2021-05-24 19:06:11 +02:00
|
|
|
package mattermostauthlayer
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"database/sql"
|
|
|
|
|
"encoding/json"
|
|
|
|
|
|
2022-02-28 12:28:16 +01:00
|
|
|
"github.com/mattermost/mattermost-server/v6/plugin"
|
|
|
|
|
|
2021-05-24 19:06:11 +02:00
|
|
|
sq "github.com/Masterminds/squirrel"
|
|
|
|
|
|
|
|
|
|
"github.com/mattermost/focalboard/server/model"
|
|
|
|
|
"github.com/mattermost/focalboard/server/services/store"
|
2021-10-07 13:51:01 +02:00
|
|
|
"github.com/mattermost/focalboard/server/utils"
|
2021-08-25 22:08:01 +02:00
|
|
|
|
|
|
|
|
"github.com/mattermost/mattermost-server/v6/shared/mlog"
|
2021-05-24 19:06:11 +02:00
|
|
|
)
|
|
|
|
|
|
2021-07-09 03:09:02 +02:00
|
|
|
type NotSupportedError struct {
|
|
|
|
|
msg string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (pe NotSupportedError) Error() string {
|
|
|
|
|
return pe.msg
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-24 19:06:11 +02:00
|
|
|
// Store represents the abstraction of the data storage.
|
|
|
|
|
type MattermostAuthLayer struct {
|
|
|
|
|
store.Store
|
2022-02-28 12:28:16 +01:00
|
|
|
dbType string
|
|
|
|
|
mmDB *sql.DB
|
|
|
|
|
logger *mlog.Logger
|
|
|
|
|
pluginAPI plugin.API
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// New creates a new SQL implementation of the store.
|
2022-02-28 12:28:16 +01:00
|
|
|
func New(dbType string, db *sql.DB, store store.Store, logger *mlog.Logger, pluginAPI plugin.API) (*MattermostAuthLayer, error) {
|
2021-05-24 19:06:11 +02:00
|
|
|
layer := &MattermostAuthLayer{
|
2022-02-28 12:28:16 +01:00
|
|
|
Store: store,
|
|
|
|
|
dbType: dbType,
|
|
|
|
|
mmDB: db,
|
|
|
|
|
logger: logger,
|
|
|
|
|
pluginAPI: pluginAPI,
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return layer, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Shutdown close the connection with the store.
|
2021-06-21 11:21:42 +02:00
|
|
|
func (s *MattermostAuthLayer) Shutdown() error {
|
2021-06-25 16:49:06 +02:00
|
|
|
return s.Store.Shutdown()
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) GetRegisteredUserCount() (int, error) {
|
|
|
|
|
query := s.getQueryBuilder().
|
|
|
|
|
Select("count(*)").
|
|
|
|
|
From("Users").
|
|
|
|
|
Where(sq.Eq{"deleteAt": 0})
|
|
|
|
|
row := query.QueryRow()
|
|
|
|
|
|
|
|
|
|
var count int
|
|
|
|
|
err := row.Scan(&count)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return count, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) getUserByCondition(condition sq.Eq) (*model.User, error) {
|
2021-09-13 14:12:32 +02:00
|
|
|
users, err := s.getUsersByCondition(condition)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var user *model.User
|
|
|
|
|
for _, u := range users {
|
|
|
|
|
user = u
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return user, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) getUsersByCondition(condition sq.Eq) (map[string]*model.User, error) {
|
2021-05-24 19:06:11 +02:00
|
|
|
query := s.getQueryBuilder().
|
2022-03-22 15:24:34 +01:00
|
|
|
Select("u.id", "u.username", "u.email", "u.password", "u.MFASecret as mfa_secret", "u.AuthService as auth_service", "COALESCE(u.AuthData, '') as auth_data",
|
|
|
|
|
"u.props", "u.CreateAt as create_at", "u.UpdateAt as update_at", "u.DeleteAt as delete_at", "b.UserId IS NOT NULL AS is_bot").
|
|
|
|
|
From("Users as u").
|
|
|
|
|
LeftJoin("Bots b ON ( b.UserId = u.ID )").
|
|
|
|
|
Where(sq.Eq{"u.deleteAt": 0}).
