2022-01-01 13:38:12 +00:00
|
|
|
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
class UsersController < ApplicationController
|
2018-02-02 11:27:19 +00:00
|
|
|
include ChecksUserAttributesByCurrentUserPermission
|
2021-09-07 10:34:10 +00:00
|
|
|
include CanPaginate
|
2018-02-02 11:27:19 +00:00
|
|
|
|
2021-08-05 08:11:35 +00:00
|
|
|
prepend_before_action -> { authorize! }, only: %i[import_example import_start search history unlock]
|
2020-06-02 12:21:08 +00:00
|
|
|
prepend_before_action :authentication_check, except: %i[create password_reset_send password_reset_verify image email_verify email_verify_send]
|
2020-08-14 12:52:20 +00:00
|
|
|
prepend_before_action :authentication_check_only, only: %i[create]
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2014-12-18 14:59:45 +00:00
|
|
|
# @path [GET] /users
|
|
|
|
#
|
2014-12-18 15:24:09 +00:00
|
|
|
# @summary Returns a list of User records.
|
|
|
|
# @notes The requester has to be in the role 'Admin' or 'Agent' to
|
|
|
|
# get a list of all Users. If the requester is in the
|
|
|
|
# role 'Customer' only just the own User record will be returned.
|
2014-12-18 14:59:45 +00:00
|
|
|
#
|
|
|
|
# @response_message 200 [Array<User>] List of matching User records.
|
2021-02-04 08:28:41 +00:00
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
2012-04-10 14:06:46 +00:00
|
|
|
def index
|
2021-08-17 05:44:54 +00:00
|
|
|
users = policy_scope(User).order(id: :asc).offset(pagination.offset).limit(pagination.limit)
|
2016-06-06 15:26:37 +00:00
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_expand?
|
2016-06-08 04:56:05 +00:00
|
|
|
list = []
|
2017-10-01 12:25:52 +00:00
|
|
|
users.each do |user|
|
2017-01-31 17:13:45 +00:00
|
|
|
list.push user.attributes_with_association_names
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2016-06-08 04:56:05 +00:00
|
|
|
render json: list, status: :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_full?
|
2016-06-06 15:26:37 +00:00
|
|
|
assets = {}
|
|
|
|
item_ids = []
|
2017-10-01 12:25:52 +00:00
|
|
|
users.each do |item|
|
2016-06-06 15:26:37 +00:00
|
|
|
item_ids.push item.id
|
|
|
|
assets = item.assets(assets)
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2016-06-06 15:26:37 +00:00
|
|
|
render json: {
|
|
|
|
record_ids: item_ids,
|
2018-12-19 17:31:51 +00:00
|
|
|
assets: assets,
|
2016-06-06 15:26:37 +00:00
|
|
|
}, status: :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
users_all = []
|
2017-10-01 12:25:52 +00:00
|
|
|
users.each do |user|
|
2017-01-31 17:13:45 +00:00
|
|
|
users_all.push User.lookup(id: user.id).attributes_with_association_ids
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2015-04-27 13:42:53 +00:00
|
|
|
render json: users_all, status: :ok
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
2014-12-18 14:59:45 +00:00
|
|
|
# @path [GET] /users/{id}
|
|
|
|
#
|
2014-12-18 15:24:09 +00:00
|
|
|
# @summary Returns the User record with the requested identifier.
|
|
|
|
# @notes The requester has to be in the role 'Admin' or 'Agent' to
|
|
|
|
# access all User records. If the requester is in the
|
|
|
|
# role 'Customer' just the own User record is accessable.
|
2014-12-18 14:59:45 +00:00
|
|
|
#
|
|
|
|
# @parameter id(required) [Integer] The identifier matching the requested User.
|
|
|
|
# @parameter full [Bool] If set a Asset structure with all connected Assets gets returned.
|
|
|
|
#
|
|
|
|
# @response_message 200 [User] User record matching the requested identifier.
|
2021-02-04 08:28:41 +00:00
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
2012-04-10 14:06:46 +00:00
|
|
|
def show
|
2017-06-16 20:43:09 +00:00
|
|
|
user = User.find(params[:id])
|
2020-03-19 09:39:51 +00:00
|
|
|
authorize!(user)
|
2014-08-13 00:12:38 +00:00
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_expand?
|
2017-06-16 20:43:09 +00:00
|
|
|
result = user.attributes_with_association_names
|
2017-12-14 13:19:24 +00:00
|
|
|
result.delete('password')
|
|
|
|
render json: result
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if response_full?
|
2017-06-16 20:43:09 +00:00
|
|
|
result = {
|
2017-12-14 13:19:24 +00:00
|
|
|
id: user.id,
|
2017-06-16 20:43:09 +00:00
|
|
|
assets: user.assets({}),
|
|
|
|
}
|
2017-12-14 13:19:24 +00:00
|
|
|
render json: result
|
|
|
|
return
|
2014-08-13 00:12:38 +00:00
|
|
|
end
|
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
result = user.attributes_with_association_ids
|
|
|
|
result.delete('password')
|
2017-06-16 20:43:09 +00:00
|
|
|
render json: result
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
2014-12-18 14:59:45 +00:00
|
|
|
# @path [POST] /users
|
|
|
|
#
|
2020-08-14 12:52:20 +00:00
|
|
|
# @summary processes requests as CRUD-like record creation, admin creation or user signup depending on circumstances
|
|
|
|
# @see #create_internal #create_admin #create_signup
|
2012-04-10 14:06:46 +00:00
|
|
|
def create
|
2020-08-14 12:52:20 +00:00
|
|
|
if current_user
|
|
|
|
create_internal
|
|
|
|
elsif params[:signup]
