summaryrefslogtreecommitdiffstats
path: root/api4
diff options
context:
space:
mode:
Diffstat (limited to 'api4')
-rw-r--r--api4/api.go12
-rw-r--r--api4/apitestlib.go75
-rw-r--r--api4/context.go23
-rw-r--r--api4/oauth.go481
-rw-r--r--api4/oauth_test.go611
-rw-r--r--api4/params.go10
6 files changed, 1187 insertions, 25 deletions
diff --git a/api4/api.go b/api4/api.go
index 8d03d91d1..fd9b679d2 100644
--- a/api4/api.go
+++ b/api4/api.go
@@ -64,8 +64,10 @@ type Routes struct {
OutgoingHooks *mux.Router // 'api/v4/hooks/outgoing'
OutgoingHook *mux.Router // 'api/v4/hooks/outgoing/{hook_id:[A-Za-z0-9]+}'
- Admin *mux.Router // 'api/v4/admin'
- OAuth *mux.Router // 'api/v4/oauth'
+ OAuth *mux.Router // 'api/v4/oauth'
+ OAuthApps *mux.Router // 'api/v4/oauth/apps'
+ OAuthApp *mux.Router // 'api/v4/oauth/apps/{app_id:[A-Za-z0-9]+}'
+
SAML *mux.Router // 'api/v4/saml'
Compliance *mux.Router // 'api/v4/compliance'
Cluster *mux.Router // 'api/v4/cluster'
@@ -146,8 +148,11 @@ func InitApi(full bool) {
BaseRoutes.OutgoingHook = BaseRoutes.OutgoingHooks.PathPrefix("/{hook_id:[A-Za-z0-9]+}").Subrouter()
BaseRoutes.SAML = BaseRoutes.ApiRoot.PathPrefix("/saml").Subrouter()
+
BaseRoutes.OAuth = BaseRoutes.ApiRoot.PathPrefix("/oauth").Subrouter()
- BaseRoutes.Admin = BaseRoutes.ApiRoot.PathPrefix("/admin").Subrouter()
+ BaseRoutes.OAuthApps = BaseRoutes.OAuth.PathPrefix("/apps").Subrouter()
+ BaseRoutes.OAuthApp = BaseRoutes.OAuthApps.PathPrefix("/{app_id:[A-Za-z0-9]+}").Subrouter()
+
BaseRoutes.Compliance = BaseRoutes.ApiRoot.PathPrefix("/compliance").Subrouter()
BaseRoutes.Cluster = BaseRoutes.ApiRoot.PathPrefix("/cluster").Subrouter()
BaseRoutes.LDAP = BaseRoutes.ApiRoot.PathPrefix("/ldap").Subrouter()
@@ -180,6 +185,7 @@ func InitApi(full bool) {
InitStatus()
InitWebSocket()
InitEmoji()
+ InitOAuth()
InitReaction()
InitWebrtc()
diff --git a/api4/apitestlib.go b/api4/apitestlib.go
index 81a9ca311..e6b4fb0c8 100644
--- a/api4/apitestlib.go
+++ b/api4/apitestlib.go
@@ -12,6 +12,7 @@ import (
"runtime/debug"
"strconv"
"strings"
+ "sync"
"testing"
"time"
@@ -107,31 +108,57 @@ func Setup() *TestHelper {
func TearDown() {
utils.DisableDebugLogForTest()
- options := map[string]bool{}
- options[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
- if result := <-app.Srv.Store.User().Search("", "fakeuser", options); result.Err != nil {
- l4g.Error("Error tearing down test users")
- } else {
- users := result.Data.([]*model.User)
-
- for _, u := range users {
- if err := app.PermanentDeleteUser(u); err != nil {
- l4g.Error(err.Error())
+ var wg sync.WaitGroup
+ wg.Add(3)
+
+ go func() {
+ defer wg.Done()
+ options := map[string]bool{}
+ options[store.USER_SEARCH_OPTION_NAMES_ONLY_NO_FULL_NAME] = true
+ if result := <-app.Srv.Store.User().Search("", "fakeuser", options); result.Err != nil {
+ l4g.Error("Error tearing down test users")
+ } else {
+ users := result.Data.([]*model.User)
+
+ for _, u := range users {
+ if err := app.PermanentDeleteUser(u); err != nil {
+ l4g.Error(err.Error())
+ }
}
}
- }
-
- if result := <-app.Srv.Store.Team().SearchByName("faketeam"); result.Err != nil {
- l4g.Error("Error tearing down test teams")
- } else {
- teams := result.Data.([]*model.Team)
-
- for _, t := range teams {
- if err := app.PermanentDeleteTeam(t); err != nil {
- l4g.Error(err.Error())
+ }()
+
+ go func() {
+ defer wg.Done()
+ if result := <-app.Srv.Store.Team().SearchByName("faketeam"); result.Err != nil {
+ l4g.Error("Error tearing down test teams")
+ } else {
+ teams := result.Data.([]*model.Team)
+
+ for _, t := range teams {
+ if err := app.PermanentDeleteTeam(t); err != nil {
+ l4g.Error(err.Error())
+ }
}
}
- }
+ }()
+
+ go func() {
+ defer wg.Done()
+ if result := <-app.Srv.Store.OAuth().GetApps(0, 1000); result.Err != nil {
+ l4g.Error("Error tearing down test oauth apps")
+ } else {
+ apps := result.Data.([]*model.OAuthApp)
+
+ for _, a := range apps {
+ if strings.HasPrefix(a.Name, "fakeoauthapp") {
+ <-app.Srv.Store.OAuth().DeleteApp(a.Id)
+ }
+ }
+ }
+ }()
+
+ wg.Wait()
utils.EnableDebugLogForTest()
}
@@ -378,7 +405,7 @@ func GenerateTestEmail() string {
}
func GenerateTestUsername() string {
- return "fakeuser" + model.NewRandomString(13)
+ return "fakeuser" + model.NewRandomString(10)
}
func GenerateTestTeamName() string {
@@ -389,6 +416,10 @@ func GenerateTestChannelName() string {
