summaryrefslogtreecommitdiffstats
path: root/api/file_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'api/file_test.go')
-rw-r--r--api/file_test.go219
1 files changed, 148 insertions, 71 deletions
diff --git a/api/file_test.go b/api/file_test.go
index 044cad921..566fd69d0 100644
--- a/api/file_test.go
+++ b/api/file_test.go
@@ -24,21 +24,21 @@ import (
func TestUploadFile(t *testing.T) {
Setup()
- team := &model.Team{Name: "Name", Domain: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
+ team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team)
user1 := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"}
user1 = Client.Must(Client.CreateUser(user1, "")).Data.(*model.User)
store.Must(Srv.Store.User().VerifyEmail(user1.Id))
- Client.LoginByEmail(team.Domain, user1.Email, "pwd")
+ Client.LoginByEmail(team.Name, user1.Email, "pwd")
channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id}
channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel)
body := &bytes.Buffer{}
writer := multipart.NewWriter(body)
- part, err := writer.CreateFormFile("files", "test.png")
+ part, err := writer.CreateFormFile("files", "../test.png")
if err != nil {
t.Fatal(err)
}
@@ -68,12 +68,17 @@ func TestUploadFile(t *testing.T) {
}
resp, appErr := Client.UploadFile("/files/upload", body.Bytes(), writer.FormDataContentType())
- if utils.IsS3Configured() {
+ if utils.IsS3Configured() && !utils.Cfg.ServiceSettings.UseLocalStorage {
if appErr != nil {
t.Fatal(appErr)
}
- filenames := resp.Data.(*model.FileUploadResponse).Filenames
+ filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/")
+ filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1]
+ if strings.Contains(filename, "../") {
+ t.Fatal("relative path should have been sanitized out")
+ }
+ fileId := strings.Split(filename, ".")[0]
var auth aws.Auth
auth.AccessKey = utils.Cfg.AWSSettings.S3AccessKeyId
@@ -82,12 +87,10 @@ func TestUploadFile(t *testing.T) {
s := s3.New(auth, aws.Regions[utils.Cfg.AWSSettings.S3Region])
bucket := s.Bucket(utils.Cfg.AWSSettings.S3Bucket)
- fileId := strings.Split(filenames[0], ".")[0]
-
// wait a bit for files to ready
time.Sleep(5 * time.Second)
- err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + filenames[0])
+ err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + filename)
if err != nil {
t.Fatal(err)
}
@@ -97,13 +100,38 @@ func TestUploadFile(t *testing.T) {
t.Fatal(err)
}
- err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_preview.png")
+ err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_preview.jpg")
if err != nil {
t.Fatal(err)
}
+ } else if utils.Cfg.ServiceSettings.UseLocalStorage && len(utils.Cfg.ServiceSettings.StorageDirectory) > 0 {
+ filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/")
+ filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1]
+ if strings.Contains(filename, "../") {
+ t.Fatal("relative path should have been sanitized out")
+ }
+ fileId := strings.Split(filename, ".")[0]
+
+ // wait a bit for files to ready
+ time.Sleep(5 * time.Second)
+
+ path := utils.Cfg.ServiceSettings.StorageDirectory + "teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + filename
+ if err := os.Remove(path); err != nil {
+ t.Fatal("Couldn't remove file at " + path)
+ }
+
+ path = utils.Cfg.ServiceSettings.StorageDirectory + "teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_thumb.jpg"
+ if err := os.Remove(path); err != nil {
+ t.Fatal("Couldn't remove file at " + path)
+ }
+
+ path = utils.Cfg.ServiceSettings.StorageDirectory + "teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_preview.jpg"
+ if err := os.Remove(path); err != nil {
+ t.Fatal("Couldn't remove file at " + path)
+ }
} else {
if appErr == nil {
- t.Fatal("S3 not configured, should have failed")
+ t.Fatal("S3 and local storage not configured, should have failed")
}
}
}
@@ -111,19 +139,19 @@ func TestUploadFile(t *testing.T) {
func TestGetFile(t *testing.T) {
Setup()
- team := &model.Team{Name: "Name", Domain: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
+ team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team)
user1 := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"}
user1 = Client.Must(Client.CreateUser(user1, "")).Data.(*model.User)
store.Must(Srv.Store.User().VerifyEmail(user1.Id))
- Client.LoginByEmail(team.Domain, user1.Email, "pwd")
+ Client.LoginByEmail(team.Name, user1.Email, "pwd")
channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id}
channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel)
- if utils.IsS3Configured() {
+ if utils.IsS3Configured() || utils.Cfg.ServiceSettings.UseLocalStorage {
body := &bytes.Buffer{}
writer := multipart.NewWriter(body)
