Merge branch 'release-4.1'

3 files changed, 41 insertions, 61 deletions

diff --git a/api/team.go b/api/team.go
index c6db68418..4010a0ac5 100644
--- a/api/team.go
+++ b/api/team.go
@@ -22,11 +22,11 @@ func InitTeam() {
 	l4g.Debug(utils.T("api.team.init.debug"))
 
 	BaseRoutes.Teams.Handle("/create", ApiUserRequired(createTeam)).Methods("POST")
-	BaseRoutes.Teams.Handle("/all", ApiAppHandler(getAll)).Methods("GET")
+	BaseRoutes.Teams.Handle("/all", ApiUserRequired(getAll)).Methods("GET")
 	BaseRoutes.Teams.Handle("/all_team_listings", ApiUserRequired(GetAllTeamListings)).Methods("GET")
 	BaseRoutes.Teams.Handle("/get_invite_info", ApiAppHandler(getInviteInfo)).Methods("POST")
-	BaseRoutes.Teams.Handle("/find_team_by_name", ApiAppHandler(findTeamByName)).Methods("POST")
-	BaseRoutes.Teams.Handle("/name/{team_name:[A-Za-z0-9\\-]+}", ApiAppHandler(getTeamByName)).Methods("GET")
+	BaseRoutes.Teams.Handle("/find_team_by_name", ApiUserRequired(findTeamByName)).Methods("POST")
+	BaseRoutes.Teams.Handle("/name/{team_name:[A-Za-z0-9\\-]+}", ApiUserRequired(getTeamByName)).Methods("GET")
 	BaseRoutes.Teams.Handle("/members", ApiUserRequired(getMyTeamMembers)).Methods("GET")
 	BaseRoutes.Teams.Handle("/unread", ApiUserRequired(getMyTeamsUnread)).Methods("GET")
 
@@ -235,7 +235,7 @@ func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) {
 		c.Err = err
 		return
 	} else {
-		if team.Type != model.TEAM_OPEN && c.Session.GetTeamByTeamId(team.Id) == nil {
+		if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && c.Session.GetTeamByTeamId(team.Id) == nil {
 			if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
 				c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
 				return
diff --git a/api/team_test.go b/api/team_test.go
index 7d10ca6e3..99e54a904 100644
--- a/api/team_test.go
+++ b/api/team_test.go
@@ -239,6 +239,11 @@ func TestGetAllTeams(t *testing.T) {
 	} else if receivedTeam, ok := teams[team.Id]; !ok || receivedTeam.Id != team.Id {
 		t.Fatal("admin should've received team that they aren't a member of")
 	}
+
+	Client.Logout()
+	if _, err := Client.GetAllTeams(); err == nil {
+		t.Fatal("Should have failed due to not being logged in.")
+	}
 }
 
 func TestGetAllTeamListings(t *testing.T) {
@@ -787,12 +792,15 @@ func TestGetTeamByName(t *testing.T) {
 	th := Setup().InitSystemAdmin().InitBasic()
 	Client := th.BasicClient
 
-	team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_INVITE}
+	team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN, AllowOpenInvite: false}
 	team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team)
 
-	team2 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN}
+	team2 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN, AllowOpenInvite: true}
 	team2 = Client.Must(Client.CreateTeam(team2)).Data.(*model.Team)
 
+	team3 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_INVITE, AllowOpenInvite: true}
+	team3 = Client.Must(Client.CreateTeam(team3)).Data.(*model.Team)
+
 	if _, err := Client.GetTeamByName(team.Name); err != nil {
 		t.Fatal("Failed to get team")
 	}
@@ -813,7 +821,7 @@ func TestGetTeamByName(t *testing.T) {
 
 	Client.Login(user2.Email, "passwd1")
 
-	// TEAM_INVITE and user is not part of the team
+	// AllowInviteOpen is false and team is open and user is not part of the team
 	if _, err := Client.GetTeamByName(team.Name); err == nil {
 		t.Fatal("Should fail dont have permissions to get the team")
 	}
@@ -822,25 +830,48 @@ func TestGetTeamByName(t *testing.T) {
 		t.Fatal("Should not exist this team")
 	}
 
-	// TEAM_OPEN and user is not part of the team
+	// AllowInviteOpen is true and is open and user is not part of the team
 	if _, err := Client.GetTeamByName(team2.Name); err != nil {
 		t.Fatal("Should not fail team is open")
 	}
 
