PLT-7811 Standardized team sanitization flow (#7586)

* post-4.3 commit (#7581) * reduce store boiler plate (#7585) * fix GetPostsByIds error (#7591) * PLT-7811 Standardized team sanitization flow * Fixed TestGetAllTeamListings * Stopped sanitizing teams for team admins * Removed debug logging * Added TearDown to sanitization tests that needed it
author: Harrison Healey <harrisonmhealey@gmail.com> 2017-10-09 13:30:59 -0400
committer: Chris <ccbrown112@gmail.com> 2017-10-09 10:30:59 -0700
commit: e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67 (patch)
tree: 1c3f07497661fb18bdd6506ff3746777a09e0816 /api4/team_test.go
parent: 9adaf53e110e0e806b21903111aacb93129668cb (diff)
download: chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.tar.gz
chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.tar.bz2
chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.zip
1 files changed, 455 insertions, 14 deletions
diff --git a/api4/team_test.go b/api4/team_test.go
index bd42682bf..45484e2a1 100644
--- a/api4/team_test.go
+++ b/api4/team_test.go
@@ -7,7 +7,6 @@ import (
 	"encoding/binary"
 	"fmt"
 	"net/http"
-	"reflect"
 	"strconv"
 	"strings"
 	"testing"
@@ -82,6 +81,49 @@ func TestCreateTeam(t *testing.T) {
 	CheckForbiddenStatus(t, resp)
 }
 
+func TestCreateTeamSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	// Non-admin users can create a team, but they become a team admin by doing so
+
+	t.Run("team admin", func(t *testing.T) {
+		team := &model.Team{
+			DisplayName:    t.Name() + "_1",
+			Name:           GenerateTestTeamName(),
+			Email:          GenerateTestEmail(),
+			Type:           model.TEAM_OPEN,
+			AllowedDomains: "simulator.amazonses.com",
+		}
+
+		rteam, resp := th.Client.CreateTeam(team)
+		CheckNoError(t, resp)
+		if rteam.Email == "" {
+			t.Fatal("should not have sanitized email")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		team := &model.Team{
+			DisplayName:    t.Name() + "_2",
+			Name:           GenerateTestTeamName(),
+			Email:          GenerateTestEmail(),
+			Type:           model.TEAM_OPEN,
+			AllowedDomains: "simulator.amazonses.com",
+		}
+
+		rteam, resp := th.SystemAdminClient.CreateTeam(team)
+		CheckNoError(t, resp)
+		if rteam.Email == "" {
+			t.Fatal("should not have sanitized email")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+}
+
 func TestGetTeam(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer th.TearDown()
@@ -129,6 +171,55 @@ func TestGetTeam(t *testing.T) {
 	CheckNoError(t, resp)
 }
 
+func TestGetTeamSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	team, resp := th.Client.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_1",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	})
+	CheckNoError(t, resp)
+
+	t.Run("team user", func(t *testing.T) {
+		th.LinkUserToTeam(th.BasicUser2, team)
+
+		client := th.CreateClient()
+		th.LoginBasic2WithClient(client)
+
+		rteam, resp := client.GetTeam(team.Id, "")
+		CheckNoError(t, resp)
+		if rteam.Email != "" {
+			t.Fatal("should've sanitized email")
+		} else if rteam.AllowedDomains != "" {
+			t.Fatal("should've sanitized allowed domains")
+		}
+	})
+
+	t.Run("team admin", func(t *testing.T) {
+		rteam, resp := th.Client.GetTeam(team.Id, "")
+		CheckNoError(t, resp)
+		if rteam.Email == "" {
+			t.Fatal("should not have sanitized email")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		rteam, resp := th.SystemAdminClient.GetTeam(team.Id, "")
+		CheckNoError(t, resp)
+		if rteam.Email == "" {
+			t.Fatal("should not have sanitized email")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+}
+
 func TestGetTeamUnread(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer th.TearDown()
@@ -203,6 +294,14 @@ func TestUpdateTeam(t *testing.T) {
 		t.Fatal("Update failed")
 	}
 
+	team.AllowedDomains = "domain"
+	uteam, resp = Client.UpdateTeam(team)
+	CheckNoError(t, resp)
+
+	if uteam.AllowedDomains != "domain" {
+		t.Fatal("Update failed")
+	}
+
 	team.Name = "Updated name"
 	uteam, resp = Client.UpdateTeam(team)
 	CheckNoError(t, resp)
@@ -227,14 +326,6 @@ func TestUpdateTeam(t *testing.T) {
 		t.Fatal("Should not update type")
 	}
 
