14 files changed, 142 insertions, 71 deletions

diff --git a/api4/channel.go b/api4/channel.go
index d497c9793..b29d2a94c 100644
--- a/api4/channel.go
+++ b/api4/channel.go
@@ -22,6 +22,7 @@ func (api *API) InitChannel() {
 	api.BaseRoutes.ChannelsForTeam.Handle("/ids", api.ApiSessionRequired(getPublicChannelsByIdsForTeam)).Methods("POST")
 	api.BaseRoutes.ChannelsForTeam.Handle("/search", api.ApiSessionRequired(searchChannelsForTeam)).Methods("POST")
 	api.BaseRoutes.ChannelsForTeam.Handle("/autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeam)).Methods("GET")
+	api.BaseRoutes.ChannelsForTeam.Handle("/search_autocomplete", api.ApiSessionRequired(autocompleteChannelsForTeamForSearch)).Methods("GET")
 	api.BaseRoutes.User.Handle("/teams/{team_id:[A-Za-z0-9]+}/channels", api.ApiSessionRequired(getChannelsForTeamForUser)).Methods("GET")
 
 	api.BaseRoutes.Channel.Handle("", api.ApiSessionRequired(getChannel)).Methods("GET")
@@ -642,6 +643,30 @@ func autocompleteChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Requ
 	w.Write([]byte(channels.ToJson()))
 }
 
+func autocompleteChannelsForTeamForSearch(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequireTeamId()
+	if c.Err != nil {
+		return
+	}
+
+	if !c.App.SessionHasPermissionToTeam(c.Session, c.Params.TeamId, model.PERMISSION_LIST_TEAM_CHANNELS) {
+		c.SetPermissionError(model.PERMISSION_LIST_TEAM_CHANNELS)
+		return
+	}
+
+	name := r.URL.Query().Get("name")
+
+	channels, err := c.App.AutocompleteChannelsForSearch(c.Params.TeamId, c.Session.UserId, name)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	// Don't fill in channels props, since unused by client and potentially expensive.
+
+	w.Write([]byte(channels.ToJson()))
+}
+
 func searchChannelsForTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 	c.RequireTeamId()
 	if c.Err != nil {
diff --git a/api4/channel_test.go b/api4/channel_test.go
index 8593ea831..2aec90aea 100644
--- a/api4/channel_test.go
+++ b/api4/channel_test.go
@@ -150,8 +150,8 @@ func TestUpdateChannel(t *testing.T) {
 	channel := &model.Channel{DisplayName: "Test API Name", Name: GenerateTestChannelName(), Type: model.CHANNEL_OPEN, TeamId: team.Id}
 	private := &model.Channel{DisplayName: "Test API Name", Name: GenerateTestChannelName(), Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
 
-	channel, resp := Client.CreateChannel(channel)
-	private, resp = Client.CreateChannel(private)
+	channel, _ = Client.CreateChannel(channel)
+	private, _ = Client.CreateChannel(private)
 
 	//Update a open channel
 	channel.DisplayName = "My new display name"
@@ -434,7 +434,7 @@ func TestCreateGroupChannel(t *testing.T) {
 		t.Fatal("should be equal")
 	}
 
-	rgc, resp = Client.CreateGroupChannel([]string{user2.Id})
+	_, resp = Client.CreateGroupChannel([]string{user2.Id})
 	CheckBadRequestStatus(t, resp)
 
 	user4 := th.CreateUser()
@@ -541,12 +541,12 @@ func TestGetDeletedChannelsForTeam(t *testing.T) {
 	Client := th.Client
 	team := th.BasicTeam
 
-	channels, resp := Client.GetDeletedChannelsForTeam(team.Id, 0, 100, "")
+	_, resp := Client.GetDeletedChannelsForTeam(team.Id, 0, 100, "")
 	CheckForbiddenStatus(t, resp)
 
 	th.LoginTeamAdmin()
 
-	channels, resp = Client.GetDeletedChannelsForTeam(team.Id, 0, 100, "")
+	channels, resp := Client.GetDeletedChannelsForTeam(team.Id, 0, 100, "")
 	CheckNoError(t, resp)
 	numInitialChannelsForTeam := len(channels)
 