return "fakechannel" + model.NewRandomString(10)
}
+func GenerateTestAppName() string {
+ return "fakeoauthapp" + model.NewRandomString(10)
+}
+
func GenerateTestId() string {
return model.NewId()
}
diff --git a/api4/context.go b/api4/context.go
index 847a8d55f..f492f2b99 100644
--- a/api4/context.go
+++ b/api4/context.go
@@ -382,6 +382,17 @@ func (c *Context) RequirePostId() *Context {
return c
}
+func (c *Context) RequireAppId() *Context {
+ if c.Err != nil {
+ return c
+ }
+
+ if len(c.Params.AppId) != 26 {
+ c.SetInvalidUrlParam("app_id")
+ }
+ return c
+}
+
func (c *Context) RequireFileId() *Context {
if c.Err != nil {
return c
@@ -464,6 +475,18 @@ func (c *Context) RequireCategory() *Context {
return c
}
+func (c *Context) RequireService() *Context {
+ if c.Err != nil {
+ return c
+ }
+
+ if len(c.Params.Service) == 0 {
+ c.SetInvalidUrlParam("service")
+ }
+
+ return c
+}
+
func (c *Context) RequirePreferenceName() *Context {
if c.Err != nil {
return c
diff --git a/api4/oauth.go b/api4/oauth.go
new file mode 100644
index 000000000..3ace501e4
--- /dev/null
+++ b/api4/oauth.go
@@ -0,0 +1,481 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+ "net/http"
+ "net/url"
+ "strings"
+
+ l4g "github.com/alecthomas/log4go"
+ "github.com/mattermost/platform/app"
+ "github.com/mattermost/platform/model"
+ "github.com/mattermost/platform/utils"
+)
+
+func InitOAuth() {
+ l4g.Debug(utils.T("api.oauth.init.debug"))
+
+ BaseRoutes.OAuthApps.Handle("", ApiSessionRequired(createOAuthApp)).Methods("POST")
+ BaseRoutes.OAuthApps.Handle("", ApiSessionRequired(getOAuthApps)).Methods("GET")
+ BaseRoutes.OAuthApp.Handle("", ApiSessionRequired(getOAuthApp)).Methods("GET")
+ BaseRoutes.OAuthApp.Handle("/info", ApiSessionRequired(getOAuthAppInfo)).Methods("GET")
+ BaseRoutes.OAuthApp.Handle("", ApiSessionRequired(deleteOAuthApp)).Methods("DELETE")
+ BaseRoutes.OAuthApp.Handle("/regen_secret", ApiSessionRequired(regenerateOAuthAppSecret)).Methods("POST")
+
+ BaseRoutes.User.Handle("/oauth/apps/authorized", ApiSessionRequired(getAuthorizedOAuthApps)).Methods("GET")
+
+ // API version independent OAuth 2.0 as a service provider endpoints
+ BaseRoutes.Root.Handle("/oauth/authorize", ApiHandlerTrustRequester(authorizeOAuthPage)).Methods("GET")
+ BaseRoutes.Root.Handle("/oauth/authorize", ApiSessionRequired(authorizeOAuthApp)).Methods("POST")
+ BaseRoutes.Root.Handle("/oauth/deauthorize", ApiSessionRequired(deauthorizeOAuthApp)).Methods("POST")
+ BaseRoutes.Root.Handle("/oauth/access_token", ApiHandlerTrustRequester(getAccessToken)).Methods("POST")
+
+ // API version independent OAuth as a client endpoints
+ BaseRoutes.Root.Handle("/oauth/{service:[A-Za-z0-9]+}/complete", ApiHandler(completeOAuth)).Methods("GET")
+ BaseRoutes.Root.Handle("/oauth/{service:[A-Za-z0-9]+}/login", ApiHandler(loginWithOAuth)).Methods("GET")
+ BaseRoutes.Root.Handle("/oauth/{service:[A-Za-z0-9]+}/signup", ApiHandler(signupWithOAuth)).Methods("GET")
+
+ // Old endpoints for backwards compatibility, needed to not break SSO for any old setups
+ BaseRoutes.Root.Handle("/api/v3/oauth/{service:[A-Za-z0-9]+}/complete", ApiHandler(completeOAuth)).Methods("GET")
+ BaseRoutes.Root.Handle("/signup/{service:[A-Za-z0-9]+}/complete", ApiHandler(completeOAuth)).Methods("GET")
+ BaseRoutes.Root.Handle("/login/{service:[A-Za-z0-9]+}/complete", ApiHandler(completeOAuth)).Methods("GET")
+}
+
+func createOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
+ oauthApp := model.OAuthAppFromJson(r.Body)
+
+ if oauthApp == nil {
+ c.SetInvalidParam("oauth_app")
+ return
+ }
+
+ if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
+ return
+ }
+
+ oauthApp.CreatorId = c.Session.UserId
+
+ rapp, err := app.CreateOAuthApp(oauthApp)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ c.LogAudit("client_id=" + rapp.Id)
+ w.WriteHeader(http.StatusCreated)
+ w.Write([]byte(rapp.ToJson()))
+}
+
+func getOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) {
+ if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ c.Err = model.NewAppError("getOAuthApps", "api.command.admin_only.app_error", nil, "", http.StatusForbidden)
+ return
+ }
+
+ var apps []*model.OAuthApp
+ var err *model.AppError
+ if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ apps, err = app.GetOAuthApps(c.Params.Page, c.Params.PerPage)
