diff options
author | Jesús Espino <jespinog@gmail.com> | 2018-04-18 22:46:10 +0200 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2018-04-18 13:46:10 -0700 |
commit | 0910eae31de8ed7b409654515dbd11f5c86dbf71 (patch) | |
tree | 3d5fb47842693cd2ea1a357994c85d04902773a7 /app/email.go | |
parent | b13a228b0451098ea32933a36fe64566e366583d (diff) | |
download | chat-0910eae31de8ed7b409654515dbd11f5c86dbf71.tar.gz chat-0910eae31de8ed7b409654515dbd11f5c86dbf71.tar.bz2 chat-0910eae31de8ed7b409654515dbd11f5c86dbf71.zip |
MM-9779: Incorporate a Token into the invitations system (#8604)
* Incorporate a Token into the invitations system
* Adding unit tests
* Fixing some api4 client tests
* Removing unnecesary hash validation
* Change the Hash concept on invitations with tokenId
* Not send invitation if it wasn't able to create the Token
* Fixing some naming problems
* Changing the hash query params received from the client side
* Removed unneded data param in the token usage
Diffstat (limited to 'app/email.go')
-rw-r--r-- | app/email.go | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/app/email.go b/app/email.go index 7676dfe13..7a50fd82a 100644 --- a/app/email.go +++ b/app/email.go @@ -270,15 +270,22 @@ func (a *App) SendInviteEmails(team *model.Team, senderName string, invites []st bodyPage.Html["ExtraInfo"] = utils.TranslateAsHtml(utils.T, "api.templates.invite_body.extra_info", map[string]interface{}{"TeamDisplayName": team.DisplayName, "TeamURL": siteURL + "/" + team.Name}) + token := model.NewToken( + TOKEN_TYPE_TEAM_INVITATION, + model.MapToJson(map[string]string{"teamId": team.Id, "email": invite}), + ) + props := make(map[string]string) props["email"] = invite - props["id"] = team.Id props["display_name"] = team.DisplayName props["name"] = team.Name - props["time"] = fmt.Sprintf("%v", model.GetMillis()) data := model.MapToJson(props) - hash := utils.HashSha256(fmt.Sprintf("%v:%v", data, a.Config().EmailSettings.InviteSalt)) - bodyPage.Props["Link"] = fmt.Sprintf("%s/signup_user_complete/?d=%s&h=%s", siteURL, url.QueryEscape(data), url.QueryEscape(hash)) + + if result := <-a.Srv.Store.Token().Save(token); result.Err != nil { + l4g.Error(utils.T("api.team.invite_members.send.error"), result.Err) + continue + } + bodyPage.Props["Link"] = fmt.Sprintf("%s/signup_user_complete/?d=%s&t=%s", siteURL, url.QueryEscape(data), url.QueryEscape(token.Token)) if !a.Config().EmailSettings.SendEmailNotifications { l4g.Info(utils.T("api.team.invite_members.sending.info"), invite, bodyPage.Props["Link"]) |