@@ -860,6 +860,7 @@ func TestDeleteChannel(t *testing.T) {
 
 	// successful delete of channel with multiple members
 	publicChannel3 := th.CreatePublicChannel()
+	th.App.AddUserToChannel(user, publicChannel3)
 	th.App.AddUserToChannel(user2, publicChannel3)
 	_, resp = Client.DeleteChannel(publicChannel3.Id)
 	CheckNoError(t, resp)
@@ -901,7 +902,7 @@ func TestDeleteChannel(t *testing.T) {
 	publicChannel5 := th.CreatePublicChannel()
 	Client.Logout()
 
-	Client.Login(user2.Id, user2.Password)
+	Client.Login(user.Id, user.Password)
 	_, resp = Client.DeleteChannel(publicChannel5.Id)
 	CheckUnauthorizedStatus(t, resp)
 
@@ -927,16 +928,14 @@ func TestDeleteChannel(t *testing.T) {
 	th.AddPermissionToRole(model.PERMISSION_DELETE_PRIVATE_CHANNEL.Id, model.TEAM_USER_ROLE_ID)
 
 	Client = th.Client
-	team = th.BasicTeam
 	user = th.BasicUser
-	user2 = th.BasicUser2
 
 	// channels created by SystemAdmin
 	publicChannel6 := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_OPEN)
 	privateChannel7 := th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
 	th.App.AddUserToChannel(user, publicChannel6)
 	th.App.AddUserToChannel(user, privateChannel7)
-	th.App.AddUserToChannel(user2, privateChannel7)
+	th.App.AddUserToChannel(user, privateChannel7)
 
 	// successful delete by user
 	_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -956,7 +955,7 @@ func TestDeleteChannel(t *testing.T) {
 	privateChannel7 = th.CreateChannelWithClient(th.SystemAdminClient, model.CHANNEL_PRIVATE)
 	th.App.AddUserToChannel(user, publicChannel6)
 	th.App.AddUserToChannel(user, privateChannel7)
-	th.App.AddUserToChannel(user2, privateChannel7)
+	th.App.AddUserToChannel(user, privateChannel7)
 
 	// cannot delete by user
 	_, resp = Client.DeleteChannel(publicChannel6.Id)
@@ -1629,7 +1628,7 @@ func TestUpdateChannelRoles(t *testing.T) {
 	CheckNoError(t, resp)
 
 	// System Admin promotes User 1
-	pass, resp = th.SystemAdminClient.UpdateChannelRoles(channel.Id, th.BasicUser.Id, CHANNEL_ADMIN)
+	_, resp = th.SystemAdminClient.UpdateChannelRoles(channel.Id, th.BasicUser.Id, CHANNEL_ADMIN)
 	CheckNoError(t, resp)
 
 	th.LoginBasic()
diff --git a/api4/command_test.go b/api4/command_test.go
index 96025c063..10ffbc695 100644
--- a/api4/command_test.go
+++ b/api4/command_test.go
@@ -491,6 +491,7 @@ func TestExecuteGetCommand(t *testing.T) {
 
 		require.Equal(t, token, values.Get("token"))
 		require.Equal(t, th.BasicTeam.Name, values.Get("team_domain"))
+		require.Equal(t, "ourCommand", values.Get("cmd"))
 
 		w.Header().Set("Content-Type", "application/json")
 		w.Write([]byte(expectedCommandResponse.ToJson()))
@@ -500,7 +501,7 @@ func TestExecuteGetCommand(t *testing.T) {
 	getCmd := &model.Command{
 		CreatorId: th.BasicUser.Id,
 		TeamId:    th.BasicTeam.Id,
-		URL:       ts.URL,
+		URL:       ts.URL + "/?cmd=ourCommand",
 		Method:    model.COMMAND_METHOD_GET,
 		Trigger:   "getcommand",
 		Token:     token,
diff --git a/api4/emoji_test.go b/api4/emoji_test.go
index 34fa602cc..e3aca4497 100644
--- a/api4/emoji_test.go
+++ b/api4/emoji_test.go
@@ -340,12 +340,16 @@ func TestDeleteEmoji(t *testing.T) {
 
 	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
 	th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+
 	Client.Logout()
 	th.LoginBasic2()
-	ok, resp = Client.DeleteEmoji(newEmoji.Id)
+
+	_, resp = Client.DeleteEmoji(newEmoji.Id)
 	CheckForbiddenStatus(t, resp)
+
 	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OTHERS_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
 	th.AddPermissionToRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+
 	Client.Logout()
 	th.LoginBasic()
 
