PLT-7811 Standardized team sanitization flow (#7586)

* post-4.3 commit (#7581) * reduce store boiler plate (#7585) * fix GetPostsByIds error (#7591) * PLT-7811 Standardized team sanitization flow * Fixed TestGetAllTeamListings * Stopped sanitizing teams for team admins * Removed debug logging * Added TearDown to sanitization tests that needed it
author: Harrison Healey <harrisonmhealey@gmail.com> 2017-10-09 13:30:59 -0400
committer: Chris <ccbrown112@gmail.com> 2017-10-09 10:30:59 -0700
commit: e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67 (patch)
tree: 1c3f07497661fb18bdd6506ff3746777a09e0816 /api/team_test.go
parent: 9adaf53e110e0e806b21903111aacb93129668cb (diff)
download: chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.tar.gz
chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.tar.bz2
chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.zip
1 files changed, 349 insertions, 8 deletions
diff --git a/api/team_test.go b/api/team_test.go
index ea29b9d6f..1e4b36433 100644
--- a/api/team_test.go
+++ b/api/team_test.go
@@ -56,6 +56,49 @@ func TestCreateTeam(t *testing.T) {
 	}
 }
 
+func TestCreateTeamSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	// Non-admin users can create a team, but they become a team admin by doing so
+
+	t.Run("team admin", func(t *testing.T) {
+		team := &model.Team{
+			DisplayName:    t.Name() + "_1",
+			Name:           GenerateTestTeamName(),
+			Email:          GenerateTestEmail(),
+			Type:           model.TEAM_OPEN,
+			AllowedDomains: "simulator.amazonses.com",
+		}
+
+		if res, err := th.BasicClient.CreateTeam(team); err != nil {
+			t.Fatal(err)
+		} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
+			t.Fatal("should not have sanitized email")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		team := &model.Team{
+			DisplayName:    t.Name() + "_2",
+			Name:           GenerateTestTeamName(),
+			Email:          GenerateTestEmail(),
+			Type:           model.TEAM_OPEN,
+			AllowedDomains: "simulator.amazonses.com",
+		}
+
+		if res, err := th.SystemAdminClient.CreateTeam(team); err != nil {
+			t.Fatal(err)
+		} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
+			t.Fatal("should not have sanitized email")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+}
+
 func TestAddUserToTeam(t *testing.T) {
 	th := Setup().InitSystemAdmin().InitBasic()
 	defer th.TearDown()
@@ -253,6 +296,77 @@ func TestGetAllTeams(t *testing.T) {
 	}
 }
 
+func TestGetAllTeamsSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	var team *model.Team
+	if res, err := th.BasicClient.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_1",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	}); err != nil {
+		t.Fatal(err)
+	} else {
+		team = res.Data.(*model.Team)
+	}
+
+	var team2 *model.Team
+	if res, err := th.SystemAdminClient.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_2",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	}); err != nil {
+		t.Fatal(err)
+	} else {
+		team2 = res.Data.(*model.Team)
+	}
+
+	t.Run("team admin/team user", func(t *testing.T) {
+		if res, err := th.BasicClient.GetAllTeams(); err != nil {
+			t.Fatal(err)
+		} else {
+			for _, rteam := range res.Data.(map[string]*model.Team) {
+				if rteam.Id == team.Id {
+					if rteam.Email == "" {
+						t.Fatal("should not have sanitized email for team admin")
+					} else if rteam.AllowedDomains == "" {
+						t.Fatal("should not have sanitized allowed domains for team admin")
+					}
+				} else if rteam.Id == team2.Id {
+					if rteam.Email != "" {
+						t.Fatal("should've sanitized email for non-admin")
+					} else if rteam.AllowedDomains != "" {
+						t.Fatal("should've sanitized allowed domains for non-admin")
+					}
+				}
+			}
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		if res, err := th.SystemAdminClient.GetAllTeams(); err != nil {
+			t.Fatal(err)
+		} else {
+			for _, rteam := range res.Data.(map[string]*model.Team) {
+				if rteam.Id != team.Id && rteam.Id != team2.Id {
+					continue
+				}
+
+				if rteam.Email == "" {
+					t.Fatal("should not have sanitized email")
+				} else if rteam.AllowedDomains == "" {
+					t.Fatal("should not have sanitized allowed domains")
+				}
+			}
+		}
+	})
+}
+
 func TestGetAllTeamListings(t *testing.T) {
 	th := Setup().InitBasic()
 	defer th.TearDown()
@@ -277,10 +391,7 @@ func TestGetAllTeamListings(t *testing.T) {
 	} else {
 		teams := r1.Data.(map[string]*model.Team)
 		if teams[team.Id].Name != team.Name {
-			t.Fatal()
-		}
-		if teams[team.Id].Email != "" {
-			t.Fatal("Non admin users shoudn't get full listings")
+			t.Fatal("team name doesn't match")
 		}
 	}
 
