From 28aa7cdbf2357bda51ba740fd4d7af48b36b96b4 Mon Sep 17 00:00:00 2001 From: Ruzette Tanyag Date: Tue, 14 Feb 2017 10:28:08 -0500 Subject: Implement GET channels endpoints for APIv4 (#5363) * implement get channels endpoints and updated drivers and unittests * removed channel deletion on tear down, removed manage permission on get channels endpoints, and updated utils to add constant channel length * added constants for user, team and channel length, updated context to use the model functions * make sure team name length should be less than the minimum length and revert underscore to team name validity * changed post test condition from notfound to unauthorized --- api4/api.go | 18 ++++++------ api4/apitestlib.go | 4 +-- api4/channel.go | 70 +++++++++++++++++++++++++++++++++++++++++++++ api4/channel_test.go | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++- api4/context.go | 36 +++++++++++++++++------ api4/params.go | 34 ++++++++++++++-------- api4/post_test.go | 2 +- api4/user_test.go | 2 +- app/channel.go | 33 ++++++++++++++++++++-- model/channel.go | 5 +--- model/client4.go | 42 +++++++++++++++++++++++++++ model/team.go | 3 +- model/user.go | 4 ++- model/utils.go | 2 +- 14 files changed, 293 insertions(+), 42 deletions(-) diff --git a/api4/api.go b/api4/api.go index 6348714b2..b05c1a7db 100644 --- a/api4/api.go +++ b/api4/api.go @@ -32,13 +32,14 @@ type Routes struct { TeamMembers *mux.Router // 'api/v4/teams/{team_id:[A-Za-z0-9_-]+}/members' TeamMember *mux.Router // 'api/v4/teams/{team_id:[A-Za-z0-9_-]+}/members/{user_id:[A-Za-z0-9_-]+}' - Channels *mux.Router // 'api/v4/channels' - Channel *mux.Router // 'api/v4/channels/{channel_id:[A-Za-z0-9]+}' - ChannelByName *mux.Router // 'api/v4/teams/{team_id:[A-Za-z0-9]+}/channels/name/{channel_name:[A-Za-z0-9_-]+}' - ChannelsForTeam *mux.Router // 'api/v4/teams/{team_id:[A-Za-z0-9]+}/channels' - ChannelMembers *mux.Router // 'api/v4/channels/{channel_id:[A-Za-z0-9]+}/members' - ChannelMember *mux.Router // 'api/v4/channels/{channel_id:[A-Za-z0-9]+}/members/{user_id:[A-Za-z0-9]+}' - ChannelMembersForUser *mux.Router // 'api/v4/users/{user_id:[A-Za-z0-9]+}/teams/{team_id:[A-Za-z0-9]+}/channels/members' + Channels *mux.Router // 'api/v4/channels' + Channel *mux.Router // 'api/v4/channels/{channel_id:[A-Za-z0-9]+}' + ChannelByName *mux.Router // 'api/v4/teams/{team_id:[A-Za-z0-9]+}/channels/name/{channel_name:[A-Za-z0-9_-]+}' + ChannelByNameForTeamName *mux.Router // 'api/v4/teams/name/{team_name:[A-Za-z0-9_-]+}/channels/name/{channel_name:[A-Za-z0-9_-]+}' + ChannelsForTeam *mux.Router // 'api/v4/teams/{team_id:[A-Za-z0-9]+}/channels' + ChannelMembers *mux.Router // 'api/v4/channels/{channel_id:[A-Za-z0-9]+}/members' + ChannelMember *mux.Router // 'api/v4/channels/{channel_id:[A-Za-z0-9]+}/members/{user_id:[A-Za-z0-9]+}' + ChannelMembersForUser *mux.Router // 'api/v4/users/{user_id:[A-Za-z0-9]+}/teams/{team_id:[A-Za-z0-9]+}/channels/members' Posts *mux.Router // 'api/v4/posts' Post *mux.Router // 'api/v4/posts/{post_id:[A-Za-z0-9]+}' @@ -102,7 +103,8 @@ func InitApi(full bool) { BaseRoutes.Channels = BaseRoutes.ApiRoot.PathPrefix("/channels").Subrouter() BaseRoutes.Channel = BaseRoutes.Channels.PathPrefix("/{channel_id:[A-Za-z0-9]+}").Subrouter() - BaseRoutes.ChannelByName = BaseRoutes.Team.PathPrefix("/name/{channel_name:[A-Za-z0-9_-]+}").Subrouter() + BaseRoutes.ChannelByName = BaseRoutes.Team.PathPrefix("/channels/name/{channel_name:[A-Za-z0-9_-]+}").Subrouter() + BaseRoutes.ChannelByNameForTeamName = BaseRoutes.TeamByName.PathPrefix("/channels/name/{channel_name:[A-Za-z0-9_-]+}").Subrouter() BaseRoutes.ChannelsForTeam = BaseRoutes.Team.PathPrefix("/channels").Subrouter() BaseRoutes.ChannelMembers = BaseRoutes.Channel.PathPrefix("/members").Subrouter() BaseRoutes.ChannelMember = BaseRoutes.ChannelMembers.PathPrefix("/{user_id:[A-Za-z0-9]+}").Subrouter() diff --git a/api4/apitestlib.go b/api4/apitestlib.go index 0761a8b15..08ca338c5 100644 --- a/api4/apitestlib.go +++ b/api4/apitestlib.go @@ -278,11 +278,11 @@ func GenerateTestUsername() string { } func GenerateTestTeamName() string { - return "faketeam" + model.NewId() + return "faketeam" + model.NewRandomString(6) } func GenerateTestChannelName() string { - return "fakechannel" + model.NewId() + return "fakechannel" + model.NewRandomString(10) } func VerifyUserEmail(userId string) { diff --git a/api4/channel.go b/api4/channel.go index 09ed4b571..938511c14 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -18,6 +18,10 @@ func InitChannel() { BaseRoutes.Channels.Handle("", ApiSessionRequired(createChannel)).Methods("POST") BaseRoutes.Channels.Handle("/direct", ApiSessionRequired(createDirectChannel)).Methods("POST") + BaseRoutes.Channel.Handle("", ApiSessionRequired(getChannel)).Methods("GET") + BaseRoutes.ChannelByName.Handle("", ApiSessionRequired(getChannelByName)).Methods("GET") + BaseRoutes.ChannelByNameForTeamName.Handle("", ApiSessionRequired(getChannelByNameForTeamName)).Methods("GET") + BaseRoutes.ChannelMembers.Handle("", ApiSessionRequired(getChannelMembers)).Methods("GET") BaseRoutes.ChannelMembersForUser.Handle("", ApiSessionRequired(getChannelMembersForUser)).Methods("GET") BaseRoutes.ChannelMember.Handle("", ApiSessionRequired(getChannelMember)).Methods("GET") @@ -88,6 +92,72 @@ func createDirectChannel(c *Context, w http.ResponseWriter, r *http.Request) { } } +func getChannel(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireChannelId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionToChannel(c.Session, c.Params.ChannelId, model.PERMISSION_READ_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + + if channel, err := app.GetChannel(c.Params.ChannelId); err != nil { + c.Err = err + return + } else { + w.Write([]byte(channel.ToJson())) + return + } +} + +func getChannelByName(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireTeamId().RequireChannelName() + if c.Err != nil { + return + } + + var channel *model.Channel + var err *model.AppError + + if channel, err = app.GetChannelByName(c.Params.ChannelName, c.Params.TeamId); err != nil { + c.Err = err + return + } + + if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + + w.Write([]byte(channel.ToJson())) + return +} + +func getChannelByNameForTeamName(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireTeamName().RequireChannelName() + if c.Err != nil { + return + } + + var channel *model.Channel + var err *model.AppError + + if channel, err = app.GetChannelByNameForTeamName(c.Params.ChannelName, c.Params.TeamName); err != nil { + c.Err = err + return + } + + if !