diff options
author | Joram Wilander <jwawilander@gmail.com> | 2015-10-05 11:48:10 -0400 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2015-10-05 11:48:10 -0400 |
commit | b591c4b32ee7cb5ea54738f9cb2bcb95b9583496 (patch) | |
tree | d5494bbc684888994531fd433f6b78b62fb0080a /web | |
parent | 5d3649b5a478766261832e83236d7cb80e490f8b (diff) | |
parent | ef55d7f244cb727402a7c0a570efd719e794cf66 (diff) | |
download | chat-b591c4b32ee7cb5ea54738f9cb2bcb95b9583496.tar.gz chat-b591c4b32ee7cb5ea54738f9cb2bcb95b9583496.tar.bz2 chat-b591c4b32ee7cb5ea54738f9cb2bcb95b9583496.zip |
Merge pull request #914 from mattermost/plt-297
PLT-297 Add ability to override username and icon for posts from incoming webhooks.
Diffstat (limited to 'web')
-rw-r--r-- | web/react/components/admin_console/service_settings.jsx | 70 | ||||
-rw-r--r-- | web/react/components/post.jsx | 9 | ||||
-rw-r--r-- | web/react/components/post_header.jsx | 20 | ||||
-rw-r--r-- | web/react/components/post_list.jsx | 15 | ||||
-rw-r--r-- | web/react/components/user_profile.jsx | 16 | ||||
-rw-r--r-- | web/sass-files/sass/partials/_post.scss | 8 | ||||
-rw-r--r-- | web/web.go | 18 |
7 files changed, 147 insertions, 9 deletions
diff --git a/web/react/components/admin_console/service_settings.jsx b/web/react/components/admin_console/service_settings.jsx index 245ffa871..b2d1b7b4d 100644 --- a/web/react/components/admin_console/service_settings.jsx +++ b/web/react/components/admin_console/service_settings.jsx @@ -37,6 +37,8 @@ export default class ServiceSettings extends React.Component { config.ServiceSettings.GoogleDeveloperKey = React.findDOMNode(this.refs.GoogleDeveloperKey).value.trim(); //config.ServiceSettings.EnableOAuthServiceProvider = React.findDOMNode(this.refs.EnableOAuthServiceProvider).checked; config.ServiceSettings.EnableIncomingWebhooks = React.findDOMNode(this.refs.EnableIncomingWebhooks).checked; + config.ServiceSettings.EnablePostUsernameOverride = React.findDOMNode(this.refs.EnablePostUsernameOverride).checked; + config.ServiceSettings.EnablePostIconOverride = React.findDOMNode(this.refs.EnablePostIconOverride).checked; config.ServiceSettings.EnableTesting = React.findDOMNode(this.refs.EnableTesting).checked; var MaximumLoginAttempts = 10; @@ -199,7 +201,73 @@ export default class ServiceSettings extends React.Component { /> {'false'} </label> - <p className='help-text'>{'When true, incoming webhooks will be allowed.'}</p> + <p className='help-text'>{'When true, incoming webhooks will be allowed. To help combat phishing attacks, all posts from webhooks will be labelled by a BOT tag.'}</p> + </div> + </div> + + <div className='form-group'> + <label + className='control-label col-sm-4' + htmlFor='EnablePostUsernameOverride' + > + {'Enable Overriding Usernames from Webhooks: '} + </label> + <div className='col-sm-8'> + <label className='radio-inline'> + <input + type='radio' + name='EnablePostUsernameOverride' + value='true' + ref='EnablePostUsernameOverride' + defaultChecked={this.props.config.ServiceSettings.EnablePostUsernameOverride} + onChange={this.handleChange} + /> + {'true'} + </label> + <label className='radio-inline'> + <input + type='radio' + name='EnablePostUsernameOverride' + value='false' + defaultChecked={!this.props.config.ServiceSettings.EnablePostUsernameOverride} + onChange={this.handleChange} + /> + {'false'} + </label> + <p className='help-text'>{'When true, webhooks will be allowed to change the username they are posting as. Note, combined with allowing icon overriding, this could open users up to phishing attacks.'