6 files changed, 110 insertions, 70 deletions

diff --git a/api4/apitestlib.go b/api4/apitestlib.go
index 8293a03f7..ff7d47b26 100644
--- a/api4/apitestlib.go
+++ b/api4/apitestlib.go
@@ -49,6 +49,7 @@ type TestHelper struct {
 
 	SystemAdminClient *model.Client4
 	SystemAdminUser   *model.User
+	tempWorkspace     string
 }
 
 type persistentTestStore struct {
@@ -137,6 +138,25 @@ func setupTestHelper(enterprise bool) *TestHelper {
 
 	th.Client = th.CreateClient()
 	th.SystemAdminClient = th.CreateClient()
+
+	if th.tempWorkspace == "" {
+		dir, err := ioutil.TempDir("", "apptest")
+		if err != nil {
+			panic(err)
+		}
+		th.tempWorkspace = dir
+	}
+
+	pluginDir := filepath.Join(th.tempWorkspace, "plugins")
+	webappDir := filepath.Join(th.tempWorkspace, "webapp")
+
+	th.App.UpdateConfig(func(cfg *model.Config) {
+		*cfg.PluginSettings.Directory = pluginDir
+		*cfg.PluginSettings.ClientDirectory = webappDir
+	})
+
+	th.App.InitPlugins(pluginDir, webappDir)
+
 	return th
 }
 
diff --git a/api4/channel_test.go b/api4/channel_test.go
index 43223d060..0d8fbe4d5 100644
--- a/api4/channel_test.go
+++ b/api4/channel_test.go
@@ -1931,9 +1931,6 @@ func TestRemoveChannelMember(t *testing.T) {
 		t.Fatal("should have passed")
 	}
 
-	_, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, th.BasicUser2.Id)
-	CheckNoError(t, resp)
-
 	_, resp = Client.RemoveUserFromChannel(th.BasicChannel.Id, "junk")
 	CheckBadRequestStatus(t, resp)
 
diff --git a/api4/command.go b/api4/command.go
index 3ab2839ba..69efee010 100644
--- a/api4/command.go
+++ b/api4/command.go
@@ -4,7 +4,6 @@
 package api4
 
 import (
-	"io/ioutil"
 	"net/http"
 	"strconv"
 	"strings"
@@ -22,9 +21,6 @@ func (api *API) InitCommand() {
 
 	api.BaseRoutes.Team.Handle("/commands/autocomplete", api.ApiSessionRequired(listAutocompleteCommands)).Methods("GET")
 	api.BaseRoutes.Command.Handle("/regen_token", api.ApiSessionRequired(regenCommandToken)).Methods("PUT")
-
-	api.BaseRoutes.Teams.Handle("/command_test", api.ApiHandler(testCommand)).Methods("POST")
-	api.BaseRoutes.Teams.Handle("/command_test", api.ApiHandler(testCommand)).Methods("GET")
 }
 
 func createCommand(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -291,25 +287,3 @@ func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	w.Write([]byte(model.MapToJson(resp)))
 }
-
-func testCommand(c *Context, w http.ResponseWriter, r *http.Request) {
-	r.ParseForm()
-
-	msg := ""
-	if r.Method == "POST" {
-		msg = msg + "\ntoken=" + r.FormValue("token")
-		msg = msg + "\nteam_domain=" + r.FormValue("team_domain")
-	} else {
-		body, _ := ioutil.ReadAll(r.Body)
-		msg = string(body)
-	}
-
-	rc := &model.CommandResponse{
-		Text:         "test command response " + msg,
-		ResponseType: model.COMMAND_RESPONSE_TYPE_IN_CHANNEL,
-		Type:         "custom_test",
-		Props:        map[string]interface{}{"someprop": "somevalue"},
-	}
-
-	w.Write([]byte(rc.ToJson()))
-}
diff --git a/api4/command_test.go b/api4/command_test.go
index 0d37d7440..96025c063 100644
--- a/api4/command_test.go
+++ b/api4/command_test.go
@@ -4,7 +4,6 @@
 package api4
 
