mirror of
https://github.com/mattermost/mattermost.git
synced 2026-02-03 20:40:00 -05:00
293 lines
7.2 KiB
Go
293 lines
7.2 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package model
|
|
|
|
import (
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/mattermost/mattermost/server/public/shared/mlog"
|
|
)
|
|
|
|
const (
|
|
SessionCookieToken = "MMAUTHTOKEN"
|
|
SessionCookieUser = "MMUSERID"
|
|
SessionCookieCsrf = "MMCSRF"
|
|
SessionCookieCloudUrl = "MMCLOUDURL"
|
|
SessionCacheSize = 35000
|
|
SessionPropPlatform = "platform"
|
|
SessionPropOs = "os"
|
|
SessionPropBrowser = "browser"
|
|
SessionPropType = "type"
|
|
SessionPropUserAccessTokenId = "user_access_token_id"
|
|
SessionPropIsBot = "is_bot"
|
|
SessionPropIsBotValue = "true"
|
|
SessionPropOAuthAppID = "oauth_app_id"
|
|
SessionPropMattermostAppID = "mattermost_app_id"
|
|
SessionPropLastRemovedDeviceId = "last_removed_device_id"
|
|
SessionPropDeviceNotificationDisabled = "device_notification_disabled"
|
|
SessionPropMobileVersion = "mobile_version"
|
|
SessionTypeUserAccessToken = "UserAccessToken"
|
|
SessionTypeCloudKey = "CloudKey"
|
|
SessionTypeRemoteclusterToken = "RemoteClusterToken"
|
|
SessionPropIsGuest = "is_guest"
|
|
SessionActivityTimeout = 1000 * 60 * 5 // 5 minutes
|
|
SessionUserAccessTokenExpiryHours = 100 * 365 * 24 // 100 years
|
|
)
|
|
|
|
//msgp:tuple StringMap
|
|
type StringMap map[string]string
|
|
|
|
type MobileSessionMetadata struct {
|
|
Version string
|
|
Platform string
|
|
Count float64
|
|
NotificationDisabled string
|
|
}
|
|
|
|
// Session contains the user session details.
|
|
// This struct's serializer methods are auto-generated. If a new field is added/removed,
|
|
// please run make gen-serialized.
|
|
//
|
|
//msgp:tuple Session
|
|
type Session struct {
|
|
Id string `json:"id"`
|
|
Token string `json:"token"`
|
|
CreateAt int64 `json:"create_at"`
|
|
ExpiresAt int64 `json:"expires_at"`
|
|
LastActivityAt int64 `json:"last_activity_at"`
|
|
UserId string `json:"user_id"`
|
|
DeviceId string `json:"device_id"`
|
|
Roles string `json:"roles"`
|
|
IsOAuth bool `json:"is_oauth"`
|
|
ExpiredNotify bool `json:"expired_notify"`
|
|
Props StringMap `json:"props"`
|
|
TeamMembers []*TeamMember `json:"team_members" db:"-"`
|
|
Local bool `json:"local" db:"-"`
|
|
}
|
|
|
|
func (s *Session) Auditable() map[string]any {
|
|
return map[string]any{
|
|
"id": s.Id,
|
|
"create_at": s.CreateAt,
|
|
"expires_at": s.ExpiresAt,
|
|
"last_activity_at": s.LastActivityAt,
|
|
"user_id": s.UserId,
|
|
"device_id": s.DeviceId,
|
|
"roles": s.Roles,
|
|
"is_oauth": s.IsOAuth,
|
|
"expired_notify": s.ExpiredNotify,
|
|
"local": s.Local,
|
|
}
|
|
}
|
|
|
|
// IsUnrestricted returns true if the session is unrestricted, which should grant it
|
|
// with all permissions. This is used for local mode sessions
|
|
func (s *Session) IsUnrestricted() bool {
|
|
return s.Local
|
|
}
|
|
|
|
func (s *Session) DeepCopy() *Session {
|
|
copySession := *s
|
|
|
|
if s.Props != nil {
|
|
copySession.Props = CopyStringMap(s.Props)
|
|
}
|
|
|
|
if s.TeamMembers != nil {
|
|
copySession.TeamMembers = make([]*TeamMember, len(s.TeamMembers))
|
|
for index, tm := range s.TeamMembers {
|
|
copySession.TeamMembers[index] = new(TeamMember)
|
|
*copySession.TeamMembers[index] = *tm
|
|
}
|
|
}
|
|
|
|
return ©Session
|
|
}
|
|
|
|
func (s *Session) IsValid() *AppError {
|
|
if !IsValidId(s.Id) {
|
|
return NewAppError("Session.IsValid", "model.session.is_valid.id.app_error", nil, "", http.StatusBadRequest)
|
|
}
|
|
|
|
if !IsValidId(s.UserId) {
|
|
return NewAppError("Session.IsValid", "model.session.is_valid.user_id.app_error", nil, "", http.StatusBadRequest)
|
|
}
|
|
|
|
if s.CreateAt == 0 {
|
|
return NewAppError("Session.IsValid", "model.session.is_valid.create_at.app_error", nil, "", http.StatusBadRequest)
