diff options
author | =Corey Hulen <corey@hulen.com> | 2015-10-01 17:52:47 -0700 |
---|---|---|
committer | =Corey Hulen <corey@hulen.com> | 2015-10-01 17:52:47 -0700 |
commit | 430806301da06e927b8d7d6dcba20ea4b6b6d6c1 (patch) | |
tree | 8a457efc7d5570679c3a2ae607b0a52f79cfa981 | |
parent | 013df9f6614fcf8816dc29bc8f07d05a605e47e0 (diff) | |
download | chat-430806301da06e927b8d7d6dcba20ea4b6b6d6c1.tar.gz chat-430806301da06e927b8d7d6dcba20ea4b6b6d6c1.tar.bz2 chat-430806301da06e927b8d7d6dcba20ea4b6b6d6c1.zip |
PLT-44 allow team switching without the need to login
-rw-r--r-- | api/channel.go | 2 | ||||
-rw-r--r-- | api/context.go | 24 | ||||
-rw-r--r-- | api/user.go | 39 | ||||
-rw-r--r-- | model/session.go | 1 | ||||
-rw-r--r-- | web/react/components/navbar_dropdown.jsx | 10 | ||||
-rw-r--r-- | web/react/components/sidebar.jsx | 4 | ||||
-rw-r--r-- | web/react/components/sidebar_header.jsx | 3 | ||||
-rw-r--r-- | web/react/pages/channel.jsx | 4 | ||||
-rw-r--r-- | web/web.go | 37 |
9 files changed, 109 insertions, 15 deletions
diff --git a/api/channel.go b/api/channel.go index 896e22793..28642ff67 100644 --- a/api/channel.go +++ b/api/channel.go @@ -282,7 +282,7 @@ func getChannels(c *Context, w http.ResponseWriter, r *http.Request) { // lets make sure the user is valid if result := <-Srv.Store.User().Get(c.Session.UserId); result.Err != nil { c.Err = result.Err - c.RemoveSessionCookie(w) + c.RemoveSessionCookie(w, r) l4g.Error("Error in getting users profile for id=%v forcing logout", c.Session.UserId) return } diff --git a/api/context.go b/api/context.go index 02c3dc902..e80582b2a 100644 --- a/api/context.go +++ b/api/context.go @@ -137,7 +137,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } if session == nil || session.IsExpired() { - c.RemoveSessionCookie(w) + c.RemoveSessionCookie(w, r) c.Err = model.NewAppError("ServeHTTP", "Invalid or expired session, please login again.", "token="+token) c.Err.StatusCode = http.StatusUnauthorized } else if !session.IsOAuth && isTokenFromQueryString { @@ -303,7 +303,6 @@ func (c *Context) HasSystemAdminPermissions(where string) bool { } func (c *Context) IsSystemAdmin() bool { - // TODO XXX FIXME && IsPrivateIpAddress(c.IpAddress) if model.IsInRole(c.Session.Roles, model.ROLE_SYSTEM_ADMIN) { return true } @@ -317,7 +316,7 @@ func (c *Context) IsTeamAdmin() bool { return false } -func (c *Context) RemoveSessionCookie(w http.ResponseWriter) { +func (c *Context) RemoveSessionCookie(w http.ResponseWriter, r *http.Request) { sessionCache.Remove(c.Session.Token) @@ -330,6 +329,21 @@ func (c *Context) RemoveSessionCookie(w http.ResponseWriter) { } http.SetCookie(w, cookie) + + multiToken := "" + if oldMultiCookie, err := r.Cookie(model.MULTI_SESSION_TOKEN); err == nil { + multiToken = oldMultiCookie.Value + } + + multiCookie := &http.Cookie{ + Name: model.MULTI_SESSION_TOKEN, + Value: strings.TrimSpace(strings.Replace(multiToken, c.Session.Token, "", -1)), + Path: "/", + MaxAge: model.SESSION_TIME_WEB_IN_SECS, + HttpOnly: true, + } + + http.SetCookie(w, multiCookie) } func (c *Context) SetInvalidParam(where string, name string) { @@ -346,7 +360,7 @@ func (c *Context) setTeamURL(url string, valid bool) { c.teamURLValid = valid } -func (c *Context) setTeamURLFromSession() { +func (c *Context) SetTeamURLFromSession() { if result := <-Srv.Store.Team().Get(c.Session.TeamId); result.Err == nil { c.setTeamURL(c.GetSiteURL()+"/"+result.Data.