diff options
author | Jesús Espino <jespinog@gmail.com> | 2018-04-18 22:46:10 +0200 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2018-04-18 13:46:10 -0700 |
commit | 0910eae31de8ed7b409654515dbd11f5c86dbf71 (patch) | |
tree | 3d5fb47842693cd2ea1a357994c85d04902773a7 /app/user.go | |
parent | b13a228b0451098ea32933a36fe64566e366583d (diff) | |
download | chat-0910eae31de8ed7b409654515dbd11f5c86dbf71.tar.gz chat-0910eae31de8ed7b409654515dbd11f5c86dbf71.tar.bz2 chat-0910eae31de8ed7b409654515dbd11f5c86dbf71.zip |
MM-9779: Incorporate a Token into the invitations system (#8604)
* Incorporate a Token into the invitations system
* Adding unit tests
* Fixing some api4 client tests
* Removing unnecesary hash validation
* Change the Hash concept on invitations with tokenId
* Not send invitation if it wasn't able to create the Token
* Fixing some naming problems
* Changing the hash query params received from the client side
* Removed unneded data param in the token usage
Diffstat (limited to 'app/user.go')
-rw-r--r-- | app/user.go | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/app/user.go b/app/user.go index 21165fdba..80c8b6ef2 100644 --- a/app/user.go +++ b/app/user.go @@ -34,35 +34,42 @@ import ( const ( TOKEN_TYPE_PASSWORD_RECOVERY = "password_recovery" TOKEN_TYPE_VERIFY_EMAIL = "verify_email" - PASSWORD_RECOVER_EXPIRY_TIME = 1000 * 60 * 60 // 1 hour + TOKEN_TYPE_TEAM_INVITATION = "team_invitation" + PASSWORD_RECOVER_EXPIRY_TIME = 1000 * 60 * 60 // 1 hour + TEAM_INVITATION_EXPIRY_TIME = 1000 * 60 * 60 * 48 // 48 hours IMAGE_PROFILE_PIXEL_DIMENSION = 128 ) -func (a *App) CreateUserWithHash(user *model.User, hash string, data string) (*model.User, *model.AppError) { +func (a *App) CreateUserWithToken(user *model.User, tokenId string) (*model.User, *model.AppError) { if err := a.IsUserSignUpAllowed(); err != nil { return nil, err } - props := model.MapFromJson(strings.NewReader(data)) + result := <-a.Srv.Store.Token().GetByToken(tokenId) + if result.Err != nil { + return nil, model.NewAppError("CreateUserWithToken", "api.user.create_user.signup_link_invalid.app_error", nil, result.Err.Error(), http.StatusBadRequest) + } - if hash != utils.HashSha256(fmt.Sprintf("%v:%v", data, a.Config().EmailSettings.InviteSalt)) { - return nil, model.NewAppError("CreateUserWithHash", "api.user.create_user.signup_link_invalid.app_error", nil, "", http.StatusInternalServerError) + token := result.Data.(*model.Token) + if token.Type != TOKEN_TYPE_TEAM_INVITATION { + return nil, model.NewAppError("CreateUserWithToken", "api.user.create_user.signup_link_invalid.app_error", nil, "", http.StatusBadRequest) } - if t, err := strconv.ParseInt(props["time"], 10, 64); err != nil || model.GetMillis()-t > 1000*60*60*48 { // 48 hours - return nil, model.NewAppError("CreateUserWithHash", "api.user.create_user.signup_link_expired.app_error", nil, "", http.StatusInternalServerError) + if model.GetMillis()-token.CreateAt >= TEAM_INVITATION_EXPIRY_TIME { + a.DeleteToken(token) + return nil, model.NewAppError("CreateUserWithToken", "api.user.create_user.signup_link_expired.app_error", nil, "", http.StatusBadRequest) } - teamId := props["id"] + tokenData := model.MapFromJson(strings.NewReader(token.Extra)) var team *model.Team - if result := <-a.Srv.Store.Team().Get(teamId); result.Err != nil { + if result := <-a.Srv.Store.Team().Get(tokenData["teamId"]); result.Err != nil { return nil, result.Err } else { team = result.Data.(*model.Team) } - user.Email = props["email"] + user.Email = tokenData["email"] user.EmailVerified = true var ruser *model.User @@ -77,6 +84,10 @@ func (a *App) CreateUserWithHash(user *model.User, hash string, data string) (*m a.AddDirectChannels(team.Id, ruser) + if err := a.DeleteToken(token); err != nil { + return nil, err + } + return ruser, nil } |