+ } else if app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ apps, err = app.GetOAuthAppsByCreator(c.Session.UserId, c.Params.Page, c.Params.PerPage)
+ } else {
+ c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
+ return
+ }
+
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ w.Write([]byte(model.OAuthAppListToJson(apps)))
+}
+
+func getOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
+ c.RequireAppId()
+ if c.Err != nil {
+ return
+ }
+
+ if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
+ return
+ }
+
+ oauthApp, err := app.GetOAuthApp(c.Params.AppId)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ if oauthApp.CreatorId != c.Session.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH)
+ return
+ }
+
+ w.Write([]byte(oauthApp.ToJson()))
+}
+
+func getOAuthAppInfo(c *Context, w http.ResponseWriter, r *http.Request) {
+ c.RequireAppId()
+ if c.Err != nil {
+ return
+ }
+
+ oauthApp, err := app.GetOAuthApp(c.Params.AppId)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ oauthApp.Sanitize()
+ w.Write([]byte(oauthApp.ToJson()))
+}
+
+func deleteOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
+ c.RequireAppId()
+ if c.Err != nil {
+ return
+ }
+
+ c.LogAudit("attempt")
+
+ if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
+ return
+ }
+
+ oauthApp, err := app.GetOAuthApp(c.Params.AppId)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ if c.Session.UserId != oauthApp.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH)
+ return
+ }
+
+ err = app.DeleteOAuthApp(oauthApp.Id)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ c.LogAudit("success")
+ ReturnStatusOK(w)
+}
+
+func regenerateOAuthAppSecret(c *Context, w http.ResponseWriter, r *http.Request) {
+ c.RequireAppId()
+ if c.Err != nil {
+ return
+ }
+
+ if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH)
+ return
+ }
+
+ oauthApp, err := app.GetOAuthApp(c.Params.AppId)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ if oauthApp.CreatorId != c.Session.UserId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) {
+ c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH)
+ return
+ }
+
+ oauthApp, err = app.RegenerateOAuthAppSecret(oauthApp)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ c.LogAudit("success")
+ w.Write([]byte(oauthApp.ToJson()))
+}
+
+func getAuthorizedOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) {
+ c.RequireUserId()
+ if c.Err != nil {
+ return
+ }
+
+ if !app.SessionHasPermissionToUser(c.Session, c.Params.UserId) {
+ c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS)
+ return
+ }
+
+ apps, err := app.GetAuthorizedAppsForUser(c.Params.UserId, c.Params.Page, c.Params.PerPage)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ w.Write([]byte(model.OAuthAppListToJson(apps)))
+}
+
+func authorizeOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
+ authRequest := model.AuthorizeRequestFromJson(r.Body)
+ if authRequest == nil {
+ c.SetInvalidParam("authorize_request")
+ }
+
+ if err := authRequest.IsValid(); err != nil {
+ c.Err = err
+ return
+ }
+
+ c.LogAudit("attempt")
+
+ redirectUrl, err := app.AllowOAuthAppAccessToUser(c.Session.UserId, authRequest)
+
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ c.LogAudit("")
+
+ w.Write([]byte(model.MapToJson(map[string]string{"redirect": redirectUrl})))
+}
+
+func deauthorizeOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) {
+ requestData := model.MapFromJson(r.Body)
+ clientId := requestData["client_id"]
+
+ if len(clientId) != 26 {
+ c.SetInvalidParam("client_id")
+ return
+ }
+
+ err := app.DeauthorizeOAuthAppForUser(c.Session.UserId, clientId)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ c.LogAudit("success")
+ ReturnStatusOK(w)
+}
+
+func authorizeOAuthPage(c *Context, w http.ResponseWriter, r *http.Request) {
+ if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider {
+ err := model.NewAppError("authorizeOAuth", "api.oauth.authorize_oauth.disabled.app_error", nil, "", http.StatusNotImplemented)
+ utils.RenderWebError(err, w, r)
+ return
+ }
+
+ authRequest := &model.AuthorizeRequest{
+ ResponseType: r.URL.Query().Get("response_type"),
+ ClientId: r.URL.Query().Get("client_id"),
+ RedirectUri: r.URL.Query().Get("redirect_uri"),
+ Scope: r.URL.Query().Get("scope"),
+ State: r.URL.Query().Get("state"),
+ }
+
+ if err := authRequest.IsValid(); err != nil {
