github.com/spline-fu/mattermost-server@v4.10.10+incompatible/app/user.go (about) 1 // Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package app 5 6 import ( 7 "bytes" 8 b64 "encoding/base64" 9 "fmt" 10 "hash/fnv" 11 "image" 12 "image/color" 13 "image/draw" 14 _ "image/gif" 15 _ "image/jpeg" 16 "image/png" 17 "io" 18 "io/ioutil" 19 "mime/multipart" 20 "net/http" 21 "path/filepath" 22 "strconv" 23 "strings" 24 25 "github.com/disintegration/imaging" 26 "github.com/golang/freetype" 27 "github.com/mattermost/mattermost-server/einterfaces" 28 "github.com/mattermost/mattermost-server/mlog" 29 "github.com/mattermost/mattermost-server/model" 30 "github.com/mattermost/mattermost-server/store" 31 "github.com/mattermost/mattermost-server/utils" 32 ) 33 34 const ( 35 TOKEN_TYPE_PASSWORD_RECOVERY = "password_recovery" 36 TOKEN_TYPE_VERIFY_EMAIL = "verify_email" 37 TOKEN_TYPE_TEAM_INVITATION = "team_invitation" 38 PASSWORD_RECOVER_EXPIRY_TIME = 1000 * 60 * 60 // 1 hour 39 TEAM_INVITATION_EXPIRY_TIME = 1000 * 60 * 60 * 48 // 48 hours 40 IMAGE_PROFILE_PIXEL_DIMENSION = 128 41 ) 42 43 func (a *App) CreateUserWithToken(user *model.User, tokenId string) (*model.User, *model.AppError) { 44 if err := a.IsUserSignUpAllowed(); err != nil { 45 return nil, err 46 } 47 48 result := <-a.Srv.Store.Token().GetByToken(tokenId) 49 if result.Err != nil { 50 return nil, model.NewAppError("CreateUserWithToken", "api.user.create_user.signup_link_invalid.app_error", nil, result.Err.Error(), http.StatusBadRequest) 51 } 52 53 token := result.Data.(*model.Token) 54 if token.Type != TOKEN_TYPE_TEAM_INVITATION { 55 return nil, model.NewAppError("CreateUserWithToken", "api.user.create_user.signup_link_invalid.app_error", nil, "", http.StatusBadRequest) 56 } 57 58 if model.GetMillis()-token.CreateAt >= TEAM_INVITATION_EXPIRY_TIME { 59 a.DeleteToken(token) 60 return nil, model.NewAppError("CreateUserWithToken", "api.user.create_user.signup_link_expired.app_error", nil, "", http.StatusBadRequest) 61 } 62 63 tokenData := model.MapFromJson(strings.NewReader(token.Extra)) 64 65 var team *model.Team 66 if result := <-a.Srv.Store.Team().Get(tokenData["teamId"]); result.Err != nil { 67 return nil, result.Err 68 } else { 69 team = result.Data.(*model.Team) 70 } 71 72 user.Email = tokenData["email"] 73 user.EmailVerified = true 74 75 var ruser *model.User 76 var err *model.AppError 77 if ruser, err = a.CreateUser(user); err != nil { 78 return nil, err 79 } 80 81 if err := a.JoinUserToTeam(team, ruser, ""); err != nil { 82 return nil, err 83 } 84 85 a.AddDirectChannels(team.Id, ruser) 86 87 if err := a.DeleteToken(token); err != nil { 88 return nil, err 89 } 90 91 return ruser, nil 92 } 93 94 func (a *App) CreateUserWithInviteId(user *model.User, inviteId string) (*model.User, *model.AppError) { 95 if err := a.IsUserSignUpAllowed(); err != nil { 96 return nil, err 97 } 98 99 var team *model.Team 100 if result := <-a.Srv.Store.Team().GetByInviteId(inviteId); result.Err != nil { 101 return nil, result.Err 102 } else { 103 team = result.Data.(*model.Team) 104 } 105 106 user.EmailVerified = false 107 108 var ruser *model.User 109 var err *model.AppError 110 if ruser, err = a.CreateUser(user); err != nil { 111 return nil, err 112 } 113 114 if err := a.JoinUserToTeam(team, ruser, ""); err != nil { 115 return nil, err 116 } 117 118 a.AddDirectChannels(team.Id, ruser) 119 120 if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, a.GetSiteURL()); err != nil { 121 mlog.Error(err.Error()) 122 } 123 124 return ruser, nil 125 } 126 127 func (a *App) CreateUserAsAdmin(user *model.User) (*model.User, *model.AppError) { 128 ruser, err := a.CreateUser(user) 129 if err != nil { 130 return nil, err 131 } 132 133 if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, a.GetSiteURL()); err != nil { 134 mlog.Error(err.Error()) 135 } 136 137 return ruser, nil 138 } 139 140 func (a *App) CreateUserFromSignup(user *model.User) (*model.User, *model.AppError) { 141 if err := a.IsUserSignUpAllowed(); err != nil { 142 return nil, err 143 } 144 145 if !a.IsFirstUserAccount() && !*a.Config().TeamSettings.EnableOpenServer { 146 err := model.NewAppError("CreateUserFromSignup", "api.user.create_user.no_open_server", nil, "email="+user.Email, http.StatusForbidden) 147 return nil, err 148 } 149 150 user.EmailVerified = false 151 152 ruser, err := a.CreateUser(user) 153 if err != nil { 154 return nil, err 155 } 156 157 if err := a.SendWelcomeEmail(ruser.Id, ruser.Email, ruser.EmailVerified, ruser.Locale, a.GetSiteURL()); err != nil { 158 mlog.Error(err.Error()) 159 } 160 161 return ruser, nil 162 } 163 164 func (a *App) IsUserSignUpAllowed() *model.AppError { 165 if !a.Config().EmailSettings.EnableSignUpWithEmail || !a.Config().TeamSettings.EnableUserCreation { 166 err := model.NewAppError("IsUserSignUpAllowed", "api.user.create_user.signup_email_disabled.app_error", nil, "", http.StatusNotImplemented) 167 return err 168 } 169 return nil 170 } 171 172 func (a *App) IsFirstUserAccount() bool { 173 if a.SessionCacheLength() == 0 { 174 if cr := <-a.Srv.Store.User().GetTotalUsersCount(); cr.Err != nil { 175 mlog.Error(fmt.Sprint(cr.Err)) 176 return false 177 } else { 178 count := cr.Data.(int64) 179 if count <= 0 { 180 return true 181 } 182 } 183 } 184 185 return false 186 } 187 188 func (a *App) CreateUser(user *model.User) (*model.User, *model.AppError) { 189 if !user.IsLDAPUser() && !user.IsSAMLUser() && !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) { 190 return nil, model.NewAppError("CreateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest) 191 } 192 193 user.Roles = model.SYSTEM_USER_ROLE_ID 194 195 // Below is a special case where the first user in the entire 196 // system is granted the system_admin role 197 if result := <-a.Srv.Store.User().GetTotalUsersCount(); result.Err != nil { 198 return nil, result.Err 199 } else { 200 count := result.Data.(int64) 201 if count <= 0 { 202 user.Roles = model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID 203 } 204 } 205 206 if _, ok := utils.GetSupportedLocales()[user.Locale]; !ok { 207 user.Locale = *a.Config().LocalizationSettings.DefaultClientLocale 208 } 209 210 if ruser, err := a.createUser(user); err != nil { 211 return nil, err 212 } else { 213 // This message goes to everyone, so the teamId, channelId and userId are irrelevant 214 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_NEW_USER, "", "", "", nil) 215 message.Add("user_id", ruser.Id) 216 a.Publish(message) 217 218 return ruser, nil 219 } 220 } 221 222 func (a *App) createUser(user *model.User) (*model.User, *model.AppError) { 223 user.MakeNonNil() 224 225 if err := a.IsPasswordValid(user.Password); user.AuthService == "" && err != nil { 226 return nil, err 227 } 228 229 if result := <-a.Srv.Store.User().Save(user); result.Err != nil { 230 mlog.Error(fmt.Sprintf("Couldn't save the user err=%v", result.Err)) 231 return nil, result.Err 232 } else { 233 ruser := result.Data.