github.com/psyb0t/mattermost-server@v4.6.1-0.20180125161845-5503a1351abf+incompatible/app/user.go (about) 1 // Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "bytes" 8 b64 "encoding/base64" 9 "fmt" 10 "hash/fnv" 11 "image" 12 "image/color" 13 "image/draw" 14 _ "image/gif" 15 _ "image/jpeg" 16 "image/png" 17 "io" 18 "io/ioutil" 19 "mime/multipart" 20 "net/http" 21 "strconv" 22 "strings" 23 24 l4g "github.com/alecthomas/log4go" 25 "github.com/disintegration/imaging" 26 "github.com/golang/freetype" 27 "github.com/mattermost/mattermost-server/einterfaces" 28 "github.com/mattermost/mattermost-server/model" 29 "github.com/mattermost/mattermost-server/store" 30 "github.com/mattermost/mattermost-server/utils" 31 ) 32 33 const ( 34 TOKEN_TYPE_PASSWORD_RECOVERY = "password_recovery" 35 TOKEN_TYPE_VERIFY_EMAIL = "verify_email" 36 PASSWORD_RECOVER_EXPIRY_TIME = 1000 * 60 * 60 // 1 hour 37 VERIFY_EMAIL_EXPIRY_TIME = 1000 * 60 * 60 // 1 hour 38 IMAGE_PROFILE_PIXEL_DIMENSION = 128 39 ) 40 41 func (a *App) CreateUserWithHash(user *model.User, hash string, data string) (*model.User, *model.AppError) { 42 if err := a.IsUserSignUpAllowed(); err != nil { 43 return nil, err 44 } 45 46 props := model.MapFromJson(strings.NewReader(data)) 47 48 if hash != utils.HashSha256(fmt.Sprintf("%v:%v", data, a.Config().EmailSettings.InviteSalt)) { 49 return nil, model.NewAppError("CreateUserWithHash", "api.user.create_user.signup_link_invalid.app_error", nil, "", http.StatusInternalServerError) 50 } 51 52 if t, err := strconv.ParseInt(props["time"], 10, 64); err != nil || model.GetMillis()-t > 1000*60*60*48 { // 48 hours 53 return nil, model.NewAppError("CreateUserWithHash", "api.user.create_user.signup_link_expired.app_error", nil, "", http.StatusInternalServerError) 54 } 55 56 teamId := props["id"] 57 58 var team *model.Team 59 if result := <-a.Srv.Store.Team().Get(teamId); result.Err != nil { 60 return nil, result.Err 61 } else { 62 team = result.Data.(*model.Team) 63 } 64 65 user.Email = props["email"] 66 user.EmailVerified = true 67 68 var ruser *model.User 69 var err *model.AppError 70 if ruser, err = a.CreateUser(user); err != nil { 71 return nil, err 72 } 73 74 if err := a.JoinUserToTeam(team, ruser, ""); err != nil { 75 return nil, err 76 } 77 78 a.AddDirectChannels(team.Id, ruser) 79 80 return ruser, nil 81 } 82 83 func (a *App) CreateUserWithInviteId(user *model.User, inviteId string) (*model.User, *model.AppError) { 84 if err := a.IsUserSignUpAllowed(); err != nil { 85 return nil, err 86 } 87 88 var team *model.Team 89 if result := <-a.Srv.Store.Team().GetByInviteId(inviteId); result.Err != nil { 90 return nil, result.Err 91 } else { 92 team = result.Data.(*model.Team) 93 } 94 95 user.EmailVerified = false 96 97 var ruser *model.User 98 var err *model.AppError 99 if ruser, err = a.CreateUser(user); err != nil { 100 return nil, err 101 } 102 103 if err := a.JoinUserToTeam(team, ruser, ""); err != nil { 104 return nil, err 105 } 106 107 a.AddDirectChannels(team.Id, ruser) 108 109 if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, utils.GetSiteURL()); err != nil { 110 l4g.Error(err.Error()) 111 } 112 113 return ruser, nil 114 } 115 116 func (a *App) CreateUserAsAdmin(user *model.User) (*model.User, *model.AppError) { 117 ruser, err := a.CreateUser(user) 118 if err != nil { 119 return nil, err 120 } 121 122 if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, utils.GetSiteURL()); err != nil { 123 l4g.Error(err.Error()) 124 } 125 126 return ruser, nil 127 } 128 129 func (a *App) CreateUserFromSignup(user *model.User) (*model.User, *model.AppError) { 130 if err := a.IsUserSignUpAllowed(); err != nil { 131 return nil, err 132 } 133 134 if !a.IsFirstUserAccount() && !*a.Config().TeamSettings.EnableOpenServer { 135 err := model.NewAppError("CreateUserFromSignup", "api.user.create_user.no_open_server", nil, "email="+user.Email, http.StatusForbidden) 136 return nil, err 137 } 138 139 user.EmailVerified = false 140 141 ruser, err := a.CreateUser(user) 142 if err != nil { 143 return nil, err 144 } 145 146 if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, utils.GetSiteURL()); err != nil { 147 l4g.Error(err.Error()) 148 } 149 150 return ruser, nil 151 } 152 153 func (a *App) IsUserSignUpAllowed() *model.AppError { 154 if !a.Config().EmailSettings.EnableSignUpWithEmail || !a.Config().TeamSettings.EnableUserCreation { 155 err := model.NewAppError("IsUserSignUpAllowed", "api.user.create_user.signup_email_disabled.app_error", nil, "", http.StatusNotImplemented) 156 return err 157 } 158 return nil 159 } 160 161 func (a *App) IsFirstUserAccount() bool { 162 if a.SessionCacheLength() == 0 { 163 if cr := <-a.Srv.Store.User().GetTotalUsersCount(); cr.Err != nil { 164 l4g.Error(cr.Err) 165 return false 166 } else { 167 count := cr.Data.(int64) 168 if count <= 0 { 169 return true 170 } 171 } 172 } 173 174 return false 175 } 176 177 func (a *App) CreateUser(user *model.User) (*model.User, *model.AppError) { 178 if !user.IsLDAPUser() && !user.IsSAMLUser() && !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) { 179 return nil, model.NewAppError("CreateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest) 180 } 181 182 user.Roles = model.SYSTEM_USER_ROLE_ID 183 184 // Below is a special case where the first user in the entire 185 // system is granted the system_admin role 186 if result := <-a.Srv.Store.User().GetTotalUsersCount(); result.Err != nil { 187 return nil, result.Err 188 } else { 189 count := result.Data.(int64) 190 if count <= 0 { 191 user.Roles = model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID 192 } 193 } 194 195 if _, ok := utils.GetSupportedLocales()[user.Locale]; !ok { 196 user.Locale = *a.Config().LocalizationSettings.DefaultClientLocale 197 } 198 199 if ruser, err := a.createUser(user); err != nil { 200 return nil, err 201 } else { 202 // This message goes to everyone, so the teamId, channelId and userId are irrelevant 203 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_NEW_USER, "", "", "", nil) 204 message.Add("user_id", ruser.Id) 205 a.Go(func() { 206 a.Publish(message) 207 }) 208 209 return ruser, nil 210 } 211 } 212 213 func (a *App) createUser(user *model.User) (*model.User, *model.AppError) { 214 user.MakeNonNil() 215 216 if err := a.IsPasswordValid(user.Password); user.AuthService == "" && err != nil { 217 return nil, err 218 } 219 220 if result := <-a.Srv.Store.User().Save(user); result.Err != nil { 221 l4g.Error(utils.T("api.user.create_user.save.error"), result.Err) 222 return nil, result.Err 223 } else { 224 ruser := result.Data.