From bdde1ff5c2fae732531ba8770d473a777321a23a Mon Sep 17 00:00:00 2001 From: Jared Hilton Date: Tue, 7 Feb 2017 12:15:54 -0600 Subject: [PATCH 1/8] Fix 3651; get user role with user-id in headers --- packages/rocketchat-api/server/default/info.js | 10 +++++++++- packages/rocketchat-api/server/v1/misc.js | 10 +++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/packages/rocketchat-api/server/default/info.js b/packages/rocketchat-api/server/default/info.js index adf7a094db0..d52ef97311b 100644 --- a/packages/rocketchat-api/server/default/info.js +++ b/packages/rocketchat-api/server/default/info.js @@ -1,5 +1,13 @@ RocketChat.API.default.addRoute('info', { authRequired: false }, { get: function() { - return RocketChat.Info; + if (this.request.headers['x-user-id'] != null && RocketChat.authz.hasRole(this.request.headers['x-user-id'], 'admin')) { + return RocketChat.Info; + } + + return RocketChat.API.v1.success({ + info: { + "version": RocketChat.Info.version + } + }); } }); diff --git a/packages/rocketchat-api/server/v1/misc.js b/packages/rocketchat-api/server/v1/misc.js index 6a2a5802769..03f69389b0a 100644 --- a/packages/rocketchat-api/server/v1/misc.js +++ b/packages/rocketchat-api/server/v1/misc.js @@ -1,7 +1,15 @@ RocketChat.API.v1.addRoute('info', { authRequired: false }, { get: function() { + if (this.request.headers['x-user-id'] != null && RocketChat.authz.hasRole(this.request.headers['x-user-id'], 'admin')) { + return { + info: RocketChat.Info + } + } + return RocketChat.API.v1.success({ - info: RocketChat.Info + info: { + "version": RocketChat.Info.version + } }); } }); From 2804b439ae0b2208ff4b18cd5a81e1ed8b226f3d Mon Sep 17 00:00:00 2001 From: Jared Hilton Date: Tue, 7 Feb 2017 12:29:20 -0600 Subject: [PATCH 2/8] Fix eslint errors --- packages/rocketchat-api/server/default/info.js | 2 +- packages/rocketchat-api/server/v1/misc.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/rocketchat-api/server/default/info.js b/packages/rocketchat-api/server/default/info.js index d52ef97311b..23c2b7c1b00 100644 --- a/packages/rocketchat-api/server/default/info.js +++ b/packages/rocketchat-api/server/default/info.js @@ -6,7 +6,7 @@ RocketChat.API.default.addRoute('info', { authRequired: false }, { return RocketChat.API.v1.success({ info: { - "version": RocketChat.Info.version + 'version': RocketChat.Info.version } }); } diff --git a/packages/rocketchat-api/server/v1/misc.js b/packages/rocketchat-api/server/v1/misc.js index 03f69389b0a..abecc0118ac 100644 --- a/packages/rocketchat-api/server/v1/misc.js +++ b/packages/rocketchat-api/server/v1/misc.js @@ -3,12 +3,12 @@ RocketChat.API.v1.addRoute('info', { authRequired: false }, { if (this.request.headers['x-user-id'] != null && RocketChat.authz.hasRole(this.request.headers['x-user-id'], 'admin')) { return { info: RocketChat.Info - } + }; } return RocketChat.API.v1.success({ info: { - "version": RocketChat.Info.version + 'version': RocketChat.Info.version } }); } From 6af61d710e7fef827697f300d09441e67af5a315 Mon Sep 17 00:00:00 2001 From: jaredhilton Date: Tue, 7 Feb 2017 15:40:55 -0600 Subject: [PATCH 3/8] For #3651, adjustments based on requested changes --- packages/rocketchat-api/package.js | 5 +++++ .../server/default/helpers/getLoggedInUser.js | 9 +++++++++ packages/rocketchat-api/server/default/info.js | 8 ++++++-- .../rocketchat-api/server/v1/helpers/getLoggedInUser.js | 9 +++++++++ packages/rocketchat-api/server/v1/misc.js | 4 +++- 5 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 packages/rocketchat-api/server/default/helpers/getLoggedInUser.js create mode 100644 packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js diff --git a/packages/rocketchat-api/package.js b/packages/rocketchat-api/package.js index d2eee06b508..6918b5f1da8 100644 --- a/packages/rocketchat-api/package.js +++ b/packages/rocketchat-api/package.js @@ -20,7 +20,12 @@ Package.onUse(function(api) { api.addFiles('server/v1/helpers/getPaginationItems.js', 'server'); api.addFiles('server/v1/helpers/getUserFromParams.js', 'server'); api.addFiles('server/v1/helpers/parseJsonQuery.js', 'server'); + api.addFiles('server/v1/helpers/getLoggedInUser.js', 