diff options
Diffstat (limited to 'api4')
-rw-r--r-- | api4/system.go | 15 | ||||
-rw-r--r-- | api4/system_test.go | 50 |
2 files changed, 64 insertions, 1 deletions
diff --git a/api4/system.go b/api4/system.go index 94f4718a2..4f86213c6 100644 --- a/api4/system.go +++ b/api4/system.go @@ -7,6 +7,8 @@ import ( "net/http" l4g "github.com/alecthomas/log4go" + "github.com/mattermost/platform/app" + "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" ) @@ -14,8 +16,21 @@ func InitSystem() { l4g.Debug(utils.T("api.system.init.debug")) BaseRoutes.System.Handle("/ping", ApiHandler(getSystemPing)).Methods("GET") + BaseRoutes.ApiRoot.Handle("/config", ApiSessionRequired(getConfig)).Methods("GET") } func getSystemPing(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } + +func getConfig(c *Context, w http.ResponseWriter, r *http.Request) { + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + + cfg := app.GetConfig() + + w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") + w.Write([]byte(cfg.ToJson())) +} diff --git a/api4/system_test.go b/api4/system_test.go index d9514eabc..2e8b8f70f 100644 --- a/api4/system_test.go +++ b/api4/system_test.go @@ -1,7 +1,10 @@ package api4 import ( + "strings" "testing" + + "github.com/mattermost/platform/model" ) func TestGetPing(t *testing.T) { @@ -10,9 +13,54 @@ func TestGetPing(t *testing.T) { Client := th.Client b, _ := Client.GetPing() - if b == false { + if b == false { t.Fatal() } } +func TestGetConfig(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + _, resp := Client.GetConfig() + CheckForbiddenStatus(t, resp) + + cfg, resp := th.SystemAdminClient.GetConfig() + CheckNoError(t, resp) + if len(cfg.TeamSettings.SiteName) == 0 { + t.Fatal() + } + + if *cfg.LdapSettings.BindPassword != model.FAKE_SETTING && len(*cfg.LdapSettings.BindPassword) != 0 { + t.Fatal("did not sanitize properly") + } + if *cfg.FileSettings.PublicLinkSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.FileSettings.AmazonS3SecretAccessKey != model.FAKE_SETTING && len(cfg.FileSettings.AmazonS3SecretAccessKey) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.InviteSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.PasswordResetSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.SMTPPassword != model.FAKE_SETTING && len(cfg.EmailSettings.SMTPPassword) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.GitLabSettings.Secret != model.FAKE_SETTING && len(cfg.GitLabSettings.Secret) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.SqlSettings.DataSource != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.SqlSettings.AtRestEncryptKey != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if !strings.Contains(strings.Join(cfg.SqlSettings.DataSourceReplicas, " "), model.FAKE_SETTING) && len(cfg.SqlSettings.DataSourceReplicas) != 0 { + t.Fatal("did not sanitize properly") + } +} |