@@ -360,8 +364,10 @@ func TestDeleteEmoji(t *testing.T) {
 
 	Client.Logout()
 	th.LoginBasic2()
-	ok, resp = Client.DeleteEmoji(newEmoji.Id)
+
+	_, resp = Client.DeleteEmoji(newEmoji.Id)
 	CheckForbiddenStatus(t, resp)
+
 	Client.Logout()
 	th.LoginBasic()
 
@@ -376,9 +382,11 @@ func TestDeleteEmoji(t *testing.T) {
 
 	th.AddPermissionToRole(model.PERMISSION_MANAGE_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
 	th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_EMOJIS.Id, model.SYSTEM_USER_ROLE_ID)
+
 	Client.Logout()
 	th.LoginBasic2()
-	ok, resp = Client.DeleteEmoji(newEmoji.Id)
+
+	_, resp = Client.DeleteEmoji(newEmoji.Id)
 	CheckNoError(t, resp)
 
 	Client.Logout()
@@ -412,7 +420,8 @@ func TestDeleteEmoji(t *testing.T) {
 
 	Client.Logout()
 	th.LoginBasic2()
-	ok, resp = Client.DeleteEmoji(newEmoji.Id)
+
+	_, resp = Client.DeleteEmoji(newEmoji.Id)
 	CheckNoError(t, resp)
 }
 
diff --git a/api4/file_test.go b/api4/file_test.go
index 9143f4839..607e54dd7 100644
--- a/api4/file_test.go
+++ b/api4/file_test.go
@@ -446,7 +446,7 @@ func TestGetFileLink(t *testing.T) {
 		fileId = fileResp.FileInfos[0].Id
 	}
 
-	link, resp := Client.GetFileLink(fileId)
+	_, resp := Client.GetFileLink(fileId)
 	CheckBadRequestStatus(t, resp)
 
 	// Hacky way to assign file to a post (usually would be done by CreatePost call)
@@ -460,8 +460,9 @@ func TestGetFileLink(t *testing.T) {
 	time.Sleep(2 * time.Second)
 
 	th.App.UpdateConfig(func(cfg *model.Config) { cfg.FileSettings.EnablePublicLink = true })
-	link, resp = Client.GetFileLink(fileId)
+	link, resp := Client.GetFileLink(fileId)
 	CheckNoError(t, resp)
+
 	if link == "" {
 		t.Fatal("should've received public link")
 	}
diff --git a/api4/oauth.go b/api4/oauth.go
index 961b0fecd..990f292e9 100644
--- a/api4/oauth.go
+++ b/api4/oauth.go
@@ -452,6 +452,15 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	service := c.Params.Service
 
+	oauthError := r.URL.Query().Get("error")
+	if oauthError == "access_denied" {
+		utils.RenderWebError(c.App.Config(), w, r, http.StatusTemporaryRedirect, url.Values{
+			"type":    []string{"oauth_access_denied"},
+			"service": []string{strings.Title(service)},
+		}, c.App.AsymmetricSigningKey())
+		return
+	}
+
 	code := r.URL.Query().Get("code")
 	if len(code) == 0 {
 		utils.RenderWebError(c.App.Config(), w, r, http.StatusTemporaryRedirect, url.Values{
diff --git a/api4/oauth_test.go b/api4/oauth_test.go
index cac40e442..dcc7cc5a2 100644
--- a/api4/oauth_test.go
+++ b/api4/oauth_test.go
@@ -8,6 +8,7 @@ import (
 	"io"
 	"io/ioutil"
 	"net/http"
+	"net/http/httptest"
 	"net/url"
 	"strconv"
 	"testing"
@@ -18,6 +19,7 @@ import (
 	"github.com/mattermost/mattermost-server/einterfaces"
 	"github.com/mattermost/mattermost-server/model"
 	"github.com/mattermost/mattermost-server/utils"
+	"github.com/mattermost/mattermost-server/web"
 )
 
 func TestCreateOAuthApp(t *testing.T) {
@@ -1147,6 +1149,30 @@ func TestOAuthComplete(t *testing.T) {
 	}
 }
 
