Skip to content

Commit

Permalink
Merge pull request #6807 from ggazzo/create-token
Browse files Browse the repository at this point in the history
[NEW] create a method 'create token'
  • Loading branch information
rodrigok authored Apr 26, 2017
2 parents cbb1fd3 + e0b584c commit b7421ba
Show file tree
Hide file tree
Showing 5 changed files with 244 additions and 95 deletions.
11 changes: 11 additions & 0 deletions packages/rocketchat-api/server/v1/users.js
Original file line number Diff line number Diff line change
Expand Up @@ -263,3 +263,14 @@ RocketChat.API.v1.addRoute('users.update', { authRequired: true }, {
return RocketChat.API.v1.success({ user: RocketChat.models.Users.findOneById(this.bodyParams.userId, { fields: RocketChat.API.v1.defaultFieldsToExclude }) });
}
});

RocketChat.API.v1.addRoute('users.createToken', { authRequired: true }, {
post() {
const user = this.getUserFromParams();
let data;
Meteor.runAsUser(this.userId, () => {
data = Meteor.call('createToken', user._id);
});
return data ? RocketChat.API.v1.success({data}) : RocketChat.API.v1.unauthorized();
}
});
1 change: 1 addition & 0 deletions packages/rocketchat-authorization/server/startup.js
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ Meteor.startup(function() {
{ _id: 'set-moderator', roles : ['admin', 'owner'] },
{ _id: 'set-owner', roles : ['admin', 'owner'] },
{ _id: 'unarchive-room', roles : ['admin'] },
{ _id: 'user-generate-access-token', roles : ['admin'] },
{ _id: 'view-c-room', roles : ['admin', 'user', 'bot'] },
{ _id: 'view-d-room', roles : ['admin', 'user', 'bot'] },
{ _id: 'view-full-other-user-info', roles : ['admin'] },
Expand Down
1 change: 1 addition & 0 deletions packages/rocketchat-lib/package.js
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@ Package.onUse(function(api) {
api.addFiles('server/methods/checkRegistrationSecretURL.js', 'server');
api.addFiles('server/methods/cleanChannelHistory.js', 'server');
api.addFiles('server/methods/createChannel.js', 'server');
api.addFiles('server/methods/createToken.js', 'server');
api.addFiles('server/methods/createPrivateGroup.js', 'server');
api.addFiles('server/methods/deleteMessage.js', 'server');
api.addFiles('server/methods/deleteUserOwnAccount.js', 'server');
Expand Down
13 changes: 13 additions & 0 deletions packages/rocketchat-lib/server/methods/createToken.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
Meteor.methods({
createToken(userId) {
if (Meteor.userId() !== userId && !RocketChat.authz.hasPermission(Meteor.userId(), 'user-generate-access-token')) {
throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'createToken' });
}
const token = Accounts._generateStampedLoginToken();
Accounts._insertLoginToken(userId, token);
return {
userId,
authToken: token.token
};
}
});
Loading

0 comments on commit b7421ba

Please sign in to comment.