 import (
-	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@@ -423,7 +422,7 @@ func TestExecuteInvalidCommand(t *testing.T) {
 	getCmd := &model.Command{
 		CreatorId: th.BasicUser.Id,
 		TeamId:    th.BasicTeam.Id,
-		URL:       fmt.Sprintf("%s/%s/teams/command_test", ts.URL, model.API_URL_SUFFIX_V4),
+		URL:       ts.URL,
 		Method:    model.COMMAND_METHOD_GET,
 		Trigger:   "getcommand",
 	}
@@ -501,7 +500,7 @@ func TestExecuteGetCommand(t *testing.T) {
 	getCmd := &model.Command{
 		CreatorId: th.BasicUser.Id,
 		TeamId:    th.BasicTeam.Id,
-		URL:       fmt.Sprintf("%s/%s/teams/command_test", ts.URL, model.API_URL_SUFFIX_V4),
+		URL:       ts.URL,
 		Method:    model.COMMAND_METHOD_GET,
 		Trigger:   "getcommand",
 		Token:     token,
@@ -556,16 +555,16 @@ func TestExecutePostCommand(t *testing.T) {
 	}))
 	defer ts.Close()
 
-	getCmd := &model.Command{
+	postCmd := &model.Command{
 		CreatorId: th.BasicUser.Id,
 		TeamId:    th.BasicTeam.Id,
-		URL:       fmt.Sprintf("%s/%s/teams/command_test", ts.URL, model.API_URL_SUFFIX_V4),
+		URL:       ts.URL,
 		Method:    model.COMMAND_METHOD_POST,
 		Trigger:   "postcommand",
 		Token:     token,
 	}
 
-	if _, err := th.App.CreateCommand(getCmd); err != nil {
+	if _, err := th.App.CreateCommand(postCmd); err != nil {
 		t.Fatal("failed to create get command")
 	}
 
@@ -592,14 +591,29 @@ func TestExecuteCommandAgainstChannelOnAnotherTeam(t *testing.T) {
 		})
 	}()
 	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true })
-	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost" })
+	th.App.UpdateConfig(func(cfg *model.Config) {
+		*cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost 127.0.0.1"
+	})
+
+	expectedCommandResponse := &model.CommandResponse{
+		Text:         "test post command response",
+		ResponseType: model.COMMAND_RESPONSE_TYPE_IN_CHANNEL,
+		Type:         "custom_test",
+		Props:        map[string]interface{}{"someprop": "somevalue"},
+	}
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		w.Write([]byte(expectedCommandResponse.ToJson()))
+	}))
+	defer ts.Close()
 
 	// create a slash command on some other team where we have permission to do so
 	team2 := th.CreateTeam()
 	postCmd := &model.Command{
 		CreatorId: th.BasicUser.Id,
 		TeamId:    team2.Id,
-		URL:       fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test",
+		URL:       ts.URL,
 		Method:    model.COMMAND_METHOD_POST,
 		Trigger:   "postcommand",
 	}
@@ -627,14 +641,29 @@ func TestExecuteCommandAgainstChannelUserIsNotIn(t *testing.T) {
 		})
 	}()
 	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true })
-	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost" })
+	th.App.UpdateConfig(func(cfg *model.Config) {
+		*cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost 127.0.0.1"
+	})
+
+	expectedCommandResponse := &model.CommandResponse{
+		Text:         "test post command response",
+		ResponseType: model.COMMAND_RESPONSE_TYPE_IN_CHANNEL,
+		Type:         "custom_test",
+		Props:        map[string]interface{}{"someprop": "somevalue"},
+	}
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		w.Write([]byte(expectedCommandResponse.ToJson()))
+	}))
+	defer ts.Close()
 