+func TestOAuthComplete_AccessDenied(t *testing.T) {
+	th := Setup().InitBasic()
+	defer th.TearDown()
+
+	c := &Context{
+		App: th.App,
+		Params: &web.Params{
+			Service: "TestService",
+		},
+	}
+	responseWriter := httptest.NewRecorder()
+	request, _ := http.NewRequest(http.MethodGet, th.App.GetSiteURL()+"/signup/TestService/complete?error=access_denied", nil)
+
+	completeOAuth(c, responseWriter, request)
+
+	response := responseWriter.Result()
+
+	assert.Equal(t, http.StatusTemporaryRedirect, response.StatusCode)
+
+	location, _ := url.Parse(response.Header.Get("Location"))
+	assert.Equal(t, "oauth_access_denied", location.Query().Get("type"))
+	assert.Equal(t, "TestService", location.Query().Get("service"))
+}
+
 func HttpGet(url string, httpClient *http.Client, authToken string, followRedirect bool) (*http.Response, *model.AppError) {
 	rq, _ := http.NewRequest("GET", url, nil)
 	rq.Close = true
diff --git a/api4/post_test.go b/api4/post_test.go
index c428d3ab2..8ccd88a42 100644
--- a/api4/post_test.go
+++ b/api4/post_test.go
@@ -65,7 +65,7 @@ func TestCreatePost(t *testing.T) {
 	CheckBadRequestStatus(t, resp)
 
 	post2 := &model.Post{ChannelId: th.BasicChannel2.Id, Message: "zz" + model.NewId() + "a", CreateAt: 123}
-	rpost2, resp := Client.CreatePost(post2)
+	rpost2, _ := Client.CreatePost(post2)
 
 	if rpost2.CreateAt == post2.CreateAt {
 		t.Fatal("create at should not match")
@@ -154,7 +154,7 @@ func TestCreatePostEphemeral(t *testing.T) {
 	CheckUnauthorizedStatus(t, resp)
 
 	Client = th.Client
-	rpost, resp = Client.CreatePostEphemeral(ephemeralPost)
+	_, resp = Client.CreatePostEphemeral(ephemeralPost)
 	CheckForbiddenStatus(t, resp)
 }
 
@@ -1023,22 +1023,22 @@ func TestGetFlaggedPostsForUser(t *testing.T) {
 
 	Client.Logout()
 
-	rpl, resp = Client.GetFlaggedPostsForUserInChannel(user.Id, channel1.Id, 0, 10)
+	_, resp = Client.GetFlaggedPostsForUserInChannel(user.Id, channel1.Id, 0, 10)
 	CheckUnauthorizedStatus(t, resp)
 
-	rpl, resp = Client.GetFlaggedPostsForUserInTeam(user.Id, team1.Id, 0, 10)
+	_, resp = Client.GetFlaggedPostsForUserInTeam(user.Id, team1.Id, 0, 10)
 	CheckUnauthorizedStatus(t, resp)
 
-	rpl, resp = Client.GetFlaggedPostsForUser(user.Id, 0, 10)
+	_, resp = Client.GetFlaggedPostsForUser(user.Id, 0, 10)
 	CheckUnauthorizedStatus(t, resp)
 
-	rpl, resp = th.SystemAdminClient.GetFlaggedPostsForUserInChannel(user.Id, channel1.Id, 0, 10)
+	_, resp = th.SystemAdminClient.GetFlaggedPostsForUserInChannel(user.Id, channel1.Id, 0, 10)
 	CheckNoError(t, resp)
 
-	rpl, resp = th.SystemAdminClient.GetFlaggedPostsForUserInTeam(user.Id, team1.Id, 0, 10)
+	_, resp = th.SystemAdminClient.GetFlaggedPostsForUserInTeam(user.Id, team1.Id, 0, 10)
 	CheckNoError(t, resp)
 
-	rpl, resp = th.SystemAdminClient.GetFlaggedPostsForUser(user.Id, 0, 10)
+	_, resp = th.SystemAdminClient.GetFlaggedPostsForUser(user.Id, 0, 10)
 	CheckNoError(t, resp)
 }
 
@@ -1153,25 +1153,25 @@ func TestGetPost(t *testing.T) {
 	Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser.Id)
 
 	// Channel is public, should be able to read post
-	post, resp = Client.GetPost(th.BasicPost.Id, "")
+	_, resp = Client.GetPost(th.BasicPost.Id, "")
 	CheckNoError(t, resp)
 
 	privatePost := th.CreatePostWithClient(Client, th.BasicPrivateChannel)
 
-	post, resp = Client.GetPost(privatePost.Id, "")
+	_, resp = Client.GetPost(privatePost.Id, "")
 	CheckNoError(t, resp)
 
 	Client.RemoveUserFromChannel(th.BasicPrivateChannel.Id, th.BasicUser.Id)
 
 	// Channel is private, should not be able to read post
-	post, resp = Client.GetPost(privatePost.Id, "")
+	_, resp = Client.GetPost(privatePost.Id, "")
 	CheckForbiddenStatus(t, resp)
 