+	// AllowInviteOpen is true and is invite only and user is not part of the team
+	if _, err := Client.GetTeamByName(team3.Name); err == nil {
+		t.Fatal("Should fail team is invite only")
+	}
+
 	Client.Must(Client.Logout())
 	th.BasicClient.Logout()
 	th.LoginSystemAdmin()
 
 	if _, err := th.SystemAdminClient.GetTeamByName(team.Name); err != nil {
-		t.Fatal("Should not failed to get team the user is admin")
+		t.Fatal("Should not fail to get team the user is admin")
 	}
 
 	if _, err := th.SystemAdminClient.GetTeamByName(team2.Name); err != nil {
-		t.Fatal("Should not failed to get team the user is admin and team is open")
+		t.Fatal("Should not fail to get team the user is admin and team is open")
+	}
+
+	if _, err := th.SystemAdminClient.GetTeamByName(team3.Name); err != nil {
+		t.Fatal("Should not fail to get team the user is admin and team is invite")
 	}
 
 	if _, err := Client.GetTeamByName("InvalidTeamName"); err == nil {
 		t.Fatal("Should not exist this team")
 	}
 
+	Client.Logout()
+	if _, err := Client.GetTeamByName(th.BasicTeam.Name); err == nil {
+		t.Fatal("Should have failed when not logged in.")
+	}
+}
+
+func TestFindTeamByName(t *testing.T) {
+	th := Setup().InitBasic()
+	Client := th.BasicClient
+	Client.Logout()
+
+	if _, err := Client.FindTeamByName(th.BasicTeam.Name); err == nil {
+		t.Fatal("Should have failed when not logged in.")
+	}
 }
diff --git a/api/webhook.go b/api/webhook.go
index 9750b71a0..204df6b31 100644
--- a/api/webhook.go
+++ b/api/webhook.go
@@ -4,12 +4,9 @@
 package api
 
 import (
-	"io"
 	"net/http"
-	"strings"
 
 	l4g "github.com/alecthomas/log4go"
-	"github.com/gorilla/mux"
 	"github.com/mattermost/platform/app"
 	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/utils"
@@ -28,11 +25,6 @@ func InitWebhook() {
 	BaseRoutes.Hooks.Handle("/outgoing/regen_token", ApiUserRequired(regenOutgoingHookToken)).Methods("POST")
 	BaseRoutes.Hooks.Handle("/outgoing/delete", ApiUserRequired(deleteOutgoingHook)).Methods("POST")
 	BaseRoutes.Hooks.Handle("/outgoing/list", ApiUserRequired(getOutgoingHooks)).Methods("GET")
-
-	BaseRoutes.Hooks.Handle("/{id:[A-Za-z0-9]+}", ApiAppHandler(incomingWebhook)).Methods("POST")
-
-	// Old route. Remove eventually.
-	BaseRoutes.Root.Handle("/hooks/{id:[A-Za-z0-9]+}", ApiAppHandler(incomingWebhook)).Methods("POST")
 }
 
 func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -339,46 +331,3 @@ func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request)
 		w.Write([]byte(rhook.ToJson()))
 	}
 }
-
-func incomingWebhook(c *Context, w http.ResponseWriter, r *http.Request) {
-	params := mux.Vars(r)
-	id := params["id"]
-
-	r.ParseForm()
-
-	var payload io.Reader
-	contentType := r.Header.Get("Content-Type")
-	if strings.Split(contentType, "; ")[0] == "application/x-www-form-urlencoded" {
-		payload = strings.NewReader(r.FormValue("payload"))
-	} else {
-		payload = r.Body
-	}
-
-	if utils.Cfg.LogSettings.EnableWebhookDebugging {
-		var err error
-		payload, err = utils.DebugReader(
-			payload,
-			utils.T("api.webhook.incoming.debug"),
-		)
-		if err != nil {
-			c.Err = model.NewLocAppError(
-				"incomingWebhook",
-				"api.webhook.incoming.debug.error",
-				nil,
-				err.Error(),
-			)
-			return
-		}
-	}
-
-	parsedRequest := model.IncomingWebhookRequestFromJson(payload)
-
-	err := app.HandleIncomingWebhook(id, parsedRequest)
-	if err != nil {
-		c.Err = err
-		return
-	}
-
-	w.Header().Set("Content-Type", "text/plain")
-	w.Write([]byte("ok"))
-}