Merge pull request #6807 from ggazzo/create-token

[NEW] create a method 'create token'
RocketChat · Apr 26, 2017 · b7421ba · b7421ba
2 parents cbb1fd3 + e0b584c
commit b7421ba
Show file tree

Hide file tree

Showing 5 changed files with 244 additions and 95 deletions.
diff --git a/packages/rocketchat-api/server/v1/users.js b/packages/rocketchat-api/server/v1/users.js
@@ -263,3 +263,14 @@ RocketChat.API.v1.addRoute('users.update', { authRequired: true }, {
 		return RocketChat.API.v1.success({ user: RocketChat.models.Users.findOneById(this.bodyParams.userId, { fields: RocketChat.API.v1.defaultFieldsToExclude }) });
 	}
 });
+
+RocketChat.API.v1.addRoute('users.createToken', { authRequired: true }, {
+	post() {
+		const user = this.getUserFromParams();
+		let data;
+		Meteor.runAsUser(this.userId, () => {
+			data = Meteor.call('createToken', user._id);
+		});
+		return data ? RocketChat.API.v1.success({data}) : RocketChat.API.v1.unauthorized();
+	}
+});
diff --git a/packages/rocketchat-authorization/server/startup.js b/packages/rocketchat-authorization/server/startup.js
@@ -46,6 +46,7 @@ Meteor.startup(function() {
 		{ _id: 'set-moderator',                 roles : ['admin', 'owner'] },
 		{ _id: 'set-owner',                     roles : ['admin', 'owner'] },
 		{ _id: 'unarchive-room',                roles : ['admin'] },
+		{ _id: 'user-generate-access-token',    roles : ['admin'] },
 		{ _id: 'view-c-room',                   roles : ['admin', 'user', 'bot'] },
 		{ _id: 'view-d-room',                   roles : ['admin', 'user', 'bot'] },
 		{ _id: 'view-full-other-user-info',     roles : ['admin'] },

diff --git a/packages/rocketchat-lib/package.js b/packages/rocketchat-lib/package.js
@@ -134,6 +134,7 @@ Package.onUse(function(api) {
 	api.addFiles('server/methods/checkRegistrationSecretURL.js', 'server');
 	api.addFiles('server/methods/cleanChannelHistory.js', 'server');
 	api.addFiles('server/methods/createChannel.js', 'server');
+	api.addFiles('server/methods/createToken.js', 'server');
 	api.addFiles('server/methods/createPrivateGroup.js', 'server');
 	api.addFiles('server/methods/deleteMessage.js', 'server');
 	api.addFiles('server/methods/deleteUserOwnAccount.js', 'server');

diff --git a/packages/rocketchat-lib/server/methods/createToken.js b/packages/rocketchat-lib/server/methods/createToken.js
@@ -0,0 +1,13 @@
+Meteor.methods({
+	createToken(userId) {
+		if (Meteor.userId() !== userId && !RocketChat.authz.hasPermission(Meteor.userId(), 'user-generate-access-token')) {
+			throw new Meteor.Error('error-not-authorized', 'Not authorized', { method: 'createToken' });
+		}
+		const token = Accounts._generateStampedLoginToken();
+		Accounts._insertLoginToken(userId, token);
+		return {
+			userId,
+			authToken: token.token
+		};
+	}
+});