From 1885d2ec2ab6870b735f08752f5354e9f624d87f Mon Sep 17 00:00:00 2001 From: JoramWilander Date: Tue, 8 Aug 2017 16:20:07 -0400 Subject: Minor updates to team --- api/team.go | 2 +- api/team_test.go | 24 ++++++++++++++++++------ 2 files changed, 19 insertions(+), 7 deletions(-) (limited to 'api') diff --git a/api/team.go b/api/team.go index c7fa61df6..a2ac50116 100644 --- a/api/team.go +++ b/api/team.go @@ -235,7 +235,7 @@ func getTeamByName(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } else { - if team.Type != model.TEAM_OPEN && c.Session.GetTeamByTeamId(team.Id) == nil { + if (!team.AllowOpenInvite || team.Type != model.TEAM_OPEN) && c.Session.GetTeamByTeamId(team.Id) == nil { if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) { c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM) return diff --git a/api/team_test.go b/api/team_test.go index e09bf42ef..14c9311a3 100644 --- a/api/team_test.go +++ b/api/team_test.go @@ -787,12 +787,15 @@ func TestGetTeamByName(t *testing.T) { th := Setup().InitSystemAdmin().InitBasic() Client := th.BasicClient - team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_INVITE} + team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN, AllowOpenInvite: false} team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team) - team2 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN} + team2 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN, AllowOpenInvite: true} team2 = Client.Must(Client.CreateTeam(team2)).Data.(*model.Team) + team3 := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_INVITE, AllowOpenInvite: true} + team3 = Client.Must(Client.CreateTeam(team3)).Data.(*model.Team) + if _, err := Client.GetTeamByName(team.Name); err != nil { t.Fatal("Failed to get team") } @@ -813,7 +816,7 @@ func TestGetTeamByName(t *testing.T) { Client.Login(user2.Email, "passwd1") - // TEAM_INVITE and user is not part of the team + // AllowInviteOpen is false and team is open and user is not part of the team if _, err := Client.GetTeamByName(team.Name); err == nil { t.Fatal("Should fail dont have permissions to get the team") } @@ -822,21 +825,30 @@ func TestGetTeamByName(t *testing.T) { t.Fatal("Should not exist this team") } - // TEAM_OPEN and user is not part of the team + // AllowInviteOpen is true and is open and user is not part of the team if _, err := Client.GetTeamByName(team2.Name); err != nil { t.Fatal("Should not fail team is open") } + // AllowInviteOpen is true and is invite only and user is not part of the team + if _, err := Client.GetTeamByName(team3.Name); err == nil { + t.Fatal("Should fail team is invite only") + } + Client.Must(Client.Logout()) th.BasicClient.Logout() th.LoginSystemAdmin() if _, err := th.SystemAdminClient.GetTeamByName(team.Name); err != nil { - t.Fatal("Should not failed to get team the user is admin") + t.Fatal("Should not fail to get team the user is admin") } if _, err := th.SystemAdminClient.GetTeamByName(team2.Name); err != nil { - t.Fatal("Should not failed to get team the user is admin and team is open") + t.Fatal("Should not fail to get team the user is admin and team is open") + } + + if _, err := th.SystemAdminClient.GetTeamByName(team3.Name); err != nil { + t.Fatal("Should not fail to get team the user is admin and team is invite") } if _, err := Client.GetTeamByName("InvalidTeamName"); err == nil { -- cgit v1.2.3-1-g7c22 From 638c38cc0d2296335a0fbd5bde8b6d2cbf9f9062 Mon Sep 17 00:00:00 2001 From: George Goldberg Date: Fri, 11 Aug 2017 18:20:10 +0100 Subject: PLT-7336: Fix team API endpoints. --- api/team.go | 6 +++--- api/team_test.go | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) (limited to 'api') diff --git a/api/team.go b/api/team.go index a2ac50116..b1fcdfd78 100644 --- a/api/team.go +++ b/api/team.go @@ -22,11 +22,11 @@ func