diff options
-rw-r--r-- | api/post_test.go | 10 | ||||
-rw-r--r-- | api4/post_test.go | 14 | ||||
-rw-r--r-- | app/command.go | 5 | ||||
-rw-r--r-- | app/command_test.go | 20 | ||||
-rw-r--r-- | app/post.go | 5 | ||||
-rw-r--r-- | app/webhook.go | 5 | ||||
-rw-r--r-- | app/webhook_test.go | 5 |
7 files changed, 58 insertions, 6 deletions
diff --git a/api/post_test.go b/api/post_test.go index f57c2e05c..c01a5fa93 100644 --- a/api/post_test.go +++ b/api/post_test.go @@ -61,6 +61,11 @@ func TestCreatePost(t *testing.T) { t.Fatal("Newly craeted post shouldn't have EditAt set") } + _, err = Client.CreatePost(&model.Post{ChannelId: channel1.Id, Message: "#hashtag a" + model.NewId() + "a", Type: model.POST_SYSTEM_GENERIC}) + if err == nil { + t.Fatal("should have failed - bad post type") + } + post2 := &model.Post{ChannelId: channel1.Id, Message: "zz" + model.NewId() + "a", RootId: rpost1.Data.(*model.Post).Id} rpost2, err := Client.CreatePost(post2) if err != nil { @@ -454,13 +459,12 @@ func TestUpdatePost(t *testing.T) { } } - post3 := &model.Post{ChannelId: channel1.Id, Message: "zz" + model.NewId() + "a", Type: model.POST_JOIN_LEAVE} - rpost3, err := Client.CreatePost(post3) + rpost3, err := th.App.CreatePost(&model.Post{ChannelId: channel1.Id, Message: "zz" + model.NewId() + "a", Type: model.POST_JOIN_LEAVE, UserId: th.BasicUser.Id}, channel1, false) if err != nil { t.Fatal(err) } - up3 := &model.Post{Id: rpost3.Data.(*model.Post).Id, ChannelId: channel1.Id, Message: "zz" + model.NewId() + " update post 3"} + up3 := &model.Post{Id: rpost3.Id, ChannelId: channel1.Id, Message: "zz" + model.NewId() + " update post 3"} if _, err := Client.UpdatePost(up3); err == nil { t.Fatal("shouldn't have been able to update system message") } diff --git a/api4/post_test.go b/api4/post_test.go index fd6f8031d..27e6d6458 100644 --- a/api4/post_test.go +++ b/api4/post_test.go @@ -66,6 +66,13 @@ func TestCreatePost(t *testing.T) { t.Fatal("create at should not match") } + post.RootId = "" + post.ParentId = "" + post.Type = model.POST_SYSTEM_GENERIC + _, resp = Client.CreatePost(post) + CheckBadRequestStatus(t, resp) + + post.Type = "" post.RootId = rpost2.Id post.ParentId = rpost2.Id _, resp = Client.CreatePost(post) @@ -417,9 +424,10 @@ func TestUpdatePost(t *testing.T) { t.Fatal("failed to updates") } - post2 := &model.Post{ChannelId: channel.Id, Message: "zz" + model.NewId() + "a", Type: model.POST_JOIN_LEAVE} - rpost2, resp := Client.CreatePost(post2) - CheckNoError(t, resp) + rpost2, err := th.App.CreatePost(&model.Post{ChannelId: channel.Id, Message: "zz" + model.NewId() + "a", Type: model.POST_JOIN_LEAVE, UserId: th.BasicUser.Id}, channel, false) + if err != nil { + t.Fatal(err) + } up2 := &model.Post{Id: rpost2.Id, ChannelId: channel.Id, Message: "zz" + model.NewId() + " update post 2"} _, resp = Client.UpdatePost(rpost2.Id, up2) diff --git a/app/command.go b/app/command.go index 6e439537e..811294b6d 100644 --- a/app/command.go +++ b/app/command.go @@ -41,6 +41,11 @@ func (a *App) CreateCommandPost(post *model.Post, teamId string, response *model post.Message = parseSlackLinksToMarkdown(response.Text) post.CreateAt = model.GetMillis() + if strings.HasPrefix(post.Type, model.POST_SYSTEM_MESSAGE_PREFIX) { + err := model.NewAppError("CreateCommandPost", "api.context.invalid_param.app_error", map[string]interface{}{"Name": "post.type"}, "", http.StatusBadRequest) + return nil, err + } + if response.Attachments != nil { parseSlackAttachment(post, response.Attachments) } diff --git a/app/command_test.go b/app/command_test.go index b37e78ea9..de4822436 100644 --- a/app/command_test.go +++ b/app/command_test.go @@ -45,3 +45,23 @@ func TestMoveCommand(t *testing.T) { assert.Nil(t, err) assert.EqualValues(t, targetTeam.Id, retrievedCommand.TeamId) } + +func TestCreateCommandPost(t *testing.T) { + th := Setup().InitBasic() + defer th.TearDown() + + post := &model.Post{ + ChannelId: th.BasicChannel.Id, + UserId: th.BasicUser.Id, + Type: model.POST_SYSTEM_GENERIC, + } + + resp := &model.CommandResponse{ + Text: "some message", + } + + _, err := th.App.CreateCommandPost(post, th.BasicTeam.Id, resp) + if err == nil && err.Id != "api.context.invalid_param.app_error" { + t.Fatal("should have failed - bad post type") + } +} diff --git a/app/post.go b/app/post.go index 4a465450b..fa929b844 100644 --- a/app/post.go +++ b/app/post.go @@ -29,6 +29,11 @@ func (a *App) CreatePostAsUser(post *model.Post) (*model.Post, *model.AppError) channel = result.Data.(*model.Channel) } + if strings.HasPrefix(post.Type, model.POST_SYSTEM_MESSAGE_PREFIX) { + err := model.NewAppError("CreatePostAsUser", "api.context.invalid_param.app_error", map[string]interface{}{"Name": "post.type"}, "", http.StatusBadRequest) + return nil, err + } + if channel.DeleteAt != 0 { err := model.NewAppError("createPost", "api.post.create_post.can_not_post_to_deleted.error", nil, "", http.StatusBadRequest) return nil, err diff --git a/app/webhook.go b/app/webhook.go index 9d9b24b10..1530ba94a 100644 --- a/app/webhook.go +++ b/app/webhook.go @@ -131,6 +131,11 @@ func (a *App) CreateWebhookPost(userId string, channel *model.Channel, text, ove post := &model.Post{UserId: userId, ChannelId: channel.Id, Message: text, Type: postType} post.AddProp("from_webhook", "true") + if strings.HasPrefix(post.Type, model.POST_SYSTEM_MESSAGE_PREFIX) { + err := model.NewAppError("CreateWebhookPost", "api.context.invalid_param.app_error", map[string]interface{}{"Name": "post.type"}, "", http.StatusBadRequest) + return nil, err + } + if metrics := a.Metrics; metrics != nil { metrics.IncrementWebhookPost() } diff --git a/app/webhook_test.go b/app/webhook_test.go index 5699addbf..b9ba35f43 100644 --- a/app/webhook_test.go +++ b/app/webhook_test.go @@ -44,4 +44,9 @@ func TestCreateWebhookPost(t *testing.T) { t.Fatal(k) } } + + _, err = th.App.CreateWebhookPost(hook.UserId, th.BasicChannel, "foo", "user", "http://iconurl", nil, model.POST_SYSTEM_GENERIC) + if err == nil { + t.Fatal("should have failed - bad post type") + } } |