From 69cac604e09c139845d2f63ac95fb702fb5a9fe1 Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Tue, 21 Feb 2017 19:42:34 -0500
Subject: Implement create and get incoming webhook endpoints for APIv4 (#5407)

* Implement POST /hooks/incoming endpoint for APIv4

* Implement GET /hooks/incoming endpoint for APIv4

* Updates per feedback
---
 api4/api.go          |  11 ++--
 api4/apitestlib.go   |  15 ++++++
 api4/webhook.go      |  85 +++++++++++++++++++++++++++++
 api4/webhook_test.go | 150 +++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 256 insertions(+), 5 deletions(-)
 create mode 100644 api4/webhook.go
 create mode 100644 api4/webhook_test.go

(limited to 'api4')

diff --git a/api4/api.go b/api4/api.go
index df45ff1a3..ca43e7275 100644
--- a/api4/api.go
+++ b/api4/api.go
@@ -52,11 +52,11 @@ type Routes struct {
 	Command         *mux.Router // 'api/v4/commands/{command_id:[A-Za-z0-9]+}'
 	CommandsForTeam *mux.Router // 'api/v4/teams/{team_id:[A-Za-z0-9]+}/commands'
 
-	Hooks         *mux.Router // 'api/v4/teams/hooks'
-	IncomingHooks *mux.Router // 'api/v4/teams/hooks/incoming'
-	IncomingHook  *mux.Router // 'api/v4/teams/hooks/incoming/{hook_id:[A-Za-z0-9]+}'
-	OutgoingHooks *mux.Router // 'api/v4/teams/hooks/outgoing'
-	OutgoingHook  *mux.Router // 'api/v4/teams/hooks/outgoing/{hook_id:[A-Za-z0-9]+}'
+	Hooks         *mux.Router // 'api/v4/hooks'
+	IncomingHooks *mux.Router // 'api/v4/hooks/incoming'
+	IncomingHook  *mux.Router // 'api/v4/hooks/incoming/{hook_id:[A-Za-z0-9]+}'
+	OutgoingHooks *mux.Router // 'api/v4/hooks/outgoing'
+	OutgoingHook  *mux.Router // 'api/v4/hooks/outgoing/{hook_id:[A-Za-z0-9]+}'
 
 	OAuth *mux.Router // 'api/v4/oauth'
 
@@ -145,6 +145,7 @@ func InitApi(full bool) {
 	InitPost()
 	InitFile()
 	InitSystem()
+	InitWebhook()
 
 	app.Srv.Router.Handle("/api/v4/{anything:.*}", http.HandlerFunc(Handle404))
 
diff --git a/api4/apitestlib.go b/api4/apitestlib.go
index bb5ee1594..d77438e04 100644
--- a/api4/apitestlib.go
+++ b/api4/apitestlib.go
@@ -422,6 +422,21 @@ func CheckBadRequestStatus(t *testing.T, resp *model.Response) {
 	}
 }
 