|
|
|
|
create_signup
|
2016-06-30 08:24:03 +00:00
|
|
|
else
|
2020-08-14 12:52:20 +00:00
|
|
|
create_admin
|
2016-06-30 08:24:03 +00:00
|
|
|
end
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
2014-12-18 14:59:45 +00:00
|
|
|
# @path [PUT] /users/{id}
|
|
|
|
#
|
2014-12-18 15:24:09 +00:00
|
|
|
# @summary Updates the User record matching the identifier with the provided attribute values.
|
2014-12-18 14:59:45 +00:00
|
|
|
# @notes TODO.
|
|
|
|
#
|
2014-12-18 15:24:09 +00:00
|
|
|
# @parameter id(required) [Integer] The identifier matching the requested User record.
|
|
|
|
# @parameter User(required,body) [User] The attribute value structure needed to update a User record.
|
2014-12-18 14:59:45 +00:00
|
|
|
#
|
|
|
|
# @response_message 200 [User] Updated User record.
|
2021-02-04 08:28:41 +00:00
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
2012-04-10 14:06:46 +00:00
|
|
|
def update
|
2016-01-20 01:48:54 +00:00
|
|
|
user = User.find(params[:id])
|
2020-03-19 09:39:51 +00:00
|
|
|
authorize!(user)
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2016-08-12 16:39:09 +00:00
|
|
|
# permission check
|
2018-02-02 11:27:19 +00:00
|
|
|
check_attributes_by_current_user_permission(params)
|
2016-09-08 19:18:26 +00:00
|
|
|
user.with_lock do
|
2017-06-16 20:43:09 +00:00
|
|
|
clean_params = User.association_name_to_id_convert(params)
|
|
|
|
clean_params = User.param_cleanup(clean_params, true)
|
2021-08-25 12:24:42 +00:00
|
|
|
clean_params[:screen] = 'update'
|
2017-09-11 11:16:08 +00:00
|
|
|
user.update!(clean_params)
|
2013-04-21 23:03:19 +00:00
|
|
|
|
2018-03-28 05:33:41 +00:00
|
|
|
# presence and permissions were checked via `check_attributes_by_current_user_permission`
|
|
|
|
privileged_attributes = params.slice(:role_ids, :roles, :group_ids, :groups, :organization_ids, :organizations)
|
2013-04-21 23:03:19 +00:00
|
|
|
|
2018-03-28 05:33:41 +00:00
|
|
|
if privileged_attributes.present?
|
|
|
|
user.associations_from_param(privileged_attributes)
|
2016-09-08 19:18:26 +00:00
|
|
|
end
|
2017-12-14 13:19:24 +00:00
|
|
|
end
|
2016-06-08 04:56:05 +00:00
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_expand?
|
|
|
|
user = user.reload.attributes_with_association_names
|
|
|
|
user.delete('password')
|
|
|
|
render json: user, status: :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if response_full?
|
|
|
|
result = {
|
|
|
|
id: user.id,
|
|
|
|
assets: user.assets({}),
|
|
|
|
}
|
|
|
|
render json: result, status: :ok
|
|
|
|
return
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2016-06-30 08:24:03 +00:00
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
user = user.reload.attributes_with_association_ids
|
|
|
|
user.delete('password')
|
|
|
|
render json: user, status: :ok
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
2014-12-18 14:59:45 +00:00
|
|
|
# @path [DELETE] /users/{id}
|
|
|
|
#
|
2014-12-18 15:24:09 +00:00
|
|
|
# @summary Deletes the User record matching the given identifier.
|
|
|
|
# @notes The requester has to be in the role 'Admin' to be able to delete a User record.
|
2014-12-18 14:59:45 +00:00
|
|
|
#
|
2014-12-18 15:24:09 +00:00
|
|
|
# @parameter id(required) [User] The identifier matching the requested User record.
|
2014-12-18 14:59:45 +00:00
|
|
|
#
|
|
|
|
# @response_message 200 User successfully deleted.
|
2021-02-04 08:28:41 +00:00
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
2012-04-10 14:06:46 +00:00
|
|
|
def destroy
|
2017-06-16 20:43:09 +00:00
|
|
|
user = User.find(params[:id])
|
2020-03-19 09:39:51 +00:00
|
|
|
authorize!(user)
|
2017-06-16 20:43:09 +00:00
|
|
|
|
2020-12-08 13:23:33 +00:00
|
|
|
model_references_check(User, params)
|
2016-11-30 10:30:03 +00:00
|
|
|
model_destroy_render(User, params)
|
2012-09-20 12:08:02 +00:00
|
|
|
end
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2016-10-24 23:54:12 +00:00
|
|
|
# @path [GET] /users/me
|
|
|
|
#
|
|
|
|
# @summary Returns the User record of current user.
|
2019-07-31 08:23:48 +00:00
|
|
|
# @notes The requester needs to have a valid authentication.
|
2016-10-24 23:54:12 +00:00
|
|
|
#
|
|
|
|
# @parameter full [Bool] If set a Asset structure with all connected Assets gets returned.
|
|
|
|
#
|
|
|
|
# @response_message 200 [User] User record matching the requested identifier.
|
2021-02-04 08:28:41 +00:00
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
2016-10-24 23:54:12 +00:00
|
|
|
def me
|
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_expand?
|
2017-01-31 17:13:45 +00:00
|
|
|
user = current_user.attributes_with_association_names
|
2017-12-14 13:19:24 +00:00
|
|
|
user.delete('password')
|
2016-10-24 23:54:12 +00:00
|
|
|
render json: user, status: :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_full?
|
2016-10-24 23:54:12 +00:00
|
|
|
full = User.full(current_user.id)
|
|
|
|
render json: full
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2017-01-31 17:13:45 +00:00
|
|
|
user = current_user.attributes_with_association_ids
|
2016-10-24 23:54:12 +00:00
|
|
|
user.delete('password')
|
|
|
|
render json: user
|
|
|
|
end
|
|
|
|
|
2014-12-18 14:59:45 +00:00
|
|
|
# @path [GET] /users/search
|
|
|
|
#
|
|
|
|
# @tag Search
|
|
|
|
# @tag User
|
|
|
|
#
|
|
|
|
# @summary Searches the User matching the given expression(s).
|
|
|
|
# @notes TODO: It's possible to use the SOLR search syntax.
|
2014-12-18 15:24:09 +00:00
|
|
|
# The requester has to be in the role 'Admin' or 'Agent' to
|
|
|
|
# be able to search for User records.
|
2014-12-18 14:59:45 +00:00
|
|
|
#
|
2021-08-25 13:08:05 +00:00
|
|
|
# @parameter query [String] The search query.
|
|
|
|
# @parameter limit [Integer] The limit of search results.
|
|
|
|
# @parameter ids(multi) [Array<Integer>] A list of User IDs which should be returned
|
|
|
|
# @parameter role_ids(multi) [Array<Integer>] A list of Role identifiers to which the Users have to be allocated to.
|
|
|
|
# @parameter group_ids(multi) [Hash<String=>Integer,Array<Integer>>] A list of Group identifiers to which the Users have to be allocated to.
|
|
|
|
# @parameter permissions(multi) [Array<String>] A list of Permission identifiers to which the Users have to be allocated to.
|
|
|
|
# @parameter full [Boolean] Defines if the result should be
|
|
|
|
# true: { user_ids => [1,2,...], assets => {...} }
|
|
|
|
# or false: [{:id => user.id, :label => "firstname lastname <email>", :value => "firstname lastname <email>"},...].
|
2014-12-18 14:59:45 +00:00
|
|
|
#
|
2014-12-18 15:24:09 +00:00
|
|
|
# @response_message 200 [Array<User>] A list of User records matching the search term.
|
2021-02-04 08:28:41 +00:00
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
2012-09-20 12:08:02 +00:00
|
|
|
def search
|
2018-04-13 07:22:55 +00:00
|
|
|
query = params[:query]
|
|
|
|
if query.respond_to?(:permit!)