(*model.User) 225 226 if user.EmailVerified { 227 if err := a.VerifyUserEmail(ruser.Id); err != nil { 228 l4g.Error(utils.T("api.user.create_user.verified.error"), err) 229 } 230 } 231 232 pref := model.Preference{UserId: ruser.Id, Category: model.PREFERENCE_CATEGORY_TUTORIAL_STEPS, Name: ruser.Id, Value: "0"} 233 if presult := <-a.Srv.Store.Preference().Save(&model.Preferences{pref}); presult.Err != nil { 234 l4g.Error(utils.T("api.user.create_user.tutorial.error"), presult.Err.Message) 235 } 236 237 ruser.Sanitize(map[string]bool{}) 238 239 return ruser, nil 240 } 241 } 242 243 func (a *App) CreateOAuthUser(service string, userData io.Reader, teamId string) (*model.User, *model.AppError) { 244 if !a.Config().TeamSettings.EnableUserCreation { 245 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_user.disabled.app_error", nil, "", http.StatusNotImplemented) 246 } 247 248 var user *model.User 249 provider := einterfaces.GetOauthProvider(service) 250 if provider == nil { 251 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.not_available.app_error", map[string]interface{}{"Service": strings.Title(service)}, "", http.StatusNotImplemented) 252 } else { 253 user = provider.GetUserFromJson(userData) 254 } 255 256 if user == nil { 257 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.create.app_error", map[string]interface{}{"Service": service}, "", http.StatusInternalServerError) 258 } 259 260 suchan := a.Srv.Store.User().GetByAuth(user.AuthData, service) 261 euchan := a.Srv.Store.User().GetByEmail(user.Email) 262 263 found := true 264 count := 0 265 for found { 266 if found = a.IsUsernameTaken(user.Username); found { 267 user.Username = user.Username + strconv.Itoa(count) 268 count += 1 269 } 270 } 271 272 if result := <-suchan; result.Err == nil { 273 return result.Data.(*model.User), nil 274 } 275 276 if result := <-euchan; result.Err == nil { 277 authService := result.Data.(*model.User).AuthService 278 if authService == "" { 279 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.already_attached.app_error", map[string]interface{}{"Service": service, "Auth": model.USER_AUTH_SERVICE_EMAIL}, "email="+user.Email, http.StatusBadRequest) 280 } else { 281 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.already_attached.app_error", map[string]interface{}{"Service": service, "Auth": authService}, "email="+user.Email, http.StatusBadRequest) 282 } 283 } 284 285 user.EmailVerified = true 286 287 ruser, err := a.CreateUser(user) 288 if err != nil { 289 return nil, err 290 } 291 292 if len(teamId) > 0 { 293 err = a.AddUserToTeamByTeamId(teamId, user) 294 if err != nil { 295 return nil, err 296 } 297 298 err = a.AddDirectChannels(teamId, user) 299 if err != nil { 300 l4g.Error(err.Error()) 301 } 302 } 303 304 return ruser, nil 305 } 306 307 // Check that a user's email domain matches a list of space-delimited domains as a string. 308 func CheckUserDomain(user *model.User, domains string) bool { 309 if len(domains) == 0 { 310 return true 311 } 312 313 domainArray := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(domains, "@", " ", -1), ",", " ", -1)))) 314 315 for _, d := range domainArray { 316 if strings.HasSuffix(strings.ToLower(user.Email), "@"+d) { 317 return true 318 } 319 } 320 321 return false 322 } 323 324 // Check if the username is already used by another user. Return false if the username is invalid. 325 func (a *App) IsUsernameTaken(name string) bool { 326 327 if !model.IsValidUsername(name) { 328 return false 329 } 330 331 if result := <-a.Srv.Store.User().GetByUsername(name); result.Err != nil { 332 return false 333 } 334 335 return true 336 } 337 338 func (a *App) GetUser(userId string) (*model.User, *model.AppError) { 339 if result := <-a.Srv.Store.User().Get(userId); result.Err != nil { 340 return nil, result.Err 341 } else { 342 return result.Data.(*model.User), nil 343 } 344 } 345 346 func (a *App) GetUserByUsername(username string) (*model.User, *model.AppError) { 347 if result := <-a.Srv.Store.User().GetByUsername(username); result.Err != nil && result.Err.Id == "store.sql_user.get_by_username.app_error" { 348 result.Err.StatusCode = http.StatusNotFound 349 return nil, result.Err 350 } else { 351 return result.Data.(*model.User), nil 352 } 353 } 354 355 func (a *App) GetUserByEmail(email string) (*model.User, *model.AppError) { 356 357 if result := <-a.Srv.Store.User().GetByEmail(email); result.Err != nil && result.Err.Id == "store.sql_user.missing_account.const" { 358 result.Err.StatusCode = http.StatusNotFound 359 return nil, result.Err 360 } else if result.Err != nil { 361 result.Err.StatusCode = http.StatusBadRequest 362 return nil, result.Err 363 } else { 364 return result.Data.(*model.User), nil 365 } 366 } 367 368 func (a *App) GetUserByAuth(authData *string, authService string) (*model.User, *model.AppError) { 369 if result := <-a.Srv.Store.User().GetByAuth(authData, authService); result.Err != nil { 370 return nil, result.Err 371 } else { 372 return result.Data.(*model.User), nil 373 } 374 } 375 376 func (a *App) GetUserForLogin(loginId string, onlyLdap bool) (*model.User, *model.AppError) { 377 ldapAvailable := *a.Config().LdapSettings.Enable && a.Ldap != nil && utils.IsLicensed() && *utils.License().Features.LDAP 378 379 if result := <-a.Srv.Store.User().GetForLogin( 380 loginId, 381 *a.Config().EmailSettings.EnableSignInWithUsername && !onlyLdap, 382 *a.Config().EmailSettings.EnableSignInWithEmail && !onlyLdap, 383 ldapAvailable, 384 ); result.Err != nil && result.Err.Id == "store.sql_user.get_for_login.multiple_users" { 385 // don't fall back to LDAP in this case since we already know there's an LDAP user, but that it shouldn't work 386 result.Err.StatusCode = http.StatusBadRequest 387 return nil, result.Err 388 } else if result.Err != nil { 389 if !ldapAvailable { 390 // failed to find user and no LDAP server to fall back on 391 result.Err.StatusCode = http.StatusBadRequest 392 return nil, result.Err 393 } 394 395 // fall back to LDAP server to see if we can find a user 396 if ldapUser, ldapErr := a.Ldap.GetUser(loginId); ldapErr != nil { 397 ldapErr.StatusCode = http.StatusBadRequest 398 return nil, ldapErr 399 } else { 400 return ldapUser, nil 401 } 402 } else { 403 return result.Data.