focalboard/server/app/auth.go

package app

import (
	"log"

	"github.com/google/uuid"
	"github.com/mattermost/focalboard/server/model"
	"github.com/mattermost/focalboard/server/services/auth"

	"github.com/pkg/errors"
)

// GetSession Get a user active session and refresh the session if is needed
func (a *App) GetSession(token string) (*model.Session, error) {
	return a.auth.GetSession(token)
}

// GetRegisteredUserCount returns the number of registered users
func (a *App) GetRegisteredUserCount() (int, error) {
	return a.store.GetRegisteredUserCount()
}

// GetDailyActiveUsers returns the number of daily active users
func (a *App) GetDailyActiveUsers() (int, error) {
	secondsAgo := int64(60 * 60 * 24)
	return a.store.GetActiveUserCount(secondsAgo)
}

// GetWeeklyActiveUsers returns the number of weekly active users
func (a *App) GetWeeklyActiveUsers() (int, error) {
	secondsAgo := int64(60 * 60 * 24 * 7)
	return a.store.GetActiveUserCount(secondsAgo)
}

// GetMonthlyActiveUsers returns the number of monthly active users
func (a *App) GetMonthlyActiveUsers() (int, error) {
	secondsAgo := int64(60 * 60 * 24 * 30)
	return a.store.GetActiveUserCount(secondsAgo)
}

// GetUser Get an existing active user by id
func (a *App) GetUser(ID string) (*model.User, error) {
	if len(ID) < 1 {
		return nil, errors.New("no user ID")
	}

	user, err := a.store.GetUserById(ID)
	if err != nil {
		return nil, errors.Wrap(err, "unable to find user")
	}
	return user, nil
}

// Login create a new user session if the authentication data is valid
func (a *App) Login(username string, email string, password string, mfaToken string) (string, error) {
	var user *model.User
	if username != "" {
		var err error
		user, err = a.store.GetUserByUsername(username)
		if err != nil {
			return "", errors.Wrap(err, "invalid username or password")
		}
	}

	if user == nil && email != "" {
		var err error
		user, err = a.store.GetUserByEmail(email)
		if err != nil {
			return "", errors.Wrap(err, "invalid username or password")
		}
	}
	if user == nil {
		return "", errors.New("invalid username or password")
	}

	if !auth.ComparePassword(user.Password, password) {
		log.Printf("Invalid password for userID: %s\n", user.ID)
		return "", errors.New("invalid username or password")
	}

	session := model.Session{
		ID:     uuid.New().String(),
		Token:  uuid.New().String(),
		UserID: user.ID,
		Props:  map[string]interface{}{},
	}
	err := a.store.CreateSession(&session)
	if err != nil {
		return "", errors.Wrap(err, "unable to create session")
	}

	// TODO: MFA verification
	return session.Token, nil
}

// RegisterUser create a new user if the provided data is valid
func (a *App) RegisterUser(username string, email string, password string) error {
	var user *model.User
	if username != "" {
		var err error
		user, err = a.store.GetUserByUsername(username)
		if err == nil && user != nil {
			return errors.New("The username already exists")
		}
	}

	if user == nil && email != "" {
		var err error
		user, err = a.store.GetUserByEmail(email)
		if err == nil && user != nil {
			return errors.New("The email already exists")
		}
	}

	// TODO: Move this into the config
	passwordSettings := auth.PasswordSettings{
		MinimumLength: 6,
	}

	err := auth.IsPasswordValid(password, passwordSettings)
	if err != nil {
		return errors.Wrap(err, "Invalid password")
	}

	err = a.store.CreateUser(&model.User{
		ID:          uuid.New().String(),
		Username:    username,
		Email:       email,
		Password:    auth.HashPassword(password),
		MfaSecret:   "",
		AuthService: "",
		AuthData:    "",
		Props:       map[string]interface{}{},
	})
	if err != nil {
		return errors.Wrap(err, "Unable to create the new user")
	}

	return nil
}

func (a *App) UpdateUserPassword(username string, password string) error {
	err := a.store.UpdateUserPassword(username, auth.HashPassword(password))
	if err != nil {
		return err
	}

