diff options
-rw-r--r-- | api4/user.go | 25 | ||||
-rw-r--r-- | api4/user_test.go | 46 | ||||
-rw-r--r-- | app/session.go | 12 | ||||
-rw-r--r-- | i18n/en.json | 4 | ||||
-rw-r--r-- | model/client4.go | 10 | ||||
-rw-r--r-- | model/user_access_token_search.go | 35 | ||||
-rw-r--r-- | model/user_access_token_search_test.go | 19 | ||||
-rw-r--r-- | store/sqlstore/user_access_token_store.go | 20 | ||||
-rw-r--r-- | store/store.go | 1 | ||||
-rw-r--r-- | store/storetest/mocks/UserAccessTokenStore.go | 16 | ||||
-rw-r--r-- | store/storetest/user_access_token_store.go | 43 |
11 files changed, 231 insertions, 0 deletions
diff --git a/api4/user.go b/api4/user.go index cd26b00e3..a664acfac 100644 --- a/api4/user.go +++ b/api4/user.go @@ -60,6 +60,7 @@ func (api *API) InitUser() { api.BaseRoutes.User.Handle("/tokens", api.ApiSessionRequired(createUserAccessToken)).Methods("POST") api.BaseRoutes.User.Handle("/tokens", api.ApiSessionRequired(getUserAccessTokensForUser)).Methods("GET") api.BaseRoutes.Users.Handle("/tokens", api.ApiSessionRequired(getUserAccessTokens)).Methods("GET") + api.BaseRoutes.Users.Handle("/tokens/search", api.ApiSessionRequired(searchUserAccessTokens)).Methods("POST") api.BaseRoutes.Users.Handle("/tokens/{token_id:[A-Za-z0-9]+}", api.ApiSessionRequired(getUserAccessToken)).Methods("GET") api.BaseRoutes.Users.Handle("/tokens/revoke", api.ApiSessionRequired(revokeUserAccessToken)).Methods("POST") api.BaseRoutes.Users.Handle("/tokens/disable", api.ApiSessionRequired(disableUserAccessToken)).Methods("POST") @@ -1241,6 +1242,30 @@ func createUserAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(accessToken.ToJson())) } +func searchUserAccessTokens(c *Context, w http.ResponseWriter, r *http.Request) { + if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + props := model.UserAccessTokenSearchFromJson(r.Body) + if props == nil { + c.SetInvalidParam("user_access_token_search") + return + } + + if len(props.Term) == 0 { + c.SetInvalidParam("term") + return + } + accessTokens, err := c.App.SearchUserAccessTokens(props.Term) + if err != nil { + c.Err = err + return + } + + w.Write([]byte(model.UserAccessTokenListToJson(accessTokens))) +} + func getUserAccessTokens(c *Context, w http.ResponseWriter, r *http.Request) { if !c.App.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) diff --git a/api4/user_test.go b/api4/user_test.go index 7b103d23b..d50bdf6a9 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -2469,6 +2469,52 @@ func TestGetUserAccessToken(t *testing.T) { } } +func TestSearchUserAccessToken(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer th.TearDown() + Client := th.Client + AdminClient := th.SystemAdminClient + + testDescription := "test token" + + th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) + + th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) + token, resp := Client.CreateUserAccessToken(th.BasicUser.Id, testDescription) + CheckNoError(t, resp) + + _, resp = Client.SearchUserAccessTokens(&model.UserAccessTokenSearch{Term: token.Id}) + CheckForbiddenStatus(t, resp) + + rtokens, resp := AdminClient.SearchUserAccessTokens(&model.UserAccessTokenSearch{Term: th.BasicUser.Id}) + CheckNoError(t, resp) + + if len(rtokens) != 1 { + t.Fatal("should have 1 tokens") + } + + rtokens, resp = AdminClient.SearchUserAccessTokens(&model.UserAccessTokenSearch{Term: token.Id}) + CheckNoError(t, resp) + + if len(rtokens) != 1 { + t.Fatal("should have 1 tokens") + } + + rtokens, resp = AdminClient.SearchUserAccessTokens(&model.UserAccessTokenSearch{Term: th.BasicUser.Username}) + CheckNoError(t, resp) + + if len(rtokens) != 1 { + t.Fatal("should have 1 tokens") + } + + rtokens, resp = AdminClient.SearchUserAccessTokens(&model.UserAccessTokenSearch{Term: "not found"}) + CheckNoError(t, resp) + + if len(rtokens) != 0 { + t.Fatal("should have 0 tokens") + } +} + func TestRevokeUserAccessToken(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer th.TearDown() diff --git a/app/session.go b/app/session.go index 6a07380e4..1c5daf29e 100644 --- a/app/session.go +++ b/app/session.go @@ -393,3 +393,15 @@ func (a *App) GetUserAccessToken(tokenId string, sanitize bool) (*model.UserAcce return token, nil } } + +func (a *App) SearchUserAccessTokens(term string) ([]*model.UserAccessToken, *model.AppError) { + if result := <-a.Srv.Store.UserAccessToken().Search(term); result.Err != nil { + return nil, result.Err + } else { + tokens := result.Data.