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) { + c.SetPermissionError(model.PERMISSION_READ_CHANNEL) + return + } + + w.Write([]byte(channel.ToJson())) + return +} + func getChannelMembers(c *Context, w http.ResponseWriter, r *http.Request) { c.RequireChannelId() if c.Err != nil { diff --git a/api4/channel_test.go b/api4/channel_test.go index 91d055bff..7e59f60e8 100644 --- a/api4/channel_test.go +++ b/api4/channel_test.go @@ -221,6 +221,84 @@ func TestCreateDirectChannel(t *testing.T) { CheckNoError(t, resp) } +func TestGetChannel(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + _, resp := Client.GetChannel(th.BasicChannel.Id, "") + CheckNoError(t, resp) + + _, resp = Client.GetChannel(model.NewId(), "") + CheckForbiddenStatus(t, resp) + + Client.Logout() + _, resp = Client.GetChannel(th.BasicChannel.Id, "") + CheckUnauthorizedStatus(t, resp) + + user := th.CreateUser() + Client.Login(user.Email, user.Password) + _, resp = Client.GetChannel(th.BasicChannel.Id, "") + CheckForbiddenStatus(t, resp) + + _, resp = th.SystemAdminClient.GetChannel(th.BasicChannel.Id, "") + CheckNoError(t, resp) + + _, resp = th.SystemAdminClient.GetChannel(th.BasicUser.Id, "") + CheckNotFoundStatus(t, resp) +} + +func TestGetChannelByName(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + _, resp := Client.GetChannelByName(th.BasicChannel.Name, th.BasicTeam.Id, "") + CheckNoError(t, resp) + + _, resp = Client.GetChannelByName(GenerateTestChannelName(), th.BasicTeam.Id, "") + CheckNotFoundStatus(t, resp) + + Client.Logout() + _, resp = Client.GetChannelByName(th.BasicChannel.Name, th.BasicTeam.Id, "") + CheckUnauthorizedStatus(t, resp) + + user := th.CreateUser() + Client.Login(user.Email, user.Password) + _, resp = Client.GetChannelByName(th.BasicChannel.Name, th.BasicTeam.Id, "") + CheckForbiddenStatus(t, resp) + + _, resp = th.SystemAdminClient.GetChannelByName(th.BasicChannel.Name, th.BasicTeam.Id, "") + CheckNoError(t, resp) +} + +func TestGetChannelByNameForTeamName(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + _, resp := th.SystemAdminClient.GetChannelByNameForTeamName(th.BasicChannel.Name, th.BasicTeam.Name, "") + CheckNoError(t, resp) + + _, resp = Client.GetChannelByNameForTeamName(th.BasicChannel.Name, th.BasicTeam.Name, "") + CheckNoError(t, resp) + + _, resp = Client.GetChannelByNameForTeamName(th.BasicChannel.Name, model.NewRandomString(15), "") + CheckNotFoundStatus(t, resp) + + _, resp = Client.GetChannelByNameForTeamName(GenerateTestChannelName(), th.BasicTeam.Name, "") + CheckNotFoundStatus(t, resp) + + Client.Logout() + _, resp = Client.GetChannelByNameForTeamName(th.BasicChannel.Name, th.BasicTeam.Name, "") + CheckUnauthorizedStatus(t, resp) + + user := th.CreateUser() + Client.Login(user.Email, user.Password) + _, resp = Client.GetChannelByNameForTeamName(th.BasicChannel.Name, th.BasicTeam.Name, "") + CheckForbiddenStatus(t, resp) +} + func TestGetChannelMembers(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() @@ -255,7 +333,7 @@ func TestGetChannelMembers(t *testing.T) { } _, resp = Client.GetChannelMembers("", 0, 60, "") - CheckNotFoundStatus(t, resp) + CheckUnauthorizedStatus(t, resp) _, resp = Client.GetChannelMembers("junk", 0, 60, "") CheckBadRequestStatus(t, resp) diff --git a/api4/context.go b/api4/context.go index 