	return nil
}

func (a *App) ChangePassword(userID string, oldPassword string, newPassword string) error {
	var user *model.User
	if userID != "" {
		var err error
		user, err = a.store.GetUserById(userID)
		if err != nil {
			return errors.Wrap(err, "invalid username or password")
		}
	}

	if user == nil {
		return errors.New("invalid username or password")
	}

	if !auth.ComparePassword(user.Password, oldPassword) {
		log.Printf("Invalid password for userID: %s\n", user.ID)
		return errors.New("invalid username or password")
	}

	err := a.store.UpdateUserPasswordByID(userID, auth.HashPassword(newPassword))
	if err != nil {
		return errors.Wrap(err, "unable to update password")
	}

	return nil
}
More work on authentication 2020-11-06 16:46:35 +01:00			`package app`

			`import (`
Preliminary auth implementation 2020-12-04 16:03:09 +01:00			`"log"`

More work on authentication 2020-11-06 16:46:35 +01:00			`"github.com/google/uuid"`
Product name 2021-01-26 23:13:46 +01:00			`"github.com/mattermost/focalboard/server/model"`
			`"github.com/mattermost/focalboard/server/services/auth"`
More work on authentication 2020-11-06 16:46:35 +01:00
			`"github.com/pkg/errors"`
			`)`

Improving sessions handling 2020-12-07 17:04:35 +01:00			`// GetSession Get a user active session and refresh the session if is needed`
Adding sessions code 2020-12-02 21:12:14 +01:00			`func (a App) GetSession(token string) (model.Session, error) {`
Refactor app auth 2021-02-02 21:11:21 +01:00			`return a.auth.GetSession(token)`
Adding sessions code 2020-12-02 21:12:14 +01:00			`}`

Registered user count 2021-01-27 18:22:33 +01:00			`// GetRegisteredUserCount returns the number of registered users`
			`func (a *App) GetRegisteredUserCount() (int, error) {`
			`return a.store.GetRegisteredUserCount()`
Require signup token to register 2021-01-14 01:56:01 +01:00			`}`

active user count 2021-01-27 19:01:24 +01:00			`// GetDailyActiveUsers returns the number of daily active users`
			`func (a *App) GetDailyActiveUsers() (int, error) {`
			`secondsAgo := int64(60 * 60 * 24)`
			`return a.store.GetActiveUserCount(secondsAgo)`
			`}`

			`// GetWeeklyActiveUsers returns the number of weekly active users`
			`func (a *App) GetWeeklyActiveUsers() (int, error) {`
			`secondsAgo := int64(60 * 60 * 24 * 7)`
			`return a.store.GetActiveUserCount(secondsAgo)`
			`}`

			`// GetMonthlyActiveUsers returns the number of monthly active users`
			`func (a *App) GetMonthlyActiveUsers() (int, error) {`
			`secondsAgo := int64(60 * 60 * 24 * 30)`
			`return a.store.GetActiveUserCount(secondsAgo)`
			`}`

More work on auth 2020-12-07 20:40:16 +01:00			`// GetUser Get an existing active user by id`
			`func (a App) GetUser(ID string) (model.User, error) {`
Check for empty session token or userID 2021-01-12 19:53:48 +01:00			`if len(ID) < 1 {`
			`return nil, errors.New("no user ID")`
			`}`

More work on auth 2020-12-07 20:40:16 +01:00			`user, err := a.store.GetUserById(ID)`
			`if err != nil {`
Use modifiedBy for comment author 2021-01-20 18:47:08 +01:00			`return nil, errors.Wrap(err, "unable to find user")`
More work on auth 2020-12-07 20:40:16 +01:00			`}`
			`return user, nil`
			`}`

Improving sessions handling 2020-12-07 17:04:35 +01:00			`// Login create a new user session if the authentication data is valid`
More work on authentication 2020-11-06 16:46:35 +01:00			`func (a *App) Login(username string, email string, password string, mfaToken string) (string, error) {`
			`var user *model.User`
			`if username != "" {`
			`var err error`
			`user, err = a.store.GetUserByUsername(username)`
			`if err != nil {`
			`return "", errors.Wrap(err, "invalid username or password")`
			`}`
			`}`