@@ -169,11 +197,11 @@ func TestGetFile(t *testing.T) {
// wait a bit for files to ready
time.Sleep(5 * time.Second)
- if _, downErr := Client.GetFile(filenames[0], true); downErr != nil {
- t.Fatal("file get failed")
+ if _, downErr := Client.GetFile(filenames[0], false); downErr != nil {
+ t.Fatal(downErr)
}
- team2 := &model.Team{Name: "Name", Domain: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
+ team2 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
team2 = Client.Must(Client.CreateTeam(team2)).Data.(*model.Team)
user2 := &model.User{TeamId: team2.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"}
@@ -187,37 +215,37 @@ func TestGetFile(t *testing.T) {
data := model.MapToJson(newProps)
hash := model.HashPassword(fmt.Sprintf("%v:%v", data, utils.Cfg.ServiceSettings.PublicLinkSalt))
- Client.LoginByEmail(team2.Domain, user2.Email, "pwd")
+ Client.LoginByEmail(team2.Name, user2.Email, "pwd")
- if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash)+"&t="+team.Id, true); downErr != nil {
+ if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash)+"&t="+team.Id, false); downErr != nil {
t.Fatal(downErr)
}
- if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash), true); downErr == nil {
+ if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash), false); downErr == nil {
t.Fatal("Should have errored - missing team id")
}
- if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash)+"&t=junk", true); downErr == nil {
+ if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash)+"&t=junk", false); downErr == nil {
t.Fatal("Should have errored - bad team id")
}
- if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash)+"&t=12345678901234567890123456", true); downErr == nil {
+ if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h="+url.QueryEscape(hash)+"&t=12345678901234567890123456", false); downErr == nil {
t.Fatal("Should have errored - bad team id")
}
- if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&t="+team.Id, true); downErr == nil {
+ if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&t="+team.Id, false); downErr == nil {
t.Fatal("Should have errored - missing hash")
}
- if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h=junk&t="+team.Id, true); downErr == nil {
+ if _, downErr := Client.GetFile(filenames[0]+"?d="+url.QueryEscape(data)+"&h=junk&t="+team.Id, false); downErr == nil {
t.Fatal("Should have errored - bad hash")
}
- if _, downErr := Client.GetFile(filenames[0]+"?h="+url.QueryEscape(hash)+"&t="+team.Id, true); downErr == nil {
+ if _, downErr := Client.GetFile(filenames[0]+"?h="+url.QueryEscape(hash)+"&t="+team.Id, false); downErr == nil {
t.Fatal("Should have errored - missing data")
}
- if _, downErr := Client.GetFile(filenames[0]+"?d=junk&h="+url.QueryEscape(hash)+"&t="+team.Id, true); downErr == nil {
+ if _, downErr := Client.GetFile(filenames[0]+"?d=junk&h="+url.QueryEscape(hash)+"&t="+team.Id, false); downErr == nil {
t.Fatal("Should have errored - bad data")
}
@@ -225,28 +253,51 @@ func TestGetFile(t *testing.T) {
t.Fatal("Should have errored - user not logged in and link not public")
}
- var auth aws.Auth
- auth.AccessKey = utils.Cfg.AWSSettings.S3AccessKeyId
- auth.SecretKey = utils.Cfg.AWSSettings.S3SecretAccessKey
-
- s := s3.New(auth, aws.Regions[utils.Cfg.AWSSettings.S3Region])
- bucket := s.Bucket(utils.Cfg.AWSSettings.S3Bucket)
-
- fileId := strings.Split(filenames[0], ".")[0]
-
- err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + filenames[0])
- if err != nil {
- t.Fatal(err)
- }
-
- err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_thumb.jpg")
- if err != nil {
- t.Fatal(err)
- }
-
- err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_preview.png")
- if err != nil {
- t.Fatal(err)
+ if utils.IsS3Configured() && !utils.Cfg.ServiceSettings.UseLocalStorage {
+ var auth aws.Auth
+ auth.AccessKey = utils.Cfg.AWSSettings.S3AccessKeyId
+ auth.SecretKey = utils.Cfg.AWSSettings.S3SecretAccessKey
+
+ s := s3.New(auth, aws.Regions[utils.Cfg.AWSSettings.S3Region])
+ bucket := s.Bucket(utils.Cfg.AWSSettings.S3Bucket)
+
+ filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/")
+ filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1]
+ fileId := strings.Split(filename, ".")[0]
+
+ err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + filename)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_thumb.jpg")
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_preview.jpg")
+ if err != nil {
+ t.Fatal(err)
+ }
+ } else {
+ filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/")
+ filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1]
+ fileId := strings.Split(filename, ".")[0]
+