-	team.AllowedDomains = "domain"
-	uteam, resp = Client.UpdateTeam(team)
-	CheckNoError(t, resp)
-
-	if uteam.AllowedDomains == "domain" {
-		t.Fatal("Should not update allowed_domains")
-	}
-
 	originalTeamId := team.Id
 	team.Id = model.NewId()
 
@@ -261,6 +352,42 @@ func TestUpdateTeam(t *testing.T) {
 	CheckNoError(t, resp)
 }
 
+func TestUpdateTeamSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	team, resp := th.Client.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_1",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	})
+	CheckNoError(t, resp)
+
+	// Non-admin users cannot update the team
+
+	t.Run("team admin", func(t *testing.T) {
+		rteam, resp := th.Client.UpdateTeam(team)
+		CheckNoError(t, resp)
+		if rteam.Email == "" {
+			t.Fatal("should not have sanitized email for admin")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		rteam, resp := th.SystemAdminClient.UpdateTeam(team)
+		CheckNoError(t, resp)
+		if rteam.Email == "" {
+			t.Fatal("should not have sanitized email for admin")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+}
+
 func TestPatchTeam(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer th.TearDown()
@@ -284,7 +411,6 @@ func TestPatchTeam(t *testing.T) {
 
 	rteam, resp := Client.PatchTeam(team.Id, patch)
 	CheckNoError(t, resp)
-	CheckTeamSanitization(t, rteam)
 
 	if rteam.DisplayName != "Other name" {
 		t.Fatal("DisplayName did not update properly")
@@ -330,6 +456,42 @@ func TestPatchTeam(t *testing.T) {
 	CheckNoError(t, resp)
 }
 
+func TestPatchTeamSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	team, resp := th.Client.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_1",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	})
+	CheckNoError(t, resp)
+
+	// Non-admin users cannot update the team
+
+	t.Run("team admin", func(t *testing.T) {
+		rteam, resp := th.Client.PatchTeam(team.Id, &model.TeamPatch{})
+		CheckNoError(t, resp)
+		if rteam.Email == "" {
+			t.Fatal("should not have sanitized email for admin")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		rteam, resp := th.SystemAdminClient.PatchTeam(team.Id, &model.TeamPatch{})
+		CheckNoError(t, resp)
+		if rteam.Email == "" {
+			t.Fatal("should not have sanitized email for admin")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+}
+
 func TestSoftDeleteTeam(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer th.TearDown()
@@ -463,6 +625,77 @@ func TestGetAllTeams(t *testing.T) {
 	CheckUnauthorizedStatus(t, resp)
 }
 
+func TestGetAllTeamsSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	team, resp := th.Client.CreateTeam(&model.Team{
+		DisplayName:     t.Name() + "_1",
+		Name:            GenerateTestTeamName(),
+		Email:           GenerateTestEmail(),
+		Type:            model.TEAM_OPEN,
+		AllowedDomains:  "simulator.amazonses.com",
+		AllowOpenInvite: true,
+	})
+	CheckNoError(t, resp)
+	team2, resp := th.SystemAdminClient.CreateTeam(&model.Team{
+		DisplayName:     t.Name() + "_2",
+		Name:            GenerateTestTeamName(),
+		Email:           GenerateTestEmail(),
+		Type:            model.TEAM_OPEN,
+		AllowedDomains:  "simulator.amazonses.com",
+		AllowOpenInvite: true,
+	})
+	CheckNoError(t, resp)
+
+	// This may not work if the server has over 1000 open teams on it
+
+	t.Run("team admin/non-admin", func(t *testing.T) {
+		teamFound := false
+		team2Found := false
+
+		rteams, resp := th.Client.GetAllTeams("", 0, 1000)
+		CheckNoError(t, resp)
+		for _, rteam := range rteams {
+			if rteam.Id == team.Id {
+				teamFound = true
+				if rteam.Email == "" {
+					t.Fatal("should not have sanitized email for team admin")
+				} else if rteam.AllowedDomains == "" {
+					t.Fatal("should not have sanitized allowed domains for team admin")
+				}
+			} else if rteam.Id == team2.Id {
+				team2Found = true
+				if rteam.Email != "" {
+					t.Fatal("should've sanitized email for non-admin")
+				} else if rteam.AllowedDomains != "" {
+					t.Fatal("should've sanitized allowed domains for non-admin")
+				}
+			}
+		}
+
+		if !teamFound || !team2Found {
+			t.Fatal("wasn't returned the expected teams so the test wasn't run correctly")
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		rteams, resp := th.SystemAdminClient.GetAllTeams("", 0, 1000)
+		CheckNoError(t, resp)
+		for _, rteam := range rteams {
+			if rteam.Id != team.Id && rteam.Id != team2.Id {
+				continue
+			}
+
+			if rteam.Email == "" {
+				t.Fatal("should not have sanitized email")
+			} else if rteam.AllowedDomains == "" {
+				t.Fatal("should not have sanitized allowed domains")
+			}
+		}
+	})
+}
+
 func TestGetTeamByName(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer th.TearDown()
@@ -507,6 +740,55 @@ func TestGetTeamByName(t *testing.T) {
 	CheckForbiddenStatus(t, resp)
 }
 