'server'); + //Register default helpers + api.addFiles('server/default/helpers/getLoggedInUser.js', 'server'); + + //Add default routes api.addFiles('server/default/info.js', 'server'); api.addFiles('server/default/metrics.js', 'server'); diff --git a/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js b/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js new file mode 100644 index 00000000000..7e1b54142b2 --- /dev/null +++ b/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js @@ -0,0 +1,9 @@ +RocketChat.API.default.helperMethods.set('getLoggedInUser', function _getLoggedInUser() { + let user; + + if (this.request.headers['x-user-id'] && this.request.headers['x-auth-token']) { + user = RocketChat.models.Users.findOneById(this.request.headers['x-user-id']); + } + + return user; +}); diff --git a/packages/rocketchat-api/server/default/info.js b/packages/rocketchat-api/server/default/info.js index 23c2b7c1b00..d0844b3c05e 100644 --- a/packages/rocketchat-api/server/default/info.js +++ b/packages/rocketchat-api/server/default/info.js @@ -1,7 +1,11 @@ RocketChat.API.default.addRoute('info', { authRequired: false }, { get: function() { - if (this.request.headers['x-user-id'] != null && RocketChat.authz.hasRole(this.request.headers['x-user-id'], 'admin')) { - return RocketChat.Info; + let user = this.getLoggedInUser(); + + if (user && RocketChat.authz.hasRole(user._id, 'admin')) { + return { + info: RocketChat.Info + }; } return RocketChat.API.v1.success({ diff --git a/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js b/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js new file mode 100644 index 00000000000..33fa3237049 --- /dev/null +++ b/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js @@ -0,0 +1,9 @@ +RocketChat.API.v1.helperMethods.set('getLoggedInUser', function _getLoggedInUser() { + let user; + + if (this.request.headers['x-user-id'] && this.request.headers['x-auth-token']) { + user = RocketChat.models.Users.findOneById(this.request.headers['x-user-id']); + } + + return user; +}); diff --git a/packages/rocketchat-api/server/v1/misc.js b/packages/rocketchat-api/server/v1/misc.js index abecc0118ac..7d861e5b3a1 100644 --- a/packages/rocketchat-api/server/v1/misc.js +++ b/packages/rocketchat-api/server/v1/misc.js @@ -1,6 +1,8 @@ RocketChat.API.v1.addRoute('info', { authRequired: false }, { get: function() { - if (this.request.headers['x-user-id'] != null && RocketChat.authz.hasRole(this.request.headers['x-user-id'], 'admin')) { + let user = this.getLoggedInUser(); + + if (user && RocketChat.authz.hasRole(user._id, 'admin')) { return { info: RocketChat.Info }; From af1a3422c0cbcd6594d6cb0c2511218c17d2bb89 Mon Sep 17 00:00:00 2001 From: jaredhilton Date: Tue, 7 Feb 2017 15:49:09 -0600 Subject: [PATCH 4/8] Make user const --- packages/rocketchat-api/server/default/info.js | 2 +- packages/rocketchat-api/server/v1/misc.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/rocketchat-api/server/default/info.js b/packages/rocketchat-api/server/default/info.js index d0844b3c05e..744e6494229 100644 --- a/packages/rocketchat-api/server/default/info.js +++ b/packages/rocketchat-api/server/default/info.js @@ -1,6 +1,6 @@ RocketChat.API.default.addRoute('info', { authRequired: false }, { get: function() { - let user = this.getLoggedInUser(); + const user = this.getLoggedInUser(); if (user && RocketChat.authz.hasRole(user._id, 'admin')) { return { diff --git a/packages/rocketchat-api/server/v1/misc.js b/packages/rocketchat-api/server/v1/misc.js index 7d861e5b3a1..066a6ccc764 100644 --- a/packages/rocketchat-api/server/v1/misc.js +++ b/packages/rocketchat-api/server/v1/misc.js @@ -1,6 +1,6 @@ RocketChat.API.v1.addRoute('info', { authRequired: false }, { get: function() { - let user = this.getLoggedInUser(); + const user = this.getLoggedInUser(); if (user && RocketChat.authz.hasRole(user._id, 'admin')) { return { From 60ba24db843aa3531278736367149fc66ff76815 Mon Sep 17 00:00:00 2001 From: jaredhilton Date: Wed, 8 Feb 2017 13:35:19 -0600 Subject: [PATCH 5/8] Updates getLoggedInUser to get user by token --- .../server/default/helpers/getLoggedInUser.js | 6 +++-- .../server/v1/helpers/getLoggedInUser.js | 26 +++++++++++++++++-- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js b/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js index 7e1b54142b2..92497cb48b7 100644 --- a/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js +++ b/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js @@ -1,8 +1,10 @@ RocketChat.API.default.helperMethods.set('getLoggedInUser', function _getLoggedInUser() { + let token; let user; - if (this.request.headers['x-user-id'] && this.request.headers['x-auth-token']) { - user = RocketChat.models.Users.findOneById(this.request.headers['x-user-id']); + if (this.request.headers['x-auth-token']) { + token = Accounts._hashLoginToken(this.request.headers['x-auth-token']); + user = RocketChat.models.Users.findOne({'services.resume.loginTokens.hashedToken': token}); } return user; diff --git a/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js b/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js index 33fa3237049..06d79c5c401 100644 --- a/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js +++ b/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js @@ -1,9 +1,31 @@ RocketChat.API.v1.helperMethods.set('getLoggedInUser', function _getLoggedInUser() { + let token; let user; - if (this.request.headers['x-user-id'] && this.request.headers['x-auth-token']) { - user = RocketChat.models.Users.findOneById(this.request.headers['x-user-id']); + if (this.request.headers['x-auth-token']) { + token = Accounts._hashLoginToken(this.request.headers['x-auth-token']); + user = RocketChat.models.Users.findOne({'services.resume.loginTokens.hashedToken': token}); } return user; }); + +// const auth = function _auth () { +// const invalidResults = [undefined, null, false]; +// return { +// token: 'services.resume.loginTokens.hashedToken', +// user: function(headerId, headerToken) { + + +// let token; +// if (headerToken) { +// token = Accounts._hashLoginToken(headerToken); +// } + +// return { +// userId: headerId, +// token +// }; +// } +// }; +// } From 4f3f0c6d1255e71b02fd4469377d036baa1b3c5b Mon Sep 17 00:00:00 2001 From: jaredhilton Date: Wed, 8 Feb 2017 13:38:20 -0600 Subject: [PATCH 6/8] Remove unneeded comments --- .../server/v1/helpers/getLoggedInUser.js | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js b/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js index 06d79c5c401..4e5a0065040 100644 --- a/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js +++ b/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js @@ -9,23 +9,3 @@ RocketChat.API.v1.helperMethods.set('getLoggedInUser', function _getLoggedInUser return user; }); - -// const auth = function _auth () { -// const invalidResults = [undefined, null, false]; -// return { -// token: 'services.resume.loginTokens.hashedToken', -// user: function(headerId, headerToken) { - - -// let token; -// if (headerToken) { -// token = Accounts._hashLoginToken(headerToken); -// } - -// return { -// userId: headerId, -// token -// }; -// } -// }; -// } From e5464f35bf4c52e8e45d22665f33fb19d2442fa8 Mon Sep 17 00:00:00 2001 From: jaredhilton Date: Wed, 8 Feb 2017 15:58:10 -0600 Subject: [PATCH 7/8] Get user by token AND user id, make /api/info match expected properties --- .../server/default/helpers/getLoggedInUser.js | 9 +++++---- packages/rocketchat-api/server/default/info.js | 9 ++++----- .../rocketchat-api/server/v1/helpers/getLoggedInUser.js | 9 +++++---- packages/rocketchat-api/server/v1/misc.js | 4 ++-- 4 files changed, 16 insertions(+), 15 deletions(-) diff --git a/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js b/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js index 92497cb48b7..bfca9f0d11b 100644 --- a/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js +++ b/packages/rocketchat-api/server/default/helpers/getLoggedInUser.js @@ -1,10 +1,11 @@ RocketChat.API.default.helperMethods.set('getLoggedInUser', function _getLoggedInUser() { - let token; let user; - if (this.request.headers['x-auth-token']) { - token = Accounts._hashLoginToken(this.request.headers['x-auth-token']); - user = RocketChat.models.Users.findOne({'services.resume.loginTokens.hashedToken': token}); + if (this.request.headers['x-auth-token'] && this.request.headers['x-user-id']) { + user = RocketChat.models.Users.findOne({ + '_id': this.request.headers['x-user-id'], + 'services.resume.loginTokens.hashedToken': Accounts._hashLoginToken(this.request.headers['x-auth-token']) + }); } return user; diff --git a/packages/rocketchat-api/server/default/info.js b/packages/rocketchat-api/server/default/info.js index 744e6494229..5faa4342c06 100644 --- a/packages/rocketchat-api/server/default/info.js +++ b/packages/rocketchat-api/server/default/info.js @@ -3,15 +3,14 @@ RocketChat.API.default.addRoute('info', { authRequired: false }, { const user = this.getLoggedInUser(); if (user && RocketChat.authz.hasRole(user._id, 'admin')) { - return { + return RocketChat.API.v1.success({ info: RocketChat.Info - }; + }); } return RocketChat.API.v1.success({ - info: { - 'version': RocketChat.Info.version - } + version: RocketChat.Info.version, + build: RocketChat.Info.build }); } }); diff --git a/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js b/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js index 4e5a0065040..ab9d141e813 100644 --- a/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js +++ b/packages/rocketchat-api/server/v1/helpers/getLoggedInUser.js @@ -1,10 +1,11 @@ RocketChat.API.v1.helperMethods.set('getLoggedInUser', function _getLoggedInUser() { - let token; let user; - if (this.request.headers['x-auth-token']) { - token = Accounts._hashLoginToken(this.request.headers['x-auth-token']); - user = RocketChat.models.Users.findOne({'services.resume.loginTokens.hashedToken': token}); + if (this.request.headers['x-auth-token'] && this.request.headers['x-user-id']) { + user = RocketChat.models.Users.findOne({ + '_id': this.request.headers['x-user-id'], + 'services.resume.loginTokens.hashedToken': Accounts._hashLoginToken(this.request.headers['x-auth-token']) + }); } return user; diff --git a/packages/rocketchat-api/server/v1/misc.js b/packages/rocketchat-api/server/v1/misc.js index 066a6ccc764..cc2cba7cea6 100644 --- a/packages/rocketchat-api/server/v1/misc.js +++ b/packages/rocketchat-api/server/v1/misc.js @@ -3,9 +3,9 @@ RocketChat.API.v1.addRoute('info', { authRequired: false }, { const user = this.getLoggedInUser(); if (user && RocketChat.authz.hasRole(user._id, 'admin')) { - return { + return RocketChat.API.v1.success({ info: RocketChat.Info - }; + }); } return RocketChat.API.v1.success({ From 6d8c9ad5b23a62a52e0bcb2471af332da23a3211 Mon Sep 17 00:00:00 2001 From: jaredhilton Date: Thu, 9 Feb 2017 10:11:41 -0600 Subject: [PATCH 8/8] Remove build property from default info API; update tests to reflect removal --- packages/rocketchat-api/server/default/info.js | 3 +-- tests/end-to-end/api/00-miscellaneous.js | 8 -------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/packages/rocketchat-api/server/default/info.js b/packages/rocketchat-api/server/default/info.js index 5faa4342c06..7093793ab9b 100644 --- a/packages/rocketchat-api/server/default/info.js +++ b/packages/rocketchat-api/server/default/info.js @@ -9,8 +9,7 @@ RocketChat.API.default.addRoute('info', { authRequired: false }, { } return RocketChat.API.v1.success({ - version: RocketChat.Info.version, - build: RocketChat.Info.build + version: RocketChat.Info.version }); } }); diff --git a/tests/end-to-end/api/00-miscellaneous.js b/tests/end-to-end/api/00-miscellaneous.js index 9616af0f487..874f1db1708 100644 --- a/tests/end-to-end/api/00-miscellaneous.js +++ b/tests/end-to-end/api/00-miscellaneous.js @@ -29,14 +29,6 @@ describe('miscellaneous', function() { .expect(200) .expect((res) => { expect(res.body).to.have.property('version'); - expect(res.body).to.have.deep.property('build.date'); - expect(res.body).to.have.deep.property('build.nodeVersion'); - expect(res.body).to.have.deep.property('build.arch'); - expect(res.body).to.have.deep.property('build.platform'); - expect(res.body).to.have.deep.property('build.osRelease'); - expect(res.body).to.have.deep.property('build.totalMemory'); - expect(res.body).to.have.deep.property('build.freeMemory'); - expect(res.body).to.have.deep.property('build.cpus'); }) .end(done); });