path: root/app
diff options
Diffstat (limited to 'app')
8 files changed, 255 insertions, 31 deletions
diff --git a/app/diagnostics.go b/app/diagnostics.go
index 966cdb5be..dc0ab4ce8 100644
--- a/app/diagnostics.go
+++ b/app/diagnostics.go
@@ -297,13 +297,14 @@ func (a *App) trackConfig() {
a.SendDiagnostic(TRACK_CONFIG_SQL, map[string]interface{}{
- "driver_name": *cfg.SqlSettings.DriverName,
- "trace": cfg.SqlSettings.Trace,
- "max_idle_conns": *cfg.SqlSettings.MaxIdleConns,
- "max_open_conns": *cfg.SqlSettings.MaxOpenConns,
- "data_source_replicas": len(cfg.SqlSettings.DataSourceReplicas),
- "data_source_search_replicas": len(cfg.SqlSettings.DataSourceSearchReplicas),
- "query_timeout": *cfg.SqlSettings.QueryTimeout,
+ "driver_name": *cfg.SqlSettings.DriverName,
+ "trace": cfg.SqlSettings.Trace,
+ "max_idle_conns": *cfg.SqlSettings.MaxIdleConns,
+ "conn_max_lifetime_milliseconds": *cfg.SqlSettings.ConnMaxLifetimeMilliseconds,
+ "max_open_conns": *cfg.SqlSettings.MaxOpenConns,
+ "data_source_replicas": len(cfg.SqlSettings.DataSourceReplicas),
+ "data_source_search_replicas": len(cfg.SqlSettings.DataSourceSearchReplicas),
+ "query_timeout": *cfg.SqlSettings.QueryTimeout,
a.SendDiagnostic(TRACK_CONFIG_LOG, map[string]interface{}{
diff --git a/app/import.go b/app/import.go
index 64e53fe93..baf936567 100644
--- a/app/import.go
+++ b/app/import.go
@@ -1062,10 +1062,24 @@ func (a *App) ImportUserTeams(user *model.User, data *[]UserTeamImportData) *mod
var roles string
+ isSchemeUser := true
+ isSchemeAdmin := false
if tdata.Roles == nil {
- roles = model.TEAM_USER_ROLE_ID
+ isSchemeUser = true
} else {
- roles = *tdata.Roles
+ rawRoles := *tdata.Roles
+ explicitRoles := []string{}
+ for _, role := range strings.Fields(rawRoles) {
+ if role == model.TEAM_USER_ROLE_ID {
+ isSchemeUser = true
+ } else if role == model.TEAM_ADMIN_ROLE_ID {
+ isSchemeAdmin = true
+ } else {
+ explicitRoles = append(explicitRoles, role)
+ }
+ }
+ roles = strings.Join(explicitRoles, " ")
var member *model.TeamMember
@@ -1073,12 +1087,16 @@ func (a *App) ImportUserTeams(user *model.User, data *[]UserTeamImportData) *mod
return err
- if member.Roles != roles {
+ if member.ExplicitRoles != roles {
if _, err := a.UpdateTeamMemberRoles(team.Id, user.Id, roles); err != nil {
return err
+ if member.SchemeAdmin != isSchemeAdmin || member.SchemeUser != isSchemeUser {
+ a.UpdateTeamMemberSchemeRoles(team.Id, user.Id, isSchemeUser, isSchemeAdmin)
+ }
if defaultChannel, err := a.GetChannelByName(model.DEFAULT_CHANNEL, team.Id); err != nil {
return err
} else if _, err = a.addUserToChannel(user, defaultChannel, member); err != nil {
@@ -1108,10 +1126,24 @@ func (a *App) ImportUserChannels(user *model.User, team *model.Team, teamMember
var roles string
+ isSchemeUser := true
+ isSchemeAdmin := false
if cdata.Roles == nil {
- roles = model.CHANNEL_USER_ROLE_ID
+ isSchemeUser = true
} else {
- roles = *cdata.Roles
+ rawRoles := *cdata.Roles
+ explicitRoles := []string{}
+ for _, role := range strings.Fields(rawRoles) {
+ if role == model.CHANNEL_USER_ROLE_ID {
+ isSchemeUser = true
+ } else if role == model.CHANNEL_ADMIN_ROLE_ID {
+ isSchemeAdmin = true
+ } else {
+ explicitRoles = append(explicitRoles, role)
+ }
+ }
+ roles = strings.Join(explicitRoles, " ")
var member *model.ChannelMember
@@ -1123,12 +1155,16 @@ func (a *App) ImportUserChannels(user *model.User, team *model.Team, teamMember
- if member.Roles != roles {
+ if member.ExplicitRoles != roles {
if _, err := a.UpdateChannelMemberRoles(channel.Id, user.Id, roles); err != nil {
