github.com/psyb0t/mattermost-server@v4.6.1-0.20180125161845-5503a1351abf+incompatible/app/user.go (about)

     1  // Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package app
     5  
     6  import (
     7  	"bytes"
     8  	b64 "encoding/base64"
     9  	"fmt"
    10  	"hash/fnv"
    11  	"image"
    12  	"image/color"
    13  	"image/draw"
    14  	_ "image/gif"
    15  	_ "image/jpeg"
    16  	"image/png"
    17  	"io"
    18  	"io/ioutil"
    19  	"mime/multipart"
    20  	"net/http"
    21  	"strconv"
    22  	"strings"
    23  
    24  	l4g "github.com/alecthomas/log4go"
    25  	"github.com/disintegration/imaging"
    26  	"github.com/golang/freetype"
    27  	"github.com/mattermost/mattermost-server/einterfaces"
    28  	"github.com/mattermost/mattermost-server/model"
    29  	"github.com/mattermost/mattermost-server/store"
    30  	"github.com/mattermost/mattermost-server/utils"
    31  )
    32  
    33  const (
    34  	TOKEN_TYPE_PASSWORD_RECOVERY  = "password_recovery"
    35  	TOKEN_TYPE_VERIFY_EMAIL       = "verify_email"
    36  	PASSWORD_RECOVER_EXPIRY_TIME  = 1000 * 60 * 60 // 1 hour
    37  	VERIFY_EMAIL_EXPIRY_TIME      = 1000 * 60 * 60 // 1 hour
    38  	IMAGE_PROFILE_PIXEL_DIMENSION = 128
    39  )
    40  
    41  func (a *App) CreateUserWithHash(user *model.User, hash string, data string) (*model.User, *model.AppError) {
    42  	if err := a.IsUserSignUpAllowed(); err != nil {
    43  		return nil, err
    44  	}
    45  
    46  	props := model.MapFromJson(strings.NewReader(data))
    47  
    48  	if hash != utils.HashSha256(fmt.Sprintf("%v:%v", data, a.Config().EmailSettings.InviteSalt)) {
    49  		return nil, model.NewAppError("CreateUserWithHash", "api.user.create_user.signup_link_invalid.app_error", nil, "", http.StatusInternalServerError)
    50  	}
    51  
    52  	if t, err := strconv.ParseInt(props["time"], 10, 64); err != nil || model.GetMillis()-t > 1000*60*60*48 { // 48 hours
    53  		return nil, model.NewAppError("CreateUserWithHash", "api.user.create_user.signup_link_expired.app_error", nil, "", http.StatusInternalServerError)
    54  	}
    55  
    56  	teamId := props["id"]
    57  
    58  	var team *model.Team
    59  	if result := <-a.Srv.Store.Team().Get(teamId); result.Err != nil {
    60  		return nil, result.Err
    61  	} else {
    62  		team = result.Data.(*model.Team)
    63  	}
    64  
    65  	user.Email = props["email"]
    66  	user.EmailVerified = true
    67  
    68  	var ruser *model.User
    69  	var err *model.AppError
    70  	if ruser, err = a.CreateUser(user); err != nil {
    71  		return nil, err
    72  	}
    73  
    74  	if err := a.JoinUserToTeam(team, ruser, ""); err != nil {
    75  		return nil, err
    76  	}
    77  
    78  	a.AddDirectChannels(team.Id, ruser)
    79  
    80  	return ruser, nil
    81  }
    82  
    83  func (a *App) CreateUserWithInviteId(user *model.User, inviteId string) (*model.User, *model.AppError) {
    84  	if err := a.IsUserSignUpAllowed(); err != nil {
    85  		return nil, err
    86  	}
    87  
    88  	var team *model.Team
    89  	if result := <-a.Srv.Store.Team().GetByInviteId(inviteId); result.Err != nil {
    90  		return nil, result.Err
    91  	} else {
    92  		team = result.Data.(*model.Team)
    93  	}
    94  
    95  	user.EmailVerified = false
    96  
    97  	var ruser *model.User
    98  	var err *model.AppError
    99  	if ruser, err = a.CreateUser(user); err != nil {
   100  		return nil, err
   101  	}
   102  
   103  	if err := a.JoinUserToTeam(team, ruser, ""); err != nil {
   104  		return nil, err
   105  	}
   106  
   107  	a.AddDirectChannels(team.Id, ruser)
   108  
   109  	if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, utils.GetSiteURL()); err != nil {
   110  		l4g.Error(err.Error())
   111  	}
   112  
   113  	return ruser, nil
   114  }
   115  
   116  func (a *App) CreateUserAsAdmin(user *model.User) (*model.User, *model.AppError) {
   117  	ruser, err := a.CreateUser(user)
   118  	if err != nil {
   119  		return nil, err
   120  	}
   121  
   122  	if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, utils.GetSiteURL()); err != nil {
   123  		l4g.Error(err.Error())
   124  	}
   125  
   126  	return ruser, nil
   127  }
   128  
   129  func (a *App) CreateUserFromSignup(user *model.User) (*model.User, *model.AppError) {
   130  	if err := a.IsUserSignUpAllowed(); err != nil {
   131  		return nil, err
   132  	}
   133  
   134  	if !a.IsFirstUserAccount() && !*a.Config().TeamSettings.EnableOpenServer {
   135  		err := model.NewAppError("CreateUserFromSignup", "api.user.create_user.no_open_server", nil, "email="+user.Email, http.StatusForbidden)
   136  		return nil, err
   137  	}
   138  
   139  	user.EmailVerified = false
   140  
   141  	ruser, err := a.CreateUser(user)
   142  	if err != nil {
   143  		return nil, err
   144  	}
   145  
   146  	if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, utils.GetSiteURL()); err != nil {
   147  		l4g.Error(err.Error())
   148  	}
   149  
   150  	return ruser, nil
   151  }
   152  
   153  func (a *App) IsUserSignUpAllowed() *model.AppError {
   154  	if !a.Config().EmailSettings.EnableSignUpWithEmail || !a.Config().TeamSettings.EnableUserCreation {
   155  		err := model.NewAppError("IsUserSignUpAllowed", "api.user.create_user.signup_email_disabled.app_error", nil, "", http.StatusNotImplemented)
   156  		return err
   157  	}
   158  	return nil
   159  }
   160  
   161  func (a *App) IsFirstUserAccount() bool {
   162  	if a.SessionCacheLength() == 0 {
   163  		if cr := <-a.Srv.Store.User().GetTotalUsersCount(); cr.Err != nil {
   164  			l4g.Error(cr.Err)
   165  			return false
   166  		} else {
   167  			count := cr.Data.(int64)
   168  			if count <= 0 {
   169  				return true
   170  			}
   171  		}
   172  	}
   173  
   174  	return false
   175  }
   176  
   177  func (a *App) CreateUser(user *model.User) (*model.User, *model.AppError) {
   178  	if !user.IsLDAPUser() && !user.IsSAMLUser() && !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) {
   179  		return nil, model.NewAppError("CreateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest)
   180  	}
   181  
   182  	user.Roles = model.SYSTEM_USER_ROLE_ID
   183  
   184  	// Below is a special case where the first user in the entire
   185  	// system is granted the system_admin role
   186  	if result := <-a.Srv.Store.User().GetTotalUsersCount(); result.Err != nil {
   187  		return nil, result.Err
   188  	} else {
   189  		count := result.Data.(int64)
   190  		if count <= 0 {
   191  			user.Roles = model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID
   192  		}
   193  	}
   194  
   195  	if _, ok := utils.GetSupportedLocales()[user.Locale]; !ok {
   196  		user.Locale = *a.Config().LocalizationSettings.DefaultClientLocale
   197  	}
   198  
   199  	if ruser, err := a.createUser(user); err != nil {
   200  		return nil, err
   201  	} else {
   202  		// This message goes to everyone, so the teamId, channelId and userId are irrelevant
   203  		message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_NEW_USER, "", "", "", nil)
   204  		message.Add("user_id", ruser.Id)
   205  		a.Go(func() {
   206  			a.Publish(message)
   207  		})
   208  