([]*model.UserAccessToken) + for _, token := range tokens { + token.Token = "" + } + return tokens, nil + } +} diff --git a/i18n/en.json b/i18n/en.json index 74455260e..60f29bba8 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -6843,6 +6843,10 @@ "translation": "We couldn't get the personal access tokens by user" }, { + "id": "store.sql_user_access_token.search.app_error", + "translation": "We encountered an error searching user access tokens" + }, + { "id": "store.sql_user_access_token.save.app_error", "translation": "We couldn't save the personal access token" }, diff --git a/model/client4.go b/model/client4.go index 3f3439ebe..88645ec74 100644 --- a/model/client4.go +++ b/model/client4.go @@ -1092,6 +1092,16 @@ func (c *Client4) RevokeUserAccessToken(tokenId string) (bool, *Response) { } } +// SearchUserAccessTokens returns user access tokens matching the provided search term. +func (c *Client4) SearchUserAccessTokens(search *UserAccessTokenSearch) ([]*UserAccessToken, *Response) { + if r, err := c.DoApiPost(c.GetUsersRoute()+"/tokens/search", search.ToJson()); err != nil { + return nil, BuildErrorResponse(r, err) + } else { + defer closeBody(r) + return UserAccessTokenListFromJson(r.Body), BuildResponse(r) + } +} + // DisableUserAccessToken will disable a user access token by id. Must have the // 'revoke_user_access_token' permission and if disabling for another user, must have the // 'edit_other_users' permission. diff --git a/model/user_access_token_search.go b/model/user_access_token_search.go new file mode 100644 index 000000000..1b0146edb --- /dev/null +++ b/model/user_access_token_search.go @@ -0,0 +1,35 @@ +// Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package model + +import ( + "encoding/json" + "io" +) + +type UserAccessTokenSearch struct { + Term string `json:"term"` +} + +// ToJson convert a UserAccessTokenSearch to json string +func (c *UserAccessTokenSearch) ToJson() string { + b, err := json.Marshal(c) + if err != nil { + return "" + } + + return string(b) +} + +// UserAccessTokenSearchJson decodes the input and returns a UserAccessTokenSearch +func UserAccessTokenSearchFromJson(data io.Reader) *UserAccessTokenSearch { + decoder := json.NewDecoder(data) + var cs UserAccessTokenSearch + err := decoder.Decode(&cs) + if err == nil { + return &cs + } + + return nil +} diff --git a/model/user_access_token_search_test.go b/model/user_access_token_search_test.go new file mode 100644 index 000000000..15a53f536 --- /dev/null +++ b/model/user_access_token_search_test.go @@ -0,0 +1,19 @@ +// Copyright (c) 2016-present Mattermost, Inc. All Rights Reserved. +// See License.txt for license information. + +package model + +import ( + "strings" + "testing" +) + +func TestUserAccessTokenSearchJson(t *testing.T) { + userAccessTokenSearch := UserAccessTokenSearch{Term: NewId()} + json := userAccessTokenSearch.ToJson() + ruserAccessTokenSearch := UserAccessTokenSearchFromJson(strings.NewReader(json)) + + if userAccessTokenSearch.Term != ruserAccessTokenSearch.Term { + t.Fatal("Terms do not match") + } +} diff --git a/store/sqlstore/user_access_token_store.go b/store/sqlstore/user_access_token_store.go index deba9f7ea..b90ba773f 100644 --- a/store/sqlstore/user_access_token_store.go +++ b/store/sqlstore/user_access_token_store.go @@ -211,6 +211,26 @@ func (s SqlUserAccessTokenStore) GetByUser(userId string, offset, limit int) sto }) } +func (s SqlUserAccessTokenStore) Search(term string) store.StoreChannel { + return store.Do(func(result *store.StoreResult) { + tokens := []*model.UserAccessToken{} + params := map[string]interface{}{"Term": term + "%"} + query := ` + SELECT + uat.