summaryrefslogtreecommitdiffstats
path: root/api4/command_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'api4/command_test.go')
-rw-r--r--api4/command_test.go131
1 files changed, 129 insertions, 2 deletions
diff --git a/api4/command_test.go b/api4/command_test.go
index 52ef0f841..716b3e414 100644
--- a/api4/command_test.go
+++ b/api4/command_test.go
@@ -493,7 +493,7 @@ func TestExecuteCommand(t *testing.T) {
}
func TestExecuteCommandAgainstChannelOnAnotherTeam(t *testing.T) {
- th := Setup().InitBasic().InitSystemAdmin()
+ th := Setup().InitBasic()
defer th.TearDown()
Client := th.Client
channel := th.BasicChannel
@@ -516,7 +516,6 @@ func TestExecuteCommandAgainstChannelOnAnotherTeam(t *testing.T) {
Method: model.COMMAND_METHOD_POST,
Trigger: "postcommand",
}
-
if _, err := th.App.CreateCommand(postCmd); err != nil {
t.Fatal("failed to create post command")
}
@@ -526,3 +525,131 @@ func TestExecuteCommandAgainstChannelOnAnotherTeam(t *testing.T) {
_, resp := Client.ExecuteCommand(channel.Id, "/postcommand")
CheckNotFoundStatus(t, resp)
}
+
+func TestExecuteCommandAgainstChannelUserIsNotIn(t *testing.T) {
+ th := Setup().InitBasic()
+ defer th.TearDown()
+ client := th.Client
+
+ enableCommands := *utils.Cfg.ServiceSettings.EnableCommands
+ allowedInternalConnections := *utils.Cfg.ServiceSettings.AllowedUntrustedInternalConnections
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableCommands = &enableCommands
+ utils.Cfg.ServiceSettings.AllowedUntrustedInternalConnections = &allowedInternalConnections
+ }()
+ *utils.Cfg.ServiceSettings.EnableCommands = true
+ *utils.Cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost"
+
+ // create a slash command on some other team where we have permission to do so
+ team2 := th.CreateTeam()
+ postCmd := &model.Command{
+ CreatorId: th.BasicUser.Id,
+ TeamId: team2.Id,
+ URL: fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test",
+ Method: model.COMMAND_METHOD_POST,
+ Trigger: "postcommand",
+ }
+ if _, err := th.App.CreateCommand(postCmd); err != nil {
+ t.Fatal("failed to create post command")
+ }
+
+ // make a channel on that team, ensuring that our test user isn't in it
+ channel2 := th.CreateChannelWithClientAndTeam(client, model.CHANNEL_OPEN, team2.Id)
+ if success, _ := client.RemoveUserFromChannel(channel2.Id, th.BasicUser.Id); !success {
+ t.Fatal("Failed to remove user from channel")
+ }
+
+ // we should not be able to run the slash command in channel2, because we aren't in it
+ _, resp := client.ExecuteCommandWithTeam(channel2.Id, team2.Id, "/postcommand")
+ CheckForbiddenStatus(t, resp)
+}
+
+func TestExecuteCommandInDirectMessageChannel(t *testing.T) {
+ th := Setup().InitBasic()
+ defer th.TearDown()
+ client := th.Client
+
+ enableCommands := *utils.Cfg.ServiceSettings.EnableCommands
+ allowedInternalConnections := *utils.Cfg.ServiceSettings.AllowedUntrustedInternalConnections
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableCommands = &enableCommands
+ utils.Cfg.ServiceSettings.AllowedUntrustedInternalConnections = &allowedInternalConnections
+ }()
+ *utils.Cfg.ServiceSettings.EnableCommands = true
+ *utils.Cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost"
+
+ // create a slash command on some other team where we have permission to do so
+ team2 := th.CreateTeam()
+ postCmd := &model.Command{
+ CreatorId: th.BasicUser.Id,
+ TeamId: team2.Id,
+ URL: fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test",
+ Method: model.COMMAND_METHOD_POST,
+ Trigger: "postcommand",
+ }
+ if _, err := th.App.CreateCommand(postCmd); err != nil {
+ t.Fatal("failed to create post command")
+ }
+
+ // make a direct message channel
+ dmChannel, response := client.CreateDirectChannel(th.BasicUser.Id, th.BasicUser2.Id)
+ CheckCreatedStatus(t, response)
+
+ // we should be able to run the slash command in the DM channel
+ _, resp := client.ExecuteCommandWithTeam(dmChannel.Id, team2.Id, "/postcommand")
+ CheckOKStatus(t, resp)
+
+ // but we can't run the slash command in the DM channel if we sub in some other team's id
+ _, resp = client.ExecuteCommandWithTeam(dmChannel.Id, th.BasicTeam.Id, "/postcommand")
+ CheckNotFoundStatus(t, resp)
+}
+
+func TestExecuteCommandInTeamUserIsNotOn(t *testing.T) {
+ th := Setup().InitBasic()
+ defer th.TearDown()
+ client := th.Client
+
+ enableCommands := *utils.Cfg.ServiceSettings.EnableCommands
+ allowedInternalConnections := *utils.Cfg.ServiceSettings.AllowedUntrustedInternalConnections
+ defer func() {
+ utils.Cfg.ServiceSettings.EnableCommands = &enableCommands
+ utils.Cfg.ServiceSettings.AllowedUntrustedInternalConnections = &allowedInternalConnections
+ }()
+ *utils.Cfg.ServiceSettings.EnableCommands = true
+ *utils.Cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost"
+
+ // create a team that the user isn't a part of
+ team2 := th.CreateTeam()
+
+ // create a slash command on that team
+ postCmd := &model.Command{
+ CreatorId: th.BasicUser.Id,
+ TeamId: team2.Id,
+ URL: fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test",
+ Method: model.COMMAND_METHOD_POST,
+ Trigger: "postcommand",
+ }
+ if _, err := th.App.CreateCommand(postCmd); err != nil {
+ t.Fatal("failed to create post command")
+ }
+
+ // make a direct message channel
+ dmChannel, response := client.CreateDirectChannel(th.BasicUser.Id, th.BasicUser2.Id)
+ CheckCreatedStatus(t, response)
+
+ // we should be able to run the slash command in the DM channel
+ _, resp := client.ExecuteCommandWithTeam(dmChannel.Id, team2.Id, "/postcommand")
+ CheckOKStatus(t, resp)
+
+ // if the user is removed from the team, they should NOT be able to run the slash command in the DM channel
+ if success, _ := client.RemoveTeamMember(team2.Id, th.BasicUser.Id); !success {
+ t.Fatal("Failed to remove user from team")
+ }
+ _, resp = client.ExecuteCommandWithTeam(dmChannel.Id, team2.Id, "/postcommand")
+ CheckForbiddenStatus(t, resp)
+
+ // if we omit the team id from the request, the slash command will fail because this is a DM channel, and the
+ // team id can't be inherited from the channel
+ _, resp = client.ExecuteCommand(dmChannel.Id, "/postcommand")
+ CheckForbiddenStatus(t, resp)
+}
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-05-20 13:02:40 +0000