@@ -294,14 +405,84 @@ func TestGetAllTeamListings(t *testing.T) {
 	} else {
 		teams := r1.Data.(map[string]*model.Team)
 		if teams[team.Id].Name != team.Name {
-			t.Fatal()
-		}
-		if teams[team.Id].Email != team.Email {
-			t.Fatal()
+			t.Fatal("team name doesn't match")
 		}
 	}
 }
 
+func TestGetAllTeamListingsSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	var team *model.Team
+	if res, err := th.BasicClient.CreateTeam(&model.Team{
+		DisplayName:     t.Name() + "_1",
+		Name:            GenerateTestTeamName(),
+		Email:           GenerateTestEmail(),
+		Type:            model.TEAM_OPEN,
+		AllowedDomains:  "simulator.amazonses.com",
+		AllowOpenInvite: true,
+	}); err != nil {
+		t.Fatal(err)
+	} else {
+		team = res.Data.(*model.Team)
+	}
+
+	var team2 *model.Team
+	if res, err := th.SystemAdminClient.CreateTeam(&model.Team{
+		DisplayName:     t.Name() + "_2",
+		Name:            GenerateTestTeamName(),
+		Email:           GenerateTestEmail(),
+		Type:            model.TEAM_OPEN,
+		AllowedDomains:  "simulator.amazonses.com",
+		AllowOpenInvite: true,
+	}); err != nil {
+		t.Fatal(err)
+	} else {
+		team2 = res.Data.(*model.Team)
+	}
+
+	t.Run("team admin/non-admin", func(t *testing.T) {
+		if res, err := th.BasicClient.GetAllTeamListings(); err != nil {
+			t.Fatal(err)
+		} else {
+			for _, rteam := range res.Data.(map[string]*model.Team) {
+				if rteam.Id == team.Id {
+					if rteam.Email == "" {
+						t.Fatal("should not have sanitized email for team admin")
+					} else if rteam.AllowedDomains == "" {
+						t.Fatal("should not have sanitized allowed domains for team admin")
+					}
+				} else if rteam.Id == team2.Id {
+					if rteam.Email != "" {
+						t.Fatal("should've sanitized email for non-admin")
+					} else if rteam.AllowedDomains != "" {
+						t.Fatal("should've sanitized allowed domains for non-admin")
+					}
+				}
+			}
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		if res, err := th.SystemAdminClient.GetAllTeamListings(); err != nil {
+			t.Fatal(err)
+		} else {
+			for _, rteam := range res.Data.(map[string]*model.Team) {
+				if rteam.Id != team.Id && rteam.Id != team2.Id {
+					continue
+				}
+
+				if rteam.Email == "" {
+					t.Fatal("should not have sanitized email")
+				} else if rteam.AllowedDomains == "" {
+					t.Fatal("should not have sanitized allowed domains")
+				}
+			}
+		}
+	})
+}
+
 func TestTeamPermDelete(t *testing.T) {
 	th := Setup().InitBasic()
 	defer th.TearDown()
@@ -476,6 +657,52 @@ func TestUpdateTeamDisplayName(t *testing.T) {
 	}
 }
 
