diff options
author | Christopher Speller <crspeller@gmail.com> | 2017-08-17 09:35:36 -0700 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2017-08-17 09:35:36 -0700 |
commit | fd1301779fecc2910a9fdcf93af52ff33a4349ba (patch) | |
tree | ccd8b35d347b77c8c6a99db9422b3dbc0ff3bd2d /api | |
parent | d41f1695e99a81808f5dc1fbe7820062947b5291 (diff) | |
parent | 0033e3e37b12cb5d951d21492500d66a6abc472b (diff) | |
download | chat-fd1301779fecc2910a9fdcf93af52ff33a4349ba.tar.gz chat-fd1301779fecc2910a9fdcf93af52ff33a4349ba.tar.bz2 chat-fd1301779fecc2910a9fdcf93af52ff33a4349ba.zip |
Merge branch 'release-4.1'
Diffstat (limited to 'api')
-rw-r--r-- | api/team.go | 8 | ||||
-rw-r--r-- | api/team_test.go | 43 | ||||
-rw-r--r-- | api/webhook.go | 51 |
3 files changed, 41 insertions, 61 deletions
diff --git a/api/team.go b/api/team.go index c6db68418..4010a0ac5 100644 --- a/api/team.go +++ b/api/team.go @@ -22,11 +22,11 @@ func InitTeam() { l4g.Debug(utils.T("api.team.init.debug")) BaseRoutes.Teams.Handle("/create", ApiUserRequired(createTeam)).Methods("POST") - BaseRoutes.Teams.Handle("/all", ApiAppHandler(getAll)).Methods("GET") + BaseRoutes.Teams.Handle("/all", ApiUserRequired(getAll)).Methods("GET") BaseRoutes.Teams.Handle("/all_team_listings", ApiUserRequired(GetAllTeamListings)).Methods("GET") BaseRoutes.Teams.Handle("/get_invite_info", ApiAppHandler(getInviteInfo)).Methods("POST") - BaseRoutes.Teams.Handle("/find_team_by_name", ApiAppHandler(findTeamByName)).Methods("POST") - BaseRoutes.Teams.Handle("/name/{team_name:[A-Za-z0-9\\-]+}", ApiAppHandler(getTeamByName)).Methods("GET") + BaseRoutes.Teams.Handle("/find_team_by_name", ApiUserRequired(findTeamByName)).Methods("POST") + BaseRoutes.Teams.Handle("/name/{team_name:[A-Za-z0-9\\-]+}", ApiUserRequired(getTeamByName)).Methods("GET") BaseRoutes.Teams.Handle("/members", ApiUserRequired(getMyTeamMembers)).Methods("GET") BaseRoutes.Teams.Handle("/unread", ApiUserRequired(getMyTeamsUnread)).Methods("GET") @@ -235,7 +235,7 @@ func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } else { - if team.Type != model.TEAM_OPEN && c.Session.GetTeamByTeamId(team.Id) == nil { + if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && c.Session.GetTeamByTeamId(team.Id) == nil { if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return diff --git a/api/team_test.go b/api/team_test.go index 7d10ca6e3..99e54a904 100644 --- a/api/team_test.go +++ b/api/team_test.go @@ -239,6 +239,11 @@ func TestGetAllTeams(t *testing.T) { } else if receivedTeam, ok := teams[team.Id]; !ok || receivedTeam.Id != team.Id { t.Fatal("admin should've received team that they aren't a member of") } + + Client.Logout() + if _, err := Client.GetAllTeams(); err == nil { + t.Fatal("Should have failed due to not being logged in.") + } } func TestGetAllTeamListings(t *testing.T) { @@ -787,12 +792,15 @@ func TestGetTeamByName(t *testing.T) { th := Setup().InitSystemAdmin().InitBasic() Client := th.BasicClient - team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_INVITE} + team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN, AllowOpenInvite: false} team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) - team2 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN} + team2 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN, AllowOpenInvite: true} team2 = Client.Must(Client.CreateTeam(team2)).Data.(*model.Team) + team3 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_INVITE, AllowOpenInvite: true} + team3 = Client.Must(Client.CreateTeam(team3)).Data.