From 6d8140337ef0f68f5177988f3c87bba5e4946399 Mon Sep 17 00:00:00 2001
From: Harrison Healey <harrisonmhealey@gmail.com>
Date: Mon, 18 Jun 2018 12:39:22 -0400
Subject: MM-8701 Limit the number of client config fields sent before user
 logs in (#8954)

* MM-8701 Limit the number of client config fields sent before user logs in

* Fixed missing client config field

* Reduced duplication between limited and regular client config
---
 api4/system.go      |   9 ++++-
 api4/system_test.go | 108 ++++++++++++++++++++++++++++++++++++++++++++--------
 2 files changed, 101 insertions(+), 16 deletions(-)

(limited to 'api4')

diff --git a/api4/system.go b/api4/system.go
index acb02bc3e..68f998d6d 100644
--- a/api4/system.go
+++ b/api4/system.go
@@ -250,7 +250,14 @@ func getClientConfig(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	w.Write([]byte(model.MapToJson(c.App.ClientConfigWithComputed())))
+	var config map[string]string
+	if *c.App.Config().ServiceSettings.ExperimentalLimitClientConfig && len(c.Session.UserId) == 0 {
+		config = c.App.LimitedClientConfigWithComputed()
+	} else {
+		config = c.App.ClientConfigWithComputed()
+	}
+
+	w.Write([]byte(model.MapToJson(config)))
 }
 
 func getEnvironmentConfig(c *Context, w http.ResponseWriter, r *http.Request) {
diff --git a/api4/system_test.go b/api4/system_test.go
index f46ae7436..f784a8be4 100644
--- a/api4/system_test.go
+++ b/api4/system_test.go
@@ -228,27 +228,105 @@ func TestGetEnvironmentConfig(t *testing.T) {
 func TestGetOldClientConfig(t *testing.T) {
 	th := Setup().InitBasic().InitSystemAdmin()
 	defer th.TearDown()
-	Client := th.Client
 
-	config, resp := Client.GetOldClientConfig("")
-	CheckNoError(t, resp)
+	testKey := "supersecretkey"
+	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.GoogleDeveloperKey = testKey })
 
-	if len(config["Version"]) == 0 {
-		t.Fatal("config not returned correctly")
-	}
+	t.Run("with session, without limited config", func(t *testing.T) {
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			cfg.ServiceSettings.GoogleDeveloperKey = testKey
+			*cfg.ServiceSettings.ExperimentalLimitClientConfig = false
+		})
 
-	Client.Logout()
+		Client := th.Client
 
-	_, resp = Client.GetOldClientConfig("")
-	CheckNoError(t, resp)
+		config, resp := Client.GetOldClientConfig("")
+		CheckNoError(t, resp)
 
-	if _, err := Client.DoApiGet("/config/client", ""); err == nil || err.StatusCode != http.StatusNotImplemented {
-		t.Fatal("should have errored with 501")
-	}
+		if len(config["Version"]) == 0 {
+			t.Fatal("config not returned correctly")
+		}
 
-	if _, err := Client.DoApiGet("/config/client?format=junk", ""); err == nil || err.StatusCode != http.StatusBadRequest {
-		t.Fatal("should have errored with 400")
-	}
+		if config["GoogleDeveloperKey"] != testKey {
+			t.Fatal("config missing developer key")
+		}
+	})
+
+	t.Run("without session, without limited config", func(t *testing.T) {
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			cfg.ServiceSettings.GoogleDeveloperKey = testKey
+			*cfg.ServiceSettings.ExperimentalLimitClientConfig = false
+		})
+
+		Client := th.CreateClient()
+
+		config, resp := Client.GetOldClientConfig("")
+		CheckNoError(t, resp)
+
+		if len(config["Version"]) == 0 {
+			t.Fatal("config not returned correctly")
+		}
+
+		if config["GoogleDeveloperKey"] != testKey {
+			t.Fatal("config missing developer key")
+		}
+	})
+
+	t.Run("with session, with limited config", func(t *testing.T) {
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			cfg.ServiceSettings.GoogleDeveloperKey = testKey
+			*cfg.ServiceSettings.ExperimentalLimitClientConfig = true
+		})
+
+		Client := th.Client
+
+		config, resp := Client.GetOldClientConfig("")
+		CheckNoError(t, resp)
+
+		if len(config["Version"]) == 0 {
+			t.Fatal("config not returned correctly")
+		}
+
+		if config["GoogleDeveloperKey"] != testKey {
+			t.Fatal("config missing developer key")
+		}
+	})
+
+	t.Run("without session, without limited config", func(t *testing.T) {
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			cfg.ServiceSettings.GoogleDeveloperKey = testKey
+			*cfg.ServiceSettings.ExperimentalLimitClientConfig = true
+		})
+
+		Client := th.CreateClient()
+
+		config, resp := Client.GetOldClientConfig("")
+		CheckNoError(t, resp)
+
+		if len(config["Version"]) == 0 {
+			t.Fatal("config not returned correctly")
+		}
+
+		if _, ok := config["GoogleDeveloperKey"]; ok {
+			t.Fatal("config should be missing developer key")
+		}
+	})
+
+	t.Run("missing format", func(t *testing.T) {
+		Client := th.Client
+
+		if _, err := Client.DoApiGet("/config/client", ""); err == nil || err.StatusCode != http.StatusNotImplemented {
+			t.Fatal("should have errored with 501")
+		}
+	})
+
+	t.Run("invalid format", func(t *testing.T) {
+		Client := th.Client
+
+		if _, err := Client.DoApiGet("/config/client?format=junk", ""); err == nil || err.StatusCode != http.StatusBadRequest {
+			t.Fatal("should have errored with 400")
+		}
+	})
 }
 
 func TestGetOldClientLicense(t *testing.T) {
-- 
cgit v1.2.3-1-g7c22