// Copyright (c) 2017 Mattermost, Inc. All Rights Reserved. // See License.txt for license information. package api4 import ( "net/http" "strconv" "testing" "github.com/mattermost/platform/model" "github.com/mattermost/platform/utils" ) func TestCreateUser(t *testing.T) { th := Setup().InitBasic() defer TearDown() Client := th.Client user := model.User{Email: GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.ROLE_SYSTEM_ADMIN.Id + " " + model.ROLE_SYSTEM_USER.Id} ruser, resp := Client.CreateUser(&user) CheckNoError(t, resp) Client.Login(user.Email, user.Password) if ruser.Nickname != user.Nickname { t.Fatal("nickname didn't match") } if ruser.Roles != model.ROLE_SYSTEM_USER.Id { t.Log(ruser.Roles) t.Fatal("did not clear roles") } CheckUserSanitization(t, ruser) _, resp = Client.CreateUser(ruser) CheckBadRequestStatus(t, resp) ruser.Id = "" ruser.Username = GenerateTestUsername() ruser.Password = "passwd1" _, resp = Client.CreateUser(ruser) CheckErrorMessage(t, resp, "store.sql_user.save.email_exists.app_error") CheckBadRequestStatus(t, resp) ruser.Email = GenerateTestEmail() ruser.Username = user.Username _, resp = Client.CreateUser(ruser) CheckErrorMessage(t, resp, "store.sql_user.save.username_exists.app_error") CheckBadRequestStatus(t, resp) ruser.Email = "" _, resp = Client.CreateUser(ruser) CheckErrorMessage(t, resp, "model.user.is_valid.email.app_error") CheckBadRequestStatus(t, resp) if r, err := Client.DoApiPost("/users", "garbage"); err == nil { t.Fatal("should have errored") } else { if r.StatusCode != http.StatusBadRequest { t.Log("actual: " + strconv.Itoa(r.StatusCode)) t.Log("expected: " + strconv.Itoa(http.StatusBadRequest)) t.Fatal("wrong status code") } } } func TestGetUser(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() Client := th.Client user := th.CreateUser() ruser, resp := Client.GetUser(user.Id, "") CheckNoError(t, resp) CheckUserSanitization(t, ruser) if ruser.Email != user.Email { t.Fatal("emails did not match") } ruser, resp = Client.GetUser(user.Id, resp.Etag) CheckEtag(t, ruser, resp) _, resp = Client.GetUser("junk", "") CheckBadRequestStatus(t, resp) _, resp = Client.GetUser(model.NewId(), "") CheckNotFoundStatus(t, resp) // Check against privacy config settings emailPrivacy := utils.Cfg.PrivacySettings.ShowEmailAddress namePrivacy := utils.Cfg.PrivacySettings.ShowFullName defer func() { utils.Cfg.PrivacySettings.ShowEmailAddress = emailPrivacy utils.Cfg.PrivacySettings.ShowFullName = namePrivacy }() utils.Cfg.PrivacySettings.ShowEmailAddress = false utils.Cfg.PrivacySettings.ShowFullName = false ruser, resp = Client.GetUser(user.Id, "") CheckNoError(t, resp) if ruser.Email != "" { t.Fatal("email should be blank") } if ruser.FirstName != "" { t.Fatal("first name should be blank") } if ruser.LastName != "" { t.Fatal("last name should be blank") } Client.Logout() _, resp = Client.GetUser(user.Id, "") CheckUnauthorizedStatus(t, resp) // System admins should ignore privacy settings ruser, resp = th.SystemAdminClient.GetUser(user.Id, resp.Etag) if ruser.Email == "" { t.Fatal("email should not be blank") } if ruser.FirstName == "" { t.Fatal("first name should not be blank") } if ruser.LastName == "" { t.Fatal("last name should not be blank") } } func TestGetUserByEmail(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() Client := th.Client user := th.CreateUser() ruser, resp := Client.GetUserByEmail(user.Email, "") CheckNoError(t, resp) CheckUserSanitization(t, ruser) if ruser.Email != user.Email { t.Fatal("emails did not match") } ruser, resp = Client.GetUserByEmail(user.Email, resp.Etag) CheckEtag(t, ruser, resp) _, resp = Client.GetUserByEmail(GenerateTestUsername(), "") CheckBadRequestStatus(t, resp) _, resp = Client.GetUserByEmail(GenerateTestEmail(), "") CheckNotFoundStatus(t, resp) // Check against privacy config settings emailPrivacy := utils.Cfg.PrivacySettings.ShowEmailAddress namePrivacy := utils.Cfg.PrivacySettings.ShowFullName defer func() { utils.Cfg.PrivacySettings.ShowEmailAddress = emailPrivacy utils.Cfg.PrivacySettings.ShowFullName = namePrivacy }() utils.Cfg.PrivacySettings.ShowEmailAddress = false utils.Cfg.PrivacySettings.ShowFullName = false ruser, resp = Client.GetUserByEmail(user.Email, "") CheckNoError(t, resp) if ruser.Email != "" { t.Fatal("email should be blank") } if ruser.FirstName != "" { t.Fatal("first name should be blank") } if ruser.LastName != "" { t.Fatal("last name should be blank") } Client.Logout() _, resp = Client.GetUserByEmail(user.Email, "") CheckUnauthorizedStatus(t, resp) // System admins should ignore privacy settings ruser, resp = th.SystemAdminClient.GetUserByEmail(user.Email, resp.Etag) if ruser.Email == "" { t.Fatal("email should not be blank") } if ruser.FirstName == "" { t.Fatal("first name should not be blank") } if ruser.LastName == "" { t.Fatal("last name should not be blank") } } func TestGetUsersByIds(t *testing.T) { th := Setup().InitBasic() Client := th.Client users, resp := Client.GetUsersByIds([]string{th.BasicUser.Id}) CheckNoError(t, resp) if users[0].Id != th.BasicUser.Id { t.Fatal("returned wrong user") } CheckUserSanitization(t, users[0]) _, resp = Client.GetUsersByIds([]string{}) CheckBadRequestStatus(t, resp) users, resp = Client.GetUsersByIds([]string{"junk"}) CheckNoError(t, resp) if len(users) > 0 { t.Fatal("no users should be returned") } users, resp = Client.GetUsersByIds([]string{"junk", th.BasicUser.Id}) CheckNoError(t, resp) if len(users) != 1 { t.Fatal("1 user should be returned") } Client.Logout() _, resp = Client.GetUsersByIds([]string{th.BasicUser.Id}) CheckUnauthorizedStatus(t, resp) } func TestUpdateUser(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() Client := th.Client user := th.CreateUser() Client.Login(user.Email, user.Password) user.Nickname = "Joram Wilander" user.Roles = model.ROLE_SYSTEM_ADMIN.Id user.LastPasswordUpdate = 123 ruser, resp := Client.UpdateUser(user) CheckNoError(t, resp) CheckUserSanitization(t, ruser) if ruser.Nickname != "Joram Wilander" { t.Fatal("Nickname did not update properly") } if ruser.Roles != model.ROLE_SYSTEM_USER.Id { t.Fatal("Roles should not have updated") } if ruser.LastPasswordUpdate == 123 { t.Fatal("LastPasswordUpdate should not have updated") } ruser.Id = "junk" _, resp = Client.UpdateUser(ruser) CheckBadRequestStatus(t, resp) ruser.Id = model.NewId() _, resp = Client.UpdateUser(ruser) CheckForbiddenStatus(t, resp) if r, err := Client.DoApiPut("/users/"+ruser.Id, "garbage"); err == nil { t.Fatal("should have errored") } else { if r.StatusCode != http.StatusBadRequest { t.Log("actual: " + strconv.Itoa(r.StatusCode)) t.Log("expected: " + strconv.Itoa(http.StatusBadRequest)) t.Fatal("wrong status code") } } Client.Logout() _, resp = Client.UpdateUser(user) CheckUnauthorizedStatus(t, resp) th.LoginBasic() _, resp = Client.UpdateUser(user) CheckForbiddenStatus(t, resp) _, resp = th.SystemAdminClient.UpdateUser(user) CheckNoError(t, resp) } func TestDeleteUser(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() Client := th.Client user := th.BasicUser th.LoginBasic() testUser := th.SystemAdminUser _, resp := Client.DeleteUser(testUser.Id) CheckForbiddenStatus(t, resp) Client.Logout() _, resp = Client.DeleteUser(user.Id) CheckUnauthorizedStatus(t, resp) Client.Login(testUser.Email, testUser.Password) user.Id = model.NewId() _, resp = Client.DeleteUser(user.Id) CheckNotFoundStatus(t, resp) user.Id = "junk" _, resp = Client.DeleteUser(user.Id) CheckBadRequestStatus(t, resp) _, resp = Client.DeleteUser(testUser.Id) CheckNoError(t, resp) } func TestUpdateUserRoles(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() Client := th.Client SystemAdminClient := th.SystemAdminClient _, resp := Client.UpdateUserRoles(th.SystemAdminUser.Id, model.ROLE_SYSTEM_USER.Id) CheckForbiddenStatus(t, resp) _, resp = SystemAdminClient.