From d8d0716122be5eebab85b89f5a5a522fcaed3bd1 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Sun, 16 Apr 2017 22:49:57 +0200 Subject: [APIV4] POST /commands/{command_id}/regen_token for apiV4 (#6052) * implement POST /commands/{command_id}/regen_token for apiV4 * update comment --- api4/command.go | 38 ++++++++++++++++++++++++++++++++++++++ api4/command_test.go | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+) (limited to 'api4') diff --git a/api4/command.go b/api4/command.go index 5787d1132..f44363522 100644 --- a/api4/command.go +++ b/api4/command.go @@ -23,6 +23,7 @@ func InitCommand() { BaseRoutes.Command.Handle("", ApiSessionRequired(deleteCommand)).Methods("DELETE") BaseRoutes.Team.Handle("/commands/autocomplete", ApiSessionRequired(listAutocompleteCommands)).Methods("GET") + BaseRoutes.Command.Handle("/regen_token", ApiSessionRequired(regenCommandToken)).Methods("PUT") } func createCommand(c *Context, w http.ResponseWriter, r *http.Request) { @@ -201,3 +202,40 @@ func listAutocompleteCommands(c *Context, w http.ResponseWriter, r *http.Request w.Write([]byte(model.CommandListToJson(commands))) } + +func regenCommandToken(c *Context, w http.ResponseWriter, r *http.Request) { + c.RequireCommandId() + if c.Err != nil { + return + } + + c.LogAudit("attempt") + cmd, err := app.GetCommand(c.Params.CommandId) + if err != nil { + c.Err = err + return + } + + if !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_SLASH_COMMANDS) + return + } + + if c.Session.UserId != cmd.CreatorId && !app.SessionHasPermissionToTeam(c.Session, cmd.TeamId, model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) { + c.LogAudit("fail - inappropriate permissions") + c.SetPermissionError(model.PERMISSION_MANAGE_OTHERS_SLASH_COMMANDS) + return + } + + rcmd, err := app.RegenCommandToken(cmd) + if err != nil { + c.Err = err + return + } + + resp := make(map[string]string) + resp["token"] = rcmd.Token + + w.Write([]byte(model.MapToJson(resp))) +} diff --git a/api4/command_test.go b/api4/command_test.go index 5f3d77113..0aaca3c0f 100644 --- a/api4/command_test.go +++ b/api4/command_test.go @@ -345,3 +345,39 @@ func TestListAutocompleteCommands(t *testing.T) { } }) } + +func TestRegenToken(t *testing.T) { + th := Setup().InitBasic().InitSystemAdmin() + defer TearDown() + Client := th.Client + + enableCommands := *utils.Cfg.ServiceSettings.EnableCommands + defer func() { + utils.Cfg.ServiceSettings.EnableCommands = &enableCommands + }() + *utils.Cfg.ServiceSettings.EnableCommands = true + + newCmd := &model.Command{ + CreatorId: th.BasicUser.Id, + TeamId: th.BasicTeam.Id, + URL: "http://nowhere.com", + Method: model.COMMAND_METHOD_POST, + Trigger: "trigger"} + + createdCmd, resp := th.SystemAdminClient.CreateCommand(newCmd) + CheckNoError(t, resp) + CheckCreatedStatus(t, resp) + + token, resp := th.SystemAdminClient.RegenCommandToken(createdCmd.Id) + CheckNoError(t, resp) + if token == createdCmd.Token { + t.Fatal("should update the token") + } + + token, resp = Client.RegenCommandToken(createdCmd.Id) + CheckForbiddenStatus(t, resp) + if token != "" { + t.Fatal("should not return the token") + } + +} -- cgit v1.2.3-1-g7c22