From d2ddf40f56191c1770c3ca93d747a7f1b749f26c Mon Sep 17 00:00:00 2001 From: Harrison Healey Date: Thu, 5 May 2016 16:35:03 -0400 Subject: PLT-2600/PLT-2770 Added Get Public Link modal and added new API for public file links (#2892) * Switched public file links to use a GetLinkModal * Separated getFile and the new getPublicFile api calls --- api/file_test.go | 373 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 204 insertions(+), 169 deletions(-) (limited to 'api/file_test.go') diff --git a/api/file_test.go b/api/file_test.go index 015048ec4..fe7355122 100644 --- a/api/file_test.go +++ b/api/file_test.go @@ -5,16 +5,15 @@ package api import ( "bytes" + "encoding/base64" "fmt" "github.com/goamz/goamz/aws" "github.com/goamz/goamz/s3" "github.com/mattermost/platform/model" - "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" "io" "mime/multipart" "net/http" - "net/url" "os" "strings" "testing" @@ -138,12 +137,6 @@ func TestGetFile(t *testing.T) { user := th.BasicUser channel := th.BasicChannel - enablePublicLink := utils.Cfg.FileSettings.EnablePublicLink - defer func() { - utils.Cfg.FileSettings.EnablePublicLink = enablePublicLink - }() - utils.Cfg.FileSettings.EnablePublicLink = true - if utils.Cfg.FileSettings.DriverName != "" { body := &bytes.Buffer{} writer := multipart.NewWriter(body) @@ -202,60 +195,6 @@ func TestGetFile(t *testing.T) { } } - team2 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} - team2 = Client.Must(Client.CreateTeam(team2)).Data.(*model.Team) - - user2 := &model.User{Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"} - user2 = Client.Must(Client.CreateUser(user2, "")).Data.(*model.User) - LinkUserToTeam(user2, team2) - store.Must(Srv.Store.User().VerifyEmail(user2.Id)) - - newProps := make(map[string]string) - newProps["filename"] = filenames[0] - newProps["time"] = fmt.Sprintf("%v", model.GetMillis()) - - data := model.MapToJson(newProps) - hash := model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.FileSettings.PublicLinkSalt)) - - Client.Login(user2.Email, "pwd") - Client.SetTeamId(team2.Id) - - if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash)+"&t="+team.Id, false); downErr != nil { - t.Fatal(downErr) - } - - if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash), false); downErr == nil { - t.Fatal("Should have errored - missing team id") - } - - if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash)+"&t=junk", false); downErr == nil { - t.Fatal("Should have errored - bad team id") - } - - if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash)+"&t=12345678901234567890123456", false); downErr == nil { - t.Fatal("Should have errored - bad team id") - } - - if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&t="+team.Id, false); downErr == nil { - t.Fatal("Should have errored - missing hash") - } - - if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h=junk&t="+team.Id, false); downErr == nil { - t.Fatal("Should have errored - bad hash") - } - - if _, downErr := Client.GetFile(filenames[0]+"?h="+url.QueryEscape(hash)+"&t="+team.Id, false); downErr == nil { - t.Fatal("Should have errored - missing data") - } - - if _, downErr := Client.GetFile(filenames[0]+"?d=junk&h="+url.QueryEscape(hash)+"&t="+team.Id, false); downErr == nil { - t.Fatal("Should have errored - bad data") - } - - if _, downErr := Client.GetFile(filenames[0], true); downErr == nil { - t.Fatal("Should have errored - user not logged in and link not public") - } - if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 { var auth aws.Auth auth.AccessKey = utils.Cfg.FileSettings.AmazonS3AccessKeyId @@ -309,146 +248,242 @@ func TestGetFile(t *testing.T) { } } -func TestGetPublicLink(t *testing.T) { +func TestGetPublicFile(t *testing.T) { th := Setup().InitBasic() Client := th.BasicClient - team := th.BasicTeam - user := th.BasicUser channel := th.BasicChannel - if utils.Cfg.FileSettings.DriverName != "" { - enablePublicLink := utils.Cfg.FileSettings.EnablePublicLink - defer