oauth.go 4.3 KB
Newer Older
1
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
2 3 4 5 6 7 8 9
// See License.txt for license information.

package model

import (
	"encoding/json"
	"fmt"
	"io"
10
	"net/http"
11
	"unicode/utf8"
12 13
)

14 15 16 17 18
const (
	OAUTH_ACTION_SIGNUP       = "signup"
	OAUTH_ACTION_LOGIN        = "login"
	OAUTH_ACTION_EMAIL_TO_SSO = "email_to_sso"
	OAUTH_ACTION_SSO_TO_EMAIL = "sso_to_email"
19
	OAUTH_ACTION_MOBILE       = "mobile"
20
	OAUTH_ACTION_CLIENT       = "client"
21 22
)

23 24 25
type OAuthApp struct {
	Id           string      `json:"id"`
	CreatorId    string      `json:"creator_id"`
=Corey Hulen's avatar
=Corey Hulen committed
26
	CreateAt     int64       `json:"create_at"`
27 28 29 30
	UpdateAt     int64       `json:"update_at"`
	ClientSecret string      `json:"client_secret"`
	Name         string      `json:"name"`
	Description  string      `json:"description"`
31
	IconURL      string      `json:"icon_url"`
32 33
	CallbackUrls StringArray `json:"callback_urls"`
	Homepage     string      `json:"homepage"`
34
	IsTrusted    bool        `json:"is_trusted"`
35 36 37 38 39 40 41
}

// IsValid validates the app and returns an error if it isn't configured
// correctly.
func (a *OAuthApp) IsValid() *AppError {

	if len(a.Id) != 26 {
42
		return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.app_id.app_error", nil, "", http.StatusBadRequest)
43 44 45
	}

	if a.CreateAt == 0 {
46
		return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.create_at.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
47 48 49
	}

	if a.UpdateAt == 0 {
50
		return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.update_at.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
51 52 53
	}

	if len(a.CreatorId) != 26 {
54
		return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.creator_id.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
55 56 57
	}

	if len(a.ClientSecret) == 0 || len(a.ClientSecret) > 128 {
58
		return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.client_secret.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
59 60 61
	}

	if len(a.Name) == 0 || len(a.Name) > 64 {
62
		return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.name.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
63 64 65
	}

	if len(a.CallbackUrls) == 0 || len(fmt.Sprintf("%s", a.CallbackUrls)) > 1024 {
66
		return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.callback.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
67 68
	}

69 70
	for _, callback := range a.CallbackUrls {
		if !IsValidHttpUrl(callback) {
71
			return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.callback.app_error", nil, "", http.StatusBadRequest)
72 73 74 75
		}
	}

	if len(a.Homepage) == 0 || len(a.Homepage) > 256 || !IsValidHttpUrl(a.Homepage) {
76
		return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.homepage.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
77 78
	}

79
	if utf8.RuneCountInString(a.Description) > 512 {
80
		return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.description.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
81 82
	}

83 84
	if len(a.IconURL) > 0 {
		if len(a.IconURL) > 512 || !IsValidHttpUrl(a.IconURL) {
85
			return NewAppError("OAuthApp.IsValid", "model.oauth.is_valid.icon_url.app_error", nil, "app_id="+a.Id, http.StatusBadRequest)
86 87 88
		}
	}

89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112
	return nil
}

// PreSave will set the Id and ClientSecret if missing.  It will also fill
// in the CreateAt, UpdateAt times. It should be run before saving the app to the db.
func (a *OAuthApp) PreSave() {
	if a.Id == "" {
		a.Id = NewId()
	}

	if a.ClientSecret == "" {
		a.ClientSecret = NewId()
	}

	a.CreateAt = GetMillis()
	a.UpdateAt = a.CreateAt
}

// PreUpdate should be run before updating the app in the db.
func (a *OAuthApp) PreUpdate() {
	a.UpdateAt = GetMillis()
}

func (a *OAuthApp) ToJson() string {
Chris's avatar
Chris committed
113 114
	b, _ := json.Marshal(a)
	return string(b)
115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137
}

// Generate a valid strong etag so the browser can cache the results
func (a *OAuthApp) Etag() string {
	return Etag(a.Id, a.UpdateAt)
}

// Remove any private data from the app object
func (a *OAuthApp) Sanitize() {
	a.ClientSecret = ""
}

func (a *OAuthApp) IsValidRedirectURL(url string) bool {
	for _, u := range a.CallbackUrls {
		if u == url {
			return true
		}
	}

	return false
}

func OAuthAppFromJson(data io.Reader) *OAuthApp {
Chris's avatar
Chris committed
138 139 140
	var app *OAuthApp
	json.NewDecoder(data).Decode(&app)
	return app
141 142
}

143
func OAuthAppListToJson(l []*OAuthApp) string {
Chris's avatar
Chris committed
144 145
	b, _ := json.Marshal(l)
	return string(b)
146 147 148 149
}

func OAuthAppListFromJson(data io.Reader) []*OAuthApp {
	var o []*OAuthApp
Chris's avatar
Chris committed
150 151
	json.NewDecoder(data).Decode(&o)
	return o
152
}