+ utils.RenderWebError(err, w, r)
+ return
+ }
+
+ oauthApp, err := app.GetOAuthApp(authRequest.ClientId)
+ if err != nil {
+ utils.RenderWebError(err, w, r)
+ return
+ }
+
+ // here we should check if the user is logged in
+ if len(c.Session.UserId) == 0 {
+ http.Redirect(w, r, c.GetSiteURLHeader()+"/login?redirect_to="+url.QueryEscape(r.RequestURI), http.StatusFound)
+ return
+ }
+
+ isAuthorized := false
+
+ if _, err := app.GetPreferenceByCategoryAndNameForUser(c.Session.UserId, model.PREFERENCE_CATEGORY_AUTHORIZED_OAUTH_APP, authRequest.ClientId); err == nil {
+ // when we support scopes we should check if the scopes match
+ isAuthorized = true
+ }
+
+ // Automatically allow if the app is trusted
+ if oauthApp.IsTrusted || isAuthorized {
+ authRequest.ResponseType = model.AUTHCODE_RESPONSE_TYPE
+ redirectUrl, err := app.AllowOAuthAppAccessToUser(c.Session.UserId, authRequest)
+
+ if err != nil {
+ utils.RenderWebError(err, w, r)
+ return
+ }
+
+ http.Redirect(w, r, redirectUrl, http.StatusFound)
+ return
+ }
+
+ w.Header().Set("X-Frame-Options", "SAMEORIGIN")
+ w.Header().Set("Content-Security-Policy", "frame-ancestors 'self'")
+ w.Header().Set("Content-Type", "text/html")
+ w.Header().Set("Cache-Control", "no-cache, max-age=31556926, public")
+ http.ServeFile(w, r, utils.FindDir(model.CLIENT_DIR)+"root.html")
+}
+
+func getAccessToken(c *Context, w http.ResponseWriter, r *http.Request) {
+ r.ParseForm()
+
+ code := r.FormValue("code")
+ refreshToken := r.FormValue("refresh_token")
+
+ grantType := r.FormValue("grant_type")
+ switch grantType {
+ case model.ACCESS_TOKEN_GRANT_TYPE:
+ if len(code) == 0 {
+ c.Err = model.NewAppError("getAccessToken", "api.oauth.get_access_token.missing_code.app_error", nil, "", http.StatusBadRequest)
+ return
+ }
+ case model.REFRESH_TOKEN_GRANT_TYPE:
+ if len(refreshToken) == 0 {
+ c.Err = model.NewAppError("getAccessToken", "api.oauth.get_access_token.missing_refresh_token.app_error", nil, "", http.StatusBadRequest)
+ return
+ }
+ default:
+ c.Err = model.NewAppError("getAccessToken", "api.oauth.get_access_token.bad_grant.app_error", nil, "", http.StatusBadRequest)
+ return
+ }
+
+ clientId := r.FormValue("client_id")
+ if len(clientId) != 26 {
+ c.Err = model.NewAppError("getAccessToken", "api.oauth.get_access_token.bad_client_id.app_error", nil, "", http.StatusBadRequest)
+ return
+ }
+
+ secret := r.FormValue("client_secret")
+ if len(secret) == 0 {
+ c.Err = model.NewAppError("getAccessToken", "api.oauth.get_access_token.bad_client_secret.app_error", nil, "", http.StatusBadRequest)
+ return
+ }
+
+ redirectUri := r.FormValue("redirect_uri")
+
+ c.LogAudit("attempt")
+
+ accessRsp, err := app.GetOAuthAccessToken(clientId, grantType, redirectUri, code, secret, refreshToken)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ w.Header().Set("Content-Type", "application/json")
+ w.Header().Set("Cache-Control", "no-store")
+ w.Header().Set("Pragma", "no-cache")
+
+ c.LogAudit("success")
+
+ w.Write([]byte(accessRsp.ToJson()))
+}
+
+func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
+ c.RequireService()
+ if c.Err != nil {
+ return
+ }
+
+ service := c.Params.Service
+
+ code := r.URL.Query().Get("code")
+ if len(code) == 0 {
+ c.Err = model.NewAppError("completeOAuth", "api.oauth.complete_oauth.missing_code.app_error", map[string]interface{}{"service": strings.Title(service)}, "URL: "+r.URL.String(), http.StatusBadRequest)
+ return
+ }
+
+ state := r.URL.Query().Get("state")
+
+ uri := c.GetSiteURLHeader() + "/signup/" + service + "/complete"
+
+ body, teamId, props, err := app.AuthorizeOAuthUser(service, code, state, uri)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ user, err := app.CompleteOAuth(service, body, teamId, props)
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ action := props["action"]
+
+ var redirectUrl string
+ if action == model.OAUTH_ACTION_EMAIL_TO_SSO {
+ redirectUrl = c.GetSiteURLHeader() + "/login?extra=signin_change"
+ } else if action == model.OAUTH_ACTION_SSO_TO_EMAIL {
+
+ redirectUrl = app.GetProtocol(r) + "://" + r.Host + "/claim?email=" + url.QueryEscape(props["email"])
+ } else {
+ session, err := app.DoLogin(w, r, user, "")
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ c.Session = *session
+
+ redirectUrl = c.GetSiteURLHeader()
+ }
+
+ http.Redirect(w, r, redirectUrl, http.StatusTemporaryRedirect)