func() { - utils.Cfg.FileSettings.EnablePublicLink = enablePublicLink - }() - utils.Cfg.FileSettings.EnablePublicLink = true + enablePublicLink := utils.Cfg.FileSettings.EnablePublicLink + driverName := utils.Cfg.FileSettings.DriverName + defer func() { + utils.Cfg.FileSettings.EnablePublicLink = enablePublicLink + utils.Cfg.FileSettings.DriverName = driverName + }() + utils.Cfg.FileSettings.EnablePublicLink = true + if driverName == "" { + driverName = model.IMAGE_DRIVER_LOCAL + } - body := &bytes.Buffer{} - writer := multipart.NewWriter(body) - part, err := writer.CreateFormFile("files", "test.png") - if err != nil { - t.Fatal(err) - } + filenames, err := uploadTestFile(Client, channel.Id) + if err != nil { + t.Fatal("failed to upload test file", err) + } - path := utils.FindDir("tests") - file, err := os.Open(path + "/test.png") - if err != nil { - t.Fatal(err) - } - defer file.Close() + post1 := &model.Post{ChannelId: channel.Id, Message: "a" + model.NewId() + "a", Filenames: filenames} - _, err = io.Copy(part, file) - if err != nil { - t.Fatal(err) - } + if rpost1, postErr := Client.CreatePost(post1); postErr != nil { + t.Fatal(postErr) + } else { + post1 = rpost1.Data.(*model.Post) + } - field, err := writer.CreateFormField("channel_id") - if err != nil { - t.Fatal(err) - } + var link string + if result, err := Client.GetPublicLink(filenames[0]); err != nil { + t.Fatal("failed to get public link") + } else { + link = result.Data.(string) + } - _, err = field.Write([]byte(channel.Id)) - if err != nil { - t.Fatal(err) - } + // test a user that's logged in + if resp, err := http.Get(link); err != nil && resp.StatusCode != http.StatusOK { + t.Fatal("failed to get image with public link while logged in", err) + } - err = writer.Close() - if err != nil { - t.Fatal(err) - } + if resp, err := http.Get(link[:strings.LastIndex(link, "?")]); err == nil && resp.StatusCode != http.StatusBadRequest { + t.Fatal("should've failed to get image with public link while logged in without query params", resp.Status) + } - resp, upErr := Client.UploadPostAttachment(body.Bytes(), writer.FormDataContentType()) - if upErr != nil { - t.Fatal(upErr) - } + if resp, err := http.Get(link[:strings.LastIndex(link, "&")]); err == nil && resp.StatusCode != http.StatusBadRequest { + t.Fatal("should've failed to get image with public link while logged in without second query param") + } - filenames := resp.Data.(*model.FileUploadResponse).Filenames + if resp, err := http.Get(link[:strings.LastIndex(link, "?")] + "?" + link[strings.LastIndex(link, "&"):]); err == nil && resp.StatusCode != http.StatusBadRequest { + t.Fatal("should've failed to get image with public link while logged in without first query param") + } - post1 := &model.Post{ChannelId: channel.Id, Message: "a" + model.NewId() + "a", Filenames: filenames} + utils.Cfg.FileSettings.EnablePublicLink = false + if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusNotImplemented { + t.Fatal("should've failed to get image with disabled public link while logged in") + } - rpost1, postErr := Client.CreatePost(post1) - if postErr != nil { - t.Fatal(postErr) - } + utils.Cfg.FileSettings.EnablePublicLink = true - if rpost1.Data.(*model.Post).Filenames[0] != filenames[0] { - t.Fatal("filenames don't match") - } + // test a user that's logged out + Client.Must(Client.Logout()) - // wait a bit for files to ready - time.Sleep(5 * time.Second) + if resp, err := http.Get(link); err != nil && resp.StatusCode != http.StatusOK { + t.Fatal("failed to get image with public link while not logged in", err) + } - data := make(map[string]string) - data["filename"] = filenames[0] + if resp, err := http.Get(link[:strings.LastIndex(link, "?")]); err == nil && resp.StatusCode != http.StatusBadRequest { + t.Fatal("should've failed to get image with public link while not logged in without query params") + } - if _, err := Client.GetPublicLink(data); err != nil { - t.Fatal(err) - } + if resp, err := http.Get(link[:strings.LastIndex(link, "&")]); err == nil && resp.StatusCode != http.StatusBadRequest { + t.Fatal("should've failed to get image with public link while not logged in without second query param") + } - data["filename"] = "junk" + if resp, err := http.Get(link[:strings.LastIndex(link, "?")] + "?" + link[strings.LastIndex(link, "&"):]); err == nil && resp.StatusCode != http.StatusBadRequest { + t.Fatal("should've failed to get image with public link while not logged in without first query param") + } - if _, err := Client.GetPublicLink(data); err == nil { - t.Fatal("Should have errored - bad file path") - } + utils.Cfg.FileSettings.EnablePublicLink = false + if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusNotImplemented { + t.Fatal("should've failed to get image with disabled public link while not logged in") + } - th.LoginBasic2() + utils.Cfg.FileSettings.EnablePublicLink = true - data["filename"] = filenames[0] - if _, err := Client.GetPublicLink(data); err == nil { - t.Fatal("should have errored, user not member of channel") - } + // test a user that's logged in after the salt has changed + utils.Cfg.FileSettings.PublicLinkSalt = model.NewId() - if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 { - // perform clean-up on s3 - var auth aws.Auth - auth.AccessKey = utils.Cfg.FileSettings.AmazonS3AccessKeyId - auth.SecretKey = utils.Cfg.FileSettings.AmazonS3SecretAccessKey + th.LoginBasic() + if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusBadRequest { + t.Fatal("should've failed to get image with public link while logged in after salt changed") + } - s := s3.New(auth, aws.Regions[utils.Cfg.FileSettings.AmazonS3Region]) - bucket := s.Bucket(utils.Cfg.FileSettings.AmazonS3Bucket) + Client.Must(Client.Logout()) + if resp, err := http.Get(link); err == nil && resp.StatusCode != http.StatusBadRequest { + t.Fatal("should've failed to get image with public link while not logged in after salt changed") + } - filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/") - filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1] - fileId := strings.Split(filename, ".")[0] + if err := cleanupTestFile(filenames[0], th.BasicTeam.Id, channel.Id, th.BasicUser.Id); err != nil { + t.Fatal("failed to cleanup test file", err) + } +} - err = bucket.Del("teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + filename) - if err != nil { - t.Fatal(err) - } +func TestGetPublicLink(t *testing.T) { + th := Setup().InitBasic() + Client := th.BasicClient + channel := th.BasicChannel - err = bucket.Del("teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_thumb.jpg") - if err != nil { - t.Fatal(err) - } + enablePublicLink := utils.Cfg.FileSettings.EnablePublicLink + driverName := utils.Cfg.FileSettings.DriverName + defer func() { + utils.Cfg.FileSettings.EnablePublicLink = enablePublicLink + utils.Cfg.FileSettings.DriverName = driverName + }() + if driverName == "" { + driverName = model.IMAGE_DRIVER_LOCAL + } - err = bucket.Del("teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_preview.jpg") - if err != nil { - t.Fatal(err) - } - } else { - filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/") - filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1] - fileId := strings.Split(filename, ".")[0] + filenames, err := uploadTestFile(Client, channel.Id) + if err != nil { + t.Fatal("failed to upload test file", err) + } - path := utils.Cfg.FileSettings.Directory + "teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + filename - if err := os.Remove(path); err != nil { - t.Fatal("Couldn't remove file at " + path) - } + post1 := &model.Post{ChannelId: channel.Id, Message: "a" + model.NewId() + "a", Filenames: filenames} - path = utils.Cfg.FileSettings.Directory + "teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_thumb.jpg" - if err := os.Remove(path); err != nil { - t.Fatal("Couldn't remove file at " + path) - } + if rpost1, postErr := Client.CreatePost(post1); postErr != nil { + t.Fatal(postErr) + } else { + post1 = rpost1.Data.