}</p> + </div> + </div> + + <div className='form-group'> + <label + className='control-label col-sm-4' + htmlFor='EnablePostIconOverride' + > + {'Enable Overriding Icon from Webhooks: '} + </label> + <div className='col-sm-8'> + <label className='radio-inline'> + <input + type='radio' + name='EnablePostIconOverride' + value='true' + ref='EnablePostIconOverride' + defaultChecked={this.props.config.ServiceSettings.EnablePostIconOverride} + onChange={this.handleChange} + /> + {'true'} + </label> + <label className='radio-inline'> + <input + type='radio' + name='EnablePostIconOverride' + value='false' + defaultChecked={!this.props.config.ServiceSettings.EnablePostIconOverride} + onChange={this.handleChange} + /> + {'false'} + </label> + <p className='help-text'>{'When true, webhooks will be allowed to change the icon they post with. Note, combined with allowing username overriding, this could open users up to phishing attacks.'}</p> </div> </div> diff --git a/web/react/components/post.jsx b/web/react/components/post.jsx index 9127f00de..ac9c9252e 100644 --- a/web/react/components/post.jsx +++ b/web/react/components/post.jsx @@ -158,11 +158,18 @@ export default class Post extends React.Component { var profilePic = null; if (!this.props.hideProfilePic) { + let src = '/api/v1/users/' + post.user_id + '/image?time=' + timestamp; + if (post.props && post.props.from_webhook && global.window.config.EnablePostIconOverride === 'true') { + if (post.props.override_icon_url) { + src = post.props.override_icon_url; + } + } + profilePic = ( <div className='post-profile-img__container'> <img className='post-profile-img' - src={'/api/v1/users/' + post.user_id + '/image?time=' + timestamp} + src={src} height='36' width='36' /> diff --git a/web/react/components/post_header.jsx b/web/react/components/post_header.jsx index 9dc525e03..dd79b3e36 100644 --- a/web/react/components/post_header.jsx +++ b/web/react/components/post_header.jsx @@ -12,9 +12,27 @@ export default class PostHeader extends React.Component { render() { var post = this.props.post; + let userProfile = <UserProfile userId={post.user_id} />; + let botIndicator; + + if (post.props && post.props.from_webhook) { + if (post.props.override_username && global.window.config.EnablePostUsernameOverride === 'true') { + userProfile = ( + <UserProfile + userId={post.user_id} + overwriteName={post.props.override_username} + disablePopover={true} + /> + ); + } + + botIndicator = <li className='post-header-col post-header__name bot-indicator'>{'BOT'}</li>; + } + return ( <ul className='post-header post-header-post'> - <li className='post-header-col post-header__name'><strong><UserProfile userId={post.user_id} /></strong></li> + <li className='post-header-col post-header__name'><strong>{userProfile}</strong></li> + {botIndicator} <li className='post-info--hidden'> <PostInfo post={post} diff --git a/web/react/components/post_list.jsx b/web/react/components/post_list.jsx index a31967257..b90197ac4 100644 --- a/web/react/components/post_list.jsx +++ b/web/react/components/post_list.jsx @@ -516,8 +516,19 @@ export default class PostList extends React.Component { sameRoot = utils.isComment(post) && (prevPost.id === post.root_id || prevPost.root_id === post.root_id); - // we only hide the profile pic if the previous post is not a comment, the current post is not a comment, and the previous post was made by the same user as the current post - hideProfilePic = (prevPost.user_id === post.user_id) && !utils.isComment(prevPost) && !utils.isComment(post); + // hide the profile pic if: + // the previous post was made by the same user as the current post, + // the previous post is not a comment, + // the current post is not a comment, + // the current post is not from a webhook + // and the previous post is not from a webhook + if ((prevPost.user_id === post.user_id) && + !utils.isComment(prevPost) && + !utils.isComment(post) && + (!post.props || !post.props.from_webhook) && + (!prevPost.props || !prevPost.props.from_webhook)) { + hideProfilePic = true; + } } // check if it's the last comment in a consecutive string of comments on the