+func TestGetTeamByNameSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	team, resp := th.Client.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_1",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	})
+	CheckNoError(t, resp)
+
+	t.Run("team user", func(t *testing.T) {
+		th.LinkUserToTeam(th.BasicUser2, team)
+
+		client := th.CreateClient()
+		th.LoginBasic2WithClient(client)
+
+		rteam, resp := client.GetTeamByName(team.Name, "")
+		CheckNoError(t, resp)
+		if rteam.Email != "" {
+			t.Fatal("should've sanitized email")
+		} else if rteam.AllowedDomains != "" {
+			t.Fatal("should've sanitized allowed domains")
+		}
+	})
+
+	t.Run("team admin/non-admin", func(t *testing.T) {
+		rteam, resp := th.Client.GetTeamByName(team.Name, "")
+		CheckNoError(t, resp)
+		if rteam.Email == "" {
+			t.Fatal("should not have sanitized email")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		rteam, resp := th.SystemAdminClient.GetTeamByName(team.Name, "")
+		CheckNoError(t, resp)
+		if rteam.Email == "" {
+			t.Fatal("should not have sanitized email")
+		} else if rteam.AllowedDomains == "" {
+			t.Fatal("should not have sanitized allowed domains")
+		}
+	})
+}
+
 func TestSearchAllTeams(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer th.TearDown()
@@ -514,8 +796,11 @@ func TestSearchAllTeams(t *testing.T) {
 	oTeam := th.BasicTeam
 	oTeam.AllowOpenInvite = true
 
-	updatedTeam, _ := th.App.UpdateTeam(oTeam)
-	oTeam.UpdateAt = updatedTeam.UpdateAt
+	if updatedTeam, err := th.App.UpdateTeam(oTeam); err != nil {
+		t.Fatal(err)
+	} else {
+		oTeam.UpdateAt = updatedTeam.UpdateAt
+	}
 
 	pTeam := &model.Team{DisplayName: "PName", Name: GenerateTestTeamName(), Email: GenerateTestEmail(), Type: model.TEAM_INVITE}
 	Client.CreateTeam(pTeam)
@@ -527,7 +812,7 @@ func TestSearchAllTeams(t *testing.T) {
 		t.Fatal("should have returned 1 team")
 	}
 
-	if !reflect.DeepEqual(rteams[0], oTeam) {
+	if oTeam.Id != rteams[0].Id {
 		t.Fatal("invalid team")
 	}
 
@@ -538,7 +823,7 @@ func TestSearchAllTeams(t *testing.T) {
 		t.Fatal("should have returned 1 team")
 	}
 
-	if !reflect.DeepEqual(rteams[0], oTeam) {
+	if rteams[0].Id != oTeam.Id {
 		t.Fatal("invalid team")
 	}
 
@@ -586,6 +871,86 @@ func TestSearchAllTeams(t *testing.T) {
 	CheckUnauthorizedStatus(t, resp)
 }
 