|
2021-05-24 19:06:11 +02:00
|
|
|
Where(condition)
|
2021-09-13 14:12:32 +02:00
|
|
|
row, err := query.Query()
|
2021-05-24 19:06:11 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-13 14:12:32 +02:00
|
|
|
users := map[string]*model.User{}
|
|
|
|
|
|
|
|
|
|
for row.Next() {
|
|
|
|
|
user := model.User{}
|
|
|
|
|
|
|
|
|
|
var propsBytes []byte
|
|
|
|
|
err := row.Scan(&user.ID, &user.Username, &user.Email, &user.Password, &user.MfaSecret, &user.AuthService,
|
2022-03-22 15:24:34 +01:00
|
|
|
&user.AuthData, &propsBytes, &user.CreateAt, &user.UpdateAt, &user.DeleteAt, &user.IsBot)
|
2021-09-13 14:12:32 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = json.Unmarshal(propsBytes, &user.Props)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
users[user.ID] = &user
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
2021-09-13 14:12:32 +02:00
|
|
|
return users, nil
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
2021-06-21 11:21:42 +02:00
|
|
|
func (s *MattermostAuthLayer) GetUserByID(userID string) (*model.User, error) {
|
2021-05-24 19:06:11 +02:00
|
|
|
return s.getUserByCondition(sq.Eq{"id": userID})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) GetUserByEmail(email string) (*model.User, error) {
|
|
|
|
|
return s.getUserByCondition(sq.Eq{"email": email})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) GetUserByUsername(username string) (*model.User, error) {
|
|
|
|
|
return s.getUserByCondition(sq.Eq{"username": username})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) CreateUser(user *model.User) error {
|
2021-07-09 03:09:02 +02:00
|
|
|
return NotSupportedError{"no user creation allowed from focalboard, create it using mattermost"}
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) UpdateUser(user *model.User) error {
|
2021-07-09 03:09:02 +02:00
|
|
|
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) UpdateUserPassword(username, password string) error {
|
2021-07-09 03:09:02 +02:00
|
|
|
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) UpdateUserPasswordByID(userID, password string) error {
|
2021-07-09 03:09:02 +02:00
|
|
|
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
2022-02-28 12:28:16 +01:00
|
|
|
func (s *MattermostAuthLayer) PatchUserProps(userID string, patch model.UserPropPatch) error {
|
|
|
|
|
user, err := s.pluginAPI.GetUser(userID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
s.logger.Error("failed to fetch user", mlog.String("userID", userID), mlog.Err(err))
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
props := user.Props
|
|
|
|
|
|
|
|
|
|
for _, key := range patch.DeletedFields {
|
|
|
|
|
delete(props, key)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for key, value := range patch.UpdatedFields {
|
|
|
|
|
props[key] = value
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user.Props = props
|
|
|
|
|
|
|
|
|
|
if _, err := s.pluginAPI.UpdateUser(user); err != nil {
|
|
|
|
|
s.logger.Error("failed to update user", mlog.String("userID", userID), mlog.Err(err))
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-21 11:21:42 +02:00
|
|
|
// GetActiveUserCount returns the number of users with active sessions within N seconds ago.
|
2021-05-24 19:06:11 +02:00
|
|
|
func (s *MattermostAuthLayer) GetActiveUserCount(updatedSecondsAgo int64) (int, error) {
|
|
|
|
|
query := s.getQueryBuilder().
|
|
|
|
|
Select("count(distinct userId)").
|
|
|
|
|
From("Sessions").
|
2021-10-07 13:51:01 +02:00
|
|
|
Where(sq.Gt{"LastActivityAt": utils.GetMillis() - utils.SecondsToMillis(updatedSecondsAgo)})
|
2021-05-24 19:06:11 +02:00
|
|
|
|
|
|
|
|
row := query.QueryRow()
|
|
|
|
|
|
|
|
|
|
var count int
|
|
|
|
|
err := row.Scan(&count)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return count, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) GetSession(token string, expireTime int64) (*model.Session, error) {
|
2021-07-09 03:09:02 +02:00
|
|
|
return nil, NotSupportedError{"sessions not used when using mattermost"}
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) CreateSession(session *model.Session) error {
|
2021-07-09 03:09:02 +02:00
|
|
|
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) RefreshSession(session *model.Session) error {
|
2021-07-09 03:09:02 +02:00
|
|
|
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) UpdateSession(session *model.Session) error {
|
2021-07-09 03:09:02 +02:00
|
|
|
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
2021-06-21 11:21:42 +02:00
|
|
|
func (s *MattermostAuthLayer) DeleteSession(sessionID string) error {
|
2021-07-09 03:09:02 +02:00
|
|
|
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) CleanUpSessions(expireTime int64) error {
|
2021-07-09 03:09:02 +02:00
|
|
|
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
2022-03-22 15:24:34 +01:00
|
|
|
func (s *MattermostAuthLayer) GetTeam(id string) (*model.Team, error) {
|
2021-06-21 11:21:42 +02:00
|
|
|
if id == "0" {
|
2022-03-22 15:24:34 +01:00
|
|
|
team := model.Team{
|
2021-06-21 11:21:42 +02:00
|
|
|
ID: id,
|
2021-05-24 19:06:11 +02:00
|
|
|
Title: "",
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-22 15:24:34 +01:00
|
|
|
return &team, nil
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
query := s.getQueryBuilder().