|
2019-06-28 11:38:49 +00:00
|
|
|
query.permit!.to_h
|
2016-09-14 07:21:17 +00:00
|
|
|
end
|
|
|
|
|
2018-03-19 00:19:42 +00:00
|
|
|
query = params[:query] || params[:term]
|
2017-11-23 08:09:44 +00:00
|
|
|
if query.respond_to?(:permit!)
|
|
|
|
query = query.permit!.to_h
|
|
|
|
end
|
|
|
|
|
2014-09-24 23:12:23 +00:00
|
|
|
query_params = {
|
2018-12-19 17:31:51 +00:00
|
|
|
query: query,
|
2021-08-17 05:44:54 +00:00
|
|
|
limit: pagination.limit,
|
|
|
|
offset: pagination.offset,
|
2018-12-19 17:31:51 +00:00
|
|
|
sort_by: params[:sort_by],
|
|
|
|
order_by: params[:order_by],
|
2015-04-27 13:42:53 +00:00
|
|
|
current_user: current_user,
|
2014-09-24 23:12:23 +00:00
|
|
|
}
|
2021-08-10 08:14:30 +00:00
|
|
|
%i[ids role_ids group_ids permissions].each do |key|
|
2017-09-11 00:50:05 +00:00
|
|
|
next if params[key].blank?
|
2018-10-09 06:17:41 +00:00
|
|
|
|
2017-09-11 00:50:05 +00:00
|
|
|
query_params[key] = params[key]
|
2014-09-24 23:12:23 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# do query
|
|
|
|
user_all = User.search(query_params)
|
2012-11-14 01:05:53 +00:00
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_expand?
|
2016-06-08 04:56:05 +00:00
|
|
|
list = []
|
2017-10-01 12:25:52 +00:00
|
|
|
user_all.each do |user|
|
2017-01-31 17:13:45 +00:00
|
|
|
list.push user.attributes_with_association_names
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2016-06-08 04:56:05 +00:00
|
|
|
render json: list, status: :ok
|
2016-06-06 15:26:37 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
# build result list
|
2018-03-19 00:19:42 +00:00
|
|
|
if params[:label] || params[:term]
|
2014-09-24 23:12:23 +00:00
|
|
|
users = []
|
2017-10-01 12:25:52 +00:00
|
|
|
user_all.each do |user|
|
2018-03-19 10:33:47 +00:00
|
|
|
realname = user.fullname
|
|
|
|
if user.email.present? && realname != user.email
|
2018-03-19 00:19:42 +00:00
|
|
|
realname = "#{realname} <#{user.email}>"
|
2014-09-24 23:12:23 +00:00
|
|
|
end
|
2018-03-19 10:33:47 +00:00
|
|
|
a = if params[:term]
|
2021-07-28 14:21:23 +00:00
|
|
|
{ id: user.id, label: realname, value: user.email, inactive: !user.active }
|
2018-03-19 10:33:47 +00:00
|
|
|
else
|
|
|
|
{ id: user.id, label: realname, value: realname }
|
|
|
|
end
|
2014-09-24 23:12:23 +00:00
|
|
|
users.push a
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2014-09-24 23:12:23 +00:00
|
|
|
|
|
|
|
# return result
|
2015-04-27 13:42:53 +00:00
|
|
|
render json: users
|
2014-09-24 23:12:23 +00:00
|
|
|
return
|
2012-09-20 12:08:02 +00:00
|
|
|
end
|
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_full?
|
2016-09-11 13:24:10 +00:00
|
|
|
user_ids = []
|
|
|
|
assets = {}
|
2017-10-01 12:25:52 +00:00
|
|
|
user_all.each do |user|
|
2016-09-11 13:24:10 +00:00
|
|
|
assets = user.assets(assets)
|
|
|
|
user_ids.push user.id
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2016-09-11 13:24:10 +00:00
|
|
|
|
|
|
|
# return result
|
|
|
|
render json: {
|
2018-12-19 17:31:51 +00:00
|
|
|
assets: assets,
|
2016-09-11 13:24:10 +00:00
|
|
|
user_ids: user_ids.uniq,
|
|
|
|
}
|
2016-09-11 14:02:15 +00:00
|
|
|
return
|
2016-09-11 13:24:10 +00:00
|
|
|
end
|
2014-09-24 23:12:23 +00:00
|
|
|
|
2016-09-11 13:24:10 +00:00
|
|
|
list = []
|
2017-10-01 12:25:52 +00:00
|
|
|
user_all.each do |user|
|
2017-04-10 11:32:16 +00:00
|
|
|
list.push user.attributes_with_association_ids
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2016-09-11 13:24:10 +00:00
|
|
|
render json: list, status: :ok
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-04-23 06:55:16 +00:00
|
|
|
|
2014-12-18 15:12:36 +00:00
|
|
|
# @path [GET] /users/history/{id}
|
|
|
|
#
|
|
|
|
# @tag History
|
|
|
|
# @tag User
|
|
|
|
#
|
2014-12-18 15:24:09 +00:00
|
|
|
# @summary Returns the History records of a User record matching the given identifier.
|
|
|
|
# @notes The requester has to be in the role 'Admin' or 'Agent' to
|
|
|
|
# get the History records of a User record.
|
2014-12-18 15:12:36 +00:00
|
|
|
#
|
2014-12-18 15:24:09 +00:00
|
|
|
# @parameter id(required) [Integer] The identifier matching the requested User record.
|
2014-12-18 15:12:36 +00:00
|
|
|
#
|
2014-12-18 15:24:09 +00:00
|
|
|
# @response_message 200 [History] The History records of the requested User record.
|
2021-02-04 08:28:41 +00:00
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
2013-10-21 19:00:58 +00:00
|
|
|
def history
|
|
|
|
# get user data
|
2016-01-20 01:48:54 +00:00
|
|
|
user = User.find(params[:id])
|
2013-10-21 19:00:58 +00:00
|
|
|
|
|
|
|
# get history of user
|
2018-12-31 19:15:17 +00:00
|
|
|
render json: user.history_get(true)
