From 59606791a7b18b0a80626d5ec7f05b90b51c779d Mon Sep 17 00:00:00 2001 From: Christopher Speller Date: Thu, 29 Mar 2018 14:20:36 -0700 Subject: MM-9999 Fix unwanted team invite_id in email invites. (#8550) * Fix unwanted team invite_id in email invites. * Removing unused translation. --- api4/team_test.go | 1 - app/email.go | 1 - app/team.go | 5 ----- app/team_test.go | 67 ------------------------------------------------------- i18n/en.json | 4 ---- 5 files changed, 78 deletions(-) diff --git a/api4/team_test.go b/api4/team_test.go index 31eeb7fd8..991dee148 100644 --- a/api4/team_test.go +++ b/api4/team_test.go @@ -1367,7 +1367,6 @@ func TestAddTeamMember(t *testing.T) { dataObject := make(map[string]string) dataObject["time"] = fmt.Sprintf("%v", model.GetMillis()) dataObject["id"] = team.Id - dataObject["invite_id"] = team.InviteId data := model.MapToJson(dataObject) hashed := utils.HashSha256(fmt.Sprintf("%v:%v", data, th.App.Config().EmailSettings.InviteSalt)) diff --git a/app/email.go b/app/email.go index 8ee3e79e2..7676dfe13 100644 --- a/app/email.go +++ b/app/email.go @@ -276,7 +276,6 @@ func (a *App) SendInviteEmails(team *model.Team, senderName string, invites []st props["display_name"] = team.DisplayName props["name"] = team.Name props["time"] = fmt.Sprintf("%v", model.GetMillis()) - props["invite_id"] = team.InviteId data := model.MapToJson(props) hash := utils.HashSha256(fmt.Sprintf("%v:%v", data, a.Config().EmailSettings.InviteSalt)) bodyPage.Props["Link"] = fmt.Sprintf("%s/signup_user_complete/?d=%s&h=%s", siteURL, url.QueryEscape(data), url.QueryEscape(hash)) diff --git a/app/team.go b/app/team.go index a7b32af33..de71ed796 100644 --- a/app/team.go +++ b/app/team.go @@ -238,11 +238,6 @@ func (a *App) AddUserToTeamByHash(userId string, hash string, data string) (*mod team = result.Data.(*model.Team) } - // verify that the team's invite id hasn't been changed since the invite was sent - if team.InviteId != props["invite_id"] { - return nil, model.NewAppError("JoinUserToTeamByHash", "api.user.create_user.signup_link_mismatched_invite_id.app_error", nil, "", http.StatusBadRequest) - } - var user *model.User if result := <-uchan; result.Err != nil { return nil, result.Err diff --git a/app/team_test.go b/app/team_test.go index cdfec12da..95f4b83d6 100644 --- a/app/team_test.go +++ b/app/team_test.go @@ -7,15 +7,7 @@ import ( "strings" "testing" - "fmt" - - "sync/atomic" - "github.com/mattermost/mattermost-server/model" - "github.com/mattermost/mattermost-server/store" - "github.com/mattermost/mattermost-server/store/storetest" - "github.com/mattermost/mattermost-server/utils" - "github.com/stretchr/testify/assert" ) func TestCreateTeam(t *testing.T) { @@ -402,65 +394,6 @@ func TestSanitizeTeams(t *testing.T) { }) } -func TestAddUserToTeamByHashMismatchedInviteId(t *testing.T) { - mockStore := &storetest.Store{} - defer mockStore.AssertExpectations(t) - - teamId := model.NewId() - userId := model.NewId() - inviteSalt := model.NewId() - - inviteId := model.NewId() - teamInviteId := model.NewId() - - // generate a fake email invite - stolen from SendInviteEmails() in email.go - props := make(map[string]string) - props["email"] = model.NewId() + "@mattermost.com" - props["id"] = teamId - props["display_name"] = model.NewId() - props["name"] = model.NewId() - props["time"] = fmt.Sprintf("%v", model.GetMillis()) - props["invite_id"] = inviteId - data := model.MapToJson(props) - hash := utils.HashSha256(fmt.Sprintf("%v:%v", data, inviteSalt)) - - // when the server tries to validate the invite, it will pull the user from our mock store - // this can return nil, because we'll fail before we get to trying to use it - mockStore.UserStore.On("Get", userId).Return( - storetest.NewStoreChannel(store.StoreResult{ - Data: nil, - Err: nil, - }), - ) - - // the server will also pull the team. the one we return has a different invite id than the one in the email invite we made above - mockStore.TeamStore.On("Get", teamId).Return( - storetest.NewStoreChannel(store.StoreResult{ - Data: &model.Team{ - InviteId: teamInviteId, - }, - Err: nil, - }), - ) - - app := App{ - Srv: &Server{ - Store: mockStore, - }, - config: atomic.Value{}, - } - app.config.Store(&model.Config{ - EmailSettings: model.EmailSettings{ - InviteSalt: inviteSalt, - }, - }) - - // this should fail because the invite ids are mismatched - team, err := app.AddUserToTeamByHash(userId, hash, data) - assert.Nil(t, team) - assert.Equal(t, "api.user.create_user.signup_link_mismatched_invite_id.app_error", err.Id) -} - func TestJoinUserToTeam(t *testing.T) { th := Setup().InitBasic() defer th.TearDown() diff --git a/i18n/en.json b/i18n/en.json index 0c294e72d..abf8f35f5 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -2838,10 +2838,6 @@ "id": "api.user.create_user.signup_link_invalid.app_error", "translation": "The signup link does not appear to be valid" }, - { - "id": "api.user.create_user.signup_link_mismatched_invite_id.app_error", - "translation": "The signup link does not appear to be valid" - }, { "id": "api.user.create_user.team_name.app_error", "translation": "Invalid team name" -- cgit v1.2.3-1-g7c22