diff options
author | Derrick Anderson <derrick@andersonwebstudio.com> | 2018-02-12 15:09:59 -0500 |
---|---|---|
committer | Derrick Anderson <derrick@andersonwebstudio.com> | 2018-02-12 15:09:59 -0500 |
commit | efd620d6c80ddc1f015811ec58514e34ee0b501b (patch) | |
tree | 8fdcc1043aba1c9a66382b915f4e185ade1128fb /app/team_test.go | |
parent | 87fb19b8279c86c72ffec623e55b80ce35b7d64f (diff) | |
parent | 1ae680aefae2deb1e9d07d7c2a1c863ec807a79f (diff) | |
download | chat-efd620d6c80ddc1f015811ec58514e34ee0b501b.tar.gz chat-efd620d6c80ddc1f015811ec58514e34ee0b501b.tar.bz2 chat-efd620d6c80ddc1f015811ec58514e34ee0b501b.zip |
Merge branch 'release-4.7' into icu669
Diffstat (limited to 'app/team_test.go')
-rw-r--r-- | app/team_test.go | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/app/team_test.go b/app/team_test.go index 084558fb4..7cb20b6f6 100644 --- a/app/team_test.go +++ b/app/team_test.go @@ -7,7 +7,15 @@ import ( "strings" "testing" + "fmt" + + "sync/atomic" + "github.com/mattermost/mattermost-server/model" + "github.com/mattermost/mattermost-server/store" + "github.com/mattermost/mattermost-server/store/storetest" + "github.com/mattermost/mattermost-server/utils" + "github.com/stretchr/testify/assert" ) func TestCreateTeam(t *testing.T) { @@ -393,3 +401,62 @@ func TestSanitizeTeams(t *testing.T) { } }) } + +func TestAddUserToTeamByHashMismatchedInviteId(t *testing.T) { + mockStore := &storetest.Store{} + defer mockStore.AssertExpectations(t) + + teamId := model.NewId() + userId := model.NewId() + inviteSalt := model.NewId() + + inviteId := model.NewId() + teamInviteId := model.NewId() + + // generate a fake email invite - stolen from SendInviteEmails() in email.go + props := make(map[string]string) + props["email"] = model.NewId() + "@mattermost.com" + props["id"] = teamId + props["display_name"] = model.NewId() + props["name"] = model.NewId() + props["time"] = fmt.Sprintf("%v", model.GetMillis()) + props["invite_id"] = inviteId + data := model.MapToJson(props) + hash := utils.HashSha256(fmt.Sprintf("%v:%v", data, inviteSalt)) + + // when the server tries to validate the invite, it will pull the user from our mock store + // this can return nil, because we'll fail before we get to trying to use it + mockStore.UserStore.On("Get", userId).Return( + storetest.NewStoreChannel(store.StoreResult{ + Data: nil, + Err: nil, + }), + ) + + // the server will also pull the team. the one we return has a different invite id than the one in the email invite we made above + mockStore.TeamStore.On("Get", teamId).Return( + storetest.NewStoreChannel(store.StoreResult{ + Data: &model.Team{ + InviteId: teamInviteId, + }, + Err: nil, + }), + ) + + app := App{ + Srv: &Server{ + Store: mockStore, + }, + config: atomic.Value{}, + } + app.config.Store(&model.Config{ + EmailSettings: model.EmailSettings{ + InviteSalt: inviteSalt, + }, + }) + + // this should fail because the invite ids are mismatched + team, err := app.AddUserToTeamByHash(userId, hash, data) + assert.Nil(t, team) + assert.Equal(t, "api.user.create_user.signup_link_mismatched_invite_id.app_error", err.Id) +} |