialFont) 700 if err != nil { 701 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.default_font.app_error", nil, err.Error(), http.StatusInternalServerError) 702 } 703 704 color := colors[int64(seed)%int64(len(colors))] 705 dstImg := image.NewRGBA(image.Rect(0, 0, IMAGE_PROFILE_PIXEL_DIMENSION, IMAGE_PROFILE_PIXEL_DIMENSION)) 706 srcImg := image.White 707 draw.Draw(dstImg, dstImg.Bounds(), &image.Uniform{color}, image.ZP, draw.Src) 708 size := float64(IMAGE_PROFILE_PIXEL_DIMENSION / 2) 709 710 c := freetype.NewContext() 711 c.SetFont(font) 712 c.SetFontSize(size) 713 c.SetClip(dstImg.Bounds()) 714 c.SetDst(dstImg) 715 c.SetSrc(srcImg) 716 717 pt := freetype.Pt(IMAGE_PROFILE_PIXEL_DIMENSION/5, IMAGE_PROFILE_PIXEL_DIMENSION*2/3) 718 _, err = c.DrawString(initial, pt) 719 if err != nil { 720 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.initial.app_error", nil, err.Error(), http.StatusInternalServerError) 721 } 722 723 buf := new(bytes.Buffer) 724 725 if imgErr := png.Encode(buf, dstImg); imgErr != nil { 726 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.encode.app_error", nil, imgErr.Error(), http.StatusInternalServerError) 727 } else { 728 return buf.Bytes(), nil 729 } 730 } 731 732 func getFont(initialFont string) (*truetype.Font, error) { 733 // Some people have the old default font still set, so just treat that as if they're using the new default 734 if initialFont == "luximbi.ttf" { 735 initialFont = "nunito-bold.ttf" 736 } 737 738 fontDir, _ := utils.FindDir("fonts") 739 fontBytes, err := ioutil.ReadFile(filepath.Join(fontDir, initialFont)) 740 if err != nil { 741 return nil, err 742 } 743 744 return freetype.ParseFont(fontBytes) 745 } 746 747 func (a *App) GetProfileImage(user *model.User) ([]byte, bool, *model.AppError) { 748 if len(*a.Config().FileSettings.DriverName) == 0 { 749 img, appErr := CreateProfileImage(user.Username, user.Id, a.Config().FileSettings.InitialFont) 750 if appErr != nil { 751 return nil, false, appErr 752 } 753 return img, false, nil 754 } 755 756 path := "users/" + user.Id + "/profile.png" 757 758 data, err := a.ReadFile(path) 759 if err != nil { 760 img, appErr := CreateProfileImage(user.Username, user.Id, a.Config().FileSettings.InitialFont) 761 if appErr != nil { 762 return nil, false, appErr 763 } 764 765 if user.LastPictureUpdate == 0 { 766 if _, err := a.WriteFile(bytes.NewReader(img), path); err != nil { 767 return nil, false, err 768 } 769 } 770 return img, true, nil 771 } 772 773 return data, false, nil 774 } 775 776 func (a *App) GetDefaultProfileImage(user *model.User) ([]byte, *model.AppError) { 777 img, appErr := CreateProfileImage(user.Username, user.Id, a.Config().FileSettings.InitialFont) 778 if appErr != nil { 779 return nil, appErr 780 } 781 return img, nil 782 } 783 784 func (a *App) SetDefaultProfileImage(user *model.User) *model.AppError { 785 img, appErr := CreateProfileImage(user.Username, user.Id, a.Config().FileSettings.InitialFont) 786 if appErr != nil { 787 return appErr 788 } 789 790 path := "users/" + user.Id + "/profile.png" 791 792 if _, err := a.WriteFile(bytes.NewReader(img), path); err != nil { 793 return err 794 } 795 796 <-a.Srv.Store.User().ResetLastPictureUpdate(user.Id) 797 798 a.InvalidateCacheForUser(user.Id) 799 800 updatedUser, appErr := a.GetUser(user.Id) 801 if appErr != nil { 802 mlog.Error(fmt.Sprintf("Error in getting users profile for id=%v forcing logout", user.Id), mlog.String("user_id", user.Id)) 803 return nil 804 } 805 806 options := a.Config().GetSanitizeOptions() 807 updatedUser.SanitizeProfile(options) 808 809 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil) 810 message.Add("user", updatedUser) 811 a.Publish(message) 812 813 return nil 814 } 815 816 func (a *App) SetProfileImage(userId string, imageData *multipart.FileHeader) *model.AppError { 817 file, err := imageData.Open() 818 if err != nil { 819 