(*model.Team) + if _, err := Client.GetTeamByName(team.Name); err != nil { t.Fatal("Failed to get team") } @@ -813,7 +821,7 @@ func TestGetTeamByName(t *testing.T) { Client.Login(user2.Email, "passwd1") - // TEAM_INVITE and user is not part of the team + // AllowInviteOpen is false and team is open and user is not part of the team if _, err := Client.GetTeamByName(team.Name); err == nil { t.Fatal("Should fail dont have permissions to get the team") } @@ -822,25 +830,48 @@ func TestGetTeamByName(t *testing.T) { t.Fatal("Should not exist this team") } - // TEAM_OPEN and user is not part of the team + // AllowInviteOpen is true and is open and user is not part of the team if _, err := Client.GetTeamByName(team2.Name); err != nil { t.Fatal("Should not fail team is open") } + // AllowInviteOpen is true and is invite only and user is not part of the team + if _, err := Client.GetTeamByName(team3.Name); err == nil { + t.Fatal("Should fail team is invite only") + } + Client.Must(Client.Logout()) th.BasicClient.Logout() th.LoginSystemAdmin() if _, err := th.SystemAdminClient.GetTeamByName(team.Name); err != nil { - t.Fatal("Should not failed to get team the user is admin") + t.Fatal("Should not fail to get team the user is admin") } if _, err := th.SystemAdminClient.GetTeamByName(team2.Name); err != nil { - t.Fatal("Should not failed to get team the user is admin and team is open") + t.Fatal("Should not fail to get team the user is admin and team is open") + } + + if _, err := th.SystemAdminClient.GetTeamByName(team3.Name); err != nil { + t.Fatal("Should not fail to get team the user is admin and team is invite") } if _, err := Client.GetTeamByName("InvalidTeamName"); err == nil { t.Fatal("Should not exist this team") } + Client.Logout() + if _, err := Client.GetTeamByName(th.BasicTeam.Name); err == nil { + t.Fatal("Should have failed when not logged in.") + } +} + +func TestFindTeamByName(t *testing.T) { + th := Setup().InitBasic() + Client := th.BasicClient + Client.Logout() + + if _, err := Client.FindTeamByName(th.BasicTeam.Name); err == nil { + t.Fatal("Should have failed when not logged in.") + } } diff --git a/api/webhook.go b/api/webhook.go index 9750b71a0..204df6b31 100644 --- a/api/webhook.go +++ b/api/webhook.go @@ -4,12 +4,9 @@ package api import ( - "io" "net/http" - "strings" l4g "github.com/alecthomas/log4go" - "github.com/gorilla/mux" "github.com/mattermost/platform/app" "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" @@ -28,11 +25,6 @@ func InitWebhook() { BaseRoutes.Hooks.Handle("/outgoing/regen_token", ApiUserRequired(regenOutgoingHookToken)).Methods("POST") BaseRoutes.Hooks.Handle("/outgoing/delete", ApiUserRequired(deleteOutgoingHook)).Methods("POST") BaseRoutes.Hooks.Handle("/outgoing/list", ApiUserRequired(getOutgoingHooks)).Methods("GET") - - BaseRoutes.Hooks.Handle("/{id:[A-Za-z0-9]+}", ApiAppHandler(incomingWebhook)).Methods("POST") - - // Old route. Remove eventually. - BaseRoutes.Root.Handle("/hooks/{id:[A-Za-z0-9]+}", ApiAppHandler(incomingWebhook)).Methods("POST") } func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { @@ -339,46 +331,3 @@ func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request) w.Write([]byte(rhook.ToJson())) } } - -func incomingWebhook(c *Context, w http.ResponseWriter, r *http.Request) { - params := mux.Vars(r) - id := params["id"] - - r.ParseForm() - - var payload io.Reader - contentType := r.Header.Get("Content-Type") - if strings.Split(contentType, "; ")[0] == "application/x-www-form-urlencoded" { - payload = strings.NewReader(r.FormValue("payload")) - } else { - payload = r.Body - } - - if utils.Cfg.LogSettings.EnableWebhookDebugging { - var err error - payload, err = utils.DebugReader( - payload, - utils.T("api.webhook.incoming.debug"), - ) - if err != nil { - c.Err = model.NewLocAppError( - "incomingWebhook", - "api.webhook.incoming.debug.error", - nil, - err.Error(), - ) - return - } - } - - parsedRequest := model.IncomingWebhookRequestFromJson(payload) - - err := app.HandleIncomingWebhook(id, parsedRequest) - if err != nil { - c.Err = err - return - } - - w.Header().Set("Content-Type", "text/plain") - w.Write([]byte("ok")) -} |