(*model.Post) + } - path = utils.Cfg.FileSettings.Directory + "teams/" + team.Id + "/channels/" + channel.Id + "/users/" + user.Id + "/" + fileId + "_preview.jpg" - if err := os.Remove(path); err != nil { - t.Fatal("Couldn't remove file at " + path) - } + utils.Cfg.FileSettings.EnablePublicLink = false + if _, err := Client.GetPublicLink(filenames[0]); err == nil || err.StatusCode != http.StatusNotImplemented { + t.Fatal("should've failed when public links are disabled", err) + } + + utils.Cfg.FileSettings.EnablePublicLink = true + + if _, err := Client.GetPublicLink("garbage"); err == nil { + t.Fatal("should've failed for invalid link") + } + + if _, err := Client.GetPublicLink(filenames[0]); err != nil { + t.Fatal("should've gotten link for file", err) + } + + th.LoginBasic2() + + if _, err := Client.GetPublicLink(filenames[0]); err == nil { + t.Fatal("should've failed, user not member of channel") + } + + th.LoginBasic() + + if err := cleanupTestFile(filenames[0], th.BasicTeam.Id, channel.Id, th.BasicUser.Id); err != nil { + t.Fatal("failed to cleanup test file", err) + } +} + +func uploadTestFile(Client *model.Client, channelId string) ([]string, error) { + body := &bytes.Buffer{} + writer := multipart.NewWriter(body) + part, err := writer.CreateFormFile("files", "test.png") + if err != nil { + return nil, err + } + + // base 64 encoded version of handtinywhite.gif from http://probablyprogramming.com/2009/03/15/the-tiniest-gif-ever + file, _ := base64.StdEncoding.DecodeString("R0lGODlhAQABAIABAP///wAAACwAAAAAAQABAAACAkQBADs=") + + if _, err := io.Copy(part, bytes.NewReader(file)); err != nil { + return nil, err + } + + field, err := writer.CreateFormField("channel_id") + if err != nil { + return nil, err + } + + if _, err := field.Write([]byte(channelId)); err != nil { + return nil, err + } + + if err := writer.Close(); err != nil { + return nil, err + } + + if resp, err := Client.UploadPostAttachment(body.Bytes(), writer.FormDataContentType()); err != nil { + return nil, err + } else { + return resp.Data.(*model.FileUploadResponse).Filenames, nil + } +} + +func cleanupTestFile(fullFilename, teamId, channelId, userId string) error { + filenames := strings.Split(fullFilename, "/") + filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1] + fileId := strings.Split(filename, ".")[0] + + if utils.Cfg.FileSettings.DriverName == model.IMAGE_DRIVER_S3 { + // perform clean-up on s3 + var auth aws.Auth + auth.AccessKey = utils.Cfg.FileSettings.AmazonS3AccessKeyId + auth.SecretKey = utils.Cfg.FileSettings.AmazonS3SecretAccessKey + + s := s3.New(auth, aws.Regions[utils.Cfg.FileSettings.AmazonS3Region]) + bucket := s.Bucket(utils.Cfg.FileSettings.AmazonS3Bucket) + + if err := bucket.Del("teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + filename); err != nil { + return err + } + + if err := bucket.Del("teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + fileId + "_thumb.jpg"); err != nil { + return err + } + + if err := bucket.Del("teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + fileId + "_preview.jpg"); err != nil { + return err } } else { - data := make(map[string]string) - if _, err := Client.GetPublicLink(data); err.StatusCode != http.StatusNotImplemented { - t.Fatal("Status code should have been 501 - Not Implemented") + path := utils.Cfg.FileSettings.Directory + "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + filename + if err := os.Remove(path); err != nil { + return fmt.Errorf("Couldn't remove file at " + path) + } + + path = utils.Cfg.FileSettings.Directory + "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + fileId + "_thumb.jpg" + if err := os.Remove(path); err != nil { + return fmt.Errorf("Couldn't remove file at " + path) + } + + path = utils.Cfg.FileSettings.Directory + "teams/" + teamId + "/channels/" + channelId + "/users/" + userId + "/" + fileId + "_preview.jpg" + if err := os.Remove(path); err != nil { + return fmt.Errorf("Couldn't remove file at " + path) } } + + return nil } -- cgit v1.2.3-1-g7c22