diff options
author | George Goldberg <george@gberg.me> | 2018-05-22 19:06:14 +0100 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2018-05-22 11:06:14 -0700 |
commit | 8fb070fecfbb91f22c6f540ecf0b77fb8be42ab2 (patch) | |
tree | a81061077e5b4241e0241b18f1badeba9c10266f | |
parent | 1af1bce6199597bb2d41ddcdc00ef0f28a73c83e (diff) | |
download | chat-8fb070fecfbb91f22c6f540ecf0b77fb8be42ab2.tar.gz chat-8fb070fecfbb91f22c6f540ecf0b77fb8be42ab2.tar.bz2 chat-8fb070fecfbb91f22c6f540ecf0b77fb8be42ab2.zip |
MM-10352: Add locking incoming webhooks to a single channel. (#8835)
-rw-r--r-- | app/webhook.go | 4 | ||||
-rw-r--r-- | i18n/en.json | 4 | ||||
-rw-r--r-- | model/incoming_webhook.go | 23 | ||||
-rw-r--r-- | store/sqlstore/upgrade.go | 2 | ||||
-rw-r--r-- | web/webhook_test.go | 23 |
5 files changed, 45 insertions, 11 deletions
diff --git a/app/webhook.go b/app/webhook.go index a5ab28952..c887fec97 100644 --- a/app/webhook.go +++ b/app/webhook.go @@ -633,6 +633,10 @@ func (a *App) HandleIncomingWebhook(hookId string, req *model.IncomingWebhookReq } } + if hook.ChannelLocked && hook.ChannelId != channel.Id { + return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.channel_locked.app_error", nil, "", http.StatusForbidden) + } + if a.License() != nil && *a.Config().TeamSettings.ExperimentalTownSquareIsReadOnly && channel.Name == model.DEFAULT_CHANNEL { return model.NewAppError("HandleIncomingWebhook", "api.post.create_post.town_square_read_only", nil, "", http.StatusForbidden) diff --git a/i18n/en.json b/i18n/en.json index 47bb743bb..24e49278c 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -6719,6 +6719,10 @@ "translation": "Unable to get roles" }, { + "id": "web.incoming_webhook.channel_locked.app_error", + "translation": "This webhook is not permitted to post to the requested channel" + }, + { "id": "store.sql_role.permanent_delete_all.app_error", "translation": "We could not permanently delete all the roles" }, diff --git a/model/incoming_webhook.go b/model/incoming_webhook.go index ca9bd116d..202073b5b 100644 --- a/model/incoming_webhook.go +++ b/model/incoming_webhook.go @@ -16,17 +16,18 @@ const ( ) type IncomingWebhook struct { - Id string `json:"id"` - CreateAt int64 `json:"create_at"` - UpdateAt int64 `json:"update_at"` - DeleteAt int64 `json:"delete_at"` - UserId string `json:"user_id"` - ChannelId string `json:"channel_id"` - TeamId string `json:"team_id"` - DisplayName string `json:"display_name"` - Description string `json:"description"` - Username string `json:"username"` - IconURL string `json:"icon_url"` + Id string `json:"id"` + CreateAt int64 `json:"create_at"` + UpdateAt int64 `json:"update_at"` + DeleteAt int64 `json:"delete_at"` + UserId string `json:"user_id"` + ChannelId string `json:"channel_id"` + TeamId string `json:"team_id"` + DisplayName string `json:"display_name"` + Description string `json:"description"` + Username string `json:"username"` + IconURL string `json:"icon_url"` + ChannelLocked bool `json:"channel_locked"` } type IncomingWebhookRequest struct { diff --git a/store/sqlstore/upgrade.go b/store/sqlstore/upgrade.go index 45515178d..4099ac11a 100644 --- a/store/sqlstore/upgrade.go +++ b/store/sqlstore/upgrade.go @@ -427,6 +427,8 @@ func UpgradeDatabaseToVersion410(sqlStore SqlStore) { func UpgradeDatabaseToVersion50(sqlStore SqlStore) { // TODO: Uncomment following condition when version 3.10.0 is released //if shouldPerformUpgrade(sqlStore, VERSION_4_10_0, VERSION_5_0_0) { + sqlStore.CreateColumnIfNotExists("IncomingWebhooks", "ChannelLocked", "boolean", "boolean", "0") + // saveSchemaVersion(sqlStore, VERSION_5_0_0) //} } diff --git a/web/webhook_test.go b/web/webhook_test.go index 48e0a2744..64ce7bf25 100644 --- a/web/webhook_test.go +++ b/web/webhook_test.go @@ -182,6 +182,29 @@ func TestIncomingWebhook(t *testing.T) { assert.True(t, resp.StatusCode == http.StatusOK) }) + t.Run("ChannelLockedWebhook", func(t *testing.T) { + channel, err := th.App.CreateChannel(&model.Channel{TeamId: th.BasicTeam.Id, Name: model.NewId(), DisplayName: model.NewId(), Type: model.CHANNEL_OPEN, CreatorId: th.BasicUser.Id}, true) + require.Nil(t, err) + + hook, err := th.App.CreateIncomingWebhookForChannel(th.BasicUser.Id, th.BasicChannel, &model.IncomingWebhook{ChannelId: th.BasicChannel.Id, ChannelLocked: true}) + require.Nil(t, err) + + url := ApiClient.Url + "/hooks/" + hook.Id + + payload := "payload={\"text\": \"test text\"}" + resp, err2 := http.Post(url, "application/x-www-form-urlencoded", strings.NewReader(payload)) + require.Nil(t, err2) + assert.True(t, resp.StatusCode == http.StatusOK) + + resp, err2 = http.Post(url, "application/json", strings.NewReader(fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"%s\"}", th.BasicChannel.Name))) + require.Nil(t, err2) + assert.True(t, resp.StatusCode == http.StatusOK) + + resp, err2 = http.Post(url, "application/json", strings.NewReader(fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"%s\"}", channel.Name))) + require.Nil(t, err2) + assert.True(t, resp.StatusCode == http.StatusForbidden) + }) + t.Run("DisableWebhooks", func(t *testing.T) { th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = false }) resp, err := http.Post(url, "application/json", strings.NewReader("{\"text\":\"this is a test\"}")) |