diff options
Diffstat (limited to 'web')
-rw-r--r-- | web/react/utils/client.jsx | 16 | ||||
-rw-r--r-- | web/templates/head.html | 17 | ||||
-rw-r--r-- | web/web.go | 36 |
3 files changed, 24 insertions, 45 deletions
diff --git a/web/react/utils/client.jsx b/web/react/utils/client.jsx index ee1f9ad27..fab0640fb 100644 --- a/web/react/utils/client.jsx +++ b/web/react/utils/client.jsx @@ -48,14 +48,14 @@ function handleError(methodName, xhr, status, err) { track('api', 'api_weberror', methodName, 'message', msg); - if (xhr.status === 401) { - if (window.location.href.indexOf('/channels') === 0) { - window.location.pathname = '/login?redirect=' + encodeURIComponent(window.location.pathname + window.location.search); - } else { - var teamURL = window.location.href.split('/channels')[0]; - window.location.href = teamURL + '/login?redirect=' + encodeURIComponent(window.location.pathname + window.location.search); - } - } + // if (xhr.status === 401) { + // if (window.location.href.indexOf('/channels') === 0) { + // window.location.pathname = '/login?redirect=' + encodeURIComponent(window.location.pathname + window.location.search); + // } else { + // var teamURL = window.location.href.split('/channels')[0]; + // window.location.href = teamURL + '/login?redirect=' + encodeURIComponent(window.location.pathname + window.location.search); + // } + // } return e; } diff --git a/web/templates/head.html b/web/templates/head.html index 31a3c97f2..731bcd691 100644 --- a/web/templates/head.html +++ b/web/templates/head.html @@ -18,13 +18,6 @@ <link rel="manifest" href="/static/config/manifest.json"> <!-- Android add to homescreen --> - <script> - window.mm_config = {{ .ClientCfg }}; - window.mm_team = {{ .Team }}; - window.mm_user = {{ .User }}; - window.mm_session = {{ .Session }}; - </script> - <!-- CSS Should always go first --> <link rel="stylesheet" href="/static/css/bootstrap-3.3.5.min.css"> <link rel="stylesheet" href="/static/css/jasny-bootstrap.min.css"> @@ -47,6 +40,16 @@ <style id="antiClickjack">body{display:none !important;}</style> <script> + window.mm_config = {{ .ClientCfg }}; + window.mm_team = {{ .Team }}; + window.mm_user = {{ .User }}; + window.mm_session_token_hash = {{ .SessionTokenHash }}; + $.ajaxSetup({ + headers: { 'X-MM-TokenHash': mm_session_token_hash } + }); + </script> + + <script> window.onerror = function(msg, url, line, column, stack) { var l = {}; l.level = 'ERROR'; diff --git a/web/web.go b/web/web.go index 701e36e95..56db99733 100644 --- a/web/web.go +++ b/web/web.go @@ -15,11 +15,7 @@ import ( "gopkg.in/fsnotify.v1" "html/template" "net/http" -<<<<<<< HEAD "net/url" - "regexp" -======= ->>>>>>> master "strconv" "strings" ) @@ -48,8 +44,8 @@ func (me *HtmlTemplatePage) Render(c *api.Context, w http.ResponseWriter) { me.User.Sanitize(map[string]bool{}) } - if me.Session != nil { - me.Session.Sanitize() + if len(c.Session.Token) > 0 { + me.SessionTokenHash = model.HashPassword(c.Session.Token) } if err := Templates.ExecuteTemplate(w, me.TemplateName, me); err != nil { @@ -95,9 +91,9 @@ func InitWeb() { mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/login", api.AppHandler(login)).Methods("GET") mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/logout", api.AppHandler(logout)).Methods("GET") mainrouter.Handle("/{team:[A-Za-z0-9-]+(__)?[A-Za-z0-9-]+}/reset_password", api.AppHandler(resetPassword)).Methods("GET") - mainrouter.Handle("/{team}/login/{service}", api.AppHandler(loginWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. - mainrouter.Handle("/{team}/channels/{channelname}", api.UserRequired(getChannel)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. - mainrouter.Handle("/{team}/signup/{service}", api.AppHandler(signupWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. + mainrouter.Handle("/{team}/login/{service}", api.AppHandler(loginWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. + mainrouter.Handle("/{team}/channels/{channelname}", api.AppHandler(getChannel)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. + mainrouter.Handle("/{team}/signup/{service}", api.AppHandler(signupWithOAuth)).Methods("GET") // Bug in gorilla.mux prevents us from using regex here. watchAndParseTemplates() } @@ -205,7 +201,6 @@ func root(c *api.Context, w http.ResponseWriter, r *http.Request) { page := NewHtmlTemplatePage("home", "Home") page.Team = team page.User = user - page.Session = &c.Session page.Render(c, w) } } @@ -236,26 +231,10 @@ func login(c *api.Context, w http.ResponseWriter, r *http.Request) { team = tResult.Data.(*model.Team) } - // If we are already logged into this team then go to town-square - if len(c.Session.UserId) != 0 && c.Session.TeamId == team.Id { - http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusTemporaryRedirect) - return - } - // We still might be able to switch to this team because we've logged in before session := api.FindMultiSessionForTeamId(r, team.Id) if session != nil { w.Header().Set(model.HEADER_TOKEN, session.Token) - sessionCookie := &http.Cookie{ - Name: model.SESSION_TOKEN, - Value: session.Token, - Path: "/", - MaxAge: model.SESSION_TIME_WEB_IN_SECS, - HttpOnly: true, - } - - http.SetCookie(w, sessionCookie) - http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/channels/town-square", http.StatusTemporaryRedirect) return } @@ -375,6 +354,7 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { session := api.FindMultiSessionForTeamId(r, team.Id) if session == nil { // redirect to login + fmt.Println(">>>>>>>>>>forwarding") http.Redirect(w, r, c.GetSiteURL()+"/"+team.Name+"/?redirect="+url.QueryEscape(r.URL.Path), http.StatusTemporaryRedirect) } else { c.Session = *session @@ -449,7 +429,6 @@ func getChannel(c *api.Context, w http.ResponseWriter, r *http.Request) { page.Props["UserId"] = c.Session.UserId page.Team = team page.User = user - page.Session = &c.Session page.Render(c, w) } @@ -678,7 +657,6 @@ func signupCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) page := NewHtmlTemplatePage("home", "Home") page.Team = team page.User = ruser - page.Session = &c.Session page.Render(c, w) } } @@ -745,7 +723,6 @@ func loginCompleteOAuth(c *api.Context, w http.ResponseWriter, r *http.Request) page := NewHtmlTemplatePage("home", "Home") page.Team = team page.User = user - page.Session = &c.Session page.Render(c, w) root(c, w, r) @@ -786,7 +763,6 @@ func adminConsole(c *api.Context, w http.ResponseWriter, r *http.Request) { page := NewHtmlTemplatePage("admin_console", "Admin Console") page.User = user page.Team = team - page.Session = &c.Session page.Props["ActiveTab"] = activeTab page.Props["TeamId"] = teamId page.Render(c, w) |