From c372ceebf87295408072a40c63df7c4be9bc2abc Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Mon, 13 Mar 2017 13:27:27 +0100 Subject: [APIV4] GET /config - getConfig endpoint for apiV4 (#5701) --- api4/system.go | 15 +++++++++++++++ api4/system_test.go | 50 +++++++++++++++++++++++++++++++++++++++++++++++++- model/client4.go | 14 ++++++++++++++ 3 files changed, 78 insertions(+), 1 deletion(-) diff --git a/api4/system.go b/api4/system.go index 94f4718a2..4f86213c6 100644 --- a/api4/system.go +++ b/api4/system.go @@ -7,6 +7,8 @@ import ( "net/http" l4g "github.com/alecthomas/log4go" + "github.com/mattermost/platform/app" + "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" ) @@ -14,8 +16,21 @@ func InitSystem() { l4g.Debug(utils.T("api.system.init.debug")) BaseRoutes.System.Handle("/ping", ApiHandler(getSystemPing)).Methods("GET") + BaseRoutes.ApiRoot.Handle("/config", ApiSessionRequired(getConfig)).Methods("GET") } func getSystemPing(c *Context, w http.ResponseWriter, r *http.Request) { ReturnStatusOK(w) } + +func getConfig(c *Context, w http.ResponseWriter, r *http.Request) { + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) + return + } + + cfg := app.GetConfig() + + w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate") + w.Write([]byte(cfg.ToJson())) +} diff --git a/api4/system_test.go b/api4/system_test.go index d9514eabc..2e8b8f70f 100644 --- a/api4/system_test.go +++ b/api4/system_test.go @@ -1,7 +1,10 @@ package api4 import ( + "strings" "testing" + + "github.com/mattermost/platform/model" ) func TestGetPing(t *testing.T) { @@ -10,9 +13,54 @@ func TestGetPing(t *testing.T) { Client := th.Client b, _ := Client.GetPing() - if b == false { + if b == false { t.Fatal() } } +func TestGetConfig(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + _, resp := Client.GetConfig() + CheckForbiddenStatus(t, resp) + + cfg, resp := th.SystemAdminClient.GetConfig() + CheckNoError(t, resp) + if len(cfg.TeamSettings.SiteName) == 0 { + t.Fatal() + } + + if *cfg.LdapSettings.BindPassword != model.FAKE_SETTING && len(*cfg.LdapSettings.BindPassword) != 0 { + t.Fatal("did not sanitize properly") + } + if *cfg.FileSettings.PublicLinkSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.FileSettings.AmazonS3SecretAccessKey != model.FAKE_SETTING && len(cfg.FileSettings.AmazonS3SecretAccessKey) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.InviteSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.PasswordResetSalt != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.EmailSettings.SMTPPassword != model.FAKE_SETTING && len(cfg.EmailSettings.SMTPPassword) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.GitLabSettings.Secret != model.FAKE_SETTING && len(cfg.GitLabSettings.Secret) != 0 { + t.Fatal("did not sanitize properly") + } + if cfg.SqlSettings.DataSource != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if cfg.SqlSettings.AtRestEncryptKey != model.FAKE_SETTING { + t.Fatal("did not sanitize properly") + } + if !strings.Contains(strings.Join(cfg.SqlSettings.DataSourceReplicas, " "), model.FAKE_SETTING) && len(cfg.SqlSettings.DataSourceReplicas) != 0 { + t.Fatal("did not sanitize properly") + } +} diff --git a/model/client4.go b/model/client4.go index 43787cf08..6441abcc2 100644 --- a/model/client4.go +++ b/model/client4.go @@ -126,6 +126,10 @@ func (c *Client4) GetPostsRoute() string { return fmt.Sprintf("/posts") } +func (c *Client4) GetConfigRoute() string { + return fmt.Sprintf("/config") +} + func (c *Client4) GetPostRoute(postId string) string { return fmt.Sprintf(c.GetPostsRoute()+"/%v", postId) } @@ -957,6 +961,16 @@ func (c *Client4) GetPing() (bool, *Response) { } } +// GetConfig will retrieve the server config with some sanitized items. +func (c *Client4) GetConfig() (*Config, *Response) { + if r, err := c.DoApiGet(c.GetConfigRoute(), ""); err != nil { + return nil, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return ConfigFromJson(r.Body), BuildResponse(r) + } +} + // Webhooks Section // CreateIncomingWebhook creates an incoming webhook for a channel. -- cgit v1.2.3-1-g7c22