From 76fa840b52ea79f05e5e681abca92b279de78182 Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Tue, 28 Feb 2017 04:31:53 -0500 Subject: Move webhook logic from api layer to app layer (#5527) * Move webhook logic from api layer to app layer * Consolidate error messages * Fix permission check and unit test --- api/webhook.go | 463 ++++++++----------------------------- api/webhook_test.go | 27 ++- app/webhook.go | 303 +++++++++++++++++++++++- i18n/en.json | 48 +--- webapp/tests/client_hooks.test.jsx | 18 +- 5 files changed, 426 insertions(+), 433 deletions(-) diff --git a/api/webhook.go b/api/webhook.go index c1e1ce974..12751943e 100644 --- a/api/webhook.go +++ b/api/webhook.go @@ -7,13 +7,11 @@ import ( "io" "net/http" "strings" - "unicode/utf8" l4g "github.com/alecthomas/log4go" "github.com/gorilla/mux" "github.com/mattermost/platform/app" "github.com/mattermost/platform/model" - "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" ) @@ -74,17 +72,6 @@ func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { } func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { - if err := checkIncomingWebHooks("updateIncomingHook", "api.webhook.update_incoming.disabled.app_error"); err != nil { - c.Err = err - return - } - - if err := checkManageWebhooksPermission(c, "updateIncomingHook", "api.command.admin_only.app_error"); err != nil { - c.Err = err - return - } - - c.LogAudit("attempt") hook := model.IncomingWebhookFromJson(r.Body) @@ -93,97 +80,86 @@ func updateIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - var oldHook *model.IncomingWebhook - var result store.StoreResult + c.LogAudit("attempt") - if result = <-app.Srv.Store.Webhook().GetIncoming(hook.Id, true); result.Err != nil { - c.LogAudit("no existing incoming hook found") - c.Err = result.Err + oldHook, err := app.GetIncomingWebhook(hook.Id) + if err != nil { + c.Err = err return } - oldHook = result.Data.(*model.IncomingWebhook) - cchan := app.Srv.Store.Channel().Get(hook.ChannelId, true) - - var channel *model.Channel - if result = <-cchan; result.Err != nil { - c.Err = result.Err + if c.TeamId != oldHook.TeamId { + c.Err = model.NewAppError("updateIncomingHook", "api.webhook.team_mismatch.app_error", nil, "user_id="+c.Session.UserId, http.StatusBadRequest) return } - channel = result.Data.(*model.Channel) - if channel.Type != model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { - c.LogAudit("fail - bad channel permissions") - c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + if !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } - if c.Session.UserId != oldHook.UserId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + if c.Session.UserId != hook.UserId && !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { c.LogAudit("fail - inappropriate permissions") - c.Err = model.NewLocAppError("updateIncomingHook", "api.webhook.update_incoming.permissions.app_error", nil, "user_id="+c.Session.UserId) + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) return } - if c.TeamId != oldHook.TeamId { - c.Err = model.NewLocAppError("UpdateIncomingHook", "api.webhook.team_mismatch.app_error", nil, "user_id="+c.Session.UserId) + channel, err := app.GetChannel(hook.ChannelId) + if err != nil { + c.Err = err return } - hook.UserId = oldHook.UserId - hook.CreateAt = oldHook.CreateAt - hook.UpdateAt = model.GetMillis() - hook.TeamId = oldHook.TeamId - hook.DeleteAt = oldHook.DeleteAt + if channel.Type != model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { + c.LogAudit("fail - bad channel permissions") + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } - if result = <-app.Srv.Store.Webhook().UpdateIncoming(hook); result.Err != nil { - c.Err = result.Err + rhook, err := app.UpdateIncomingWebhook(oldHook, hook) + if err != nil { + c.Err = err return } c.LogAudit("success") - rhook := result.Data.(*model.IncomingWebhook) w.Write([]byte(rhook.ToJson())) } func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { - if err := checkIncomingWebHooks("deleteIncomingHook", "api.webhook.delete_incoming.disabled.app_error"); err != nil { - c.Err = err + props := model.MapFromJson(r.Body) + + id := props["id"] + if len(id) == 0 { + c.SetInvalidParam("deleteIncomingHook", "id") return } - if err := checkManageWebhooksPermission(c, "deleteIncomingHook", "api.command.admin_only.app_error"); err != nil { + hook, err := app.GetIncomingWebhook(id) + if err != nil { c.Err = err return } - c.LogAudit("attempt") - - props := model.MapFromJson(r.Body) - - id := props["id"] - if len(id) == 0 { - c.SetInvalidParam("deleteIncomingHook", "id") + if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } - if result := <-app.Srv.Store.Webhook().GetIncoming(id, true); result.Err != nil { - c.Err = result.Err + c.LogAudit("attempt") + + if c.Session.UserId != hook.UserId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) return - } else { - if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { - c.LogAudit("fail - inappropriate permissions") - c.Err = model.NewLocAppError("deleteIncomingHook", "api.webhook.delete_incoming.permissions.app_error", nil, "user_id="+c.Session.UserId) - return - } } - if err := (<-app.Srv.Store.Webhook().DeleteIncoming(id, model.GetMillis())).Err; err != nil { + if err := app.DeleteIncomingWebhook(id); err != nil { + c.LogAudit("fail") c.Err = err return } - app.InvalidateCacheForWebhook(id) - c.LogAudit("success") w.Write([]byte(model.MapToJson(props))) } @@ -202,150 +178,48 @@ func getIncomingHooks(c *Context, w http.ResponseWriter, r *http.Request) { } } -func checkOutgoingWebHooks(where string, id string) *model.AppError { - if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { - err := model.NewLocAppError(where, id, nil, "") - err.StatusCode = http.StatusNotImplemented - return err - } - - return nil -} - -func checkIncomingWebHooks(where string, id string) *model.AppError { - if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { - err := model.NewLocAppError(where, id, nil, "") - err.StatusCode = http.StatusNotImplemented - return err - } - - return nil -} - -func checkManageWebhooksPermission(c *Context, where string, id string) *model.AppError { - if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { - err := model.NewLocAppError(where, id, nil, "") - err.StatusCode = http.StatusForbidden - return err - } - - return nil -} - -func checkValidOutgoingHook(hook *model.OutgoingWebhook, c *Context, where string, id string) *model.AppError { - if len(hook.ChannelId) != 0 { - cchan := app.Srv.Store.Channel().Get(hook.ChannelId, true) - - var channel *model.Channel - var result store.StoreResult - if result = <-cchan; result.Err != nil { - return result.Err - } - - channel = result.Data.(*model.Channel) - - if channel.Type != model.CHANNEL_OPEN { - c.LogAudit("fail - not open channel") - return model.NewLocAppError(where, "api.webhook."+id+".not_open.app_error", nil, "") - } - - if channel.TeamId != c.TeamId { - c.LogAudit("fail - cannot update command to a different team") - return model.NewLocAppError(where, "api.webhook."+id+".permissions.app_error", nil, "") - } - } else if len(hook.TriggerWords) == 0 { - return model.NewLocAppError(where, "api.webhook."+id+".triggers.app_error", nil, "") - } - - return nil -} - func createOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { - if err := checkOutgoingWebHooks("createOutgoingHook", "api.webhook.create_outgoing.disabled.app_error"); err != nil { - c.Err = err - return - } - - if err := checkManageWebhooksPermission(c, "createOutgoingHook", "api.command.admin_only.app_error"); err != nil { - c.Err = err - return - } - - c.LogAudit("attempt") - hook := model.OutgoingWebhookFromJson(r.Body) - if hook == nil { c.SetInvalidParam("createOutgoingHook", "webhook") return } - hook.CreatorId = c.Session.UserId + c.LogAudit("attempt") + hook.TeamId = c.TeamId + hook.CreatorId = c.Session.UserId - if err := checkValidOutgoingHook(hook, c, "createOutgoingHook", "create_outgoing"); err != nil { - c.Err = err + if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } - if result := <-app.Srv.Store.Webhook().GetOutgoingByTeam(c.TeamId); result.Err != nil { - c.Err = result.Err - return - } else { - allHooks := result.Data.([]*model.OutgoingWebhook) - - for _, existingOutHook := range allHooks { - urlIntersect := utils.StringArrayIntersection(existingOutHook.CallbackURLs, hook.CallbackURLs) - triggerIntersect := utils.StringArrayIntersection(existingOutHook.TriggerWords, hook.TriggerWords) - - if existingOutHook.ChannelId == hook.ChannelId && len(urlIntersect) != 0 && len(triggerIntersect) != 0 { - c.Err = model.NewLocAppError("createOutgoingHook", "api.webhook.create_outgoing.intersect.app_error", nil, "") - return - } - } - } - - if result := <-app.Srv.Store.Webhook().SaveOutgoing(hook); result.Err != nil { - c.Err = result.Err + if rhook, err := app.CreateOutgoingWebhook(hook); err != nil { + c.LogAudit("fail") + c.Err = err return } else { c.LogAudit("success") - rhook := result.Data.(*model.OutgoingWebhook) w.Write([]byte(rhook.ToJson())) } } func getOutgoingHooks(c *Context, w http.ResponseWriter, r *http.Request) { - if err := checkOutgoingWebHooks("getOutgoingHooks", "api.webhook.get_outgoing.disabled.app_error"); err != nil { - c.Err = err + if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } - if err := checkManageWebhooksPermission(c, "getOutgoingHooks", "api.command.admin_only.app_error"); err != nil { + if hooks, err := app.GetOutgoingWebhooksForTeamPage(c.TeamId, 0, 100); err != nil { c.Err = err return - } - - if result := <-app.Srv.Store.Webhook().GetOutgoingByTeam(c.TeamId); result.Err != nil { - c.Err = result.Err - return } else { - hooks := result.Data.([]*model.OutgoingWebhook) w.Write([]byte(model.OutgoingWebhookListToJson(hooks))) } } func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { - if err := checkOutgoingWebHooks("updateOutgoingHook", "api.webhook.update_outgoing.disabled.app_error"); err != nil { - c.Err = err - return - } - - if err := checkManageWebhooksPermission(c, "updateOutgoingHook", "api.command.admin_only.app_error"); err != nil { - c.Err = err - return - } - c.LogAudit("attempt") hook := model.OutgoingWebhookFromJson(r.Body) @@ -355,90 +229,69 @@ func updateOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { return } - if err := checkValidOutgoingHook(hook, c, "updateOutgoingHook", "update_outgoing"); err != nil { + oldHook, err := app.GetOutgoingWebhook(hook.Id) + if err != nil { c.Err = err return } - var result store.StoreResult - if result = <-app.Srv.Store.Webhook().GetOutgoingByTeam(c.TeamId); result.Err != nil { - c.Err = result.Err + if c.TeamId != oldHook.TeamId { + c.Err = model.NewAppError("updateOutgoingHook", "api.webhook.team_mismatch.app_error", nil, "user_id="+c.Session.UserId, http.StatusForbidden) return } - allHooks := result.Data.