(*model.User) 234 235 if user.EmailVerified { 236 if err := a.VerifyUserEmail(ruser.Id); err != nil { 237 mlog.Error(fmt.Sprintf("Failed to set email verified err=%v", err)) 238 } 239 } 240 241 pref := model.Preference{UserId: ruser.Id, Category: model.PREFERENCE_CATEGORY_TUTORIAL_STEPS, Name: ruser.Id, Value: "0"} 242 if presult := <-a.Srv.Store.Preference().Save(&model.Preferences{pref}); presult.Err != nil { 243 mlog.Error(fmt.Sprintf("Encountered error saving tutorial preference, err=%v", presult.Err.Message)) 244 } 245 246 ruser.Sanitize(map[string]bool{}) 247 248 return ruser, nil 249 } 250 } 251 252 func (a *App) CreateOAuthUser(service string, userData io.Reader, teamId string) (*model.User, *model.AppError) { 253 if !a.Config().TeamSettings.EnableUserCreation { 254 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_user.disabled.app_error", nil, "", http.StatusNotImplemented) 255 } 256 257 var user *model.User 258 provider := einterfaces.GetOauthProvider(service) 259 if provider == nil { 260 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.not_available.app_error", map[string]interface{}{"Service": strings.Title(service)}, "", http.StatusNotImplemented) 261 } else { 262 user = provider.GetUserFromJson(userData) 263 } 264 265 if user == nil { 266 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.create.app_error", map[string]interface{}{"Service": service}, "", http.StatusInternalServerError) 267 } 268 269 suchan := a.Srv.Store.User().GetByAuth(user.AuthData, service) 270 euchan := a.Srv.Store.User().GetByEmail(user.Email) 271 272 found := true 273 count := 0 274 for found { 275 if found = a.IsUsernameTaken(user.Username); found { 276 user.Username = user.Username + strconv.Itoa(count) 277 count += 1 278 } 279 } 280 281 if result := <-suchan; result.Err == nil { 282 return result.Data.(*model.User), nil 283 } 284 285 if result := <-euchan; result.Err == nil { 286 authService := result.Data.(*model.User).AuthService 287 if authService == "" { 288 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.already_attached.app_error", map[string]interface{}{"Service": service, "Auth": model.USER_AUTH_SERVICE_EMAIL}, "email="+user.Email, http.StatusBadRequest) 289 } else { 290 return nil, model.NewAppError("CreateOAuthUser", "api.user.create_oauth_user.already_attached.app_error", map[string]interface{}{"Service": service, "Auth": authService}, "email="+user.Email, http.StatusBadRequest) 291 } 292 } 293 294 user.EmailVerified = true 295 296 ruser, err := a.CreateUser(user) 297 if err != nil { 298 return nil, err 299 } 300 301 if len(teamId) > 0 { 302 err = a.AddUserToTeamByTeamId(teamId, user) 303 if err != nil { 304 return nil, err 305 } 306 307 err = a.AddDirectChannels(teamId, user) 308 if err != nil { 309 mlog.Error(err.Error()) 310 } 311 } 312 313 return ruser, nil 314 } 315 316 // Check that a user's email domain matches a list of space-delimited domains as a string. 317 func CheckUserDomain(user *model.User, domains string) bool { 318 if len(domains) == 0 { 319 return true 320 } 321 322 domainArray := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(domains, "@", " ", -1), ",", " ", -1)))) 323 324 for _, d := range domainArray { 325 if strings.HasSuffix(strings.ToLower(user.Email), "@"+d) { 326 return true 327 } 328 } 329 330 return false 331 } 332 333 // Check if the username is already used by another user. Return false if the username is invalid. 334 func (a *App) IsUsernameTaken(name string) bool { 335 336 if !model.IsValidUsername(name) { 337 return false 338 } 339 340 if result := <-a.Srv.Store.User().GetByUsername(name); result.Err != nil { 341 return false 342 } 343 344 return true 345 } 346 347 func (a *App) GetUser(userId string) (*model.User, *model.AppError) { 348 if result := <-a.Srv.Store.User().Get(userId); result.Err != nil { 349 return nil, result.Err 350 } else { 351 return result.Data.(*model.User), nil 352 } 353 } 354 355 func (a *App) GetUserByUsername(username string) (*model.User, *model.AppError) { 356 if result := <-a.Srv.Store.User().GetByUsername(username); result.Err != nil && result.Err.Id == "store.sql_user.get_by_username.app_error" { 357 result.Err.StatusCode = http.StatusNotFound 358 return nil, result.Err 359 } else { 360 return result.Data.(*model.User), nil 361 } 362 } 363 364 func (a *App) GetUserByEmail(email string) (*model.User, *model.AppError) { 365 366 if result := <-a.Srv.Store.User().GetByEmail(email); result.Err != nil && result.Err.Id == "store.sql_user.missing_account.const" { 367 result.Err.StatusCode = http.StatusNotFound 368 return nil, result.Err 369 } else if result.Err != nil { 370 result.Err.StatusCode = http.StatusBadRequest 371 return nil, result.Err 372 } else { 373 return result.Data.(*model.User), nil 374 } 375 } 376 377 func (a *App) GetUserByAuth(authData *string, authService string) (*model.User, *model.AppError) { 378 if result := <-a.Srv.Store.User().GetByAuth(authData, authService); result.Err != nil { 379 return nil, result.Err 380 } else { 381 return result.Data.(*model.User), nil 382 } 383 } 384 385 func (a *App) GetUserForLogin(loginId string, onlyLdap bool) (*model.User, *model.AppError) { 386 license := a.License() 387 ldapAvailable := *a.Config().LdapSettings.Enable && a.Ldap != nil && license != nil && *license.Features.LDAP 388 389 if result := <-a.Srv.Store.User().GetForLogin( 390 loginId, 391 *a.Config().EmailSettings.EnableSignInWithUsername && !onlyLdap, 392 *a.Config().EmailSettings.EnableSignInWithEmail && !onlyLdap, 393 ldapAvailable, 394 ); result.Err != nil && result.Err.Id == "store.sql_user.get_for_login.multiple_users" { 395 // don't fall back to LDAP in this case since we already know there's an LDAP user, but that it shouldn't work 396 result.Err.StatusCode = http.StatusBadRequest 397 return nil, result.Err 398 } else if result.Err != nil { 399 if !ldapAvailable { 400 // failed to find user and no LDAP server to fall back on 401 result.Err.StatusCode = http.StatusBadRequest 402 return nil, result.Err 403 } 404 405 // fall back to LDAP server to see if we can find a user 406 if ldapUser, ldapErr := a.Ldap.GetUser(loginId); ldapErr != nil { 407 ldapErr.StatusCode = http.StatusBadRequest 408 return nil, ldapErr 409 } else { 410 return ldapUser, nil 411 } 412 } else { 413 return result.Data.