From 2e5617c29be69637acd384e85f795a0b343bec8d Mon Sep 17 00:00:00 2001 From: Corey Hulen Date: Thu, 21 Apr 2016 22:37:01 -0700 Subject: PLT-2057 User as a first class object (#2648) * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams --- api/webhook_test.go | 733 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 458 insertions(+), 275 deletions(-) (limited to 'api/webhook_test.go') diff --git a/api/webhook_test.go b/api/webhook_test.go index 4f85d178d..5198056cc 100644 --- a/api/webhook_test.go +++ b/api/webhook_test.go @@ -4,416 +4,599 @@ package api import ( + "fmt" "github.com/mattermost/platform/model" - "github.com/mattermost/platform/store" "github.com/mattermost/platform/utils" "testing" "time" ) func TestCreateIncomingHook(t *testing.T) { - Setup() + th := Setup().InitSystemAdmin() + Client := th.SystemAdminClient + user := th.SystemAdminUser + team := th.SystemAdminTeam + channel1 := th.CreateChannel(Client, team) + channel2 := th.CreatePrivateChannel(Client, team) + user2 := th.CreateUser(Client) + LinkUserToTeam(user2, team) + enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks - enableOutgoingHooks := utils.Cfg.ServiceSettings.EnableOutgoingWebhooks + enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations defer func() { utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks - utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = enableOutgoingHooks + utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks }() utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true - utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = true + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true - team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} - team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) + hook := &model.IncomingWebhook{ChannelId: channel1.Id} - user := &model.User{TeamId: team.Id, Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"} - user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User) - store.Must(Srv.Store.User().VerifyEmail(user.Id)) + var rhook *model.IncomingWebhook + if result, err := Client.CreateIncomingWebhook(hook); err != nil { + t.Fatal(err) + } else { + rhook = result.Data.(*model.IncomingWebhook) + } - c := &Context{} - c.RequestId = model.NewId() - c.IpAddress = "cmd_line" - UpdateRoles(c, user, model.ROLE_SYSTEM_ADMIN) - Client.LoginByEmail(team.Name, user.Email, "pwd") + if hook.ChannelId != rhook.ChannelId { + t.Fatal("channel ids didn't match") + } - channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} - channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) + if rhook.UserId != user.Id { + t.Fatal("user ids didn't match") + } - channel2 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} - channel2 = Client.Must(Client.CreateChannel(channel2)).Data.(*model.Channel) + if rhook.TeamId != team.Id { + t.Fatal("team ids didn't match") + } - hook := &model.IncomingWebhook{ChannelId: channel1.Id} + hook = &model.IncomingWebhook{ChannelId: "junk"} + if _, err := Client.CreateIncomingWebhook(hook); err == nil { + t.Fatal("should have failed - bad channel id") + } - if utils.Cfg.ServiceSettings.EnableIncomingWebhooks { - var rhook *model.IncomingWebhook - if result, err := Client.CreateIncomingWebhook(hook); err != nil { - t.Fatal(err) - } else { - rhook = result.Data.(*model.IncomingWebhook) + hook = &model.IncomingWebhook{ChannelId: channel2.Id, UserId: "123", TeamId: "456"} + if result, err := Client.CreateIncomingWebhook(hook); err != nil { + t.Fatal(err) + } else { + if result.Data.(*model.IncomingWebhook).UserId != user.Id { + t.Fatal("bad user id wasn't overwritten") } - - if hook.ChannelId != rhook.ChannelId { - t.Fatal("channel ids didn't match") + if result.Data.