   209  		return ruser, nil
   210  	}
   211  }
   212  
   213  func (a *App) createUser(user *model.User) (*model.User, *model.AppError) {
   214  	user.MakeNonNil()
   215  
   216  	if err := a.IsPasswordValid(user.Password); user.AuthService == "" && err != nil {
   217  		return nil, err
   218  	}
   219  
   220  	if result := <-a.Srv.Store.User().Save(user); result.Err != nil {
   221  		l4g.Error(utils.T("api.user.create_user.save.error"), result.Err)
   222  		return nil, result.Err
   223  	} else {
   224  		ruser := result.Data.(*model.User)
   225  
   226  		if user.EmailVerified {
   227  			if err := a.VerifyUserEmail(ruser.Id); err != nil {
   228  				l4g.Error(utils.T("api.user.create_user.verified.error"), err)
   229  			}
   230  		}
   231  
   232  		pref := model.Preference{UserId: ruser.Id, Category: model.PREFERENCE_CATEGORY_TUTORIAL_STEPS, Name: ruser.Id, Value: "0"}
   233  		if presult := <-a.Srv.Store.Preference().Save(&model.Preferences{pref}); presult.Err != nil {
   234  			l4g.Error(utils.T("api.user.create_user.tutorial.error"), presult.Err.Message)
   235  		}
   236  
   237  		ruser.Sanitize(map[string]bool{})
   238  
   239  		return ruser, nil
   240  	}
   241  }
   242  
   243  func (a *App) CreateOAuthUser(service string, userData io.Reader, teamId string) (*model.User, *model.AppError) {
   244  	if !a.Config().TeamSettings.EnableUserCreation {
   245  		return nil, model.NewAppError("CreateOAuthUser", "api.user.create_user.disabled.app_error", nil, "", http.StatusNotImplemented)
   246  	}
   247  
   248  	var user *model.User
   249  	provider := einterfaces.GetOauthProvider(service)
   250  	if provider == nil {
   251  		return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.not_available.app_error", map[string]interface{}{"Service": strings.Title(service)}, "", http.StatusNotImplemented)
   252  	} else {
   253  		user = provider.GetUserFromJson(userData)
   254  	}
   255  
   256  	if user == nil {
   257  		return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.create.app_error", map[string]interface{}{"Service": service}, "", http.StatusInternalServerError)
   258  	}
   259  
   260  	suchan := a.Srv.Store.User().GetByAuth(user.AuthData, service)
   261  	euchan := a.Srv.Store.User().GetByEmail(user.Email)
   262  
   263  	found := true
   264  	count := 0
   265  	for found {
   266  		if found = a.IsUsernameTaken(user.Username); found {
   267  			user.Username = user.Username + strconv.Itoa(count)
   268  			count += 1
   269  		}
   270  	}
   271  
   272  	if result := <-suchan; result.Err == nil {
   273  		return result.Data.(*model.User), nil
   274  	}
   275  
   276  	if result := <-euchan; result.Err == nil {
   277  		authService := result.Data.(*model.User).AuthService
   278  		if authService == "" {
   279  			return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.already_attached.app_error", map[string]interface{}{"Service": service, "Auth": model.USER_AUTH_SERVICE_EMAIL}, "email="+user.Email, http.StatusBadRequest)
   280  		} else {
   281  			return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.already_attached.app_error", map[string]interface{}{"Service": service, "Auth": authService}, "email="+user.Email, http.StatusBadRequest)
   282  		}
   283  	}
   284  
   285  	user.EmailVerified = true
   286  
   287  	ruser, err := a.CreateUser(user)
   288  	if err != nil {
   289  		return nil, err
   290  	}
   291  
   292  	if len(teamId) > 0 {
   293  		err = a.AddUserToTeamByTeamId(teamId, user)
   294  		if err != nil {
   295  			return nil, err
   296  		}
   297  
   298  		err = a.AddDirectChannels(teamId, user)
   299  		if err != nil {
   300  			l4g.Error(err.Error())
   301  		}
   302  	}
   303  
   304  	return ruser, nil
   305  }
   306  
   307  // Check that a user's email domain matches a list of space-delimited domains as a string.
   308  func CheckUserDomain(user *model.User, domains string) bool {
   309  	if len(domains) == 0 {
   310  		return true
   311  	}
   312  
   313  	domainArray := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(domains, "@", " ", -1), ",", " ", -1))))
   314  
   315  	for _, d := range domainArray {
   316  		if strings.HasSuffix(strings.ToLower(user.Email), "@"+d) {
   317  			return true
   318  		}
   319  	}
   320  
   321  	return false
   322  }
   323  
   324  // Check if the username is already used by another user. Return false if the username is invalid.
   325  func (a *App) IsUsernameTaken(name string) bool {
   326  
   327  	if !model.IsValidUsername(name) {
   328  		return false
   329  	}
   330  
   331  	if result := <-a.Srv.Store.User().GetByUsername(name); result.Err != nil {
   332  		return false
   333  	}
   334  
   335  	return true
   336  }
   337  
   338  func (a *App) GetUser(userId string) (*model.User, *model.AppError) {
   339  	if result := <-a.Srv.Store.User().Get(userId); result.Err != nil {
   340  		return nil, result.Err
   341  	} else {
   342  		return result.Data.(*model.User), nil
   343  	}
   344  }
   345  
   346  func (a *App) GetUserByUsername(username string) (*model.User, *model.AppError) {
   347  	if result := <-a.Srv.Store.User().GetByUsername(username); result.Err != nil && result.Err.Id == "store.sql_user.get_by_username.app_error" {
   348  		result.Err.StatusCode = http.StatusNotFound
   349  		return nil, result.Err
   350  	} else {
   351  		return result.Data.(*model.User), nil
   352  	}
   353  }
   354  
   355  func (a *App) GetUserByEmail(email string) (*model.User, *model.AppError) {
   356  
   357  	if result := <-a.Srv.Store.User().GetByEmail(email); result.Err != nil && result.Err.Id == "store.sql_user.missing_account.const" {
   358  		result.Err.StatusCode = http.StatusNotFound
   359  		return nil, result.Err
   360  	} else if result.Err != nil {
   361  		result.Err.StatusCode = http.StatusBadRequest
   362  		return nil, result.Err
   363  	} else {
   364  		return result.Data.(*model.User), nil
   365  	}
   366  }
   367  
   368  func (a *App) GetUserByAuth(authData *string, authService string) (*model.User, *model.AppError) {
   369  	if result := <-a.Srv.Store.User().GetByAuth(authData, authService); result.Err != nil {
   370  		return nil, result.Err
   371  	} else {
   372  		return result.Data.(*model.User), nil
   373  	}
   374  }
   375  
   376  func (a *App) GetUserForLogin(loginId string, onlyLdap bool) (*model.User, *model.AppError) {
   377  	ldapAvailable := *a.Config().LdapSettings.Enable && a.Ldap != nil && utils.IsLicensed() && *utils.License().Features.LDAP
   378  
   379  	if result := <-a.Srv.Store.User().GetForLogin(
   380  		loginId,
   381  		*a.Config().EmailSettings.EnableSignInWithUsername && !onlyLdap,
   382  		*a.Config().EmailSettings.EnableSignInWithEmail && !onlyLdap,
   383  		ldapAvailable,
   384  	); result.Err != nil && result.Err.Id == "store.sql_user.get_for_login.multiple_users" {
   385  		// don't fall back to LDAP in this case since we already know there's an LDAP user, but that it shouldn't work
   386  		result.Err.StatusCode = http.StatusBadRequest
   387  		return nil, result.Err
   388  	} else if result.Err != nil {
   389  		if !ldapAvailable {
   390  			// failed to find user and no LDAP server to fall back on