(*model.User), nil 414 } 415 } 416 417 func (a *App) GetUsers(offset int, limit int) ([]*model.User, *model.AppError) { 418 if result := <-a.Srv.Store.User().GetAllProfiles(offset, limit); result.Err != nil { 419 return nil, result.Err 420 } else { 421 return result.Data.([]*model.User), nil 422 } 423 } 424 425 func (a *App) GetUsersMap(offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 426 users, err := a.GetUsers(offset, limit) 427 if err != nil { 428 return nil, err 429 } 430 431 userMap := make(map[string]*model.User, len(users)) 432 433 for _, user := range users { 434 a.SanitizeProfile(user, asAdmin) 435 userMap[user.Id] = user 436 } 437 438 return userMap, nil 439 } 440 441 func (a *App) GetUsersPage(page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 442 users, err := a.GetUsers(page*perPage, perPage) 443 if err != nil { 444 return nil, err 445 } 446 447 return a.sanitizeProfiles(users, asAdmin), nil 448 } 449 450 func (a *App) GetUsersEtag() string { 451 return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForAllProfiles()).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress) 452 } 453 454 func (a *App) GetUsersInTeam(teamId string, offset int, limit int) ([]*model.User, *model.AppError) { 455 if result := <-a.Srv.Store.User().GetProfiles(teamId, offset, limit); result.Err != nil { 456 return nil, result.Err 457 } else { 458 return result.Data.([]*model.User), nil 459 } 460 } 461 462 func (a *App) GetUsersNotInTeam(teamId string, offset int, limit int) ([]*model.User, *model.AppError) { 463 if result := <-a.Srv.Store.User().GetProfilesNotInTeam(teamId, offset, limit); result.Err != nil { 464 return nil, result.Err 465 } else { 466 return result.Data.([]*model.User), nil 467 } 468 } 469 470 func (a *App) GetUsersInTeamMap(teamId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 471 users, err := a.GetUsersInTeam(teamId, offset, limit) 472 if err != nil { 473 return nil, err 474 } 475 476 userMap := make(map[string]*model.User, len(users)) 477 478 for _, user := range users { 479 a.SanitizeProfile(user, asAdmin) 480 userMap[user.Id] = user 481 } 482 483 return userMap, nil 484 } 485 486 func (a *App) GetUsersInTeamPage(teamId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 487 users, err := a.GetUsersInTeam(teamId, page*perPage, perPage) 488 if err != nil { 489 return nil, err 490 } 491 492 return a.sanitizeProfiles(users, asAdmin), nil 493 } 494 495 func (a *App) GetUsersNotInTeamPage(teamId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 496 users, err := a.GetUsersNotInTeam(teamId, page*perPage, perPage) 497 if err != nil { 498 return nil, err 499 } 500 501 return a.sanitizeProfiles(users, asAdmin), nil 502 } 503 504 func (a *App) GetUsersInTeamEtag(teamId string) string { 505 return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForProfiles(teamId)).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress) 506 } 507 508 func (a *App) GetUsersNotInTeamEtag(teamId string) string { 509 return fmt.Sprintf("%v.%v.%v", (<-a.Srv.Store.User().GetEtagForProfilesNotInTeam(teamId)).Data.(string), a.Config().PrivacySettings.ShowFullName, a.Config().PrivacySettings.ShowEmailAddress) 510 } 511 512 func (a *App) GetUsersInChannel(channelId string, offset int, limit int) ([]*model.User, *model.AppError) { 513 if result := <-a.Srv.Store.User().GetProfilesInChannel(channelId, offset, limit); result.Err != nil { 514 return nil, result.Err 515 } else { 516 return result.Data.([]*model.User), nil 517 } 518 } 519 520 func (a *App) GetUsersInChannelByStatus(channelId string, offset int, limit int) ([]*model.User, *model.AppError) { 521 if result := <-a.Srv.Store.User().GetProfilesInChannelByStatus(channelId, offset, limit); result.Err != nil { 522 return nil, result.Err 523 } else { 524 return result.Data.([]*model.User), nil 525 } 526 } 527 528 func (a *App) GetUsersInChannelMap(channelId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 529 users, err := a.GetUsersInChannel(channelId, offset, limit) 530 if err != nil { 531 return nil, err 532 } 533 534 userMap := make(map[string]*model.User, len(users)) 535 536 for _, user := range users { 537 a.SanitizeProfile(user, asAdmin) 538 userMap[user.Id] = user 539 } 540 541 return userMap, nil 542 } 543 544 func (a *App) GetUsersInChannelPage(channelId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 545 users, err := a.GetUsersInChannel(channelId, page*perPage, perPage) 546 if err != nil { 547 return nil, err 548 } 549 550 return a.sanitizeProfiles(users, asAdmin), nil 551 } 552 553 func (a *App) GetUsersInChannelPageByStatus(channelId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 554 users, err := a.GetUsersInChannelByStatus(channelId, page*perPage, perPage) 555 if err != nil { 556 return nil, err 557 } 558 559 return a.sanitizeProfiles(users, asAdmin), nil 560 } 561 562 func (a *App) GetUsersNotInChannel(teamId string, channelId string, offset int, limit int) ([]*model.User, *model.AppError) { 563 if result := <-a.Srv.Store.User().GetProfilesNotInChannel(teamId, channelId, offset, limit); result.Err != nil { 564 return nil, result.Err 565 } else { 566 return result.Data.([]*model.User), nil 567 } 568 } 569 570 func (a *App) GetUsersNotInChannelMap(teamId string, channelId string, offset int, limit int, asAdmin bool) (map[string]*model.User, *model.AppError) { 571 users, err := a.GetUsersNotInChannel(teamId, channelId, offset, limit) 572 if err != nil { 573 return nil, err 574 } 575 576 userMap := make(map[string]*model.User, len(users)) 577 578 for _, user := range users { 579 a.SanitizeProfile(user, asAdmin) 580 userMap[user.Id] = user 581 } 582 583 return userMap, nil 584 } 585 586 func (a *App) GetUsersNotInChannelPage(teamId string, channelId string, page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 587 users, err := a.GetUsersNotInChannel(teamId, channelId, page*perPage, perPage) 588 if err != nil { 589 return nil, err 590 } 591 592 return a.sanitizeProfiles(users, asAdmin), nil 593 } 594 595 func (a *App) GetUsersWithoutTeamPage(page int, perPage int, asAdmin bool) ([]*model.User, *model.AppError) { 596 users, err := a.GetUsersWithoutTeam(page*perPage, perPage) 597 if err != nil { 598 return nil, err 599 } 600 601 return a.sanitizeProfiles(users, asAdmin), nil 602 } 603 604 func (a *App) GetUsersWithoutTeam(offset int, limit int) ([]*model.User, *model.AppError) { 605 if result := <-a.Srv.Store.User().GetProfilesWithoutTeam(offset, limit); result.Err != nil { 606 return nil, result.Err 607 } else { 608 return result.Data.