(*model.IncomingWebhook).TeamId != team.Id { + t.Fatal("bad team id wasn't overwritten") } + } - if rhook.UserId != user.Id { - t.Fatal("user ids didn't match") - } + Client.Logout() + Client.Must(Client.LoginById(user2.Id, user2.Password)) + Client.SetTeamId(team.Id) - if rhook.TeamId != team.Id { - t.Fatal("team ids didn't match") - } + hook = &model.IncomingWebhook{ChannelId: channel1.Id} - hook = &model.IncomingWebhook{ChannelId: "junk"} - if _, err := Client.CreateIncomingWebhook(hook); err == nil { - t.Fatal("should have failed - bad channel id") - } + if _, err := Client.CreateIncomingWebhook(hook); err == nil { + t.Fatal("should have failed - not system/team admin") + } - hook = &model.IncomingWebhook{ChannelId: channel2.Id, UserId: "123", TeamId: "456"} - if result, err := Client.CreateIncomingWebhook(hook); err != nil { - t.Fatal(err) - } else { - if result.Data.(*model.IncomingWebhook).UserId != user.Id { - t.Fatal("bad user id wasn't overwritten") - } - if result.Data.(*model.IncomingWebhook).TeamId != team.Id { - t.Fatal("bad team id wasn't overwritten") - } - } - } else { - if _, err := Client.CreateIncomingWebhook(hook); err == nil { - t.Fatal("should have errored - webhooks turned off") - } + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false + + if _, err := Client.CreateIncomingWebhook(hook); err != nil { + t.Fatal(err) + } + + hook = &model.IncomingWebhook{ChannelId: channel2.Id} + + if _, err := Client.CreateIncomingWebhook(hook); err == nil { + t.Fatal("should have failed - channel is private and not a member") + } + + utils.Cfg.ServiceSettings.EnableIncomingWebhooks = false + + if _, err := Client.CreateIncomingWebhook(hook); err == nil { + t.Fatal("should have errored - webhooks turned off") } } func TestListIncomingHooks(t *testing.T) { - Setup() + th := Setup().InitSystemAdmin() + Client := th.SystemAdminClient + team := th.SystemAdminTeam + channel1 := th.CreateChannel(Client, team) + user2 := th.CreateUser(Client) + LinkUserToTeam(user2, team) + enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks - enableOutgoingHooks := utils.Cfg.ServiceSettings.EnableOutgoingWebhooks + enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations defer func() { utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks - utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = enableOutgoingHooks + utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks }() utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true - utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = true + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true - team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} - team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) + hook1 := &model.IncomingWebhook{ChannelId: channel1.Id} + hook1 = Client.Must(Client.CreateIncomingWebhook(hook1)).Data.(*model.IncomingWebhook) - user := &model.User{TeamId: team.Id, Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"} - user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User) - store.Must(Srv.Store.User().VerifyEmail(user.Id)) + hook2 := &model.IncomingWebhook{ChannelId: channel1.Id} + hook2 = Client.Must(Client.CreateIncomingWebhook(hook2)).Data.(*model.IncomingWebhook) - c := &Context{} - c.RequestId = model.NewId() - c.IpAddress = "cmd_line" - UpdateRoles(c, user, model.ROLE_SYSTEM_ADMIN) - Client.LoginByEmail(team.Name, user.Email, "pwd") + if result, err := Client.ListIncomingWebhooks(); err != nil { + t.Fatal(err) + } else { + hooks := result.Data.([]*model.IncomingWebhook) - channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} - channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) + if len(hooks) != 2 { + t.Fatal("incorrect number of hooks") + } + } - if utils.Cfg.ServiceSettings.EnableIncomingWebhooks { - hook1 := &model.IncomingWebhook{ChannelId: channel1.Id} - hook1 = Client.Must(Client.CreateIncomingWebhook(hook1)).Data.(*model.IncomingWebhook) + Client.Logout() + Client.Must(Client.LoginById(user2.Id, user2.Password)) + Client.SetTeamId(team.Id) - hook2 := &model.IncomingWebhook{ChannelId: channel1.Id} - hook2 = Client.Must(Client.CreateIncomingWebhook(hook2)).Data.