diff options
Diffstat (limited to 'api')
-rw-r--r-- | api/channel_test.go | 9 | ||||
-rw-r--r-- | api/context.go | 1 | ||||
-rw-r--r-- | api/user.go | 11 |
3 files changed, 16 insertions, 5 deletions
diff --git a/api/channel_test.go b/api/channel_test.go index ff09ab4bc..ed0554693 100644 --- a/api/channel_test.go +++ b/api/channel_test.go @@ -52,6 +52,8 @@ func TestCreateChannel(t *testing.T) { t.Fatal("Cannot create an existing") } + savedId := rchannel.Data.(*model.Channel).Id + rchannel.Data.(*model.Channel).Id = "" if _, err := Client.CreateChannel(rchannel.Data.(*model.Channel)); err != nil { if err.Message != "A channel with that name already exists" { @@ -63,6 +65,13 @@ func TestCreateChannel(t *testing.T) { t.Fatal("should have been an error") } + Client.DeleteChannel(savedId) + if _, err := Client.CreateChannel(rchannel.Data.(*model.Channel)); err != nil { + if err.Message != "A channel with that name was previously created" { + t.Fatal(err) + } + } + channel = model.Channel{DisplayName: "Channel on Different Team", Name: "aaaa" + model.NewId() + "abbb", Type: model.CHANNEL_OPEN, TeamId: team2.Id} if _, err := Client.CreateChannel(&channel); err.StatusCode != http.StatusForbidden { diff --git a/api/context.go b/api/context.go index 501e4e77f..bea0fbeff 100644 --- a/api/context.go +++ b/api/context.go @@ -84,6 +84,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { if forwardProto == "http" { l4g.Info("redirecting http request to https for %v", r.URL.Path) http.Redirect(w, r, "https://"+r.Host, http.StatusTemporaryRedirect) + return } else { protocol = "https" } diff --git a/api/user.go b/api/user.go index ada781bc7..483ae67b5 100644 --- a/api/user.go +++ b/api/user.go @@ -289,7 +289,7 @@ func login(c *Context, w http.ResponseWriter, r *http.Request) { if !model.ComparePassword(user.Password, props["password"]) { c.LogAuditWithUserId(user.Id, "fail") c.Err = model.NewAppError("login", "Login failed because of invalid password", extraInfo) - c.Err.StatusCode = http.StatusBadRequest + c.Err.StatusCode = http.StatusForbidden return } @@ -417,7 +417,7 @@ func getSessions(c *Context, w http.ResponseWriter, r *http.Request) { params := mux.Vars(r) id := params["id"] - if !c.HasPermissionsToUser(id, "getAudits") { + if !c.HasPermissionsToUser(id, "getSessions") { return } @@ -740,7 +740,7 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { return } - if !c.HasPermissionsToUser(user.Id, "updateUsers") { + if !c.HasPermissionsToUser(user.Id, "updateUser") { return } @@ -813,12 +813,13 @@ func updatePassword(c *Context, w http.ResponseWriter, r *http.Request) { if !model.ComparePassword(user.Password, currentPassword) { c.Err = model.NewAppError("updatePassword", "Update password failed because of invalid password", "") - c.Err.StatusCode = http.StatusBadRequest + c.Err.StatusCode = http.StatusForbidden return } if uresult := <-Srv.Store.User().UpdatePassword(c.Session.UserId, model.HashPassword(newPassword)); uresult.Err != nil { - c.Err = uresult.Err + c.Err = model.NewAppError("updatePassword", "Update password failed", uresult.Err.Error()) + c.Err.StatusCode = http.StatusForbidden return } else { c.LogAudit("completed") |