(*model.User), nil 404 } 405 } 406 407 func (a *App) GetUsers(offset int, limit int) ([]*model.User, *model.AppError) { 408 if result := <-a.Srv.Store.User().GetAllProfiles(offset, limit); result.Err != nil { 409 return nil, result.Err 410 } else { 411 return result.Data.([]*model.User), nil 412 } 413 } 414 415 func (a *App) GetUsersMap(offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 416 users, err := a.GetUsers(offset, limit) 417 if err != nil { 418 return nil, err 419 } 420 421 userMap := make(map[string]*model.User, len(users)) 422 423 for _, user := range users { 424 a.SanitizeProfile(user, asAdmin) 425 userMap[user.Id] = user 426 } 427 428 return userMap, nil 429 } 430 431 func (a *App) GetUsersPage(page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 432 users, err := a.GetUsers(page*perPage, perPage) 433 if err != nil { 434 return nil, err 435 } 436 437 return a.sanitizeProfiles(users, asAdmin), nil 438 } 439 440 func (a *App) GetUsersEtag() string { 441 return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForAllProfiles()).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress) 442 } 443 444 func (a *App) GetUsersInTeam(teamId string, offset int, limit int) ([]*model.User, *model.AppError) { 445 if result := <-a.Srv.Store.User().GetProfiles(teamId, offset, limit); result.Err != nil { 446 return nil, result.Err 447 } else { 448 return result.Data.([]*model.User), nil 449 } 450 } 451 452 func (a *App) GetUsersNotInTeam(teamId string, offset int, limit int) ([]*model.User, *model.AppError) { 453 if result := <-a.Srv.Store.User().GetProfilesNotInTeam(teamId, offset, limit); result.Err != nil { 454 return nil, result.Err 455 } else { 456 return result.Data.([]*model.User), nil 457 } 458 } 459 460 func (a *App) GetUsersInTeamMap(teamId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 461 users, err := a.GetUsersInTeam(teamId, offset, limit) 462 if err != nil { 463 return nil, err 464 } 465 466 userMap := make(map[string]*model.User, len(users)) 467 468 for _, user := range users { 469 a.SanitizeProfile(user, asAdmin) 470 userMap[user.Id] = user 471 } 472 473 return userMap, nil 474 } 475 476 func (a *App) GetUsersInTeamPage(teamId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 477 users, err := a.GetUsersInTeam(teamId, page*perPage, perPage) 478 if err != nil { 479 return nil, err 480 } 481 482 return a.sanitizeProfiles(users, asAdmin), nil 483 } 484 485 func (a *App) GetUsersNotInTeamPage(teamId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 486 users, err := a.GetUsersNotInTeam(teamId, page*perPage, perPage) 487 if err != nil { 488 return nil, err 489 } 490 491 return a.sanitizeProfiles(users, asAdmin), nil 492 } 493 494 func (a *App) GetUsersInTeamEtag(teamId string) string { 495 return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForProfiles(teamId)).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress) 496 } 497 498 func (a *App) GetUsersNotInTeamEtag(teamId string) string { 499 return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForProfilesNotInTeam(teamId)).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress) 500 } 501 502 func (a *App) GetUsersInChannel(channelId string, offset int, limit int) ([]*model.User, *model.AppError) { 503 if result := <-a.Srv.Store.User().GetProfilesInChannel(channelId, offset, limit); result.Err != nil { 504 return nil, result.Err 505 } else { 506 return result.Data.([]*model.User), nil 507 } 508 } 509 510 func (a *App) GetUsersInChannelMap(channelId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 511 users, err := a.GetUsersInChannel(channelId, offset, limit) 512 if err != nil { 513 return nil, err 514 } 515 516 userMap := make(map[string]*model.User, len(users)) 517 518 for _, user := range users { 519 a.SanitizeProfile(user, asAdmin) 520 userMap[user.Id] = user 521 } 522 523 return userMap, nil 524 } 525 526 func (a *App) GetUsersInChannelPage(channelId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 527 users, err := a.GetUsersInChannel(channelId, page*perPage, perPage) 528 if err != nil { 529 return nil, err 530 } 531 532 return a.sanitizeProfiles(users, asAdmin), nil 533 } 534 535 func (a *App) GetUsersNotInChannel(teamId string, channelId string, offset int, limit int) ([]*model.User, *model.AppError) { 536 if result := <-a.Srv.Store.User().GetProfilesNotInChannel(teamId, channelId, offset, limit); result.Err != nil { 537 return nil, result.Err 538 } else { 539 return result.Data.([]*model.User), nil 540 } 541 } 542 543 func (a *App) GetUsersNotInChannelMap(teamId string, channelId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 544 users, err := a.GetUsersNotInChannel(teamId, channelId, offset, limit) 545 if err != nil { 546 return nil, err 547 } 548 549 userMap := make(map[string]*model.User, len(users)) 550 551 for _, user := range users { 552 a.SanitizeProfile(user, asAdmin) 553 userMap[user.Id] = user 554 } 555 556 return userMap, nil 557 } 558 559 func (a *App) GetUsersNotInChannelPage(teamId string, channelId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 560 users, err := a.GetUsersNotInChannel(teamId, channelId, page*perPage, perPage) 561 if err != nil { 562 return nil, err 563 } 564 565 return a.sanitizeProfiles(users, asAdmin), nil 566 } 567 568 func (a *App) GetUsersWithoutTeamPage(page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 569 users, err := a.GetUsersWithoutTeam(page*perPage, perPage) 570 if err != nil { 571 return nil, err 572 } 573 574 return a.sanitizeProfiles(users, asAdmin), nil 575 } 576 577 func (a *App) GetUsersWithoutTeam(offset int, limit int) ([]*model.User, *model.AppError) { 578 if result := <-a.Srv.Store.User().GetProfilesWithoutTeam(offset, limit); result.Err != nil { 579 return nil, result.Err 580 } else { 581 return result.Data.([]*model.User), nil 582 } 583 } 584 585 func (a *App) GetUsersByIds(userIds []string, asAdmin bool) ([]*model.User, *model.AppError) { 586 if result := <-a.Srv.Store.User().GetProfileByIds(userIds, true); result.Err != nil { 587 return nil, result.Err 588 } else { 589 users := result.Data.