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.open.app_error", nil, err.Error(), http.StatusBadRequest) 820 } 821 defer file.Close() 822 return a.SetProfileImageFromFile(userId, file) 823 } 824 825 func (a *App) SetProfileImageFromFile(userId string, file multipart.File) *model.AppError { 826 // Decode image config first to check dimensions before loading the whole thing into memory later on 827 config, _, err := image.DecodeConfig(file) 828 if err != nil { 829 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.decode_config.app_error", nil, err.Error(), http.StatusBadRequest) 830 } else if config.Width*config.Height > model.MaxImageSize { 831 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.too_large.app_error", nil, err.Error(), http.StatusBadRequest) 832 } 833 834 file.Seek(0, 0) 835 836 // Decode image into Image object 837 img, _, err := image.Decode(file) 838 if err != nil { 839 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.decode.app_error", nil, err.Error(), http.StatusBadRequest) 840 } 841 842 file.Seek(0, 0) 843 844 orientation, _ := getImageOrientation(file) 845 img = makeImageUpright(img, orientation) 846 847 // Scale profile image 848 profileWidthAndHeight := 128 849 img = imaging.Fill(img, profileWidthAndHeight, profileWidthAndHeight, imaging.Center, imaging.Lanczos) 850 851 buf := new(bytes.Buffer) 852 err = png.Encode(buf, img) 853 if err != nil { 854 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.encode.app_error", nil, err.Error(), http.StatusInternalServerError) 855 } 856 857 path := "users/" + userId + "/profile.png" 858 859 if _, err := a.WriteFile(buf, path); err != nil { 860 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.upload_profile.app_error", nil, "", http.StatusInternalServerError) 861 } 862 863 <-a.Srv.Store.User().UpdateLastPictureUpdate(userId) 864 865 a.InvalidateCacheForUser(userId) 866 867 if user, err := a.GetUser(userId); err != nil { 868 mlog.Error(fmt.Sprintf("Error in getting users profile for id=%v forcing logout", userId), mlog.String("user_id", userId)) 869 } else { 870 options := a.Config().GetSanitizeOptions() 871 user.SanitizeProfile(options) 872 873 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil) 874 message.Add("user", user) 875 a.Publish(message) 876 } 877 878 return nil 879 } 880 881 func (a *App) UpdatePasswordAsUser(userId, currentPassword, newPassword string) *model.AppError { 882 var user *model.User 883 var err *model.AppError 884 885 if user, err = a.GetUser(userId); err != nil { 886 return err 887 } 888 889 if user == nil { 890 err = model.NewAppError("updatePassword", "api.user.update_password.valid_account.app_error", nil, "", http.StatusBadRequest) 891 return err 892 } 893 894 if user.AuthData != nil && *user.AuthData != "" { 895 err = model.NewAppError("updatePassword", "api.user.update_password.oauth.app_error", nil, "auth_service="+user.AuthService, http.StatusBadRequest) 896 return err 897 } 898 899 if err := a.doubleCheckPassword(user, currentPassword); err != nil { 900 if err.Id == "api.user.check_user_password.invalid.app_error" { 901 err = model.NewAppError("updatePassword", "api.user.update_password.incorrect.app_error", nil, "", http.StatusBadRequest) 902 } 903 return err 904 } 905 906 T := utils.GetUserTranslations(user.Locale) 907 908 return a.UpdatePasswordSendEmail(user, newPassword, T("api.user.update_password.menu")) 909 } 910 911 func (a *App) UpdateActive(user *model.User, active bool) (*model.User, *model.AppError) { 912 if active { 913 user.DeleteAt = 0 914 } else { 915 user.DeleteAt = model.GetMillis() 916 } 917 918 if result := <-a.Srv.Store.User().Update(user, true); result.Err != nil { 919 return nil, result.Err 920 } else { 921 if user.DeleteAt > 0 { 922 if err := a.RevokeAllSessions(user.Id); err != nil { 923 return nil, err 924 } 925 } 926 927 ruser := result.Data.