(*model.IncomingWebhook) + if _, err := Client.ListIncomingWebhooks(); err == nil { + t.Fatal("should have errored - not system/team admin") + } - if result, err := Client.ListIncomingWebhooks(); err != nil { - t.Fatal(err) - } else { - hooks := result.Data.([]*model.IncomingWebhook) + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false - if len(hooks) != 2 { - t.Fatal("incorrect number of hooks") - } - } - } else { - if _, err := Client.ListIncomingWebhooks(); err == nil { - t.Fatal("should have errored - webhooks turned off") - } + if _, err := Client.ListIncomingWebhooks(); err != nil { + t.Fatal(err) + } + + utils.Cfg.ServiceSettings.EnableIncomingWebhooks = false + + if _, err := Client.ListIncomingWebhooks(); err == nil { + t.Fatal("should have errored - webhooks turned off") } } func TestDeleteIncomingHook(t *testing.T) { - Setup() + th := Setup().InitSystemAdmin() + Client := th.SystemAdminClient + team := th.SystemAdminTeam + channel1 := th.CreateChannel(Client, team) + user2 := th.CreateUser(Client) + LinkUserToTeam(user2, team) + enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks - enableOutgoingHooks := utils.Cfg.ServiceSettings.EnableOutgoingWebhooks + enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations defer func() { utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks - utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = enableOutgoingHooks + utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks }() utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true - utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = true + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true - team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} - team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) + hook := &model.IncomingWebhook{ChannelId: channel1.Id} + hook = Client.Must(Client.CreateIncomingWebhook(hook)).Data.(*model.IncomingWebhook) - user := &model.User{TeamId: team.Id, Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"} - user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User) - store.Must(Srv.Store.User().VerifyEmail(user.Id)) + if _, err := Client.DeleteIncomingWebhook(hook.Id); err != nil { + t.Fatal(err) + } - c := &Context{} - c.RequestId = model.NewId() - c.IpAddress = "cmd_line" - UpdateRoles(c, user, model.ROLE_SYSTEM_ADMIN) - Client.LoginByEmail(team.Name, user.Email, "pwd") + if _, err := Client.DeleteIncomingWebhook("junk"); err == nil { + t.Fatal("should have failed - bad id") + } - channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} - channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) + if _, err := Client.DeleteIncomingWebhook(""); err == nil { + t.Fatal("should have failed - empty id") + } - if utils.Cfg.ServiceSettings.EnableIncomingWebhooks { - hook := &model.IncomingWebhook{ChannelId: channel1.Id} - hook = Client.Must(Client.CreateIncomingWebhook(hook)).Data.(*model.IncomingWebhook) + hooks := Client.Must(Client.ListIncomingWebhooks()).Data.([]*model.IncomingWebhook) + if len(hooks) != 0 { + t.Fatal("delete didn't work properly") + } - data := make(map[string]string) - data["id"] = hook.Id + hook = &model.IncomingWebhook{ChannelId: channel1.Id} + hook = Client.Must(Client.CreateIncomingWebhook(hook)).Data.(*model.IncomingWebhook) - if _, err := Client.DeleteIncomingWebhook(data); err != nil { - t.Fatal(err) - } + Client.Logout() + Client.Must(Client.LoginById(user2.Id, user2.Password)) + Client.SetTeamId(team.Id) - hooks := Client.Must(Client.ListIncomingWebhooks()).Data.([]*model.IncomingWebhook) - if len(hooks) != 0 { - t.Fatal("delete didn't work properly") - } - } else { - data := make(map[string]string) - data["id"] = "123" + if _, err := Client.DeleteIncomingWebhook(hook.Id); err == nil { + t.Fatal("should have failed - not system/team admin") + } - if _, err := Client.DeleteIncomingWebhook(data); err == nil { - t.Fatal("should have errored - webhooks turned off") - } + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false + + if _, err := Client.DeleteIncomingWebhook(hook.Id); err == nil { + t.Fatal("should have failed - not creator or team admin") + } + + hook = &model.IncomingWebhook{ChannelId: channel1.Id} + hook = Client.Must(Client.CreateIncomingWebhook(hook)).Data.