   391  			result.Err.StatusCode = http.StatusBadRequest
   392  			return nil, result.Err
   393  		}
   394  
   395  		// fall back to LDAP server to see if we can find a user
   396  		if ldapUser, ldapErr := a.Ldap.GetUser(loginId); ldapErr != nil {
   397  			ldapErr.StatusCode = http.StatusBadRequest
   398  			return nil, ldapErr
   399  		} else {
   400  			return ldapUser, nil
   401  		}
   402  	} else {
   403  		return result.Data.(*model.User), nil
   404  	}
   405  }
   406  
   407  func (a *App) GetUsers(offset int, limit int) ([]*model.User, *model.AppError) {
   408  	if result := <-a.Srv.Store.User().GetAllProfiles(offset, limit); result.Err != nil {
   409  		return nil, result.Err
   410  	} else {
   411  		return result.Data.([]*model.User), nil
   412  	}
   413  }
   414  
   415  func (a *App) GetUsersMap(offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) {
   416  	users, err := a.GetUsers(offset, limit)
   417  	if err != nil {
   418  		return nil, err
   419  	}
   420  
   421  	userMap := make(map[string]*model.User, len(users))
   422  
   423  	for _, user := range users {
   424  		a.SanitizeProfile(user, asAdmin)
   425  		userMap[user.Id] = user
   426  	}
   427  
   428  	return userMap, nil
   429  }
   430  
   431  func (a *App) GetUsersPage(page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) {
   432  	users, err := a.GetUsers(page*perPage, perPage)
   433  	if err != nil {
   434  		return nil, err
   435  	}
   436  
   437  	return a.sanitizeProfiles(users, asAdmin), nil
   438  }
   439  
   440  func (a *App) GetUsersEtag() string {
   441  	return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForAllProfiles()).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress)
   442  }
   443  
   444  func (a *App) GetUsersInTeam(teamId string, offset int, limit int) ([]*model.User, *model.AppError) {
   445  	if result := <-a.Srv.Store.User().GetProfiles(teamId, offset, limit); result.Err != nil {
   446  		return nil, result.Err
   447  	} else {
   448  		return result.Data.([]*model.User), nil
   449  	}
   450  }
   451  
   452  func (a *App) GetUsersNotInTeam(teamId string, offset int, limit int) ([]*model.User, *model.AppError) {
   453  	if result := <-a.Srv.Store.User().GetProfilesNotInTeam(teamId, offset, limit); result.Err != nil {
   454  		return nil, result.Err
   455  	} else {
   456  		return result.Data.([]*model.User), nil
   457  	}
   458  }
   459  
   460  func (a *App) GetUsersInTeamMap(teamId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) {
   461  	users, err := a.GetUsersInTeam(teamId, offset, limit)
   462  	if err != nil {
   463  		return nil, err
   464  	}
   465  
   466  	userMap := make(map[string]*model.User, len(users))
   467  
   468  	for _, user := range users {
   469  		a.SanitizeProfile(user, asAdmin)
   470  		userMap[user.Id] = user
   471  	}
   472  
   473  	return userMap, nil
   474  }
   475  
   476  func (a *App) GetUsersInTeamPage(teamId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) {
   477  	users, err := a.GetUsersInTeam(teamId, page*perPage, perPage)
   478  	if err != nil {
   479  		return nil, err
   480  	}
   481  
   482  	return a.sanitizeProfiles(users, asAdmin), nil
   483  }
   484  
   485  func (a *App) GetUsersNotInTeamPage(teamId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) {
   486  	users, err := a.GetUsersNotInTeam(teamId, page*perPage, perPage)
   487  	if err != nil {
   488  		return nil, err
   489  	}
   490  
   491  	return a.sanitizeProfiles(users, asAdmin), nil
   492  }
   493  
   494  func (a *App) GetUsersInTeamEtag(teamId string) string {
   495  	return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForProfiles(teamId)).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress)
   496  }
   497  
   498  func (a *App) GetUsersNotInTeamEtag(teamId string) string {
   499  	return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForProfilesNotInTeam(teamId)).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress)
   500  }
   501  
   502  func (a *App) GetUsersInChannel(channelId string, offset int, limit int) ([]*model.User, *model.AppError) {
   503  	if result := <-a.Srv.Store.User().GetProfilesInChannel(channelId, offset, limit); result.Err != nil {
   504  		return nil, result.Err
   505  	} else {
   506  		return result.Data.([]*model.User), nil
   507  	}
   508  }
   509  
   510  func (a *App) GetUsersInChannelMap(channelId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) {
   511  	users, err := a.GetUsersInChannel(channelId, offset, limit)
   512  	if err != nil {
   513  		return nil, err
   514  	}
   515  
   516  	userMap := make(map[string]*model.User, len(users))
   517  
   518  	for _, user := range users {
   519  		a.SanitizeProfile(user, asAdmin)
   520  		userMap[user.Id] = user
   521  	}
   522  
   523  	return userMap, nil
   524  }
   525  
   526  func (a *App) GetUsersInChannelPage(channelId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) {
   527  	users, err := a.GetUsersInChannel(channelId, page*perPage, perPage)
   528  	if err != nil {
   529  		return nil, err
   530  	}
   531  
   532  	return a.sanitizeProfiles(users, asAdmin), nil
   533  }
   534  
   535  func (a *App) GetUsersNotInChannel(teamId string, channelId string, offset int, limit int) ([]*model.User, *model.AppError) {
   536  	if result := <-a.Srv.Store.User().GetProfilesNotInChannel(teamId, channelId, offset, limit); result.Err != nil {
   537  		return nil, result.Err
   538  	} else {
   539  		return result.Data.([]*model.User), nil
   540  	}
   541  }
   542  
   543  func (a *App) GetUsersNotInChannelMap(teamId string, channelId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) {
   544  	users, err := a.GetUsersNotInChannel(teamId, channelId, offset, limit)
   545  	if err != nil {
   546  		return nil, err
   547  	}
   548  
   549  	userMap := make(map[string]*model.User, len(users))
   550  
   551  	for _, user := range users {
   552  		a.SanitizeProfile(user, asAdmin)
   553  		userMap[user.Id] = user
   554  	}
   555  
   556  	return userMap, nil
   557  }
   558  
   559  func (a *App) GetUsersNotInChannelPage(teamId string, channelId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) {
   560  	users, err := a.GetUsersNotInChannel(teamId, channelId, page*perPage, perPage)
   561  	if err != nil {
   562  		return nil, err
   563  	}
   564  
   565  	return a.sanitizeProfiles(users, asAdmin), nil
   566  }
   567  
   568  func (a *App) GetUsersWithoutTeamPage(page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) {
   569  	users, err := a.GetUsersWithoutTeam(page*perPage, perPage)
   570  	if err != nil {
   571  		return nil, err
   572  	}
   573  
   574  	return a.sanitizeProfiles(users, asAdmin), nil
   575  }
   576  
   577  func (a *App) GetUsersWithoutTeam(offset int, limit int) ([]*model.User, *model.AppError) {
   578  	if result := <-a.Srv.Store.User().GetProfilesWithoutTeam(offset, limit); result.Err != nil {
   579  		return nil, result.Err
   580  	} else {
   581  		return result.Data.([]*model.User), nil
   582  	}
   583  }
   584  
   585  func (a *App) GetUsersByIds(userIds []string, asAdmin bool) ([]*model.User, *model.AppError) {
