diff options
author | Joram Wilander <jwawilander@gmail.com> | 2017-03-13 08:29:56 -0400 |
---|---|---|
committer | George Goldberg <george@gberg.me> | 2017-03-13 12:29:56 +0000 |
commit | 8b0eedbbcd47ba09142c72a71969840aa6e121d2 (patch) | |
tree | 30c073e01dfbe40065aa2bb7900339362a57a07f /api4 | |
parent | 1860d05d623b6fd7670121a7e2391605d1281b27 (diff) | |
download | chat-8b0eedbbcd47ba09142c72a71969840aa6e121d2.tar.gz chat-8b0eedbbcd47ba09142c72a71969840aa6e121d2.tar.bz2 chat-8b0eedbbcd47ba09142c72a71969840aa6e121d2.zip |
Implement PUT /users/{user_id}/mfa endpoint for APIv4 (#5743)
Diffstat (limited to 'api4')
-rw-r--r-- | api4/user.go | 40 | ||||
-rw-r--r-- | api4/user_test.go | 43 |
2 files changed, 83 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index b0063c657..7b8bfe65e 100644 --- a/api4/user.go +++ b/api4/user.go @@ -28,6 +28,7 @@ func InitUser() { BaseRoutes.User.Handle("/image", ApiSessionRequired(setProfileImage)).Methods("POST") BaseRoutes.User.Handle("", ApiSessionRequired(updateUser)).Methods("PUT") BaseRoutes.User.Handle("/patch", ApiSessionRequired(patchUser)).Methods("PUT") + BaseRoutes.User.Handle("/mfa", ApiSessionRequired(updateUserMfa)).Methods("PUT") BaseRoutes.User.Handle("", ApiSessionRequired(deleteUser)).Methods("DELETE") BaseRoutes.User.Handle("/roles", ApiSessionRequired(updateUserRoles)).Methods("PUT") BaseRoutes.User.Handle("/password", ApiSessionRequired(updatePassword)).Methods("PUT") @@ -493,6 +494,45 @@ func updateUserRoles(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } +func updateUserMfa(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + props := model.StringInterfaceFromJson(r.Body) + + activate, ok := props["activate"].(bool) + if !ok { + c.SetInvalidParam("activate") + return + } + + code := "" + if activate { + code, ok = props["code"].(string) + if !ok || len(code) == 0 { + c.SetInvalidParam("code") + return + } + } + + c.LogAudit("attempt") + + if err := app.UpdateMfa(activate, c.Params.UserId, code, c.GetSiteURL()); err != nil { + c.Err = err + return + } + + c.LogAudit("success - mfa updated") + ReturnStatusOK(w) +} + func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireUserId() if c.Err != nil { diff --git a/api4/user_test.go b/api4/user_test.go index fd555fe42..87e1dd64f 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -11,6 +11,7 @@ import ( "github.com/mattermost/platform/app" "github.com/mattermost/platform/model" + "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" ) @@ -803,6 +804,48 @@ func TestGetUsersNotInChannel(t *testing.T) { CheckNoError(t, resp) } +func TestUpdateUserMfa(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + isLicensed := utils.IsLicensed + license := utils.License + enableMfa := *utils.Cfg.ServiceSettings.EnableMultifactorAuthentication + defer func() { + utils.IsLicensed = isLicensed + utils.License = license + *utils.Cfg.ServiceSettings.EnableMultifactorAuthentication = enableMfa + }() + utils.IsLicensed = true + utils.License = &model.License{Features: &model.Features{}} + utils.License.Features.SetDefaults() + + team := model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} + rteam, _ := Client.CreateTeam(&team) + + user := model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "passwd1"} + ruser, _ := Client.CreateUser(&user) + LinkUserToTeam(ruser, rteam) + store.Must(app.Srv.Store.User().VerifyEmail(ruser.Id)) + + Client.Logout() + _, resp := Client.UpdateUserMfa(ruser.Id, "12334", true) + CheckUnauthorizedStatus(t, resp) + + Client.Login(user.Email, user.Password) + _, resp = Client.UpdateUserMfa("fail", "56789", false) + CheckBadRequestStatus(t, resp) + + _, resp = Client.UpdateUserMfa(ruser.Id, "", true) + CheckErrorMessage(t, resp, "api.context.invalid_body_param.app_error") + + *utils.Cfg.ServiceSettings.EnableMultifactorAuthentication = true + + _, resp = Client.UpdateUserMfa(ruser.Id, "123456", false) + CheckNotImplementedStatus(t, resp) +} + func TestUpdateUserPassword(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() |