(*model.IncomingWebhook) + + if _, err := Client.DeleteIncomingWebhook(hook.Id); err != nil { + t.Fatal(err) + } + + utils.Cfg.ServiceSettings.EnableIncomingWebhooks = false + + if _, err := Client.DeleteIncomingWebhook(hook.Id); err == nil { + t.Fatal("should have errored - webhooks turned off") } } func TestCreateOutgoingHook(t *testing.T) { - Setup() - enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks + th := Setup().InitSystemAdmin() + Client := th.SystemAdminClient + user := th.SystemAdminUser + team := th.SystemAdminTeam + team2 := th.CreateTeam(Client) + channel1 := th.CreateChannel(Client, team) + channel2 := th.CreatePrivateChannel(Client, team) + user2 := th.CreateUser(Client) + LinkUserToTeam(user2, team) + user3 := th.CreateUser(Client) + LinkUserToTeam(user3, team2) + enableOutgoingHooks := utils.Cfg.ServiceSettings.EnableOutgoingWebhooks + enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations defer func() { - utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = enableOutgoingHooks + utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks }() - utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = true + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true - team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} - team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) + hook := &model.OutgoingWebhook{ChannelId: channel1.Id, CallbackURLs: []string{"http://nowhere.com"}} - user := &model.User{TeamId: team.Id, Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"} - user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User) - store.Must(Srv.Store.User().VerifyEmail(user.Id)) + var rhook *model.OutgoingWebhook + if result, err := Client.CreateOutgoingWebhook(hook); err != nil { + t.Fatal(err) + } else { + rhook = result.Data.(*model.OutgoingWebhook) + } - c := &Context{} - c.RequestId = model.NewId() - c.IpAddress = "cmd_line" - UpdateRoles(c, user, model.ROLE_SYSTEM_ADMIN) - Client.LoginByEmail(team.Name, user.Email, "pwd") + if hook.ChannelId != rhook.ChannelId { + t.Fatal("channel ids didn't match") + } - channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} - channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) + if rhook.CreatorId != user.Id { + t.Fatal("user ids didn't match") + } - channel2 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} - channel2 = Client.Must(Client.CreateChannel(channel2)).Data.(*model.Channel) + if rhook.TeamId != team.Id { + t.Fatal("team ids didn't match") + } - hook := &model.OutgoingWebhook{ChannelId: channel1.Id, CallbackURLs: []string{"http://nowhere.com"}} + hook = &model.OutgoingWebhook{ChannelId: "junk", CallbackURLs: []string{"http://nowhere.com"}} + if _, err := Client.CreateOutgoingWebhook(hook); err == nil { + t.Fatal("should have failed - bad channel id") + } - if utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { - var rhook *model.OutgoingWebhook - if result, err := Client.CreateOutgoingWebhook(hook); err != nil { - t.Fatal(err) - } else { - rhook = result.Data.(*model.OutgoingWebhook) + hook = &model.OutgoingWebhook{ChannelId: channel1.Id, CreatorId: "123", TeamId: "456", CallbackURLs: []string{"http://nowhere.com"}} + if result, err := Client.CreateOutgoingWebhook(hook); err != nil { + t.Fatal(err) + } else { + if result.Data.(*model.OutgoingWebhook).CreatorId != user.Id { + t.Fatal("bad user id wasn't overwritten") } - - if hook.ChannelId != rhook.ChannelId { - t.Fatal("channel ids didn't match") + if result.Data.