([]*model.OutgoingWebhook) - - for _, existingOutHook := range allHooks { - urlIntersect := utils.StringArrayIntersection(existingOutHook.CallbackURLs, hook.CallbackURLs) - triggerIntersect := utils.StringArrayIntersection(existingOutHook.TriggerWords, hook.TriggerWords) - - if existingOutHook.ChannelId == hook.ChannelId && len(urlIntersect) != 0 && len(triggerIntersect) != 0 && existingOutHook.Id != hook.Id { - c.Err = model.NewLocAppError("updateOutgoingHook", "api.webhook.update_outgoing.intersect.app_error", nil, "") - return - } - } - - if result = <-app.Srv.Store.Webhook().GetOutgoing(hook.Id); result.Err != nil { - c.LogAudit("fail - no existing outgoing webhook found") - c.Err = result.Err + if !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return } - oldHook := result.Data.(*model.OutgoingWebhook) - if c.TeamId != oldHook.TeamId { - c.Err = model.NewLocAppError("UpdateOutgoingHook", "api.webhook.team_mismatch.app_error", nil, "user_id="+c.Session.UserId) + if c.Session.UserId != oldHook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, oldHook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) return } - hook.CreatorId = oldHook.CreatorId - hook.CreateAt = oldHook.CreateAt - hook.DeleteAt = oldHook.DeleteAt - hook.TeamId = oldHook.TeamId - hook.UpdateAt = model.GetMillis() - - if result = <-app.Srv.Store.Webhook().UpdateOutgoing(hook); result.Err != nil { - c.Err = result.Err + rhook, err := app.UpdateOutgoingWebhook(oldHook, hook) + if err != nil { + c.Err = err return } c.LogAudit("success") - rhook := result.Data.(*model.OutgoingWebhook) w.Write([]byte(rhook.ToJson())) } func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { - if err := checkOutgoingWebHooks("deleteOutgoingHook", "api.webhook.delete_outgoing.disabled.app_error"); err != nil { - c.Err = err - return - } + props := model.MapFromJson(r.Body) - if err := checkManageWebhooksPermission(c, "deleteOutgoingHook", "api.command.admin_only.app_error"); err != nil { - c.Err = err + id := props["id"] + if len(id) == 0 { + c.SetInvalidParam("deleteIncomingHook", "id") return } c.LogAudit("attempt") - props := model.MapFromJson(r.Body) + if !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) + return + } - id := props["id"] - if len(id) == 0 { - c.SetInvalidParam("deleteIncomingHook", "id") + hook, err := app.GetOutgoingWebhook(id) + if err != nil { + c.Err = err return } - if result := <-app.Srv.Store.Webhook().GetOutgoing(id); result.Err != nil { - c.Err = result.Err + if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) return - } else { - if c.Session.UserId != result.Data.(*model.OutgoingWebhook).CreatorId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { - c.LogAudit("fail - inappropriate permissions") - c.Err = model.NewLocAppError("deleteOutgoingHook", "api.webhook.delete_outgoing.permissions.app_error", nil, "user_id="+c.Session.UserId) - return - } } - if err := (<-app.Srv.Store.Webhook().DeleteOutgoing(id, model.GetMillis())).Err; err != nil { + if err := app.DeleteOutgoingWebhook(id); err != nil { + c.LogAudit("fail") c.Err = err return } @@ -448,61 +301,50 @@ func deleteOutgoingHook(c *Context, w http.ResponseWriter, r *http.Request) { } func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request) { - if err := checkOutgoingWebHooks("regenOutgoingHookToken", "api.webhook.regen_outgoing_token.disabled.app_error"); err != nil { - c.Err = err + props := model.MapFromJson(r.Body) + + id := props["id"] + if len(id) == 0 { + c.SetInvalidParam("regenOutgoingHookToken", "id") return } - if err := checkManageWebhooksPermission(c, "regenOutgoingHookToken", "api.command.admin_only.app_error"); err != nil { + hook, err := app.GetOutgoingWebhook(id) + if err != nil { c.Err = err return } c.LogAudit("attempt") - props := model.MapFromJson(r.Body) - - id := props["id"] - if len(id) == 0 { - c.SetInvalidParam("regenOutgoingHookToken", "id") + if c.TeamId != hook.TeamId { + c.Err = model.NewAppError("regenOutgoingHookToken", "api.webhook.team_mismatch.app_error", nil, "user_id="+c.Session.UserId, http.StatusForbidden) return } - var hook *model.OutgoingWebhook - if result := <-app.Srv.Store.Webhook().GetOutgoing(id); result.Err != nil { - c.Err = result.Err + if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) return - } else { - hook = result.Data.(*model.OutgoingWebhook) - - if c.TeamId != hook.TeamId && c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { - c.LogAudit("fail - inappropriate permissions") - c.Err = model.NewLocAppError("regenOutgoingHookToken", "api.webhook.regen_outgoing_token.permissions.app_error", nil, "user_id="+c.Session.UserId) - return - } } - hook.Token = model.NewId() - - if result := <-app.Srv.Store.Webhook().UpdateOutgoing(hook); result.Err != nil { - c.Err = result.Err + if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, c.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) return - } else { - w.Write([]byte(result.Data.