 	// create a slash command on some other team where we have permission to do so
 	team2 := th.CreateTeam()
 	postCmd := &model.Command{
 		CreatorId: th.BasicUser.Id,
 		TeamId:    team2.Id,
-		URL:       fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test",
+		URL:       ts.URL,
 		Method:    model.COMMAND_METHOD_POST,
 		Trigger:   "postcommand",
 	}
@@ -667,14 +696,32 @@ func TestExecuteCommandInDirectMessageChannel(t *testing.T) {
 		})
 	}()
 	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true })
-	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost" })
+	th.App.UpdateConfig(func(cfg *model.Config) {
+		*cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost 127.0.0.1"
+	})
 
-	// create a slash command on some other team where we have permission to do so
+	// create a team that the user isn't a part of
 	team2 := th.CreateTeam()
+
+	expectedCommandResponse := &model.CommandResponse{
+		Text:         "test post command response",
+		ResponseType: model.COMMAND_RESPONSE_TYPE_IN_CHANNEL,
+		Type:         "custom_test",
+		Props:        map[string]interface{}{"someprop": "somevalue"},
+	}
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodPost, r.Method)
+		w.Header().Set("Content-Type", "application/json")
+		w.Write([]byte(expectedCommandResponse.ToJson()))
+	}))
+	defer ts.Close()
+
+	// create a slash command on some other team where we have permission to do so
 	postCmd := &model.Command{
 		CreatorId: th.BasicUser.Id,
 		TeamId:    team2.Id,
-		URL:       fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test",
+		URL:       ts.URL,
 		Method:    model.COMMAND_METHOD_POST,
 		Trigger:   "postcommand",
 	}
@@ -709,16 +756,35 @@ func TestExecuteCommandInTeamUserIsNotOn(t *testing.T) {
 		})
 	}()
 	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true })
-	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost" })
+	th.App.UpdateConfig(func(cfg *model.Config) {
+		*cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost 127.0.0.1"
+	})
 
 	// create a team that the user isn't a part of
 	team2 := th.CreateTeam()
 
+	expectedCommandResponse := &model.CommandResponse{
+		Text:         "test post command response",
+		ResponseType: model.COMMAND_RESPONSE_TYPE_IN_CHANNEL,
+		Type:         "custom_test",
+		Props:        map[string]interface{}{"someprop": "somevalue"},
+	}
+
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodPost, r.Method)
+		r.ParseForm()
+		require.Equal(t, team2.Name, r.FormValue("team_domain"))
+
+		w.Header().Set("Content-Type", "application/json")
+		w.Write([]byte(expectedCommandResponse.ToJson()))
+	}))
+	defer ts.Close()
+
 	// create a slash command on that team
 	postCmd := &model.Command{
 		CreatorId: th.BasicUser.Id,
 		TeamId:    team2.Id,
-		URL:       fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test",
+		URL:       ts.URL,
 		Method:    model.COMMAND_METHOD_POST,
 		Trigger:   "postcommand",
 	}
diff --git a/api4/plugin.go b/api4/plugin.go
index ab026ab5f..90ea25b2d 100644
--- a/api4/plugin.go
+++ b/api4/plugin.go
@@ -24,11 +24,10 @@ func (api *API) InitPlugin() {
 	api.BaseRoutes.Plugin.Handle("", api.ApiSessionRequired(removePlugin)).Methods("DELETE")
 
 	api.BaseRoutes.Plugins.Handle("/statuses", api.ApiSessionRequired(getPluginStatuses)).Methods("GET")
-	api.BaseRoutes.Plugin.Handle("/activate", api.ApiSessionRequired(activatePlugin)).Methods("POST")
-	api.BaseRoutes.Plugin.Handle("/deactivate", api.ApiSessionRequired(deactivatePlugin)).Methods("POST")
+	api.BaseRoutes.Plugin.Handle("/enable", api.ApiSessionRequired(enablePlugin)).Methods("POST")
+	api.BaseRoutes.Plugin.Handle("/disable", api.ApiSessionRequired(disablePlugin)).Methods("POST")
 
 	api.BaseRoutes.Plugins.Handle("/webapp", api.ApiHandler(getWebappPlugins)).Methods("GET")
-
 }
 
 func uploadPlugin(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -165,7 +164,7 @@ func getWebappPlugins(c *Context, w http.ResponseWriter, r *http.Request) {
 	w.Write([]byte(model.ManifestListToJson(clientManifests)))
 }
 