(*model.OutgoingWebhook).TeamId != team.Id { + t.Fatal("bad team id wasn't overwritten") } + } - if rhook.CreatorId != user.Id { - t.Fatal("user ids didn't match") - } + hook = &model.OutgoingWebhook{ChannelId: channel2.Id, CallbackURLs: []string{"http://nowhere.com"}} + if _, err := Client.CreateOutgoingWebhook(hook); err == nil { + t.Fatal("should have failed - private channel") + } - if rhook.TeamId != team.Id { - t.Fatal("team ids didn't match") - } + hook = &model.OutgoingWebhook{CallbackURLs: []string{"http://nowhere.com"}} + if _, err := Client.CreateOutgoingWebhook(hook); err == nil { + t.Fatal("should have failed - blank channel and trigger words") + } - hook = &model.OutgoingWebhook{ChannelId: "junk", CallbackURLs: []string{"http://nowhere.com"}} - if _, err := Client.CreateOutgoingWebhook(hook); err == nil { - t.Fatal("should have failed - bad channel id") - } + Client.Logout() + Client.Must(Client.LoginById(user2.Id, user2.Password)) + Client.SetTeamId(team.Id) - hook = &model.OutgoingWebhook{ChannelId: channel2.Id, CreatorId: "123", TeamId: "456", CallbackURLs: []string{"http://nowhere.com"}} - if result, err := Client.CreateOutgoingWebhook(hook); err != nil { - t.Fatal(err) - } else { - if result.Data.(*model.OutgoingWebhook).CreatorId != user.Id { - t.Fatal("bad user id wasn't overwritten") - } - if result.Data.(*model.OutgoingWebhook).TeamId != team.Id { - t.Fatal("bad team id wasn't overwritten") - } - } - } else { - if _, err := Client.CreateOutgoingWebhook(hook); err == nil { - t.Fatal("should have errored - webhooks turned off") - } + hook = &model.OutgoingWebhook{ChannelId: channel1.Id, CallbackURLs: []string{"http://nowhere.com"}} + if _, err := Client.CreateOutgoingWebhook(hook); err == nil { + t.Fatal("should have failed - not system/team admin") + } + + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false + + if _, err := Client.CreateOutgoingWebhook(hook); err != nil { + t.Fatal(err) + } + + Client.Logout() + Client.Must(Client.LoginById(user3.Id, user3.Password)) + Client.SetTeamId(team2.Id) + + if _, err := Client.CreateOutgoingWebhook(hook); err == nil { + t.Fatal("should have failed - wrong team") + } + + utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = false + + if _, err := Client.CreateOutgoingWebhook(hook); err == nil { + t.Fatal("should have errored - webhooks turned off") } } func TestListOutgoingHooks(t *testing.T) { - Setup() - enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks + th := Setup().InitSystemAdmin() + Client := th.SystemAdminClient + team := th.SystemAdminTeam + channel1 := th.CreateChannel(Client, team) + user2 := th.CreateUser(Client) + LinkUserToTeam(user2, team) + enableOutgoingHooks := utils.Cfg.ServiceSettings.EnableOutgoingWebhooks + enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations defer func() { - utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = enableOutgoingHooks + utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks }() - utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = true + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true - team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} - team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) + hook1 := &model.OutgoingWebhook{ChannelId: channel1.Id, CallbackURLs: []string{"http://nowhere.com"}} + hook1 = Client.Must(Client.CreateOutgoingWebhook(hook1)).Data.(*model.OutgoingWebhook) - user := &model.User{TeamId: team.Id, Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"} - user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User) - store.Must(Srv.Store.User().VerifyEmail(user.Id)) + hook2 := &model.OutgoingWebhook{TriggerWords: []string{"trigger"}, CallbackURLs: []string{"http://nowhere.com"}} + hook2 = Client.Must(Client.CreateOutgoingWebhook(hook2)).Data.(*model.OutgoingWebhook) - c := &Context{} - c.RequestId = model.NewId() - c.IpAddress = "cmd_line" - UpdateRoles(c, user, model.ROLE_SYSTEM_ADMIN) - Client.LoginByEmail(team.Name, user.Email, "pwd") + if result, err := Client.ListOutgoingWebhooks(); err != nil { + t.Fatal(err) + } else { + hooks := result.Data.