diff options
author | Carlos Tadeu Panato Junior <ctadeu@gmail.com> | 2017-03-20 13:56:23 +0100 |
---|---|---|
committer | George Goldberg <george@gberg.me> | 2017-03-20 12:56:23 +0000 |
commit | 3d14573b8c4df6f293fdac9933aa270b541234ec (patch) | |
tree | 306853083ead0bbdc1419c46dcd9e83bfab2c9bf | |
parent | 4efefa0ff6a49491ea33ca7fd5c9efd2422b0fe1 (diff) | |
download | chat-3d14573b8c4df6f293fdac9933aa270b541234ec.tar.gz chat-3d14573b8c4df6f293fdac9933aa270b541234ec.tar.bz2 chat-3d14573b8c4df6f293fdac9933aa270b541234ec.zip |
[APIV4] POST /hooks/outgoing/{hook_id}/regen_token - regentoken endpoint for apiV4 (#5783)
-rw-r--r-- | api4/webhook.go | 34 | ||||
-rw-r--r-- | api4/webhook_test.go | 41 | ||||
-rw-r--r-- | model/client4.go | 14 |
3 files changed, 89 insertions, 0 deletions
diff --git a/api4/webhook.go b/api4/webhook.go index feecdbd0f..b1c013843 100644 --- a/api4/webhook.go +++ b/api4/webhook.go @@ -23,6 +23,7 @@ func InitWebhook() { BaseRoutes.OutgoingHooks.Handle("", ApiSessionRequired(createOutgoingHook)).Methods("POST") BaseRoutes.OutgoingHooks.Handle("", ApiSessionRequired(getOutgoingHooks)).Methods("GET") + BaseRoutes.OutgoingHook.Handle("/regen_token", ApiSessionRequired(regenOutgoingHookToken)).Methods("POST") } func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { @@ -287,3 +288,36 @@ func getOutgoingHooks(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(model.OutgoingWebhookListToJson(hooks))) } + +func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireHookId() + if c.Err != nil { + return + } + + hook, err := app.GetOutgoingWebhook(c.Params.HookId) + if err != nil { + c.Err = err + return + } + + c.LogAudit("attempt") + + if !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) { + c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS) + return + } + + if c.Session.UserId != hook.CreatorId && !app.SessionHasPermissionToTeam(c.Session, hook.TeamId, model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_WEBHOOKS) + return + } + + if rhook, err := app.RegenOutgoingWebhookToken(hook); err != nil { + c.Err = err + return + } else { + w.Write([]byte(rhook.ToJson())) + } +} diff --git a/api4/webhook_test.go b/api4/webhook_test.go index b488f432c..aa1f79cdd 100644 --- a/api4/webhook_test.go +++ b/api4/webhook_test.go @@ -584,3 +584,44 @@ func TestUpdateIncomingHook(t *testing.T) { CheckUnauthorizedStatus(t, resp) }) } + +func TestRegenOutgoingHookToken(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + enableOutgoingHooks := utils.Cfg.ServiceSettings.EnableOutgoingWebhooks + enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations + defer func() { + utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = enableOutgoingHooks + utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks + utils.SetDefaultRolesBasedOnConfig() + }() + utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = true + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true + utils.SetDefaultRolesBasedOnConfig() + + hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}} + rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook) + CheckNoError(t, resp) + + _, resp = th.SystemAdminClient.RegenOutgoingHookToken("junk") + CheckBadRequestStatus(t, resp) + + //investigate why is act weird on jenkins + // _, resp = th.SystemAdminClient.RegenOutgoingHookToken("") + // CheckNotFoundStatus(t, resp) + + regenHookToken, resp := th.SystemAdminClient.RegenOutgoingHookToken(rhook.Id) + CheckNoError(t, resp) + if regenHookToken.Token == rhook.Token { + t.Fatal("regen didn't work properly") + } + + _, resp = Client.RegenOutgoingHookToken(rhook.Id) + CheckForbiddenStatus(t, resp) + + utils.Cfg.ServiceSettings.EnableOutgoingWebhooks = false + _, resp = th.SystemAdminClient.RegenOutgoingHookToken(rhook.Id) + CheckNotImplementedStatus(t, resp) +} diff --git a/model/client4.go b/model/client4.go index bcefe90a4..d6d804c7b 100644 --- a/model/client4.go +++ b/model/client4.go @@ -182,6 +182,10 @@ func (c *Client4) GetOutgoingWebhooksRoute() string { return fmt.Sprintf("/hooks/outgoing") } +func (c *Client4) GetOutgoingWebhookRoute(hookID string) string { + return fmt.Sprintf(c.GetOutgoingWebhooksRoute()+"/%v", hookID) +} + func (c *Client4) GetPreferencesRoute(userId string) string { return fmt.Sprintf(c.GetUserRoute(userId) + "/preferences") } @@ -1329,6 +1333,16 @@ func (c *Client4) GetOutgoingWebhooksForTeam(teamId string, page int, perPage in } } +// RegenOutgoingHookToken regenerate the outgoing webhook token. +func (c *Client4) RegenOutgoingHookToken(hookId string) (*OutgoingWebhook, *Response) { + if r, err := c.DoApiPost(c.GetOutgoingWebhookRoute(hookId)+"/regen_token", ""); err != nil { + return nil, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return OutgoingWebhookFromJson(r.Body), BuildResponse(r) + } +} + // Preferences Section // GetPreferences returns the user's preferences. |