diff options
-rw-r--r-- | api/user.go | 19 | ||||
-rw-r--r-- | api/user_test.go | 39 | ||||
-rw-r--r-- | model/client.go | 11 | ||||
-rw-r--r-- | webapp/client/client.jsx | 9 | ||||
-rw-r--r-- | webapp/tests/client_user.test.jsx | 15 |
5 files changed, 93 insertions, 0 deletions
diff --git a/api/user.go b/api/user.go index 5fcea3367..2507bd740 100644 --- a/api/user.go +++ b/api/user.go @@ -73,6 +73,7 @@ func InitUser() { BaseRoutes.Users.Handle("/claim/ldap_to_email", ApiAppHandler(ldapToEmail)).Methods("POST") BaseRoutes.NeedUser.Handle("/get", ApiUserRequired(getUser)).Methods("GET") + BaseRoutes.Users.Handle("/name/{username:[A-Za-z0-9_\\-.]+}", ApiUserRequired(getByUsername)).Methods("GET") BaseRoutes.NeedUser.Handle("/sessions", ApiUserRequired(getSessions)).Methods("GET") BaseRoutes.NeedUser.Handle("/audits", ApiUserRequired(getAudits)).Methods("GET") BaseRoutes.NeedUser.Handle("/image", ApiUserRequiredTrustRequester(getProfileImage)).Methods("GET") @@ -954,6 +955,24 @@ func getUser(c *Context, w http.ResponseWriter, r *http.Request) { } } +func getByUsername(c *Context, w http.ResponseWriter, r *http.Request) { + params := mux.Vars(r) + username := params["username"] + + if result := <-Srv.Store.User().GetByUsername(username); result.Err != nil { + c.Err = result.Err + return + } else if HandleEtag(result.Data.(*model.User).Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress), w, r) { + return + } else { + user := sanitizeProfile(c, result.Data.(*model.User)) + + w.Header().Set(model.HEADER_ETAG_SERVER, user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress)) + w.Write([]byte(result.Data.(*model.User).ToJson())) + return + } +} + func getProfiles(c *Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) diff --git a/api/user_test.go b/api/user_test.go index bc804ca11..a10cee961 100644 --- a/api/user_test.go +++ b/api/user_test.go @@ -2339,3 +2339,42 @@ func TestAutocompleteUsers(t *testing.T) { t.Fatal("should have errored - bad team id") } } + +func TestGetByUsername(t *testing.T) { + th := Setup().InitBasic() + Client := th.BasicClient + + if result, err := Client.GetByUsername(th.BasicUser.Username, ""); err != nil { + t.Fatal("Failed to get user") + } else { + if result.Data.(*model.User).Password != "" { + t.Fatal("User shouldn't have any password data once set") + } + } + + emailPrivacy := utils.Cfg.PrivacySettings.ShowEmailAddress + namePrivacy := utils.Cfg.PrivacySettings.ShowFullName + defer func() { + utils.Cfg.PrivacySettings.ShowEmailAddress = emailPrivacy + utils.Cfg.PrivacySettings.ShowFullName = namePrivacy + }() + + utils.Cfg.PrivacySettings.ShowEmailAddress = false + utils.Cfg.PrivacySettings.ShowFullName = false + + if result, err := Client.GetByUsername(th.BasicUser2.Username, ""); err != nil { + t.Fatal(err) + } else { + u := result.Data.(*model.User) + if u.Password != "" { + t.Fatal("password must be empty") + } + if *u.AuthData != "" { + t.Fatal("auth data must be empty") + } + if u.Email != "" { + t.Fatal("email should be sanitized") + } + } + +} diff --git a/model/client.go b/model/client.go index 1624dc917..32532508f 100644 --- a/model/client.go +++ b/model/client.go @@ -500,6 +500,17 @@ func (c *Client) GetUser(id string, etag string) (*Result, *AppError) { } } +// getByUsername returns a user based on a provided username string. Must be authenticated. +func (c *Client) GetByUsername(username string, etag string) (*Result, *AppError) { + if r, err := c.DoApiGet(fmt.Sprintf("/users/name/%v", username), "", etag); err != nil { + return nil, err + } else { + defer closeBody(r) + return &Result{r.Header.Get(HEADER_REQUEST_ID), + r.Header.Get(HEADER_ETAG_SERVER), UserFromJson(r.Body)}, nil + } +} + // GetMe returns the current user. func (c *Client) GetMe(etag string) (*Result, *AppError) { if r, err := c.DoApiGet("/users/me", "", etag); err != nil { diff --git a/webapp/client/client.jsx b/webapp/client/client.jsx index 538e82a72..092c2da4a 100644 --- a/webapp/client/client.jsx +++ b/webapp/client/client.jsx @@ -921,6 +921,15 @@ export default class Client { end(this.handleResponse.bind(this, 'getUser', success, error)); } + getByUsername(userName, success, error) { + request. + get(`${this.getUsersRoute()}/name/${userName}`). + set(this.defaultHeaders). + type('application/json'). + accept('application/json'). + end(this.handleResponse.bind(this, 'getByUsername', success, error)); + } + login(loginId, password, mfaToken, success, error) { this.doLogin({login_id: loginId, password, token: mfaToken}, success, error); diff --git a/webapp/tests/client_user.test.jsx b/webapp/tests/client_user.test.jsx index 5e70c5c3e..2e5b80dd7 100644 --- a/webapp/tests/client_user.test.jsx +++ b/webapp/tests/client_user.test.jsx @@ -36,6 +36,21 @@ describe('Client.User', function() { }); }); + it('getByUsername', function(done) { + TestHelper.initBasic(() => { + TestHelper.basicClient().getByUsername( + TestHelper.basicUser().username, + function(data) { + assert.equal(data.username, TestHelper.basicUser().username); + done(); + }, + function(err) { + done(new Error(err.message)); + } + ); + }); + }); + it('getInitialLoad', function(done) { TestHelper.initBasic(() => { TestHelper.basicClient().getInitialLoad( |