(*model.OutgoingWebhook).ToJson())) } -} -func incomingWebhook(c *Context, w http.ResponseWriter, r *http.Request) { - if err := checkIncomingWebHooks("incomingWebhook", "web.incoming_webhook.disabled.app_error"); err != nil { + if rhook, err := app.RegenOutgoingWebhookToken(hook); err != nil { c.Err = err return + } else { + w.Write([]byte(rhook.ToJson())) } +} +func incomingWebhook(c *Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) id := params["id"] - hchan := app.Srv.Store.Webhook().GetIncoming(id, true) - r.ParseForm() var payload io.Reader @@ -532,117 +374,8 @@ func incomingWebhook(c *Context, w http.ResponseWriter, r *http.Request) { parsedRequest := model.IncomingWebhookRequestFromJson(payload) - if parsedRequest == nil { - c.Err = model.NewLocAppError("incomingWebhook", "web.incoming_webhook.parse.app_error", nil, "") - return - } - - text := parsedRequest.Text - if len(text) == 0 && parsedRequest.Attachments == nil { - c.Err = model.NewLocAppError("incomingWebhook", "web.incoming_webhook.text.app_error", nil, "") - c.Err.StatusCode = http.StatusBadRequest - return - } - - textSize := utf8.RuneCountInString(text) - if textSize > model.POST_MESSAGE_MAX_RUNES { - c.Err = model.NewLocAppError("incomingWebhook", "web.incoming_webhook.text.length.app_error", map[string]interface{}{"Max": model.POST_MESSAGE_MAX_RUNES, "Actual": textSize}, "") - c.Err.StatusCode = http.StatusBadRequest - return - } - - channelName := parsedRequest.ChannelName - webhookType := parsedRequest.Type - - // attachments is in here for slack compatibility - if parsedRequest.Attachments != nil { - if len(parsedRequest.Props) == 0 { - parsedRequest.Props = make(model.StringInterface) - } - parsedRequest.Props["attachments"] = parsedRequest.Attachments - - attachmentSize := utf8.RuneCountInString(model.StringInterfaceToJson(parsedRequest.Props)) - // Minus 100 to leave room for setting post type in the Props - if attachmentSize > model.POST_PROPS_MAX_RUNES-100 { - c.Err = model.NewLocAppError("incomingWebhook", "web.incoming_webhook.attachment.app_error", map[string]interface{}{"Max": model.POST_PROPS_MAX_RUNES - 100, "Actual": attachmentSize}, "") - c.Err.StatusCode = http.StatusBadRequest - return - } - - webhookType = model.POST_SLACK_ATTACHMENT - } - - var hook *model.IncomingWebhook - if result := <-hchan; result.Err != nil { - c.Err = model.NewLocAppError("incomingWebhook", "web.incoming_webhook.invalid.app_error", nil, "err="+result.Err.Message) - return - } else { - hook = result.Data.(*model.IncomingWebhook) - } - - var channel *model.Channel - var cchan store.StoreChannel - var directUserId string - - if len(channelName) != 0 { - if channelName[0] == '@' { - if result := <-app.Srv.Store.User().GetByUsername(channelName[1:]); result.Err != nil { - c.Err = model.NewLocAppError("incomingWebhook", "web.incoming_webhook.user.app_error", nil, "err="+result.Err.Message) - return - } else { - directUserId = result.Data.(*model.User).Id - channelName = model.GetDMNameFromIds(directUserId, hook.UserId) - } - } else if channelName[0] == '#' { - channelName = channelName[1:] - } - - cchan = app.Srv.Store.Channel().GetByName(hook.TeamId, channelName, true) - } else { - cchan = app.Srv.Store.Channel().Get(hook.ChannelId, true) - } - - overrideUsername := parsedRequest.Username - overrideIconUrl := parsedRequest.IconURL - - result := <-cchan - if result.Err != nil && result.Err.Id == store.MISSING_CHANNEL_ERROR && directUserId != "" { - newChanResult := <-app.Srv.Store.Channel().CreateDirectChannel(directUserId, hook.UserId) - if newChanResult.Err != nil { - c.Err = model.NewLocAppError("incomingWebhook", "web.incoming_webhook.channel.app_error", nil, "err="+newChanResult.Err.Message) - return - } else { - channel = newChanResult.Data.(*model.Channel) - app.InvalidateCacheForUser(directUserId) - app.InvalidateCacheForUser(hook.UserId) - } - } else if result.Err != nil { - c.Err = model.NewLocAppError("incomingWebhook", "web.incoming_webhook.channel.app_error", nil, "err="+result.Err.Message) - return - } else { - channel = result.Data.(*model.Channel) - } - - // create a mock session - c.Session = model.Session{ - UserId: hook.UserId, - TeamMembers: []*model.TeamMember{{ - TeamId: hook.TeamId, - UserId: hook.UserId, - Roles: model.ROLE_CHANNEL_USER.Id, - }}, - IsOAuth: false, - } - - c.TeamId = hook.TeamId - - if channel.Type != model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { - c.Err = model.NewLocAppError("incomingWebhook", "web.incoming_webhook.permissions.app_error", nil, "") - return - } - c.Err = nil - - if _, err := app.CreateWebhookPost(hook.UserId, hook.TeamId, channel.Id, text, overrideUsername, overrideIconUrl, parsedRequest.Props, webhookType); err != nil { + err := app.HandleIncomingWebhook(id, parsedRequest) + if err != nil { c.Err = err return } diff --git a/api/webhook_test.go b/api/webhook_test.go index dc708cf76..8a170bd9a 100644 --- a/api/webhook_test.go +++ b/api/webhook_test.go @@ -716,19 +716,17 @@ func TestUpdateOutgoingHook(t *testing.T) { Client.Logout() Client.Must(Client.LoginById(user2.Id, user2.Password)) Client.SetTeamId(team.Id) - t.Run("UpdateByUserWithoutPermissions", func(t *testing.T) { - if _, err := Client.UpdateOutgoingWebhook(hook); err == nil { - t.Fatal("should have failed - user does not have permissions to manage webhooks") - } + if _, err := Client.UpdateOutgoingWebhook(hook); err == nil { + t.Fatal("should have failed - user does not have permissions to manage webhooks") + } - *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false - utils.SetDefaultRolesBasedOnConfig() - t.Run("WithoutOnlyAdminIntegrations", func(t *testing.T) { - if _, err := Client.UpdateOutgoingWebhook(hook); err != nil { - t.Fatal("update webhook failed when admin only integrations is turned off") - } - }) - }) + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false + utils.SetDefaultRolesBasedOnConfig() + hook2 := createOutgoingWebhook(channel1.Id, []string{"http://nowhereelse.com"}, []string{"dogs"}, Client, t) + + if _, err := Client.UpdateOutgoingWebhook(hook2); err != nil { + t.Fatal("update webhook failed when admin only integrations is turned off") + } *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true utils.SetDefaultRolesBasedOnConfig() @@ -919,6 +917,11 @@ func TestRegenOutgoingHookToken(t *testing.T) { } } + Client.SetTeamId(model.NewId()) + if _, err := Client.RegenOutgoingWebhookToken(hook.Id); err == nil { + t.Fatal("should have failed - wrong team id") + } + Client.Logout() Client.Must(Client.LoginById(user2.Id, user2.Password)) Client.SetTeamId(team.Id) diff --git a/app/webhook.go b/app/webhook.go index c9485c807..6f1cec4a8 100644 --- a/app/webhook.go +++ b/app/webhook.go @@ -10,10 +10,12 @@ import ( "net/http" "regexp" "strings" + "unicode/utf8" l4g "github.com/alecthomas/log4go" "github.com/mattermost/platform/einterfaces" "github.com/mattermost/platform/model" + "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" ) @@ -193,12 +195,12 @@ func CreateWebhookPost(userId, teamId, channelId, text, overrideUsername, overri return post, nil } -func CreateIncomingWebhookForChannel(userId string, channel *model.Channel, hook *model.IncomingWebhook) (*model.IncomingWebhook, *model.AppError) { +func CreateIncomingWebhookForChannel(creatorId string, channel *model.Channel, hook *model.IncomingWebhook) (*model.IncomingWebhook, *model.AppError) { if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { - return nil, model.NewAppError("CreateIncomingWebhookForChannel", "api.webhook.create_incoming.disabled.app_error", nil, "", http.StatusNotImplemented) + return nil, model.NewAppError("CreateIncomingWebhookForChannel", "api.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) } - hook.UserId = userId + hook.UserId = creatorId hook.TeamId = channel.TeamId if result := <-Srv.Store.Webhook().SaveIncoming(hook); result.Err != nil { @@ -208,9 +210,53 @@ func CreateIncomingWebhookForChannel(userId string, channel *model.Channel, hook } } +func UpdateIncomingWebhook(oldHook, updatedHook *model.IncomingWebhook) (*model.IncomingWebhook, *model.AppError) { + if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { + return nil, model.NewAppError("UpdateIncomingWebhook", "api.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) + } + + updatedHook.UserId = oldHook.UserId + updatedHook.CreateAt = oldHook.CreateAt + updatedHook.UpdateAt = model.GetMillis() + updatedHook.TeamId = oldHook.TeamId + updatedHook.DeleteAt = oldHook.DeleteAt + + if result := <-Srv.Store.Webhook().UpdateIncoming(updatedHook); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.IncomingWebhook), nil + } +} + +func DeleteIncomingWebhook(hookId string) *model.AppError { + if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { + return model.NewAppError("DeleteIncomingWebhook", "api.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) + } + + if result := <-Srv.Store.Webhook().DeleteIncoming(hookId, model.GetMillis()); result.Err != nil { + return result.Err + } + + InvalidateCacheForWebhook(hookId) + + return nil +} + +func GetIncomingWebhook(hookId string) (*model.IncomingWebhook, *model.AppError) { + if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { + return nil, model.NewAppError("GetIncomingWebhook", "api.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) + } + + if result := <-Srv.Store.Webhook().GetIncoming(hookId, true); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.IncomingWebhook), nil + } +} + func GetIncomingWebhooksForTeamPage(teamId string, page, perPage int) ([]*model.IncomingWebhook, *model.AppError) { if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { - return nil, model.NewAppError("GetIncomingWebhooksForTeamPage", "api.webhook.get_incoming.disabled.app_error", nil, "", http.StatusNotImplemented) + return nil, model.NewAppError("GetIncomingWebhooksForTeamPage", "api.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) } if result := <-Srv.Store.Webhook().GetIncomingByTeam(teamId, page*perPage, perPage); result.Err != nil { @@ -222,7 +268,7 @@ func GetIncomingWebhooksForTeamPage(teamId string, page, perPage int) ([]*model. func GetIncomingWebhooksPage(page, perPage int) ([]*model.IncomingWebhook, *model.AppError) { if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { - return nil, model.NewAppError("GetIncomingWebhooksPage", "api.webhook.get_incoming.disabled.app_error", nil, "", http.StatusNotImplemented) + return nil, model.NewAppError("GetIncomingWebhooksPage", "api.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) } if result := <-Srv.Store.Webhook().GetIncomingList(page*perPage, perPage); result.Err != nil { @@ -231,3 +277,250 @@ func GetIncomingWebhooksPage(page, perPage int) ([]*model.IncomingWebhook, *mode return result.Data.