Skip to content
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions libs/galley-types/src/Galley/Types/Teams.hs
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,7 @@ data HiddenPerm
-- efficient this end-point is. better not let all team members
-- play with it unless we have to.
DownloadTeamMembersCsv
| ChangeTeamMemberProfiles
deriving (Eq, Ord, Show)

-- | See Note [hidden team roles]
Expand Down Expand Up @@ -367,6 +368,7 @@ roleHiddenPermissions role = HiddenPermissions p p
ChangeTeamFeature TeamFeatureFileSharing,
ChangeTeamFeature TeamFeatureClassifiedDomains {- the features not listed here can only be changed in stern -},
ChangeTeamFeature TeamFeatureSelfDeletingMessages,
ChangeTeamMemberProfiles,
ReadIdp,
CreateUpdateDeleteIdp,
CreateReadDeleteScimToken,
Expand Down
9 changes: 9 additions & 0 deletions libs/wire-api/src/Wire/API/Routes/Public/Brig.hs
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,15 @@ data Api routes = Api
:> "self"
:> ReqBody '[JSON] DeleteUser
:> MultiVerb 'DELETE '[JSON] DeleteSelfResponses (Maybe Timeout),
updateUserEmailValidation ::
routes
:- Summary "Resend email validation email."
Comment thread
battermann marked this conversation as resolved.
Outdated
:> Description "If the user has a pending email validation, the validation email will be resent."
:> ZUser
:> "users"
:> CaptureUserId "uid"
Comment thread
fisx marked this conversation as resolved.
:> "email"
:> Put '[JSON] (),
getHandleInfoUnqualified ::
routes
:- Summary "(deprecated, use /search/contacts) Get information on a user handle"
Expand Down
22 changes: 22 additions & 0 deletions services/brig/src/Brig/API/Public.hs
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,14 @@ import Brig.API.Util
import qualified Brig.API.Util as API
import Brig.App
import qualified Brig.Calling.API as Calling
import qualified Brig.Code as VCode
import qualified Brig.Data.Connection as Data
import qualified Brig.Data.User as Data
import Brig.Options hiding (internalEvents, sesQueue)
import qualified Brig.Provider.API as Provider
import qualified Brig.Team.API as Team
import qualified Brig.Team.Email as Team
import Brig.Team.Util (ensureHiddenPermissions)
import Brig.Types.Activation (ActivationPair)
import Brig.Types.Intra (AccountStatus (Ephemeral), UserAccount (UserAccount, accountUser))
import Brig.Types.User (HavePendingInvitations (..), User (userId))
Expand Down Expand Up @@ -80,6 +82,7 @@ import qualified Data.Text.Ascii as Ascii
import Data.Text.Encoding (decodeLatin1)
import Data.Text.Lazy (pack)
import qualified Data.ZAuth.Token as ZAuth
import qualified Galley.Types.Teams as Team
import Imports hiding (head)
import Network.HTTP.Types.Status
import Network.Wai (Response, lazyRequestBody)
Expand Down Expand Up @@ -251,6 +254,7 @@ servantSitemap =
BrigAPI.getUserQualified = getUser,
BrigAPI.getSelf = getSelf,
BrigAPI.deleteSelf = deleteUser,
BrigAPI.updateUserEmailValidation = updateUserEmailValidation,
BrigAPI.getHandleInfoUnqualified = getHandleInfoUnqualifiedH,
BrigAPI.getUserByHandleQualified = Handle.getHandleInfo,
BrigAPI.listUsersByUnqualifiedIdsOrHandles = listUsersByUnqualifiedIdsOrHandles,
Expand Down Expand Up @@ -1193,6 +1197,24 @@ verifyDeleteUserH (r ::: _) = do
API.verifyDeleteUser body !>> deleteUserError
return (setStatus status200 empty)

updateUserEmailValidation :: UserId -> UserId -> Handler ()
updateUserEmailValidation zuserId emailOwnerId = do
(Public.SelfProfile zuser) <- getSelf zuserId
Comment thread
battermann marked this conversation as resolved.
Outdated
(Public.SelfProfile emailOwner) <- getSelf emailOwnerId
Comment thread
battermann marked this conversation as resolved.
Outdated
checkPermissions zuser emailOwner
maybeEmail <- lift $ VCode.lookupEmail $ toUUID emailOwnerId
case maybeEmail of
-- TODO(leif): check if we should use AllowSCIMUpdates or ForbidSCIMUpdates
Just email -> void $ API.changeSelfEmail emailOwnerId email API.AllowSCIMUpdates
Comment thread
battermann marked this conversation as resolved.
Outdated
Nothing -> throwStd $ notFound "pending validation email of email owner not found"
Comment thread
battermann marked this conversation as resolved.
Outdated
where
checkPermissions zuser emailOwner =
void $ case (Public.userTeam zuser, Public.userTeam emailOwner) of
(Just zuserTeamId, Just emailOwnerTeamId) -> do
when (zuserTeamId /= emailOwnerTeamId) $ throwStd insufficientTeamPermissions
ensureHiddenPermissions zuserId zuserTeamId [Team.ChangeTeamMemberProfiles]
(_, _) -> throwStd insufficientTeamPermissions
Comment thread
battermann marked this conversation as resolved.
Outdated

-- activation

data ActivationRespWithStatus
Expand Down
4 changes: 4 additions & 0 deletions services/brig/src/Brig/Code.hs
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ module Brig.Code
-- * Storage
insert,
lookup,
lookupEmail,
verify,
delete,
)
Expand Down Expand Up @@ -246,6 +247,9 @@ insert c = do
"INSERT INTO vcodes (key, scope, value, retries, email, phone, account) \
\VALUES (?, ?, ?, ?, ?, ?, ?) USING TTL ?"

lookupEmail :: MonadClient m => UUID -> m (Maybe Email)
Comment thread
battermann marked this conversation as resolved.
Outdated
lookupEmail = undefined

-- | Lookup a pending code.
lookup :: MonadClient m => Key -> Scope -> m (Maybe Code)
lookup k s = fmap (toCode k s) <$> retry x1 (query1 cql (params LocalQuorum (k, s)))
Expand Down
10 changes: 10 additions & 0 deletions services/brig/src/Brig/Team/Util.hs
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,16 @@ import qualified Data.Set as Set
import Galley.Types.Teams
import Imports

ensureHiddenPermissions :: UserId -> TeamId -> [HiddenPerm] -> ExceptT Error AppIO ()
ensureHiddenPermissions u t perms = do
Comment thread
battermann marked this conversation as resolved.
Outdated
m <- lift $ Intra.getTeamMember u t
unless (check m) $
throwStd insufficientTeamPermissions
where
check :: Maybe TeamMember -> Bool
check (Just m) = and $ hasPermission m <$> perms
check Nothing = False

ensurePermissions :: UserId -> TeamId -> [Perm] -> ExceptT Error AppIO ()
ensurePermissions u t perms = do
m <- lift $ Intra.getTeamMember u t
Expand Down