diff options
| author | Chris Duarte <csduarte@users.noreply.github.com> | 2018-01-04 09:45:59 -0800 |
|---|---|---|
| committer | Joram Wilander <jwawilander@gmail.com> | 2018-01-04 12:45:59 -0500 |
| commit | 5e78d7fe12a39e28a6520b023b0df0fc66a826d5 (patch) | |
| tree | d4eacf4c02f5300917093efc13e73f9761c7756c /api4/user_test.go | |
| parent | e5dad3cf681fb038ce5dd3dcf7b5468d59b8ea8e (diff) | |
| download | chat-5e78d7fe12a39e28a6520b023b0df0fc66a826d5.tar.gz chat-5e78d7fe12a39e28a6520b023b0df0fc66a826d5.tar.bz2 chat-5e78d7fe12a39e28a6520b023b0df0fc66a826d5.zip | |
Add admin update endpoint that can update authservice and authdata (#7842)
* add admin update endpoint that can upate authservice and authdata
* Control only SystemAdmin access
* Refactored AdminUpdate endpoint to only be able to update AuthData, AuthService and Password by User.Id
* Refactor to move `PUT /api/v4/users/{user_id}/auth`. Created a struct to hold UserAuth info.
Diffstat (limited to 'api4/user_test.go')
| -rw-r--r-- | api4/user_test.go | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/api4/user_test.go b/api4/user_test.go index e3f1935b4..fb9222d8f 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -11,6 +11,7 @@ import ( "time" "github.com/mattermost/mattermost-server/model" + "github.com/mattermost/mattermost-server/store" "github.com/mattermost/mattermost-server/utils" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -1062,6 +1063,68 @@ func TestPatchUser(t *testing.T) { CheckNoError(t, resp) } +func TestUpdateUserAuth(t *testing.T) { + th := Setup().InitSystemAdmin().InitBasic() + defer th.TearDown() + + Client := th.SystemAdminClient + team := th.CreateTeamWithClient(Client) + + user := th.CreateUser() + + th.LinkUserToTeam(user, team) + store.Must(th.App.Srv.Store.User().VerifyEmail(user.Id)) + + userAuth := &model.UserAuth{} + userAuth.AuthData = user.AuthData + userAuth.AuthService = user.AuthService + userAuth.Password = user.Password + + // Regular user can not use endpoint + if _, err := th.Client.UpdateUserAuth(user.Id, userAuth); err == nil { + t.Fatal("Shouldn't have permissions. Only Admins") + } + + userAuth.AuthData = model.NewString("test@test.com") + userAuth.AuthService = model.USER_AUTH_SERVICE_SAML + userAuth.Password = "newpassword" + ruser, resp := Client.UpdateUserAuth(user.Id, userAuth) + CheckNoError(t, resp) + + // AuthData and AuthService are set, password is set to empty + if *ruser.AuthData != *userAuth.AuthData { + t.Fatal("Should have set the correct AuthData") + } + if ruser.AuthService != model.USER_AUTH_SERVICE_SAML { + t.Fatal("Should have set the correct AuthService") + } + if ruser.Password != "" { + t.Fatal("Password should be empty") + } + + // When AuthData or AuthService are empty, password must be valid + userAuth.AuthData = user.AuthData + userAuth.AuthService = "" + userAuth.Password = "1" + if _, err := Client.UpdateUserAuth(user.Id, userAuth); err == nil { + t.Fatal("Should have errored - user password not valid") + } + + // Regular user can not use endpoint + user2 := th.CreateUser() + th.LinkUserToTeam(user2, team) + store.Must(th.App.Srv.Store.User().VerifyEmail(user2.Id)) + + Client.Login(user2.Email, "passwd1") + + userAuth.AuthData = user.AuthData + userAuth.AuthService = user.AuthService + userAuth.Password = user.Password + if _, err := Client.UpdateUserAuth(user.Id, userAuth); err == nil { + t.Fatal("Should have errored") + } +} + func TestDeleteUser(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer th.TearDown() |