+}
+
+func loginWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
+ c.RequireService()
+ if c.Err != nil {
+ return
+ }
+
+ loginHint := r.URL.Query().Get("login_hint")
+ redirectTo := r.URL.Query().Get("redirect_to")
+
+ teamId, err := app.GetTeamIdFromQuery(r.URL.Query())
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ if authUrl, err := app.GetOAuthLoginEndpoint(c.Params.Service, teamId, redirectTo, loginHint); err != nil {
+ c.Err = err
+ return
+ } else {
+ http.Redirect(w, r, authUrl, http.StatusFound)
+ }
+}
+
+func signupWithOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
+ c.RequireService()
+ if c.Err != nil {
+ return
+ }
+
+ if !utils.Cfg.TeamSettings.EnableUserCreation {
+ c.Err = model.NewAppError("signupWithOAuth", "api.oauth.singup_with_oauth.disabled.app_error", nil, "", http.StatusNotImplemented)
+ return
+ }
+
+ teamId, err := app.GetTeamIdFromQuery(r.URL.Query())
+ if err != nil {
+ c.Err = err
+ return
+ }
+
+ if authUrl, err := app.GetOAuthSignupEndpoint(c.Params.Service, teamId); err != nil {
+ c.Err = err
+ return
+ } else {
+ http.Redirect(w, r, authUrl, http.StatusFound)
+ }
+}
diff --git a/api4/oauth_test.go b/api4/oauth_test.go
new file mode 100644
index 000000000..963cd43c3
--- /dev/null
+++ b/api4/oauth_test.go
@@ -0,0 +1,611 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+ "net/http"
+ "net/url"
+ "strconv"
+ "testing"
+
+ "github.com/mattermost/platform/model"
+ "github.com/mattermost/platform/utils"
+)
+
+func TestCreateOAuthApp(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.Client
+ AdminClient := th.SystemAdminClient
+
+ enableOAuth := utils.Cfg.ServiceSettings.EnableOAuthServiceProvider
+ adminOnly := *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = adminOnly
+ }()
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+ utils.SetDefaultRolesBasedOnConfig()
+
+ oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+
+ rapp, resp := AdminClient.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+ CheckCreatedStatus(t, resp)
+
+ if rapp.Name != oapp.Name {
+ t.Fatal("names did not match")
+ }
+
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true
+ utils.SetDefaultRolesBasedOnConfig()
+ _, resp = Client.CreateOAuthApp(oapp)
+ CheckForbiddenStatus(t, resp)
+
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+ utils.SetDefaultRolesBasedOnConfig()
+ _, resp = Client.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+ CheckCreatedStatus(t, resp)
+
+ oapp.Name = ""
+ _, resp = AdminClient.CreateOAuthApp(oapp)
+ CheckBadRequestStatus(t, resp)
+
+ if r, err := Client.DoApiPost("/oauth/apps", "garbage"); err == nil {
+ t.Fatal("should have failed")
+ } else {
+ if r.StatusCode != http.StatusBadRequest {
+ t.Log("actual: " + strconv.Itoa(r.StatusCode))
+ t.Log("expected: " + strconv.Itoa(http.StatusBadRequest))
+ t.Fatal("wrong status code")
+ }
+ }
+
+ Client.Logout()
+ _, resp = Client.CreateOAuthApp(oapp)
+ CheckUnauthorizedStatus(t, resp)
+
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false
+ oapp.Name = GenerateTestAppName()
+ _, resp = AdminClient.CreateOAuthApp(oapp)
+ CheckNotImplementedStatus(t, resp)
+}
+
+func TestGetOAuthApps(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.Client
+ AdminClient := th.SystemAdminClient
+
+ enableOAuth := utils.Cfg.ServiceSettings.EnableOAuthServiceProvider
+ adminOnly := *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = adminOnly
+ }()
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+ utils.SetDefaultRolesBasedOnConfig()
+
+ oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+
+ rapp, resp := AdminClient.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ oapp.Name = GenerateTestAppName()
+ rapp2, resp := Client.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ apps, resp := AdminClient.GetOAuthApps(0, 1000)
+ CheckNoError(t, resp)
+
+ found1 := false
+ found2 := false
+ for _, a := range apps {
+ if a.Id == rapp.Id {
+ found1 = true
+ }
+ if a.Id == rapp2.Id {
+ found2 = true
+ }
+ }
+
+ if !found1 || !found2 {
+ t.Fatal("missing oauth app")
+ }
+
+ apps, resp = AdminClient.GetOAuthApps(1, 1)
+ CheckNoError(t, resp)
+
+ if len(apps) != 1 {
+ t.Fatal("paging failed")
+ }
+
+ apps, resp = Client.GetOAuthApps(0, 1000)
+ CheckNoError(t, resp)
+
+ if len(apps) != 1 && apps[0].Id != rapp2.Id {