   586  	if result := <-a.Srv.Store.User().GetProfileByIds(userIds, true); result.Err != nil {
   587  		return nil, result.Err
   588  	} else {
   589  		users := result.Data.([]*model.User)
   590  		return a.sanitizeProfiles(users, asAdmin), nil
   591  	}
   592  }
   593  
   594  func (a *App) GetUsersByUsernames(usernames []string, asAdmin bool) ([]*model.User, *model.AppError) {
   595  	if result := <-a.Srv.Store.User().GetProfilesByUsernames(usernames, ""); result.Err != nil {
   596  		return nil, result.Err
   597  	} else {
   598  		users := result.Data.([]*model.User)
   599  		return a.sanitizeProfiles(users, asAdmin), nil
   600  	}
   601  }
   602  
   603  func (a *App) sanitizeProfiles(users []*model.User, asAdmin bool) []*model.User {
   604  	for _, u := range users {
   605  		a.SanitizeProfile(u, asAdmin)
   606  	}
   607  
   608  	return users
   609  }
   610  
   611  func (a *App) GenerateMfaSecret(userId string) (*model.MfaSecret, *model.AppError) {
   612  	if a.Mfa == nil {
   613  		return nil, model.NewAppError("generateMfaSecret", "api.user.generate_mfa_qr.not_available.app_error", nil, "", http.StatusNotImplemented)
   614  	}
   615  
   616  	var user *model.User
   617  	var err *model.AppError
   618  	if user, err = a.GetUser(userId); err != nil {
   619  		return nil, err
   620  	}
   621  
   622  	secret, img, err := a.Mfa.GenerateSecret(user)
   623  	if err != nil {
   624  		return nil, err
   625  	}
   626  
   627  	mfaSecret := &model.MfaSecret{Secret: secret, QRCode: b64.StdEncoding.EncodeToString(img)}
   628  	return mfaSecret, nil
   629  }
   630  
   631  func (a *App) ActivateMfa(userId, token string) *model.AppError {
   632  	if a.Mfa == nil {
   633  		err := model.NewAppError("ActivateMfa", "api.user.update_mfa.not_available.app_error", nil, "", http.StatusNotImplemented)
   634  		return err
   635  	}
   636  
   637  	var user *model.User
   638  	if result := <-a.Srv.Store.User().Get(userId); result.Err != nil {
   639  		return result.Err
   640  	} else {
   641  		user = result.Data.(*model.User)
   642  	}
   643  
   644  	if len(user.AuthService) > 0 && user.AuthService != model.USER_AUTH_SERVICE_LDAP {
   645  		return model.NewAppError("ActivateMfa", "api.user.activate_mfa.email_and_ldap_only.app_error", nil, "", http.StatusBadRequest)
   646  	}
   647  
   648  	if err := a.Mfa.Activate(user, token); err != nil {
   649  		return err
   650  	}
   651  
   652  	return nil
   653  }
   654  
   655  func (a *App) DeactivateMfa(userId string) *model.AppError {
   656  	if a.Mfa == nil {
   657  		err := model.NewAppError("DeactivateMfa", "api.user.update_mfa.not_available.app_error", nil, "", http.StatusNotImplemented)
   658  		return err
   659  	}
   660  
   661  	if err := a.Mfa.Deactivate(userId); err != nil {
   662  		return err
   663  	}
   664  
   665  	return nil
   666  }
   667  
   668  func CreateProfileImage(username string, userId string, initialFont string) ([]byte, *model.AppError) {
   669  	colors := []color.NRGBA{
   670  		{197, 8, 126, 255},
   671  		{227, 207, 18, 255},
   672  		{28, 181, 105, 255},
   673  		{35, 188, 224, 255},
   674  		{116, 49, 196, 255},
   675  		{197, 8, 126, 255},
   676  		{197, 19, 19, 255},
   677  		{250, 134, 6, 255},
   678  		{227, 207, 18, 255},
   679  		{123, 201, 71, 255},
   680  		{28, 181, 105, 255},
   681  		{35, 188, 224, 255},
   682  		{116, 49, 196, 255},
   683  		{197, 8, 126, 255},
   684  		{197, 19, 19, 255},
   685  		{250, 134, 6, 255},
   686  		{227, 207, 18, 255},
   687  		{123, 201, 71, 255},
   688  		{28, 181, 105, 255},
   689  		{35, 188, 224, 255},
   690  		{116, 49, 196, 255},
   691  		{197, 8, 126, 255},
   692  		{197, 19, 19, 255},
   693  		{250, 134, 6, 255},
   694  		{227, 207, 18, 255},
   695  		{123, 201, 71, 255},
   696  	}
   697  
   698  	h := fnv.New32a()
   699  	h.Write([]byte(userId))
   700  	seed := h.Sum32()
   701  
   702  	initial := string(strings.ToUpper(username)[0])
   703  
   704  	fontDir, _ := utils.FindDir("fonts")
   705  	fontBytes, err := ioutil.ReadFile(fontDir + initialFont)
   706  	if err != nil {
   707  		return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.default_font.app_error", nil, err.Error(), http.StatusInternalServerError)
   708  	}
   709  	font, err := freetype.ParseFont(fontBytes)
   710  	if err != nil {
   711  		return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.default_font.app_error", nil, err.Error(), http.StatusInternalServerError)
   712  	}
   713  
   714  	color := colors[int64(seed)%int64(len(colors))]
   715  	dstImg := image.NewRGBA(image.Rect(0, 0, IMAGE_PROFILE_PIXEL_DIMENSION, IMAGE_PROFILE_PIXEL_DIMENSION))
   716  	srcImg := image.White
   717  	draw.Draw(dstImg, dstImg.Bounds(), &image.Uniform{color}, image.ZP, draw.Src)
   718  	size := float64(IMAGE_PROFILE_PIXEL_DIMENSION / 2)
   719  
   720  	c := freetype.NewContext()
   721  	c.SetFont(font)
   722  	c.SetFontSize(size)
   723  	c.SetClip(dstImg.Bounds())
   724  	c.SetDst(dstImg)
   725  	c.SetSrc(srcImg)
   726  
   727  	pt := freetype.Pt(IMAGE_PROFILE_PIXEL_DIMENSION/6, IMAGE_PROFILE_PIXEL_DIMENSION*2/3)
   728  	_, err = c.DrawString(initial, pt)
   729  	if err != nil {
   730  		return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.initial.app_error", nil, err.Error(), http.StatusInternalServerError)
   731  	}
   732  
   733  	buf := new(bytes.Buffer)
   734  
   735  	if imgErr := png.Encode(buf, dstImg); imgErr != nil {
   736  		return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.encode.app_error", nil, imgErr.Error(), http.StatusInternalServerError)
   737  	} else {
   738  		return buf.Bytes(), nil
   739  	}
   740  }
   741  
   742  func (a *App) GetProfileImage(user *model.User) ([]byte, bool, *model.AppError) {
   743  	var img []byte
   744  	readFailed := false
   745  
   746  	if len(*a.Config().FileSettings.DriverName) == 0 {
   747  		var err *model.AppError
   748  		if img, err = CreateProfileImage(user.Username, user.Id, a.Config().FileSettings.InitialFont); err != nil {
   749  			return nil, false, err
   750  		}
   751  	} else {
   752  		path := "users/" + user.Id + "/profile.png"
   753  
   754  		if data, err := a.ReadFile(path); err != nil {
   755  			readFailed = true
   756  
   757  			if img, err = CreateProfileImage(user.Username, user.Id, a.Config().FileSettings.InitialFont); err != nil {
   758  				return nil, false, err
   759  			}
   760  
   761  			if user.LastPictureUpdate == 0 {
   762  				if err := a.WriteFile(img, path); err != nil {
   763  					return nil, false, err
   764  				}
   765  			}
   766  
   767  		} else {
   768  			img = data
   769  		}
   770  	}
   771  
   772  	return img, readFailed, nil
   773  }
   774  
   775  func (a *App) SetProfileImage(userId string, imageData *multipart.FileHeader) *model.AppError {
   776  	file, err := imageData.Open()
   777  	if err != nil {
   778  		return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.open.app_error", nil, err.Error(), http.StatusBadRequest)
   779  	}
   780  	defer file.Close()
   781  	return a.SetProfileImageFromFile(userId, file)
   782  }
   783  