 	Client.Logout()
 	_, resp = Client.GetPost(model.NewId(), "")
 	CheckUnauthorizedStatus(t, resp)
 
-	post, resp = th.SystemAdminClient.GetPost(th.BasicPost.Id, "")
+	_, resp = th.SystemAdminClient.GetPost(th.BasicPost.Id, "")
 	CheckNoError(t, resp)
 }
 
@@ -1267,7 +1267,7 @@ func TestGetPostThread(t *testing.T) {
 	_, resp = Client.GetPostThread(model.NewId(), "")
 	CheckUnauthorizedStatus(t, resp)
 
-	list, resp = th.SystemAdminClient.GetPostThread(th.BasicPost.Id, "")
+	_, resp = th.SystemAdminClient.GetPostThread(th.BasicPost.Id, "")
 	CheckNoError(t, resp)
 }
 
@@ -1351,12 +1351,13 @@ func TestSearchPosts(t *testing.T) {
 		t.Fatal("wrong search")
 	}
 
-	if posts, resp = Client.SearchPosts(th.BasicTeam.Id, "*", false); len(posts.Order) != 0 {
+	if posts, _ = Client.SearchPosts(th.BasicTeam.Id, "*", false); len(posts.Order) != 0 {
 		t.Fatal("searching for just * shouldn't return any results")
 	}
 
 	posts, resp = Client.SearchPosts(th.BasicTeam.Id, "post1 post2", true)
 	CheckNoError(t, resp)
+
 	if len(posts.Order) != 2 {
 		t.Fatal("wrong search results")
 	}
diff --git a/api4/preference_test.go b/api4/preference_test.go
index 68d34784f..41681ff69 100644
--- a/api4/preference_test.go
+++ b/api4/preference_test.go
@@ -105,15 +105,15 @@ func TestGetPreferencesByCategory(t *testing.T) {
 		t.Fatalf("received the wrong number of preferences %v:%v", len(prefs), 2)
 	}
 
-	prefs, resp = Client.GetPreferencesByCategory(user1.Id, "junk")
+	_, resp = Client.GetPreferencesByCategory(user1.Id, "junk")
 	CheckNotFoundStatus(t, resp)
 
 	th.LoginBasic2()
 
-	prefs, resp = Client.GetPreferencesByCategory(th.BasicUser2.Id, category)
+	_, resp = Client.GetPreferencesByCategory(th.BasicUser2.Id, category)
 	CheckNotFoundStatus(t, resp)
 
-	prefs, resp = Client.GetPreferencesByCategory(user1.Id, category)
+	_, resp = Client.GetPreferencesByCategory(user1.Id, category)
 	CheckForbiddenStatus(t, resp)
 
 	prefs, resp = Client.GetPreferencesByCategory(th.BasicUser2.Id, "junk")
@@ -309,7 +309,7 @@ func TestDeletePreferences(t *testing.T) {
 
 	th.LoginBasic()
 
-	prefs, resp := Client.GetPreferences(th.BasicUser.Id)
+	prefs, _ := Client.GetPreferences(th.BasicUser.Id)
 	originalCount := len(prefs)
 
 	// save 10 preferences
@@ -328,7 +328,7 @@ func TestDeletePreferences(t *testing.T) {
 	// delete 10 preferences
 	th.LoginBasic2()
 
-	_, resp = Client.DeletePreferences(th.BasicUser2.Id, &preferences)
+	_, resp := Client.DeletePreferences(th.BasicUser2.Id, &preferences)
 	CheckForbiddenStatus(t, resp)
 
 	th.LoginBasic()
@@ -339,7 +339,7 @@ func TestDeletePreferences(t *testing.T) {
 	_, resp = Client.DeletePreferences(th.BasicUser2.Id, &preferences)
 	CheckForbiddenStatus(t, resp)
 
-	prefs, resp = Client.GetPreferences(th.BasicUser.Id)
+	prefs, _ = Client.GetPreferences(th.BasicUser.Id)
 	if len(prefs) != originalCount {
 		t.Fatal("should've deleted preferences")
 	}
diff --git a/api4/role_test.go b/api4/role_test.go
index 8149ff3c6..2a8008dc9 100644
--- a/api4/role_test.go
+++ b/api4/role_test.go
@@ -130,7 +130,7 @@ func TestGetRolesByNames(t *testing.T) {
 	assert.Contains(t, received, role3)
 