(*model.Team).Name, true) } @@ -362,7 +376,7 @@ func (c *Context) GetTeamURLFromTeam(team *model.Team) string { func (c *Context) GetTeamURL() string { if !c.teamURLValid { - c.setTeamURLFromSession() + c.SetTeamURLFromSession() if !c.teamURLValid { l4g.Debug("TeamURL accessed when not valid. Team URL should not be used in api functions or those that are team independent") } diff --git a/api/user.go b/api/user.go index ed3576a30..2d7dd9ab1 100644 --- a/api/user.go +++ b/api/user.go @@ -394,6 +394,41 @@ func Login(c *Context, w http.ResponseWriter, r *http.Request, user *model.User, http.SetCookie(w, sessionCookie) + multiToken := "" + if originalMultiSessionCookie, err := r.Cookie(model.MULTI_SESSION_TOKEN); err == nil { + multiToken = originalMultiSessionCookie.Value + } + + // Attempt to clean all the old tokens or duplicate tokens + if len(multiToken) > 0 { + tokens := strings.Split(multiToken, " ") + + multiToken = "" + seen := make(map[string]string) + seen[session.TeamId] = session.TeamId + for _, token := range tokens { + if sr := <-Srv.Store.Session().Get(token); sr.Err == nil { + s := sr.Data.(*model.Session) + if !s.IsExpired() && seen[s.TeamId] == "" { + multiToken += " " + token + seen[s.TeamId] = s.TeamId + } + } + } + } + + multiToken = strings.TrimSpace(session.Token + " " + multiToken) + + multiSessionCookie := &http.Cookie{ + Name: model.MULTI_SESSION_TOKEN, + Value: multiToken, + Path: "/", + MaxAge: maxAge, + HttpOnly: true, + } + + http.SetCookie(w, multiSessionCookie) + c.Session = *session c.LogAuditWithUserId(user.Id, "success") } @@ -514,7 +549,7 @@ func logout(c *Context, w http.ResponseWriter, r *http.Request) { func Logout(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("") - c.RemoveSessionCookie(w) + c.RemoveSessionCookie(w, r) if result := <-Srv.Store.Session().Remove(c.Session.Id); result.Err != nil { c.Err = result.Err return @@ -529,7 +564,7 @@ func getMe(c *Context, w http.ResponseWriter, r *http.Request) { if result := <-Srv.Store.User().Get(c.Session.UserId); result.Err != nil { c.Err = result.Err - c.RemoveSessionCookie(w) + c.RemoveSessionCookie(w, r) l4g.Error("Error in getting users profile for id=%v forcing logout", c.Session.UserId) return } else if HandleEtag(result.Data.(*model.User).Etag(), w, r) { diff --git a/model/session.go b/model/session.go index 3c7c75eb4..bb4d987a7 100644 --- a/model/session.go +++ b/model/session.go @@ -10,6 +10,7 @@ import ( const ( SESSION_TOKEN = "MMSID" + MULTI_SESSION_TOKEN = "MMSIDMU" SESSION_TIME_WEB_IN_DAYS = 30 SESSION_TIME_WEB_IN_SECS = 60 * 60 * 24 * SESSION_TIME_WEB_IN_DAYS SESSION_TIME_MOBILE_IN_DAYS = 30 diff --git a/web/react/components/navbar_dropdown.jsx b/web/react/components/navbar_dropdown.jsx index 57a78a0d4..dc5983f1e 100644 --- a/web/react/components/navbar_dropdown.jsx +++ b/web/react/components/navbar_dropdown.jsx @@ -142,10 +142,10 @@ export default class NavbarDropdown extends React.Component { > </li> ); - if (this.state.teams.length > 1 && this.state.currentTeam) { - var curTeamName = this.state.currentTeam.name; + + if (this.state.teams.length > 1) { this.state.teams.forEach((teamName) => { - if (teamName !== curTeamName) { + if (teamName !== this.props.teamName) { teams.push(<li key={teamName}><a href={Utils.getWindowLocationOrigin() + '/' + teamName}>{'Switch to ' + teamName}</a></li>); } }); @@ -234,5 +234,7 @@ NavbarDropdown.defaultProps = { teamType: '' }; NavbarDropdown.propTypes = { - teamType: React.PropTypes.string + teamType: React.PropTypes.string, + teamDisplayName: React.PropTypes.string, + teamName: React.PropTypes.string }; diff --git a/web/react/components/sidebar.jsx b/web/react/components/sidebar.jsx index 6033f200f..dfaa4c794 100644 --- a/web/react/components/sidebar.jsx +++ b/web/react/components/sidebar.jsx @@ -508,6 +508,7 @@ export default class Sidebar extends React.Component { /> <SidebarHeader teamDisplayName={this.props.teamDisplayName} + teamName={this.props.teamName} teamType={this.props.teamType} /> <SearchBox /> @@ -587,5 +588,6 @@ Sidebar.defaultProps = { }; Sidebar.propTypes = { teamType: React.PropTypes.string, - teamDisplayName: React.PropTypes.string + teamDisplayName: React.PropTypes.string, + teamName: React.PropTypes.string }; diff --git a/web/react/components/sidebar_header.jsx b/web/react/components/sidebar_header.jsx index 