return err
+ if member.SchemeAdmin != isSchemeAdmin || member.SchemeUser != isSchemeUser {
+ a.UpdateChannelMemberSchemeRoles(channel.Id, user.Id, isSchemeUser, isSchemeAdmin)
+ }
if cdata.NotifyProps != nil {
notifyProps := member.NotifyProps
@@ -1200,7 +1236,7 @@ func validateUserImportData(data *UserImportData) *model.AppError {
if data.Password != nil && len(*data.Password) == 0 {
- return model.NewAppError("BulkImport", "app.import.validate_user_import_data.pasword_length.error", nil, "", http.StatusBadRequest)
+ return model.NewAppError("BulkImport", "app.import.validate_user_import_data.password_length.error", nil, "", http.StatusBadRequest)
if data.Password != nil && len(*data.Password) > model.USER_PASSWORD_MAX_LENGTH {
diff --git a/app/import_test.go b/app/import_test.go
index b27290289..e7bc055a4 100644
--- a/app/import_test.go
+++ b/app/import_test.go
@@ -2598,6 +2598,126 @@ func TestImportImportUser(t *testing.T) {
checkNotifyProp(t, user, model.CHANNEL_MENTIONS_NOTIFY_PROP, "false")
checkNotifyProp(t, user, model.COMMENTS_NOTIFY_PROP, model.COMMENTS_NOTIFY_ANY)
checkNotifyProp(t, user, model.MENTION_KEYS_NOTIFY_PROP, "misc")
+ // Test importing a user with roles set to a team and a channel which are affected by an override scheme.
+ // The import subsystem should translate `channel_admin/channel_user/team_admin/team_user`
+ // to the appropriate scheme-managed-role booleans.
+ // Mark the phase 2 permissions migration as completed.
+ <-th.App.Srv.Store.System().Save(&model.System{Name: model.MIGRATION_KEY_ADVANCED_PERMISSIONS_PHASE_2, Value: "true"})
+ defer func() {
+ <-th.App.Srv.Store.System().PermanentDeleteByName(model.MIGRATION_KEY_ADVANCED_PERMISSIONS_PHASE_2)
+ }()
+ teamSchemeData := &SchemeImportData{
+ Name: ptrStr(model.NewId()),
+ DisplayName: ptrStr(model.NewId()),
+ Scope: ptrStr("team"),
+ DefaultTeamUserRole: &RoleImportData{
+ Name: ptrStr(model.NewId()),
+ DisplayName: ptrStr(model.NewId()),
+ },
+ DefaultTeamAdminRole: &RoleImportData{
+ Name: ptrStr(model.NewId()),
+ DisplayName: ptrStr(model.NewId()),
+ },
+ DefaultChannelUserRole: &RoleImportData{
+ Name: ptrStr(model.NewId()),
+ DisplayName: ptrStr(model.NewId()),
+ },
+ DefaultChannelAdminRole: &RoleImportData{
+ Name: ptrStr(model.NewId()),
+ DisplayName: ptrStr(model.NewId()),
+ },
+ Description: ptrStr("description"),
+ }
+ if err := th.App.ImportScheme(teamSchemeData, false); err != nil {
+ t.Fatalf("Should have succeeded.")
+ }
+ var teamScheme *model.Scheme
+ if res := <-th.App.Srv.Store.Scheme().GetByName(*teamSchemeData.Name); res.Err != nil {
+ t.Fatalf("Failed to import scheme: %v", res.Err)
+ } else {
+ teamScheme = res.Data.(*model.Scheme)
+ }
+ teamData := &TeamImportData{
+ Name: ptrStr(model.NewId()),
+ DisplayName: ptrStr("Display Name"),
+ Type: ptrStr("O"),
+ Description: ptrStr("The team description."),
+ AllowOpenInvite: ptrBool(true),
+ Scheme: &teamScheme.Name,
+ }
+ if err := th.App.ImportTeam(teamData, false); err != nil {
+ t.Fatalf("Import should have succeeded: %v", err.Error())
+ }
+ team, err = th.App.GetTeamByName(teamName)
+ if err != nil {
+ t.Fatalf("Failed to get team from database.")
+ }
+ channelData := &ChannelImportData{
+ Team: &teamName,
+ Name: ptrStr(model.NewId()),
+ DisplayName: ptrStr("Display Name"),
+ Type: ptrStr("O"),
+ Header: ptrStr("Channe Header"),
+ Purpose: ptrStr("Channel Purpose"),
+ }
+ if err := th.App.ImportChannel(channelData, false); err != nil {
+ t.Fatalf("Import should have succeeded.")