   784  func (a *App) SetProfileImageFromFile(userId string, file multipart.File) *model.AppError {
   785  	// Decode image config first to check dimensions before loading the whole thing into memory later on
   786  	config, _, err := image.DecodeConfig(file)
   787  	if err != nil {
   788  		return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.decode_config.app_error", nil, err.Error(), http.StatusBadRequest)
   789  	} else if config.Width*config.Height > model.MaxImageSize {
   790  		return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.too_large.app_error", nil, err.Error(), http.StatusBadRequest)
   791  	}
   792  
   793  	file.Seek(0, 0)
   794  
   795  	// Decode image into Image object
   796  	img, _, err := image.Decode(file)
   797  	if err != nil {
   798  		return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.decode.app_error", nil, err.Error(), http.StatusBadRequest)
   799  	}
   800  
   801  	file.Seek(0, 0)
   802  
   803  	orientation, _ := getImageOrientation(file)
   804  	img = makeImageUpright(img, orientation)
   805  
   806  	// Scale profile image
   807  	profileWidthAndHeight := 128
   808  	img = imaging.Fill(img, profileWidthAndHeight, profileWidthAndHeight, imaging.Center, imaging.Lanczos)
   809  
   810  	buf := new(bytes.Buffer)
   811  	err = png.Encode(buf, img)
   812  	if err != nil {
   813  		return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.encode.app_error", nil, err.Error(), http.StatusInternalServerError)
   814  	}
   815  
   816  	path := "users/" + userId + "/profile.png"
   817  
   818  	if err := a.WriteFile(buf.Bytes(), path); err != nil {
   819  		return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.upload_profile.app_error", nil, "", http.StatusInternalServerError)
   820  	}
   821  
   822  	<-a.Srv.Store.User().UpdateLastPictureUpdate(userId)
   823  
   824  	a.InvalidateCacheForUser(userId)
   825  
   826  	if user, err := a.GetUser(userId); err != nil {
   827  		l4g.Error(utils.T("api.user.get_me.getting.error"), userId)
   828  	} else {
   829  		options := a.Config().GetSanitizeOptions()
   830  		user.SanitizeProfile(options)
   831  
   832  		message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil)
   833  		message.Add("user", user)
   834  
   835  		a.Publish(message)
   836  	}
   837  
   838  	return nil
   839  }
   840  
   841  func (a *App) UpdatePasswordAsUser(userId, currentPassword, newPassword string) *model.AppError {
   842  	var user *model.User
   843  	var err *model.AppError
   844  
   845  	if user, err = a.GetUser(userId); err != nil {
   846  		return err
   847  	}
   848  
   849  	if user == nil {
   850  		err = model.NewAppError("updatePassword", "api.user.update_password.valid_account.app_error", nil, "", http.StatusBadRequest)
   851  		return err
   852  	}
   853  
   854  	if user.AuthData != nil && *user.AuthData != "" {
   855  		err = model.NewAppError("updatePassword", "api.user.update_password.oauth.app_error", nil, "auth_service="+user.AuthService, http.StatusBadRequest)
   856  		return err
   857  	}
   858  
   859  	if err := a.doubleCheckPassword(user, currentPassword); err != nil {
   860  		if err.Id == "api.user.check_user_password.invalid.app_error" {
   861  			err = model.NewAppError("updatePassword", "api.user.update_password.incorrect.app_error", nil, "", http.StatusBadRequest)
   862  		}
   863  		return err
   864  	}
   865  
   866  	T := utils.GetUserTranslations(user.Locale)
   867  
   868  	return a.UpdatePasswordSendEmail(user, newPassword, T("api.user.update_password.menu"))
   869  }
   870  
   871  func (a *App) UpdateNonSSOUserActive(userId string, active bool) (*model.User, *model.AppError) {
   872  	var user *model.User
   873  	var err *model.AppError
   874  	if user, err = a.GetUser(userId); err != nil {
   875  		return nil, err
   876  	}
   877  
   878  	if user.IsSSOUser() {
   879  		err := model.NewAppError("UpdateActive", "api.user.update_active.no_deactivate_sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest)
   880  		err.StatusCode = http.StatusBadRequest
   881  		return nil, err
   882  	}
   883  
   884  	return a.UpdateActive(user, active)
   885  }
   886  
   887  func (a *App) UpdateActive(user *model.User, active bool) (*model.User, *model.AppError) {
   888  	if active {
   889  		user.DeleteAt = 0
   890  	} else {
   891  		user.DeleteAt = model.GetMillis()
   892  	}
   893  
   894  	if result := <-a.Srv.Store.User().Update(user, true); result.Err != nil {
   895  		return nil, result.Err
   896  	} else {
   897  		if user.DeleteAt > 0 {
   898  			if err := a.RevokeAllSessions(user.Id); err != nil {
   899  				return nil, err
   900  			}
   901  		}
   902  
   903  		if extra := <-a.Srv.Store.Channel().ExtraUpdateByUser(user.Id, model.GetMillis()); extra.Err != nil {
   904  			return nil, extra.Err
   905  		}
   906  
   907  		ruser := result.Data.([2]*model.User)[0]
   908  		options := a.Config().GetSanitizeOptions()
   909  		options["passwordupdate"] = false
   910  		ruser.Sanitize(options)
   911  
   912  		if !active {
   913  			a.SetStatusOffline(ruser.Id, false)
   914  		}
   915  
   916  		teamsForUser, err := a.GetTeamsForUser(user.Id)
   917  		if err != nil {
   918  			return nil, err
   919  		}
   920  
   921  		for _, team := range teamsForUser {
   922  			channelsForUser, err := a.GetChannelsForUser(team.Id, user.Id)
   923  			if err != nil {
   924  				return nil, err
   925  			}
   926  
   927  			for _, channel := range *channelsForUser {
   928  				a.InvalidateCacheForChannelMembers(channel.Id)
   929  			}
   930  		}
   931  
   932  		return ruser, nil
   933  	}
   934  }
   935  
   936  func (a *App) SanitizeProfile(user *model.User, asAdmin bool) {
   937  	options := a.Config().GetSanitizeOptions()
   938  	if asAdmin {
   939  		options["email"] = true
   940  		options["fullname"] = true
   941  		options["authservice"] = true
   942  	}
   943  	user.SanitizeProfile(options)
   944  }
   945  
   946  func (a *App) UpdateUserAsUser(user *model.User, asAdmin bool) (*model.User, *model.AppError) {
   947  	updatedUser, err := a.UpdateUser(user, true)
   948  	if err != nil {
   949  		return nil, err
   950  	}
   951  
   952  	a.sendUpdatedUserEvent(*updatedUser, asAdmin)
   953  
   954  	return updatedUser, nil
   955  }
   956  
   957  func (a *App) PatchUser(userId string, patch *model.UserPatch, asAdmin bool) (*model.User, *model.AppError) {
   958  	user, err := a.GetUser(userId)
   959  	if err != nil {
   960  		return nil, err
   961  	}
   962  
   963  	user.Patch(patch)
   964  
   965  	updatedUser, err := a.UpdateUser(user, true)
   966  	if err != nil {
   967  		return nil, err
   968  	}
   969  
   970  	a.sendUpdatedUserEvent(*updatedUser, asAdmin)
   971  
   972  	return updatedUser, nil
   973  }
   974  
   975  func (a *App) UpdateUserAuth(userId string, userAuth *model.UserAuth) (*model.UserAuth, *model.AppError) {
   976  	if userAuth.AuthData == nil || *userAuth.AuthData == "" || userAuth.AuthService == "" {
   977  		userAuth.AuthData = nil
   978  		userAuth.AuthService = ""
   979  
   980  		if err := a.IsPasswordValid(userAuth.Password); err != nil {
   981  			return nil, err
   982  		}
