github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/services/users/users.go

github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/services/users/users.go (about)

     1  // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
     2  // See LICENSE.txt for license information.
     3  
     4  package users
     5  
     6  import (
     7  	"context"
     8  	"encoding/base64"
     9  	"fmt"
    10  
    11  	"github.com/masterhung0112/hk_server/v5/model"
    12  	"github.com/masterhung0112/hk_server/v5/shared/i18n"
    13  	"github.com/masterhung0112/hk_server/v5/shared/mfa"
    14  	"github.com/masterhung0112/hk_server/v5/shared/mlog"
    15  	"github.com/masterhung0112/hk_server/v5/store"
    16  )
    17  
    18  type UserCreateOptions struct {
    19  	Guest      bool
    20  	FromImport bool
    21  }
    22  
    23  // CreateUser creates a user
    24  func (us *UserService) CreateUser(user *model.User, opts UserCreateOptions) (*model.User, error) {
    25  	if opts.FromImport {
    26  		return us.createUser(user)
    27  	}
    28  
    29  	user.Roles = model.SYSTEM_USER_ROLE_ID
    30  	if opts.Guest {
    31  		user.Roles = model.SYSTEM_GUEST_ROLE_ID
    32  	}
    33  
    34  	if !user.IsLDAPUser() && !user.IsSAMLUser() && !user.IsGuest() && !CheckUserDomain(user, *us.config().TeamSettings.RestrictCreationToDomains) {
    35  		return nil, AcceptedDomainError
    36  	}
    37  
    38  	if !user.IsLDAPUser() && !user.IsSAMLUser() && user.IsGuest() && !CheckUserDomain(user, *us.config().GuestAccountsSettings.RestrictCreationToDomains) {
    39  		return nil, AcceptedDomainError
    40  	}
    41  
    42  	// Below is a special case where the first user in the entire
    43  	// system is granted the system_admin role
    44  	count, err := us.store.Count(model.UserCountOptions{IncludeDeleted: true})
    45  	if err != nil {
    46  		return nil, UserCountError
    47  	}
    48  	if count <= 0 {
    49  		user.Roles = model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID
    50  	}
    51  
    52  	if _, ok := i18n.GetSupportedLocales()[user.Locale]; !ok {
    53  		user.Locale = *us.config().LocalizationSettings.DefaultClientLocale
    54  	}
    55  
    56  	return us.createUser(user)
    57  }
    58  
    59  func (us *UserService) createUser(user *model.User) (*model.User, error) {
    60  	user.MakeNonNil()
    61  
    62  	if err := us.isPasswordValid(user.Password); user.AuthService == "" && err != nil {
    63  		return nil, err
    64  	}
    65  
    66  	ruser, err := us.store.Save(user)
    67  	if err != nil {
    68  		return nil, err
    69  	}
    70  
    71  	if user.EmailVerified {
    72  		if err := us.verifyUserEmail(ruser.Id, user.Email); err != nil {
    73  			mlog.Warn("Failed to set email verified", mlog.Err(err))
    74  		}
    75  	}
    76  
    77  	// Determine whether to send the created user a welcome email
    78  	ruser.DisableWelcomeEmail = user.DisableWelcomeEmail
    79  	ruser.Sanitize(map[string]bool{})
    80  
    81  	return ruser, nil
    82  }
    83  
    84  func (us *UserService) verifyUserEmail(userID, email string) error {
    85  	if _, err := us.store.VerifyEmail(userID, email); err != nil {
    86  		return VerifyUserError
    87  	}
    88  
    89  	return nil
    90  }
    91  
    92  func (us *UserService) GetUser(userID string) (*model.User, error) {
    93  	return us.store.Get(context.Background(), userID)
    94  }
    95  
    96  func (us *UserService) GetUserByUsername(username string) (*model.User, error) {
    97  	return us.store.GetByUsername(username)
    98  }
    99  
   100  func (us *UserService) GetUserByEmail(email string) (*model.User, error) {
   101  	return us.store.GetByEmail(email)
   102  }
   103  
   104  func (us *UserService) GetUserByAuth(authData *string, authService string) (*model.User, error) {
   105  	return us.store.GetByAuth(authData, authService)
   106  }
   107  
   108  func (us *UserService) GetUsers(options *model.UserGetOptions) ([]*model.User, error) {
   109  	return us.store.GetAllProfiles(options)
   110  }
   111  
   112  func (us *UserService) GetUsersByUsernames(usernames []string, options *model.UserGetOptions) ([]*model.User, error) {
   113  	return us.store.GetProfilesByUsernames(usernames, options.ViewRestrictions)
   114  }
   115  
   116  func (us *UserService) GetUsersPage(options *model.UserGetOptions, asAdmin bool) ([]*model.User, error) {
   117  	users, err := us.GetUsers(options)
   118  	if err != nil {
   119  		return nil, err
   120  	}
   121  
   122  	return us.sanitizeProfiles(users, asAdmin), nil
   123  }
   124  
   125  func (us *UserService) GetUsersEtag(restrictionsHash string) string {
   126  	return fmt.Sprintf("%v.%v.%v.%v", us.store.GetEtagForAllProfiles(), us.config().PrivacySettings.ShowFullName, us.config().PrivacySettings.ShowEmailAddress, restrictionsHash)