([2]*model.User)[0] 928 929 if !active { 930 a.SetStatusOffline(ruser.Id, false) 931 } 932 933 teamsForUser, err := a.GetTeamsForUser(user.Id) 934 if err != nil { 935 return nil, err 936 } 937 938 for _, team := range teamsForUser { 939 channelsForUser, err := a.GetChannelsForUser(team.Id, user.Id, false) 940 if err != nil { 941 return nil, err 942 } 943 944 for _, channel := range *channelsForUser { 945 a.InvalidateCacheForChannelMembers(channel.Id) 946 } 947 } 948 949 a.sendUpdatedUserEvent(*ruser) 950 951 return ruser, nil 952 } 953 } 954 955 func (a *App) SanitizeProfile(user *model.User, asAdmin bool) { 956 options := a.Config().GetSanitizeOptions() 957 if asAdmin { 958 options["email"] = true 959 options["fullname"] = true 960 options["authservice"] = true 961 } 962 user.SanitizeProfile(options) 963 } 964 965 func (a *App) UpdateUserAsUser(user *model.User, asAdmin bool) (*model.User, *model.AppError) { 966 updatedUser, err := a.UpdateUser(user, true) 967 if err != nil { 968 return nil, err 969 } 970 971 a.sendUpdatedUserEvent(*updatedUser) 972 973 return updatedUser, nil 974 } 975 976 func (a *App) PatchUser(userId string, patch *model.UserPatch, asAdmin bool) (*model.User, *model.AppError) { 977 user, err := a.GetUser(userId) 978 if err != nil { 979 return nil, err 980 } 981 982 user.Patch(patch) 983 984 updatedUser, err := a.UpdateUser(user, true) 985 if err != nil { 986 return nil, err 987 } 988 989 a.sendUpdatedUserEvent(*updatedUser) 990 991 return updatedUser, nil 992 } 993 994 func (a *App) UpdateUserAuth(userId string, userAuth *model.UserAuth) (*model.UserAuth, *model.AppError) { 995 if userAuth.AuthData == nil || *userAuth.AuthData == "" || userAuth.AuthService == "" { 996 userAuth.AuthData = nil 997 userAuth.AuthService = "" 998 999 if err := a.IsPasswordValid(userAuth.Password); err != nil { 1000 return nil, err 1001 } 1002 password := model.HashPassword(userAuth.Password) 1003 1004 if result := <-a.Srv.Store.User().UpdatePassword(userId, password); result.Err != nil { 1005 return nil, result.Err 1006 } 1007 } else { 1008 userAuth.Password = "" 1009 1010 if result := <-a.Srv.Store.User().UpdateAuthData(userId, userAuth.AuthService, userAuth.AuthData, "", false); result.Err != nil { 1011 return nil, result.Err 1012 } 1013 } 1014 1015 return userAuth, nil 1016 } 1017 1018 func (a *App) sendUpdatedUserEvent(user model.User) { 1019 adminCopyOfUser := user.DeepCopy() 1020 a.SanitizeProfile(adminCopyOfUser, true) 1021 adminMessage := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil) 1022 adminMessage.Add("user", *adminCopyOfUser) 1023 adminMessage.Broadcast.ContainsSensitiveData = true 1024 a.Publish(adminMessage) 1025 1026 a.SanitizeProfile(&user, false) 1027 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil) 1028 message.Add("user", user) 1029 message.Broadcast.ContainsSanitizedData = true 1030 a.Publish(message) 1031 } 1032 1033 func (a *App) UpdateUser(user *model.User, sendNotifications bool) (*model.User, *model.AppError) { 1034 if !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) { 1035 result := <-a.Srv.Store.User().Get(user.Id) 1036 if result.Err != nil { 1037 return nil, result.Err 1038 } 1039 prev := result.Data.(*model.User) 1040 if !prev.IsLDAPUser() && !prev.IsSAMLUser() && user.Email != prev.Email { 1041 return nil, model.NewAppError("UpdateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest) 1042 } 1043 } 1044 1045 if result := <-a.Srv.Store.User().Update(user, false); result.Err != nil { 1046 return nil, result.Err 1047 } else { 1048 rusers := result.Data.