+ }
+ channel, err = th.App.GetChannelByName(*channelData.Name, team.Id)
+ if err != nil {
+ t.Fatalf("Failed to get channel from database: %v", err.Error())
+ }
+ // Test with a valid team & valid channel name in apply mode.
+ userData := &UserImportData{
+ Username: &username,
+ Email: ptrStr(model.NewId() + ""),
+ Teams: &[]UserTeamImportData{
+ {
+ Name: &team.Name,
+ Roles: ptrStr("team_user team_admin"),
+ Channels: &[]UserChannelImportData{
+ {
+ Name: &channel.Name,
+ Roles: ptrStr("channel_admin channel_user"),
+ },
+ },
+ },
+ },
+ }
+ if err := th.App.ImportUser(userData, false); err != nil {
+ t.Fatalf("Should have succeeded.")
+ }
+ user, err = th.App.GetUserByUsername(*userData.Username)
+ if err != nil {
+ t.Fatalf("Failed to get user from database.")
+ }
+ teamMember, err := th.App.GetTeamMember(team.Id, user.Id)
+ if err != nil {
+ t.Fatalf("Failed to get the team member")
+ }
+ assert.True(t, teamMember.SchemeAdmin)
+ assert.True(t, teamMember.SchemeUser)
+ assert.Equal(t, "", teamMember.ExplicitRoles)
+ channelMember, err := th.App.GetChannelMember(channel.Id, user.Id)
+ if err != nil {
+ t.Fatalf("Failed to get the channel member")
+ }
+ assert.True(t, channelMember.SchemeAdmin)
+ assert.True(t, channelMember.SchemeUser)
+ assert.Equal(t, "", channelMember.ExplicitRoles)
func AssertAllPostsCount(t *testing.T, a *App, initialCount int64, change int64, teamName string) {
diff --git a/app/server.go b/app/server.go
index d71a884d2..769690295 100644
--- a/app/server.go
+++ b/app/server.go
@@ -92,15 +92,23 @@ func (cw *CorsWrapper) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-func redirectHTTPToHTTPS(w http.ResponseWriter, r *http.Request) {
- if r.Host == "" {
- http.Error(w, "Not Found", http.StatusNotFound)
+func handleHTTPRedirect(w http.ResponseWriter, r *http.Request) {
+ if r.Method != "GET" && r.Method != "HEAD" {
+ http.Error(w, "Use HTTPS", http.StatusBadRequest)
+ return
+ target := "https://" + stripPort(r.Host) + r.URL.RequestURI()
+ http.Redirect(w, r, target, http.StatusFound)
- url := r.URL
- url.Host = r.Host
- url.Scheme = "https"
- http.Redirect(w, r, url.String(), http.StatusFound)
+func stripPort(hostport string) string {
+ host, _, err := net.SplitHostPort(hostport)
+ if err != nil {
+ return hostport
+ }
+ return net.JoinHostPort(host, "443")
func (a *App) StartServer() error {
@@ -182,7 +190,7 @@ func (a *App) StartServer() error {
defer redirectListener.Close()
server := &http.Server{
- Handler: handler,
+ Handler: http.HandlerFunc(handleHTTPRedirect),
ErrorLog: a.Log.StdLog(mlog.String("source", "forwarder_server")),
diff --git a/app/session.go b/app/session.go
index 53170cec0..5289aefaa 100644
--- a/app/session.go
+++ b/app/session.go
@@ -227,6 +227,9 @@ func (a *App) AttachDeviceId(sessionId string, deviceId string, expiresAt int64)
func (a *App) UpdateLastActivityAtIfNeeded(session model.Session) {
now := model.GetMillis()
+ a.UpdateWebConnUserActivity(session, now)
if now-session.LastActivityAt < model.SESSION_ACTIVITY_TIMEOUT {
diff --git a/app/status.go b/app/status.go
index e2367a396..460cbbbd0 100644
--- a/app/status.go
+++ b/app/status.go
@@ -161,6 +161,22 @@ func (a *App) GetUserStatusesByIds(userIds []string) ([]*model.Status, *model.Ap
return statusMap, nil
+// SetStatusLastActivityAt sets the last activity at for a user on the local app server and updates
+// status to away if needed. Used by the WS to set status to away if an 'online' device disconnects
+// while an 'away' device is still connected
+func (a *App) SetStatusLastActivityAt(userId string, activityAt int64) {