([]*model.User) 590 return a.sanitizeProfiles(users, asAdmin), nil 591 } 592 } 593 594 func (a *App) GetUsersByUsernames(usernames []string, asAdmin bool) ([]*model.User, *model.AppError) { 595 if result := <-a.Srv.Store.User().GetProfilesByUsernames(usernames, ""); result.Err != nil { 596 return nil, result.Err 597 } else { 598 users := result.Data.([]*model.User) 599 return a.sanitizeProfiles(users, asAdmin), nil 600 } 601 } 602 603 func (a *App) sanitizeProfiles(users []*model.User, asAdmin bool) []*model.User { 604 for _, u := range users { 605 a.SanitizeProfile(u, asAdmin) 606 } 607 608 return users 609 } 610 611 func (a *App) GenerateMfaSecret(userId string) (*model.MfaSecret, *model.AppError) { 612 if a.Mfa == nil { 613 return nil, model.NewAppError("generateMfaSecret", "api.user.generate_mfa_qr.not_available.app_error", nil, "", http.StatusNotImplemented) 614 } 615 616 var user *model.User 617 var err *model.AppError 618 if user, err = a.GetUser(userId); err != nil { 619 return nil, err 620 } 621 622 secret, img, err := a.Mfa.GenerateSecret(user) 623 if err != nil { 624 return nil, err 625 } 626 627 mfaSecret := &model.MfaSecret{Secret: secret, QRCode: b64.StdEncoding.EncodeToString(img)} 628 return mfaSecret, nil 629 } 630 631 func (a *App) ActivateMfa(userId, token string) *model.AppError { 632 if a.Mfa == nil { 633 err := model.NewAppError("ActivateMfa", "api.user.update_mfa.not_available.app_error", nil, "", http.StatusNotImplemented) 634 return err 635 } 636 637 var user *model.User 638 if result := <-a.Srv.Store.User().Get(userId); result.Err != nil { 639 return result.Err 640 } else { 641 user = result.Data.(*model.User) 642 } 643 644 if len(user.AuthService) > 0 && user.AuthService != model.USER_AUTH_SERVICE_LDAP { 645 return model.NewAppError("ActivateMfa", "api.user.activate_mfa.email_and_ldap_only.app_error", nil, "", http.StatusBadRequest) 646 } 647 648 if err := a.Mfa.Activate(user, token); err != nil { 649 return err 650 } 651 652 return nil 653 } 654 655 func (a *App) DeactivateMfa(userId string) *model.AppError { 656 if a.Mfa == nil { 657 err := model.NewAppError("DeactivateMfa", "api.user.update_mfa.not_available.app_error", nil, "", http.StatusNotImplemented) 658 return err 659 } 660 661 if err := a.Mfa.Deactivate(userId); err != nil { 662 return err 663 } 664 665 return nil 666 } 667 668 func CreateProfileImage(username string, userId string, initialFont string) ([]byte, *model.AppError) { 669 colors := []color.NRGBA{ 670 {197, 8, 126, 255}, 671 {227, 207, 18, 255}, 672 {28, 181, 105, 255}, 673 {35, 188, 224, 255}, 674 {116, 49, 196, 255}, 675 {197, 8, 126, 255}, 676 {197, 19, 19, 255}, 677 {250, 134, 6, 255}, 678 {227, 207, 18, 255}, 679 {123, 201, 71, 255}, 680 {28, 181, 105, 255}, 681 {35, 188, 224, 255}, 682 {116, 49, 196, 255}, 683 {197, 8, 126, 255}, 684 {197, 19, 19, 255}, 685 {250, 134, 6, 255}, 686 {227, 207, 18, 255}, 687 {123, 201, 71, 255}, 688 {28, 181, 105, 255}, 689 {35, 188, 224, 255}, 690 {116, 49, 196, 255}, 691 {197, 8, 126, 255}, 692 {197, 19, 19, 255}, 693 {250, 134, 6, 255}, 694 {227, 207, 18, 255}, 695 {123, 201, 71, 255}, 696 } 697 698 h := fnv.New32a() 699 h.Write([]byte(userId)) 700 seed := h.Sum32() 701 702 initial := string(strings.ToUpper(username)[0]) 703 704 fontDir, _ := utils.FindDir("fonts") 705 fontBytes, err := ioutil.ReadFile(fontDir + initialFont) 706 if err != nil { 707 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.default_font.app_error", nil, err.Error(), http.StatusInternalServerError) 708 } 709 font, err := freetype.ParseFont(fontBytes) 710 if err != nil { 711 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.default_font.app_error", nil, err.Error(), http.StatusInternalServerError) 712 } 713 714 color := colors[int64(seed)%int64(len(colors))] 715 dstImg := image.NewRGBA(image.Rect(0, 0, IMAGE_PROFILE_PIXEL_DIMENSION, IMAGE_PROFILE_PIXEL_DIMENSION)) 716 srcImg := image.White 717 draw.Draw(dstImg, dstImg.Bounds(), &image.Uniform{color}, image.ZP, draw.Src) 718 size := float64(IMAGE_PROFILE_PIXEL_DIMENSION / 2) 719 720 c := freetype.NewContext() 721 c.SetFont(font) 722 c.SetFontSize(size) 723 c.SetClip(dstImg.Bounds()) 724 c.SetDst(dstImg) 725 c.SetSrc(srcImg) 726 727 pt := freetype.Pt(IMAGE_PROFILE_PIXEL_DIMENSION/6, IMAGE_PROFILE_PIXEL_DIMENSION*2/3) 728 _, err = c.DrawString(initial, pt) 729 if err != nil { 730 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.initial.app_error", nil, err.Error(), http.StatusInternalServerError) 731 } 732 733 buf := new(bytes.Buffer) 734 735 if imgErr := png.Encode(buf, dstImg); imgErr != nil { 736 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.encode.app_error", nil, imgErr.Error(), http.StatusInternalServerError) 737 } else { 738 return buf.Bytes(), nil 739 } 740 } 741 742 func (a *App) GetProfileImage(user *model.User) ([]byte, bool, *model.AppError) { 743 var img []byte 744 readFailed := false 745 746 if len(*a.Config().FileSettings.DriverName) == 0 { 747 var err *model.AppError 748 if img, err = CreateProfileImage(user.Username, user.Id, a.Config().FileSettings.InitialFont); err != nil { 749 return nil, false, err 750 } 751 } else { 752 path := "users/" + user.Id + "/profile.png" 753 754 if data, err := a.ReadFile(path); err != nil { 755 readFailed = true 756 757 if img, err = CreateProfileImage(user.Username, user.Id, a.Config().FileSettings.InitialFont); err != nil { 758 return nil, false, err 759 } 760 761 if user.LastPictureUpdate == 0 { 762 if err := a.WriteFile(img, path); err != nil { 763 return nil, false, err 764 } 765 } 766 767 } else { 768 img = data 769 } 770 } 771 772 return img, readFailed, nil 773 } 774 775 func (a *App) SetProfileImage(userId string, imageData *multipart.FileHeader) *model.AppError { 776 file, err := imageData.Open() 777 if err != nil { 778 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.open.app_error", nil, err.Error(), http.StatusBadRequest) 779 } 780 defer file.Close() 781 return a.SetProfileImageFromFile(userId, file) 782 } 783 784 func (a *App) SetProfileImageFromFile(userId string, file multipart.File) *model.AppError { 785 // Decode image config first to check dimensions before loading the whole thing into memory later on 786 config, _, err := image.DecodeConfig(file) 787 if err != nil { 788 