([2]*model.User) 1049 1050 if sendNotifications { 1051 if rusers[0].Email != rusers[1].Email { 1052 a.Go(func() { 1053 if err := a.SendEmailChangeEmail(rusers[1].Email, rusers[0].Email, rusers[0].Locale, a.GetSiteURL()); err != nil { 1054 mlog.Error(err.Error()) 1055 } 1056 }) 1057 1058 if a.Config().EmailSettings.RequireEmailVerification { 1059 a.Go(func() { 1060 if err := a.SendEmailVerification(rusers[0]); err != nil { 1061 mlog.Error(err.Error()) 1062 } 1063 }) 1064 } 1065 } 1066 1067 if rusers[0].Username != rusers[1].Username { 1068 a.Go(func() { 1069 if err := a.SendChangeUsernameEmail(rusers[1].Username, rusers[0].Username, rusers[0].Email, rusers[0].Locale, a.GetSiteURL()); err != nil { 1070 mlog.Error(err.Error()) 1071 } 1072 }) 1073 } 1074 } 1075 1076 a.InvalidateCacheForUser(user.Id) 1077 1078 return rusers[0], nil 1079 } 1080 } 1081 1082 func (a *App) UpdateUserNotifyProps(userId string, props map[string]string) (*model.User, *model.AppError) { 1083 var user *model.User 1084 var err *model.AppError 1085 if user, err = a.GetUser(userId); err != nil { 1086 return nil, err 1087 } 1088 1089 user.NotifyProps = props 1090 1091 var ruser *model.User 1092 if ruser, err = a.UpdateUser(user, true); err != nil { 1093 return nil, err 1094 } 1095 1096 return ruser, nil 1097 } 1098 1099 func (a *App) UpdateMfa(activate bool, userId, token string) *model.AppError { 1100 if activate { 1101 if err := a.ActivateMfa(userId, token); err != nil { 1102 return err 1103 } 1104 } else { 1105 if err := a.DeactivateMfa(userId); err != nil { 1106 return err 1107 } 1108 } 1109 1110 a.Go(func() { 1111 var user *model.User 1112 var err *model.AppError 1113 1114 if user, err = a.GetUser(userId); err != nil { 1115 mlog.Error(err.Error()) 1116 return 1117 } 1118 1119 if err := a.SendMfaChangeEmail(user.Email, activate, user.Locale, a.GetSiteURL()); err != nil { 1120 mlog.Error(err.Error()) 1121 } 1122 }) 1123 1124 return nil 1125 } 1126 1127 func (a *App) UpdatePasswordByUserIdSendEmail(userId, newPassword, method string) *model.AppError { 1128 var user *model.User 1129 var err *model.AppError 1130 if user, err = a.GetUser(userId); err != nil { 1131 return err 1132 } 1133 1134 return a.UpdatePasswordSendEmail(user, newPassword, method) 1135 } 1136 1137 func (a *App) UpdatePassword(user *model.User, newPassword string) *model.AppError { 1138 if err := a.IsPasswordValid(newPassword); err != nil { 1139 return err 1140 } 1141 1142 hashedPassword := model.HashPassword(newPassword) 1143 1144 if result := <-a.Srv.Store.User().UpdatePassword(user.Id, hashedPassword); result.Err != nil { 1145 return model.NewAppError("UpdatePassword", "api.user.update_password.failed.app_error", nil, result.Err.Error(), http.StatusInternalServerError) 1146 } 1147 1148 return nil 1149 } 1150 1151 func (a *App) UpdatePasswordSendEmail(user *model.User, newPassword, method string) *model.AppError { 1152 if err := a.UpdatePassword(user, newPassword); err != nil { 1153 return err 1154 } 1155 1156 a.Go(func() { 1157 if err := a.SendPasswordChangeEmail(user.Email, method, user.Locale, a.GetSiteURL()); err != nil { 1158 mlog.Error(err.Error()) 1159 } 1160 }) 1161 1162 return nil 1163 } 1164 1165 func (a *App) ResetPasswordFromToken(userSuppliedTokenString, newPassword string) *model.AppError { 1166 var token *model.Token 1167 var err *model.AppError 1168 if token, err = a.GetPasswordRecoveryToken(userSuppliedTokenString); err != nil { 1169 return err 1170 } else { 1171 if model.GetMillis()-token.CreateAt >= PASSWORD_RECOVER_EXPIRY_TIME { 1172 return model.NewAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "", http.StatusBadRequest) 1173 } 1174 } 1175 1176 var user *model.User 1177 if user, err = a.GetUser(token.Extra); err != nil { 1178 return err 1179 } 1180 1181 if user.IsSSOUser() { 1182 return model.NewAppError("ResetPasswordFromCode", "api.user.reset_password.sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest) 1183 } 1184 1185 T := utils.GetUserTranslations(user.Locale) 1186 1187 if err := a.UpdatePasswordSendEmail(user, newPassword, T("api.user.reset_password.method")); err != nil { 1188 return err 1189 } 1190 1191 if err := a.DeleteToken(token); err != nil { 1192 