   127  }
   128  
   129  func (us *UserService) GetUsersByIds(userIDs []string, options *store.UserGetByIdsOpts) ([]*model.User, error) {
   130  	allowFromCache := options.ViewRestrictions == nil
   131  
   132  	users, err := us.store.GetProfileByIds(context.Background(), userIDs, options, allowFromCache)
   133  	if err != nil {
   134  		return nil, err
   135  	}
   136  
   137  	return us.sanitizeProfiles(users, options.IsAdmin), nil
   138  }
   139  
   140  func (us *UserService) GetUsersInTeam(options *model.UserGetOptions) ([]*model.User, error) {
   141  	return us.store.GetProfiles(options)
   142  }
   143  
   144  func (us *UserService) GetUsersNotInTeam(teamID string, groupConstrained bool, offset int, limit int, viewRestrictions *model.ViewUsersRestrictions) ([]*model.User, error) {
   145  	return us.store.GetProfilesNotInTeam(teamID, groupConstrained, offset, limit, viewRestrictions)
   146  }
   147  
   148  func (us *UserService) GetUsersInTeamPage(options *model.UserGetOptions, asAdmin bool) ([]*model.User, error) {
   149  	users, err := us.GetUsersInTeam(options)
   150  	if err != nil {
   151  		return nil, err
   152  	}
   153  
   154  	return us.sanitizeProfiles(users, asAdmin), nil
   155  }
   156  
   157  func (us *UserService) GetUsersNotInTeamPage(teamID string, groupConstrained bool, page int, perPage int, asAdmin bool, viewRestrictions *model.ViewUsersRestrictions) ([]*model.User, error) {
   158  	users, err := us.GetUsersNotInTeam(teamID, groupConstrained, page*perPage, perPage, viewRestrictions)
   159  	if err != nil {
   160  		return nil, err
   161  	}
   162  
   163  	return us.sanitizeProfiles(users, asAdmin), nil
   164  }
   165  
   166  func (us *UserService) GetUsersInTeamEtag(teamID string, restrictionsHash string) string {
   167  	return fmt.Sprintf("%v.%v.%v.%v", us.store.GetEtagForProfiles(teamID), us.config().PrivacySettings.ShowFullName, us.config().PrivacySettings.ShowEmailAddress, restrictionsHash)
   168  }
   169  
   170  func (us *UserService) GetUsersNotInTeamEtag(teamID string, restrictionsHash string) string {
   171  	return fmt.Sprintf("%v.%v.%v.%v", us.store.GetEtagForProfilesNotInTeam(teamID), us.config().PrivacySettings.ShowFullName, us.config().PrivacySettings.ShowEmailAddress, restrictionsHash)
   172  }
   173  
   174  func (us *UserService) GetUsersWithoutTeamPage(options *model.UserGetOptions, asAdmin bool) ([]*model.User, error) {
   175  	users, err := us.GetUsersWithoutTeam(options)
   176  	if err != nil {
   177  		return nil, err
   178  	}
   179  
   180  	return us.sanitizeProfiles(users, asAdmin), nil
   181  }
   182  
   183  func (us *UserService) GetUsersWithoutTeam(options *model.UserGetOptions) ([]*model.User, error) {
   184  	users, err := us.store.GetProfilesWithoutTeam(options)
   185  	if err != nil {
   186  		return nil, err
   187  	}
   188  
   189  	return users, nil
   190  }
   191  
   192  func (us *UserService) UpdateUser(user *model.User, allowRoleUpdate bool) (*model.UserUpdate, error) {
   193  	return us.store.Update(user, allowRoleUpdate)
   194  }
   195  
   196  func (us *UserService) DeactivateAllGuests() ([]string, error) {
   197  	users, err := us.store.DeactivateGuests()
   198  	if err != nil {
   199  		return nil, err
   200  	}
   201  
   202  	for _, userID := range users {
   203  		if err := us.RevokeAllSessions(userID); err != nil {
   204  			return nil, err
   205  		}
   206  	}
   207  
   208  	return users, nil
   209  }
   210  
   211  func (us *UserService) InvalidateCacheForUser(userID string) {
   212  	us.store.InvalidateProfilesInChannelCacheByUser(userID)
   213  	us.store.InvalidateProfileCacheForUser(userID)
   214  
   215  	if us.cluster != nil {
   216  		msg := &model.ClusterMessage{
   217  			Event:    model.CLUSTER_EVENT_INVALIDATE_CACHE_FOR_USER,
   218  			SendType: model.CLUSTER_SEND_BEST_EFFORT,
   219  			Data:     userID,
   220  		}
   221  		us.cluster.SendClusterMessage(msg)
   222  	}
   223  }
   224  
   225  func (us *UserService) GenerateMfaSecret(user *model.User) (*model.MfaSecret, error) {
   226  	secret, img, err := mfa.New(us.store).GenerateSecret(*us.config().ServiceSettings.SiteURL, user.Email, user.Id)
   227  	if err != nil {
   228  		return nil, err
   229  	}
   230  
   231  	// Make sure the old secret is not cached on any cluster nodes.
   232  	us.InvalidateCacheForUser(user.Id)
   233  
   234  	mfaSecret := &model.MfaSecret{Secret: secret, QRCode: base64.StdEncoding.EncodeToString(img)}
   235  	return mfaSecret, nil
   236  }
   237  
   238  func (us *UserService) ActivateMfa(user *model.User, token string) error {
   239  	return mfa.New(us.store).Activate(user.MfaSecret, user.Id, token)
   240  }
   241  
   242  func (us *UserService) DeactivateMfa(user *model.User) error {
   243  	return mfa.New(us.store).Deactivate(user.Id)
   244  }