|
2022-03-22 15:24:34 +01:00
|
|
|
Select("DisplayName").
|
|
|
|
|
From("Teams").
|
2021-06-21 11:21:42 +02:00
|
|
|
Where(sq.Eq{"ID": id})
|
2021-05-24 19:06:11 +02:00
|
|
|
|
|
|
|
|
row := query.QueryRow()
|
|
|
|
|
var displayName string
|
2022-03-22 15:24:34 +01:00
|
|
|
err := row.Scan(&displayName)
|
2021-05-24 19:06:11 +02:00
|
|
|
if err != nil {
|
2022-03-22 15:24:34 +01:00
|
|
|
s.logger.Error("GetTeam scan error", mlog.Err(err))
|
2021-05-24 19:06:11 +02:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-22 15:24:34 +01:00
|
|
|
return &model.Team{ID: id, Title: displayName}, nil
|
|
|
|
|
}
|
2021-05-24 19:06:11 +02:00
|
|
|
|
2022-03-22 15:24:34 +01:00
|
|
|
// GetTeamsForUser retrieves all the teams that the user is a member of.
|
|
|
|
|
func (s *MattermostAuthLayer) GetTeamsForUser(userID string) ([]*model.Team, error) {
|
|
|
|
|
query := s.getQueryBuilder().
|
|
|
|
|
Select("t.Id", "t.DisplayName").
|
|
|
|
|
From("Teams as t").
|
|
|
|
|
Join("TeamMembers as tm on t.Id=tm.TeamId").
|
|
|
|
|
Where(sq.Eq{"tm.UserId": userID})
|
2021-05-24 19:06:11 +02:00
|
|
|
|
|
|
|
|
rows, err := query.Query()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2021-07-06 22:44:11 +02:00
|
|
|
defer s.CloseRows(rows)
|
|
|
|
|
|
2022-03-22 15:24:34 +01:00
|
|
|
teams := []*model.Team{}
|
2021-05-24 19:06:11 +02:00
|
|
|
for rows.Next() {
|
2022-03-22 15:24:34 +01:00
|
|
|
var team model.Team
|
|
|
|
|
|
|
|
|
|
err := rows.Scan(
|
|
|
|
|
&team.ID,
|
|
|
|
|
&team.Title,
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
2021-07-09 03:09:02 +02:00
|
|
|
return nil, err
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
2022-03-22 15:24:34 +01:00
|
|
|
teams = append(teams, &team)
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
2022-03-22 15:24:34 +01:00
|
|
|
return teams, nil
|
2021-05-24 19:06:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) getQueryBuilder() sq.StatementBuilderType {
|
|
|
|
|
builder := sq.StatementBuilder
|
2022-03-22 15:24:34 +01:00
|
|
|
if s.dbType == model.PostgresDBType || s.dbType == model.SqliteDBType {
|
2021-05-24 19:06:11 +02:00
|
|
|
builder = builder.PlaceholderFormat(sq.Dollar)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return builder.RunWith(s.mmDB)
|
|
|
|
|
}
|
2021-06-11 12:40:22 +02:00
|
|
|
|
2022-03-22 15:24:34 +01:00
|
|
|
func (s *MattermostAuthLayer) GetUsersByTeam(teamID string) ([]*model.User, error) {
|
2021-06-11 12:40:22 +02:00
|
|
|
query := s.getQueryBuilder().
|
2022-03-22 15:24:34 +01:00
|
|
|
Select("u.id", "u.username", "u.props", "u.CreateAt as create_at", "u.UpdateAt as update_at",
|
|
|
|
|
"u.DeleteAt as delete_at", "b.UserId IS NOT NULL AS is_bot").