InitTeam() { l4g.Debug(utils.T("api.team.init.debug")) BaseRoutes.Teams.Handle("/create", ApiUserRequired(createTeam)).Methods("POST") - BaseRoutes.Teams.Handle("/all", ApiAppHandler(getAll)).Methods("GET") + BaseRoutes.Teams.Handle("/all", ApiUserRequired(getAll)).Methods("GET") BaseRoutes.Teams.Handle("/all_team_listings", ApiUserRequired(GetAllTeamListings)).Methods("GET") BaseRoutes.Teams.Handle("/get_invite_info", ApiAppHandler(getInviteInfo)).Methods("POST") - BaseRoutes.Teams.Handle("/find_team_by_name", ApiAppHandler(findTeamByName)).Methods("POST") - BaseRoutes.Teams.Handle("/name/{team_name:[A-Za-z0-9\\-]+}", ApiAppHandler(getTeamByName)).Methods("GET") + BaseRoutes.Teams.Handle("/find_team_by_name", ApiUserRequired(findTeamByName)).Methods("POST") + BaseRoutes.Teams.Handle("/name/{team_name:[A-Za-z0-9\\-]+}", ApiUserRequired(getTeamByName)).Methods("GET") BaseRoutes.Teams.Handle("/members", ApiUserRequired(getMyTeamMembers)).Methods("GET") BaseRoutes.Teams.Handle("/unread", ApiUserRequired(getMyTeamsUnread)).Methods("GET") diff --git a/api/team_test.go b/api/team_test.go index 14c9311a3..3c05588ce 100644 --- a/api/team_test.go +++ b/api/team_test.go @@ -239,6 +239,11 @@ func TestGetAllTeams(t *testing.T) { } else if receivedTeam, ok := teams[team.Id]; !ok || receivedTeam.Id != team.Id { t.Fatal("admin should've received team that they aren't a member of") } + + Client.Logout() + if _, err := Client.GetAllTeams(); err == nil { + t.Fatal("Should have failed due to not being logged in.") + } } func TestGetAllTeamListings(t *testing.T) { @@ -855,4 +860,18 @@ func TestGetTeamByName(t *testing.T) { t.Fatal("Should not exist this team") } + Client.Logout() + if _, err := Client.GetTeamByName(th.BasicTeam.Name); err == nil { + t.Fatal("Should have failed when not logged in.") + } +} + +func TestFindTeamByName(t *testing.T) { + th := Setup().InitBasic() + Client := th.BasicClient + Client.Logout() + + if _, err := Client.FindTeamByName(th.BasicTeam.Name); err == nil { + t.Fatal("Should have failed when not logged in.") + } } -- cgit v1.2.3-1-g7c22 From 0033e3e37b12cb5d951d21492500d66a6abc472b Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Tue, 15 Aug 2017 16:25:36 -0400 Subject: PLT-7408 Move webhook handling into api4 package to fix EnableAPIv3 config setting (#7219) * Move webhook handling into api4 package to fix EnableAPIv3 config setting * Fix unit test --- api/webhook.go | 52 ---------------------------------------------------- 1 file changed, 52 deletions(-) (limited to 'api') diff --git a/api/webhook.go b/api/webhook.go index c17b5bc56..204df6b31 100644 --- a/api/webhook.go +++ b/api/webhook.go @@ -4,12 +4,9 @@ package api import ( - "io" "net/http" - "strings" l4g "github.com/alecthomas/log4go" - "github.com/gorilla/mux" "github.com/mattermost/platform/app" "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" @@ -28,12 +25,6 @@ func InitWebhook() { BaseRoutes.Hooks.Handle("/outgoing/regen_token", ApiUserRequired(regenOutgoingHookToken)).Methods("POST") BaseRoutes.Hooks.Handle("/outgoing/delete", ApiUserRequired(deleteOutgoingHook)).Methods("POST") BaseRoutes.Hooks.Handle("/outgoing/list", ApiUserRequired(getOutgoingHooks)).Methods("GET") - - BaseRoutes.Hooks.Handle("/{id:[A-Za-z0-9]+}", ApiAppHandler(incomingWebhook)).Methods("POST") - - // Old route. Remove eventually. - mr := app.Srv.Router - mr.Handle("/hooks/{id:[A-Za-z0-9]+}", ApiAppHandler(incomingWebhook)).Methods("POST") } func createIncomingHook(c *Context, w http.ResponseWriter, r *http.Request) { @@ -340,46 +331,3 @@ func regenOutgoingHookToken(c *Context, w http.ResponseWriter, r *http.Request) w.Write([]byte(rhook.ToJson())) } } - -func incomingWebhook(c *Context, w http.ResponseWriter, r *http.Request) { - params := mux.Vars(r) - id := params["id"] - - r.ParseForm() - - var payload io.Reader - contentType := r.Header.Get("Content-Type") - if strings.Split(contentType, "; ")[0] == "application/x-www-form-urlencoded" { - payload = strings.NewReader(r.FormValue("payload")) - } else { - payload = r.Body - } - - if utils.Cfg.LogSettings.EnableWebhookDebugging { - var err error - payload, err = utils.DebugReader( - payload, - utils.T("api.webhook.incoming.debug"), - ) - if err != nil { - c.Err = model.NewLocAppError( - "incomingWebhook", - "api.webhook.incoming.debug.error", - nil, - err.Error(), - ) - return - } - } - - parsedRequest := model.IncomingWebhookRequestFromJson(payload) - - err := app.HandleIncomingWebhook(id, parsedRequest) - if err != nil { - c.Err = err - return - } - - w.Header().Set("Content-Type", "text/plain") - w.Write([]byte("ok")) -} -- cgit v1.2.3-1-g7c22