diff options
-rw-r--r-- | api4/oauth.go | 42 | ||||
-rw-r--r-- | api4/oauth_test.go | 106 | ||||
-rw-r--r-- | app/oauth.go | 17 | ||||
-rw-r--r-- | model/client4.go | 10 |
4 files changed, 175 insertions, 0 deletions
diff --git a/api4/oauth.go b/api4/oauth.go index 593d405db..c3b64b608 100644 --- a/api4/oauth.go +++ b/api4/oauth.go @@ -18,6 +18,7 @@ func InitOAuth() { l4g.Debug(utils.T("api.oauth.init.debug")) BaseRoutes.OAuthApps.Handle("", ApiSessionRequired(createOAuthApp)).Methods("POST") + BaseRoutes.OAuthApp.Handle("", ApiSessionRequired(updateOAuthApp)).Methods("PUT") BaseRoutes.OAuthApps.Handle("", ApiSessionRequired(getOAuthApps)).Methods("GET") BaseRoutes.OAuthApp.Handle("", ApiSessionRequired(getOAuthApp)).Methods("GET") BaseRoutes.OAuthApp.Handle("/info", ApiSessionRequired(getOAuthAppInfo)).Methods("GET") @@ -74,6 +75,47 @@ func createOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(rapp.ToJson())) } +func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireAppId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { + c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH) + return + } + + oauthApp := model.OAuthAppFromJson(r.Body) + if oauthApp == nil { + c.SetInvalidParam("oauth_app") + return + } + + c.LogAudit("attempt") + + oldOauthApp, err := c.App.GetOAuthApp(c.Params.AppId) + if err != nil { + c.Err = err + return + } + + if c.Session.UserId != oauthApp.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) + return + } + + updatedOauthApp, err := c.App.UpdateOauthApp(oldOauthApp, oauthApp) + if err != nil { + c.Err = err + return + } + + c.LogAudit("success") + + w.Write([]byte(updatedOauthApp.ToJson())) +} + func getOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) { if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { c.Err = model.NewAppError("getOAuthApps", "api.command.admin_only.app_error", nil, "", http.StatusForbidden) diff --git a/api4/oauth_test.go b/api4/oauth_test.go index d25e4f934..33ed1ac55 100644 --- a/api4/oauth_test.go +++ b/api4/oauth_test.go @@ -81,6 +81,112 @@ func TestCreateOAuthApp(t *testing.T) { CheckNotImplementedStatus(t, resp) } +func TestUpdateOAuthApp(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + AdminClient := th.SystemAdminClient + + enableOAuth := utils.Cfg.ServiceSettings.EnableOAuthServiceProvider + adminOnly := *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations + defer func() { + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = adminOnly + }() + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true + utils.SetDefaultRolesBasedOnConfig() + + oapp := &model.OAuthApp{ + Name: "oapp", + IsTrusted: false, + IconURL: "https://nowhere.com/img", + Homepage: "https://nowhere.com", + Description: "test", + CallbackUrls: []string{"https://callback.com"}, + } + + oapp, _ = AdminClient.CreateOAuthApp(oapp) + + oapp.Name = "oapp_update" + oapp.IsTrusted = true + oapp.IconURL = "https://nowhere.com/img_update" + oapp.Homepage = "https://nowhere_update.com" + oapp.Description = "test_update" + oapp.CallbackUrls = []string{"https://callback_update.com","https://another_callback.com"} + + updatedApp, resp := AdminClient.UpdateOAuthApp(oapp) + CheckNoError(t, resp) + + if updatedApp.Id != oapp.Id { + t.Fatal("Id should have not updated") + } + + if updatedApp.CreatorId != oapp.CreatorId { + t.Fatal("CreatorId should have not updated") + } + + if updatedApp.CreateAt != oapp.CreateAt { + t.Fatal("CreateAt should have not updated") + } + + if