|
2013-10-21 19:00:58 +00:00
|
|
|
end
|
|
|
|
|
2021-08-05 08:11:35 +00:00
|
|
|
# @path [PUT] /users/unlock/{id}
|
|
|
|
#
|
|
|
|
# @summary Unlocks the User record matching the identifier.
|
|
|
|
# @notes The requester have 'admin.user' permissions to be able to unlock a user.
|
|
|
|
#
|
|
|
|
# @parameter id(required) [Integer] The identifier matching the requested User record.
|
|
|
|
#
|
|
|
|
# @response_message 200 Unlocked User record.
|
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
|
|
|
def unlock
|
|
|
|
user = User.find(params[:id])
|
|
|
|
|
|
|
|
user.with_lock do
|
|
|
|
user.update!(login_failed: 0)
|
|
|
|
end
|
|
|
|
render json: { message: 'ok' }, status: :ok
|
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
|
|
|
|
2016-06-01 14:58:11 +00:00
|
|
|
Resource:
|
|
|
|
POST /api/v1/users/email_verify
|
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"token": "SoMeToKeN",
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2017-09-05 09:49:32 +00:00
|
|
|
curl http://localhost/api/v1/users/email_verify -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"token": "SoMeToKeN"}'
|
2016-06-01 14:58:11 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def email_verify
|
2021-11-15 15:58:19 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __('No token!') if !params[:token]
|
2016-06-01 14:58:11 +00:00
|
|
|
|
|
|
|
user = User.signup_verify_via_token(params[:token], current_user)
|
2021-11-15 15:58:19 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __('Invalid token!') if !user
|
2016-06-01 14:58:11 +00:00
|
|
|
|
2020-06-02 12:21:08 +00:00
|
|
|
current_user_set(user)
|
|
|
|
|
2016-06-01 14:58:11 +00:00
|
|
|
render json: { message: 'ok', user_email: user.email }, status: :ok
|
|
|
|
end
|
|
|
|
|
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
|
|
|
POST /api/v1/users/email_verify_send
|
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"email": "some_email@example.com"
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2017-09-05 09:49:32 +00:00
|
|
|
curl http://localhost/api/v1/users/email_verify_send -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"email": "some_email@example.com"}'
|
2016-06-01 14:58:11 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def email_verify_send
|
|
|
|
|
2021-11-15 15:58:19 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __('No email!') if !params[:email]
|
2016-06-01 14:58:11 +00:00
|
|
|
|
|
|
|
user = User.find_by(email: params[:email].downcase)
|
2020-06-02 12:21:08 +00:00
|
|
|
if !user || user.verified == true
|
2020-02-13 11:56:31 +00:00
|
|
|
# result is always positive to avoid leaking of existing user accounts
|
|
|
|
render json: { message: 'ok' }, status: :ok
|
|
|
|
return
|
|
|
|
end
|
2016-06-01 14:58:11 +00:00
|
|
|
|
2019-06-28 11:38:49 +00:00
|
|
|
Token.create(action: 'Signup', user_id: user.id)
|
2016-06-01 14:58:11 +00:00
|
|
|
|
|
|
|
result = User.signup_new_token(user)
|
|
|
|
if result && result[:token]
|
|
|
|
user = result[:user]
|
|
|
|
NotificationFactory::Mailer.notification(
|
|
|
|
template: 'signup',
|
2018-12-19 17:31:51 +00:00
|
|
|
user: user,
|
|
|
|
objects: result
|
2016-06-01 14:58:11 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
# token sent to user, send ok to browser
|
|
|
|
render json: { message: 'ok' }, status: :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
# unable to generate token
|
|
|
|
render json: { message: 'failed' }, status: :ok
|
|
|
|
end
|
|
|
|
|
|
|
|
=begin
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
POST /api/v1/users/password_reset
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"username": "some user name"
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2017-09-05 09:49:32 +00:00
|
|
|
curl http://localhost/api/v1/users/password_reset -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"username": "some_username"}'
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2012-04-23 06:55:16 +00:00
|
|
|
def password_reset_send
|
2013-01-08 00:43:07 +00:00
|
|
|
|
|
|
|
# check if feature is enabled
|
2021-11-15 15:58:19 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __('Feature not enabled!') if !Setting.get('user_lost_password')
|
2013-01-08 00:43:07 +00:00
|
|
|
|
2016-02-19 21:05:36 +00:00
|
|
|
result = User.password_reset_new_token(params[:username])
|
|
|
|
if result && result[:token]
|
|
|
|
|
2020-02-19 14:57:32 +00:00
|
|
|
# unable to send email
|
|
|
|
if !result[:user] || result[:user].email.blank?
|
|
|
|
render json: { message: 'failed' }, status: :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
# send password reset emails
|
2016-04-13 23:40:37 +00:00
|
|
|
NotificationFactory::Mailer.notification(
|
2016-02-19 21:05:36 +00:00
|
|
|
template: 'password_reset',
|
2020-02-19 14:57:32 +00:00
|
|
|
user: result[:user],
|
2018-12-19 17:31:51 +00:00
|
|
|
objects: result
|
2016-02-19 21:05:36 +00:00
|
|
|
)
|
2012-04-23 06:55:16 +00:00
|
|
|
end
|
2014-12-31 09:04:14 +00:00
|
|
|
|
2020-02-13 11:56:31 +00:00
|
|
|
# result is always positive to avoid leaking of existing user accounts
|
|
|
|
render json: { message: 'ok' }, status: :ok
|
2012-04-23 06:55:16 +00:00
|
|
|
end
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
POST /api/v1/users/password_reset_verify
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"token": "SoMeToKeN",
|
2014-12-30 23:51:19 +00:00
|
|
|
"password": "new_password"
|
2012-09-20 12:08:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2017-09-05 09:49:32 +00:00
|
|
|
curl http://localhost/api/v1/users/password_reset_verify -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"token": "SoMeToKeN", "password" "new_password"}'
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
2012-04-23 06:55:16 +00:00
|
|
|
def password_reset_verify
|
2014-12-30 23:51:19 +00:00
|
|
|
|
2020-02-19 14:57:32 +00:00
|
|
|
# check if feature is enabled
|
2021-11-15 15:58:19 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __('Feature not enabled!') if !Setting.get('user_lost_password')
|
2020-02-19 14:57:32 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, 'token param needed!' if params[:token].blank?
|
2016-02-19 21:05:36 +00:00
|
|
|
|
2020-02-19 14:57:32 +00:00
|
|
|
# if no password is given, verify token only
|
|
|
|
if params[:password].blank?
|
|
|
|
user = User.by_reset_token(params[:token])
|
2016-02-19 21:05:36 +00:00
|
|
|
if user
|
2020-02-19 14:57:32 +00:00
|
|
|
render json: { message: 'ok', user_login: user.login }, status: :ok
|
|
|
|
return
|
2016-02-19 21:05:36 +00:00
|
|
|
end
|
2020-02-19 14:57:32 +00:00
|
|
|
render json: { message: 'failed' }, status: :ok
|
|
|
|
return
|
|
|
|
end
|
2016-02-19 21:05:36 +00:00
|
|
|
|
2020-08-28 14:07:30 +00:00
|
|
|
result = PasswordPolicy.new(params[:password])
|
|
|
|
if !result.valid?
|
|
|
|
render json: { message: 'failed', notice: result.error }, status: :ok
|
2020-02-19 14:57:32 +00:00
|
|
|
return
|
2012-04-23 16:59:35 +00:00
|
|
|
end
|
2020-02-19 14:57:32 +00:00
|
|
|
|
|
|
|
# set new password with token
|
|
|
|
user = User.password_reset_via_token(params[:token], params[:password])
|
|
|
|
|
|
|
|
# send mail
|
|
|
|
if !user || user.email.blank?