* + FROM UserAccessTokens uat + INNER JOIN Users u + ON uat.UserId = u.Id + WHERE uat.Id LIKE :Term OR uat.UserId LIKE :Term OR u.Username LIKE :Term` + + if _, err := s.GetReplica().Select(&tokens, query, params); err != nil { + result.Err = model.NewAppError("SqlUserAccessTokenStore.Search", "store.sql_user_access_token.search.app_error", nil, "term="+term+", "+err.Error(), http.StatusInternalServerError) + } + + result.Data = tokens + }) +} + func (s SqlUserAccessTokenStore) UpdateTokenEnable(tokenId string) store.StoreChannel { return store.Do(func(result *store.StoreResult) { if _, err := s.GetMaster().Exec("UPDATE UserAccessTokens SET IsActive = TRUE WHERE Id = :Id", map[string]interface{}{"Id": tokenId}); err != nil { diff --git a/store/store.go b/store/store.go index de8bd4635..dc140edd4 100644 --- a/store/store.go +++ b/store/store.go @@ -449,6 +449,7 @@ type UserAccessTokenStore interface { GetAll(offset int, limit int) StoreChannel GetByToken(tokenString string) StoreChannel GetByUser(userId string, page, perPage int) StoreChannel + Search(term string) StoreChannel UpdateTokenEnable(tokenId string) StoreChannel UpdateTokenDisable(tokenId string) StoreChannel } diff --git a/store/storetest/mocks/UserAccessTokenStore.go b/store/storetest/mocks/UserAccessTokenStore.go index 60e08076c..b989fa1cc 100644 --- a/store/storetest/mocks/UserAccessTokenStore.go +++ b/store/storetest/mocks/UserAccessTokenStore.go @@ -109,6 +109,22 @@ func (_m *UserAccessTokenStore) GetByUser(userId string, page int, perPage int) return r0 } +// Search provides a mock function with given fields: +func (_m *UserAccessTokenStore) Search(term string) store.StoreChannel { + ret := _m.Called(term) + + var r0 store.StoreChannel + if rf, ok := ret.Get(0).(func(string) store.StoreChannel); ok { + r0 = rf(term) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(store.StoreChannel) + } + } + + return r0 +} + // Save provides a mock function with given fields: token func (_m *UserAccessTokenStore) Save(token *model.UserAccessToken) store.StoreChannel { ret := _m.Called(token) diff --git a/store/storetest/user_access_token_store.go b/store/storetest/user_access_token_store.go index c32023d30..e8eb8ca60 100644 --- a/store/storetest/user_access_token_store.go +++ b/store/storetest/user_access_token_store.go @@ -13,6 +13,7 @@ import ( func TestUserAccessTokenStore(t *testing.T, ss store.Store) { t.Run("UserAccessTokenSaveGetDelete", func(t *testing.T) { testUserAccessTokenSaveGetDelete(t, ss) }) t.Run("UserAccessTokenDisableEnable", func(t *testing.T) { testUserAccessTokenDisableEnable(t, ss) }) + t.Run("UserAccessTokenSearch", func(t *testing.T) { testUserAccessTokenSearch(t, ss) }) } func testUserAccessTokenSaveGetDelete(t *testing.T, ss store.Store) { @@ -130,3 +131,45 @@ func testUserAccessTokenDisableEnable(t *testing.T, ss store.Store) { t.Fatal(err) } } + +func testUserAccessTokenSearch(t *testing.T, ss store.Store) { + u1 := model.User{} + u1.Email = model.NewId() + u1.Username = model.NewId() + + store.Must(ss.User().Save(&u1)) + + uat := &model.UserAccessToken{ + Token: model.NewId(), + UserId: u1.Id, + Description: "testtoken", + } + + s1 := model.Session{} + s1.UserId = uat.UserId + s1.Token = uat.Token + + store.Must(ss.Session().Save(&s1)) + + if result := <-ss.UserAccessToken().Save(uat); result.Err != nil { + t.Fatal(result.Err) + } + + if result := <-ss.UserAccessToken().Search(uat.Id); result.Err != nil { + t.Fatal(result.Err) + } else if received := result.Data.([]*model.UserAccessToken); len(received) != 1 { + t.Fatal("received incorrect number of tokens after search") + } + + if result := <-ss.UserAccessToken().Search(uat.UserId); result.Err != nil { + t.Fatal(result.Err) + } else if received := result.Data.([]*model.UserAccessToken); len(received) != 1 { + t.Fatal("received incorrect number of tokens after search") + } + + if result := <-ss.UserAccessToken().Search(u1.Username); result.Err != nil { + t.Fatal(result.Err) + } else if received := result.Data.([]*model.UserAccessToken); len(received) != 1 { + t.Fatal("received incorrect number of tokens after search") + } +} |