 	// Check a list of non-existent roles.
-	received, resp = th.Client.GetRolesByNames([]string{model.NewId(), model.NewId()})
+	_, resp = th.Client.GetRolesByNames([]string{model.NewId(), model.NewId()})
 	CheckNoError(t, resp)
 
 	// Empty list should error.
@@ -138,11 +138,11 @@ func TestGetRolesByNames(t *testing.T) {
 	CheckBadRequestStatus(t, resp)
 
 	// Invalid role name should error.
-	received, resp = th.Client.GetRolesByNames([]string{model.NewId(), model.NewId(), "!!!!!!"})
+	_, resp = th.Client.GetRolesByNames([]string{model.NewId(), model.NewId(), "!!!!!!"})
 	CheckBadRequestStatus(t, resp)
 
 	// Empty/whitespace rolenames should be ignored.
-	received, resp = th.Client.GetRolesByNames([]string{model.NewId(), model.NewId(), "", "    "})
+	_, resp = th.Client.GetRolesByNames([]string{model.NewId(), model.NewId(), "", "    "})
 	CheckNoError(t, resp)
 }
 
@@ -178,16 +178,16 @@ func TestPatchRole(t *testing.T) {
 	assert.Equal(t, received.SchemeManaged, role.SchemeManaged)
 
 	// Check a no-op patch succeeds.
-	received, resp = th.SystemAdminClient.PatchRole(role.Id, patch)
+	_, resp = th.SystemAdminClient.PatchRole(role.Id, patch)
 	CheckNoError(t, resp)
 
-	received, resp = th.SystemAdminClient.PatchRole("junk", patch)
+	_, resp = th.SystemAdminClient.PatchRole("junk", patch)
 	CheckBadRequestStatus(t, resp)
 
-	received, resp = th.Client.PatchRole(model.NewId(), patch)
+	_, resp = th.Client.PatchRole(model.NewId(), patch)
 	CheckNotFoundStatus(t, resp)
 
-	received, resp = th.Client.PatchRole(role.Id, patch)
+	_, resp = th.Client.PatchRole(role.Id, patch)
 	CheckForbiddenStatus(t, resp)
 
 	// Check a change that the license would not allow.
@@ -195,7 +195,7 @@ func TestPatchRole(t *testing.T) {
 		Permissions: &[]string{"manage_system", "manage_webhooks"},
 	}
 
-	received, resp = th.SystemAdminClient.PatchRole(role.Id, patch)
+	_, resp = th.SystemAdminClient.PatchRole(role.Id, patch)
 	CheckNotImplementedStatus(t, resp)
 
 	// Add a license.
diff --git a/api4/status_test.go b/api4/status_test.go
index 9b3583c1e..afff8526d 100644
--- a/api4/status_test.go
+++ b/api4/status_test.go
@@ -150,11 +150,11 @@ func TestUpdateUserStatus(t *testing.T) {
 	}
 
 	toUpdateUserStatus.Status = "online"
-	updateUserStatus, resp = Client.UpdateUserStatus(th.BasicUser2.Id, toUpdateUserStatus)
+	_, resp = Client.UpdateUserStatus(th.BasicUser2.Id, toUpdateUserStatus)
 	CheckForbiddenStatus(t, resp)
 
 	toUpdateUserStatus.Status = "online"
-	updateUserStatus, resp = th.SystemAdminClient.UpdateUserStatus(th.BasicUser2.Id, toUpdateUserStatus)
+	updateUserStatus, _ = th.SystemAdminClient.UpdateUserStatus(th.BasicUser2.Id, toUpdateUserStatus)
 	if updateUserStatus.Status != "online" {
 		t.Fatal("Should return online status")
 	}
diff --git a/api4/team_test.go b/api4/team_test.go
index 468b9451d..8304c979d 100644
--- a/api4/team_test.go
+++ b/api4/team_test.go
@@ -858,10 +858,10 @@ func TestSearchAllTeams(t *testing.T) {
 
 	Client.Logout()
 
-	rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.Name})
+	_, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.Name})
 	CheckUnauthorizedStatus(t, resp)
 
-	rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName})
+	_, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName})
 	CheckUnauthorizedStatus(t, resp)
 }
 
@@ -1148,10 +1148,10 @@ func TestGetTeamMembers(t *testing.T) {
 	CheckForbiddenStatus(t, resp)
 
 	Client.Logout()
-	rmembers, resp = Client.GetTeamMembers(team.Id, 0, 1, "")
+	_, resp = Client.GetTeamMembers(team.Id, 0, 1, "")
 	CheckUnauthorizedStatus(t, resp)
 