|
2015-04-27 13:42:53 +00:00
|
|
|
render json: { message: 'failed' }, status: :ok
|
2020-02-19 14:57:32 +00:00
|
|
|
return
|
2012-04-23 06:55:16 +00:00
|
|
|
end
|
2020-02-19 14:57:32 +00:00
|
|
|
|
|
|
|
NotificationFactory::Mailer.notification(
|
|
|
|
template: 'password_change',
|
|
|
|
user: user,
|
|
|
|
objects: {
|
|
|
|
user: user,
|
|
|
|
current_user: current_user,
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
render json: { message: 'ok', user_login: user.login }, status: :ok
|
2012-04-23 06:55:16 +00:00
|
|
|
end
|
|
|
|
|
2013-02-10 21:38:35 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2013-08-06 22:10:28 +00:00
|
|
|
POST /api/v1/users/password_change
|
2013-02-10 21:38:35 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"password_old": "some_password_old",
|
2013-02-12 00:56:23 +00:00
|
|
|
"password_new": "some_password_new"
|
2013-02-10 21:38:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2017-09-05 09:49:32 +00:00
|
|
|
curl http://localhost/api/v1/users/password_change -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"password_old": "password_old", "password_new": "password_new"}'
|
2013-02-10 21:38:35 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def password_change
|
|
|
|
|
|
|
|
# check old password
|
|
|
|
if !params[:password_old]
|
2021-11-15 15:58:19 +00:00
|
|
|
render json: { message: 'failed', notice: [__('Current password needed!')] }, status: :ok
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-10 21:38:35 +00:00
|
|
|
end
|
2021-08-16 06:49:32 +00:00
|
|
|
|
|
|
|
current_password_verified = PasswordHash.verified?(current_user.password, params[:password_old])
|
|
|
|
if !current_password_verified
|
2021-11-15 15:58:19 +00:00
|
|
|
render json: { message: 'failed', notice: [__('Current password is wrong!')] }, status: :ok
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-10 21:38:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# set new password
|
|
|
|
if !params[:password_new]
|
2021-11-15 15:58:19 +00:00
|
|
|
render json: { message: 'failed', notice: [__('Please supply your new password!')] }, status: :ok
|
2014-12-30 23:51:19 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2020-08-28 14:07:30 +00:00
|
|
|
result = PasswordPolicy.new(params[:password_new])
|
|
|
|
if !result.valid?
|
|
|
|
render json: { message: 'failed', notice: result.error }, status: :ok
|
2013-06-12 15:59:58 +00:00
|
|
|
return
|
2013-02-10 21:38:35 +00:00
|
|
|
end
|
2014-12-30 23:51:19 +00:00
|
|
|
|
2021-08-16 06:49:32 +00:00
|
|
|
current_user.update!(password: params[:password_new])
|
2016-02-19 21:05:36 +00:00
|
|
|
|
2021-08-16 06:49:32 +00:00
|
|
|
if current_user.email.present?
|
2020-02-19 14:57:32 +00:00
|
|
|
NotificationFactory::Mailer.notification(
|
|
|
|
template: 'password_change',
|
2021-08-16 06:49:32 +00:00
|
|
|
user: current_user,
|
2020-02-19 14:57:32 +00:00
|
|
|
objects: {
|
2021-08-16 06:49:32 +00:00
|
|
|
user: current_user,
|
2020-02-19 14:57:32 +00:00
|
|
|
}
|
|
|
|
)
|
|
|
|
end
|
2016-02-19 21:05:36 +00:00
|
|
|
|
2021-08-16 06:49:32 +00:00
|
|
|
render json: { message: 'ok', user_login: current_user.login }, status: :ok
|
2013-02-10 21:38:35 +00:00
|
|
|
end
|
|
|
|
|
2013-02-12 00:56:23 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2017-09-05 09:49:32 +00:00
|
|
|
PUT /api/v1/users/preferences
|
2013-02-12 00:56:23 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"language": "de",
|
|
|
|
"notification": true
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2017-09-05 09:49:32 +00:00
|
|
|
curl http://localhost/api/v1/users/preferences -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"language": "de", "notifications": true}'
|
2013-02-12 00:56:23 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def preferences
|
2017-10-24 13:49:02 +00:00
|
|
|
preferences_params = params.except(:controller, :action)
|
|
|
|
|
|
|
|
if preferences_params.present?
|
2015-11-25 09:33:39 +00:00
|
|
|
user = User.find(current_user.id)
|
2016-09-08 19:18:26 +00:00
|
|
|
user.with_lock do
|
2017-10-24 13:49:02 +00:00
|
|
|
preferences_params.permit!.to_h.each do |key, value|
|
2016-09-08 19:18:26 +00:00
|
|
|
user.preferences[key.to_sym] = value
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2017-09-05 09:49:32 +00:00
|
|
|
user.save!
|
2016-09-08 19:18:26 +00:00
|
|
|
end
|
2013-02-12 00:56:23 +00:00
|
|
|
end
|
2015-04-27 13:42:53 +00:00
|
|
|
render json: { message: 'ok' }, status: :ok
|
2013-02-12 00:56:23 +00:00
|
|
|
end
|
|
|
|
|
2013-02-12 22:37:04 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
2017-09-05 09:49:32 +00:00
|
|
|
PUT /api/v1/users/out_of_office
|
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"out_of_office": true,
|
|
|
|
"out_of_office_start_at": true,
|
|
|
|
"out_of_office_end_at": true,
|
|
|
|
"out_of_office_replacement_id": 123,
|
|
|
|
"out_of_office_text": 'honeymoon'
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
|
|
|
curl http://localhost/api/v1/users/out_of_office -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"out_of_office": true, "out_of_office_replacement_id": 123}'
|
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def out_of_office
|
|
|
|
user = User.find(current_user.id)
|
|
|
|
user.with_lock do
|
|
|
|
user.assign_attributes(
|
|
|
|
out_of_office: params[:out_of_office],
|
|
|
|
out_of_office_start_at: params[:out_of_office_start_at],
|
|
|
|
out_of_office_end_at: params[:out_of_office_end_at],
|
|
|
|
out_of_office_replacement_id: params[:out_of_office_replacement_id],
|
|
|
|
)
|
|
|
|
user.preferences[:out_of_office_text] = params[:out_of_office_text]
|
|
|
|
user.save!
