diff options
| author | Carlos Tadeu Panato Junior <ctadeu@gmail.com> | 2017-04-16 22:49:57 +0200 |
|---|---|---|
| committer | Joram Wilander <jwawilander@gmail.com> | 2017-04-16 16:49:57 -0400 |
| commit | d8d0716122be5eebab85b89f5a5a522fcaed3bd1 (patch) | |
| tree | 8568b44afc612d9adaddc7fea7b92d993663ce16 /api4 | |
| parent | 461a0b3b7c14cd59cb53eb66f419c965ab3bdd24 (diff) | |
| download | chat-d8d0716122be5eebab85b89f5a5a522fcaed3bd1.tar.gz chat-d8d0716122be5eebab85b89f5a5a522fcaed3bd1.tar.bz2 chat-d8d0716122be5eebab85b89f5a5a522fcaed3bd1.zip | |
[APIV4] POST /commands/{command_id}/regen_token for apiV4 (#6052)
* implement POST /commands/{command_id}/regen_token for apiV4
* update comment
Diffstat (limited to 'api4')
| -rw-r--r-- | api4/command.go | 38 | ||||
| -rw-r--r-- | api4/command_test.go | 36 |
2 files changed, 74 insertions, 0 deletions
diff --git a/api4/command.go b/api4/command.go index 5787d1132..f44363522 100644 --- a/api4/command.go +++ b/api4/command.go @@ -23,6 +23,7 @@ func InitCommand() { BaseRoutes.Command.Handle("", ApiSessionRequired(deleteCommand)).Methods("DELETE") BaseRoutes.Team.Handle("/commands/autocomplete", ApiSessionRequired(listAutocompleteCommands)).Methods("GET") + BaseRoutes.Command.Handle("/regen_token", ApiSessionRequired(regenCommandToken)).Methods("PUT") } func createCommand(c *Context, w http.ResponseWriter, r *http.Request) { @@ -201,3 +202,40 @@ func listAutocompleteCommands(c *Context, w http.ResponseWriter, r *http.Request w.Write([]byte(model.CommandListToJson(commands))) } + +func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireCommandId() + if c.Err != nil { + return + } + + c.LogAudit("attempt") + cmd, err := app.GetCommand(c.Params.CommandId) + if err != nil { + c.Err = err + return + } + + if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) + return + } + + if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) + return + } + + rcmd, err := app.RegenCommandToken(cmd) + if err != nil { + c.Err = err + return + } + + resp := make(map[string]string) + resp["token"] = rcmd.Token + + w.Write([]byte(model.MapToJson(resp))) +} diff --git a/api4/command_test.go b/api4/command_test.go index 5f3d77113..0aaca3c0f 100644 --- a/api4/command_test.go +++ b/api4/command_test.go @@ -345,3 +345,39 @@ func TestListAutocompleteCommands(t *testing.T) { } }) } + +func TestRegenToken(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + enableCommands := *utils.Cfg.ServiceSettings.EnableCommands + defer func() { + utils.Cfg.ServiceSettings.EnableCommands = &enableCommands + }() + *utils.Cfg.ServiceSettings.EnableCommands = true + + newCmd := &model.Command{ + CreatorId: th.BasicUser.Id, + TeamId: th.BasicTeam.Id, + URL: "http://nowhere.com", + Method: model.COMMAND_METHOD_POST, + Trigger: "trigger"} + + createdCmd, resp := th.SystemAdminClient.CreateCommand(newCmd) + CheckNoError(t, resp) + CheckCreatedStatus(t, resp) + + token, resp := th.SystemAdminClient.RegenCommandToken(createdCmd.Id) + CheckNoError(t, resp) + if token == createdCmd.Token { + t.Fatal("should update the token") + } + + token, resp = Client.RegenCommandToken(createdCmd.Id) + CheckForbiddenStatus(t, resp) + if token != "" { + t.Fatal("should not return the token") + } + +} |