|
|
}
|
|
|
|
if len(s.Roles) > UserRolesMaxLength {
|
|
return NewAppError("Session.IsValid", "model.session.is_valid.roles_limit.app_error",
|
|
map[string]any{"Limit": UserRolesMaxLength}, "session_id="+s.Id, http.StatusBadRequest)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s *Session) PreSave() {
|
|
if s.Id == "" {
|
|
s.Id = NewId()
|
|
}
|
|
|
|
if s.Token == "" {
|
|
s.Token = NewId()
|
|
}
|
|
|
|
s.CreateAt = GetMillis()
|
|
s.LastActivityAt = s.CreateAt
|
|
|
|
if s.Props == nil {
|
|
s.Props = make(map[string]string)
|
|
}
|
|
}
|
|
|
|
func (s *Session) Sanitize() {
|
|
s.Token = ""
|
|
}
|
|
|
|
func (s *Session) IsExpired() bool {
|
|
if s.ExpiresAt <= 0 {
|
|
return false
|
|
}
|
|
|
|
if GetMillis() > s.ExpiresAt {
|
|
return true
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
func (s *Session) AddProp(key string, value string) {
|
|
if s.Props == nil {
|
|
s.Props = make(map[string]string)
|
|
}
|
|
|
|
s.Props[key] = value
|
|
}
|
|
|
|
func (s *Session) GetTeamByTeamId(teamId string) *TeamMember {
|
|
for _, tm := range s.TeamMembers {
|
|
if tm.TeamId == teamId {
|
|
return tm
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (s *Session) IsMobileApp() bool {
|
|
return s.DeviceId != "" || s.IsMobile()
|
|
}
|
|
|
|
func (s *Session) IsMobile() bool {
|
|
val, ok := s.Props[UserAuthServiceIsMobile]
|
|
if !ok {
|
|
return false
|
|
}
|
|
isMobile, err := strconv.ParseBool(val)
|
|
if err != nil {
|
|
mlog.Debug("Error parsing boolean property from Session", mlog.Err(err))
|
|
return false
|
|
}
|
|
return isMobile
|
|
}
|
|
|
|
func (s *Session) IsSaml() bool {
|
|
val, ok := s.Props[UserAuthServiceIsSaml]
|
|
if !ok {
|
|
return false
|
|
}
|
|
isSaml, err := strconv.ParseBool(val)
|
|
if err != nil {
|
|
mlog.Debug("Error parsing boolean property from Session", mlog.Err(err))
|
|
return false
|
|
}
|
|
return isSaml
|
|
}
|
|
|
|
func (s *Session) IsOAuthUser() bool {
|
|
val, ok := s.Props[UserAuthServiceIsOAuth]
|
|
if !ok {
|
|
return false
|
|
}
|
|
isOAuthUser, err := strconv.ParseBool(val)
|
|
if err != nil {
|
|
mlog.Debug("Error parsing boolean property from Session", mlog.Err(err))
|
|
return false
|
|
}
|
|
return isOAuthUser
|
|
}
|
|
|
|
func (s *Session) IsBotUser() bool {
|
|
val, ok := s.Props[SessionPropIsBot]
|
|
if !ok {
|
|
return false
|
|
}
|
|
if val == SessionPropIsBotValue {
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (s *Session) IsUserAccessToken() bool {
|
|
val, ok := s.Props[SessionPropType]
|
|
if !ok {
|
|
return false
|
|
}
|
|
if val == SessionTypeUserAccessToken {
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
// Returns true when session is authenticated as a bot, by personal access token, or is an OAuth app.
|
|
// Does not indicate other forms of integrations e.g. webhooks, slash commands, etc.
|
|
func (s *Session) IsIntegration() bool {
|
|
return s.IsBotUser() || s.IsUserAccessToken() || s.IsOAuth
|
|
}
|
|
|
|
func (s *Session) IsSSOLogin() bool {
|
|
return s.IsOAuthUser() || s.IsSaml()
|
|
}
|
|
|
|
func (s *Session) IsGuest() bool {
|
|
val, ok := s.Props[SessionPropIsGuest]
|
|
if !ok {
|
|
return false
|
|
}
|
|
return val == "true"
|
|
}
|
|
|
|
func (s *Session) GetUserRoles() []string {
|
|
return strings.Fields(s.Roles)
|
|
}
|
|
|
|
func (s *Session) GenerateCSRF() string {
|
|
token := NewId()
|
|
s.AddProp("csrf", token)
|
|
return token
|
|
}
|
|
|
|
func (s *Session) GetCSRF() string {
|
|
if s.Props == nil {
|
|
return ""
|
|
}
|
|
|
|
return s.Props["csrf"]
|
|
}
|
|
|
|
func (s *Session) CreateAt_() float64 {
|
|
return float64(s.CreateAt)
|
|
}
|
|
|
|
func (s *Session) ExpiresAt_() float64 {
|
|
return float64(s.ExpiresAt)
|
|
}
|
|
|
|
func (s *Session) LastActivityAt_() float64 {
|
|
return float64(s.LastActivityAt)
|
|
}
|