luisgulo/focalboard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
focalboard/server/services/store/mattermostauthlayer/mattermostauthlayer.go
Jesús Espino dc5f387fb8
Add code to disble guest account access (#2690) 
* Disabling guest accounts

* Using the plugin api to improve get user queries

* Fix linter errors

Co-authored-by: Scott Bishel <scott.bishel@mattermost.com>
2022-04-04 16:00:40 +02:00

388 lines
9.8 KiB
Go
Raw Blame History

package mattermostauthlayer
import (
"database/sql"
"encoding/json"
mmModel "github.com/mattermost/mattermost-server/v6/model"
"github.com/mattermost/mattermost-server/v6/plugin"
sq "github.com/Masterminds/squirrel"
"github.com/mattermost/focalboard/server/model"
"github.com/mattermost/focalboard/server/services/store"
"github.com/mattermost/focalboard/server/utils"
"github.com/mattermost/mattermost-server/v6/shared/mlog"
)
type NotSupportedError struct {
msg string
}
func (pe NotSupportedError) Error() string {
return pe.msg
}
// Store represents the abstraction of the data storage.
type MattermostAuthLayer struct {
store.Store
dbType string
mmDB *sql.DB
logger *mlog.Logger
pluginAPI plugin.API
}
// New creates a new SQL implementation of the store.
func New(dbType string, db *sql.DB, store store.Store, logger *mlog.Logger, pluginAPI plugin.API) (*MattermostAuthLayer, error) {
layer := &MattermostAuthLayer{
Store: store,
dbType: dbType,
mmDB: db,
logger: logger,
pluginAPI: pluginAPI,
}
return layer, nil
}
// Shutdown close the connection with the store.
func (s *MattermostAuthLayer) Shutdown() error {
return s.Store.Shutdown()
}
func (s *MattermostAuthLayer) GetRegisteredUserCount() (int, error) {
query := s.getQueryBuilder().
Select("count(*)").
From("Users").
Where(sq.Eq{"deleteAt": 0}).
Where(sq.NotEq{"roles": "system_guest"})
row := query.QueryRow()
var count int
err := row.Scan(&count)
if err != nil {
return 0, err
}
return count, nil
}
func (s *MattermostAuthLayer) GetUserByID(userID string) (*model.User, error) {
mmuser, err := s.pluginAPI.GetUser(userID)
if err != nil {
return nil, err
}
user := mmUserToFbUser(mmuser)
return &user, nil
}
func (s *MattermostAuthLayer) GetUserByEmail(email string) (*model.User, error) {
mmuser, err := s.pluginAPI.GetUserByEmail(email)
if err != nil {
return nil, err
}
user := mmUserToFbUser(mmuser)
return &user, nil
}
func (s *MattermostAuthLayer) GetUserByUsername(username string) (*model.User, error) {
mmuser, err := s.pluginAPI.GetUserByUsername(username)
if err != nil {
return nil, err
}
user := mmUserToFbUser(mmuser)
return &user, nil
}
func (s *MattermostAuthLayer) CreateUser(user *model.User) error {
return NotSupportedError{"no user creation allowed from focalboard, create it using mattermost"}
}
func (s *MattermostAuthLayer) UpdateUser(user *model.User) error {
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
}
func (s *MattermostAuthLayer) UpdateUserPassword(username, password string) error {
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
}
func (s *MattermostAuthLayer) UpdateUserPasswordByID(userID, password string) error {
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
}
func (s *MattermostAuthLayer) PatchUserProps(userID string, patch model.UserPropPatch) error {
user, err := s.pluginAPI.GetUser(userID)
if err != nil {
s.logger.Error("failed to fetch user", mlog.String("userID", userID), mlog.Err(err))
return err
}
props := user.Props
for _, key := range patch.DeletedFields {
delete(props, key)
}
for key, value := range patch.UpdatedFields {
props[key] = value
}
user.Props = props
if _, err := s.pluginAPI.UpdateUser(user); err != nil {
s.logger.Error("failed to update user", mlog.String("userID", userID), mlog.Err(err))
return err
}
return nil
}
// GetActiveUserCount returns the number of users with active sessions within N seconds ago.
func (s *MattermostAuthLayer) GetActiveUserCount(updatedSecondsAgo int64) (int, error) {
query := s.getQueryBuilder().
Select("count(distinct userId)").
From("Sessions").
Where(sq.Gt{"LastActivityAt": utils.GetMillis() - utils.SecondsToMillis(updatedSecondsAgo)})
row := query.QueryRow()
var count int
err := row.Scan(&count)
if err != nil {
return 0, err
}
return count, nil
}
func (s *MattermostAuthLayer) GetSession(token string, expireTime int64) (*model.Session, error) {
return nil, NotSupportedError{"sessions not used when using mattermost"}
}
func (s *MattermostAuthLayer) CreateSession(session *model.Session) error {
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
}
func (s *MattermostAuthLayer) RefreshSession(session *model.Session) error {
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
}
func (s *MattermostAuthLayer) UpdateSession(session *model.Session) error {
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
}
func (s *MattermostAuthLayer) DeleteSession(sessionID string) error {
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