([]*model.OutgoingWebhook) - channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} - channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) + if len(hooks) != 2 { + t.Fatal("incorrect number of hooks") + } + } - if utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { - hook1 := &model.OutgoingWebhook{ChannelId: channel1.Id, CallbackURLs: []string{"http://nowhere.com"}} - hook1 = Client.Must(Client.CreateOutgoingWebhook(hook1)).Data.(*model.OutgoingWebhook) + Client.Logout() + Client.Must(Client.LoginById(user2.Id, user2.Password)) + Client.SetTeamId(team.Id) - hook2 := &model.OutgoingWebhook{TriggerWords: []string{"trigger"}, CallbackURLs: []string{"http://nowhere.com"}} - hook2 = Client.Must(Client.CreateOutgoingWebhook(hook2)).Data.(*model.OutgoingWebhook) + if _, err := Client.ListOutgoingWebhooks(); err == nil { + t.Fatal("should have failed - not system/team admin") + } - if result, err := Client.ListOutgoingWebhooks(); err != nil { - t.Fatal(err) - } else { - hooks := result.Data.([]*model.OutgoingWebhook) + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false - if len(hooks) != 2 { - t.Fatal("incorrect number of hooks") - } - } - } else { - if _, err := Client.ListOutgoingWebhooks(); err == nil { - t.Fatal("should have errored - webhooks turned off") - } + if _, err := Client.ListOutgoingWebhooks(); err != nil { + t.Fatal(err) + } + + utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = false + + if _, err := Client.ListOutgoingWebhooks(); err == nil { + t.Fatal("should have errored - webhooks turned off") } } func TestDeleteOutgoingHook(t *testing.T) { - Setup() - enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks + th := Setup().InitSystemAdmin() + Client := th.SystemAdminClient + team := th.SystemAdminTeam + channel1 := th.CreateChannel(Client, team) + user2 := th.CreateUser(Client) + LinkUserToTeam(user2, team) + enableOutgoingHooks := utils.Cfg.ServiceSettings.EnableOutgoingWebhooks + enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations defer func() { - utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = enableOutgoingHooks + utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks }() - utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = true + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true - team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} - team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) + hook := &model.OutgoingWebhook{ChannelId: channel1.Id, CallbackURLs: []string{"http://nowhere.com"}} + hook = Client.Must(Client.CreateOutgoingWebhook(hook)).Data.(*model.OutgoingWebhook) - user := &model.User{TeamId: team.Id, Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"} - user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User) - store.Must(Srv.Store.User().VerifyEmail(user.Id)) + if _, err := Client.DeleteOutgoingWebhook("junk"); err == nil { + t.Fatal("should have failed - bad hook id") + } - c := &Context{} - c.RequestId = model.NewId() - c.IpAddress = "cmd_line" - UpdateRoles(c, user, model.ROLE_SYSTEM_ADMIN) - Client.LoginByEmail(team.Name, user.Email, "pwd") + if _, err := Client.DeleteOutgoingWebhook(""); err == nil { + t.Fatal("should have failed - empty hook id") + } - channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} - channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) + if _, err := Client.DeleteOutgoingWebhook(hook.Id); err != nil { + t.Fatal(err) + } - if utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { - hook := &model.OutgoingWebhook{ChannelId: channel1.Id, CallbackURLs: []string{"http://nowhere.com"}} - hook = Client.Must(Client.CreateOutgoingWebhook(hook)).Data.(*model.OutgoingWebhook) + hooks := Client.Must(Client.ListOutgoingWebhooks()).Data.([]*model.OutgoingWebhook) + if len(hooks) != 0 { + t.Fatal("delete didn't work properly") + } - data := make(map[string]string) - data["id"] = hook.Id + hook = &model.OutgoingWebhook{ChannelId: channel1.Id, CallbackURLs: []string{"http://nowhere.com"}} + hook = Client.Must(Client.CreateOutgoingWebhook(hook)).Data.