diff options
-rw-r--r-- | api4/user_test.go | 51 | ||||
-rw-r--r-- | app/diagnostics.go | 1 | ||||
-rw-r--r-- | app/ldap.go | 8 | ||||
-rw-r--r-- | app/oauth.go | 8 | ||||
-rw-r--r-- | config/default.json | 1 | ||||
-rw-r--r-- | model/config.go | 5 | ||||
-rw-r--r-- | utils/config.go | 2 |
7 files changed, 75 insertions, 1 deletions
diff --git a/api4/user_test.go b/api4/user_test.go index 0c2b86eda..9c554da54 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -2117,6 +2117,57 @@ func TestSwitchAccount(t *testing.T) { t.Fatal("bad link") } + isLicensed := utils.IsLicensed() + license := utils.License() + enableAuthenticationTransfer := *th.App.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer + defer func() { + utils.SetIsLicensed(isLicensed) + utils.SetLicense(license) + th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ExperimentalEnableAuthenticationTransfer = enableAuthenticationTransfer }) + }() + utils.SetIsLicensed(true) + utils.SetLicense(&model.License{Features: &model.Features{}}) + utils.License().Features.SetDefaults() + th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ExperimentalEnableAuthenticationTransfer = false }) + + sr = &model.SwitchRequest{ + CurrentService: model.USER_AUTH_SERVICE_EMAIL, + NewService: model.USER_AUTH_SERVICE_GITLAB, + } + + _, resp = Client.SwitchAccountType(sr) + CheckForbiddenStatus(t, resp) + + th.LoginBasic() + + sr = &model.SwitchRequest{ + CurrentService: model.USER_AUTH_SERVICE_SAML, + NewService: model.USER_AUTH_SERVICE_EMAIL, + Email: th.BasicUser.Email, + NewPassword: th.BasicUser.Password, + } + + _, resp = Client.SwitchAccountType(sr) + CheckForbiddenStatus(t, resp) + + sr = &model.SwitchRequest{ + CurrentService: model.USER_AUTH_SERVICE_EMAIL, + NewService: model.USER_AUTH_SERVICE_LDAP, + } + + _, resp = Client.SwitchAccountType(sr) + CheckForbiddenStatus(t, resp) + + sr = &model.SwitchRequest{ + CurrentService: model.USER_AUTH_SERVICE_LDAP, + NewService: model.USER_AUTH_SERVICE_EMAIL, + } + + _, resp = Client.SwitchAccountType(sr) + CheckForbiddenStatus(t, resp) + + th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ExperimentalEnableAuthenticationTransfer = true }) + th.LoginBasic() fakeAuthData := model.NewId() diff --git a/app/diagnostics.go b/app/diagnostics.go index 250b38646..513cf11f5 100644 --- a/app/diagnostics.go +++ b/app/diagnostics.go @@ -194,6 +194,7 @@ func (a *App) trackConfig() { "enable_user_access_tokens": *cfg.ServiceSettings.EnableUserAccessTokens, "enable_custom_emoji": *cfg.ServiceSettings.EnableCustomEmoji, "enable_emoji_picker": *cfg.ServiceSettings.EnableEmojiPicker, + "experimental_enable_authentication_transfer": *cfg.ServiceSettings.ExperimentalEnableAuthenticationTransfer, "restrict_custom_emoji_creation": *cfg.ServiceSettings.RestrictCustomEmojiCreation, "enable_testing": cfg.ServiceSettings.EnableTesting, "enable_developer": *cfg.ServiceSettings.EnableDeveloper, diff --git a/app/ldap.go b/app/ldap.go index a01a4aeb6..49f3d034a 100644 --- a/app/ldap.go +++ b/app/ldap.go @@ -39,6 +39,10 @@ func (a *App) TestLdap() *model.AppError { } func (a *App) SwitchEmailToLdap(email, password, code, ldapId, ldapPassword string) (string, *model.AppError) { + if utils.IsLicensed() && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer { + return "", model.NewAppError("emailToLdap", "api.user.email_to_ldap.not_available.app_error", nil, "", http.StatusForbidden) + } + user, err := a.GetUserByEmail(email) if err != nil { return "", err @@ -71,6 +75,10 @@ func (a *App) SwitchEmailToLdap(email, password, code, ldapId, ldapPassword stri } func (a *App) SwitchLdapToEmail(ldapPassword, code, email, newPassword string) (string, *model.AppError) { + if