|
|
|
|
|
From("Users as u").
|
|
|
|
|
Join("TeamMembers as tm ON tm.UserID = u.ID").
|
2021-12-08 16:04:19 +01:00
|
|
|
LeftJoin("Bots b ON ( b.UserId = Users.ID )").
|
2022-03-22 15:24:34 +01:00
|
|
|
Where(sq.Eq{"u.deleteAt": 0}).
|
|
|
|
|
Where(sq.Eq{"tm.TeamId": teamID})
|
|
|
|
|
|
|
|
|
|
rows, err := query.Query()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
defer s.CloseRows(rows)
|
|
|
|
|
|
|
|
|
|
users, err := s.usersFromRows(rows)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return users, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) SearchUsersByTeam(teamID string, searchQuery string) ([]*model.User, error) {
|
|
|
|
|
query := s.getQueryBuilder().
|
|
|
|
|
Select("u.id", "u.username", "u.props", "u.CreateAt as create_at", "u.UpdateAt as update_at",
|
|
|
|
|
"u.DeleteAt as delete_at", "b.UserId IS NOT NULL AS is_bot").
|
|
|
|
|
From("Users as u").
|
|
|
|
|
Join("TeamMembers as tm ON tm.UserID = u.id").
|
|
|
|
|
LeftJoin("Bots b ON ( b.UserId = u.id )").
|
|
|
|
|
Where(sq.Eq{"u.deleteAt": 0}).
|
|
|
|
|
Where(sq.Or{
|
|
|
|
|
sq.Like{"u.username": "%" + searchQuery + "%"},
|
|
|
|
|
sq.Like{"u.nickname": "%" + searchQuery + "%"},
|
|
|
|
|
sq.Like{"u.firstname": "%" + searchQuery + "%"},
|
|
|
|
|
sq.Like{"u.lastname": "%" + searchQuery + "%"},
|
|
|
|
|
}).
|
|
|
|
|
Where(sq.Eq{"tm.TeamId": teamID}).
|
|
|
|
|
OrderBy("u.username").
|
|
|
|
|
Limit(10)
|
2021-06-11 12:40:22 +02:00
|
|
|
|
|
|
|
|
rows, err := query.Query()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2021-07-06 22:44:11 +02:00
|
|
|
defer s.CloseRows(rows)
|
2021-06-11 12:40:22 +02:00
|
|
|
|
|
|
|
|
users, err := s.usersFromRows(rows)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return users, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) usersFromRows(rows *sql.Rows) ([]*model.User, error) {
|
|
|
|
|
users := []*model.User{}
|
|
|
|
|
|
|
|
|
|
for rows.Next() {
|
|
|
|
|
var user model.User
|
|
|
|
|
var propsBytes []byte
|
|
|
|
|
|
|
|
|
|
err := rows.Scan(
|
|
|
|
|
&user.ID,
|
|
|
|
|
&user.Username,
|
|
|
|
|
&propsBytes,
|
|
|
|
|
&user.CreateAt,
|
|
|
|
|
&user.UpdateAt,
|
|
|
|
|
&user.DeleteAt,
|
2021-12-08 16:04:19 +01:00
|
|
|
&user.IsBot,
|
2021-06-11 12:40:22 +02:00
|
|
|
)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = json.Unmarshal(propsBytes, &user.Props)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
users = append(users, &user)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return users, nil
|
|
|
|
|
}
|
2021-07-06 22:44:11 +02:00
|
|
|
|
|
|
|
|
func (s *MattermostAuthLayer) CloseRows(rows *sql.Rows) {
|
|
|
|
|
if err := rows.Close(); err != nil {
|
|
|
|
|
s.logger.Error("error closing MattermostAuthLayer row set", mlog.Err(err))
|
|
|
|
|
}
|
|
|
|
|
}
|
2021-09-13 14:12:32 +02:00
|
|
|
|
2022-02-28 12:28:16 +01:00
|
|
|
func (s *MattermostAuthLayer) CreatePrivateWorkspace(userID string) (string, error) {
|
|
|
|
|
// we emulate a private workspace by creating
|
|
|
|
|
// a DM channel from the user to themselves.
|
|
|
|
|
channel, err := s.pluginAPI.GetDirectChannel(userID, userID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
s.logger.Error("error fetching private workspace", mlog.String("userID", userID), mlog.Err(err))
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return channel.Id, nil
|
|
|
|
|
}
|