			`if user == nil && email != "" {`
			`var err error`
			`user, err = a.store.GetUserByEmail(email)`
			`if err != nil {`
			`return "", errors.Wrap(err, "invalid username or password")`
			`}`
			`}`
			`if user == nil {`
			`return "", errors.New("invalid username or password")`
			`}`

			`if !auth.ComparePassword(user.Password, password) {`
Change password 2021-01-21 19:16:40 +01:00			`log.Printf("Invalid password for userID: %s\n", user.ID)`
More work on authentication 2020-11-06 16:46:35 +01:00			`return "", errors.New("invalid username or password")`
			`}`

Adding sessions code 2020-12-02 21:12:14 +01:00			`session := model.Session{`
			`ID: uuid.New().String(),`
			`Token: uuid.New().String(),`
			`UserID: user.ID,`
			`Props: map[string]interface{}{},`
			`}`
			`err := a.store.CreateSession(&session)`
			`if err != nil {`
			`return "", errors.Wrap(err, "unable to create session")`
			`}`

More work on authentication 2020-11-06 16:46:35 +01:00			`// TODO: MFA verification`
Adding sessions code 2020-12-02 21:12:14 +01:00			`return session.Token, nil`
More work on authentication 2020-11-06 16:46:35 +01:00			`}`

Improving sessions handling 2020-12-07 17:04:35 +01:00			`// RegisterUser create a new user if the provided data is valid`
More work on authentication 2020-11-06 16:46:35 +01:00			`func (a *App) RegisterUser(username string, email string, password string) error {`
			`var user *model.User`
			`if username != "" {`
			`var err error`
			`user, err = a.store.GetUserByUsername(username)`
			`if err == nil && user != nil {`
Fix register error handling, and client json parsing 2021-01-14 19:58:16 +01:00			`return errors.New("The username already exists")`
More work on authentication 2020-11-06 16:46:35 +01:00			`}`
			`}`

			`if user == nil && email != "" {`
			`var err error`
			`user, err = a.store.GetUserByEmail(email)`
			`if err == nil && user != nil {`
Fix register error handling, and client json parsing 2021-01-14 19:58:16 +01:00			`return errors.New("The email already exists")`
More work on authentication 2020-11-06 16:46:35 +01:00			`}`
			`}`

			`// TODO: Move this into the config`
			`passwordSettings := auth.PasswordSettings{`
			`MinimumLength: 6,`
			`}`

			`err := auth.IsPasswordValid(password, passwordSettings)`
			`if err != nil {`
			`return errors.Wrap(err, "Invalid password")`
			`}`

			`err = a.store.CreateUser(&model.User{`
			`ID: uuid.New().String(),`
			`Username: username,`
			`Email: email,`
			`Password: auth.HashPassword(password),`
			`MfaSecret: "",`
			`AuthService: "",`
			`AuthData: "",`
			`Props: map[string]interface{}{},`
			`})`
			`if err != nil {`
			`return errors.Wrap(err, "Unable to create the new user")`
			`}`

			`return nil`
			`}`
Local server on unix port, admin set password 2021-01-20 22:52:25 +01:00
			`func (a *App) UpdateUserPassword(username string, password string) error {`
			`err := a.store.UpdateUserPassword(username, auth.HashPassword(password))`
			`if err != nil {`
			`return err`
			`}`

			`return nil`
			`}`
Merge branch 'main' into admin-local 2021-01-22 20:28:45 +01:00
Change password 2021-01-21 19:16:40 +01:00			`func (a *App) ChangePassword(userID string, oldPassword string, newPassword string) error {`
			`var user *model.User`
			`if userID != "" {`
			`var err error`
			`user, err = a.store.GetUserById(userID)`
			`if err != nil {`
			`return errors.Wrap(err, "invalid username or password")`
			`}`
			`}`

			`if user == nil {`
			`return errors.New("invalid username or password")`
			`}`

			`if !auth.ComparePassword(user.Password, oldPassword) {`
			`log.Printf("Invalid password for userID: %s\n", user.ID)`
			`return errors.New("invalid username or password")`
			`}`

			`err := a.store.UpdateUserPasswordByID(userID, auth.HashPassword(newPassword))`
			`if err != nil {`
			`return errors.Wrap(err, "unable to update password")`
			`}`

			`return nil`
			`}`