+ t.Fatal("wrong apps returned")
+ }
+
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true
+ utils.SetDefaultRolesBasedOnConfig()
+
+ _, resp = Client.GetOAuthApps(0, 1000)
+ CheckForbiddenStatus(t, resp)
+
+ Client.Logout()
+
+ _, resp = Client.GetOAuthApps(0, 1000)
+ CheckUnauthorizedStatus(t, resp)
+
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false
+ _, resp = AdminClient.GetOAuthApps(0, 1000)
+ CheckNotImplementedStatus(t, resp)
+}
+
+func TestGetOAuthApp(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.Client
+ AdminClient := th.SystemAdminClient
+
+ enableOAuth := utils.Cfg.ServiceSettings.EnableOAuthServiceProvider
+ adminOnly := *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = adminOnly
+ }()
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+ utils.SetDefaultRolesBasedOnConfig()
+
+ oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+
+ rapp, resp := AdminClient.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ oapp.Name = GenerateTestAppName()
+ rapp2, resp := Client.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ rrapp, resp := AdminClient.GetOAuthApp(rapp.Id)
+ CheckNoError(t, resp)
+
+ if rapp.Id != rrapp.Id {
+ t.Fatal("wrong app")
+ }
+
+ if rrapp.ClientSecret == "" {
+ t.Fatal("should not be sanitized")
+ }
+
+ rrapp2, resp := AdminClient.GetOAuthApp(rapp2.Id)
+ CheckNoError(t, resp)
+
+ if rapp2.Id != rrapp2.Id {
+ t.Fatal("wrong app")
+ }
+
+ if rrapp2.ClientSecret == "" {
+ t.Fatal("should not be sanitized")
+ }
+
+ _, resp = Client.GetOAuthApp(rapp2.Id)
+ CheckNoError(t, resp)
+
+ _, resp = Client.GetOAuthApp(rapp.Id)
+ CheckForbiddenStatus(t, resp)
+
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true
+ utils.SetDefaultRolesBasedOnConfig()
+
+ _, resp = Client.GetOAuthApp(rapp2.Id)
+ CheckForbiddenStatus(t, resp)
+
+ Client.Logout()
+
+ _, resp = Client.GetOAuthApp(rapp2.Id)
+ CheckUnauthorizedStatus(t, resp)
+
+ _, resp = AdminClient.GetOAuthApp("junk")
+ CheckBadRequestStatus(t, resp)
+
+ _, resp = AdminClient.GetOAuthApp(model.NewId())
+ CheckNotFoundStatus(t, resp)
+
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false
+ _, resp = AdminClient.GetOAuthApp(rapp.Id)
+ CheckNotImplementedStatus(t, resp)
+}
+
+func TestGetOAuthAppInfo(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.Client
+ AdminClient := th.SystemAdminClient
+
+ enableOAuth := utils.Cfg.ServiceSettings.EnableOAuthServiceProvider
+ adminOnly := *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = adminOnly
+ }()
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+ utils.SetDefaultRolesBasedOnConfig()
+
+ oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+
+ rapp, resp := AdminClient.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ oapp.Name = GenerateTestAppName()
+ rapp2, resp := Client.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ rrapp, resp := AdminClient.GetOAuthAppInfo(rapp.Id)
+ CheckNoError(t, resp)
+
+ if rapp.Id != rrapp.Id {
+ t.Fatal("wrong app")
+ }
+
+ if rrapp.ClientSecret != "" {
+ t.Fatal("should be sanitized")
+ }
+
+ rrapp2, resp := AdminClient.GetOAuthAppInfo(rapp2.Id)
+ CheckNoError(t, resp)
+
+ if rapp2.Id != rrapp2.Id {
+ t.Fatal("wrong app")
+ }
+
+ if rrapp2.ClientSecret != "" {
+ t.Fatal("should be sanitized")
+ }
+
+ _, resp = Client.GetOAuthAppInfo(rapp2.Id)
+ CheckNoError(t, resp)
+
+ _, resp = Client.GetOAuthAppInfo(rapp.Id)
+ CheckNoError(t, resp)
+
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true
+ utils.SetDefaultRolesBasedOnConfig()
+
+ _, resp = Client.GetOAuthAppInfo(rapp2.Id)
+ CheckNoError(t, resp)
+
+ Client.Logout()
+
+ _, resp = Client.GetOAuthAppInfo(rapp2.Id)
+ CheckUnauthorizedStatus(t, resp)
+
+ _, resp = AdminClient.GetOAuthAppInfo("junk")
+ CheckBadRequestStatus(t, resp)
+
+ _, resp = AdminClient.GetOAuthAppInfo(model.NewId())
+ CheckNotFoundStatus(t, resp)
+
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false
+ _, resp = AdminClient.GetOAuthAppInfo(rapp.Id)
+ CheckNotImplementedStatus(t, resp)
+}
+
+func TestDeleteOAuthApp(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.Client
+ AdminClient := th.SystemAdminClient
+
+ enableOAuth := utils.Cfg.ServiceSettings.EnableOAuthServiceProvider
+ adminOnly := *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = adminOnly
+ }()
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+ utils.SetDefaultRolesBasedOnConfig()