   983  		password := model.HashPassword(userAuth.Password)
   984  
   985  		if result := <-a.Srv.Store.User().UpdatePassword(userId, password); result.Err != nil {
   986  			return nil, result.Err
   987  		}
   988  	} else {
   989  		userAuth.Password = ""
   990  
   991  		if result := <-a.Srv.Store.User().UpdateAuthData(userId, userAuth.AuthService, userAuth.AuthData, "", false); result.Err != nil {
   992  			return nil, result.Err
   993  		}
   994  	}
   995  
   996  	return userAuth, nil
   997  }
   998  
   999  func (a *App) sendUpdatedUserEvent(user model.User, asAdmin bool) {
  1000  	a.SanitizeProfile(&user, asAdmin)
  1001  
  1002  	message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil)
  1003  	message.Add("user", user)
  1004  	a.Go(func() {
  1005  		a.Publish(message)
  1006  	})
  1007  }
  1008  
  1009  func (a *App) UpdateUser(user *model.User, sendNotifications bool) (*model.User, *model.AppError) {
  1010  	if !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) {
  1011  		result := <-a.Srv.Store.User().Get(user.Id)
  1012  		if result.Err != nil {
  1013  			return nil, result.Err
  1014  		}
  1015  		prev := result.Data.(*model.User)
  1016  		if !prev.IsLDAPUser() && !prev.IsSAMLUser() && user.Email != prev.Email {
  1017  			return nil, model.NewAppError("UpdateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest)
  1018  		}
  1019  	}
  1020  
  1021  	if result := <-a.Srv.Store.User().Update(user, false); result.Err != nil {
  1022  		return nil, result.Err
  1023  	} else {
  1024  		rusers := result.Data.([2]*model.User)
  1025  
  1026  		if sendNotifications {
  1027  			if rusers[0].Email != rusers[1].Email {
  1028  				a.Go(func() {
  1029  					if err := a.SendEmailChangeEmail(rusers[1].Email, rusers[0].Email, rusers[0].Locale, utils.GetSiteURL()); err != nil {
  1030  						l4g.Error(err.Error())
  1031  					}
  1032  				})
  1033  
  1034  				if a.Config().EmailSettings.RequireEmailVerification {
  1035  					if err := a.SendEmailVerification(rusers[0]); err != nil {
  1036  						l4g.Error(err.Error())
  1037  					}
  1038  				}
  1039  			}
  1040  
  1041  			if rusers[0].Username != rusers[1].Username {
  1042  				a.Go(func() {
  1043  					if err := a.SendChangeUsernameEmail(rusers[1].Username, rusers[0].Username, rusers[0].Email, rusers[0].Locale, utils.GetSiteURL()); err != nil {
  1044  						l4g.Error(err.Error())
  1045  					}
  1046  				})
  1047  			}
  1048  		}
  1049  
  1050  		a.InvalidateCacheForUser(user.Id)
  1051  
  1052  		return rusers[0], nil
  1053  	}
  1054  }
  1055  
  1056  func (a *App) UpdateUserNotifyProps(userId string, props map[string]string) (*model.User, *model.AppError) {
  1057  	var user *model.User
  1058  	var err *model.AppError
  1059  	if user, err = a.GetUser(userId); err != nil {
  1060  		return nil, err
  1061  	}
  1062  
  1063  	user.NotifyProps = props
  1064  
  1065  	var ruser *model.User
  1066  	if ruser, err = a.UpdateUser(user, true); err != nil {
  1067  		return nil, err
  1068  	}
  1069  
  1070  	return ruser, nil
  1071  }
  1072  
  1073  func (a *App) UpdateMfa(activate bool, userId, token string) *model.AppError {
  1074  	if activate {
  1075  		if err := a.ActivateMfa(userId, token); err != nil {
  1076  			return err
  1077  		}
  1078  	} else {
  1079  		if err := a.DeactivateMfa(userId); err != nil {
  1080  			return err
  1081  		}
  1082  	}
  1083  
  1084  	a.Go(func() {
  1085  		var user *model.User
  1086  		var err *model.AppError
  1087  
  1088  		if user, err = a.GetUser(userId); err != nil {
  1089  			l4g.Error(err.Error())
  1090  			return
  1091  		}
  1092  
  1093  		if err := a.SendMfaChangeEmail(user.Email, activate, user.Locale, utils.GetSiteURL()); err != nil {
  1094  			l4g.Error(err.Error())
  1095  		}
  1096  	})
  1097  
  1098  	return nil
  1099  }
  1100  
  1101  func (a *App) UpdatePasswordByUserIdSendEmail(userId, newPassword, method string) *model.AppError {
  1102  	var user *model.User
  1103  	var err *model.AppError
  1104  	if user, err = a.GetUser(userId); err != nil {
  1105  		return err
  1106  	}
  1107  
  1108  	return a.UpdatePasswordSendEmail(user, newPassword, method)
  1109  }
  1110  
  1111  func (a *App) UpdatePassword(user *model.User, newPassword string) *model.AppError {
  1112  	if err := a.IsPasswordValid(newPassword); err != nil {
  1113  		return err
  1114  	}
  1115  
  1116  	hashedPassword := model.HashPassword(newPassword)
  1117  
  1118  	if result := <-a.Srv.Store.User().UpdatePassword(user.Id, hashedPassword); result.Err != nil {
  1119  		return model.NewAppError("UpdatePassword", "api.user.update_password.failed.app_error", nil, result.Err.Error(), http.StatusInternalServerError)
  1120  	}
  1121  
  1122  	return nil
  1123  }
  1124  
  1125  func (a *App) UpdatePasswordSendEmail(user *model.User, newPassword, method string) *model.AppError {
  1126  	if err := a.UpdatePassword(user, newPassword); err != nil {
  1127  		return err
  1128  	}
  1129  
  1130  	a.Go(func() {
  1131  		if err := a.SendPasswordChangeEmail(user.Email, method, user.Locale, utils.GetSiteURL()); err != nil {
  1132  			l4g.Error(err.Error())
  1133  		}
  1134  	})
  1135  
  1136  	return nil
  1137  }
  1138  
  1139  func (a *App) ResetPasswordFromToken(userSuppliedTokenString, newPassword string) *model.AppError {
  1140  	var token *model.Token
  1141  	var err *model.AppError
  1142  	if token, err = a.GetPasswordRecoveryToken(userSuppliedTokenString); err != nil {
  1143  		return err
  1144  	} else {
  1145  		if model.GetMillis()-token.CreateAt >= PASSWORD_RECOVER_EXPIRY_TIME {
  1146  			return model.NewAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "", http.StatusBadRequest)
  1147  		}
  1148  	}
  1149  
  1150  	var user *model.User
  1151  	if user, err = a.GetUser(token.Extra); err != nil {
  1152  		return err
  1153  	}
  1154  
  1155  	if user.IsSSOUser() {
  1156  		return model.NewAppError("ResetPasswordFromCode", "api.user.reset_password.sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest)
  1157  	}
  1158  
  1159  	T := utils.GetUserTranslations(user.Locale)
  1160  
  1161  	if err := a.UpdatePasswordSendEmail(user, newPassword, T("api.user.reset_password.method")); err != nil {
  1162  		return err
  1163  	}
  1164  
  1165  	if err := a.DeleteToken(token); err != nil {
  1166  		l4g.Error(err.Error())
  1167  	}
  1168  
  1169  	return nil
  1170  }
  1171  
  1172  func (a *App) SendPasswordReset(email string, siteURL string) (bool, *model.AppError) {
  1173  	var user *model.User
  1174  	var err *model.AppError
  1175  	if user, err = a.GetUserByEmail(email); err != nil {
  1176  		return false, nil
  1177  	}
  1178  
  1179  	if user.AuthData != nil && len(*user.AuthData) != 0 {
  1180  		return false, model.NewAppError("SendPasswordReset", "api.user.send_password_reset.sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest)
  1181  	}
  1182  
  1183  	var token *model.Token
  1184  	if token, err = a.CreatePasswordRecoveryToken(user.Id); err != nil {
  1185  		return false, err
  1186  	}
  1187  
  1188  	if _, err := a.SendPasswordResetEmail(user.Email, token, user.Locale, siteURL); err != nil {
