2017-08-16 23:37:37 +02:00
|
|
|
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
2020-08-10 00:29:54 +02:00
|
|
|
// See LICENSE.txt for license information.
|
2016-04-10 23:39:38 +02:00
|
|
|
|
|
|
|
package model
|
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
|
|
|
"io"
|
2020-08-10 00:29:54 +02:00
|
|
|
"strconv"
|
2016-09-17 15:19:18 +02:00
|
|
|
"strings"
|
2020-08-10 00:29:54 +02:00
|
|
|
|
|
|
|
"github.com/mattermost/mattermost-server/v5/mlog"
|
2016-04-10 23:39:38 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2017-08-16 23:37:37 +02:00
|
|
|
SESSION_COOKIE_TOKEN = "MMAUTHTOKEN"
|
|
|
|
SESSION_COOKIE_USER = "MMUSERID"
|
2020-08-10 00:29:54 +02:00
|
|
|
SESSION_COOKIE_CSRF = "MMCSRF"
|
2017-08-16 23:37:37 +02:00
|
|
|
SESSION_CACHE_SIZE = 35000
|
|
|
|
SESSION_PROP_PLATFORM = "platform"
|
|
|
|
SESSION_PROP_OS = "os"
|
|
|
|
SESSION_PROP_BROWSER = "browser"
|
|
|
|
SESSION_PROP_TYPE = "type"
|
|
|
|
SESSION_PROP_USER_ACCESS_TOKEN_ID = "user_access_token_id"
|
2020-08-10 00:29:54 +02:00
|
|
|
SESSION_PROP_IS_BOT = "is_bot"
|
|
|
|
SESSION_PROP_IS_BOT_VALUE = "true"
|
2017-08-16 23:37:37 +02:00
|
|
|
SESSION_TYPE_USER_ACCESS_TOKEN = "UserAccessToken"
|
2020-08-10 00:29:54 +02:00
|
|
|
SESSION_PROP_IS_GUEST = "is_guest"
|
2017-08-16 23:37:37 +02:00
|
|
|
SESSION_ACTIVITY_TIMEOUT = 1000 * 60 * 5 // 5 minutes
|
|
|
|
SESSION_USER_ACCESS_TOKEN_EXPIRY = 100 * 365 // 100 years
|
2016-04-10 23:39:38 +02:00
|
|
|
)
|
|
|
|
|
2020-10-19 23:40:00 +02:00
|
|
|
//msgp:tuple Session
|
|
|
|
|
|
|
|
// Session contains the user session details.
|
|
|
|
// This struct's serializer methods are auto-generated. If a new field is added/removed,
|
|
|
|
// please run make gen-serialized.
|
2016-04-10 23:39:38 +02:00
|
|
|
type Session struct {
|
2016-05-15 23:02:30 +02:00
|
|
|
Id string `json:"id"`
|
|
|
|
Token string `json:"token"`
|
|
|
|
CreateAt int64 `json:"create_at"`
|
|
|
|
ExpiresAt int64 `json:"expires_at"`
|
|
|
|
LastActivityAt int64 `json:"last_activity_at"`
|
|
|
|
UserId string `json:"user_id"`
|
|
|
|
DeviceId string `json:"device_id"`
|
|
|
|
Roles string `json:"roles"`
|
|
|
|
IsOAuth bool `json:"is_oauth"`
|
2020-10-19 23:40:00 +02:00
|
|
|
ExpiredNotify bool `json:"expired_notify"`
|
2016-05-15 23:02:30 +02:00
|
|
|
Props StringMap `json:"props"`
|
|
|
|
TeamMembers []*TeamMember `json:"team_members" db:"-"`
|
2020-08-10 00:29:54 +02:00
|
|
|
Local bool `json:"local" db:"-"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// Returns true if the session is unrestricted, which should grant it
|
|
|
|
// with all permissions. This is used for local mode sessions
|
|
|
|
func (me *Session) IsUnrestricted() bool {
|
|
|
|
return me.Local
|
2016-04-10 23:39:38 +02:00
|
|
|
}
|
|
|
|
|
2018-02-09 00:11:04 +01:00
|
|
|
func (me *Session) DeepCopy() *Session {
|
2018-11-18 18:55:05 +01:00
|
|
|
copySession := *me
|
|
|
|
|
|
|
|
if me.Props != nil {
|
|
|
|
copySession.Props = CopyStringMap(me.Props)
|
|
|
|
}
|
|
|
|
|
|
|
|
if me.TeamMembers != nil {
|
|
|
|
copySession.TeamMembers = make([]*TeamMember, len(me.TeamMembers))
|
|
|
|
for index, tm := range me.TeamMembers {
|
|
|
|
copySession.TeamMembers[index] = new(TeamMember)
|
|
|
|
*copySession.TeamMembers[index] = *tm
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return ©Session
|
2018-02-09 00:11:04 +01:00
|
|
|
}
|
|
|
|
|
2016-04-10 23:39:38 +02:00
|
|
|
func (me *Session) ToJson() string {
|
2018-11-18 18:55:05 +01:00
|
|
|
b, _ := json.Marshal(me)
|
|
|
|
return string(b)
|
2016-04-10 23:39:38 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func SessionFromJson(data io.Reader) *Session {
|
2018-11-18 18:55:05 +01:00
|
|
|
var me *Session
|
|
|
|
json.NewDecoder(data).Decode(&me)
|
|
|
|
return me
|
2016-04-10 23:39:38 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (me *Session) PreSave() {
|
|
|
|
if me.Id == "" {
|
|
|
|
me.Id = NewId()
|
|
|
|
}
|
|
|
|
|
2017-08-16 23:37:37 +02:00
|
|
|
if me.Token == "" {
|
|
|
|
me.Token = NewId()
|
|
|
|
}
|
2016-04-10 23:39:38 +02:00
|
|
|
|
|
|
|
me.CreateAt = GetMillis()
|
|
|
|
me.LastActivityAt = me.CreateAt
|
|
|
|
|
|
|
|
if me.Props == nil {
|
|
|
|
me.Props = make(map[string]string)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (me *Session) Sanitize() {
|
|
|
|
me.Token = ""
|
|
|
|
}
|
|
|
|
|
|
|
|
func (me *Session) IsExpired() bool {
|
|
|
|
|
|
|
|
if me.ExpiresAt <= 0 {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
if GetMillis() > me.ExpiresAt {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2020-10-19 23:40:00 +02:00
|
|
|
// Deprecated: SetExpireInDays is deprecated and should not be used.