+
+ oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+
+ rapp, resp := AdminClient.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ oapp.Name = GenerateTestAppName()
+ rapp2, resp := Client.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ pass, resp := AdminClient.DeleteOAuthApp(rapp.Id)
+ CheckNoError(t, resp)
+
+ if !pass {
+ t.Fatal("should have passed")
+ }
+
+ _, resp = AdminClient.DeleteOAuthApp(rapp2.Id)
+ CheckNoError(t, resp)
+
+ rapp, resp = AdminClient.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ oapp.Name = GenerateTestAppName()
+ rapp2, resp = Client.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ _, resp = Client.DeleteOAuthApp(rapp.Id)
+ CheckForbiddenStatus(t, resp)
+
+ _, resp = Client.DeleteOAuthApp(rapp2.Id)
+ CheckNoError(t, resp)
+
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+ utils.SetDefaultRolesBasedOnConfig()
+ _, resp = Client.DeleteOAuthApp(rapp.Id)
+ CheckForbiddenStatus(t, resp)
+
+ Client.Logout()
+ _, resp = Client.DeleteOAuthApp(rapp.Id)
+ CheckUnauthorizedStatus(t, resp)
+
+ _, resp = AdminClient.DeleteOAuthApp("junk")
+ CheckBadRequestStatus(t, resp)
+
+ _, resp = AdminClient.DeleteOAuthApp(model.NewId())
+ CheckNotFoundStatus(t, resp)
+
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false
+ _, resp = AdminClient.DeleteOAuthApp(rapp.Id)
+ CheckNotImplementedStatus(t, resp)
+}
+
+func TestRegenerateOAuthAppSecret(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.Client
+ AdminClient := th.SystemAdminClient
+
+ enableOAuth := utils.Cfg.ServiceSettings.EnableOAuthServiceProvider
+ adminOnly := *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = adminOnly
+ }()
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+ utils.SetDefaultRolesBasedOnConfig()
+
+ oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+
+ rapp, resp := AdminClient.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ oapp.Name = GenerateTestAppName()
+ rapp2, resp := Client.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ rrapp, resp := AdminClient.RegenerateOAuthAppSecret(rapp.Id)
+ CheckNoError(t, resp)
+
+ if rrapp.Id != rapp.Id {
+ t.Fatal("wrong app")
+ }
+
+ if rrapp.ClientSecret == rapp.ClientSecret {
+ t.Fatal("secret didn't change")
+ }
+
+ _, resp = AdminClient.RegenerateOAuthAppSecret(rapp2.Id)
+ CheckNoError(t, resp)
+
+ rapp, resp = AdminClient.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ oapp.Name = GenerateTestAppName()
+ rapp2, resp = Client.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ _, resp = Client.RegenerateOAuthAppSecret(rapp.Id)
+ CheckForbiddenStatus(t, resp)
+
+ _, resp = Client.RegenerateOAuthAppSecret(rapp2.Id)
+ CheckNoError(t, resp)
+
+ *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+ utils.SetDefaultRolesBasedOnConfig()
+ _, resp = Client.RegenerateOAuthAppSecret(rapp.Id)
+ CheckForbiddenStatus(t, resp)
+
+ Client.Logout()
+ _, resp = Client.RegenerateOAuthAppSecret(rapp.Id)
+ CheckUnauthorizedStatus(t, resp)
+
+ _, resp = AdminClient.RegenerateOAuthAppSecret("junk")
+ CheckBadRequestStatus(t, resp)
+
+ _, resp = AdminClient.RegenerateOAuthAppSecret(model.NewId())
+ CheckNotFoundStatus(t, resp)
+
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false
+ _, resp = AdminClient.RegenerateOAuthAppSecret(rapp.Id)
+ CheckNotImplementedStatus(t, resp)
+}
+
+func TestGetAuthorizedOAuthAppsForUser(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.Client
+ AdminClient := th.SystemAdminClient
+
+ enableOAuth := utils.Cfg.ServiceSettings.EnableOAuthServiceProvider
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth
+ }()
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+
+ oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+
+ rapp, resp := AdminClient.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ authRequest := &model.AuthorizeRequest{
+ ResponseType: model.AUTHCODE_RESPONSE_TYPE,
+ ClientId: rapp.Id,
+ RedirectUri: rapp.CallbackUrls[0],
+ Scope: "",
+ State: "123",
+ }
+
+ _, resp = Client.AuthorizeOAuthApp(authRequest)
+ CheckNoError(t, resp)
+
+ apps, resp := Client.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000)
+ CheckNoError(t, resp)
+
+ found := false
+ for _, a := range apps {
+ if a.Id == rapp.Id {
+ found = true
+ }
+
+ if a.ClientSecret != "" {
+ t.Fatal("not sanitized")
+ }
+ }
+
+ if !found {
+ t.Fatal("missing app")
