MM-8701 Limit the number of client config fields sent before user logs in (#8954)

* MM-8701 Limit the number of client config fields sent before user logs in * Fixed missing client config field * Reduced duplication between limited and regular client config
author: Harrison Healey <harrisonmhealey@gmail.com> 2018-06-18 12:39:22 -0400
committer: GitHub <noreply@github.com> 2018-06-18 12:39:22 -0400
commit: 6d8140337ef0f68f5177988f3c87bba5e4946399 (patch)
tree: 44dbe951f53f6de8cc9fceac2f51ca7a175a55bf /api4
parent: f48d31c7a4c0332bfd10b986eee50611ab987e7c (diff)
download: chat-6d8140337ef0f68f5177988f3c87bba5e4946399.tar.gz
chat-6d8140337ef0f68f5177988f3c87bba5e4946399.tar.bz2
chat-6d8140337ef0f68f5177988f3c87bba5e4946399.zip
2 files changed, 101 insertions, 16 deletions
diff --git a/api4/system.go b/api4/system.go
index acb02bc3e..68f998d6d 100644
--- a/api4/system.go
+++ b/api4/system.go
@@ -250,7 +250,14 @@ func getClientConfig(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	w.Write([]byte(model.MapToJson(c.App.ClientConfigWithComputed())))
+	var config map[string]string
+	if *c.App.Config().ServiceSettings.ExperimentalLimitClientConfig && len(c.Session.UserId) == 0 {
+		config = c.App.LimitedClientConfigWithComputed()
+	} else {
+		config = c.App.ClientConfigWithComputed()
+	}
+
+	w.Write([]byte(model.MapToJson(config)))
 }
 
 func getEnvironmentConfig(c *Context, w http.ResponseWriter, r *http.Request) {
diff --git a/api4/system_test.go b/api4/system_test.go
index f46ae7436..f784a8be4 100644
--- a/api4/system_test.go
+++ b/api4/system_test.go
@@ -228,27 +228,105 @@ func TestGetEnvironmentConfig(t *testing.T) {
 func TestGetOldClientConfig(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer th.TearDown()
-	Client := th.Client
 
-	config, resp := Client.GetOldClientConfig("")
-	CheckNoError(t, resp)
+	testKey := "supersecretkey"
+	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.GoogleDeveloperKey = testKey })
 
-	if len(config["Version"]) == 0 {
-		t.Fatal("config not returned correctly")
-	}
+	t.Run("with session, without limited config", func(t *testing.T) {
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			cfg.ServiceSettings.GoogleDeveloperKey = testKey
+			*cfg.ServiceSettings.ExperimentalLimitClientConfig = false
+		})
 
-	Client.Logout()
+		Client := th.Client
 
-	_, resp = Client.GetOldClientConfig("")
-	CheckNoError(t, resp)
+		config, resp := Client.GetOldClientConfig("")
+		CheckNoError(t, resp)
 
-	if _, err := Client.DoApiGet("/config/client", ""); err == nil || err.StatusCode != http.StatusNotImplemented {
-		t.Fatal("should have errored with 501")
-	}
+		if len(config["Version"]) == 0 {
+			t.Fatal("config not returned correctly")
+		}
 
-	if _, err := Client.DoApiGet("/config/client?format=junk", ""); err == nil || err.StatusCode != http.StatusBadRequest {
-		t.Fatal("should have errored with 400")
-	}
+		if config["GoogleDeveloperKey"] != testKey {
+			t.Fatal("config missing developer key")
+		}
+	})
+
+	t.Run("without session, without limited config", func(t *testing.T) {
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			cfg.ServiceSettings.GoogleDeveloperKey = testKey
+			*cfg.ServiceSettings.ExperimentalLimitClientConfig = false
+		})
+
+		Client := th.CreateClient()
+
+		config, resp := Client.GetOldClientConfig("")
+		CheckNoError(t, resp)
+
+		if len(config["Version"]) == 0 {
+			t.Fatal("config not returned correctly")
+		}
+
+		if config["GoogleDeveloperKey"] != testKey {
+			t.Fatal("config missing developer key")
+		}
+	})
+
+	t.Run("with session, with limited config", func(t *testing.T) {
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			cfg.ServiceSettings.GoogleDeveloperKey = testKey
+			*cfg.ServiceSettings.ExperimentalLimitClientConfig = true
+		})
+
+		Client := th.Client
+
+		config, resp := Client.GetOldClientConfig("")
+		CheckNoError(t, resp)
+
+		if len(config["Version"]) == 0 {
+			t.Fatal("config not returned correctly")
+		}
+
+		if config["GoogleDeveloperKey"] != testKey {
+			t.Fatal("config missing developer key")
+		}
+	})
+
+	t.Run("without session, without limited config", func(t *testing.T) {
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			cfg.ServiceSettings.GoogleDeveloperKey = testKey
+			*cfg.ServiceSettings.ExperimentalLimitClientConfig = true
+		})
+
+		Client := th.CreateClient()
+
+		config, resp := Client.GetOldClientConfig("")
+		CheckNoError(t, resp)
+
+		if len(config["Version"]) == 0 {
+			t.Fatal("config not returned correctly")
+		}
+
+		if _, ok := config["GoogleDeveloperKey"]; ok {
+			t.Fatal("config should be missing developer key")
+		}
+	})
+
+	t.Run("missing format", func(t *testing.T) {
+		Client := th.Client
+
+		if _, err := Client.DoApiGet("/config/client", ""); err == nil || err.StatusCode != http.StatusNotImplemented {
+			t.Fatal("should have errored with 501")
+		}
+	})
+
+	t.Run("invalid format", func(t *testing.T) {
+		Client := th.Client
+
+		if _, err := Client.DoApiGet("/config/client?format=junk", ""); err == nil || err.StatusCode != http.StatusBadRequest {
+			t.Fatal("should have errored with 400")
+		}
+	})
 }
 
 func TestGetOldClientLicense(t *testing.T) {
author	Harrison Healey <harrisonmhealey@gmail.com>	2018-06-18 12:39:22 -0400
committer	GitHub <noreply@github.com>	2018-06-18 12:39:22 -0400
commit	6d8140337ef0f68f5177988f3c87bba5e4946399 (patch)
tree	44dbe951f53f6de8cc9fceac2f51ca7a175a55bf /api4
parent	f48d31c7a4c0332bfd10b986eee50611ab987e7c (diff)
download	chat-6d8140337ef0f68f5177988f3c87bba5e4946399.tar.gz chat-6d8140337ef0f68f5177988f3c87bba5e4946399.tar.bz2 chat-6d8140337ef0f68f5177988f3c87bba5e4946399.zip