(*model.OutgoingWebhook) - if _, err := Client.DeleteOutgoingWebhook(data); err != nil { - t.Fatal(err) - } + Client.Logout() + Client.Must(Client.LoginById(user2.Id, user2.Password)) + Client.SetTeamId(team.Id) - hooks := Client.Must(Client.ListOutgoingWebhooks()).Data.([]*model.OutgoingWebhook) - if len(hooks) != 0 { - t.Fatal("delete didn't work properly") - } - } else { - data := make(map[string]string) - data["id"] = "123" + if _, err := Client.DeleteOutgoingWebhook(hook.Id); err == nil { + t.Fatal("should have failed - not system/team admin") + } - if _, err := Client.DeleteOutgoingWebhook(data); err == nil { - t.Fatal("should have errored - webhooks turned off") - } + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false + + if _, err := Client.DeleteOutgoingWebhook(hook.Id); err == nil { + t.Fatal("should have failed - not creator or team admin") + } + + hook = &model.OutgoingWebhook{ChannelId: channel1.Id, CallbackURLs: []string{"http://nowhere.com"}} + hook = Client.Must(Client.CreateOutgoingWebhook(hook)).Data.(*model.OutgoingWebhook) + + if _, err := Client.DeleteOutgoingWebhook(hook.Id); err != nil { + t.Fatal(err) + } + + utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = false + + if _, err := Client.DeleteOutgoingWebhook(hook.Id); err == nil { + t.Fatal("should have errored - webhooks turned off") } } func TestRegenOutgoingHookToken(t *testing.T) { - Setup() - enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks + th := Setup().InitSystemAdmin() + Client := th.SystemAdminClient + team := th.SystemAdminTeam + team2 := th.CreateTeam(Client) + channel1 := th.CreateChannel(Client, team) + user2 := th.CreateUser(Client) + LinkUserToTeam(user2, team) + user3 := th.CreateUser(Client) + LinkUserToTeam(user3, team2) + enableOutgoingHooks := utils.Cfg.ServiceSettings.EnableOutgoingWebhooks + enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations defer func() { - utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = enableOutgoingHooks + utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks }() - utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = true + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true - team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} - team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) + hook := &model.OutgoingWebhook{ChannelId: channel1.Id, CallbackURLs: []string{"http://nowhere.com"}} + hook = Client.Must(Client.CreateOutgoingWebhook(hook)).Data.(*model.OutgoingWebhook) - user := &model.User{TeamId: team.Id, Email: model.NewId() + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "pwd"} - user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User) - store.Must(Srv.Store.User().VerifyEmail(user.Id)) + if _, err := Client.RegenOutgoingWebhookToken("junk"); err == nil { + t.Fatal("should have failed - bad id") + } - c := &Context{} - c.RequestId = model.NewId() - c.IpAddress = "cmd_line" - UpdateRoles(c, user, model.ROLE_SYSTEM_ADMIN) - Client.LoginByEmail(team.Name, user.Email, "pwd") + if _, err := Client.RegenOutgoingWebhookToken(""); err == nil { + t.Fatal("should have failed - empty id") + } - channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} - channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) + if result, err := Client.RegenOutgoingWebhookToken(hook.Id); err != nil { + t.Fatal(err) + } else { + if result.Data.(*model.OutgoingWebhook).Token == hook.Token { + t.Fatal("regen didn't work properly") + } + } - if utils.Cfg.ServiceSettings.EnableOutgoingWebhooks { - hook := &model.OutgoingWebhook{ChannelId: channel1.Id, CallbackURLs: []string{"http://nowhere.com"}} - hook = Client.Must(Client.CreateOutgoingWebhook(hook)).Data.