From 98186e5018bbc604796d4f9762c93f4f75e2913f Mon Sep 17 00:00:00 2001 From: JoramWilander Date: Mon, 21 Sep 2015 14:22:23 -0400 Subject: Implement incoming webhooks. --- api/api.go | 1 + api/channel.go | 6 +- api/web_socket_test.go | 9 --- api/webhook.go | 119 ++++++++++++++++++++++++++++++++++++ api/webhook_test.go | 162 +++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 283 insertions(+), 14 deletions(-) create mode 100644 api/webhook.go create mode 100644 api/webhook_test.go (limited to 'api') diff --git a/api/api.go b/api/api.go index c8f97c5af..a50cce946 100644 --- a/api/api.go +++ b/api/api.go @@ -44,6 +44,7 @@ func InitApi() { InitCommand(r) InitAdmin(r) InitOAuth(r) + InitWebhook(r) templatesDir := utils.FindDir("api/templates") l4g.Debug("Parsing server templates at %v", templatesDir) diff --git a/api/channel.go b/api/channel.go index 63acaa8d1..896e22793 100644 --- a/api/channel.go +++ b/api/channel.go @@ -121,11 +121,7 @@ func CreateDirectChannel(c *Context, otherUserId string) (*model.Channel, *model channel := new(model.Channel) channel.DisplayName = "" - if otherUserId > c.Session.UserId { - channel.Name = c.Session.UserId + "__" + otherUserId - } else { - channel.Name = otherUserId + "__" + c.Session.UserId - } + channel.Name = model.GetDMNameFromIds(otherUserId, c.Session.UserId) channel.TeamId = c.Session.TeamId channel.Description = "" diff --git a/api/web_socket_test.go b/api/web_socket_test.go index 161274ff7..7f9ce024b 100644 --- a/api/web_socket_test.go +++ b/api/web_socket_test.go @@ -116,12 +116,3 @@ func TestSocket(t *testing.T) { time.Sleep(2 * time.Second) } - -func TestZZWebSocketTearDown(t *testing.T) { - // *IMPORTANT* - Kind of hacky - // This should be the last function in any test file - // that calls Setup() - // Should be in the last file too sorted by name - time.Sleep(2 * time.Second) - TearDown() -} diff --git a/api/webhook.go b/api/webhook.go new file mode 100644 index 000000000..9ca725d45 --- /dev/null +++ b/api/webhook.go @@ -0,0 +1,119 @@ +// Copyright (c) 2015 Spinpunch, Inc. All Rights Reserved. +// See License.txt for license information. + +package api + +import ( + l4g "code.google.com/p/log4go" + "github.com/gorilla/mux" + "github.com/mattermost/platform/model" + "github.com/mattermost/platform/utils" + "net/http" +) + +func InitWebhook(r *mux.Router) { + l4g.Debug("Initializing webhook api routes") + + sr := r.PathPrefix("/hooks").Subrouter() + sr.Handle("/incoming/create", ApiUserRequired(createIncomingHook)).Methods("POST") + sr.Handle("/incoming/delete", ApiUserRequired(deleteIncomingHook)).Methods("POST") + sr.Handle("/incoming/list", ApiUserRequired(getIncomingHooks)).Methods("GET") +} + +func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.AllowIncomingWebhooks { + c.Err = model.NewAppError("createIncomingHook", "Incoming webhooks have been disabled by the system admin.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } + + c.LogAudit("attempt") + + hook := model.IncomingWebhookFromJson(r.Body) + + if hook == nil { + c.SetInvalidParam("createIncomingHook", "webhook") + return + } + + cchan := Srv.Store.Channel().Get(hook.ChannelId) + pchan := Srv.Store.Channel().CheckPermissionsTo(c.Session.TeamId, hook.ChannelId, c.Session.UserId) + + hook.UserId = c.Session.UserId + hook.TeamId = c.Session.TeamId + + var channel *model.Channel + if result := <-cchan; result.Err != nil { + c.Err = result.Err + return + } else { + channel = result.Data.(*model.Channel) + } + + if !c.HasPermissionsToChannel(pchan, "createIncomingHook") && channel.Type != model.CHANNEL_OPEN { + c.LogAudit("fail - bad channel permissions") + return + } + + if result := <-Srv.Store.Webhook().SaveIncoming(hook); result.Err != nil { + c.Err = result.Err + return + } else { + c.LogAudit("success") + rhook := result.Data.(*model.IncomingWebhook) + w.Write([]byte(rhook.ToJson())) + } +} + +func deleteIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.AllowIncomingWebhooks { + c.Err = model.NewAppError("createIncomingHook", "Incoming webhooks have been disabled by the system admin.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } + + c.LogAudit("attempt") + + props := model.MapFromJson(r.Body) + + id := props["id"] + if len(id) == 0 { + c.SetInvalidParam("deleteIncomingHook", "id") + return + } + + if result := <-Srv.Store.Webhook().GetIncoming(id); result.Err != nil { + c.Err = result.Err + return + } else { + if c.Session.UserId != result.Data.(*model.IncomingWebhook).UserId && !model.IsInRole(c.Session.Roles, model.ROLE_TEAM_ADMIN) { + c.LogAudit("fail - inappropriate conditions") + c.Err = model.NewAppError("deleteIncomingHook", "Inappropriate permissions to delete incoming webhook", "user_id="+c.Session.UserId) + return + } + } + + if err := (<-Srv.Store.Webhook().DeleteIncoming(id, model.GetMillis())).Err; err != nil { + c.Err = err + return + } + + c.LogAudit("success") + w.Write([]byte(model.MapToJson(props))) +} + +func getIncomingHooks(c *Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.AllowIncomingWebhooks { + c.Err = model.NewAppError("createIncomingHook", "Incoming webhooks have been disabled by the system admin.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } + + if result := <-Srv.Store.Webhook().GetIncomingByUser(c.Session.UserId); result.Err != nil { + c.Err = result.Err + return + } else { + hooks := result.Data.