  1189  		return false, model.NewAppError("SendPasswordReset", "api.user.send_password_reset.send.app_error", nil, "err="+err.Message, http.StatusInternalServerError)
  1190  	}
  1191  
  1192  	return true, nil
  1193  }
  1194  
  1195  func (a *App) CreatePasswordRecoveryToken(userId string) (*model.Token, *model.AppError) {
  1196  	token := model.NewToken(TOKEN_TYPE_PASSWORD_RECOVERY, userId)
  1197  
  1198  	if result := <-a.Srv.Store.Token().Save(token); result.Err != nil {
  1199  		return nil, result.Err
  1200  	}
  1201  
  1202  	return token, nil
  1203  }
  1204  
  1205  func (a *App) GetPasswordRecoveryToken(token string) (*model.Token, *model.AppError) {
  1206  	if result := <-a.Srv.Store.Token().GetByToken(token); result.Err != nil {
  1207  		return nil, model.NewAppError("GetPasswordRecoveryToken", "api.user.reset_password.invalid_link.app_error", nil, result.Err.Error(), http.StatusBadRequest)
  1208  	} else {
  1209  		token := result.Data.(*model.Token)
  1210  		if token.Type != TOKEN_TYPE_PASSWORD_RECOVERY {
  1211  			return nil, model.NewAppError("GetPasswordRecoveryToken", "api.user.reset_password.broken_token.app_error", nil, "", http.StatusBadRequest)
  1212  		}
  1213  		return token, nil
  1214  	}
  1215  }
  1216  
  1217  func (a *App) DeleteToken(token *model.Token) *model.AppError {
  1218  	if result := <-a.Srv.Store.Token().Delete(token.Token); result.Err != nil {
  1219  		return result.Err
  1220  	}
  1221  
  1222  	return nil
  1223  }
  1224  
  1225  func (a *App) UpdateUserRoles(userId string, newRoles string, sendWebSocketEvent bool) (*model.User, *model.AppError) {
  1226  	var user *model.User
  1227  	var err *model.AppError
  1228  	if user, err = a.GetUser(userId); err != nil {
  1229  		err.StatusCode = http.StatusBadRequest
  1230  		return nil, err
  1231  	}
  1232  
  1233  	user.Roles = newRoles
  1234  	uchan := a.Srv.Store.User().Update(user, true)
  1235  	schan := a.Srv.Store.Session().UpdateRoles(user.Id, newRoles)
  1236  
  1237  	var ruser *model.User
  1238  	if result := <-uchan; result.Err != nil {
  1239  		return nil, result.Err
  1240  	} else {
  1241  		ruser = result.Data.([2]*model.User)[0]
  1242  	}
  1243  
  1244  	if result := <-schan; result.Err != nil {
  1245  		// soft error since the user roles were still updated
  1246  		l4g.Error(result.Err)
  1247  	}
  1248  
  1249  	a.ClearSessionCacheForUser(user.Id)
  1250  
  1251  	if sendWebSocketEvent {
  1252  		message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_ROLE_UPDATED, "", "", user.Id, nil)
  1253  		message.Add("user_id", user.Id)
  1254  		message.Add("roles", newRoles)
  1255  		a.Publish(message)
  1256  	}
  1257  
  1258  	return ruser, nil
  1259  }
  1260  
  1261  func (a *App) PermanentDeleteUser(user *model.User) *model.AppError {
  1262  	l4g.Warn(utils.T("api.user.permanent_delete_user.attempting.warn"), user.Email, user.Id)
  1263  	if user.IsInRole(model.SYSTEM_ADMIN_ROLE_ID) {
  1264  		l4g.Warn(utils.T("api.user.permanent_delete_user.system_admin.warn"), user.Email)
  1265  	}
  1266  
  1267  	if _, err := a.UpdateActive(user, false); err != nil {
  1268  		return err
  1269  	}
  1270  
  1271  	if result := <-a.Srv.Store.Session().PermanentDeleteSessionsByUser(user.Id); result.Err != nil {
  1272  		return result.Err
  1273  	}
  1274  
  1275  	if result := <-a.Srv.Store.UserAccessToken().DeleteAllForUser(user.Id); result.Err != nil {
  1276  		return result.Err
  1277  	}
  1278  
  1279  	if result := <-a.Srv.Store.OAuth().PermanentDeleteAuthDataByUser(user.Id); result.Err != nil {
  1280  		return result.Err
  1281  	}
  1282  
  1283  	if result := <-a.Srv.Store.Webhook().PermanentDeleteIncomingByUser(user.Id); result.Err != nil {
  1284  		return result.Err
  1285  	}
  1286  
  1287  	if result := <-a.Srv.Store.Webhook().PermanentDeleteOutgoingByUser(user.Id); result.Err != nil {
  1288  		return result.Err
  1289  	}
  1290  
  1291  	if result := <-a.Srv.Store.Command().PermanentDeleteByUser(user.Id); result.Err != nil {
  1292  		return result.Err
  1293  	}
  1294  
  1295  	if result := <-a.Srv.Store.Preference().PermanentDeleteByUser(user.Id); result.Err != nil {
  1296  		return result.Err
  1297  	}
  1298  
  1299  	if result := <-a.Srv.Store.Channel().PermanentDeleteMembersByUser(user.Id); result.Err != nil {
  1300  		return result.Err
  1301  	}
  1302  
  1303  	if result := <-a.Srv.Store.Post().PermanentDeleteByUser(user.Id); result.Err != nil {
  1304  		return result.Err
  1305  	}
  1306  
  1307  	if result := <-a.Srv.Store.User().PermanentDelete(user.Id); result.Err != nil {
  1308  		return result.Err
  1309  	}
  1310  
  1311  	if result := <-a.Srv.Store.Audit().PermanentDeleteByUser(user.Id); result.Err != nil {
  1312  		return result.Err
  1313  	}
  1314  
  1315  	if result := <-a.Srv.Store.Team().RemoveAllMembersByUser(user.Id); result.Err != nil {
  1316  		return result.Err
  1317  	}
  1318  
  1319  	l4g.Warn(utils.T("api.user.permanent_delete_user.deleted.warn"), user.Email, user.Id)
  1320  
  1321  	return nil
  1322  }
  1323  
  1324  func (a *App) PermanentDeleteAllUsers() *model.AppError {
  1325  	if result := <-a.Srv.Store.User().GetAll(); result.Err != nil {
  1326  		return result.Err
  1327  	} else {
  1328  		users := result.Data.([]*model.User)
  1329  		for _, user := range users {
  1330  			a.PermanentDeleteUser(user)
  1331  		}
  1332  	}
  1333  
  1334  	return nil
  1335  }
  1336  
  1337  func (a *App) SendEmailVerification(user *model.User) *model.AppError {
  1338  	token, err := a.CreateVerifyEmailToken(user.Id)
  1339  	if err != nil {
  1340  		return err
  1341  	}
  1342  
  1343  	if _, err := a.GetStatus(user.Id); err != nil {
  1344  		return a.SendVerifyEmail(user.Email, user.Locale, utils.GetSiteURL(), token.Token)
  1345  	} else {
  1346  		return a.SendEmailChangeVerifyEmail(user.Email, user.Locale, utils.GetSiteURL(), token.Token)
  1347  	}
  1348  }
  1349  
  1350  func (a *App) VerifyEmailFromToken(userSuppliedTokenString string) *model.AppError {
  1351  	var token *model.Token
  1352  	var err *model.AppError
  1353  	if token, err = a.GetVerifyEmailToken(userSuppliedTokenString); err != nil {
  1354  		return err
  1355  	} else {
  1356  		if model.GetMillis()-token.CreateAt >= PASSWORD_RECOVER_EXPIRY_TIME {
  1357  			return model.NewAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "", http.StatusBadRequest)
  1358  		}
  1359  		if err := a.VerifyUserEmail(token.Extra); err != nil {
  1360  			return err
  1361  		}
  1362  		if err := a.DeleteToken(token); err != nil {
  1363  			l4g.Error(err.Error())
  1364  		}
  1365  	}
  1366  
  1367  	return nil
  1368  }
  1369  
  1370  func (a *App) CreateVerifyEmailToken(userId string) (*model.Token, *model.AppError) {
  1371  	token := model.NewToken(TOKEN_TYPE_VERIFY_EMAIL, userId)
  1372  
  1373  	if result := <-a.Srv.Store.Token().Save(token); result.Err != nil {
  1374  		return nil, result.Err
  1375  	}
  1376  
  1377  	return token, nil
  1378  }
  1379  
  1380  func (a *App) GetVerifyEmailToken(token string) (*model.Token, *model.AppError) {
  1381  	if result := <-a.Srv.Store.Token().GetByToken(token); result.Err != nil {
  1382  		return nil, model.NewAppError("GetVerifyEmailToken", "api.user.verify_email.bad_link.app_error", nil, result.Err.Error(), http.StatusBadRequest)