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.decode_config.app_error", nil, err.Error(), http.StatusBadRequest) 789 } else if config.Width*config.Height > model.MaxImageSize { 790 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.too_large.app_error", nil, err.Error(), http.StatusBadRequest) 791 } 792 793 file.Seek(0, 0) 794 795 // Decode image into Image object 796 img, _, err := image.Decode(file) 797 if err != nil { 798 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.decode.app_error", nil, err.Error(), http.StatusBadRequest) 799 } 800 801 file.Seek(0, 0) 802 803 orientation, _ := getImageOrientation(file) 804 img = makeImageUpright(img, orientation) 805 806 // Scale profile image 807 profileWidthAndHeight := 128 808 img = imaging.Fill(img, profileWidthAndHeight, profileWidthAndHeight, imaging.Center, imaging.Lanczos) 809 810 buf := new(bytes.Buffer) 811 err = png.Encode(buf, img) 812 if err != nil { 813 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.encode.app_error", nil, err.Error(), http.StatusInternalServerError) 814 } 815 816 path := "users/" + userId + "/profile.png" 817 818 if err := a.WriteFile(buf.Bytes(), path); err != nil { 819 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.upload_profile.app_error", nil, "", http.StatusInternalServerError) 820 } 821 822 <-a.Srv.Store.User().UpdateLastPictureUpdate(userId) 823 824 a.InvalidateCacheForUser(userId) 825 826 if user, err := a.GetUser(userId); err != nil { 827 l4g.Error(utils.T("api.user.get_me.getting.error"), userId) 828 } else { 829 options := a.Config().GetSanitizeOptions() 830 user.SanitizeProfile(options) 831 832 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil) 833 message.Add("user", user) 834 835 a.Publish(message) 836 } 837 838 return nil 839 } 840 841 func (a *App) UpdatePasswordAsUser(userId, currentPassword, newPassword string) *model.AppError { 842 var user *model.User 843 var err *model.AppError 844 845 if user, err = a.GetUser(userId); err != nil { 846 return err 847 } 848 849 if user == nil { 850 err = model.NewAppError("updatePassword", "api.user.update_password.valid_account.app_error", nil, "", http.StatusBadRequest) 851 return err 852 } 853 854 if user.AuthData != nil && *user.AuthData != "" { 855 err = model.NewAppError("updatePassword", "api.user.update_password.oauth.app_error", nil, "auth_service="+user.AuthService, http.StatusBadRequest) 856 return err 857 } 858 859 if err := a.doubleCheckPassword(user, currentPassword); err != nil { 860 if err.Id == "api.user.check_user_password.invalid.app_error" { 861 err = model.NewAppError("updatePassword", "api.user.update_password.incorrect.app_error", nil, "", http.StatusBadRequest) 862 } 863 return err 864 } 865 866 T := utils.GetUserTranslations(user.Locale) 867 868 return a.UpdatePasswordSendEmail(user, newPassword, T("api.user.update_password.menu")) 869 } 870 871 func (a *App) UpdateNonSSOUserActive(userId string, active bool) (*model.User, *model.AppError) { 872 var user *model.User 873 var err *model.AppError 874 if user, err = a.GetUser(userId); err != nil { 875 return nil, err 876 } 877 878 if user.IsSSOUser() { 879 err := model.NewAppError("UpdateActive", "api.user.update_active.no_deactivate_sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest) 880 err.StatusCode = http.StatusBadRequest 881 return nil, err 882 } 883 884 return a.UpdateActive(user, active) 885 } 886 887 func (a *App) UpdateActive(user *model.User, active bool) (*model.User, *model.AppError) { 888 if active { 889 user.DeleteAt = 0 890 } else { 891 user.DeleteAt = model.GetMillis() 892 } 893 894 if result := <-a.Srv.Store.User().Update(user, true); result.Err != nil { 895 return nil, result.Err 896 } else { 897 if user.DeleteAt > 0 { 898 if err := a.RevokeAllSessions(user.Id); err != nil { 899 return nil, err 900 } 901 } 902 903 if extra := <-a.Srv.Store.Channel().ExtraUpdateByUser(user.Id, model.GetMillis()); extra.Err != nil { 904 return nil, extra.Err 905 } 906 907 ruser := result.Data.([2]*model.User)[0] 908 options := a.Config().GetSanitizeOptions() 909 options["passwordupdate"] = false 910 ruser.Sanitize(options) 911 912 if !active { 913 a.SetStatusOffline(ruser.Id, false) 914 } 915 916 teamsForUser, err := a.GetTeamsForUser(user.Id) 917 if err != nil { 918 return nil, err 919 } 920 921 for _, team := range teamsForUser { 922 channelsForUser, err := a.GetChannelsForUser(team.Id, user.Id) 923 if err != nil { 924 return nil, err 925 } 926 927 for _, channel := range *channelsForUser { 928 a.InvalidateCacheForChannelMembers(channel.Id) 929 } 930 } 931 932 return ruser, nil 933 } 934 } 935 936 func (a *App) SanitizeProfile(user *model.User, asAdmin bool) { 937 options := a.Config().GetSanitizeOptions() 938 if asAdmin { 939 options["email"] = true 940 options["fullname"] = true 941 options["authservice"] = true 942 } 943 user.SanitizeProfile(options) 944 } 945 946 func (a *App) UpdateUserAsUser(user *model.User, asAdmin bool) (*model.User, *model.AppError) { 947 updatedUser, err := a.UpdateUser(user, true) 948 if err != nil { 949 return nil, err 950 } 951 952 a.sendUpdatedUserEvent(*updatedUser, asAdmin) 953 954 return updatedUser, nil 955 } 956 957 func (a *App) PatchUser(userId string, patch *model.UserPatch, asAdmin bool) (*model.User, *model.AppError) { 958 user, err := a.GetUser(userId) 959 if err != nil { 960 return nil, err 961 } 962 963 user.Patch(patch) 964 965 updatedUser, err := a.UpdateUser(user, true) 966 if err != nil { 967 return nil, err 968 } 969 970 a.sendUpdatedUserEvent(*updatedUser, asAdmin) 971 972 return updatedUser, nil 973 } 974 975 func (a *App) UpdateUserAuth(userId string, userAuth *model.UserAuth) (*model.UserAuth, *model.AppError) { 976 if userAuth.AuthData == nil || *userAuth.AuthData == "" || userAuth.AuthService == "" { 977 userAuth.AuthData = nil 978 userAuth.AuthService = "" 979 980 if err := a.IsPasswordValid(userAuth.Password); err != nil { 981 return nil, err 982 } 983 password := model.HashPassword(userAuth.Password) 984 985 if result := <-a.Srv.Store.User().UpdatePassword(userId, password); result.Err != nil { 986 return nil, result.Err 987 } 988 } else { 989 userAuth.Password = "" 990 991 if result := <-a.Srv.Store.User().UpdateAuthData(userId, userAuth.AuthService, userAuth.AuthData, "", false); result.Err != nil { 992 return nil, result.Err 993 } 994 } 995 996 return userAuth, nil 997 } 998 999 func (a *App) sendUpdatedUserEvent(user model.User, asAdmin bool) { 1000 a.SanitizeProfile(&user, asAdmin) 1001 1002 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil) 1003 message.Add("user", user) 1004 a.Go(func() { 1005 a.Publish(message) 1006 }) 1007 } 1008 1009 func (a *App) UpdateUser(user *model.User, sendNotifications bool) (*model.User, *model.AppError) { 1010 if !