diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/user.go | 19 | ||||
-rw-r--r-- | api/user_test.go | 39 |
2 files changed, 58 insertions, 0 deletions
diff --git a/api/user.go b/api/user.go index 5fcea3367..2507bd740 100644 --- a/api/user.go +++ b/api/user.go @@ -73,6 +73,7 @@ func InitUser() { BaseRoutes.Users.Handle("/claim/ldap_to_email", ApiAppHandler(ldapToEmail)).Methods("POST") BaseRoutes.NeedUser.Handle("/get", ApiUserRequired(getUser)).Methods("GET") + BaseRoutes.Users.Handle("/name/{username:[A-Za-z0-9_\\-.]+}", ApiUserRequired(getByUsername)).Methods("GET") BaseRoutes.NeedUser.Handle("/sessions", ApiUserRequired(getSessions)).Methods("GET") BaseRoutes.NeedUser.Handle("/audits", ApiUserRequired(getAudits)).Methods("GET") BaseRoutes.NeedUser.Handle("/image", ApiUserRequiredTrustRequester(getProfileImage)).Methods("GET") @@ -954,6 +955,24 @@ func getUser(c *Context, w http.ResponseWriter, r *http.Request) { } } +func getByUsername(c *Context, w http.ResponseWriter, r *http.Request) { + params := mux.Vars(r) + username := params["username"] + + if result := <-Srv.Store.User().GetByUsername(username); result.Err != nil { + c.Err = result.Err + return + } else if HandleEtag(result.Data.(*model.User).Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress), w, r) { + return + } else { + user := sanitizeProfile(c, result.Data.(*model.User)) + + w.Header().Set(model.HEADER_ETAG_SERVER, user.Etag(utils.Cfg.PrivacySettings.ShowFullName, utils.Cfg.PrivacySettings.ShowEmailAddress)) + w.Write([]byte(result.Data.(*model.User).ToJson())) + return + } +} + func getProfiles(c *Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) diff --git a/api/user_test.go b/api/user_test.go index bc804ca11..a10cee961 100644 --- a/api/user_test.go +++ b/api/user_test.go @@ -2339,3 +2339,42 @@ func TestAutocompleteUsers(t *testing.T) { t.Fatal("should have errored - bad team id") } } + +func TestGetByUsername(t *testing.T) { + th := Setup().InitBasic() + Client := th.BasicClient + + if result, err := Client.GetByUsername(th.BasicUser.Username, ""); err != nil { + t.Fatal("Failed to get user") + } else { + if result.Data.(*model.User).Password != "" { + t.Fatal("User shouldn't have any password data once set") + } + } + + emailPrivacy := utils.Cfg.PrivacySettings.ShowEmailAddress + namePrivacy := utils.Cfg.PrivacySettings.ShowFullName + defer func() { + utils.Cfg.PrivacySettings.ShowEmailAddress = emailPrivacy + utils.Cfg.PrivacySettings.ShowFullName = namePrivacy + }() + + utils.Cfg.PrivacySettings.ShowEmailAddress = false + utils.Cfg.PrivacySettings.ShowFullName = false + + if result, err := Client.GetByUsername(th.BasicUser2.Username, ""); err != nil { + t.Fatal(err) + } else { + u := result.Data.(*model.User) + if u.Password != "" { + t.Fatal("password must be empty") + } + if *u.AuthData != "" { + t.Fatal("auth data must be empty") + } + if u.Email != "" { + t.Fatal("email should be sanitized") + } + } + +} |