06523152f..6a844795f 100644 --- a/api4/context.go +++ b/api4/context.go @@ -364,12 +364,8 @@ func (c *Context) RequireUsername() *Context { return c } - if len(c.Params.Username) < 3 { - c.SetInvalidUrlParam("username") - } - - if len(c.Params.Username) > 22 { - c.SetInvalidUrlParam("username") + if !model.IsValidUsername(c.Params.Username) { + c.SetInvalidParam("username") } return c @@ -386,16 +382,40 @@ func (c *Context) RequirePostId() *Context { return c } +func (c *Context) RequireTeamName() *Context { + if c.Err != nil { + return c + } + + if !model.IsValidTeamName(c.Params.TeamName){ + c.SetInvalidUrlParam("team_name") + } + + return c +} + +func (c *Context) RequireChannelName() *Context { + if c.Err != nil { + return c + } + + if !model.IsValidChannelIdentifier(c.Params.ChannelName) { + c.SetInvalidUrlParam("channel_name") + } + + return c +} + func (c *Context) RequireEmail() *Context { if c.Err != nil { return c } - pos := strings.Index(c.Params.Email, "@") - if pos < 0 { + if !model.IsValidEmail(c.Params.Email) { c.SetInvalidUrlParam("email") } return c } + diff --git a/api4/params.go b/api4/params.go index 4de1da401..9b371e71a 100644 --- a/api4/params.go +++ b/api4/params.go @@ -17,18 +17,20 @@ const ( ) type ApiParams struct { - UserId string - TeamId string - ChannelId string - PostId string - FileId string - CommandId string - HookId string - EmojiId string - Email string - Username string - Page int - PerPage int + UserId string + TeamId string + ChannelId string + PostId string + FileId string + CommandId string + HookId string + EmojiId string + Email string + Username string + TeamName string + ChannelName string + Page int + PerPage int } func ApiParamsFromRequest(r *http.Request) *ApiParams { @@ -76,6 +78,14 @@ func ApiParamsFromRequest(r *http.Request) *ApiParams { params.Username = val } + if val, ok := props["team_name"]; ok { + params.TeamName = val + } + + if val, ok := props["channel_name"]; ok { + params.ChannelName = val + } + if val, err := strconv.Atoi(r.URL.Query().Get("page")); err != nil { params.Page = PAGE_DEFAULT } else { diff --git a/api4/post_test.go b/api4/post_test.go index 32f259d3d..604920b96 100644 --- a/api4/post_test.go +++ b/api4/post_test.go @@ -159,7 +159,7 @@ func TestGetPostsForChannel(t *testing.T) { } _, resp = Client.GetPostsForChannel("", 0, 60, "") - CheckNotFoundStatus(t, resp) + CheckUnauthorizedStatus(t, resp) _, resp = Client.GetPostsForChannel("junk", 0, 60, "") CheckBadRequestStatus(t, resp) diff --git a/api4/user_test.go b/api4/user_test.go index 82c7f921d..79589bdad 100644 --- a/api4/user_test.go +++ b/api4/user_test.go @@ -154,7 +154,7 @@ func TestGetUserByUsername(t *testing.T) { _, resp = Client.GetUserByUsername(GenerateTestUsername(), "") CheckNotFoundStatus(t, resp) - _, resp = Client.GetUserByUsername(model.NewRandomString(25), "") + _, resp = Client.GetUserByUsername(model.NewRandomString(1), "") CheckBadRequestStatus(t, resp) // Check against privacy config settings diff --git a/app/channel.go b/app/channel.go index ab832693f..a95a38327 100644 --- a/app/channel.go +++ b/app/channel.go @@ -543,7 +543,11 @@ func PostUpdateChannelDisplayNameMessage(userId string, channelId string, teamId } func GetChannel(channelId string) (*model.Channel, *model.AppError) { - if result := <-Srv.Store.Channel().Get(channelId, true); result.Err != nil { + if result := <-Srv.Store.Channel().Get(channelId, true); result.Err != nil && result.Err.Id == "store.sql_channel.get.existing.app_error" { + result.Err.StatusCode = http.StatusNotFound + return nil, result.Err + } else if result.Err != nil { + result.Err.StatusCode = http.StatusBadRequest return nil, result.Err } else { return result.Data.