+ path := utils.Cfg.ServiceSettings.StorageDirectory + "teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + filename
+ if err := os.Remove(path); err != nil {
+ t.Fatal("Couldn't remove file at " + path)
+ }
+
+ path = utils.Cfg.ServiceSettings.StorageDirectory + "teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_thumb.jpg"
+ if err := os.Remove(path); err != nil {
+ t.Fatal("Couldn't remove file at " + path)
+ }
+
+ path = utils.Cfg.ServiceSettings.StorageDirectory + "teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_preview.jpg"
+ if err := os.Remove(path); err != nil {
+ t.Fatal("Couldn't remove file at " + path)
+ }
}
} else {
if _, downErr := Client.GetFile("/files/get/yxebdmbz5pgupx7q6ez88rw11a/n3btzxu9hbnapqk36iwaxkjxhc/junk.jpg", false); downErr.StatusCode != http.StatusNotImplemented {
@@ -258,7 +309,7 @@ func TestGetFile(t *testing.T) {
func TestGetPublicLink(t *testing.T) {
Setup()
- team := &model.Team{Name: "Name", Domain: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
+ team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team)
user1 := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"}
@@ -269,12 +320,12 @@ func TestGetPublicLink(t *testing.T) {
user2 = Client.Must(Client.CreateUser(user2, "")).Data.(*model.User)
store.Must(Srv.Store.User().VerifyEmail(user2.Id))
- Client.LoginByEmail(team.Domain, user1.Email, "pwd")
+ Client.LoginByEmail(team.Name, user1.Email, "pwd")
channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id}
channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel)
- if utils.IsS3Configured() {
+ if utils.IsS3Configured() || utils.Cfg.ServiceSettings.UseLocalStorage {
body := &bytes.Buffer{}
writer := multipart.NewWriter(body)
@@ -344,32 +395,58 @@ func TestGetPublicLink(t *testing.T) {
t.Fatal("Should have errored - bad file path")
}
- Client.LoginByEmail(team.Domain, user2.Email, "pwd")
+ Client.LoginByEmail(team.Name, user2.Email, "pwd")
data["filename"] = filenames[0]
if _, err := Client.GetPublicLink(data); err == nil {
t.Fatal("should have errored, user not member of channel")
}
- // perform clean-up on s3
- var auth aws.Auth
- auth.AccessKey = utils.Cfg.AWSSettings.S3AccessKeyId
- auth.SecretKey = utils.Cfg.AWSSettings.S3SecretAccessKey
-
- s := s3.New(auth, aws.Regions[utils.Cfg.AWSSettings.S3Region])
- bucket := s.Bucket(utils.Cfg.AWSSettings.S3Bucket)
-
- fileId := strings.Split(filenames[0], ".")[0]
-
- if err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + rpost1.Data.(*model.Post).UserId + "/" + filenames[0]); err != nil {
- t.Fatal(err)
- }
-
- if err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + rpost1.Data.(*model.Post).UserId + "/" + fileId + "_thumb.jpg"); err != nil {
- t.Fatal(err)
- }
-
- if err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + rpost1.Data.(*model.Post).UserId + "/" + fileId + "_preview.png"); err != nil {
- t.Fatal(err)
+ if utils.IsS3Configured() && !utils.Cfg.ServiceSettings.UseLocalStorage {
+ // perform clean-up on s3
+ var auth aws.Auth
+ auth.AccessKey = utils.Cfg.AWSSettings.S3AccessKeyId
+ auth.SecretKey = utils.Cfg.AWSSettings.S3SecretAccessKey
+
+ s := s3.New(auth, aws.Regions[utils.Cfg.AWSSettings.S3Region])
+ bucket := s.Bucket(utils.Cfg.AWSSettings.S3Bucket)
+
+ filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/")
+ filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1]
+ fileId := strings.Split(filename, ".")[0]
+
+ err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + filename)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_thumb.jpg")
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ err = bucket.Del("teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_preview.jpg")
+ if err != nil {
+ t.Fatal(err)
+ }
+ } else {
+ filenames := strings.Split(resp.Data.(*model.FileUploadResponse).Filenames[0], "/")
+ filename := filenames[len(filenames)-2] + "/" + filenames[len(filenames)-1]
+ fileId := strings.Split(filename, ".")[0]
+
+ path := utils.Cfg.ServiceSettings.StorageDirectory + "teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + filename
+ if err := os.Remove(path); err != nil {
+ t.Fatal("Couldn't remove file at " + path)
+ }
+
+ path = utils.Cfg.ServiceSettings.StorageDirectory + "teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_thumb.jpg"
+ if err := os.Remove(path); err != nil {
+ t.Fatal("Couldn't remove file at " + path)
+ }
+
+ path = utils.Cfg.ServiceSettings.StorageDirectory + "teams/" + team.Id + "/channels/" + channel1.Id + "/users/" + user1.Id + "/" + fileId + "_preview.jpg"
+ if err := os.Remove(path); err != nil {
+ t.Fatal("Couldn't remove file at " + path)
+ }
}
} else {
data := make(map[string]string)
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-08-31 17:55:12 +0000