-	rmembers, resp = th.SystemAdminClient.GetTeamMembers(team.Id, 0, 100, "")
+	_, resp = th.SystemAdminClient.GetTeamMembers(team.Id, 0, 100, "")
 	CheckNoError(t, resp)
 }
 
@@ -1220,10 +1220,10 @@ func TestGetTeamMembersByIds(t *testing.T) {
 		t.Fatal("1 user should be returned")
 	}
 
-	tm1, resp = Client.GetTeamMembersByIds("junk", []string{th.BasicUser.Id})
+	_, resp = Client.GetTeamMembersByIds("junk", []string{th.BasicUser.Id})
 	CheckBadRequestStatus(t, resp)
 
-	tm1, resp = Client.GetTeamMembersByIds(model.NewId(), []string{th.BasicUser.Id})
+	_, resp = Client.GetTeamMembersByIds(model.NewId(), []string{th.BasicUser.Id})
 	CheckForbiddenStatus(t, resp)
 
 	Client.Logout()
@@ -1244,7 +1244,7 @@ func TestAddTeamMember(t *testing.T) {
 
 	// Regular user can't add a member to a team they don't belong to.
 	th.LoginBasic2()
-	tm, resp := Client.AddTeamMember(team.Id, otherUser.Id)
+	_, resp := Client.AddTeamMember(team.Id, otherUser.Id)
 	CheckForbiddenStatus(t, resp)
 	if resp.Error == nil {
 		t.Fatalf("Error is nil")
@@ -1253,7 +1253,7 @@ func TestAddTeamMember(t *testing.T) {
 
 	// Regular user can add a member to a team they belong to.
 	th.LoginBasic()
-	tm, resp = Client.AddTeamMember(team.Id, otherUser.Id)
+	tm, resp := Client.AddTeamMember(team.Id, otherUser.Id)
 	CheckNoError(t, resp)
 	CheckCreatedStatus(t, resp)
 
@@ -1370,7 +1370,7 @@ func TestAddTeamMember(t *testing.T) {
 	token.CreateAt = model.GetMillis() - 1000*60*60*50
 	<-th.App.Srv.Store.Token().Save(token)
 
-	tm, resp = Client.AddTeamMemberFromInvite(token.Token, "")
+	_, resp = Client.AddTeamMemberFromInvite(token.Token, "")
 	CheckBadRequestStatus(t, resp)
 	th.App.DeleteToken(token)
 
@@ -1382,7 +1382,7 @@ func TestAddTeamMember(t *testing.T) {
 	)
 	<-th.App.Srv.Store.Token().Save(token)
 
-	tm, resp = Client.AddTeamMemberFromInvite(token.Token, "")
+	_, resp = Client.AddTeamMemberFromInvite(token.Token, "")
 	CheckNotFoundStatus(t, resp)
 	th.App.DeleteToken(token)
 
@@ -1428,13 +1428,13 @@ func TestAddTeamMembers(t *testing.T) {
 
 	// Regular user can't add a member to a team they don't belong to.
 	th.LoginBasic2()
-	tm, resp := Client.AddTeamMembers(team.Id, userList)
+	_, resp := Client.AddTeamMembers(team.Id, userList)
 	CheckForbiddenStatus(t, resp)
 	Client.Logout()
 
 	// Regular user can add a member to a team they belong to.
 	th.LoginBasic()
-	tm, resp = Client.AddTeamMembers(team.Id, userList)
+	tm, resp := Client.AddTeamMembers(team.Id, userList)
 	CheckNoError(t, resp)
 	CheckCreatedStatus(t, resp)
 
@@ -2018,7 +2018,7 @@ func TestGetTeamInviteInfo(t *testing.T) {
 	team, resp = th.SystemAdminClient.UpdateTeam(team)
 	CheckNoError(t, resp)
 
-	team, resp = Client.GetTeamInviteInfo(team.InviteId)
+	_, resp = Client.GetTeamInviteInfo(team.InviteId)
 	CheckNoError(t, resp)
 
 	_, resp = Client.GetTeamInviteInfo("junk")
diff --git a/api4/user_test.go b/api4/user_test.go
index 6cd64b7cf..e624d747d 100644
--- a/api4/user_test.go
+++ b/api4/user_test.go
@@ -406,7 +406,7 @@ func TestGetUser(t *testing.T) {
 	CheckUnauthorizedStatus(t, resp)
 