([]*model.IncomingWebhook), nil } } + +func CreateOutgoingWebhook(hook *model.OutgoingWebhook) (*model.OutgoingWebhook, *model.AppError) { + if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { + return nil, model.NewAppError("CreateOutgoingWebhook", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) + } + + if len(hook.ChannelId) != 0 { + cchan := Srv.Store.Channel().Get(hook.ChannelId, true) + + var channel *model.Channel + if result := <-cchan; result.Err != nil { + return nil, result.Err + } else { + channel = result.Data.(*model.Channel) + } + + if channel.Type != model.CHANNEL_OPEN { + return nil, model.NewAppError("CreateOutgoingWebhook", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusForbidden) + } + + if channel.Type != model.CHANNEL_OPEN || channel.TeamId != hook.TeamId { + return nil, model.NewAppError("CreateOutgoingWebhook", "api.webhook.create_outgoing.permissions.app_error", nil, "", http.StatusForbidden) + } + } else if len(hook.TriggerWords) == 0 { + return nil, model.NewAppError("CreateOutgoingWebhook", "api.webhook.create_outgoing.triggers.app_error", nil, "", http.StatusBadRequest) + } + + if result := <-Srv.Store.Webhook().GetOutgoingByTeam(hook.TeamId); result.Err != nil { + return nil, result.Err + } else { + allHooks := result.Data.([]*model.OutgoingWebhook) + + for _, existingOutHook := range allHooks { + urlIntersect := utils.StringArrayIntersection(existingOutHook.CallbackURLs, hook.CallbackURLs) + triggerIntersect := utils.StringArrayIntersection(existingOutHook.TriggerWords, hook.TriggerWords) + + if existingOutHook.ChannelId == hook.ChannelId && len(urlIntersect) != 0 && len(triggerIntersect) != 0 { + return nil, model.NewLocAppError("CreateOutgoingWebhook", "api.webhook.create_outgoing.intersect.app_error", nil, "") + } + } + } + + if result := <-Srv.Store.Webhook().SaveOutgoing(hook); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.OutgoingWebhook), nil + } +} + +func UpdateOutgoingWebhook(oldHook, updatedHook *model.OutgoingWebhook) (*model.OutgoingWebhook, *model.AppError) { + if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { + return nil, model.NewAppError("UpdateOutgoingWebhook", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) + } + + if len(updatedHook.ChannelId) > 0 { + channel, err := GetChannel(updatedHook.ChannelId) + if err != nil { + return nil, err + } + + if channel.Type != model.CHANNEL_OPEN { + return nil, model.NewAppError("UpdateOutgoingWebhook", "api.webhook.create_outgoing.not_open.app_error", nil, "", http.StatusForbidden) + } + + if channel.TeamId != oldHook.TeamId { + return nil, model.NewAppError("UpdateOutgoingWebhook", "api.webhook.create_outgoing.permissions.app_error", nil, "", http.StatusForbidden) + } + } else if len(updatedHook.TriggerWords) == 0 { + return nil, model.NewLocAppError("UpdateOutgoingWebhook", "api.webhook.create_outgoing.triggers.app_error", nil, "") + } + + var result store.StoreResult + if result = <-Srv.Store.Webhook().GetOutgoingByTeam(oldHook.TeamId); result.Err != nil { + return nil, result.Err + } + + allHooks := result.Data.([]*model.OutgoingWebhook) + + for _, existingOutHook := range allHooks { + urlIntersect := utils.StringArrayIntersection(existingOutHook.CallbackURLs, updatedHook.CallbackURLs) + triggerIntersect := utils.StringArrayIntersection(existingOutHook.TriggerWords, updatedHook.TriggerWords) + + if existingOutHook.ChannelId == updatedHook.ChannelId && len(urlIntersect) != 0 && len(triggerIntersect) != 0 && existingOutHook.Id != updatedHook.Id { + return nil, model.NewAppError("UpdateOutgoingWebhook", "api.webhook.update_outgoing.intersect.app_error", nil, "", http.StatusBadRequest) + } + } + + updatedHook.CreatorId = oldHook.CreatorId + updatedHook.CreateAt = oldHook.CreateAt + updatedHook.DeleteAt = oldHook.DeleteAt + updatedHook.TeamId = oldHook.TeamId + updatedHook.UpdateAt = model.GetMillis() + + if result = <-Srv.Store.Webhook().UpdateOutgoing(updatedHook); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.OutgoingWebhook), nil + } +} + +func GetOutgoingWebhook(hookId string) (*model.OutgoingWebhook, *model.AppError) { + if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { + return nil, model.NewAppError("GetOutgoingWebhook", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) + } + + if result := <-Srv.Store.Webhook().GetOutgoing(hookId); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.OutgoingWebhook), nil + } +} + +func GetOutgoingWebhooksForTeamPage(teamId string, page, perPage int) ([]*model.OutgoingWebhook, *model.AppError) { + if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { + return nil, model.NewAppError("GetOutgoingWebhooksForTeamPage", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) + } + + if result := <-Srv.Store.Webhook().GetOutgoingByTeam(teamId); result.Err != nil { + return nil, result.Err + } else { + return result.Data.