([]*model.IncomingWebhook) + w.Write([]byte(model.IncomingWebhookListToJson(hooks))) + } +} diff --git a/api/webhook_test.go b/api/webhook_test.go new file mode 100644 index 000000000..fd4c723b7 --- /dev/null +++ b/api/webhook_test.go @@ -0,0 +1,162 @@ +// Copyright (c) 2015 Spinpunch, Inc. All Rights Reserved. +// See License.txt for license information. + +package api + +import ( + "github.com/mattermost/platform/model" + "github.com/mattermost/platform/store" + "github.com/mattermost/platform/utils" + "testing" + "time" +) + +func TestCreateIncomingHook(t *testing.T) { + Setup() + + team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} + team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) + + user := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"} + user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User) + store.Must(Srv.Store.User().VerifyEmail(user.Id)) + + Client.LoginByEmail(team.Name, user.Email, "pwd") + + channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} + channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) + + channel2 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} + channel2 = Client.Must(Client.CreateChannel(channel2)).Data.(*model.Channel) + + hook := &model.IncomingWebhook{ChannelId: channel1.Id} + + if utils.Cfg.ServiceSettings.AllowIncomingWebhooks { + var rhook *model.IncomingWebhook + if result, err := Client.CreateIncomingWebhook(hook); err != nil { + t.Fatal(err) + } else { + rhook = result.Data.(*model.IncomingWebhook) + } + + if hook.ChannelId != rhook.ChannelId { + t.Fatal("channel ids didn't match") + } + + if rhook.UserId != user.Id { + t.Fatal("user ids didn't match") + } + + if rhook.TeamId != team.Id { + t.Fatal("team ids didn't match") + } + + hook = &model.IncomingWebhook{ChannelId: "junk"} + if _, err := Client.CreateIncomingWebhook(hook); err == nil { + t.Fatal("should have failed - bad channel id") + } + + hook = &model.IncomingWebhook{ChannelId: channel2.Id, UserId: "123", TeamId: "456"} + if result, err := Client.CreateIncomingWebhook(hook); err != nil { + t.Fatal(err) + } else { + if result.Data.(*model.IncomingWebhook).UserId != user.Id { + t.Fatal("bad user id wasn't overwritten") + } + if result.Data.(*model.IncomingWebhook).TeamId != team.Id { + t.Fatal("bad team id wasn't overwritten") + } + } + } else { + if _, err := Client.CreateIncomingWebhook(hook); err == nil { + t.Fatal("should have errored - webhooks turned off") + } + } +} + +func TestListIncomingHooks(t *testing.T) { + Setup() + + team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} + team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) + + user := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"} + user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User) + store.Must(Srv.Store.User().VerifyEmail(user.Id)) + + Client.LoginByEmail(team.Name, user.Email, "pwd") + + channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} + channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) + + if utils.Cfg.ServiceSettings.AllowIncomingWebhooks { + hook1 := &model.IncomingWebhook{ChannelId: channel1.Id} + hook1 = Client.Must(Client.CreateIncomingWebhook(hook1)).Data.(*model.IncomingWebhook) + + hook2 := &model.IncomingWebhook{ChannelId: channel1.Id} + hook2 = Client.Must(Client.CreateIncomingWebhook(hook2)).Data.(*model.IncomingWebhook) + + if result, err := Client.ListIncomingWebhooks(); err != nil { + t.Fatal(err) + } else { + hooks := result.Data.([]*model.IncomingWebhook) + + if len(hooks) != 2 { + t.Fatal("incorrect number of hooks") + } + } + } else { + if _, err := Client.ListIncomingWebhooks(); err == nil { + t.Fatal("should have errored - webhooks turned off") + } + } +} + +func TestDeleteIncomingHook(t *testing.T) { + Setup() + + team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN} + team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) + + user := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"} + user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User) + store.Must(Srv.Store.User().VerifyEmail(user.Id)) + + Client.LoginByEmail(team.Name, user.Email, "pwd") + + channel1 := &model.Channel{DisplayName: "Test API Name", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id} + channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel) + + if utils.Cfg.ServiceSettings.AllowIncomingWebhooks { + hook := &model.IncomingWebhook{ChannelId: channel1.Id} + hook = Client.Must(Client.CreateIncomingWebhook(hook)).Data.(*model.IncomingWebhook) + + data := make(map[string]string) + data["id"] = hook.Id + + if _, err := Client.DeleteIncomingWebhook(data); err != nil { + t.Fatal(err) + } + + hooks := Client.Must(Client.ListIncomingWebhooks()).Data.([]*model.IncomingWebhook) + if len(hooks) != 0 { + t.Fatal("delete didn't work properly") + } + } else { + data := make(map[string]string) + data["id"] = "123" + + if _, err := Client.DeleteIncomingWebhook(data); err == nil { + t.Fatal("should have errored - webhooks turned off") + } + } +} + +func TestZZWebSocketTearDown(t *testing.T) { + // *IMPORTANT* - Kind of hacky + // This should be the last function in any test file + // that calls Setup() + // Should be in the last file too sorted by name + time.Sleep(2 * time.Second) + TearDown() +} -- cgit v1.2.3-1-g7c22