From 5a855e1ca1c1403ea63e4812d33b2b10a6a0fcf7 Mon Sep 17 00:00:00 2001 From: n1aba Date: Mon, 18 Sep 2017 14:40:41 +0300 Subject: Implement update OAuthApp endpoint for APIv4, add test (#7413) --- api4/oauth.go | 42 +++++++++++++++++++++ api4/oauth_test.go | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 148 insertions(+) (limited to 'api4') diff --git a/api4/oauth.go b/api4/oauth.go index 593d405db..c3b64b608 100644 --- a/api4/oauth.go +++ b/api4/oauth.go @@ -18,6 +18,7 @@ func InitOAuth() { l4g.Debug(utils.T("api.oauth.init.debug")) BaseRoutes.OAuthApps.Handle("", ApiSessionRequired(createOAuthApp)).Methods("POST") + BaseRoutes.OAuthApp.Handle("", ApiSessionRequired(updateOAuthApp)).Methods("PUT") BaseRoutes.OAuthApps.Handle("", ApiSessionRequired(getOAuthApps)).Methods("GET") BaseRoutes.OAuthApp.Handle("", ApiSessionRequired(getOAuthApp)).Methods("GET") BaseRoutes.OAuthApp.Handle("/info", ApiSessionRequired(getOAuthAppInfo)).Methods("GET") @@ -74,6 +75,47 @@ func createOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(rapp.ToJson())) } +func updateOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireAppId() + if c.Err != nil { + return + } + + if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { + c.SetPermissionError(model.PERMISSION_MANAGE_OAUTH) + return + } + + oauthApp := model.OAuthAppFromJson(r.Body) + if oauthApp == nil { + c.SetInvalidParam("oauth_app") + return + } + + c.LogAudit("attempt") + + oldOauthApp, err := c.App.GetOAuthApp(c.Params.AppId) + if err != nil { + c.Err = err + return + } + + if c.Session.UserId != oauthApp.CreatorId && !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) { + c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM_WIDE_OAUTH) + return + } + + updatedOauthApp, err := c.App.UpdateOauthApp(oldOauthApp, oauthApp) + if err != nil { + c.Err = err + return + } + + c.LogAudit("success") + + w.Write([]byte(updatedOauthApp.ToJson())) +} + func getOAuthApps(c *Context, w http.ResponseWriter, r *http.Request) { if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_OAUTH) { c.Err = model.NewAppError("getOAuthApps", "api.command.admin_only.app_error", nil, "", http.StatusForbidden) diff --git a/api4/oauth_test.go b/api4/oauth_test.go index d25e4f934..33ed1ac55 100644 --- a/api4/oauth_test.go +++ b/api4/oauth_test.go @@ -81,6 +81,112 @@ func TestCreateOAuthApp(t *testing.T) { CheckNotImplementedStatus(t, resp) } +func TestUpdateOAuthApp(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + AdminClient := th.SystemAdminClient + + enableOAuth := utils.Cfg.ServiceSettings.EnableOAuthServiceProvider + adminOnly := *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations + defer func() { + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = adminOnly + }() + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true + utils.SetDefaultRolesBasedOnConfig() + + oapp := &model.OAuthApp{ + Name: "oapp", + IsTrusted: false, + IconURL: "https://nowhere.com/img", + Homepage: "https://nowhere.com", + Description: "test", + CallbackUrls: []string{"https://callback.com"}, + } + + oapp, _ = AdminClient.CreateOAuthApp(oapp) + + oapp.Name = "oapp_update" + oapp.IsTrusted = true + oapp.IconURL = "https://nowhere.com/img_update" + oapp.Homepage = "https://nowhere_update.com" + oapp.Description = "test_update" + oapp.CallbackUrls = []string{"https://callback_update.com","https://another_callback.com"} + + updatedApp, resp := AdminClient.UpdateOAuthApp(oapp) + CheckNoError(t, resp) + + if updatedApp.Id != oapp.Id { + t.Fatal("Id should have not updated") + } + + if updatedApp.CreatorId != oapp.CreatorId { + t.Fatal("CreatorId should have not updated") + } + + if updatedApp.CreateAt != oapp.CreateAt { + t.Fatal("CreateAt should have not updated") + } + + if updatedApp.UpdateAt == oapp.UpdateAt { + t.Fatal("UpdateAt should have updated") + } + + if updatedApp.ClientSecret != oapp.ClientSecret { + t.Fatal("ClientSecret should have not updated") + } + + if updatedApp.Name != oapp.Name { + t.Fatal("Name should have updated") + } + + if updatedApp.Description != oapp.Description { + t.Fatal("Description should have updated") + } + + if updatedApp.IconURL != oapp.IconURL { + t.Fatal("IconURL should have updated") + } + + if len(updatedApp.CallbackUrls) == len(oapp.CallbackUrls) { + for i, callbackUrl := range updatedApp.CallbackUrls { + if callbackUrl != oapp.CallbackUrls[i] { + t.Fatal("Description should have updated") + } + } + } + + if updatedApp.Homepage != oapp.Homepage { + t.Fatal("Homepage should have updated") + } + + if updatedApp.IsTrusted != oapp.IsTrusted { + t.Fatal("IsTrusted should have updated") + } + + *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false + utils.SetDefaultRolesBasedOnConfig() + _, resp = Client.UpdateOAuthApp(oapp) + CheckForbiddenStatus(t, resp) + + oapp.Id = "zhk9d1ggatrqz236c7h87im7bc" + _, resp = AdminClient.UpdateOAuthApp(oapp) + CheckNotFoundStatus(t, resp) + + utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = false + _, resp = AdminClient.UpdateOAuthApp(oapp) + CheckNotImplementedStatus(t, resp) + + Client.Logout() + _, resp = Client.UpdateOAuthApp(oapp) + CheckUnauthorizedStatus(t, resp) + + oapp.Id = "junk" + _, resp = AdminClient.UpdateOAuthApp(oapp) + CheckBadRequestStatus(t, resp) +} + func TestGetOAuthApps(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() -- cgit v1.2.3-1-g7c22