updatedApp.UpdateAt == oapp.UpdateAt { + t.Fatal("UpdateAt should have updated") + } + + if updatedApp.ClientSecret != oapp.ClientSecret { + t.Fatal("ClientSecret should have not updated") + } + + if updatedApp.Name != oapp.Name { + t.Fatal("Name should have updated") + } + + if updatedApp.Description != oapp.Description { + t.Fatal("Description should have updated") + } + + if updatedApp.IconURL != oapp.IconURL { + t.Fatal("IconURL should have updated") + } + + if len(updatedApp.CallbackUrls) == len(oapp.CallbackUrls) { + for i, callbackUrl := range updatedApp.CallbackUrls { + if callbackUrl != oapp.CallbackUrls[i] { + t.Fatal("Description should have updated") + } + } + } + + if updatedApp.Homepage != oapp.Homepage { + t.Fatal("Homepage should have updated") + } + + if updatedApp.IsTrusted != oapp.IsTrusted { + t.Fatal("IsTrusted should have updated") + } + + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false + utils.SetDefaultRolesBasedOnConfig() + _, resp = Client.UpdateOAuthApp(oapp) + CheckForbiddenStatus(t, resp) + + oapp.Id = "zhk9d1ggatrqz236c7h87im7bc" + _, resp = AdminClient.UpdateOAuthApp(oapp) + CheckNotFoundStatus(t, resp) + + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false + _, resp = AdminClient.UpdateOAuthApp(oapp) + CheckNotImplementedStatus(t, resp) + + Client.Logout() + _, resp = Client.UpdateOAuthApp(oapp) + CheckUnauthorizedStatus(t, resp) + + oapp.Id = "junk" + _, resp = AdminClient.UpdateOAuthApp(oapp) + CheckBadRequestStatus(t, resp) +} + func TestGetOAuthApps(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() diff --git a/app/oauth.go b/app/oauth.go index a0fcfd609..2b45409a6 100644 --- a/app/oauth.go +++ b/app/oauth.go @@ -53,6 +53,23 @@ func (a *App) GetOAuthApp(appId string) (*model.OAuthApp, *model.AppError) { } } +func (a *App) UpdateOauthApp(oldApp, updatedApp *model.OAuthApp) (*model.OAuthApp, *model.AppError) { + if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider { + return nil, model.NewAppError("UpdateOauthApp", "api.oauth.allow_oauth.turn_off.app_error", nil, "", http.StatusNotImplemented) + } + + updatedApp.Id = oldApp.Id + updatedApp.CreatorId = oldApp.CreatorId + updatedApp.CreateAt = oldApp.CreateAt + updatedApp.ClientSecret = oldApp.ClientSecret + + if result := <-a.Srv.Store.OAuth().UpdateApp(updatedApp); result.Err != nil { + return nil, result.Err + } else { + return result.Data.([2]*model.OAuthApp)[0], nil + } +} + func (a *App) DeleteOAuthApp(appId string) *model.AppError { if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider { return model.NewAppError("DeleteOAuthApp", "api.oauth.allow_oauth.turn_off.app_error", nil, "", http.StatusNotImplemented) diff --git a/model/client4.go b/model/client4.go index 44c4cf6c9..42e89fd9c 100644 --- a/model/client4.go +++ b/model/client4.go @@ -2631,6 +2631,16 @@ func (c *Client4) CreateOAuthApp(app *OAuthApp) (*OAuthApp, *Response) { } } +// UpdateOAuthApp +func (c *Client4) UpdateOAuthApp(app *OAuthApp) (*OAuthApp, *Response) { + if r, err := c.DoApiPut(c.GetOAuthAppRoute(app.Id), app.ToJson()); err != nil { + return nil, BuildErrorResponse(r, err) + } else { + defer closeBody(r) + return OAuthAppFromJson(r.Body), BuildResponse(r) + } +} + // GetOAuthApps gets a page of registered OAuth 2.0 client applications with Mattermost acting as an OAuth 2.0 service provider. func (c *Client4) GetOAuthApps(page, perPage int) ([]*OAuthApp, *Response) { query := fmt.Sprintf("?page=%v&per_page=%v", page, perPage) |