mlog.Error(err.Error()) 1193 } 1194 1195 return nil 1196 } 1197 1198 func (a *App) SendPasswordReset(email string, siteURL string) (bool, *model.AppError) { 1199 var user *model.User 1200 var err *model.AppError 1201 if user, err = a.GetUserByEmail(email); err != nil { 1202 return false, nil 1203 } 1204 1205 if user.AuthData != nil && len(*user.AuthData) != 0 { 1206 return false, model.NewAppError("SendPasswordReset", "api.user.send_password_reset.sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest) 1207 } 1208 1209 var token *model.Token 1210 if token, err = a.CreatePasswordRecoveryToken(user.Id); err != nil { 1211 return false, err 1212 } 1213 1214 return a.SendPasswordResetEmail(user.Email, token, user.Locale, siteURL) 1215 } 1216 1217 func (a *App) CreatePasswordRecoveryToken(userId string) (*model.Token, *model.AppError) { 1218 token := model.NewToken(TOKEN_TYPE_PASSWORD_RECOVERY, userId) 1219 1220 if result := <-a.Srv.Store.Token().Save(token); result.Err != nil { 1221 return nil, result.Err 1222 } 1223 1224 return token, nil 1225 } 1226 1227 func (a *App) GetPasswordRecoveryToken(token string) (*model.Token, *model.AppError) { 1228 if result := <-a.Srv.Store.Token().GetByToken(token); result.Err != nil { 1229 return nil, model.NewAppError("GetPasswordRecoveryToken", "api.user.reset_password.invalid_link.app_error", nil, result.Err.Error(), http.StatusBadRequest) 1230 } else { 1231 token := result.Data.(*model.Token) 1232 if token.Type != TOKEN_TYPE_PASSWORD_RECOVERY { 1233 return nil, model.NewAppError("GetPasswordRecoveryToken", "api.user.reset_password.broken_token.app_error", nil, "", http.StatusBadRequest) 1234 } 1235 return token, nil 1236 } 1237 } 1238 1239 func (a *App) DeleteToken(token *model.Token) *model.AppError { 1240 if result := <-a.Srv.Store.Token().Delete(token.Token); result.Err != nil { 1241 return result.Err 1242 } 1243 1244 return nil 1245 } 1246 1247 func (a *App) UpdateUserRoles(userId string, newRoles string, sendWebSocketEvent bool) (*model.User, *model.AppError) { 1248 var user *model.User 1249 var err *model.AppError 1250 if user, err = a.GetUser(userId); err != nil { 1251 err.StatusCode = http.StatusBadRequest 1252 return nil, err 1253 } 1254 1255 if err := a.CheckRolesExist(strings.Fields(newRoles)); err != nil { 1256 return nil, err 1257 } 1258 1259 user.Roles = newRoles 1260 uchan := a.Srv.Store.User().Update(user, true) 1261 schan := a.Srv.Store.Session().UpdateRoles(user.Id, newRoles) 1262 1263 var ruser *model.User 1264 if result := <-uchan; result.Err != nil { 1265 return nil, result.Err 1266 } else { 1267 ruser = result.Data.([2]*model.User)[0] 1268 } 1269 1270 if result := <-schan; result.Err != nil { 1271 // soft error since the user roles were still updated 1272 mlog.Error(fmt.Sprint(result.Err)) 1273 } 1274 1275 a.ClearSessionCacheForUser(user.Id) 1276 1277 if sendWebSocketEvent { 1278 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_ROLE_UPDATED, "", "", user.Id, nil) 1279 message.Add("user_id", user.Id) 1280 message.Add("roles", newRoles) 1281 a.Publish(message) 1282 } 1283 1284 return ruser, nil 1285 } 1286 1287 func (a *App) PermanentDeleteUser(user *model.User) *model.AppError { 1288 mlog.Warn(fmt.Sprintf("Attempting to permanently delete account %v id=%v", user.Email, user.Id), mlog.String("user_id", user.Id)) 1289 if user.IsInRole(model.SYSTEM_ADMIN_ROLE_ID) { 1290 mlog.Warn(fmt.Sprintf("You are deleting %v that is a system administrator. You may need to set another account as the system administrator using the command line tools.", user.Email)) 1291 } 1292 1293 if _, err := a.UpdateActive(user, false); err != nil { 1294 return err 1295 } 1296 1297 if result := <-a.Srv.Store.Session().PermanentDeleteSessionsByUser(user.Id); result.Err != nil { 1298 return result.Err 1299 } 1300 1301 if result := <-a.Srv.Store.UserAccessToken().DeleteAllForUser(user.Id); result.Err != nil { 1302 return result.Err 1303 } 1304 1305 if result := <-a.Srv.Store.OAuth().PermanentDeleteAuthDataByUser(user.Id); result.Err != nil { 1306 return result.Err 1307 } 1308 1309 if result := <-a.Srv.Store.Webhook().PermanentDeleteIncomingByUser(user.Id); result.Err != nil { 1310 return result.Err 1311 } 1312 1313 if result := <-a.Srv.Store.Webhook().PermanentDeleteOutgoingByUser(user.Id); result.Err != nil { 1314 return result.Err 1315 } 1316 1317 if result := <-a.Srv.Store.Command().PermanentDeleteByUser(user.Id); result.Err != nil { 1318 return result.Err 1319 } 1320 1321 if result := <-a.Srv.Store.Preference().PermanentDeleteByUser(user.Id); result.Err != nil { 1322 return result.Err 1323 } 1324 1325 if result := <-a.Srv.Store.Channel().PermanentDeleteMembersByUser(user.Id); result.Err != nil { 1326 return result.Err 1327 } 1328 1329 if result := <-a.Srv.Store.Post().PermanentDeleteByUser(user.Id); result.Err != nil { 1330 return result.Err 1331 } 1332 1333 fchan := a.Srv.Store.FileInfo().GetForUser(user.Id) 1334 var infos []*model.FileInfo 1335 if result := <-fchan; result.Err != nil { 1336 mlog.Warn("Error getting file list for user from FileInfoStore") 1337 } else { 1338 infos = result.Data.([]*model.FileInfo) 1339 for _, info := range infos { 1340 res, err := a.FileExists(info.Path) 1341 1342 if err != nil { 1343 mlog.Warn( 1344 "Error checking existence of file", 1345 mlog.String("path", info.Path), 1346 mlog.Err(err), 1347 ) 1348 continue 1349 } 1350 1351 if !res { 1352 mlog.Warn("File not found", mlog.String("path", info.Path)) 1353 continue 1354 } 1355 1356 err = a.RemoveFile(info.Path) 1357 1358 if err != nil { 1359 mlog.Warn( 1360 "Unable to remove file", 1361 mlog.String("path", info.Path), 1362 mlog.Err(err), 1363 ) 1364 } 1365 } 1366 } 1367 1368 if result := <-a.Srv.Store.FileInfo().PermanentDeleteByUser(user.Id); result.Err != nil { 1369 return result.Err 1370 } 1371 1372 if result := <-a.Srv.Store.User().PermanentDelete(user.Id); result.Err != nil { 1373 return result.Err 1374 } 1375 1376 if result := <-a.Srv.Store.Audit().PermanentDeleteByUser(user.Id); result.Err != nil { 1377 return result.Err 1378 } 1379 1380 if result := <-a.Srv.Store.Team().RemoveAllMembersByUser(user.Id); result.Err != nil { 1381 return result.Err 1382 } 1383 1384 mlog.Warn(fmt.Sprintf("Permanently deleted account %v id=%v", user.Email, user.Id), mlog.String("user_id", user.Id)) 1385 1386 return nil 1387 } 1388 1389 func (a *App) PermanentDeleteAllUsers() *model.AppError { 1390 if result := <-a.Srv.Store.User().GetAll(); result.Err != nil { 1391 return result.Err 1392 } else { 1393 users := result.Data.([]*model.User) 1394 for _, user := range users { 1395 a.PermanentDeleteUser(user) 1396 } 1397 } 1398 1399 return nil 1400 } 1401 1402 func (a *App) SendEmailVerification(user *model.User) *model.AppError { 1403 token, err := a.CreateVerifyEmailToken(user.Id) 1404 if err != nil { 1405 return err 1406 } 1407 1408 if _, err := a.GetStatus(user.Id); err != nil { 1409 return a.SendVerifyEmail(user.Email, user.Locale, a.GetSiteURL(), token.Token) 1410 } else { 1411 return a.SendEmailChangeVerifyEmail(user.Email, user.Locale, a.GetSiteURL(), token.Token) 1412 } 1413 } 1414 1415 func (a *App) VerifyEmailFromToken(userSuppliedTokenString string) *model.AppError { 1416 var token *model.Token 1417 var err *model.AppError 1418 if token, err = a.GetVerifyEmailToken(userSuppliedTokenString); err != nil { 1419 return err 1420 } else { 1421 if model.GetMillis()-token.CreateAt >= PASSWORD_RECOVER_EXPIRY_TIME { 1422 return model.NewAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "", http.StatusBadRequest) 1423 } 1424 if err := a.VerifyUserEmail(token.Extra); err != nil { 1425 return err 1426 } 1427 if err := a.DeleteToken(token); err != nil { 1428 mlog.Error(err.Error()) 1429 } 1430 } 1431 1432 return nil 1433 } 1434 1435 func (a *App) CreateVerifyEmailToken(userId string) (*model.Token, *model.AppError) { 1436 token := model.NewToken(TOKEN_TYPE_VERIFY_EMAIL, userId) 1437 1438 if result := <-a.Srv.Store.Token().Save(token); result.Err != nil { 1439 return nil, result.Err 1440 } 1441 1442 return token, nil 1443 } 1444 1445 func (a *App) GetVerifyEmailToken(token string) (*model.Token, *model.AppError) { 1446 if result := <-a.Srv.Store.Token().GetByToken(token); result.Err != nil { 1447 return nil, model.NewAppError("GetVerifyEmailToken", "api.user.verify_email.bad_link.app_error", nil, result.Err.Error(), http.StatusBadRequest) 1448 } else { 1449 token := result.Data.(*model.Token) 1450 if token.Type != TOKEN_TYPE_VERIFY_EMAIL { 1451 return nil, model.NewAppError("GetVerifyEmailToken", "api.user.verify_email.broken_token.app_error", nil, "", http.StatusBadRequest) 1452 } 1453 return token, nil 1454 } 1455 } 1456 1457 func (a *App) GetTotalUsersStats() (*model.UsersStats, *model.AppError) { 1458 stats := &model.UsersStats{} 1459 1460 if result := <-a.Srv.Store.User().GetTotalUsersCount(); result.Err != nil { 1461 return nil, result.Err 1462 } else { 1463 stats.TotalUsersCount = result.Data.(int64) 1464 } 1465 return stats, nil 1466 } 1467 1468 func (a *App) VerifyUserEmail(userId string) *model.AppError { 1469 return (<-a.Srv.Store.User().VerifyEmail(userId)).Err 1470 } 1471 1472 func (a *App) SearchUsers(props *model.UserSearch, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1473 if props.WithoutTeam { 1474 return a.SearchUsersWithoutTeam(props.Term, searchOptions, asAdmin) 1475 } else if props.InChannelId != "" { 1476 return a.SearchUsersInChannel(props.InChannelId, props.Term, searchOptions, asAdmin) 1477 } else if props.NotInChannelId != "" { 1478 return a.SearchUsersNotInChannel(props.TeamId, props.NotInChannelId, props.Term, searchOptions, asAdmin) 1479 } else if props.NotInTeamId != "" { 1480 return a.SearchUsersNotInTeam(props.NotInTeamId, props.Term, searchOptions, asAdmin) 1481 } else { 1482 return a.SearchUsersInTeam(props.TeamId, props.Term, searchOptions, asAdmin) 1483 } 1484 } 1485 1486 func (a *App) SearchUsersInChannel(channelId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1487 if result := <-a.Srv.Store.User().SearchInChannel(channelId, term, searchOptions); result.Err != nil { 1488 return nil, result.Err 1489 } else { 1490 users := result.Data.([]*model.User) 1491 1492 for _, user := range users { 1493 a.SanitizeProfile(user, asAdmin) 1494 } 1495 1496 return users, nil 1497 } 1498 } 1499 1500 func (a *App) SearchUsersNotInChannel(teamId string, channelId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1501 if result := <-a.Srv.Store.User().SearchNotInChannel(teamId, channelId, term, searchOptions); result.Err != nil { 1502 return nil, result.Err 1503 } else { 1504 users := result.Data.([]*model.User) 1505 1506 for _, user := range users { 1507 a.SanitizeProfile(user, asAdmin) 1508 } 1509 1510 return users, nil 1511 } 1512 } 1513 1514 func (a *App) SearchUsersInTeam(teamId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1515 if result := <-a.Srv.Store.User().Search(teamId, term, searchOptions); result.Err != nil { 1516 return nil, result.Err 1517 } else { 1518 users := result.Data.([]*model.User) 1519 1520 for _, user := range users { 1521 a.SanitizeProfile(user, asAdmin) 1522 } 1523 1524 return users, nil 1525 } 1526 } 1527 1528 func (a *App) SearchUsersNotInTeam(notInTeamId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1529 if result := <-a.Srv.Store.User().SearchNotInTeam(notInTeamId, term, searchOptions); result.Err != nil { 1530 return nil, result.Err 1531 } else { 1532 users := result.Data.