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) { 1011 result := <-a.Srv.Store.User().Get(user.Id) 1012 if result.Err != nil { 1013 return nil, result.Err 1014 } 1015 prev := result.Data.(*model.User) 1016 if !prev.IsLDAPUser() && !prev.IsSAMLUser() && user.Email != prev.Email { 1017 return nil, model.NewAppError("UpdateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest) 1018 } 1019 } 1020 1021 if result := <-a.Srv.Store.User().Update(user, false); result.Err != nil { 1022 return nil, result.Err 1023 } else { 1024 rusers := result.Data.([2]*model.User) 1025 1026 if sendNotifications { 1027 if rusers[0].Email != rusers[1].Email { 1028 a.Go(func() { 1029 if err := a.SendEmailChangeEmail(rusers[1].Email, rusers[0].Email, rusers[0].Locale, utils.GetSiteURL()); err != nil { 1030 l4g.Error(err.Error()) 1031 } 1032 }) 1033 1034 if a.Config().EmailSettings.RequireEmailVerification { 1035 if err := a.SendEmailVerification(rusers[0]); err != nil { 1036 l4g.Error(err.Error()) 1037 } 1038 } 1039 } 1040 1041 if rusers[0].Username != rusers[1].Username { 1042 a.Go(func() { 1043 if err := a.SendChangeUsernameEmail(rusers[1].Username, rusers[0].Username, rusers[0].Email, rusers[0].Locale, utils.GetSiteURL()); err != nil { 1044 l4g.Error(err.Error()) 1045 } 1046 }) 1047 } 1048 } 1049 1050 a.InvalidateCacheForUser(user.Id) 1051 1052 return rusers[0], nil 1053 } 1054 } 1055 1056 func (a *App) UpdateUserNotifyProps(userId string, props map[string]string) (*model.User, *model.AppError) { 1057 var user *model.User 1058 var err *model.AppError 1059 if user, err = a.GetUser(userId); err != nil { 1060 return nil, err 1061 } 1062 1063 user.NotifyProps = props 1064 1065 var ruser *model.User 1066 if ruser, err = a.UpdateUser(user, true); err != nil { 1067 return nil, err 1068 } 1069 1070 return ruser, nil 1071 } 1072 1073 func (a *App) UpdateMfa(activate bool, userId, token string) *model.AppError { 1074 if activate { 1075 if err := a.ActivateMfa(userId, token); err != nil { 1076 return err 1077 } 1078 } else { 1079 if err := a.DeactivateMfa(userId); err != nil { 1080 return err 1081 } 1082 } 1083 1084 a.Go(func() { 1085 var user *model.User 1086 var err *model.AppError 1087 1088 if user, err = a.GetUser(userId); err != nil { 1089 l4g.Error(err.Error()) 1090 return 1091 } 1092 1093 if err := a.SendMfaChangeEmail(user.Email, activate, user.Locale, utils.GetSiteURL()); err != nil { 1094 l4g.Error(err.Error()) 1095 } 1096 }) 1097 1098 return nil 1099 } 1100 1101 func (a *App) UpdatePasswordByUserIdSendEmail(userId, newPassword, method string) *model.AppError { 1102 var user *model.User 1103 var err *model.AppError 1104 if user, err = a.GetUser(userId); err != nil { 1105 return err 1106 } 1107 1108 return a.UpdatePasswordSendEmail(user, newPassword, method) 1109 } 1110 1111 func (a *App) UpdatePassword(user *model.User, newPassword string) *model.AppError { 1112 if err := a.IsPasswordValid(newPassword); err != nil { 1113 return err 1114 } 1115 1116 hashedPassword := model.HashPassword(newPassword) 1117 1118 if result := <-a.Srv.Store.User().UpdatePassword(user.Id, hashedPassword); result.Err != nil { 1119 return model.NewAppError("UpdatePassword", "api.user.update_password.failed.app_error", nil, result.Err.Error(), http.StatusInternalServerError) 1120 } 1121 1122 return nil 1123 } 1124 1125 func (a *App) UpdatePasswordSendEmail(user *model.User, newPassword, method string) *model.AppError { 1126 if err := a.UpdatePassword(user, newPassword); err != nil { 1127 return err 1128 } 1129 1130 a.Go(func() { 1131 if err := a.SendPasswordChangeEmail(user.Email, method, user.Locale, utils.GetSiteURL()); err != nil { 1132 l4g.Error(err.Error()) 1133 } 1134 }) 1135 1136 return nil 1137 } 1138 1139 func (a *App) ResetPasswordFromToken(userSuppliedTokenString, newPassword string) *model.AppError { 1140 var token *model.Token 1141 var err *model.AppError 1142 if token, err = a.GetPasswordRecoveryToken(userSuppliedTokenString); err != nil { 1143 return err 1144 } else { 1145 if model.GetMillis()-token.CreateAt >= PASSWORD_RECOVER_EXPIRY_TIME { 1146 return model.NewAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "", http.StatusBadRequest) 1147 } 1148 } 1149 1150 var user *model.User 1151 if user, err = a.GetUser(token.Extra); err != nil { 1152 return err 1153 } 1154 1155 if user.IsSSOUser() { 1156 return model.NewAppError("ResetPasswordFromCode", "api.user.reset_password.sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest) 1157 } 1158 1159 T := utils.GetUserTranslations(user.Locale) 1160 1161 if err := a.UpdatePasswordSendEmail(user, newPassword, T("api.user.reset_password.method")); err != nil { 1162 return err 1163 } 1164 1165 if err := a.DeleteToken(token); err != nil { 1166 l4g.Error(err.Error()) 1167 } 1168 1169 return nil 1170 } 1171 1172 func (a *App) SendPasswordReset(email string, siteURL string) (bool, *model.AppError) { 1173 var user *model.User 1174 var err *model.AppError 1175 if user, err = a.GetUserByEmail(email); err != nil { 1176 return false, nil 1177 } 1178 1179 if user.AuthData != nil && len(*user.AuthData) != 0 { 1180 return false, model.NewAppError("SendPasswordReset", "api.user.send_password_reset.sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest) 1181 } 1182 1183 var token *model.Token 1184 if token, err = a.CreatePasswordRecoveryToken(user.Id); err != nil { 1185 return false, err 1186 } 1187 1188 if _, err := a.SendPasswordResetEmail(user.Email, token, user.Locale, siteURL); err != nil { 1189 return false, model.NewAppError("SendPasswordReset", "api.user.send_password_reset.send.app_error", nil, "err="+err.Message, http.StatusInternalServerError) 1190 } 1191 1192 return true, nil 1193 } 1194 1195 func (a *App) CreatePasswordRecoveryToken(userId string) (*model.Token, *model.AppError) { 1196 token := model.NewToken(TOKEN_TYPE_PASSWORD_RECOVERY, userId) 1197 1198 if result := <-a.Srv.Store.Token().Save(token); result.Err != nil { 1199 return nil, result.Err 1200 } 1201 1202 return token, nil 1203 } 1204 1205 func (a *App) GetPasswordRecoveryToken(token string) (*model.Token, *model.AppError) { 1206 if result := <-a.Srv.Store.Token().GetByToken(token); result.Err != nil { 1207 return nil, model.NewAppError("GetPasswordRecoveryToken", "api.user.reset_password.invalid_link.app_error", nil, result.Err.Error(), http.StatusBadRequest) 1208 } else { 1209 token := result.Data.