([]*model.User), nil 609 } 610 } 611 612 func (a *App) GetUsersByIds(userIds []string, asAdmin bool) ([]*model.User, *model.AppError) { 613 if result := <-a.Srv.Store.User().GetProfileByIds(userIds, true); result.Err != nil { 614 return nil, result.Err 615 } else { 616 users := result.Data.([]*model.User) 617 return a.sanitizeProfiles(users, asAdmin), nil 618 } 619 } 620 621 func (a *App) GetUsersByUsernames(usernames []string, asAdmin bool) ([]*model.User, *model.AppError) { 622 if result := <-a.Srv.Store.User().GetProfilesByUsernames(usernames, ""); result.Err != nil { 623 return nil, result.Err 624 } else { 625 users := result.Data.([]*model.User) 626 return a.sanitizeProfiles(users, asAdmin), nil 627 } 628 } 629 630 func (a *App) sanitizeProfiles(users []*model.User, asAdmin bool) []*model.User { 631 for _, u := range users { 632 a.SanitizeProfile(u, asAdmin) 633 } 634 635 return users 636 } 637 638 func (a *App) GenerateMfaSecret(userId string) (*model.MfaSecret, *model.AppError) { 639 if a.Mfa == nil { 640 return nil, model.NewAppError("generateMfaSecret", "api.user.generate_mfa_qr.not_available.app_error", nil, "", http.StatusNotImplemented) 641 } 642 643 var user *model.User 644 var err *model.AppError 645 if user, err = a.GetUser(userId); err != nil { 646 return nil, err 647 } 648 649 secret, img, err := a.Mfa.GenerateSecret(user) 650 if err != nil { 651 return nil, err 652 } 653 654 mfaSecret := &model.MfaSecret{Secret: secret, QRCode: b64.StdEncoding.EncodeToString(img)} 655 return mfaSecret, nil 656 } 657 658 func (a *App) ActivateMfa(userId, token string) *model.AppError { 659 if a.Mfa == nil { 660 err := model.NewAppError("ActivateMfa", "api.user.update_mfa.not_available.app_error", nil, "", http.StatusNotImplemented) 661 return err 662 } 663 664 var user *model.User 665 if result := <-a.Srv.Store.User().Get(userId); result.Err != nil { 666 return result.Err 667 } else { 668 user = result.Data.(*model.User) 669 } 670 671 if len(user.AuthService) > 0 && user.AuthService != model.USER_AUTH_SERVICE_LDAP { 672 return model.NewAppError("ActivateMfa", "api.user.activate_mfa.email_and_ldap_only.app_error", nil, "", http.StatusBadRequest) 673 } 674 675 if err := a.Mfa.Activate(user, token); err != nil { 676 return err 677 } 678 679 return nil 680 } 681 682 func (a *App) DeactivateMfa(userId string) *model.AppError { 683 if a.Mfa == nil { 684 err := model.NewAppError("DeactivateMfa", "api.user.update_mfa.not_available.app_error", nil, "", http.StatusNotImplemented) 685 return err 686 } 687 688 if err := a.Mfa.Deactivate(userId); err != nil { 689 return err 690 } 691 692 return nil 693 } 694 695 func CreateProfileImage(username string, userId string, initialFont string) ([]byte, *model.AppError) { 696 colors := []color.NRGBA{ 697 {197, 8, 126, 255}, 698 {227, 207, 18, 255}, 699 {28, 181, 105, 255}, 700 {35, 188, 224, 255}, 701 {116, 49, 196, 255}, 702 {197, 8, 126, 255}, 703 {197, 19, 19, 255}, 704 {250, 134, 6, 255}, 705 {227, 207, 18, 255}, 706 {123, 201, 71, 255}, 707 {28, 181, 105, 255}, 708 {35, 188, 224, 255}, 709 {116, 49, 196, 255}, 710 {197, 8, 126, 255}, 711 {197, 19, 19, 255}, 712 {250, 134, 6, 255}, 713 {227, 207, 18, 255}, 714 {123, 201, 71, 255}, 715 {28, 181, 105, 255}, 716 {35, 188, 224, 255}, 717 {116, 49, 196, 255}, 718 {197, 8, 126, 255}, 719 {197, 19, 19, 255}, 720 {250, 134, 6, 255}, 721 {227, 207, 18, 255}, 722 {123, 201, 71, 255}, 723 } 724 725 h := fnv.New32a() 726 h.Write([]byte(userId)) 727 seed := h.Sum32() 728 729 initial := string(strings.ToUpper(username)[0]) 730 731 fontDir, _ := utils.FindDir("fonts") 732 fontBytes, err := ioutil.ReadFile(filepath.Join(fontDir, initialFont)) 733 if err != nil { 734 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.default_font.app_error", nil, err.Error(), http.StatusInternalServerError) 735 } 736 font, err := freetype.ParseFont(fontBytes) 737 if err != nil { 738 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.default_font.app_error", nil, err.Error(), http.StatusInternalServerError) 739 } 740 741 color := colors[int64(seed)%int64(len(colors))] 742 dstImg := image.NewRGBA(image.Rect(0, 0, IMAGE_PROFILE_PIXEL_DIMENSION, IMAGE_PROFILE_PIXEL_DIMENSION)) 743 srcImg := image.White 744 draw.Draw(dstImg, dstImg.Bounds(), &image.Uniform{color}, image.ZP, draw.Src) 745 size := float64(IMAGE_PROFILE_PIXEL_DIMENSION / 2) 746 747 c := freetype.NewContext() 748 c.SetFont(font) 749 c.SetFontSize(size) 750 c.SetClip(dstImg.Bounds()) 751 c.SetDst(dstImg) 752 c.SetSrc(srcImg) 753 754 pt := freetype.Pt(IMAGE_PROFILE_PIXEL_DIMENSION/6, IMAGE_PROFILE_PIXEL_DIMENSION*2/3) 755 _, err = c.DrawString(initial, pt) 756 if err != nil { 757 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.initial.app_error", nil, err.Error(), http.StatusInternalServerError) 758 } 759 760 buf := new(bytes.Buffer) 761 762 if imgErr := png.Encode(buf, dstImg); imgErr != nil { 763 return nil, model.NewAppError("CreateProfileImage", "api.user.create_profile_image.encode.app_error", nil, imgErr.Error(), http.StatusInternalServerError) 764 } else { 765 return buf.Bytes(), nil 766 } 767 } 768 769 func (a *App) GetProfileImage(user *model.User) ([]byte, bool, *model.AppError) { 770 var img []byte 771 readFailed := false 772 773 if len(*a.Config().FileSettings.DriverName) == 0 { 774 var err *model.AppError 775 if img, err = CreateProfileImage(user.Username, user.Id, a.Config().FileSettings.InitialFont); err != nil { 776 return nil, false, err 777 } 778 } else { 779 path := "users/" + user.Id + "/profile.png" 780 781 if data, err := a.ReadFile(path); err != nil { 782 readFailed = true 783 784 if img, err = CreateProfileImage(user.Username, user.Id, a.Config().FileSettings.InitialFont); err != nil { 785 return nil, false, err 786 } 787 788 if user.LastPictureUpdate == 0 { 789 if err := a.WriteFile(img, path); err != nil { 790 return nil, false, err 791 } 792 } 793 794 } else { 795 img = data 796 } 797 } 798 799 return img, readFailed, nil 800 } 801 802 func (a *App) SetProfileImage(userId string, imageData *multipart.FileHeader) *model.AppError { 803 file, err := imageData.Open() 804 if err != nil { 805 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.open.app_error", nil, err.Error(), http.StatusBadRequest) 806 } 807 defer file.Close() 808 return a.SetProfileImageFromFile(userId, file) 809 } 810 811 func (a *App) SetProfileImageFromFile(userId