|
|
|
|
end
|
|
|
|
render json: { message: 'ok' }, status: :ok
|
|
|
|
end
|
|
|
|
|
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
|
|
|
DELETE /api/v1/users/account
|
2013-02-12 22:37:04 +00:00
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"provider": "twitter",
|
|
|
|
"uid": 581482342942
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
|
|
|
:message => 'ok'
|
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
2017-09-05 09:49:32 +00:00
|
|
|
curl http://localhost/api/v1/users/account -v -u #{login}:#{password} -H "Content-Type: application/json" -X PUT -d '{"provider": "twitter", "uid": 581482342942}'
|
2013-02-12 22:37:04 +00:00
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def account_remove
|
|
|
|
# provider + uid to remove
|
2016-06-30 08:24:03 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, 'provider needed!' if !params[:provider]
|
|
|
|
raise Exceptions::UnprocessableEntity, 'uid needed!' if !params[:uid]
|
2013-02-12 22:37:04 +00:00
|
|
|
|
|
|
|
# remove from database
|
|
|
|
record = Authorization.where(
|
2018-12-19 17:31:51 +00:00
|
|
|
user_id: current_user.id,
|
2015-04-27 13:42:53 +00:00
|
|
|
provider: params[:provider],
|
2018-12-19 17:31:51 +00:00
|
|
|
uid: params[:uid],
|
2013-02-12 22:37:04 +00:00
|
|
|
)
|
2021-11-15 15:58:19 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __('No record found!') if !record.first
|
2016-06-30 08:24:03 +00:00
|
|
|
|
2013-02-12 22:37:04 +00:00
|
|
|
record.destroy_all
|
2015-04-27 13:42:53 +00:00
|
|
|
render json: { message: 'ok' }, status: :ok
|
2013-02-12 22:37:04 +00:00
|
|
|
end
|
|
|
|
|
2013-11-02 21:32:00 +00:00
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
|
|
|
GET /api/v1/users/image/8d6cca1c6bdc226cf2ba131e264ca2c7
|
|
|
|
|
|
|
|
Response:
|
|
|
|
<IMAGE>
|
|
|
|
|
|
|
|
Test:
|
|
|
|
curl http://localhost/api/v1/users/image/8d6cca1c6bdc226cf2ba131e264ca2c7 -v -u #{login}:#{password}
|
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def image
|
|
|
|
# cache image
|
2014-12-01 07:32:35 +00:00
|
|
|
response.headers['Expires'] = 1.year.from_now.httpdate
|
|
|
|
response.headers['Cache-Control'] = 'cache, store, max-age=31536000, must-revalidate'
|
|
|
|
response.headers['Pragma'] = 'cache'
|
2013-11-02 21:32:00 +00:00
|
|
|
|
2016-01-20 01:48:54 +00:00
|
|
|
file = Avatar.get_by_hash(params[:hash])
|
2021-09-22 11:19:28 +00:00
|
|
|
|
2014-12-01 07:32:35 +00:00
|
|
|
if file
|
2021-09-22 11:19:28 +00:00
|
|
|
file_content_type = file.preferences['Content-Type'] || file.preferences['Mime-Type']
|
|
|
|
|
|
|
|
return serve_default_image if ActiveStorage.content_types_allowed_inline.exclude?(file_content_type)
|
|
|
|
|
2014-07-27 11:40:42 +00:00
|
|
|
send_data(
|
2014-12-01 07:32:35 +00:00
|
|
|
file.content,
|
2018-12-19 17:31:51 +00:00
|
|
|
filename: file.filename,
|
2021-09-22 11:19:28 +00:00
|
|
|
type: file_content_type,
|
2015-04-27 13:42:53 +00:00
|
|
|
disposition: 'inline'
|
2014-07-27 11:40:42 +00:00
|
|
|
)
|
|
|
|
return
|
2013-11-02 21:32:00 +00:00
|
|
|
end
|
|
|
|
|
2021-09-22 11:19:28 +00:00
|
|
|
serve_default_image
|
2014-12-01 07:32:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
=begin
|
|
|
|
|
|
|
|
Resource:
|
|
|
|
POST /api/v1/users/avatar
|
|
|
|
|
|
|
|
Payload:
|
|
|
|
{
|
|
|
|
"avatar_full": "base64 url",
|
|
|
|
}
|
|
|
|
|
|
|
|
Response:
|
|
|
|
{
|
2016-01-20 01:48:54 +00:00
|
|
|
message: 'ok'
|
2014-12-01 07:32:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
Test:
|
|
|
|
curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content-Type: application/json" -X POST -d '{"avatar": "base64 url"}'
|
|
|
|
|
|
|
|
=end
|
|
|
|
|
|
|
|
def avatar_new
|
|
|
|
# get & validate image
|
2021-04-30 13:36:23 +00:00
|
|
|
begin
|
|
|
|
file_full = StaticAssets.data_url_attributes(params[:avatar_full])
|
|
|
|
rescue
|
2022-01-10 06:17:31 +00:00
|
|
|
render json: { error: __('The full-size image is invalid.') }, status: :unprocessable_entity
|
2021-04-30 13:36:23 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2021-09-22 11:19:28 +00:00
|
|
|
if ActiveStorage::Variant::WEB_IMAGE_CONTENT_TYPES.exclude?(file_full[:mime_type])
|
2022-01-10 06:17:31 +00:00
|
|
|
render json: { error: __('The MIME type of the full-size image is invalid.') }, status: :unprocessable_entity
|
2021-09-22 11:19:28 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2021-04-30 13:36:23 +00:00
|
|
|
begin
|
|
|
|
file_resize = StaticAssets.data_url_attributes(params[:avatar_resize])
|
|
|
|
rescue
|
2022-01-10 06:17:31 +00:00
|
|
|
render json: { error: __('The resized image is invalid.') }, status: :unprocessable_entity
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if ActiveStorage::Variant::WEB_IMAGE_CONTENT_TYPES.exclude?(file_resize[:mime_type])
|
|
|
|
render json: { error: __('The MIME type of the resized image is invalid.') }, status: :unprocessable_entity
|
2021-04-30 13:36:23 +00:00
|
|
|
return
|
|
|
|
end
|
2014-12-01 07:32:35 +00:00
|
|
|
|
|
|
|
avatar = Avatar.add(
|
2018-12-19 17:31:51 +00:00
|
|
|
object: 'User',
|
|
|
|
o_id: current_user.id,
|
|
|
|
full: {
|
|
|
|
content: file_full[:content],
|
2015-04-27 13:42:53 +00:00
|
|
|
mime_type: file_full[:mime_type],
|
2014-12-01 07:32:35 +00:00
|
|
|
},
|
2018-12-19 17:31:51 +00:00
|
|
|
resize: {
|
|
|
|
content: file_resize[:content],
|
2015-04-27 13:42:53 +00:00
|
|
|
mime_type: file_resize[:mime_type],
|
2014-12-01 07:32:35 +00:00
|
|
|
},
|
2020-09-30 09:07:01 +00:00
|
|
|
source: "upload #{Time.zone.now}",
|
2015-04-27 13:42:53 +00:00
|
|
|
deletable: true,
|
2014-12-01 07:32:35 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
# update user link
|
2016-05-18 22:06:55 +00:00
|
|
|
user = User.find(current_user.id)
|
2017-09-11 11:16:08 +00:00
|
|
|