([]*model.User) 1533 1534 for _, user := range users { 1535 a.SanitizeProfile(user, asAdmin) 1536 } 1537 1538 return users, nil 1539 } 1540 } 1541 1542 func (a *App) SearchUsersWithoutTeam(term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1543 if result := <-a.Srv.Store.User().SearchWithoutTeam(term, searchOptions); result.Err != nil { 1544 return nil, result.Err 1545 } else { 1546 users := result.Data.([]*model.User) 1547 1548 for _, user := range users { 1549 a.SanitizeProfile(user, asAdmin) 1550 } 1551 1552 return users, nil 1553 } 1554 } 1555 1556 func (a *App) AutocompleteUsersInChannel(teamId string, channelId string, term string, searchOptions map[string]bool, asAdmin bool) (*model.UserAutocompleteInChannel, *model.AppError) { 1557 uchan := a.Srv.Store.User().SearchInChannel(channelId, term, searchOptions) 1558 nuchan := a.Srv.Store.User().SearchNotInChannel(teamId, channelId, term, searchOptions) 1559 1560 autocomplete := &model.UserAutocompleteInChannel{} 1561 1562 if result := <-uchan; result.Err != nil { 1563 return nil, result.Err 1564 } else { 1565 users := result.Data.([]*model.User) 1566 1567 for _, user := range users { 1568 a.SanitizeProfile(user, asAdmin) 1569 } 1570 1571 autocomplete.InChannel = users 1572 } 1573 1574 if result := <-nuchan; result.Err != nil { 1575 return nil, result.Err 1576 } else { 1577 users := result.Data.([]*model.User) 1578 1579 for _, user := range users { 1580 a.SanitizeProfile(user, asAdmin) 1581 } 1582 1583 autocomplete.OutOfChannel = users 1584 } 1585 1586 return autocomplete, nil 1587 } 1588 1589 func (a *App) AutocompleteUsersInTeam(teamId string, term string, searchOptions map[string]bool, asAdmin bool) (*model.UserAutocompleteInTeam, *model.AppError) { 1590 autocomplete := &model.UserAutocompleteInTeam{} 1591 1592 if result := <-a.Srv.Store.User().Search(teamId, term, searchOptions); result.Err != nil { 1593 return nil, result.Err 1594 } else { 1595 users := result.Data.([]*model.User) 1596 1597 for _, user := range users { 1598 a.SanitizeProfile(user, asAdmin) 1599 } 1600 1601 autocomplete.InTeam = users 1602 } 1603 1604 return autocomplete, nil 1605 } 1606 1607 func (a *App) UpdateOAuthUserAttrs(userData io.Reader, user *model.User, provider einterfaces.OauthProvider, service string) *model.AppError { 1608 oauthUser := provider.GetUserFromJson(userData) 1609 1610 if oauthUser == nil { 1611 return model.NewAppError("UpdateOAuthUserAttrs", "api.user.update_oauth_user_attrs.get_user.app_error", map[string]interface{}{"Service": service}, "", http.StatusBadRequest) 1612 } 1613 1614 userAttrsChanged := false 1615 1616 if oauthUser.Username != user.Username { 1617 if existingUser, _ := a.GetUserByUsername(oauthUser.Username); existingUser == nil { 1618 user.Username = oauthUser.Username 1619 userAttrsChanged = true 1620 } 1621 } 1622 1623 if oauthUser.GetFullName() != user.GetFullName() { 1624 user.FirstName = oauthUser.FirstName 1625 user.LastName = oauthUser.LastName 1626 userAttrsChanged = true 1627 } 1628 1629 if oauthUser.Email != user.Email { 1630 if existingUser, _ := a.GetUserByEmail(oauthUser.Email); existingUser == nil { 1631 user.Email = oauthUser.Email 1632 userAttrsChanged = true 1633 } 1634 } 1635 1636 if user.DeleteAt > 0 { 1637 // Make sure they are not disabled 1638 user.DeleteAt = 0 1639 userAttrsChanged = true 1640 } 1641 1642 if userAttrsChanged { 1643 var result store.StoreResult 1644 if result = <-a.Srv.Store.User().Update(user, true); result.Err != nil { 1645 return result.Err 1646 } 1647 1648 user = result.Data.([2]*model.User)[0] 1649 a.InvalidateCacheForUser(user.Id) 1650 } 1651 1652 return nil 1653 } 1654 1655 func (a *App) RecordUserServiceTermsAction(userId, serviceTermsId string, accepted bool) *model.AppError { 1656 user, err := a.GetUser(userId) 1657 if err != nil { 1658 return err 1659 } 1660 1661 if accepted { 1662 user.AcceptedServiceTermsId = serviceTermsId 1663 } else { 1664 user.AcceptedServiceTermsId = "" 1665 } 1666 _, err = a.UpdateUser(user, false) 1667 if err != nil { 1668 return err 1669 } 1670 1671 return nil 1672 }