072c14e0a..33de35064 100644 --- a/web/react/components/sidebar_header.jsx +++ b/web/react/components/sidebar_header.jsx @@ -52,6 +52,8 @@ export default class SidebarHeader extends React.Component { <NavbarDropdown ref='dropdown' teamType={this.props.teamType} + teamDisplayName={this.props.teamDisplayName} + teamName={this.props.teamName} /> </div> ); @@ -64,5 +66,6 @@ SidebarHeader.defaultProps = { }; SidebarHeader.propTypes = { teamDisplayName: React.PropTypes.string, + teamName: React.PropTypes.string, teamType: React.PropTypes.string }; diff --git a/web/react/pages/channel.jsx b/web/react/pages/channel.jsx index 74259194a..c333fd57d 100644 --- a/web/react/pages/channel.jsx +++ b/web/react/pages/channel.jsx @@ -36,11 +36,14 @@ var RemovedFromChannelModal = require('../components/removed_from_channel_modal. var FileUploadOverlay = require('../components/file_upload_overlay.jsx'); var RegisterAppModal = require('../components/register_app_modal.jsx'); var ImportThemeModal = require('../components/user_settings/import_theme_modal.jsx'); +var TeamStore = require('../stores/team_store.jsx'); var Constants = require('../utils/constants.jsx'); var ActionTypes = Constants.ActionTypes; function setupChannelPage(props) { + TeamStore.setCurrentId(props.TeamId); + AppDispatcher.handleViewAction({ type: ActionTypes.CLICK_CHANNEL, name: props.ChannelName, @@ -71,6 +74,7 @@ function setupChannelPage(props) { React.render( <Sidebar teamDisplayName={props.TeamDisplayName} + teamName={props.TeamName} teamType={props.TeamType} />, document.getElementById('sidebar-left') diff --git a/web/web.go b/web/web.go index bf985a5a0..83b59ead4 100644 --- a/web/web.go +++ b/web/web.go @@ -189,9 +189,40 @@ func login(c *api.Context, w http.ResponseWriter, r *http.Request) { return } + // We still might be able to switch to this team because we've logged in before + if multiCookie, err := r.Cookie(model.MULTI_SESSION_TOKEN); err == nil { + multiToken := multiCookie.Value + + if len(multiToken) > 0 { + tokens := strings.Split(multiToken, " ") + + for _, token := range tokens { + if sr := <-api.Srv.Store.Session().Get(token); sr.Err == nil { + s := sr.Data.(*model.Session) + + if !s.IsExpired() && s.TeamId == team.Id { + w.Header().Set(model.HEADER_TOKEN, s.Token) + sessionCookie := &http.Cookie{ + Name: model.SESSION_TOKEN, + Value: s.Token, + Path: "/", + MaxAge: model.SESSION_TIME_WEB_IN_SECS, + HttpOnly: true, + } + + http.SetCookie(w, sessionCookie) + + http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusTemporaryRedirect) + return + } + } + } + } + } + page := NewHtmlTemplatePage("login", "Login") page.Props["TeamDisplayName"] = team.DisplayName - page.Props["TeamName"] = teamName + page.Props["TeamName"] = team.Name page.Render(c, w) } @@ -319,7 +350,7 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { // lets make sure the user is valid if result := <-api.Srv.Store.User().Get(c.Session.UserId); result.Err != nil { c.Err = result.Err - c.RemoveSessionCookie(w) + c.RemoveSessionCookie(w, r) l4g.Error("Error in getting users profile for id=%v forcing logout", c.Session.UserId) return } @@ -344,6 +375,7 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { page := NewHtmlTemplatePage("channel", "") page.Props["Title"] = name + " - " + team.DisplayName + " " + page.ClientProps["SiteName"] page.Props["TeamDisplayName"] = team.DisplayName + page.Props["TeamName"] = team.Name page.Props["TeamType"] = team.Type page.Props["TeamId"] = team.Id page.Props["ChannelName"] = name @@ -451,6 +483,7 @@ func resetPassword(c *api.Context, w http.ResponseWriter, r *http.Request) { page := NewHtmlTemplatePage("password_reset", "") page.Props["Title"] = "Reset Password " + page.ClientProps["SiteName"] page.Props["TeamDisplayName"] = teamDisplayName + page.Props["TeamName"] = teamName page.Props["Hash"] = hash page.Props["Data"] = data page.Props["TeamName"] = teamName |