user.update!(image: avatar.store_hash)
|
2014-12-01 07:32:35 +00:00
|
|
|
|
2015-04-27 13:42:53 +00:00
|
|
|
render json: { avatar: avatar }, status: :ok
|
2014-12-01 07:32:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def avatar_set_default
|
|
|
|
# get & validate image
|
2022-01-18 12:52:57 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __("The required parameter 'id' is missing.") if !params[:id]
|
2014-12-01 07:32:35 +00:00
|
|
|
|
|
|
|
# set as default
|
2016-01-20 01:48:54 +00:00
|
|
|
avatar = Avatar.set_default('User', current_user.id, params[:id])
|
2014-12-01 07:32:35 +00:00
|
|
|
|
|
|
|
# update user link
|
2016-05-18 22:06:55 +00:00
|
|
|
user = User.find(current_user.id)
|
2017-09-11 11:16:08 +00:00
|
|
|
user.update!(image: avatar.store_hash)
|
2014-12-01 07:32:35 +00:00
|
|
|
|
2015-04-27 13:42:53 +00:00
|
|
|
render json: {}, status: :ok
|
2014-12-01 07:32:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def avatar_destroy
|
|
|
|
# get & validate image
|
2022-01-18 12:52:57 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __("The required parameter 'id' is missing.") if !params[:id]
|
2014-12-01 07:32:35 +00:00
|
|
|
|
|
|
|
# remove avatar
|
2016-01-20 01:48:54 +00:00
|
|
|
Avatar.remove_one('User', current_user.id, params[:id])
|
2014-12-01 07:32:35 +00:00
|
|
|
|
|
|
|
# update user link
|
2016-01-20 01:48:54 +00:00
|
|
|
avatar = Avatar.get_default('User', current_user.id)
|
2016-05-18 22:06:55 +00:00
|
|
|
user = User.find(current_user.id)
|
2017-09-11 11:16:08 +00:00
|
|
|
user.update!(image: avatar.store_hash)
|
2014-12-01 07:32:35 +00:00
|
|
|
|
2015-04-27 13:42:53 +00:00
|
|
|
render json: {}, status: :ok
|
2014-12-01 07:32:35 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def avatar_list
|
|
|
|
# list of avatars
|
2016-01-20 01:48:54 +00:00
|
|
|
result = Avatar.list('User', current_user.id)
|
2015-04-27 13:42:53 +00:00
|
|
|
render json: { avatars: result }, status: :ok
|
2014-12-01 07:32:35 +00:00
|
|
|
end
|
|
|
|
|
2018-02-20 04:29:30 +00:00
|
|
|
# @path [GET] /users/import_example
|
|
|
|
#
|
|
|
|
# @summary Download of example CSV file.
|
|
|
|
# @notes The requester have 'admin.user' permissions to be able to download it.
|
|
|
|
# @example curl -u 'me@example.com:test' http://localhost:3000/api/v1/users/import_example
|
|
|
|
#
|
|
|
|
# @response_message 200 File download.
|
2021-02-04 08:28:41 +00:00
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
2018-02-20 04:29:30 +00:00
|
|
|
def import_example
|
|
|
|
send_data(
|
|
|
|
User.csv_example,
|
2018-12-19 17:31:51 +00:00
|
|
|
filename: 'user-example.csv',
|
|
|
|
type: 'text/csv',
|
2018-02-20 04:29:30 +00:00
|
|
|
disposition: 'attachment'
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
# @path [POST] /users/import
|
|
|
|
#
|
|
|
|
# @summary Starts import.
|
|
|
|
# @notes The requester have 'admin.text_module' permissions to be create a new import.
|
|
|
|
# @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/users.csv' 'https://your.zammad/api/v1/users/import?try=true'
|
|
|
|
# @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/users.csv' 'https://your.zammad/api/v1/users/import'
|
|
|
|
#
|
|
|
|
# @response_message 201 Import started.
|
2021-02-04 08:28:41 +00:00
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
2018-02-20 04:29:30 +00:00
|
|
|
def import_start
|
2018-11-06 05:42:52 +00:00
|
|
|
string = params[:data]
|
|
|
|
if string.blank? && params[:file].present?
|
|
|
|
string = params[:file].read.force_encoding('utf-8')
|
|
|
|
end
|
2021-11-15 15:58:19 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __('No source data submitted!') if string.blank?
|
2018-11-06 05:42:52 +00:00
|
|
|
|
2018-02-20 04:29:30 +00:00
|
|
|
result = User.csv_import(
|
2018-12-19 17:31:51 +00:00
|
|
|
string: string,
|
2018-02-20 04:29:30 +00:00
|
|
|
parse_params: {
|
2018-06-06 01:30:17 +00:00
|
|
|
col_sep: params[:col_sep] || ',',
|
2018-02-20 04:29:30 +00:00
|
|
|
},
|
2018-12-19 17:31:51 +00:00
|
|
|
try: params[:try],
|
|
|
|
delete: params[:delete],
|
2018-02-20 04:29:30 +00:00
|
|
|
)
|
|
|
|
render json: result, status: :ok
|
|
|
|
end
|
|
|
|
|
2014-12-01 07:32:35 +00:00
|
|
|
private
|
|
|
|
|
2020-08-14 12:52:20 +00:00
|
|
|
def clean_user_params
|
2021-08-25 12:24:42 +00:00
|
|
|
User.param_cleanup(User.association_name_to_id_convert(params), true).merge(screen: 'create')
|
2020-08-14 12:52:20 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# @summary Creates a User record with the provided attribute values.
|
|
|
|
# @notes For creating a user via agent interface
|
|
|
|
#
|
|
|
|
# @parameter User(required,body) [User] The attribute value structure needed to create a User record.
|
|
|
|
#
|
|
|
|
# @response_message 200 [User] Created User record.
|
2021-02-04 08:28:41 +00:00
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
2020-08-14 12:52:20 +00:00
|
|
|
def create_internal
|
|
|
|
# permission check
|
|
|
|
check_attributes_by_current_user_permission(params)
|
|
|
|
|
|
|
|
user = User.new(clean_user_params)
|
|
|
|
user.associations_from_param(params)
|
|
|
|
|
|
|
|
user.save!
|
|
|
|
|
|
|
|
if params[:invite].present?
|
|
|
|
sleep 5 if ENV['REMOTE_URL'].present?
|
|
|
|
token = Token.create(action: 'PasswordReset', user_id: user.id)
|
|
|
|
NotificationFactory::Mailer.notification(
|
|
|
|
template: 'user_invite',
|
|
|
|
user: user,
|
|
|
|
objects: {
|
|
|
|
token: token,
|
|
|
|
user: user,
|
|
|
|
current_user: current_user,
|
|
|
|
}
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
if response_expand?
|
|
|
|
user = user.reload.attributes_with_association_names
|
|
|
|
user.delete('password')
|
|
|
|
render json: user, status: :created
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if response_full?