([]*model.OutgoingWebhook), nil + } +} + +func DeleteOutgoingWebhook(hookId string) *model.AppError { + if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { + return model.NewAppError("DeleteOutgoingWebhook", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) + } + + if result := <-Srv.Store.Webhook().DeleteOutgoing(hookId, model.GetMillis()); result.Err != nil { + return result.Err + } + + return nil +} + +func RegenOutgoingWebhookToken(hook *model.OutgoingWebhook) (*model.OutgoingWebhook, *model.AppError) { + if !utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { + return nil, model.NewAppError("RegenOutgoingWebhookToken", "api.outgoing_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) + } + + hook.Token = model.NewId() + + if result := <-Srv.Store.Webhook().UpdateOutgoing(hook); result.Err != nil { + return nil, result.Err + } else { + return result.Data.(*model.OutgoingWebhook), nil + } +} + +func HandleIncomingWebhook(hookId string, req *model.IncomingWebhookRequest) *model.AppError { + if !utils.Cfg.ServiceSettings.EnableIncomingWebhooks { + return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.disabled.app_error", nil, "", http.StatusNotImplemented) + } + + hchan := Srv.Store.Webhook().GetIncoming(hookId, true) + + if req == nil { + return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.parse.app_error", nil, "", http.StatusBadRequest) + } + + text := req.Text + if len(text) == 0 && req.Attachments == nil { + return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.text.app_error", nil, "", http.StatusBadRequest) + } + + textSize := utf8.RuneCountInString(text) + if textSize > model.POST_MESSAGE_MAX_RUNES { + return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.text.length.app_error", map[string]interface{}{"Max": model.POST_MESSAGE_MAX_RUNES, "Actual": textSize}, "", http.StatusBadRequest) + } + + channelName := req.ChannelName + webhookType := req.Type + + // attachments is in here for slack compatibility + if req.Attachments != nil { + if len(req.Props) == 0 { + req.Props = make(model.StringInterface) + } + req.Props["attachments"] = req.Attachments + + attachmentSize := utf8.RuneCountInString(model.StringInterfaceToJson(req.Props)) + // Minus 100 to leave room for setting post type in the Props + if attachmentSize > model.POST_PROPS_MAX_RUNES-100 { + return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.attachment.app_error", map[string]interface{}{"Max": model.POST_PROPS_MAX_RUNES - 100, "Actual": attachmentSize}, "", http.StatusBadRequest) + } + + webhookType = model.POST_SLACK_ATTACHMENT + } + + var hook *model.IncomingWebhook + if result := <-hchan; result.Err != nil { + return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.invalid.app_error", nil, "err="+result.Err.Message, http.StatusBadRequest) + } else { + hook = result.Data.(*model.IncomingWebhook) + } + + var channel *model.Channel + var cchan store.StoreChannel + var directUserId string + + if len(channelName) != 0 { + if channelName[0] == '@' { + if result := <-Srv.Store.User().GetByUsername(channelName[1:]); result.Err != nil { + return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.user.app_error", nil, "err="+result.Err.Message, http.StatusBadRequest) + } else { + directUserId = result.Data.(*model.User).Id + channelName = model.GetDMNameFromIds(directUserId, hook.UserId) + } + } else if channelName[0] == '#' { + channelName = channelName[1:] + } + + cchan = Srv.Store.Channel().GetByName(hook.TeamId, channelName, true) + } else { + cchan = Srv.Store.Channel().Get(hook.ChannelId, true) + } + + overrideUsername := req.Username + overrideIconUrl := req.IconURL + + result := <-cchan + if result.Err != nil && result.Err.Id == store.MISSING_CHANNEL_ERROR && directUserId != "" { + newChanResult := <-Srv.Store.Channel().CreateDirectChannel(directUserId, hook.UserId) + if newChanResult.Err != nil { + return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.channel.app_error", nil, "err="+newChanResult.Err.Message, http.StatusBadRequest) + } else { + channel = newChanResult.Data.(*model.Channel) + InvalidateCacheForUser(directUserId) + InvalidateCacheForUser(hook.UserId) + } + } else if result.Err != nil { + return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.channel.app_error", nil, "err="+result.Err.Message, result.Err.StatusCode) + } else { + channel = result.Data.(*model.Channel) + } + + if channel.Type != model.CHANNEL_OPEN && !HasPermissionToChannel(hook.UserId, channel.Id, model.PERMISSION_READ_CHANNEL) { + return model.NewAppError("HandleIncomingWebhook", "web.incoming_webhook.permissions.app_error", nil, "", http.StatusForbidden) + } + + if _, err := CreateWebhookPost(hook.UserId, hook.TeamId, channel.Id, text, overrideUsername, overrideIconUrl, req.Props, webhookType); err != nil { + return err + } + + return nil +} diff --git a/i18n/en.json b/i18n/en.json index 1535bac47..312622ef8 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -2692,23 +2692,15 @@ "translation": "team hub stopping for teamId=%v" }, { - "id": "api.webhook.create_incoming.disabled.app_error", + "id": "api.incoming_webhook.disabled.app_errror", "translation": "Incoming webhooks have been disabled by the system admin." }, - { - "id": "api.webhook.update_incoming.disabled.app_error", - "translation": "Incoming webhooks have been disabled by the system admin." - }, - { - "id": "api.webhook.update_incoming.permissions.app_error", - "translation": "Invalid permissions to update incoming webhook" - }, { "id": "api.webhook.team_mismatch.app_error", "translation": "Cannot