same post diff --git a/web/react/components/user_profile.jsx b/web/react/components/user_profile.jsx index c5d028d31..ceb8f52a7 100644 --- a/web/react/components/user_profile.jsx +++ b/web/react/components/user_profile.jsx @@ -31,8 +31,10 @@ export default class UserProfile extends React.Component { } componentDidMount() { UserStore.addChangeListener(this.onChange); - $('#profile_' + this.uniqueId).popover({placement: 'right', container: 'body', trigger: 'hover', html: true, delay: {show: 200, hide: 100}}); - $('body').tooltip({selector: '[data-toggle=tooltip]', trigger: 'hover click'}); + if (!this.props.disablePopover) { + $('#profile_' + this.uniqueId).popover({placement: 'right', container: 'body', trigger: 'hover', html: true, delay: {show: 200, hide: 100}}); + $('body').tooltip({selector: '[data-toggle=tooltip]', trigger: 'hover click'}); + } } componentWillUnmount() { UserStore.removeChangeListener(this.onChange); @@ -56,6 +58,10 @@ export default class UserProfile extends React.Component { name = this.props.overwriteName; } + if (this.props.disablePopover) { + return <div>{name}</div>; + } + var dataContent = '<img class="user-popover__image" src="/api/v1/users/' + this.state.profile.id + '/image?time=' + this.state.profile.update_at + '" height="128" width="128" />'; if (!global.window.config.ShowEmailAddress === 'true') { dataContent += '<div class="text-nowrap">Email not shared</div>'; @@ -79,9 +85,11 @@ export default class UserProfile extends React.Component { UserProfile.defaultProps = { userId: '', - overwriteName: '' + overwriteName: '', + disablePopover: false }; UserProfile.propTypes = { userId: React.PropTypes.string, - overwriteName: React.PropTypes.string + overwriteName: React.PropTypes.string, + disablePopover: React.PropTypes.bool }; diff --git a/web/sass-files/sass/partials/_post.scss b/web/sass-files/sass/partials/_post.scss index 7532875d6..8bf4b0534 100644 --- a/web/sass-files/sass/partials/_post.scss +++ b/web/sass-files/sass/partials/_post.scss @@ -509,3 +509,11 @@ body.ios { } } } + +.bot-indicator { + background-color: lightgrey; + border-radius:2px; + padding-left:2px; + padding-right:2px; + font-family:"Courier New" +} diff --git a/web/web.go b/web/web.go index e440699b2..a1bbf5a81 100644 --- a/web/web.go +++ b/web/web.go @@ -884,6 +884,12 @@ func getAccessToken(c *api.Context, w http.ResponseWriter, r *http.Request) { } func incomingWebhook(c *api.Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { + c.Err = model.NewAppError("incomingWebhook", "Incoming webhooks have been disabled by the system admin.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } + params := mux.Vars(r) id := params["id"] @@ -906,6 +912,9 @@ func incomingWebhook(c *api.Context, w http.ResponseWriter, r *http.Request) { channelName := props["channel"] + overrideUsername := props["username"] + overrideIconUrl := props["icon_url"] + var hook *model.IncomingWebhook if result := <-hchan; result.Err != nil { c.Err = model.NewAppError("incomingWebhook", "Invalid webhook", "err="+result.Err.Message) @@ -951,6 +960,15 @@ func incomingWebhook(c *api.Context, w http.ResponseWriter, r *http.Request) { pchan := api.Srv.Store.Channel().CheckPermissionsTo(hook.TeamId, channel.Id, hook.UserId) post := &model.Post{UserId: hook.UserId, ChannelId: channel.Id, Message: text} + post.AddProp("from_webhook", "true") + + if len(overrideUsername) != 0 && utils.Cfg.ServiceSettings.EnablePostUsernameOverride { + post.AddProp("override_username", overrideUsername) + } + + if len(overrideIconUrl) != 0 && utils.Cfg.ServiceSettings.EnablePostIconOverride { + post.AddProp("override_icon_url", overrideIconUrl) + } if !c.HasPermissionsToChannel(pchan, "createIncomingHook") && channel.Type != model.CHANNEL_OPEN { c.Err = model.NewAppError("incomingWebhook", "Inappropriate channel permissions", "") |