string, file multipart.File) *model.AppError { 812 // Decode image config first to check dimensions before loading the whole thing into memory later on 813 config, _, err := image.DecodeConfig(file) 814 if err != nil { 815 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.decode_config.app_error", nil, err.Error(), http.StatusBadRequest) 816 } else if config.Width*config.Height > model.MaxImageSize { 817 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.too_large.app_error", nil, err.Error(), http.StatusBadRequest) 818 } 819 820 file.Seek(0, 0) 821 822 // Decode image into Image object 823 img, _, err := image.Decode(file) 824 if err != nil { 825 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.decode.app_error", nil, err.Error(), http.StatusBadRequest) 826 } 827 828 file.Seek(0, 0) 829 830 orientation, _ := getImageOrientation(file) 831 img = makeImageUpright(img, orientation) 832 833 // Scale profile image 834 profileWidthAndHeight := 128 835 img = imaging.Fill(img, profileWidthAndHeight, profileWidthAndHeight, imaging.Center, imaging.Lanczos) 836 837 buf := new(bytes.Buffer) 838 err = png.Encode(buf, img) 839 if err != nil { 840 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.encode.app_error", nil, err.Error(), http.StatusInternalServerError) 841 } 842 843 path := "users/" + userId + "/profile.png" 844 845 if err := a.WriteFile(buf.Bytes(), path); err != nil { 846 return model.NewAppError("SetProfileImage", "api.user.upload_profile_user.upload_profile.app_error", nil, "", http.StatusInternalServerError) 847 } 848 849 <-a.Srv.Store.User().UpdateLastPictureUpdate(userId) 850 851 a.InvalidateCacheForUser(userId) 852 853 if user, err := a.GetUser(userId); err != nil { 854 mlog.Error(fmt.Sprintf("Error in getting users profile for id=%v forcing logout", userId), mlog.String("user_id", userId)) 855 } else { 856 options := a.Config().GetSanitizeOptions() 857 user.SanitizeProfile(options) 858 859 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil) 860 message.Add("user", user) 861 a.Publish(message) 862 } 863 864 return nil 865 } 866 867 func (a *App) UpdatePasswordAsUser(userId, currentPassword, newPassword string) *model.AppError { 868 var user *model.User 869 var err *model.AppError 870 871 if user, err = a.GetUser(userId); err != nil { 872 return err 873 } 874 875 if user == nil { 876 err = model.NewAppError("updatePassword", "api.user.update_password.valid_account.app_error", nil, "", http.StatusBadRequest) 877 return err 878 } 879 880 if user.AuthData != nil && *user.AuthData != "" { 881 err = model.NewAppError("updatePassword", "api.user.update_password.oauth.app_error", nil, "auth_service="+user.AuthService, http.StatusBadRequest) 882 return err 883 } 884 885 if err := a.DoubleCheckPassword(user, currentPassword); err != nil { 886 if err.Id == "api.user.check_user_password.invalid.app_error" { 887 err = model.NewAppError("updatePassword", "api.user.update_password.incorrect.app_error", nil, "", http.StatusBadRequest) 888 } 889 return err 890 } 891 892 T := utils.GetUserTranslations(user.Locale) 893 894 return a.UpdatePasswordSendEmail(user, newPassword, T("api.user.update_password.menu")) 895 } 896 897 func (a *App) UpdateNonSSOUserActive(userId string, active bool) (*model.User, *model.AppError) { 898 var user *model.User 899 var err *model.AppError 900 if user, err = a.GetUser(userId); err != nil { 901 return nil, err 902 } 903 904 if user.IsSSOUser() { 905 err := model.NewAppError("UpdateActive", "api.user.update_active.no_deactivate_sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest) 906 err.StatusCode = http.StatusBadRequest 907 return nil, err 908 } 909 910 return a.UpdateActive(user, active) 911 } 912 913 func (a *App) UpdateActive(user *model.User, active bool) (*model.User, *model.AppError) { 914 if active { 915 user.DeleteAt = 0 916 } else { 917 user.DeleteAt = model.GetMillis() 918 } 919 920 if result := <-a.Srv.Store.User().Update(user, true); result.Err != nil { 921 return nil, result.Err 922 } else { 923 if user.DeleteAt > 0 { 924 if err := a.RevokeAllSessions(user.Id); err != nil { 925 return nil, err 926 } 927 } 928 929 ruser := result.Data.([2]*model.User)[0] 930 options := a.Config().GetSanitizeOptions() 931 options["passwordupdate"] = false 932 ruser.Sanitize(options) 933 934 if !active { 935 a.SetStatusOffline(ruser.Id, false) 936 } 937 938 teamsForUser, err := a.GetTeamsForUser(user.Id) 939 if err != nil { 940 return nil, err 941 } 942 943 for _, team := range teamsForUser { 944 channelsForUser, err := a.GetChannelsForUser(team.Id, user.Id) 945 if err != nil { 946 return nil, err 947 } 948 949 for _, channel := range *channelsForUser { 950 a.InvalidateCacheForChannelMembers(channel.Id) 951 } 952 } 953 954 a.sendUpdatedUserEvent(*ruser) 955 956 return ruser, nil 957 } 958 } 959 960 func (a *App) SanitizeProfile(user *model.User, asAdmin bool) { 961 options := a.Config().GetSanitizeOptions() 962 if asAdmin { 963 options["email"] = true 964 options["fullname"] = true 965 options["authservice"] = true 966 } 967 user.SanitizeProfile(options) 968 } 969 970 func (a *App) UpdateUserAsUser(user *model.User, asAdmin bool) (*model.User, *model.AppError) { 971 updatedUser, err := a.UpdateUser(user, true) 972 if err != nil { 973 return nil, err 974 } 975 976 a.sendUpdatedUserEvent(*updatedUser) 977 978 return updatedUser, nil 979 } 980 981 func (a *App) PatchUser(userId string, patch *model.UserPatch, asAdmin bool) (*model.User, *model.AppError) { 982 user, err := a.GetUser(userId) 983 if err != nil { 984 return nil, err 985 } 986 987 user.Patch(patch) 988 989 updatedUser, err := a.UpdateUser(user, true) 990 if err != nil { 991 return nil, err 992 } 993 994 a.sendUpdatedUserEvent(*updatedUser) 995 996 return updatedUser, nil 997 } 998 999 func (a *App) UpdateUserAuth(userId string, userAuth *model.UserAuth) (*model.UserAuth, *model.AppError) { 1000 if userAuth.AuthData == nil || *userAuth.AuthData == "" || userAuth.AuthService == "" { 1001 userAuth.AuthData = nil 1002 userAuth.AuthService = "" 1003 1004 if err := a.IsPasswordValid(userAuth.Password); err != nil { 1005 return nil, err 1006 } 1007 password := model.HashPassword(userAuth.Password) 1008 1009 if result := <-a.Srv.Store.User().UpdatePassword(userId, password); result.Err != nil { 1010 return nil, result.Err 1011 } 1012 } else { 1013 userAuth.Password = "" 1014 1015 if result := <-a.Srv.Store.User().UpdateAuthData(userId, userAuth.AuthService, userAuth.AuthData, "", false); result.Err != nil { 1016 return nil, result.Err 1017 } 1018 } 1019 1020 return userAuth, nil 1021 } 1022 1023 func (a *App) sendUpdatedUserEvent(user model.User) { 1024 adminCopyOfUser := user.DeepCopy() 1025 a.SanitizeProfile(adminCopyOfUser, true) 1026 adminMessage := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil) 1027 adminMessage.Add("user", *adminCopyOfUser) 1028 adminMessage.Broadcast.ContainsSensitiveData = true 1029 a.Publish(adminMessage) 1030 1031 a.SanitizeProfile(&user, false) 1032 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_UPDATED, "", "", "", nil) 1033 message.Add("user", user) 1034 message.Broadcast.ContainsSanitizedData = true 1035 a.Publish(message) 1036 } 1037 1038 func (a *App) UpdateUser(user *model.User, sendNotifications bool) (*model.User, *model.AppError) { 1039 if !