2017-08-16 21:37:37 +00:00
|
|
|
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
2020-08-09 22:29:54 +00:00
|
|
|
// See LICENSE.txt for license information.
|
2016-04-10 21:39:38 +00:00
|
|
|
|
|
|
|
|
package model
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"fmt"
|
|
|
|
|
"io"
|
2017-08-16 21:37:37 +00:00
|
|
|
"net/http"
|
2016-04-10 21:39:38 +00:00
|
|
|
"unicode/utf8"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
OAUTH_ACTION_SIGNUP = "signup"
|
|
|
|
|
OAUTH_ACTION_LOGIN = "login"
|
|
|
|
|
OAUTH_ACTION_EMAIL_TO_SSO = "email_to_sso"
|
|
|
|
|
OAUTH_ACTION_SSO_TO_EMAIL = "sso_to_email"
|
2017-08-16 21:37:37 +00:00
|
|
|
OAUTH_ACTION_MOBILE = "mobile"
|
2016-04-10 21:39:38 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type OAuthApp struct {
|
|
|
|
|
Id string `json:"id"`
|
|
|
|
|
CreatorId string `json:"creator_id"`
|
|
|
|
|
CreateAt int64 `json:"create_at"`
|
|
|
|
|
UpdateAt int64 `json:"update_at"`
|
|
|
|
|
ClientSecret string `json:"client_secret"`
|
|
|
|
|
Name string `json:"name"`
|
|
|
|
|
Description string `json:"description"`
|
2016-08-15 16:47:31 +00:00
|
|
|
IconURL string `json:"icon_url"`
|
2016-04-10 21:39:38 +00:00
|
|
|
CallbackUrls StringArray `json:"callback_urls"`
|
|
|
|
|
Homepage string `json:"homepage"`
|
2016-08-15 16:47:31 +00:00
|
|
|
IsTrusted bool `json:"is_trusted"`
|
2016-04-10 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// IsValid validates the app and returns an error if it isn't configured
|
|
|
|
|
// correctly.
|
|
|
|
|
func (a *OAuthApp) IsValid() *AppError {
|
|
|
|
|
|
2020-08-09 22:29:54 +00:00
|
|
|
if !IsValidId(a.Id) {
|
2017-08-16 21:37:37 +00:00
|
|
|
return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.app_id.app_error", nil, "", http.StatusBadRequest)
|
2016-04-10 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if a.CreateAt == 0 {
|
2017-08-16 21:37:37 +00:00
|
|
|
return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.create_at.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
|
2016-04-10 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if a.UpdateAt == 0 {
|
2017-08-16 21:37:37 +00:00
|
|
|
return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.update_at.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
|
2016-04-10 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
|
2020-08-09 22:29:54 +00:00
|
|
|
if !IsValidId(a.CreatorId) {
|
2017-08-16 21:37:37 +00:00
|
|
|
return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.creator_id.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
|
2016-04-10 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
|
2021-10-16 22:47:22 +00:00
|
|
|
if a.ClientSecret == "" || len(a.ClientSecret) > 128 {
|
2017-08-16 21:37:37 +00:00
|
|
|
return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.client_secret.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
|
2016-04-10 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
|
2021-10-16 22:47:22 +00:00
|
|
|
if a.Name == "" || len(a.Name) > 64 {
|
2017-08-16 21:37:37 +00:00
|
|
|
return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.name.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
|
2016-04-10 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(a.CallbackUrls) == 0 || len(fmt.Sprintf("%s", a.CallbackUrls)) > 1024 {
|
2017-08-16 21:37:37 +00:00
|
|
|
return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.callback.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
|
2016-04-10 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
|
2016-08-15 16:47:31 +00:00
|
|
|
for _, callback := range a.CallbackUrls {
|
|
|
|
|
if !IsValidHttpUrl(callback) {
|
2017-08-16 21:37:37 +00:00
|
|
|
return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.callback.app_error", nil, "", http.StatusBadRequest)
|
2016-08-15 16:47:31 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-16 22:47:22 +00:00
|
|
|
if a.Homepage == "" || len(a.Homepage) > 256 || !IsValidHttpUrl(a.Homepage) {
|
2017-08-16 21:37:37 +00:00
|
|
|
return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.homepage.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
|
2016-04-10 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if utf8.RuneCountInString(a.Description) > 512 {
|
2017-08-16 21:37:37 +00:00
|
|
|
return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.description.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
|
2016-04-10 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
|
2021-10-16 22:47:22 +00:00
|
|
|
if a.IconURL != "" {
|
2016-08-15 16:47:31 +00:00
|
|
|
if len(a.IconURL) > 512 || !IsValidHttpUrl(a.IconURL) {
|
2017-08-16 21:37:37 +00:00
|
|
|
return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.icon_url.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
|
2016-08-15 16:47:31 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-10 21:39:38 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// PreSave will set the Id and ClientSecret if missing. It will also fill
|
|
|
|
|
// in the CreateAt, UpdateAt times. It should be run before saving the app to the db.
|
|
|
|
|
func (a *OAuthApp) PreSave() {
|
|
|
|
|
if a.Id == "" {
|
|
|
|
|
a.Id = NewId()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if a.ClientSecret == "" {
|
|
|
|
|
a.ClientSecret = NewId()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
a.CreateAt = GetMillis()
|
|
|
|
|
a.UpdateAt = a.CreateAt
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// PreUpdate should be run before updating the app in the db.
|
|
|
|
|
func (a *OAuthApp) PreUpdate() {
|
|
|
|
|
a.UpdateAt = GetMillis()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (a *OAuthApp) ToJson() string {
|
2018-11-18 17:55:05 +00:00
|
|
|
b, _ := json.Marshal(a)
|
|
|
|
|
return string(b)
|
2016-04-10 21:39:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Generate a valid strong etag so the browser can cache the results
|
|
|
|
|
func (a *OAuthApp) Etag() string {
|
|
|
|
|
return Etag(a.Id, a.UpdateAt)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Remove any private data from the app object
|
|
|
|
|
func (a *OAuthApp) Sanitize() {
|
|
|
|
|
a.ClientSecret = ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (a *OAuthApp) IsValidRedirectURL(url string) bool {
|
|
|
|
|
for _, u := range a.CallbackUrls {
|
|
|
|
|
if u == url {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func OAuthAppFromJson(data io.Reader) *OAuthApp {
|
2018-11-18 17:55:05 +00:00
|
|
|
var app *OAuthApp
|
|
|
|
|
json.NewDecoder(data).Decode(&app)
|
|
|
|
|
return app
|
2016-04-10 21:39:38 +00:00
|
|
|
}
|
2016-08-15 16:47:31 +00:00
|
|
|
|
|
|
|
|
func OAuthAppListToJson(l []*OAuthApp) string {
|
2018-11-18 17:55:05 +00:00
|
|
|
b, _ := json.Marshal(l)
|
|
|
|
|
return string(b)
|
2016-08-15 16:47:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func OAuthAppListFromJson(data io.Reader) []*OAuthApp {
|
|
|
|
|
var o []*OAuthApp
|
2018-11-18 17:55:05 +00:00
|
|
|
json.NewDecoder(data).Decode(&o)
|
|
|
|
|
return o
|
2016-08-15 16:47:31 +00:00
|
|
|
}
|