}
func (s *MattermostAuthLayer) CleanUpSessions(expireTime int64) error {
return NotSupportedError{"no update allowed from focalboard, update it using mattermost"}
}
func (s *MattermostAuthLayer) GetTeam(id string) (*model.Team, error) {
if id == "0" {
team := model.Team{
ID: id,
Title: "",
}
return &team, nil
}
query := s.getQueryBuilder().
Select("DisplayName").
From("Teams").
Where(sq.Eq{"ID": id})
row := query.QueryRow()
var displayName string
err := row.Scan(&displayName)
if err != nil {
s.logger.Error("GetTeam scan error",
mlog.String("team_id", id),
mlog.Err(err),
)
return nil, err
}
return &model.Team{ID: id, Title: displayName}, nil
}
// GetTeamsForUser retrieves all the teams that the user is a member of.
func (s *MattermostAuthLayer) GetTeamsForUser(userID string) ([]*model.Team, error) {
query := s.getQueryBuilder().
Select("t.Id", "t.DisplayName").
From("Teams as t").
Join("TeamMembers as tm on t.Id=tm.TeamId").
Where(sq.Eq{"tm.UserId": userID})
rows, err := query.Query()
if err != nil {
return nil, err
}
defer s.CloseRows(rows)
teams := []*model.Team{}
for rows.Next() {
var team model.Team
err := rows.Scan(
&team.ID,
&team.Title,
)
if err != nil {
return nil, err
}
teams = append(teams, &team)
}
return teams, nil
}
func (s *MattermostAuthLayer) getQueryBuilder() sq.StatementBuilderType {
builder := sq.StatementBuilder
if s.dbType == model.PostgresDBType || s.dbType == model.SqliteDBType {
builder = builder.PlaceholderFormat(sq.Dollar)
}
return builder.RunWith(s.mmDB)
}
func (s *MattermostAuthLayer) GetUsersByTeam(teamID string) ([]*model.User, error) {
query := s.getQueryBuilder().
Select("u.id", "u.username", "u.props", "u.CreateAt as create_at", "u.UpdateAt as update_at",
"u.DeleteAt as delete_at", "b.UserId IS NOT NULL AS is_bot").
From("Users as u").
Join("TeamMembers as tm ON tm.UserID = u.ID").
LeftJoin("Bots b ON ( b.UserId = Users.ID )").
Where(sq.Eq{"u.deleteAt": 0}).
Where(sq.NotEq{"u.roles": "system_guest"}).
Where(sq.Eq{"tm.TeamId": teamID})
rows, err := query.Query()
if err != nil {
return nil, err
}
defer s.CloseRows(rows)
users, err := s.usersFromRows(rows)
if err != nil {
return nil, err
}
return users, nil
}
func (s *MattermostAuthLayer) SearchUsersByTeam(teamID string, searchQuery string) ([]*model.User, error) {
query := s.getQueryBuilder().
Select("u.id", "u.username", "u.props", "u.CreateAt as create_at", "u.UpdateAt as update_at",
"u.DeleteAt as delete_at", "b.UserId IS NOT NULL AS is_bot").
From("Users as u").
Join("TeamMembers as tm ON tm.UserID = u.id").
LeftJoin("Bots b ON ( b.UserId = u.id )").
Where(sq.Eq{"u.deleteAt": 0}).
Where(sq.Or{
sq.Like{"u.username": "%" + searchQuery + "%"},
sq.Like{"u.nickname": "%" + searchQuery + "%"},
sq.Like{"u.firstname": "%" + searchQuery + "%"},
sq.Like{"u.lastname": "%" + searchQuery + "%"},
}).
Where(sq.Eq{"tm.TeamId": teamID}).
Where(sq.NotEq{"u.roles": "system_guest"}).
OrderBy("u.username").
Limit(10)
rows, err := query.Query()
if err != nil {
return nil, err
}
defer s.CloseRows(rows)
users, err := s.usersFromRows(rows)
if err != nil {
return nil, err
}
return users, nil
}
func (s *MattermostAuthLayer) usersFromRows(rows *sql.Rows) ([]*model.User, error) {
users := []*model.User{}
for rows.Next() {
var user model.User
var propsBytes []byte
err := rows.Scan(
&user.ID,
&user.Username,
&propsBytes,
&user.CreateAt,
&user.UpdateAt,
&user.DeleteAt,
&user.IsBot,
)
if err != nil {
return nil, err
}
err = json.Unmarshal(propsBytes, &user.Props)
if err != nil {
return nil, err
}
users = append(users, &user)
}
return users, nil
}
func (s *MattermostAuthLayer) CloseRows(rows *sql.Rows) {
if err := rows.Close(); err != nil {
s.logger.Error("error closing MattermostAuthLayer row set", mlog.Err(err))
}
}
func (s *MattermostAuthLayer) CreatePrivateWorkspace(userID string) (string, error) {
// we emulate a private workspace by creating
// a DM channel from the user to themselves.
channel, err := s.pluginAPI.GetDirectChannel(userID, userID)
if err != nil {
s.logger.Error("error fetching private workspace", mlog.String("userID", userID), mlog.Err(err))
return "", err
}
return channel.Id, nil
}
func mmUserToFbUser(mmUser *mmModel.User) model.User {
props := map[string]interface{}{}
for key, value := range mmUser.Props {
props[key] = value
}
authData := ""
if mmUser.AuthData != nil {
authData = *mmUser.AuthData
}
return model.User{
ID: mmUser.Id,
Username: mmUser.Username,
Email: mmUser.Email,
Password: mmUser.Password,
MfaSecret: mmUser.MfaSecret,
AuthService: mmUser.AuthService,
AuthData: authData,
Props: props,
CreateAt: mmUser.CreateAt,
UpdateAt: mmUser.UpdateAt,
DeleteAt: mmUser.DeleteAt,
IsBot: mmUser.IsBot,
IsGuest: mmUser.IsGuest(),
}
}
func (s *MattermostAuthLayer) GetLicense() *mmModel.License {
return s.pluginAPI.GetLicense()
}
Reference in a new issue View git blame Copy permalink