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) { 1040 result := <-a.Srv.Store.User().Get(user.Id) 1041 if result.Err != nil { 1042 return nil, result.Err 1043 } 1044 prev := result.Data.(*model.User) 1045 if !prev.IsLDAPUser() && !prev.IsSAMLUser() && user.Email != prev.Email { 1046 return nil, model.NewAppError("UpdateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest) 1047 } 1048 } 1049 1050 if result := <-a.Srv.Store.User().Update(user, false); result.Err != nil { 1051 return nil, result.Err 1052 } else { 1053 rusers := result.Data.([2]*model.User) 1054 1055 if sendNotifications { 1056 if rusers[0].Email != rusers[1].Email { 1057 a.Go(func() { 1058 if err := a.SendEmailChangeEmail(rusers[1].Email, rusers[0].Email, rusers[0].Locale, a.GetSiteURL()); err != nil { 1059 mlog.Error(err.Error()) 1060 } 1061 }) 1062 1063 if a.Config().EmailSettings.RequireEmailVerification { 1064 a.Go(func() { 1065 if err := a.SendEmailVerification(rusers[0]); err != nil { 1066 mlog.Error(err.Error()) 1067 } 1068 }) 1069 } 1070 } 1071 1072 if rusers[0].Username != rusers[1].Username { 1073 a.Go(func() { 1074 if err := a.SendChangeUsernameEmail(rusers[1].Username, rusers[0].Username, rusers[0].Email, rusers[0].Locale, a.GetSiteURL()); err != nil { 1075 mlog.Error(err.Error()) 1076 } 1077 }) 1078 } 1079 } 1080 1081 a.InvalidateCacheForUser(user.Id) 1082 1083 return rusers[0], nil 1084 } 1085 } 1086 1087 func (a *App) UpdateUserNotifyProps(userId string, props map[string]string) (*model.User, *model.AppError) { 1088 var user *model.User 1089 var err *model.AppError 1090 if user, err = a.GetUser(userId); err != nil { 1091 return nil, err 1092 } 1093 1094 user.NotifyProps = props 1095 1096 var ruser *model.User 1097 if ruser, err = a.UpdateUser(user, true); err != nil { 1098 return nil, err 1099 } 1100 1101 return ruser, nil 1102 } 1103 1104 func (a *App) UpdateMfa(activate bool, userId, token string) *model.AppError { 1105 if activate { 1106 if err := a.ActivateMfa(userId, token); err != nil { 1107 return err 1108 } 1109 } else { 1110 if err := a.DeactivateMfa(userId); err != nil { 1111 return err 1112 } 1113 } 1114 1115 a.Go(func() { 1116 var user *model.User 1117 var err *model.AppError 1118 1119 if user, err = a.GetUser(userId); err != nil { 1120 mlog.Error(err.Error()) 1121 return 1122 } 1123 1124 if err := a.SendMfaChangeEmail(user.Email, activate, user.Locale, a.GetSiteURL()); err != nil { 1125 mlog.Error(err.Error()) 1126 } 1127 }) 1128 1129 return nil 1130 } 1131 1132 func (a *App) UpdatePasswordByUserIdSendEmail(userId, newPassword, method string) *model.AppError { 1133 var user *model.User 1134 var err *model.AppError 1135 if user, err = a.GetUser(userId); err != nil { 1136 return err 1137 } 1138 1139 return a.UpdatePasswordSendEmail(user, newPassword, method) 1140 } 1141 1142 func (a *App) UpdatePassword(user *model.User, newPassword string) *model.AppError { 1143 if err := a.IsPasswordValid(newPassword); err != nil { 1144 return err 1145 } 1146 1147 hashedPassword := model.HashPassword(newPassword) 1148 1149 if result := <-a.Srv.Store.User().UpdatePassword(user.Id, hashedPassword); result.Err != nil { 1150 return model.NewAppError("UpdatePassword", "api.user.update_password.failed.app_error", nil, result.Err.Error(), http.StatusInternalServerError) 1151 } 1152 1153 return nil 1154 } 1155 1156 func (a *App) UpdatePasswordSendEmail(user *model.User, newPassword, method string) *model.AppError { 1157 if err := a.UpdatePassword(user, newPassword); err != nil { 1158 return err 1159 } 1160 1161 a.Go(func() { 1162 if err := a.SendPasswordChangeEmail(user.Email, method, user.Locale, a.GetSiteURL()); err != nil { 1163 mlog.Error(err.Error()) 1164 } 1165 }) 1166 1167 return nil 1168 } 1169 1170 func (a *App) ResetPasswordFromToken(userSuppliedTokenString, newPassword string) *model.AppError { 1171 var token *model.Token 1172 var err *model.AppError 1173 if token, err = a.GetPasswordRecoveryToken(userSuppliedTokenString); err != nil { 1174 return err 1175 } else { 1176 if model.GetMillis()-token.CreateAt >= PASSWORD_RECOVER_EXPIRY_TIME { 1177 return model.NewAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "", http.StatusBadRequest) 1178 } 1179 } 1180 1181 var user *model.User 1182 if user, err = a.GetUser(token.Extra); err != nil { 1183 return err 1184 } 1185 1186 if user.IsSSOUser() { 1187 return model.NewAppError("ResetPasswordFromCode", "api.user.reset_password.sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest) 1188 } 1189 1190 T := utils.GetUserTranslations(user.Locale) 1191 1192 if err := a.UpdatePasswordSendEmail(user, newPassword, T("api.user.reset_password.method")); err != nil { 1193 return err 1194 } 1195 1196 if err := a.DeleteToken(token); err != nil { 1197 mlog.Error(err.Error()) 1198 } 1199 1200 return nil 1201 } 1202 1203 func (a *App) SendPasswordReset(email string, siteURL string) (bool, *model.AppError) { 1204 var user *model.User 1205 var err *model.AppError 1206 if user, err = a.GetUserByEmail(email); err != nil { 1207 return false, nil 1208 } 1209 1210 if user.AuthData != nil && len(*user.AuthData) != 0 { 1211 return false, model.NewAppError("SendPasswordReset", "api.user.send_password_reset.sso.app_error", nil, "userId="+user.Id, http.StatusBadRequest) 1212 } 1213 1214 var token *model.Token 1215 if token, err = a.CreatePasswordRecoveryToken(user.Id); err != nil { 1216 return false, err 1217 } 1218 1219 if _, err := a.SendPasswordResetEmail(user.Email, token, user.Locale, siteURL); err != nil { 1220 return false, model.NewAppError("SendPasswordReset", "api.user.send_password_reset.send.app_error", nil, "err="+err.Message, http.StatusInternalServerError) 1221 } 1222 1223 return true, nil 1224 } 1225 1226 func (a *App) CreatePasswordRecoveryToken(userId string) (*model.Token, *model.AppError) { 1227 token := model.NewToken(TOKEN_TYPE_PASSWORD_RECOVERY, userId) 1228 1229 if result := <-a.Srv.Store.Token().Save(token); result.Err != nil { 1230 return nil, result.Err 1231 } 1232 1233 return token, nil 1234 } 1235 1236 func (a *App) GetPasswordRecoveryToken(token string) (*model.Token, *model.AppError) { 1237 if result := <-a.Srv.Store.Token().GetByToken(token); result.Err != nil { 1238 return nil, model.NewAppError("GetPasswordRecoveryToken", "api.user.reset_password.invalid_link.app_error", nil, result.Err.Error(), http.StatusBadRequest) 1239 } else { 1240 token := result.Data.