+func TestUpdateTeamSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	var team *model.Team
+	if res, err := th.BasicClient.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_1",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	}); err != nil {
+		t.Fatal(err)
+	} else {
+		team = res.Data.(*model.Team)
+	}
+
+	// Non-admin users cannot update the team
+
+	t.Run("team admin", func(t *testing.T) {
+		// API v3 always assumes you're updating the current team
+		th.BasicClient.SetTeamId(team.Id)
+
+		if res, err := th.BasicClient.UpdateTeam(team); err != nil {
+			t.Fatal(err)
+		} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
+			t.Fatal("should not have sanitized email for admin")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		// API v3 always assumes you're updating the current team
+		th.SystemAdminClient.SetTeamId(team.Id)
+
+		if res, err := th.SystemAdminClient.UpdateTeam(team); err != nil {
+			t.Fatal(err)
+		} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
+			t.Fatal("should not have sanitized email for admin")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+}
+
 func TestFuzzyTeamCreate(t *testing.T) {
 	th := Setup().InitBasic()
 	defer th.TearDown()
@@ -537,6 +764,65 @@ func TestGetMyTeam(t *testing.T) {
 	}
 }
 
+func TestGetMyTeamSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	var team *model.Team
+	if res, err := th.BasicClient.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_1",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	}); err != nil {
+		t.Fatal(err)
+	} else {
+		team = res.Data.(*model.Team)
+	}
+
+	t.Run("team user", func(t *testing.T) {
+		th.LinkUserToTeam(th.BasicUser2, team)
+
+		client := th.CreateClient()
+		client.Must(client.Login(th.BasicUser2.Email, th.BasicUser2.Password))
+
+		client.SetTeamId(team.Id)
+
+		if res, err := client.GetMyTeam(""); err != nil {
+			t.Fatal(err)
+		} else if rteam := res.Data.(*model.Team); rteam.Email != "" {
+			t.Fatal("should've sanitized email")
+		} else if rteam.AllowedDomains != "" {
+			t.Fatal("should've sanitized allowed domains")
+		}
+	})
+
+	t.Run("team admin", func(t *testing.T) {
+		th.BasicClient.SetTeamId(team.Id)
+
+		if res, err := th.BasicClient.GetMyTeam(""); err != nil {
+			t.Fatal(err)
+		} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
+			t.Fatal("should not have sanitized email")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		th.SystemAdminClient.SetTeamId(team.Id)
+
+		if res, err := th.SystemAdminClient.GetMyTeam(""); err != nil {
+			t.Fatal(err)
+		} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
+			t.Fatal("should not have sanitized email")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+}
+
 func TestGetTeamMembers(t *testing.T) {
 	th := Setup().InitBasic()
 	defer th.TearDown()
@@ -898,6 +1184,61 @@ func TestGetTeamByName(t *testing.T) {
 	}
 }
 
+func TestGetTeamByNameSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	var team *model.Team
+	if res, err := th.BasicClient.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_1",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	}); err != nil {
+		t.Fatal(err)
+	} else {
+		team = res.Data.(*model.Team)
+	}
+
+	t.Run("team user", func(t *testing.T) {
+		th.LinkUserToTeam(th.BasicUser2, team)
+
+		client := th.CreateClient()
+		client.Must(client.Login(th.BasicUser2.Email, th.BasicUser2.Password))
+
+		if res, err := client.GetTeamByName(team.Name); err != nil {
+			t.Fatal(err)
+		} else if rteam := res.Data.(*model.Team); rteam.Email != "" {
+			t.Fatal("should've sanitized email")
+		} else if rteam.AllowedDomains != "" {
+			t.Fatal("should've sanitized allowed domains")
+		}
+	})
+
+	t.Run("team admin", func(t *testing.T) {
+		if res, err := th.BasicClient.GetTeamByName(team.Name); err != nil {
+			t.Fatal(err)
+		} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
+			t.Fatal("should not have sanitized email")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		th.SystemAdminClient.SetTeamId(team.Id)
+
+		if res, err := th.SystemAdminClient.GetTeamByName(team.Name); err != nil {
+			t.Fatal(err)
+		} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
+			t.Fatal("should not have sanitized email")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+}
+
 func TestFindTeamByName(t *testing.T) {
 	th := Setup().InitBasic()
 	defer th.TearDown()
author	Harrison Healey <harrisonmhealey@gmail.com>	2017-10-09 13:30:59 -0400
committer	Chris <ccbrown112@gmail.com>	2017-10-09 10:30:59 -0700
commit	e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67 (patch)
tree	1c3f07497661fb18bdd6506ff3746777a09e0816 /api/team_test.go
parent	9adaf53e110e0e806b21903111aacb93129668cb (diff)
download	chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.tar.gz chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.tar.bz2 chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.zip