utils.IsLicensed() && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer { + return "", model.NewAppError("ldapToEmail", "api.user.ldap_to_email.not_available.app_error", nil, "", http.StatusForbidden) + } + user, err := a.GetUserByEmail(email) if err != nil { return "", err diff --git a/app/oauth.go b/app/oauth.go index f27facbec..3202ac5ed 100644 --- a/app/oauth.go +++ b/app/oauth.go @@ -717,6 +717,10 @@ func (a *App) AuthorizeOAuthUser(w http.ResponseWriter, r *http.Request, service } func (a *App) SwitchEmailToOAuth(w http.ResponseWriter, r *http.Request, email, password, code, service string) (string, *model.AppError) { + if utils.IsLicensed() && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer { + return "", model.NewAppError("emailToOAuth", "api.user.email_to_oauth.not_available.app_error", nil, "", http.StatusForbidden) + } + var user *model.User var err *model.AppError if user, err = a.GetUserByEmail(email); err != nil { @@ -743,6 +747,10 @@ func (a *App) SwitchEmailToOAuth(w http.ResponseWriter, r *http.Request, email, } func (a *App) SwitchOAuthToEmail(email, password, requesterId string) (string, *model.AppError) { + if utils.IsLicensed() && !*a.Config().ServiceSettings.ExperimentalEnableAuthenticationTransfer { + return "", model.NewAppError("oauthToEmail", "api.user.oauth_to_email.not_available.app_error", nil, "", http.StatusForbidden) + } + var user *model.User var err *model.AppError if user, err = a.GetUserByEmail(email); err != nil { diff --git a/config/default.json b/config/default.json index 96eb0ed63..e6f9cab1b 100644 --- a/config/default.json +++ b/config/default.json @@ -46,6 +46,7 @@ "RestrictPostDelete": "all", "AllowEditPost": "always", "PostEditTimeLimit": 300, + "ExperimentalEnableAuthenticationTransfer": true, "TimeBetweenUserTypingUpdatesMilliseconds": 5000, "EnablePostSearch": true, "EnableUserTypingMessages": true, diff --git a/model/config.go b/model/config.go index 00322156e..e2f05d72e 100644 --- a/model/config.go +++ b/model/config.go @@ -203,6 +203,7 @@ type ServiceSettings struct { EnableUserTypingMessages *bool EnableChannelViewedMessages *bool EnableUserStatuses *bool + ExperimentalEnableAuthenticationTransfer *bool ClusterLogTimeoutMilliseconds *int CloseUnusedDirectMessages *bool EnablePreviewFeatures *bool @@ -391,6 +392,10 @@ func (s *ServiceSettings) SetDefaults() { s.AllowEditPost = NewString(ALLOW_EDIT_POST_ALWAYS) } + if s.ExperimentalEnableAuthenticationTransfer == nil { + s.ExperimentalEnableAuthenticationTransfer = NewBool(true) + } + if s.PostEditTimeLimit == nil { s.PostEditTimeLimit = NewInt(300) } diff --git a/utils/config.go b/utils/config.go index a91a20711..929e39346 100644 --- a/utils/config.go +++ b/utils/config.go @@ -526,7 +526,6 @@ func getClientConfig(c *model.Config) map[string]string { props["EnableEmojiPicker"] = strconv.FormatBool(*c.ServiceSettings.EnableEmojiPicker) props["RestrictCustomEmojiCreation"] = *c.ServiceSettings.RestrictCustomEmojiCreation props["MaxFileSize"] = strconv.FormatInt(*c.FileSettings.MaxFileSize, 10) - props["AppDownloadLink"] = *c.NativeAppSettings.AppDownloadLink props["AndroidAppDownloadLink"] = *c.NativeAppSettings.AndroidAppDownloadLink props["IosAppDownloadLink"] = *c.NativeAppSettings.IosAppDownloadLink @@ -547,6 +546,7 @@ func getClientConfig(c *model.Config) map[string]string { if IsLicensed() { License := License() props["ExperimentalTownSquareIsReadOnly"] = strconv.FormatBool(*c.TeamSettings.ExperimentalTownSquareIsReadOnly) + props["ExperimentalEnableAuthenticationTransfer"] = strconv.FormatBool(*c.ServiceSettings.ExperimentalEnableAuthenticationTransfer) if *License.Features.CustomBrand { props["EnableCustomBrand"] = strconv.FormatBool(*c.TeamSettings.EnableCustomBrand) |