+func CheckNotImplementedStatus(t *testing.T, resp *model.Response) {
+	if resp.Error == nil {
+		debug.PrintStack()
+		t.Fatal("should have errored with status:" + strconv.Itoa(http.StatusNotImplemented))
+		return
+	}
+
+	if resp.StatusCode != http.StatusNotImplemented {
+		debug.PrintStack()
+		t.Log("actual: " + strconv.Itoa(resp.StatusCode))
+		t.Log("expected: " + strconv.Itoa(http.StatusNotImplemented))
+		t.Fatal("wrong status code")
+	}
+}
+
 func CheckErrorMessage(t *testing.T, resp *model.Response, errorId string) {
 	if resp.Error == nil {
 		debug.PrintStack()
diff --git a/api4/webhook.go b/api4/webhook.go
new file mode 100644
index 000000000..9efab6ae2
--- /dev/null
+++ b/api4/webhook.go
@@ -0,0 +1,85 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+	"net/http"
+
+	l4g "github.com/alecthomas/log4go"
+	"github.com/mattermost/platform/app"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+func InitWebhook() {
+	l4g.Debug(utils.T("api.webhook.init.debug"))
+
+	BaseRoutes.IncomingHooks.Handle("", ApiSessionRequired(createIncomingHook)).Methods("POST")
+	BaseRoutes.IncomingHooks.Handle("", ApiSessionRequired(getIncomingHooks)).Methods("GET")
+}
+
+func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) {
+	hook := model.IncomingWebhookFromJson(r.Body)
+	if hook == nil {
+		c.SetInvalidParam("webhook")
+		return
+	}
+
+	channel, err := app.GetChannel(hook.ChannelId)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	c.LogAudit("attempt")
+
+	if !app.SessionHasPermissionToTeam(c.Session, channel.TeamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
+		return
+	}
+
+	if channel.Type != model.CHANNEL_OPEN && !app.SessionHasPermissionToChannel(c.Session, channel.Id, model.PERMISSION_READ_CHANNEL) {
+		c.LogAudit("fail - bad channel permissions")
+		c.SetPermissionError(model.PERMISSION_READ_CHANNEL)
+		return
+	}
+
+	if incomingHook, err := app.CreateIncomingWebhookForChannel(c.Session.UserId, channel, hook); err != nil {
+		c.Err = err
+		return
+	} else {
+		c.LogAudit("success")
+		w.Write([]byte(incomingHook.ToJson()))
+	}
+}
+
+func getIncomingHooks(c *Context, w http.ResponseWriter, r *http.Request) {
+	teamId := r.URL.Query().Get("team_id")
+
+	var hooks []*model.IncomingWebhook
+	var err *model.AppError
+
+	if len(teamId) > 0 {
+		if !app.SessionHasPermissionToTeam(c.Session, teamId, model.PERMISSION_MANAGE_WEBHOOKS) {
+			c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
+			return
+		}
+
+		hooks, err = app.GetIncomingWebhooksForTeamPage(teamId, c.Params.Page, c.Params.PerPage)
+	} else {
+		if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_WEBHOOKS) {
+			c.SetPermissionError(model.PERMISSION_MANAGE_WEBHOOKS)
+			return
+		}
+
+		hooks, err = app.GetIncomingWebhooksPage(c.Params.Page, c.Params.PerPage)
+	}
+
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.Write([]byte(model.IncomingWebhookListToJson(hooks)))
+}
diff --git a/api4/webhook_test.go b/api4/webhook_test.go
new file mode 100644
index 000000000..a6705f6e1
--- /dev/null
+++ b/api4/webhook_test.go
@@ -0,0 +1,150 @@
+// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+	"testing"
+
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+func TestCreateIncomingWebhook(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks
+	enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations
+	defer func() {
+		utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks
+		utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks
+		utils.SetDefaultRolesBasedOnConfig()
+	}()
+	utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true
+	utils.SetDefaultRolesBasedOnConfig()
+
+	hook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
+
+	rhook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook)
+	CheckNoError(t, resp)
+
+	if rhook.ChannelId != hook.ChannelId {
+		t.Fatal("channel ids didn't match")
+	}
+
+	if rhook.UserId != th.SystemAdminUser.Id {
+		t.Fatal("user ids didn't match")
+	}
+
+	if rhook.TeamId != th.BasicTeam.Id {
+		t.Fatal("team ids didn't match")
+	}
+
+	hook.ChannelId = "junk"
+	_, resp = th.SystemAdminClient.CreateIncomingWebhook(hook)
+	CheckNotFoundStatus(t, resp)
+
+	hook.ChannelId = th.BasicChannel.Id
+	th.LoginTeamAdmin()
+	_, resp = Client.CreateIncomingWebhook(hook)
+	CheckNoError(t, resp)
+
+	th.LoginBasic()
+	_, resp = Client.CreateIncomingWebhook(hook)
+	CheckForbiddenStatus(t, resp)
+
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+	utils.SetDefaultRolesBasedOnConfig()
+
+	_, resp = Client.CreateIncomingWebhook(hook)
+	CheckNoError(t, resp)
+
+	utils.Cfg.ServiceSettings.EnableIncomingWebhooks = false
+	_, resp = Client.CreateIncomingWebhook(hook)
+	CheckNotImplementedStatus(t, resp)
+}
+
+func TestGetIncomingWebhooks(t *testing.T) {
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+	Client := th.Client
+
+	enableIncomingHooks := utils.Cfg.ServiceSettings.EnableIncomingWebhooks
+	enableAdminOnlyHooks := utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations
+	defer func() {
+		utils.Cfg.ServiceSettings.EnableIncomingWebhooks = enableIncomingHooks
+		utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = enableAdminOnlyHooks
+		utils.SetDefaultRolesBasedOnConfig()
+	}()
+	utils.Cfg.ServiceSettings.EnableIncomingWebhooks = true
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = true
+	utils.SetDefaultRolesBasedOnConfig()
+
+	hook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
+	rhook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook)
+	CheckNoError(t, resp)
+
+	hooks, resp := th.SystemAdminClient.GetIncomingWebhooks(0, 1000, "")
+	CheckNoError(t, resp)
+
+	found := false
+	for _, h := range hooks {
+		if rhook.Id == h.Id {
+			found = true
+		}
+	}
+
+	if !found {
+		t.Fatal("missing hook")
+	}
+
+	hooks, resp = th.SystemAdminClient.GetIncomingWebhooks(0, 1, "")
+	CheckNoError(t, resp)
+
+	if len(hooks) != 1 {
+		t.Fatal("should only be 1")
+	}
+
+	hooks, resp = th.SystemAdminClient.GetIncomingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "")
+	CheckNoError(t, resp)
+
+	found = false
+	for _, h := range hooks {
+		if rhook.Id == h.Id {
+			found = true
+		}
+	}
+
+	if !found {
+		t.Fatal("missing hook")
+	}
+
+	hooks, resp = th.SystemAdminClient.GetIncomingWebhooksForTeam(model.NewId(), 0, 1000, "")
+	CheckNoError(t, resp)
+
+	if len(hooks) != 0 {
+		t.Fatal("no hooks should be returned")
+	}
+
+	_, resp = Client.GetIncomingWebhooks(0, 1000, "")
+	CheckForbiddenStatus(t, resp)
+
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+	utils.SetDefaultRolesBasedOnConfig()
+
+	_, resp = Client.GetIncomingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "")
+	CheckNoError(t, resp)
+
+	_, resp = Client.GetIncomingWebhooksForTeam(model.NewId(), 0, 1000, "")
+	CheckForbiddenStatus(t, resp)
+
+	_, resp = Client.GetIncomingWebhooks(0, 1000, "")
+	CheckForbiddenStatus(t, resp)
+
+	Client.Logout()
+	_, resp = Client.GetIncomingWebhooks(0, 1000, "")
+	CheckUnauthorizedStatus(t, resp)
+}
-- 
cgit v1.2.3-1-g7c22