diff options
-rw-r--r-- | api4/user.go | 55 | ||||
-rw-r--r-- | api4/user_test.go | 50 | ||||
-rw-r--r-- | i18n/en.json | 8 | ||||
-rw-r--r-- | model/client4.go | 34 |
4 files changed, 144 insertions, 3 deletions
diff --git a/api4/user.go b/api4/user.go index 9fa6568d3..822cd60c4 100644 --- a/api4/user.go +++ b/api4/user.go @@ -23,6 +23,7 @@ func InitUser() { BaseRoutes.User.Handle("", ApiSessionRequired(getUser)).Methods("GET") BaseRoutes.User.Handle("/image", ApiSessionRequired(getProfileImage)).Methods("GET") + BaseRoutes.User.Handle("/image", ApiSessionRequired(setProfileImage)).Methods("POST") BaseRoutes.User.Handle("", ApiSessionRequired(updateUser)).Methods("PUT") BaseRoutes.User.Handle("/patch", ApiSessionRequired(patchUser)).Methods("PUT") BaseRoutes.User.Handle("", ApiSessionRequired(deleteUser)).Methods("DELETE") @@ -197,6 +198,60 @@ func getProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { } } +func setProfileImage(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireUserId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + return + } + + if len(utils.Cfg.FileSettings.DriverName) == 0 { + c.Err = model.NewLocAppError("uploadProfileImage", "api.user.upload_profile_user.storage.app_error", nil, "") + c.Err.StatusCode = http.StatusNotImplemented + return + } + + if r.ContentLength > *utils.Cfg.FileSettings.MaxFileSize { + c.Err = model.NewLocAppError("uploadProfileImage", "api.user.upload_profile_user.too_large.app_error", nil, "") + c.Err.StatusCode = http.StatusRequestEntityTooLarge + return + } + + if err := r.ParseMultipartForm(*utils.Cfg.FileSettings.MaxFileSize); err != nil { + c.Err = model.NewLocAppError("uploadProfileImage", "api.user.upload_profile_user.parse.app_error", nil, "") + return + } + + m := r.MultipartForm + + imageArray, ok := m.File["image"] + if !ok { + c.Err = model.NewLocAppError("uploadProfileImage", "api.user.upload_profile_user.no_file.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + if len(imageArray) <= 0 { + c.Err = model.NewLocAppError("uploadProfileImage", "api.user.upload_profile_user.array.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest + return + } + + imageData := imageArray[0] + + if err := app.SetProfileImage(c.Session.UserId, imageData); err != nil { + c.Err = err + return + } + + c.LogAudit("") + ReturnStatusOK(w) +} + func getUsers(c *Context, w http.ResponseWriter, r *http.Request) { inTeamId := r.URL.Query().Get("in_team") inChannelId := r.URL.Query().Get("in_channel") diff --git a/api4/user_test.go b/api4/user_test.go index 5cdab21f5..c83bc98a9 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -967,15 +967,15 @@ func TestVerify(t *testing.T) { ruser, resp := Client.CreateUser(&user) - hashId := ruser.Id+utils.Cfg.EmailSettings.InviteSalt + hashId := ruser.Id + utils.Cfg.EmailSettings.InviteSalt _, resp = Client.VerifyUserEmail(ruser.Id, hashId) CheckNoError(t, resp) - hashId = ruser.Id+GenerateTestId() + hashId = ruser.Id + GenerateTestId() _, resp = Client.VerifyUserEmail(ruser.Id, hashId) CheckBadRequestStatus(t, resp) - // Comment per request from Joram, he will investigate why it fail with a wrong status + // Comment per request from Joram, he will investigate why it fail with a wrong status // hashId = ruser.Id+GenerateTestId() // _, resp = Client.VerifyUserEmail("", hashId) // CheckBadRequestStatus(t, resp) @@ -983,3 +983,47 @@ func TestVerify(t *testing.T) { _, resp = Client.VerifyUserEmail(ruser.Id, "") CheckBadRequestStatus(t, resp) } + +func TestSetProfileImage(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + user := th.BasicUser + + data, err := readTestFile("test.png") + if err != nil { + t.Fatal(err) + } + + ok, resp := Client.SetProfileImage(user.Id, data) + if !ok { + t.Fatal(resp.Error) + } + CheckNoError(t, resp) + + ok, resp = Client.SetProfileImage(model.NewId(), data) + if ok { + t.Fatal("Should return false, set profile image not allowed") + } + CheckForbiddenStatus(t, resp) + + // status code returns either forbidden or unauthorized + // note: forbidden is set as default at Client4.SetProfileImage when request is terminated early by server + Client.Logout() + _, resp = Client.SetProfileImage(user.Id, data) + if resp.StatusCode == http.StatusForbidden { + CheckForbiddenStatus(t, resp) + } else if resp.StatusCode == http.StatusUnauthorized { + CheckUnauthorizedStatus(t, resp) + } else { + t.Fatal("Should have failed either forbidden or unauthorized") + } + + _, resp = th.SystemAdminClient.SetProfileImage(user.Id, data) + CheckNoError(t, resp) + + info := &model.FileInfo{Path: "users/" + user.Id + "/profile.png"} + if err := cleanupTestFile(info); err != nil { + t.Fatal(err) + } +} diff --git a/i18n/en.json b/i18n/en.json index 312622ef8..d46812bd8 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -3560,6 +3560,14 @@ "translation": "We encountered an error while reading the file" }, { + "id": "model.client.set_profile_user.no_file.app_error", + "translation": "No file under 'image' in request" + }, + { + "id": "model.client.set_profile_user.writer.app_error", + "translation": "Unable to write request" + }, + { "id": "model.command.is_valid.create_at.app_error", "translation": "Create at must be a valid time" }, diff --git a/model/client4.go b/model/client4.go index e6c9192b9..0ccb94009 100644 --- a/model/client4.go +++ b/model/client4.go @@ -505,6 +505,40 @@ func (c *Client4) VerifyUserEmail(userId, hashId string) (bool, *Response) { } } +// SetProfileImage sets profile image of the user +func (c *Client4) SetProfileImage(userId string, data []byte) (bool, *Response) { + body := &bytes.Buffer{} + writer := multipart.NewWriter(body) + + if part, err := writer.CreateFormFile("image", "profile.png"); err != nil { + return false, &Response{Error: NewAppError("SetProfileImage", "model.client.set_profile_user.no_file.app_error", nil, err.Error(), http.StatusBadRequest)} + } else if _, err = io.Copy(part, bytes.NewBuffer(data)); err != nil { + return false, &Response{Error: NewAppError("SetProfileImage", "model.client.set_profile_user.no_file.app_error", nil, err.Error(), http.StatusBadRequest)} + } + + if err := writer.Close(); err != nil { + return false, &Response{Error: NewAppError("SetProfileImage", "model.client.set_profile_user.writer.app_error", nil, err.Error(), http.StatusBadRequest)} + } + + rq, _ := http.NewRequest("POST", c.ApiUrl+c.GetUserRoute(userId)+"/image", bytes.NewReader(body.Bytes())) + rq.Header.Set("Content-Type", writer.FormDataContentType()) + rq.Close = true + + if len(c.AuthToken) > 0 { + rq.Header.Set(HEADER_AUTH, c.AuthType+" "+c.AuthToken) + } + + if rp, err := c.HttpClient.Do(rq); err != nil { + // set to http.StatusForbidden(403) + return false, &Response{StatusCode: http.StatusForbidden, Error: NewAppError(c.GetUserRoute(userId)+"/image", "model.client.connecting.app_error", nil, err.Error(), 403)} + } else if rp.StatusCode >= 300 { + return false, &Response{StatusCode: rp.StatusCode, Error: AppErrorFromJson(rp.Body)} + } else { + defer closeBody(rp) + return CheckStatusOK(rp), BuildResponse(rp) + } +} + // Team Section // CreateTeam creates a team in the system based on the provided team struct. |