// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. // See License.txt for license information. package app import ( "fmt" "net/http" "net/http/httptest" "strings" "sync/atomic" "testing" "time" "github.com/dyatlov/go-opengraph/opengraph" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/mattermost/mattermost-server/model" "github.com/mattermost/mattermost-server/store" "github.com/mattermost/mattermost-server/store/storetest" ) func TestUpdatePostEditAt(t *testing.T) { th := Setup().InitBasic() defer th.TearDown() post := &model.Post{} *post = *th.BasicPost post.IsPinned = true if saved, err := th.App.UpdatePost(post, true); err != nil { t.Fatal(err) } else if saved.EditAt != post.EditAt { t.Fatal("shouldn't have updated post.EditAt when pinning post") *post = *saved } time.Sleep(time.Millisecond * 100) post.Message = model.NewId() if saved, err := th.App.UpdatePost(post, true); err != nil { t.Fatal(err) } else if saved.EditAt == post.EditAt { t.Fatal("should have updated post.EditAt when updating post message") } time.Sleep(time.Millisecond * 200) } func TestUpdatePostTimeLimit(t *testing.T) { th := Setup().InitBasic() defer th.TearDown() post := &model.Post{} *post = *th.BasicPost th.App.SetLicense(model.NewTestLicense()) th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.PostEditTimeLimit = -1 }) if _, err := th.App.UpdatePost(post, true); err != nil { t.Fatal(err) } th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.PostEditTimeLimit = 1000000000 }) post.Message = model.NewId() if _, err := th.App.UpdatePost(post, true); err != nil { t.Fatal("should allow you to edit the post") } th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.PostEditTimeLimit = 1 }) post.Message = model.NewId() if _, err := th.App.UpdatePost(post, true); err == nil { t.Fatal("should fail on update old post") } th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.PostEditTimeLimit = -1 }) } func TestPostReplyToPostWhereRootPosterLeftChannel(t *testing.T) { // This test ensures that when replying to a root post made by a user who has since left the channel, the reply // post completes successfully. This is a regression test for PLT-6523. th := Setup().InitBasic() defer th.TearDown() channel := th.BasicChannel userInChannel := th.BasicUser2 userNotInChannel := th.BasicUser rootPost := th.BasicPost if _, err := th.App.AddUserToChannel(userInChannel, channel); err != nil { t.Fatal(err) } if err := th.App.RemoveUserFromChannel(userNotInChannel.Id, "", channel); err != nil { t.Fatal(err) } replyPost := model.Post{ Message: "asd", ChannelId: channel.Id, RootId: rootPost.Id, ParentId: rootPost.Id, PendingPostId: model.NewId() + ":" + fmt.Sprint(model.GetMillis()), UserId: userInChannel.Id, CreateAt: 0, } if _, err := th.App.CreatePostAsUser(&replyPost); err != nil { t.Fatal(err) } } func TestPostAction(t *testing.T) { th := Setup().InitBasic() defer th.TearDown() th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost 127.0.0.1" }) ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { request := model.PostActionIntegrationRequesteFromJson(r.Body) assert.NotNil(t, request) assert.Equal(t, request.UserId, th.BasicUser.Id) assert.Equal(t, request.ChannelId, th.BasicChannel.Id) assert.Equal(t, request.TeamId, th.BasicTeam.Id) if request.Type == model.POST_ACTION_TYPE_SELECT { assert.Equal(t, request.DataSource, "some_source") assert.Equal(t, request.Context["selected_option"], "selected") } else { assert.Equal(t, request.DataSource, "") } assert.Equal(t, "foo", request.Context["s"]) assert.EqualValues(t, 3, request.Context["n"]) fmt.Fprintf(w, `{"post": {"message": "updated"}, "ephemeral_text": "foo"}`) })) defer ts.Close() interactivePost := model.Post{ Message: "Interactive post", ChannelId: th.BasicChannel.Id, PendingPostId: model.NewId() + ":" + fmt.Sprint(model.GetMillis()), UserId: th.BasicUser.Id, Props: model.StringInterface{ "attachments": []*model.SlackAttachment{ { Text: "hello", Actions: []*model.PostAction{ { Integration: &model.PostActionIntegration{ Context: model.StringInterface{ "s": "foo", "n": 3, }, URL: ts.URL, }, Name: "action", Type: "some_type", DataSource: "some_source", }, }, }, }, }, } post, err := th.App.CreatePostAsUser(&interactivePost) require.Nil(t, err) attachments, ok := post.Props["attachments"].([]*model.SlackAttachment) require.True(t, ok) require.NotEmpty(t, attachments[0].Actions) require.NotEmpty(t, attachments[0].Actions[0].Id) menuPost := model.Post{ Message: "Interactive post", ChannelId: th.BasicChannel.Id, PendingPostId: model.NewId() + ":" + fmt.Sprint(model.GetMillis()), UserId: th.BasicUser.Id, Props: model.StringInterface{ "attachments": []*model.SlackAttachment{ { Text: "hello", Actions: []*model.PostAction{ { Integration: &model.PostActionIntegration{ Context: model.StringInterface{ "s": "foo", "n": 3, }, URL: ts.URL, }, Name: "action", Type: model.POST_ACTION_TYPE_SELECT, DataSource: "some_source", }, }, }, }, }, } post2, err := th.App.CreatePostAsUser(&menuPost) require.Nil(t, err) attachments2, ok := post2.Props["attachments"].