  1383  	} else {
  1384  		token := result.Data.(*model.Token)
  1385  		if token.Type != TOKEN_TYPE_VERIFY_EMAIL {
  1386  			return nil, model.NewAppError("GetVerifyEmailToken", "api.user.verify_email.broken_token.app_error", nil, "", http.StatusBadRequest)
  1387  		}
  1388  		return token, nil
  1389  	}
  1390  }
  1391  
  1392  func (a *App) VerifyUserEmail(userId string) *model.AppError {
  1393  	return (<-a.Srv.Store.User().VerifyEmail(userId)).Err
  1394  }
  1395  
  1396  func (a *App) SearchUsers(props *model.UserSearch, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) {
  1397  	if props.WithoutTeam {
  1398  		return a.SearchUsersWithoutTeam(props.Term, searchOptions, asAdmin)
  1399  	} else if props.InChannelId != "" {
  1400  		return a.SearchUsersInChannel(props.InChannelId, props.Term, searchOptions, asAdmin)
  1401  	} else if props.NotInChannelId != "" {
  1402  		return a.SearchUsersNotInChannel(props.TeamId, props.NotInChannelId, props.Term, searchOptions, asAdmin)
  1403  	} else if props.NotInTeamId != "" {
  1404  		return a.SearchUsersNotInTeam(props.NotInTeamId, props.Term, searchOptions, asAdmin)
  1405  	} else {
  1406  		return a.SearchUsersInTeam(props.TeamId, props.Term, searchOptions, asAdmin)
  1407  	}
  1408  }
  1409  
  1410  func (a *App) SearchUsersInChannel(channelId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) {
  1411  	if result := <-a.Srv.Store.User().SearchInChannel(channelId, term, searchOptions); result.Err != nil {
  1412  		return nil, result.Err
  1413  	} else {
  1414  		users := result.Data.([]*model.User)
  1415  
  1416  		for _, user := range users {
  1417  			a.SanitizeProfile(user, asAdmin)
  1418  		}
  1419  
  1420  		return users, nil
  1421  	}
  1422  }
  1423  
  1424  func (a *App) SearchUsersNotInChannel(teamId string, channelId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) {
  1425  	if result := <-a.Srv.Store.User().SearchNotInChannel(teamId, channelId, term, searchOptions); result.Err != nil {
  1426  		return nil, result.Err
  1427  	} else {
  1428  		users := result.Data.([]*model.User)
  1429  
  1430  		for _, user := range users {
  1431  			a.SanitizeProfile(user, asAdmin)
  1432  		}
  1433  
  1434  		return users, nil
  1435  	}
  1436  }
  1437  
  1438  func (a *App) SearchUsersInTeam(teamId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) {
  1439  	if result := <-a.Srv.Store.User().Search(teamId, term, searchOptions); result.Err != nil {
  1440  		return nil, result.Err
  1441  	} else {
  1442  		users := result.Data.([]*model.User)
  1443  
  1444  		for _, user := range users {
  1445  			a.SanitizeProfile(user, asAdmin)
  1446  		}
  1447  
  1448  		return users, nil
  1449  	}
  1450  }
  1451  
  1452  func (a *App) SearchUsersNotInTeam(notInTeamId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) {
  1453  	if result := <-a.Srv.Store.User().SearchNotInTeam(notInTeamId, term, searchOptions); result.Err != nil {
  1454  		return nil, result.Err
  1455  	} else {
  1456  		users := result.Data.([]*model.User)
  1457  
  1458  		for _, user := range users {
  1459  			a.SanitizeProfile(user, asAdmin)
  1460  		}
  1461  
  1462  		return users, nil
  1463  	}
  1464  }
  1465  
  1466  func (a *App) SearchUsersWithoutTeam(term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) {
  1467  	if result := <-a.Srv.Store.User().SearchWithoutTeam(term, searchOptions); result.Err != nil {
  1468  		return nil, result.Err
  1469  	} else {
  1470  		users := result.Data.([]*model.User)
  1471  
  1472  		for _, user := range users {
  1473  			a.SanitizeProfile(user, asAdmin)
  1474  		}
  1475  
  1476  		return users, nil
  1477  	}
  1478  }
  1479  
  1480  func (a *App) AutocompleteUsersInChannel(teamId string, channelId string, term string, searchOptions map[string]bool, asAdmin bool) (*model.UserAutocompleteInChannel, *model.AppError) {
  1481  	uchan := a.Srv.Store.User().SearchInChannel(channelId, term, searchOptions)
  1482  	nuchan := a.Srv.Store.User().SearchNotInChannel(teamId, channelId, term, searchOptions)
  1483  
  1484  	autocomplete := &model.UserAutocompleteInChannel{}
  1485  
  1486  	if result := <-uchan; result.Err != nil {
  1487  		return nil, result.Err
  1488  	} else {
  1489  		users := result.Data.([]*model.User)
  1490  
  1491  		for _, user := range users {
  1492  			a.SanitizeProfile(user, asAdmin)
  1493  		}
  1494  
  1495  		autocomplete.InChannel = users
  1496  	}
  1497  
  1498  	if result := <-nuchan; result.Err != nil {
  1499  		return nil, result.Err
  1500  	} else {
  1501  		users := result.Data.([]*model.User)
  1502  
  1503  		for _, user := range users {
  1504  			a.SanitizeProfile(user, asAdmin)
  1505  		}
  1506  
  1507  		autocomplete.OutOfChannel = users
  1508  	}
  1509  
  1510  	return autocomplete, nil
  1511  }
  1512  
  1513  func (a *App) AutocompleteUsersInTeam(teamId string, term string, searchOptions map[string]bool, asAdmin bool) (*model.UserAutocompleteInTeam, *model.AppError) {
  1514  	autocomplete := &model.UserAutocompleteInTeam{}
  1515  
  1516  	if result := <-a.Srv.Store.User().Search(teamId, term, searchOptions); result.Err != nil {
  1517  		return nil, result.Err
  1518  	} else {
  1519  		users := result.Data.([]*model.User)
  1520  
  1521  		for _, user := range users {
  1522  			a.SanitizeProfile(user, asAdmin)
  1523  		}
  1524  
  1525  		autocomplete.InTeam = users
  1526  	}
  1527  
  1528  	return autocomplete, nil
  1529  }
  1530  
  1531  func (a *App) UpdateOAuthUserAttrs(userData io.Reader, user *model.User, provider einterfaces.OauthProvider, service string) *model.AppError {
  1532  	oauthUser := provider.GetUserFromJson(userData)
  1533  
  1534  	if oauthUser == nil {
  1535  		return model.NewAppError("UpdateOAuthUserAttrs", "api.user.update_oauth_user_attrs.get_user.app_error", map[string]interface{}{"Service": service}, "", http.StatusBadRequest)
  1536  	}
  1537  
  1538  	userAttrsChanged := false
  1539  
  1540  	if oauthUser.Username != user.Username {
  1541  		if existingUser, _ := a.GetUserByUsername(oauthUser.Username); existingUser == nil {
  1542  			user.Username = oauthUser.Username
  1543  			userAttrsChanged = true
  1544  		}
  1545  	}
  1546  
  1547  	if oauthUser.GetFullName() != user.GetFullName() {
  1548  		user.FirstName = oauthUser.FirstName
  1549  		user.LastName = oauthUser.LastName
  1550  		userAttrsChanged = true
  1551  	}
  1552  
  1553  	if oauthUser.Email != user.Email {
  1554  		if existingUser, _ := a.GetUserByEmail(oauthUser.Email); existingUser == nil {
  1555  			user.Email = oauthUser.Email
  1556  			userAttrsChanged = true
  1557  		}
  1558  	}
  1559  
  1560  	if user.DeleteAt > 0 {
  1561  		// Make sure they are not disabled
  1562  		user.DeleteAt = 0
  1563  		userAttrsChanged = true
  1564  	}
  1565  
  1566  	if userAttrsChanged {
  1567  		var result store.StoreResult
  1568  		if result = <-a.Srv.Store.User().Update(user, true); result.Err != nil {
  1569  			return result.Err
  1570  		}
  1571  
  1572  		user = result.Data.([2]*model.User)[0]
  1573  		a.InvalidateCacheForUser(user.Id)
  1574  	}
  1575  
  1576  	return nil
  1577  }