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id) CheckNoError(t, resp) _, resp = SystemAdminClient.UpdateUserRoles(th.BasicUser.Id, model.ROLE_SYSTEM_USER.Id+" "+model.ROLE_SYSTEM_ADMIN.Id) CheckNoError(t, resp) _, resp = SystemAdminClient.UpdateUserRoles(th.BasicUser.Id, "junk") CheckBadRequestStatus(t, resp) _, resp = SystemAdminClient.UpdateUserRoles("junk", model.ROLE_SYSTEM_USER.Id) CheckBadRequestStatus(t, resp) _, resp = SystemAdminClient.UpdateUserRoles(model.NewId(), model.ROLE_SYSTEM_USER.Id) CheckBadRequestStatus(t, resp) } func TestGetUsers(t *testing.T) { th := Setup().InitBasic() defer TearDown() Client := th.Client rusers, resp := Client.GetUsers(0, 60, "") CheckNoError(t, resp) for _, u := range rusers { CheckUserSanitization(t, u) } rusers, resp = Client.GetUsers(0, 60, resp.Etag) CheckEtag(t, rusers, resp) rusers, resp = Client.GetUsers(0, 1, "") CheckNoError(t, resp) if len(rusers) != 1 { t.Fatal("should be 1 per page") } rusers, resp = Client.GetUsers(1, 1, "") CheckNoError(t, resp) if len(rusers) != 1 { t.Fatal("should be 1 per page") } rusers, resp = Client.GetUsers(10000, 100, "") CheckNoError(t, resp) if len(rusers) != 0 { t.Fatal("should be no users") } // Check default params for page and per_page if _, err := Client.DoApiGet("/users", ""); err != nil { t.Fatal("should not have errored") } Client.Logout() _, resp = Client.GetUsers(0, 60, "") CheckUnauthorizedStatus(t, resp) } func TestGetUsersInTeam(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() Client := th.Client teamId := th.BasicTeam.Id rusers, resp := Client.GetUsersInTeam(teamId, 0, 60, "") CheckNoError(t, resp) for _, u := range rusers { CheckUserSanitization(t, u) } rusers, resp = Client.GetUsersInTeam(teamId, 0, 60, resp.Etag) CheckEtag(t, rusers, resp) rusers, resp = Client.GetUsersInTeam(teamId, 0, 1, "") CheckNoError(t, resp) if len(rusers) != 1 { t.Fatal("should be 1 per page") } rusers, resp = Client.GetUsersInTeam(teamId, 1, 1, "") CheckNoError(t, resp) if len(rusers) != 1 { t.Fatal("should be 1 per page") } rusers, resp = Client.GetUsersInTeam(teamId, 10000, 100, "") CheckNoError(t, resp) if len(rusers) != 0 { t.Fatal("should be no users") } Client.Logout() _, resp = Client.GetUsersInTeam(teamId, 0, 60, "") CheckUnauthorizedStatus(t, resp) user := th.CreateUser() Client.Login(user.Email, user.Password) _, resp = Client.GetUsersInTeam(teamId, 0, 60, "") CheckForbiddenStatus(t, resp) _, resp = th.SystemAdminClient.GetUsersInTeam(teamId, 0, 60, "") CheckNoError(t, resp) } func TestGetUsersInChannel(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() Client := th.Client channelId := th.BasicChannel.Id rusers, resp := Client.GetUsersInChannel(channelId, 0, 60, "") CheckNoError(t, resp) for _, u := range rusers { CheckUserSanitization(t, u) } rusers, resp = Client.GetUsersInChannel(channelId, 0, 1, "") CheckNoError(t, resp) if len(rusers) != 1 { t.Fatal("should be 1 per page") } rusers, resp = Client.GetUsersInChannel(channelId, 1, 1, "") CheckNoError(t, resp) if len(rusers) != 1 { t.Fatal("should be 1 per page") } rusers, resp = Client.GetUsersInChannel(channelId, 10000, 100, "") CheckNoError(t, resp) if len(rusers) != 0 { t.Fatal("should be no users") } Client.Logout() _, resp = Client.GetUsersInChannel(channelId, 0, 60, "") CheckUnauthorizedStatus(t, resp) user := th.CreateUser() Client.Login(user.Email, user.Password) _, resp = Client.GetUsersInChannel(channelId, 0, 60, "") CheckForbiddenStatus(t, resp) _, resp = th.SystemAdminClient.GetUsersInChannel(channelId, 0, 60, "") CheckNoError(t, resp) } func TestGetUsersNotInChannel(t *testing.T) { th := Setup().InitBasic().InitSystemAdmin() defer TearDown() Client := th.Client teamId := th.BasicTeam.Id channelId := th.BasicChannel.Id user := th.CreateUser() LinkUserToTeam(user, th.BasicTeam) rusers, resp := Client.GetUsersNotInChannel(teamId, channelId, 0, 60, "") CheckNoError(t, resp) for _, u := range rusers { CheckUserSanitization(t, u) } rusers, resp = Client.GetUsersNotInChannel(teamId, channelId, 0, 1, "") CheckNoError(t, resp) if len(rusers) != 1 { t.Log(len(rusers)) t.Fatal("should be 1 per page") } rusers, resp = Client.GetUsersNotInChannel(teamId, channelId, 10000, 100, "") CheckNoError(t, resp) if len(rusers) != 0 { t.Fatal("should be no users") } Client.Logout() _, resp = Client.GetUsersNotInChannel(teamId, channelId, 0, 60, "") CheckUnauthorizedStatus(t, resp) Client.Login(user.Email, user.Password) _, resp = Client.GetUsersNotInChannel(teamId, channelId, 0, 60, "") CheckForbiddenStatus(t, resp) _, resp = th.SystemAdminClient.GetUsersNotInChannel(teamId, channelId, 0, 60, "") CheckNoError(t, resp) }