(*model.Token) 1241 if token.Type != TOKEN_TYPE_PASSWORD_RECOVERY { 1242 return nil, model.NewAppError("GetPasswordRecoveryToken", "api.user.reset_password.broken_token.app_error", nil, "", http.StatusBadRequest) 1243 } 1244 return token, nil 1245 } 1246 } 1247 1248 func (a *App) DeleteToken(token *model.Token) *model.AppError { 1249 if result := <-a.Srv.Store.Token().Delete(token.Token); result.Err != nil { 1250 return result.Err 1251 } 1252 1253 return nil 1254 } 1255 1256 func (a *App) UpdateUserRoles(userId string, newRoles string, sendWebSocketEvent bool) (*model.User, *model.AppError) { 1257 var user *model.User 1258 var err *model.AppError 1259 if user, err = a.GetUser(userId); err != nil { 1260 err.StatusCode = http.StatusBadRequest 1261 return nil, err 1262 } 1263 1264 if err := a.CheckRolesExist(strings.Fields(newRoles)); err != nil { 1265 return nil, err 1266 } 1267 1268 user.Roles = newRoles 1269 uchan := a.Srv.Store.User().Update(user, true) 1270 schan := a.Srv.Store.Session().UpdateRoles(user.Id, newRoles) 1271 1272 var ruser *model.User 1273 if result := <-uchan; result.Err != nil { 1274 return nil, result.Err 1275 } else { 1276 ruser = result.Data.([2]*model.User)[0] 1277 } 1278 1279 if result := <-schan; result.Err != nil { 1280 // soft error since the user roles were still updated 1281 mlog.Error(fmt.Sprint(result.Err)) 1282 } 1283 1284 a.ClearSessionCacheForUser(user.Id) 1285 1286 if sendWebSocketEvent { 1287 message := model.NewWebSocketEvent(model.WEBSOCKET_EVENT_USER_ROLE_UPDATED, "", "", user.Id, nil) 1288 message.Add("user_id", user.Id) 1289 message.Add("roles", newRoles) 1290 a.Publish(message) 1291 } 1292 1293 return ruser, nil 1294 } 1295 1296 func (a *App) PermanentDeleteUser(user *model.User) *model.AppError { 1297 mlog.Warn(fmt.Sprintf("Attempting to permanently delete account %v id=%v", user.Email, user.Id), mlog.String("user_id", user.Id)) 1298 if user.IsInRole(model.SYSTEM_ADMIN_ROLE_ID) { 1299 mlog.Warn(fmt.Sprintf("You are deleting %v that is a system administrator. You may need to set another account as the system administrator using the command line tools.", user.Email)) 1300 } 1301 1302 if _, err := a.UpdateActive(user, false); err != nil { 1303 return err 1304 } 1305 1306 if result := <-a.Srv.Store.Session().PermanentDeleteSessionsByUser(user.Id); result.Err != nil { 1307 return result.Err 1308 } 1309 1310 if result := <-a.Srv.Store.UserAccessToken().DeleteAllForUser(user.Id); result.Err != nil { 1311 return result.Err 1312 } 1313 1314 if result := <-a.Srv.Store.OAuth().PermanentDeleteAuthDataByUser(user.Id); result.Err != nil { 1315 return result.Err 1316 } 1317 1318 if result := <-a.Srv.Store.Webhook().PermanentDeleteIncomingByUser(user.Id); result.Err != nil { 1319 return result.Err 1320 } 1321 1322 if result := <-a.Srv.Store.Webhook().PermanentDeleteOutgoingByUser(user.Id); result.Err != nil { 1323 return result.Err 1324 } 1325 1326 if result := <-a.Srv.Store.Command().PermanentDeleteByUser(user.Id); result.Err != nil { 1327 return result.Err 1328 } 1329 1330 if result := <-a.Srv.Store.Preference().PermanentDeleteByUser(user.Id); result.Err != nil { 1331 return result.Err 1332 } 1333 1334 if result := <-a.Srv.Store.Channel().PermanentDeleteMembersByUser(user.Id); result.Err != nil { 1335 return result.Err 1336 } 1337 1338 if result := <-a.Srv.Store.Post().PermanentDeleteByUser(user.Id); result.Err != nil { 1339 return result.Err 1340 } 1341 1342 if result := <-a.Srv.Store.User().PermanentDelete(user.Id); result.Err != nil { 1343 return result.Err 1344 } 1345 1346 if result := <-a.Srv.Store.Audit().PermanentDeleteByUser(user.Id); result.Err != nil { 1347 return result.Err 1348 } 1349 1350 if result := <-a.Srv.Store.Team().RemoveAllMembersByUser(user.Id); result.Err != nil { 1351 return result.Err 1352 } 1353 1354 mlog.Warn(fmt.Sprintf("Permanently deleted account %v id=%v", user.Email, user.Id), mlog.String("user_id", user.Id)) 1355 1356 return nil 1357 } 1358 1359 func (a *App) PermanentDeleteAllUsers() *model.AppError { 1360 if result := <-a.Srv.Store.User().GetAll(); result.Err != nil { 1361 return result.Err 1362 } else { 1363 users := result.Data.([]*model.User) 1364 for _, user := range users { 1365 a.PermanentDeleteUser(user) 1366 } 1367 } 1368 1369 return nil 1370 } 1371 1372 func (a *App) SendEmailVerification(user *model.User) *model.AppError { 1373 token, err := a.CreateVerifyEmailToken(user.Id) 1374 if err != nil { 1375 return err 1376 } 1377 1378 if _, err := a.GetStatus(user.Id); err != nil { 1379 return a.SendVerifyEmail(user.Email, user.Locale, a.GetSiteURL(), token.Token) 1380 } else { 1381 return a.SendEmailChangeVerifyEmail(user.Email, user.Locale, a.GetSiteURL(), token.Token) 1382 } 1383 } 1384 1385 func (a *App) VerifyEmailFromToken(userSuppliedTokenString string) *model.AppError { 1386 var token *model.Token 1387 var err *model.AppError 1388 if token, err = a.GetVerifyEmailToken(userSuppliedTokenString); err != nil { 1389 return err 1390 } else { 1391 if model.GetMillis()-token.CreateAt >= PASSWORD_RECOVER_EXPIRY_TIME { 1392 return model.NewAppError("resetPassword", "api.user.reset_password.link_expired.app_error", nil, "", http.StatusBadRequest) 1393 } 1394 if err := a.VerifyUserEmail(token.Extra); err != nil { 1395 return err 1396 } 1397 if err := a.DeleteToken(token); err != nil { 1398 mlog.Error(err.Error()) 1399 } 1400 } 1401 1402 return nil 1403 } 1404 1405 func (a *App) CreateVerifyEmailToken(userId string) (*model.Token, *model.AppError) { 1406 token := model.NewToken(TOKEN_TYPE_VERIFY_EMAIL, userId) 1407 1408 if result := <-a.Srv.Store.Token().Save(token); result.Err != nil { 1409 return nil, result.Err 1410 } 1411 1412 return token, nil 1413 } 1414 1415 func (a *App) GetVerifyEmailToken(token string) (*model.Token, *model.AppError) { 1416 if result := <-a.Srv.Store.Token().GetByToken(token); result.Err != nil { 1417 return nil, model.NewAppError("GetVerifyEmailToken", "api.user.verify_email.bad_link.app_error", nil, result.Err.Error(), http.StatusBadRequest) 1418 } else { 1419 token := result.Data.