 	// System admins should ignore privacy settings
-	ruser, resp = th.SystemAdminClient.GetUser(user.Id, resp.Etag)
+	ruser, _ = th.SystemAdminClient.GetUser(user.Id, resp.Etag)
 	if ruser.Email == "" {
 		t.Fatal("email should not be blank")
 	}
@@ -474,7 +474,7 @@ func TestGetUserByUsername(t *testing.T) {
 	CheckUnauthorizedStatus(t, resp)
 
 	// System admins should ignore privacy settings
-	ruser, resp = th.SystemAdminClient.GetUserByUsername(user.Username, resp.Etag)
+	ruser, _ = th.SystemAdminClient.GetUserByUsername(user.Username, resp.Etag)
 	if ruser.Email == "" {
 		t.Fatal("email should not be blank")
 	}
@@ -539,7 +539,7 @@ func TestGetUserByEmail(t *testing.T) {
 	CheckUnauthorizedStatus(t, resp)
 
 	// System admins should ignore privacy settings
-	ruser, resp = th.SystemAdminClient.GetUserByEmail(user.Email, resp.Etag)
+	ruser, _ = th.SystemAdminClient.GetUserByEmail(user.Email, resp.Etag)
 	if ruser.Email == "" {
 		t.Fatal("email should not be blank")
 	}
@@ -2208,14 +2208,14 @@ func TestVerifyUserEmail(t *testing.T) {
 
 	user := model.User{Email: th.GenerateTestEmail(), Nickname: "Darth Vader", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID}
 
-	ruser, resp := Client.CreateUser(&user)
+	ruser, _ := Client.CreateUser(&user)
 
 	token, err := th.App.CreateVerifyEmailToken(ruser.Id)
 	if err != nil {
 		t.Fatal("Unable to create email verify token")
 	}
 
-	_, resp = Client.VerifyUserEmail(token.Token)
+	_, resp := Client.VerifyUserEmail(token.Token)
 	CheckNoError(t, resp)
 
 	_, resp = Client.VerifyUserEmail(GenerateTestId())
@@ -2329,7 +2329,7 @@ func TestCBALogin(t *testing.T) {
 	}
 
 	Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + th.BasicUser.Email
-	user, resp = Client.Login(th.BasicUser.Email, "")
+	user, _ = Client.Login(th.BasicUser.Email, "")
 	if !(user != nil && user.Email == th.BasicUser.Email) {
 		t.Fatal("Should have been able to login")
 	}
@@ -2340,13 +2340,13 @@ func TestCBALogin(t *testing.T) {
 	})
 
 	Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + th.BasicUser.Email
-	user, resp = Client.Login(th.BasicUser.Email, "")
+	user, _ = Client.Login(th.BasicUser.Email, "")
 	if resp.Error.StatusCode != 400 && user == nil {
 		t.Fatal("Should have failed because password is required")
 	}
 
 	Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + th.BasicUser.Email
-	user, resp = Client.Login(th.BasicUser.Email, th.BasicUser.Password)
+	user, _ = Client.Login(th.BasicUser.Email, th.BasicUser.Password)
 	if !(user != nil && user.Email == th.BasicUser.Email) {
 		t.Fatal("Should have been able to login")
 	}
@@ -2597,7 +2597,7 @@ func TestGetUserAccessToken(t *testing.T) {
 	_, resp = AdminClient.GetUserAccessToken(token.Id)
 	CheckNoError(t, resp)
 
-	token, resp = Client.CreateUserAccessToken(th.BasicUser.Id, testDescription)
+	_, resp = Client.CreateUserAccessToken(th.BasicUser.Id, testDescription)
 	CheckNoError(t, resp)
 
 	rtokens, resp := Client.GetUserAccessTokensForUser(th.BasicUser.Id, 0, 100)
diff --git a/api4/webhook_test.go b/api4/webhook_test.go
index 764f25709..78598f9dc 100644
--- a/api4/webhook_test.go
+++ b/api4/webhook_test.go
@@ -365,7 +365,7 @@ func TestGetOutgoingWebhooks(t *testing.T) {
 		t.Fatal("missing hook")
 	}
 
-	hooks, resp = th.SystemAdminClient.GetOutgoingWebhooksForChannel(model.NewId(), 0, 1000, "")
+	_, resp = th.SystemAdminClient.GetOutgoingWebhooksForChannel(model.NewId(), 0, 1000, "")
 	CheckForbiddenStatus(t, resp)
 
 	_, resp = Client.GetOutgoingWebhooks(0, 1000, "")