+ }
+
+ _, resp = Client.GetAuthorizedOAuthAppsForUser(th.BasicUser2.Id, 0, 1000)
+ CheckForbiddenStatus(t, resp)
+
+ _, resp = Client.GetAuthorizedOAuthAppsForUser("junk", 0, 1000)
+ CheckBadRequestStatus(t, resp)
+
+ Client.Logout()
+ _, resp = Client.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000)
+ CheckUnauthorizedStatus(t, resp)
+
+ _, resp = AdminClient.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000)
+ CheckNoError(t, resp)
+}
+
+func TestAuthorizeOAuthApp(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.Client
+ AdminClient := th.SystemAdminClient
+
+ enableOAuth := utils.Cfg.ServiceSettings.EnableOAuthServiceProvider
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth
+ }()
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+ utils.SetDefaultRolesBasedOnConfig()
+
+ oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+
+ rapp, resp := AdminClient.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ authRequest := &model.AuthorizeRequest{
+ ResponseType: model.AUTHCODE_RESPONSE_TYPE,
+ ClientId: rapp.Id,
+ RedirectUri: rapp.CallbackUrls[0],
+ Scope: "",
+ State: "123",
+ }
+
+ ruri, resp := Client.AuthorizeOAuthApp(authRequest)
+ CheckNoError(t, resp)
+
+ if len(ruri) == 0 {
+ t.Fatal("redirect url should be set")
+ }
+
+ ru, _ := url.Parse(ruri)
+ if ru == nil {
+ t.Fatal("redirect url unparseable")
+ } else {
+ if len(ru.Query().Get("code")) == 0 {
+ t.Fatal("authorization code not returned")
+ }
+ if ru.Query().Get("state") != authRequest.State {
+ t.Fatal("returned state doesn't match")
+ }
+ }
+
+ authRequest.RedirectUri = ""
+ _, resp = Client.AuthorizeOAuthApp(authRequest)
+ CheckBadRequestStatus(t, resp)
+
+ authRequest.RedirectUri = "http://somewhereelse.com"
+ _, resp = Client.AuthorizeOAuthApp(authRequest)
+ CheckBadRequestStatus(t, resp)
+
+ authRequest.RedirectUri = rapp.CallbackUrls[0]
+ authRequest.ResponseType = ""
+ _, resp = Client.AuthorizeOAuthApp(authRequest)
+ CheckBadRequestStatus(t, resp)
+
+ authRequest.ResponseType = model.AUTHCODE_RESPONSE_TYPE
+ authRequest.ClientId = ""
+ _, resp = Client.AuthorizeOAuthApp(authRequest)
+ CheckBadRequestStatus(t, resp)
+
+ authRequest.ClientId = model.NewId()
+ _, resp = Client.AuthorizeOAuthApp(authRequest)
+ CheckNotFoundStatus(t, resp)
+}
+
+func TestDeauthorizeOAuthApp(t *testing.T) {
+ th := Setup().InitBasic().InitSystemAdmin()
+ defer TearDown()
+ Client := th.Client
+ AdminClient := th.SystemAdminClient
+
+ enableOAuth := utils.Cfg.ServiceSettings.EnableOAuthServiceProvider
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth
+ }()
+ utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+
+ oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
+
+ rapp, resp := AdminClient.CreateOAuthApp(oapp)
+ CheckNoError(t, resp)
+
+ authRequest := &model.AuthorizeRequest{
+ ResponseType: model.AUTHCODE_RESPONSE_TYPE,
+ ClientId: rapp.Id,
+ RedirectUri: rapp.CallbackUrls[0],
+ Scope: "",
+ State: "123",
+ }
+
+ _, resp = Client.AuthorizeOAuthApp(authRequest)
+ CheckNoError(t, resp)
+
+ pass, resp := Client.DeauthorizeOAuthApp(rapp.Id)
+ CheckNoError(t, resp)
+
+ if !pass {
+ t.Fatal("should have passed")
+ }
+
+ _, resp = Client.DeauthorizeOAuthApp("junk")
+ CheckBadRequestStatus(t, resp)
+
+ _, resp = Client.DeauthorizeOAuthApp(model.NewId())
+ CheckNoError(t, resp)
+
+ Client.Logout()
+ _, resp = Client.DeauthorizeOAuthApp(rapp.Id)
+ CheckUnauthorizedStatus(t, resp)
+}
diff --git a/api4/params.go b/api4/params.go
index fa5d96d88..a1c829f1c 100644
--- a/api4/params.go
+++ b/api4/params.go
@@ -26,12 +26,14 @@ type ApiParams struct {
HookId string
ReportId string
EmojiId string
+ AppId string
Email string
Username string
TeamName string
ChannelName string
PreferenceName string
Category string
+ Service string
Page int
PerPage int
}
@@ -77,6 +79,10 @@ func ApiParamsFromRequest(r *http.Request) *ApiParams {
params.EmojiId = val
}
+ if val, ok := props["app_id"]; ok {
+ params.AppId = val
+ }
+
if val, ok := props["email"]; ok {
params.Email = val
}
@@ -97,6 +103,10 @@ func ApiParamsFromRequest(r *http.Request) *ApiParams {
params.Category = val
}
+ if val, ok := props["service"]; ok {
+ params.Category = val
+ }
+
if val, ok := props["preference_name"]; ok {
params.PreferenceName = val
}
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-08-17 15:16:39 +0000