update webhook across teams" }, { - "id": "api.webhook.create_outgoing.disabled.app_error", + "id": "api.outgoing_webhook.disabled.app_error", "translation": "Outgoing webhooks have been disabled by the system admin." }, { @@ -2728,49 +2720,25 @@ "translation": "Either trigger_words or channel_id must be set" }, { - "id": "api.webhook.update_outgoing.disabled.app_error", - "translation": "Outgoing webhooks have been disabled by the system admin." - }, - { - "id": "api.webhook.update_outgoing.intersect.app_error", - "translation": "Outgoing webhooks from the same channel cannot have the same trigger words/callback URLs." + "id": "api.webhook.delete_incoming.permissions.app_errror", + "translation": "Invalid permissions to delete incoming webhook" }, { "id": "api.webhook.update_outgoing.not_open.app_error", "translation": "Outgoing webhooks can only be updated to public channels." }, { - "id": "api.webhook.update_outgoing.permissions.app_error", - "translation": "Invalid permissions to update outgoing webhook." + "id": "api.webhook.update_outgoing.intersect.app_error", + "translation": "Outgoing webhooks from the same channel cannot have the same trigger words/callback URLs." }, { "id": "api.webhook.update_outgoing.triggers.app_error", "translation": "Either trigger_words or channel_id must be set" }, - { - "id": "api.webhook.delete_incoming.disabled.app_error", - "translation": "Incoming webhooks have been disabled by the system admin." - }, - { - "id": "api.webhook.delete_incoming.permissions.app_error", - "translation": "Invalid permissions to delete incoming webhook" - }, - { - "id": "api.webhook.delete_outgoing.disabled.app_error", - "translation": "Outgoing webhooks have been disabled by the system admin." - }, { "id": "api.webhook.delete_outgoing.permissions.app_error", "translation": "Invalid permissions to delete outgoing webhook" }, - { - "id": "api.webhook.get_incoming.disabled.app_error", - "translation": "Incoming webhooks have been disabled by the system admin." - }, - { - "id": "api.webhook.get_outgoing.disabled.app_error", - "translation": "Outgoing webhooks have been disabled by the system admin." - }, { "id": "api.webhook.incoming.debug", "translation": "Incoming webhook received. Content=" @@ -2783,10 +2751,6 @@ "id": "api.webhook.init.debug", "translation": "Initializing webhook API routes" }, - { - "id": "api.webhook.regen_outgoing_token.disabled.app_error", - "translation": "Outgoing webhooks have been disabled by the system admin." - }, { "id": "api.webhook.regen_outgoing_token.permissions.app_error", "translation": "Invalid permissions to regenerate outgoing webhook token" diff --git a/webapp/tests/client_hooks.test.jsx b/webapp/tests/client_hooks.test.jsx index 841d87b7a..db72bce18 100644 --- a/webapp/tests/client_hooks.test.jsx +++ b/webapp/tests/client_hooks.test.jsx @@ -22,7 +22,7 @@ describe('Client.Hooks', function() { done(new Error('hooks not enabled')); }, function(err) { - assert.equal(err.id, 'api.webhook.create_incoming.disabled.app_error'); + assert.equal(err.id, 'api.incoming_webhook.disabled.app_error'); done(); } ); @@ -44,7 +44,7 @@ describe('Client.Hooks', function() { done(new Error('hooks not enabled')); }, function(err) { - assert.equal(err.id, 'api.webhook.update_incoming.disabled.app_error'); + assert.equal(err.id, 'api.incoming_webhook.disabled.app_error'); done(); } ); @@ -60,7 +60,7 @@ describe('Client.Hooks', function() { done(new Error('hooks not enabled')); }, function(err) { - assert.equal(err.id, 'api.webhook.delete_incoming.disabled.app_error'); + assert.equal(err.id, 'api.incoming_webhook.disabled.app_error'); done(); } ); @@ -75,7 +75,7 @@ describe('Client.Hooks', function() { done(new Error('hooks not enabled')); }, function(err) { - assert.equal(err.id, 'api.webhook.get_incoming.disabled.app_error'); + assert.equal(err.id, 'api.incoming_webhook.disabled.app_error'); done(); } ); @@ -97,7 +97,7 @@ describe('Client.Hooks', function() { done(new Error('hooks not enabled')); }, function(err) { - assert.equal(err.id, 'api.webhook.create_outgoing.disabled.app_error'); + assert.equal(err.id, 'api.outgoing_webhook.disabled.app_error'); done(); } ); @@ -113,7 +113,7 @@ describe('Client.Hooks', function() { done(new Error('hooks not enabled')); }, function(err) { - assert.equal(err.id, 'api.webhook.delete_outgoing.disabled.app_error'); + assert.equal(err.id, 'api.outgoing_webhook.disabled.app_error'); done(); } ); @@ -128,7 +128,7 @@ describe('Client.Hooks', function() { done(new Error('hooks not enabled')); }, function(err) { - assert.equal(err.id, 'api.webhook.get_outgoing.disabled.app_error'); + assert.equal(err.id, 'api.outgoing_webhook.disabled.app_error'); done(); } ); @@ -144,7 +144,7 @@ describe('Client.Hooks', function() { done(new Error('hooks not enabled')); }, function(err) { - assert.equal(err.id, 'api.webhook.regen_outgoing_token.disabled.app_error'); + assert.equal(err.id, 'api.outgoing_webhook.disabled.app_error'); done(); } ); @@ -166,7 +166,7 @@ describe('Client.Hooks', function() { done(new Error('hooks not enabled')); }, function(err) { - assert.equal(err.id, 'api.webhook.update_outgoing.disabled.app_error'); + assert.equal(err.id, 'api.outgoing_webhook.disabled.app_error'); done(); } ); -- cgit v1.2.3-1-g7c22