|
|
|
|
// Use (*App).SetSessionExpireInDays instead which handles the
|
|
|
|
// cases where the new ExpiresAt is not relative to CreateAt.
|
2016-04-10 23:39:38 +02:00
|
|
|
func (me *Session) SetExpireInDays(days int) {
|
2016-08-15 18:47:31 +02:00
|
|
|
if me.CreateAt == 0 {
|
|
|
|
me.ExpiresAt = GetMillis() + (1000 * 60 * 60 * 24 * int64(days))
|
|
|
|
} else {
|
|
|
|
me.ExpiresAt = me.CreateAt + (1000 * 60 * 60 * 24 * int64(days))
|
|
|
|
}
|
2016-04-10 23:39:38 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (me *Session) AddProp(key string, value string) {
|
|
|
|
|
|
|
|
if me.Props == nil {
|
|
|
|
me.Props = make(map[string]string)
|
|
|
|
}
|
|
|
|
|
|
|
|
me.Props[key] = value
|
|
|
|
}
|
|
|
|
|
2016-05-15 23:02:30 +02:00
|
|
|
func (me *Session) GetTeamByTeamId(teamId string) *TeamMember {
|
|
|
|
for _, team := range me.TeamMembers {
|
|
|
|
if team.TeamId == teamId {
|
|
|
|
return team
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-09-17 15:19:18 +02:00
|
|
|
func (me *Session) IsMobileApp() bool {
|
2020-08-10 00:29:54 +02:00
|
|
|
return len(me.DeviceId) > 0 || me.IsMobile()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (me *Session) IsMobile() bool {
|
|
|
|
val, ok := me.Props[USER_AUTH_SERVICE_IS_MOBILE]
|
|
|
|
if !ok {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
isMobile, err := strconv.ParseBool(val)
|
|
|
|
if err != nil {
|
|
|
|
mlog.Error("Error parsing boolean property from Session", mlog.Err(err))
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return isMobile
|
|
|
|
}
|
|
|
|
|
|
|
|
func (me *Session) IsSaml() bool {
|
|
|
|
val, ok := me.Props[USER_AUTH_SERVICE_IS_SAML]
|
|
|
|
if !ok {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
isSaml, err := strconv.ParseBool(val)
|
|
|
|
if err != nil {
|
|
|
|
mlog.Error("Error parsing boolean property from Session", mlog.Err(err))
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return isSaml
|
|
|
|
}
|
|
|
|
|
2020-10-19 23:40:00 +02:00
|
|
|
func (me *Session) IsOAuthUser() bool {
|
|
|
|
val, ok := me.Props[USER_AUTH_SERVICE_IS_OAUTH]
|
|
|
|
if !ok {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
isOAuthUser, err := strconv.ParseBool(val)
|
|
|
|
if err != nil {
|
|
|
|
mlog.Error("Error parsing boolean property from Session", mlog.Err(err))
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return isOAuthUser
|
|
|
|
}
|
|
|
|
|
2020-08-10 00:29:54 +02:00
|
|
|
func (me *Session) IsSSOLogin() bool {
|
2020-10-19 23:40:00 +02:00
|
|
|
return me.IsOAuthUser() || me.IsSaml()
|
2016-09-17 15:19:18 +02:00
|
|
|
}
|
|
|
|
|
2016-11-12 22:00:53 +01:00
|
|
|
func (me *Session) GetUserRoles() []string {
|
|
|
|
return strings.Fields(me.Roles)
|
|
|
|
}
|
|
|
|
|
2018-11-18 18:55:05 +01:00
|
|
|
func (me *Session) GenerateCSRF() string {
|
|
|
|
token := NewId()
|
|
|
|
me.AddProp("csrf", token)
|
|
|
|
return token
|
|
|
|
}
|
|
|
|
|
|
|
|
func (me *Session) GetCSRF() string {
|
|
|
|
if me.Props == nil {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
|
|
|
return me.Props["csrf"]
|
|
|
|
}
|
|
|
|
|
2016-04-10 23:39:38 +02:00
|
|
|
func SessionsToJson(o []*Session) string {
|
|
|
|
if b, err := json.Marshal(o); err != nil {
|
|
|
|
return "[]"
|
|
|
|
} else {
|
|
|
|
return string(b)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func SessionsFromJson(data io.Reader) []*Session {
|
|
|
|
var o []*Session
|
2018-11-18 18:55:05 +01:00
|
|
|
json.NewDecoder(data).Decode(&o)
|
|
|
|
return o
|
2016-04-10 23:39:38 +02:00
|
|
|
}
|