-func activatePlugin(c *Context, w http.ResponseWriter, r *http.Request) {
+func enablePlugin(c *Context, w http.ResponseWriter, r *http.Request) {
 	c.RequirePluginId()
 	if c.Err != nil {
 		return
@@ -189,7 +188,7 @@ func activatePlugin(c *Context, w http.ResponseWriter, r *http.Request) {
 	ReturnStatusOK(w)
 }
 
-func deactivatePlugin(c *Context, w http.ResponseWriter, r *http.Request) {
+func disablePlugin(c *Context, w http.ResponseWriter, r *http.Request) {
 	c.RequirePluginId()
 	if c.Err != nil {
 		return
diff --git a/api4/plugin_test.go b/api4/plugin_test.go
index 045ae9212..f9b0f5a07 100644
--- a/api4/plugin_test.go
+++ b/api4/plugin_test.go
@@ -6,7 +6,6 @@ package api4
 import (
 	"bytes"
 	"encoding/json"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -14,18 +13,9 @@ import (
 	"github.com/mattermost/mattermost-server/model"
 	"github.com/mattermost/mattermost-server/utils"
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
 func TestPlugin(t *testing.T) {
-	pluginDir, err := ioutil.TempDir("", "mm-plugin-test")
-	require.NoError(t, err)
-	defer os.RemoveAll(pluginDir)
-
-	webappDir, err := ioutil.TempDir("", "mm-webapp-test")
-	require.NoError(t, err)
-	defer os.RemoveAll(webappDir)
-
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer th.TearDown()
 
@@ -47,12 +37,6 @@ func TestPlugin(t *testing.T) {
 		*cfg.PluginSettings.EnableUploads = true
 	})
 
-	th.App.InitPlugins(pluginDir, webappDir, nil)
-	defer func() {
-		th.App.ShutDownPlugins()
-		th.App.PluginEnv = nil
-	}()
-
 	path, _ := utils.FindDir("tests")
 	file, err := os.Open(filepath.Join(path, "testplugin.tar.gz"))
 	if err != nil {
@@ -109,7 +93,7 @@ func TestPlugin(t *testing.T) {
 	assert.False(t, found)
 
 	// Successful activate
-	ok, resp := th.SystemAdminClient.ActivatePlugin(manifest.Id)
+	ok, resp := th.SystemAdminClient.EnablePlugin(manifest.Id)
 	CheckNoError(t, resp)
 	assert.True(t, ok)
 
@@ -126,12 +110,12 @@ func TestPlugin(t *testing.T) {
 	assert.True(t, found)
 
 	// Activate error case
-	ok, resp = th.SystemAdminClient.ActivatePlugin("junk")
+	ok, resp = th.SystemAdminClient.EnablePlugin("junk")
 	CheckBadRequestStatus(t, resp)
 	assert.False(t, ok)
 
 	// Successful deactivate
-	ok, resp = th.SystemAdminClient.DeactivatePlugin(manifest.Id)
+	ok, resp = th.SystemAdminClient.DisablePlugin(manifest.Id)
 	CheckNoError(t, resp)
 	assert.True(t, ok)
 
@@ -148,7 +132,7 @@ func TestPlugin(t *testing.T) {
 	assert.True(t, found)
 
 	// Deactivate error case
-	ok, resp = th.SystemAdminClient.DeactivatePlugin("junk")
+	ok, resp = th.SystemAdminClient.DisablePlugin("junk")
 	CheckBadRequestStatus(t, resp)
 	assert.False(t, ok)
 
@@ -162,7 +146,7 @@ func TestPlugin(t *testing.T) {
 	CheckForbiddenStatus(t, resp)
 
 	// Successful webapp get
-	_, resp = th.SystemAdminClient.ActivatePlugin(manifest.Id)
+	_, resp = th.SystemAdminClient.EnablePlugin(manifest.Id)
 	CheckNoError(t, resp)
 
 	manifests, resp := th.Client.GetWebappPlugins()