(*model.Token) 1210 if token.Type != TOKEN_TYPE_PASSWORD_RECOVERY { 1211 return nil, model.NewAppError("GetPasswordRecoveryToken", "api.user.reset_password.broken_token.app_error", nil, "", http.StatusBadRequest) 1212 } 1213 return token, nil 1214 } 1215 } 1216 1217 func (a *App) DeleteToken(token *model.Token) *model.AppError { 1218 if result := <-a.Srv.Store.Token().Delete(token.Token); result.Err != nil { 1219 return result.Err 1220 } 1221 1222 return nil 1223 } 1224 1225 func (a *App) UpdateUserRoles(userId string, newRoles string, sendWebSocketEvent bool) (*model.User, *model.AppError) { 1226 var user *model.User 1227 var err *model.AppError 1228 if user, err = a.GetUser(userId); err != nil { 1229 err.StatusCode = http.StatusBadRequest 1230 return nil, err 1231 } 1232 1233 user.Roles = newRoles 1234 uchan := a.Srv.Store.User().Update(user, true) 1235 schan := a.Srv.Store.Session().UpdateRoles(user.Id, newRoles) 1236 1237 var ruser *model.User 1238 if result := <-uchan; result.Err != nil { 1239 return nil, result.Err 1240 } else { 1241 ruser = result.Data.([2]*model.User)[0] 1242 } 1243 1244 if result := <-schan; result.Err != nil { 1245 // soft error since the user roles were still updated 1246 l4g.Error(result.Err) 1247 } 1248 1249 a.ClearSessionCacheForUser(user.Id) 1250 1251 if sendWebSocketEvent { 1252 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_ROLE_UPDATED, "", "", user.Id, nil) 1253 message.Add("user_id", user.Id) 1254 message.Add("roles", newRoles) 1255 a.Publish(message) 1256 } 1257 1258 return ruser, nil 1259 } 1260 1261 func (a *App) PermanentDeleteUser(user *model.User) *model.AppError { 1262 l4g.Warn(utils.T("api.user.permanent_delete_user.attempting.warn"), user.Email, user.Id) 1263 if user.IsInRole(model.SYSTEM_ADMIN_ROLE_ID) { 1264 l4g.Warn(utils.T("api.user.permanent_delete_user.system_admin.warn"), user.Email) 1265 } 1266 1267 if _, err := a.UpdateActive(user, false); err != nil { 1268 return err 1269 } 1270 1271 if result := <-a.Srv.Store.Session().PermanentDeleteSessionsByUser(user.Id); result.Err != nil { 1272 return result.Err 1273 } 1274 1275 if result := <-a.Srv.Store.UserAccessToken().DeleteAllForUser(user.Id); result.Err != nil { 1276 return result.Err 1277 } 1278 1279 if result := <-a.Srv.Store.OAuth().PermanentDeleteAuthDataByUser(user.Id); result.Err != nil { 1280 return result.Err 1281 } 1282 1283 if result := <-a.Srv.Store.Webhook().PermanentDeleteIncomingByUser(user.Id); result.Err != nil { 1284 return result.Err 1285 } 1286 1287 if result := <-a.Srv.Store.Webhook().PermanentDeleteOutgoingByUser(user.Id); result.Err != nil { 1288 return result.Err 1289 } 1290 1291 if result := <-a.Srv.Store.Command().PermanentDeleteByUser(user.Id); result.Err != nil { 1292 return result.Err 1293 } 1294 1295 if result := <-a.Srv.Store.Preference().PermanentDeleteByUser(user.Id); result.Err != nil { 1296 return result.Err 1297 } 1298 1299 if result := <-a.Srv.Store.Channel().PermanentDeleteMembersByUser(user.Id); result.Err != nil { 1300 return result.Err 1301 } 1302 1303 if result := <-a.Srv.Store.Post().PermanentDeleteByUser(user.Id); result.Err != nil { 1304 return result.Err 1305 } 1306 1307 if result := <-a.Srv.Store.User().PermanentDelete(user.Id); result.Err != nil { 1308 return result.Err 1309 } 1310 1311 if result := <-a.Srv.Store.Audit().PermanentDeleteByUser(user.Id); result.Err != nil { 1312 return result.Err 1313 } 1314 1315 if result := <-a.Srv.Store.Team().RemoveAllMembersByUser(user.Id); result.Err != nil { 1316 return result.Err 1317 } 1318 1319 l4g.Warn(utils.T("api.user.permanent_delete_user.deleted.warn"), user.Email, user.Id) 1320 1321 return nil 1322 } 1323 1324 func (a *App) PermanentDeleteAllUsers() *model.AppError { 1325 if result := <-a.Srv.Store.User().GetAll(); result.Err != nil { 1326 return result.Err 1327 } else { 1328 users := result.Data.([]*model.User) 1329 for _, user := range users { 1330 a.PermanentDeleteUser(user) 1331 } 1332 } 1333 1334 return nil 1335 } 1336 1337 func (a *App) SendEmailVerification(user *model.User) *model.AppError { 1338 token, err := a.CreateVerifyEmailToken(user.Id) 1339 if err != nil { 1340 return err 1341 } 1342 1343 if _, err := a.GetStatus(user.Id); err != nil { 1344 return a.SendVerifyEmail(user.Email, user.Locale, utils.GetSiteURL(), token.Token) 1345 } else { 1346 return a.SendEmailChangeVerifyEmail(user.Email, user.Locale, utils.GetSiteURL(), token.Token) 1347 } 1348 } 1349 1350 func (a *App) VerifyEmailFromToken(userSuppliedTokenString string) *model.AppError { 1351 var token *model.Token 1352 var err *model.AppError 1353 if token, err = a.GetVerifyEmailToken(userSuppliedTokenString); err != nil { 1354 return err 1355 } else { 1356 if model.GetMillis()-token.CreateAt >= PASSWORD_RECOVER_EXPIRY_TIME { 1357 return model.NewAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "", http.StatusBadRequest) 1358 } 1359 if err := a.VerifyUserEmail(token.Extra); err != nil { 1360 return err 1361 } 1362 if err := a.DeleteToken(token); err != nil { 1363 l4g.Error(err.Error()) 1364 } 1365 } 1366 1367 return nil 1368 } 1369 1370 func (a *App) CreateVerifyEmailToken(userId string) (*model.Token, *model.AppError) { 1371 token := model.NewToken(TOKEN_TYPE_VERIFY_EMAIL, userId) 1372 1373 if result := <-a.Srv.Store.Token().Save(token); result.Err != nil { 1374 return nil, result.Err 1375 } 1376 1377 return token, nil 1378 } 1379 1380 func (a *App) GetVerifyEmailToken(token string) (*model.Token, *model.AppError) { 1381 if result := <-a.Srv.Store.Token().GetByToken(token); result.Err != nil { 1382 return nil, model.NewAppError("GetVerifyEmailToken", "api.user.verify_email.bad_link.app_error", nil, result.Err.Error(), http.StatusBadRequest) 1383 } else { 1384 token := result.Data.