(*model.Channel), nil @@ -551,7 +555,32 @@ func GetChannel(channelId string) (*model.Channel, *model.AppError) { } func GetChannelByName(channelName, teamId string) (*model.Channel, *model.AppError) { - if result := <-Srv.Store.Channel().GetByName(teamId, channelName, true); result.Err != nil { + if result := <-Srv.Store.Channel().GetByName(teamId, channelName, true); result.Err != nil && result.Err.Id == "store.sql_channel.get_by_name.missing.app_error" { + result.Err.StatusCode = http.StatusNotFound + return nil, result.Err + } else if result.Err != nil { + result.Err.StatusCode = http.StatusBadRequest + return nil, result.Err + } else { + return result.Data.(*model.Channel), nil + } +} + +func GetChannelByNameForTeamName(channelName, teamName string) (*model.Channel, *model.AppError) { + var team *model.Team + + if result := <-Srv.Store.Team().GetByName(teamName); result.Err != nil { + result.Err.StatusCode = http.StatusNotFound + return nil, result.Err + } else { + team = result.Data.(*model.Team) + } + + if result := <-Srv.Store.Channel().GetByName(team.Id, channelName, true); result.Err != nil && result.Err.Id == "store.sql_channel.get_by_name.missing.app_error" { + result.Err.StatusCode = http.StatusNotFound + return nil, result.Err + } else if result.Err != nil { + result.Err.StatusCode = http.StatusBadRequest return nil, result.Err } else { return result.Data.(*model.Channel), nil diff --git a/model/channel.go b/model/channel.go index 2ad257ccc..3ad7da1fa 100644 --- a/model/channel.go +++ b/model/channel.go @@ -15,6 +15,7 @@ const ( CHANNEL_DIRECT = "D" DEFAULT_CHANNEL = "town-square" CHANNEL_DISPLAY_NAME_MAX_RUNES = 64 + CHANNEL_NAME_MIN_LENGTH = 3 CHANNEL_NAME_MAX_LENGTH = 64 CHANNEL_HEADER_MAX_RUNES = 1024 CHANNEL_PURPOSE_MAX_RUNES = 250 @@ -83,10 +84,6 @@ func (o *Channel) IsValid() *AppError { return NewLocAppError("Channel.IsValid", "model.channel.is_valid.display_name.app_error", nil, "id="+o.Id) } - if len(o.Name) > CHANNEL_NAME_MAX_LENGTH { - return NewLocAppError("Channel.IsValid", "model.channel.is_valid.name.app_error", nil, "id="+o.Id) - } - if !IsValidChannelIdentifier(o.Name) { return NewLocAppError("Channel.IsValid", "model.channel.is_valid.2_or_more.app_error", nil, "id="+o.Id) } diff --git a/model/client4.go b/model/client4.go index 7afc63359..5c51026a9 100644 --- a/model/client4.go +++ b/model/client4.go @@ -72,6 +72,10 @@ func (c *Client4) GetTeamRoute(teamId string) string { return fmt.Sprintf(c.GetTeamsRoute()+"/%v", teamId) } +func (c *Client4) GetTeamByNameRoute(teamName string) string { + return fmt.Sprintf(c.GetTeamsRoute()+"/name/%v", teamName) +} + func (c *Client4) GetTeamMemberRoute(teamId, userId string) string { return fmt.Sprintf(c.GetTeamRoute(teamId)+"/members/%v", userId) } @@ -84,6 +88,14 @@ func (c *Client4) GetChannelRoute(channelId string) string { return fmt.Sprintf(c.GetChannelsRoute()+"/%v", channelId) } +func (c *Client4) GetChannelByNameRoute(channelName, teamId string) string { + return fmt.Sprintf(c.GetTeamRoute(teamId)+"/channels/name/%v", channelName) +} + +func (c *Client4) GetChannelByNameForTeamNameRoute(channelName, teamName string) string { + return fmt.Sprintf(c.GetTeamByNameRoute(teamName)+"/channels/name/%v", channelName) +} + func (c *Client4) GetChannelMembersRoute(channelId string) string { return fmt.Sprintf(c.GetChannelRoute(channelId) + "/members") } @@ -444,6 +456,36 @@ func (c *Client4) CreateDirectChannel(userId1, userId2 string) (*Channel, *Respo } } +// GetChannel returns a channel based on the provided channel id string. +func (c *Client4) GetChannel(channelId, etag string) (*User, *Response) { + if r, err := c.DoApiGet(c.GetChannelRoute(channelId), etag); err != nil { + return nil, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return UserFromJson(r.Body), BuildResponse(r) + } +} + +// GetChannelByName returns a channel based on the provided channel name and team id strings. +func (c *Client4) GetChannelByName(channelName, teamId string, etag string) (*User, *Response) { + if r, err := c.DoApiGet(c.GetChannelByNameRoute(channelName, teamId), etag); err != nil { + return nil, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return UserFromJson(r.Body), BuildResponse(r) + } +} + +// GetChannelByNameForTeamName returns a channel based on the provided channel name and team name strings. +func (c *Client4) GetChannelByNameForTeamName(channelName, teamName string, etag string) (*User, *Response) { + if r, err := c.DoApiGet(c.GetChannelByNameForTeamNameRoute(channelName, teamName), etag); err != nil { + return nil, &Response{StatusCode: r.StatusCode, Error: err} + } else { + defer closeBody(r) + return UserFromJson(r.Body), BuildResponse(r) + } +} + // GetChannelMembers gets a page of channel members. func (c *Client4) GetChannelMembers(channelId string, page, perPage int, etag string) (*ChannelMembers, *Response) { query := fmt.Sprintf("?page=%v&per_page=%v", page, perPage) diff --git a/model/team.go b/model/team.go index 310ad2d91..99444bc5e 100644 --- a/model/team.go +++ b/model/team.go @@ -22,6 +22,7 @@ const ( TEAM_DISPLAY_NAME_MAX_RUNES = 64 TEAM_EMAIL_MAX_LENGTH = 128 TEAM_NAME_MAX_LENGTH = 64 + TEAM_NAME_MIN_LENGTH = 2 ) type Team struct { @@ -228,7 +229,7 @@ func IsValidTeamName(s string) bool { return false } - if len(s) <= 1 { + if len(s) < TEAM_NAME_MIN_LENGTH { return false } diff --git a/model/user.go b/model/user.go index b2b077e5f..8e02fe1ab 100644 --- a/model/user.go +++ b/model/user.go @@ -29,6 +29,8 @@ const ( USER_FIRST_NAME_MAX_RUNES = 64 USER_LAST_NAME_MAX_RUNES = 64 USER_AUTH_DATA_MAX_LENGTH = 128 + USER_NAME_MAX_LENGTH = 64 + USER_NAME_MIN_LENGTH = 3 ) type User struct { @@ -487,7 +489,7 @@ var restrictedUsernames = []string{ } func IsValidUsername(s string) bool { - if len(s) == 0 || len(s) > 64 { + if len(s) < USER_NAME_MIN_LENGTH || len(s) > USER_NAME_MAX_LENGTH { return false } diff --git a/model/utils.go b/model/utils.go index 9ecc19595..fcdf5b5cd 100644 --- a/model/utils.go +++ b/model/utils.go @@ -280,7 +280,7 @@ func IsValidChannelIdentifier(s string) bool { return false } - if len(s) < 2 { + if len(s) < CHANNEL_NAME_MIN_LENGTH { return false } -- cgit v1.2.3-1-g7c22