|
|
|
|
result = {
|
|
|
|
id: user.id,
|
|
|
|
assets: user.assets({}),
|
|
|
|
}
|
|
|
|
render json: result, status: :created
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
user = user.reload.attributes_with_association_ids
|
|
|
|
user.delete('password')
|
|
|
|
render json: user, status: :created
|
|
|
|
end
|
|
|
|
|
|
|
|
# @summary Creates a User record with the provided attribute values.
|
|
|
|
# @notes For creating a user via public signup form
|
|
|
|
#
|
|
|
|
# @parameter User(required,body) [User] The attribute value structure needed to create a User record.
|
|
|
|
#
|
|
|
|
# @response_message 200 [User] Created User record.
|
2021-02-04 08:28:41 +00:00
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
2020-08-14 12:52:20 +00:00
|
|
|
def create_signup
|
|
|
|
# check if feature is enabled
|
|
|
|
if !Setting.get('user_create_account')
|
2021-11-15 15:58:19 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __('Feature not enabled!')
|
2020-08-14 12:52:20 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# check signup option only after admin account is created
|
|
|
|
if !params[:signup]
|
2021-11-15 15:58:19 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __('Only signup with not authenticate user possible!')
|
2020-08-14 12:52:20 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# check if user already exists
|
|
|
|
if clean_user_params[:email].blank?
|
2021-11-15 15:58:19 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __('Attribute \'email\' required!')
|
2020-08-14 12:52:20 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
email_taken_by = User.find_by email: clean_user_params[:email].downcase.strip
|
|
|
|
|
2020-08-28 14:07:30 +00:00
|
|
|
result = PasswordPolicy.new(clean_user_params[:password])
|
|
|
|
if !result.valid?
|
2020-10-06 10:34:36 +00:00
|
|
|
render json: { error: result.error }, status: :unprocessable_entity
|
|
|
|
return
|
2020-08-28 14:07:30 +00:00
|
|
|
end
|
2020-08-14 12:52:20 +00:00
|
|
|
|
|
|
|
user = User.new(clean_user_params)
|
|
|
|
user.associations_from_param(params)
|
|
|
|
user.role_ids = Role.signup_role_ids
|
|
|
|
user.source = 'signup'
|
|
|
|
|
|
|
|
if email_taken_by # show fake OK response to avoid leaking that email is already in use
|
2021-12-03 13:09:11 +00:00
|
|
|
user.skip_ensure_uniq_email = true
|
|
|
|
user.validate!
|
2020-08-14 12:52:20 +00:00
|
|
|
|
|
|
|
result = User.password_reset_new_token(email_taken_by.email)
|
|
|
|
NotificationFactory::Mailer.notification(
|
|
|
|
template: 'signup_taken_reset',
|
|
|
|
user: email_taken_by,
|
|
|
|
objects: result,
|
|
|
|
)
|
|
|
|
|
|
|
|
render json: { message: 'ok' }, status: :created
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
UserInfo.ensure_current_user_id do
|
|
|
|
user.save!
|
|
|
|
end
|
|
|
|
|
|
|
|
result = User.signup_new_token(user)
|
|
|
|
NotificationFactory::Mailer.notification(
|
|
|
|
template: 'signup',
|
|
|
|
user: user,
|
|
|
|
objects: result,
|
|
|
|
)
|
|
|
|
|
|
|
|
render json: { message: 'ok' }, status: :created
|
|
|
|
end
|
|
|
|
|
|
|
|
# @summary Creates a User record with the provided attribute values.
|
|
|
|
# @notes For creating an administrator account when setting up the system
|
|
|
|
#
|
|
|
|
# @parameter User(required,body) [User] The attribute value structure needed to create a User record.
|
|
|
|
#
|
|
|
|
# @response_message 200 [User] Created User record.
|
2021-02-04 08:28:41 +00:00
|
|
|
# @response_message 403 Forbidden / Invalid session.
|
2020-08-14 12:52:20 +00:00
|
|
|
def create_admin
|
|
|
|
if User.count > 2 # system and example users
|
2021-11-15 15:58:19 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __('Administrator account already created')
|
2020-08-14 12:52:20 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# check if user already exists
|
|
|
|
if clean_user_params[:email].blank?
|
2021-11-15 15:58:19 +00:00
|
|
|
raise Exceptions::UnprocessableEntity, __('Attribute \'email\' required!')
|
2020-08-14 12:52:20 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# check password policy
|
2020-08-28 14:07:30 +00:00
|
|
|
result = PasswordPolicy.new(clean_user_params[:password])
|
|
|
|
if !result.valid?
|
2020-10-06 10:34:36 +00:00
|
|
|
render json: { error: result.error }, status: :unprocessable_entity
|
|
|
|
return
|
2020-08-28 14:07:30 +00:00
|
|
|
end
|
2020-08-14 12:52:20 +00:00
|
|
|
|
|
|
|
user = User.new(clean_user_params)
|
|
|
|
user.associations_from_param(params)
|
|
|
|
user.role_ids = Role.where(name: %w[Admin Agent]).pluck(:id)
|
|
|
|
user.group_ids = Group.all.pluck(:id)
|
|
|
|
|
|
|
|
UserInfo.ensure_current_user_id do
|
|
|
|
user.save!
|
|
|
|
end
|
|
|
|
|
|
|
|
Setting.set('system_init_done', true)
|
|
|
|
|
|
|
|
# fetch org logo
|
|
|
|
if user.email.present?
|
|
|
|
Service::Image.organization_suggest(user.email)
|
|
|
|
end
|
|
|
|
|
|
|
|
# load calendar
|
|
|
|
Calendar.init_setup(request.remote_ip)
|
|
|
|
|
|
|
|
# load text modules
|
|
|
|
begin
|
|
|
|
TextModule.load(request.env['HTTP_ACCEPT_LANGUAGE'] || 'en-us')
|
|
|
|
rescue => e
|
|
|
|
logger.error "Unable to load text modules #{request.env['HTTP_ACCEPT_LANGUAGE'] || 'en-us'}: #{e.message}"
|
|
|
|
end
|
|
|
|
|
|
|
|
render json: { message: 'ok' }, status: :created
|
|
|
|
end
|
2021-09-22 11:19:28 +00:00
|
|
|
|
|
|
|
def serve_default_image
|
|
|
|
image = 'R0lGODdhMAAwAOMAAMzMzJaWlr6+vqqqqqOjo8XFxbe3t7GxsZycnAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAAMAAwAAAEcxDISau9OOvNu/9gKI5kaZ5oqq5s675wLM90bd94ru98TwuAA+KQAQqJK8EAgBAgMEqmkzUgBIeSwWGZtR5XhSqAULACCoGCJGwlm1MGQrq9RqgB8fm4ZTUgDBIEcRR9fz6HiImKi4yNjo+QkZKTlJWWkBEAOw=='
|
|
|
|
|
|
|
|
send_data(
|
|
|
|
Base64.decode64(image),
|
|
|
|
filename: 'image.gif',
|
|
|
|
type: 'image/gif',
|
|
|
|
disposition: 'inline'
|
|
|
|
)
|
|
|
|
end
|
2015-04-27 14:15:29 +00:00
|
|
|
end
|