(*model.OutgoingWebhook) + Client.Logout() + Client.Must(Client.LoginById(user2.Id, user2.Password)) + Client.SetTeamId(team.Id) - data := make(map[string]string) - data["id"] = hook.Id + if _, err := Client.RegenOutgoingWebhookToken(hook.Id); err == nil { + t.Fatal("should have failed - not system/team admin") + } - if result, err := Client.RegenOutgoingWebhookToken(data); err != nil { - t.Fatal(err) - } else { - if result.Data.(*model.OutgoingWebhook).Token == hook.Token { - t.Fatal("regen didn't work properly") - } - } + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false - } else { - data := make(map[string]string) - data["id"] = "123" + hook = &model.OutgoingWebhook{ChannelId: channel1.Id, CallbackURLs: []string{"http://nowhere.com"}} + hook = Client.Must(Client.CreateOutgoingWebhook(hook)).Data.(*model.OutgoingWebhook) - if _, err := Client.RegenOutgoingWebhookToken(data); err == nil { - t.Fatal("should have errored - webhooks turned off") - } + if _, err := Client.RegenOutgoingWebhookToken(hook.Id); err != nil { + t.Fatal(err) + } + + Client.Logout() + Client.Must(Client.LoginById(user3.Id, user3.Password)) + Client.SetTeamId(team2.Id) + + if _, err := Client.RegenOutgoingWebhookToken(hook.Id); err == nil { + t.Fatal("should have failed - wrong team") + } + + utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = false + + if _, err := Client.RegenOutgoingWebhookToken(hook.Id); err == nil { + t.Fatal("should have errored - webhooks turned off") + } +} +func TestIncomingWebhooks(t *testing.T) { + th := Setup().InitSystemAdmin() + Client := th.SystemAdminClient + team := th.SystemAdminTeam + channel1 := th.CreateChannel(Client, team) + user2 := th.CreateUser(Client) + LinkUserToTeam(user2, team) + + enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks + defer func() { + utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks + }() + utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true + + hook := &model.IncomingWebhook{ChannelId: channel1.Id} + hook = Client.Must(Client.CreateIncomingWebhook(hook)).Data.(*model.IncomingWebhook) + + url := "/hooks/" + hook.Id + + if _, err := Client.DoPost(url, "{\"text\":\"this is a test\"}", "application/json"); err != nil { + t.Fatal(err) + } + + if _, err := Client.DoPost(url, fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"%s\"}", channel1.Name), "application/json"); err != nil { + t.Fatal(err) + } + + if _, err := Client.DoPost(url, fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"#%s\"}", channel1.Name), "application/json"); err != nil { + t.Fatal(err) + } + + Client.Must(Client.CreateDirectChannel(user2.Id)) + + if _, err := Client.DoPost(url, fmt.Sprintf("{\"text\":\"this is a test\", \"channel\":\"@%s\"}", user2.Username), "application/json"); err != nil { + t.Fatal(err) + } + + if _, err := Client.DoPost(url, "payload={\"text\":\"this is a test\"}", "application/x-www-form-urlencoded"); err != nil { + t.Fatal(err) + } + + attachmentPayload := `{ + "text": "this is a test", + "attachments": [ + { + "fallback": "Required plain-text summary of the attachment.", + + "color": "#36a64f", + + "pretext": "Optional text that appears above the attachment block", + + "author_name": "Bobby Tables", + "author_link": "http://flickr.com/bobby/", + "author_icon": "http://flickr.com/icons/bobby.jpg", + + "title": "Slack API Documentation", + "title_link": "https://api.slack.com/", + + "text": "Optional text that appears within the attachment", + + "fields": [ + { + "title": "Priority", + "value": "High", + "short": false + } + ], + + "image_url": "http://my-website.com/path/to/image.jpg", + "thumb_url": "http://example.com/path/to/thumb.png" + } + ] + }` + + if _, err := Client.DoPost(url, attachmentPayload, "application/json"); err != nil { + t.Fatal(err) + } + + if _, err := Client.DoPost(url, "{\"text\":\"\"}", "application/json"); err == nil { + t.Fatal("should have failed - no text") + } + + utils.Cfg.ServiceSettings.EnableIncomingWebhooks = false + + if _, err := Client.DoPost(url, "{\"text\":\"this is a test\"}", "application/json"); err == nil { + t.Fatal("should have failed - webhooks turned off") } } -- cgit v1.2.3-1-g7c22