(*model.Token) 1420 if token.Type != TOKEN_TYPE_VERIFY_EMAIL { 1421 return nil, model.NewAppError("GetVerifyEmailToken", "api.user.verify_email.broken_token.app_error", nil, "", http.StatusBadRequest) 1422 } 1423 return token, nil 1424 } 1425 } 1426 1427 func (a *App) VerifyUserEmail(userId string) *model.AppError { 1428 return (<-a.Srv.Store.User().VerifyEmail(userId)).Err 1429 } 1430 1431 func (a *App) SearchUsers(props *model.UserSearch, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1432 if props.WithoutTeam { 1433 return a.SearchUsersWithoutTeam(props.Term, searchOptions, asAdmin) 1434 } else if props.InChannelId != "" { 1435 return a.SearchUsersInChannel(props.InChannelId, props.Term, searchOptions, asAdmin) 1436 } else if props.NotInChannelId != "" { 1437 return a.SearchUsersNotInChannel(props.TeamId, props.NotInChannelId, props.Term, searchOptions, asAdmin) 1438 } else if props.NotInTeamId != "" { 1439 return a.SearchUsersNotInTeam(props.NotInTeamId, props.Term, searchOptions, asAdmin) 1440 } else { 1441 return a.SearchUsersInTeam(props.TeamId, props.Term, searchOptions, asAdmin) 1442 } 1443 } 1444 1445 func (a *App) SearchUsersInChannel(channelId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1446 if result := <-a.Srv.Store.User().SearchInChannel(channelId, term, searchOptions); result.Err != nil { 1447 return nil, result.Err 1448 } else { 1449 users := result.Data.([]*model.User) 1450 1451 for _, user := range users { 1452 a.SanitizeProfile(user, asAdmin) 1453 } 1454 1455 return users, nil 1456 } 1457 } 1458 1459 func (a *App) SearchUsersNotInChannel(teamId string, channelId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1460 if result := <-a.Srv.Store.User().SearchNotInChannel(teamId, channelId, term, searchOptions); result.Err != nil { 1461 return nil, result.Err 1462 } else { 1463 users := result.Data.([]*model.User) 1464 1465 for _, user := range users { 1466 a.SanitizeProfile(user, asAdmin) 1467 } 1468 1469 return users, nil 1470 } 1471 } 1472 1473 func (a *App) SearchUsersInTeam(teamId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1474 if result := <-a.Srv.Store.User().Search(teamId, term, searchOptions); result.Err != nil { 1475 return nil, result.Err 1476 } else { 1477 users := result.Data.([]*model.User) 1478 1479 for _, user := range users { 1480 a.SanitizeProfile(user, asAdmin) 1481 } 1482 1483 return users, nil 1484 } 1485 } 1486 1487 func (a *App) SearchUsersNotInTeam(notInTeamId string, term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1488 if result := <-a.Srv.Store.User().SearchNotInTeam(notInTeamId, term, searchOptions); result.Err != nil { 1489 return nil, result.Err 1490 } else { 1491 users := result.Data.([]*model.User) 1492 1493 for _, user := range users { 1494 a.SanitizeProfile(user, asAdmin) 1495 } 1496 1497 return users, nil 1498 } 1499 } 1500 1501 func (a *App) SearchUsersWithoutTeam(term string, searchOptions map[string]bool, asAdmin bool) ([]*model.User, *model.AppError) { 1502 if result := <-a.Srv.Store.User().SearchWithoutTeam(term, searchOptions); result.Err != nil { 1503 return nil, result.Err 1504 } else { 1505 users := result.Data.([]*model.User) 1506 1507 for _, user := range users { 1508 a.SanitizeProfile(user, asAdmin) 1509 } 1510 1511 return users, nil 1512 } 1513 } 1514 1515 func (a *App) AutocompleteUsersInChannel(teamId string, channelId string, term string, searchOptions map[string]bool, asAdmin bool) (*model.UserAutocompleteInChannel, *model.AppError) { 1516 uchan := a.Srv.Store.User().SearchInChannel(channelId, term, searchOptions) 1517 nuchan := a.Srv.Store.User().SearchNotInChannel(teamId, channelId, term, searchOptions) 1518 1519 autocomplete := &model.UserAutocompleteInChannel{} 1520 1521 if result := <-uchan; result.Err != nil { 1522 return nil, result.Err 1523 } else { 1524 users := result.Data.([]*model.User) 1525 1526 for _, user := range users { 1527 a.SanitizeProfile(user, asAdmin) 1528 } 1529 1530 autocomplete.InChannel = users 1531 } 1532 1533 if result := <-nuchan; result.Err != nil { 1534 return nil, result.Err 1535 } else { 1536 users := result.Data.([]*model.User) 1537 1538 for _, user := range users { 1539 a.SanitizeProfile(user, asAdmin) 1540 } 1541 1542 autocomplete.OutOfChannel = users 1543 } 1544 1545 return autocomplete, nil 1546 } 1547 1548 func (a *App) AutocompleteUsersInTeam(teamId string, term string, searchOptions map[string]bool, asAdmin bool) (*model.UserAutocompleteInTeam, *model.AppError) { 1549 autocomplete := &model.UserAutocompleteInTeam{} 1550 1551 if result := <-a.Srv.Store.User().Search(teamId, term, searchOptions); result.Err != nil { 1552 return nil, result.Err 1553 } else { 1554 users := result.Data.([]*model.User) 1555 1556 for _, user := range users { 1557 a.SanitizeProfile(user, asAdmin) 1558 } 1559 1560 autocomplete.InTeam = users 1561 } 1562 1563 return autocomplete, nil 1564 } 1565 1566 func (a *App) UpdateOAuthUserAttrs(userData io.Reader, user *model.User, provider einterfaces.OauthProvider, service string) *model.AppError { 1567 oauthUser := provider.GetUserFromJson(userData) 1568 1569 if oauthUser == nil { 1570 return model.NewAppError("UpdateOAuthUserAttrs", "api.user.update_oauth_user_attrs.get_user.app_error", map[string]interface{}{"Service": service}, "", http.StatusBadRequest) 1571 } 1572 1573 userAttrsChanged := false 1574 1575 if oauthUser.Username != user.Username { 1576 if existingUser, _ := a.GetUserByUsername(oauthUser.Username); existingUser == nil { 1577 user.Username = oauthUser.Username 1578 userAttrsChanged = true 1579 } 1580 } 1581 1582 if oauthUser.GetFullName() != user.GetFullName() { 1583 user.FirstName = oauthUser.FirstName 1584 user.LastName = oauthUser.LastName 1585 userAttrsChanged = true 1586 } 1587 1588 if oauthUser.Email != user.Email { 1589 if existingUser, _ := a.GetUserByEmail(oauthUser.Email); existingUser == nil { 1590 user.Email = oauthUser.Email 1591 userAttrsChanged = true 1592 } 1593 } 1594 1595 if user.DeleteAt > 0 { 1596 // Make sure they are not disabled 1597 user.DeleteAt = 0 1598 userAttrsChanged = true 1599 } 1600 1601 if userAttrsChanged { 1602 var result store.StoreResult 1603 if result = <-a.Srv.Store.User().Update(user, true); result.Err != nil { 1604 return result.Err 1605 } 1606 1607 user = result.Data.([2]*model.User)[0] 1608 a.InvalidateCacheForUser(user.Id) 1609 } 1610 1611 return nil 1612 }