+ var status *model.Status
+ var err *model.AppError
+ if status, err = a.GetStatus(userId); err != nil {
+ return
+ }
+ status.LastActivityAt = activityAt
+ a.AddStatusCacheSkipClusterSend(status)
+ a.SetStatusAwayIfNeeded(userId, false)
func (a *App) SetStatusOnline(userId string, sessionId string, manual bool) {
if !*a.Config().ServiceSettings.EnableUserStatuses {
diff --git a/app/web_conn.go b/app/web_conn.go
index 9d8134f34..dd01a8e31 100644
--- a/app/web_conn.go
+++ b/app/web_conn.go
@@ -33,6 +33,7 @@ type WebConn struct {
Send chan model.WebSocketMessage
sessionToken atomic.Value
session atomic.Value
+ LastUserActivityAt int64
UserId string
T goi18n.TranslateFunc
Locale string
@@ -52,14 +53,15 @@ func (a *App) NewWebConn(ws *websocket.Conn, session model.Session, t goi18n.Tra
wc := &WebConn{
- App: a,
- Send: make(chan model.WebSocketMessage, SEND_QUEUE_SIZE),
- WebSocket: ws,
- UserId: session.UserId,
- T: t,
- Locale: locale,
- endWritePump: make(chan struct{}, 2),
- pumpFinished: make(chan struct{}, 1),
+ App: a,
+ Send: make(chan model.WebSocketMessage, SEND_QUEUE_SIZE),
+ WebSocket: ws,
+ LastUserActivityAt: model.GetMillis(),
+ UserId: session.UserId,
+ T: t,
+ Locale: locale,
+ endWritePump: make(chan struct{}, 2),
+ pumpFinished: make(chan struct{}, 1),
diff --git a/app/web_hub.go b/app/web_hub.go
index 2ce78b5ef..5bb86ee38 100644
--- a/app/web_hub.go
+++ b/app/web_hub.go
@@ -23,6 +23,12 @@ const (
DEADLOCK_WARN = (BROADCAST_QUEUE_SIZE * 99) / 100 // number of buffered messages before printing stack trace
+type WebConnActivityMessage struct {
+ UserId string
+ SessionToken string
+ ActivityAt int64
type Hub struct {
// connectionCount should be kept first.
// See
@@ -35,6 +41,7 @@ type Hub struct {
stop chan struct{}
didStop chan struct{}
invalidateUser chan string
+ activity chan *WebConnActivityMessage
ExplicitStop bool
goroutineId int
@@ -48,6 +55,7 @@ func (a *App) NewWebHub() *Hub {
stop: make(chan struct{}),
didStop: make(chan struct{}),
invalidateUser: make(chan string),
+ activity: make(chan *WebConnActivityMessage),
ExplicitStop: false,
@@ -330,6 +338,13 @@ func (a *App) InvalidateWebConnSessionCacheForUser(userId string) {
+func (a *App) UpdateWebConnUserActivity(session model.Session, activityAt int64) {
+ hub := a.GetHubForUserId(session.UserId)
+ if hub != nil {
+ hub.UpdateActivity(session.UserId, session.Token, activityAt)
+ }
func (h *Hub) Register(webConn *WebConn) {
h.register <- webConn
@@ -355,6 +370,10 @@ func (h *Hub) InvalidateUser(userId string) {
h.invalidateUser <- userId
+func (h *Hub) UpdateActivity(userId, sessionToken string, activityAt int64) {
+ h.activity <- &WebConnActivityMessage{UserId: userId, SessionToken: sessionToken, ActivityAt: activityAt}
func getGoroutineId() int {
var buf [64]byte
n := runtime.Stack(buf[:], false)
@@ -395,15 +414,34 @@ func (h *Hub) Start() {
- if len(connections.ForUser(webCon.UserId)) == 0 {
+ conns := connections.ForUser(webCon.UserId)
+ if len(conns) == 0 { {, false)
+ } else {
+ var latestActivity int64 = 0
+ for _, conn := range conns {
+ if conn.LastUserActivityAt > latestActivity {
+ latestActivity = conn.LastUserActivityAt
+ }
+ }
+ if {
+ {
+, latestActivity)
+ })
+ }
case userId := <-h.invalidateUser:
for _, webCon := range connections.ForUser(userId) {
+ case activity := <-h.activity:
+ for _, webCon := range connections.ForUser(activity.UserId) {
+ if webCon.GetSessionToken() == activity.SessionToken {
+ webCon.LastUserActivityAt = activity.ActivityAt
+ }
+ }
case msg := <-h.broadcast:
candidates := connections.All()
if msg.Broadcast.UserId != "" {