+func TestSearchAllTeamsSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	team, resp := th.Client.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_1",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	})
+	CheckNoError(t, resp)
+	team2, resp := th.Client.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_2",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	})
+	CheckNoError(t, resp)
+
+	t.Run("non-team user", func(t *testing.T) {
+		client := th.CreateClient()
+		th.LoginBasic2WithClient(client)
+
+		rteams, resp := client.SearchTeams(&model.TeamSearch{Term: t.Name()})
+		CheckNoError(t, resp)
+		for _, rteam := range rteams {
+			if rteam.Email != "" {
+				t.Fatal("should've sanitized email")
+			} else if rteam.AllowedDomains != "" {
+				t.Fatal("should've sanitized allowed domains")
+			}
+		}
+	})
+
+	t.Run("team user", func(t *testing.T) {
+		th.LinkUserToTeam(th.BasicUser2, team)
+
+		client := th.CreateClient()
+		th.LoginBasic2WithClient(client)
+
+		rteams, resp := client.SearchTeams(&model.TeamSearch{Term: t.Name()})
+		CheckNoError(t, resp)
+		for _, rteam := range rteams {
+			if rteam.Email != "" {
+				t.Fatal("should've sanitized email")
+			} else if rteam.AllowedDomains != "" {
+				t.Fatal("should've sanitized allowed domains")
+			}
+		}
+	})
+
+	t.Run("team admin", func(t *testing.T) {
+		rteams, resp := th.Client.SearchTeams(&model.TeamSearch{Term: t.Name()})
+		CheckNoError(t, resp)
+		for _, rteam := range rteams {
+			if rteam.Id == team.Id || rteam.Id == team2.Id || rteam.Id == th.BasicTeam.Id {
+				if rteam.Email == "" {
+					t.Fatal("should not have sanitized email")
+				} else if rteam.AllowedDomains == "" {
+					t.Fatal("should not have sanitized allowed domains")
+				}
+			}
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		rteams, resp := th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: t.Name()})
+		CheckNoError(t, resp)
+		for _, rteam := range rteams {
+			if rteam.Email == "" {
+				t.Fatal("should not have sanitized email")
+			} else if rteam.AllowedDomains == "" {
+				t.Fatal("should not have sanitized allowed domains")
+			}
+		}
+	})
+}
+
 func TestGetTeamsForUser(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer th.TearDown()
@@ -628,6 +993,82 @@ func TestGetTeamsForUser(t *testing.T) {
 	CheckNoError(t, resp)
 }
 
+func TestGetTeamsForUserSanitization(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer th.TearDown()
+
+	team, resp := th.Client.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_1",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	})
+	CheckNoError(t, resp)
+	team2, resp := th.Client.CreateTeam(&model.Team{
+		DisplayName:    t.Name() + "_2",
+		Name:           GenerateTestTeamName(),
+		Email:          GenerateTestEmail(),
+		Type:           model.TEAM_OPEN,
+		AllowedDomains: "simulator.amazonses.com",
+	})
+	CheckNoError(t, resp)
+
+	t.Run("team user", func(t *testing.T) {
+		th.LinkUserToTeam(th.BasicUser2, team)
+		th.LinkUserToTeam(th.BasicUser2, team2)
+
+		client := th.CreateClient()
+		th.LoginBasic2WithClient(client)
+
+		rteams, resp := client.GetTeamsForUser(th.BasicUser2.Id, "")
+		CheckNoError(t, resp)
+		for _, rteam := range rteams {
+			if rteam.Id != team.Id && rteam.Id != team2.Id {
+				continue
+			}
+
+			if rteam.Email != "" {
+				t.Fatal("should've sanitized email")
+			} else if rteam.AllowedDomains != "" {
+				t.Fatal("should've sanitized allowed domains")
+			}
+		}
+	})
+
+	t.Run("team admin", func(t *testing.T) {
+		rteams, resp := th.Client.GetTeamsForUser(th.BasicUser.Id, "")
+		CheckNoError(t, resp)
+		for _, rteam := range rteams {
+			if rteam.Id != team.Id && rteam.Id != team2.Id {
+				continue
+			}
+
+			if rteam.Email == "" {
+				t.Fatal("should not have sanitized email")
+			} else if rteam.AllowedDomains == "" {
+				t.Fatal("should not have sanitized allowed domains")
+			}
+		}
+	})
+
+	t.Run("system admin", func(t *testing.T) {
+		rteams, resp := th.SystemAdminClient.GetTeamsForUser(th.BasicUser.Id, "")
+		CheckNoError(t, resp)
+		for _, rteam := range rteams {
+			if rteam.Id != team.Id && rteam.Id != team2.Id {
+				continue
+			}
+
+			if rteam.Email == "" {
+				t.Fatal("should not have sanitized email")
+			} else if rteam.AllowedDomains == "" {
+				t.Fatal("should not have sanitized allowed domains")
+			}
+		}
+	})
+}
+
 func TestGetTeamMember(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer th.TearDown()
author	Harrison Healey <harrisonmhealey@gmail.com>	2017-10-09 13:30:59 -0400
committer	Chris <ccbrown112@gmail.com>	2017-10-09 10:30:59 -0700
commit	e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67 (patch)
tree	1c3f07497661fb18bdd6506ff3746777a09e0816 /api4/team_test.go
parent	9adaf53e110e0e806b21903111aacb93129668cb (diff)
download	chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.tar.gz chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.tar.bz2 chat-e522a1c2e49f5d21e45dd66f83d06e10fc3cdb67.zip