(*model.Token) 1385 if token.Type != TOKEN_TYPE_VERIFY_EMAIL { 1386 return nil, model.NewAppError("GetVerifyEmailToken", "api.user.verify_email.broken_token.app_error", nil, "", http.StatusBadRequest) 1387 } 1388 return token, nil 1389 } 1390 } 1391 1392 func (a *App) VerifyUserEmail(userId string) *model.AppError { 1393 return (<-a.Srv.Store.User().VerifyEmail(userId)).Err 1394 } 1395 1396 func (a *App) SearchUsers(props *model.UserSearch, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1397 if props.WithoutTeam { 1398 return a.SearchUsersWithoutTeam(props.Term, searchOptions, asAdmin) 1399 } else if props.InChannelId != "" { 1400 return a.SearchUsersInChannel(props.InChannelId, props.Term, searchOptions, asAdmin) 1401 } else if props.NotInChannelId != "" { 1402 return a.SearchUsersNotInChannel(props.TeamId, props.NotInChannelId, props.Term, searchOptions, asAdmin) 1403 } else if props.NotInTeamId != "" { 1404 return a.SearchUsersNotInTeam(props.NotInTeamId, props.Term, searchOptions, asAdmin) 1405 } else { 1406 return a.SearchUsersInTeam(props.TeamId, props.Term, searchOptions, asAdmin) 1407 } 1408 } 1409 1410 func (a *App) SearchUsersInChannel(channelId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1411 if result := <-a.Srv.Store.User().SearchInChannel(channelId, term, searchOptions); result.Err != nil { 1412 return nil, result.Err 1413 } else { 1414 users := result.Data.([]*model.User) 1415 1416 for _, user := range users { 1417 a.SanitizeProfile(user, asAdmin) 1418 } 1419 1420 return users, nil 1421 } 1422 } 1423 1424 func (a *App) SearchUsersNotInChannel(teamId string, channelId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1425 if result := <-a.Srv.Store.User().SearchNotInChannel(teamId, channelId, term, searchOptions); result.Err != nil { 1426 return nil, result.Err 1427 } else { 1428 users := result.Data.([]*model.User) 1429 1430 for _, user := range users { 1431 a.SanitizeProfile(user, asAdmin) 1432 } 1433 1434 return users, nil 1435 } 1436 } 1437 1438 func (a *App) SearchUsersInTeam(teamId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1439 if result := <-a.Srv.Store.User().Search(teamId, term, searchOptions); result.Err != nil { 1440 return nil, result.Err 1441 } else { 1442 users := result.Data.([]*model.User) 1443 1444 for _, user := range users { 1445 a.SanitizeProfile(user, asAdmin) 1446 } 1447 1448 return users, nil 1449 } 1450 } 1451 1452 func (a *App) SearchUsersNotInTeam(notInTeamId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1453 if result := <-a.Srv.Store.User().SearchNotInTeam(notInTeamId, term, searchOptions); result.Err != nil { 1454 return nil, result.Err 1455 } else { 1456 users := result.Data.([]*model.User) 1457 1458 for _, user := range users { 1459 a.SanitizeProfile(user, asAdmin) 1460 } 1461 1462 return users, nil 1463 } 1464 } 1465 1466 func (a *App) SearchUsersWithoutTeam(term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1467 if result := <-a.Srv.Store.User().SearchWithoutTeam(term, searchOptions); result.Err != nil { 1468 return nil, result.Err 1469 } else { 1470 users := result.Data.([]*model.User) 1471 1472 for _, user := range users { 1473 a.SanitizeProfile(user, asAdmin) 1474 } 1475 1476 return users, nil 1477 } 1478 } 1479 1480 func (a *App) AutocompleteUsersInChannel(teamId string, channelId string, term string, searchOptions map[string]bool, asAdmin bool) (*model.UserAutocompleteInChannel, *model.AppError) { 1481 uchan := a.Srv.Store.User().SearchInChannel(channelId, term, searchOptions) 1482 nuchan := a.Srv.Store.User().SearchNotInChannel(teamId, channelId, term, searchOptions) 1483 1484 autocomplete := &model.UserAutocompleteInChannel{} 1485 1486 if result := <-uchan; result.Err != nil { 1487 return nil, result.Err 1488 } else { 1489 users := result.Data.([]*model.User) 1490 1491 for _, user := range users { 1492 a.SanitizeProfile(user, asAdmin) 1493 } 1494 1495 autocomplete.InChannel = users 1496 } 1497 1498 if result := <-nuchan; result.Err != nil { 1499 return nil, result.Err 1500 } else { 1501 users := result.Data.([]*model.User) 1502 1503 for _, user := range users { 1504 a.SanitizeProfile(user, asAdmin) 1505 } 1506 1507 autocomplete.OutOfChannel = users 1508 } 1509 1510 return autocomplete, nil 1511 } 1512 1513 func (a *App) AutocompleteUsersInTeam(teamId string, term string, searchOptions map[string]bool, asAdmin bool) (*model.UserAutocompleteInTeam, *model.AppError) { 1514 autocomplete := &model.UserAutocompleteInTeam{} 1515 1516 if result := <-a.Srv.Store.User().Search(teamId, term, searchOptions); result.Err != nil { 1517 return nil, result.Err 1518 } else { 1519 users := result.Data.([]*model.User) 1520 1521 for _, user := range users { 1522 a.SanitizeProfile(user, asAdmin) 1523 } 1524 1525 autocomplete.InTeam = users 1526 } 1527 1528 return autocomplete, nil 1529 } 1530 1531 func (a *App) UpdateOAuthUserAttrs(userData io.Reader, user *model.User, provider einterfaces.OauthProvider, service string) *model.AppError { 1532 oauthUser := provider.GetUserFromJson(userData) 1533 1534 if oauthUser == nil { 1535 return model.NewAppError("UpdateOAuthUserAttrs", "api.user.update_oauth_user_attrs.get_user.app_error", map[string]interface{}{"Service": service}, "", http.StatusBadRequest) 1536 } 1537 1538 userAttrsChanged := false 1539 1540 if oauthUser.Username != user.Username { 1541 if existingUser, _ := a.GetUserByUsername(oauthUser.Username); existingUser == nil { 1542 user.Username = oauthUser.Username 1543 userAttrsChanged = true 1544 } 1545 } 1546 1547 if oauthUser.GetFullName() != user.GetFullName() { 1548 user.FirstName = oauthUser.FirstName 1549 user.LastName = oauthUser.LastName 1550 userAttrsChanged = true 1551 } 1552 1553 if oauthUser.Email != user.Email { 1554 if existingUser, _ := a.GetUserByEmail(oauthUser.Email); existingUser == nil { 1555 user.Email = oauthUser.Email 1556 userAttrsChanged = true 1557 } 1558 } 1559 1560 if user.DeleteAt > 0 { 1561 // Make sure they are not disabled 1562 user.DeleteAt = 0 1563 userAttrsChanged = true 1564 } 1565 1566 if userAttrsChanged { 1567 var result store.StoreResult 1568 if result = <-a.Srv.Store.User().Update(user, true); result.Err != nil { 1569 return result.Err 1570 } 1571 1572 user = result.Data.([2]*model.User)[0] 1573 a.InvalidateCacheForUser(user.Id) 1574 } 1575 1576 return nil 1577 }