([]*model.SlackAttachment) require.True(t, ok) require.NotEmpty(t, attachments2[0].Actions) require.NotEmpty(t, attachments2[0].Actions[0].Id) err = th.App.DoPostAction(post.Id, "notavalidid", th.BasicUser.Id, "") require.NotNil(t, err) assert.Equal(t, http.StatusNotFound, err.StatusCode) err = th.App.DoPostAction(post.Id, attachments[0].Actions[0].Id, th.BasicUser.Id, "") require.Nil(t, err) err = th.App.DoPostAction(post2.Id, attachments2[0].Actions[0].Id, th.BasicUser.Id, "selected") require.Nil(t, err) th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.AllowedUntrustedInternalConnections = "" }) err = th.App.DoPostAction(post.Id, attachments[0].Actions[0].Id, th.BasicUser.Id, "") require.NotNil(t, err) require.True(t, strings.Contains(err.Error(), "address forbidden")) interactivePostPlugin := model.Post{ Message: "Interactive post", ChannelId: th.BasicChannel.Id, PendingPostId: model.NewId() + ":" + fmt.Sprint(model.GetMillis()), UserId: th.BasicUser.Id, Props: model.StringInterface{ "attachments": []*model.SlackAttachment{ { Text: "hello", Actions: []*model.PostAction{ { Integration: &model.PostActionIntegration{ Context: model.StringInterface{ "s": "foo", "n": 3, }, URL: ts.URL + "/plugins/myplugin/myaction", }, Name: "action", Type: "some_type", DataSource: "some_source", }, }, }, }, }, } postplugin, err := th.App.CreatePostAsUser(&interactivePostPlugin) require.Nil(t, err) attachmentsPlugin, ok := postplugin.Props["attachments"].([]*model.SlackAttachment) require.True(t, ok) err = th.App.DoPostAction(postplugin.Id, attachmentsPlugin[0].Actions[0].Id, th.BasicUser.Id, "") require.Nil(t, err) th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.SiteURL = "http://127.1.1.1" }) interactivePostSiteURL := model.Post{ Message: "Interactive post", ChannelId: th.BasicChannel.Id, PendingPostId: model.NewId() + ":" + fmt.Sprint(model.GetMillis()), UserId: th.BasicUser.Id, Props: model.StringInterface{ "attachments": []*model.SlackAttachment{ { Text: "hello", Actions: []*model.PostAction{ { Integration: &model.PostActionIntegration{ Context: model.StringInterface{ "s": "foo", "n": 3, }, URL: "http://127.1.1.1/plugins/myplugin/myaction", }, Name: "action", Type: "some_type", DataSource: "some_source", }, }, }, }, }, } postSiteURL, err := th.App.CreatePostAsUser(&interactivePostSiteURL) require.Nil(t, err) attachmentsSiteURL, ok := postSiteURL.Props["attachments"].([]*model.SlackAttachment) require.True(t, ok) err = th.App.DoPostAction(postSiteURL.Id, attachmentsSiteURL[0].Actions[0].Id, th.BasicUser.Id, "") require.NotNil(t, err) require.False(t, strings.Contains(err.Error(), "address forbidden")) th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.SiteURL = ts.URL + "/subpath" }) interactivePostSubpath := model.Post{ Message: "Interactive post", ChannelId: th.BasicChannel.Id, PendingPostId: model.NewId() + ":" + fmt.Sprint(model.GetMillis()), UserId: th.BasicUser.Id, Props: model.StringInterface{ "attachments": []*model.SlackAttachment{ { Text: "hello", Actions: []*model.PostAction{ { Integration: &model.PostActionIntegration{ Context: model.StringInterface{ "s": "foo", "n": 3, }, URL: ts.URL + "/subpath/plugins/myplugin/myaction", }, Name: "action", Type: "some_type", DataSource: "some_source", }, }, }, }, }, } postSubpath, err := th.App.CreatePostAsUser(&interactivePostSubpath) require.Nil(t, err) attachmentsSubpath, ok := postSubpath.Props["attachments"].([]*model.SlackAttachment) require.True(t, ok) err = th.App.DoPostAction(postSubpath.Id, attachmentsSubpath[0].Actions[0].Id, th.BasicUser.Id, "") require.Nil(t, err) } func TestPostChannelMentions(t *testing.T) { th := Setup().InitBasic() defer th.TearDown() channel := th.BasicChannel user := th.BasicUser channelToMention, err := th.App.CreateChannel(&model.Channel{ DisplayName: "Mention Test", Name: "mention-test", Type: model.CHANNEL_OPEN, TeamId: th.BasicTeam.Id, }, false) if err != nil { t.Fatal(err.Error()) } defer th.App.PermanentDeleteChannel(channelToMention) _, err = th.App.AddUserToChannel(user, channel) require.Nil(t, err) post := &model.Post{ Message: fmt.Sprintf("hello, ~%v!", channelToMention.Name), ChannelId: channel.Id, PendingPostId: model.NewId() + ":" + fmt.Sprint(model.GetMillis()), UserId: user.Id, CreateAt: 0, } result, err := th.App.CreatePostAsUser(post) require.Nil(t, err) assert.Equal(t, map[string]interface{}{ "mention-test": map[string]interface{}{ "display_name": "Mention Test", }, }, result.Props["channel_mentions"]) post.Message = fmt.Sprintf("goodbye, ~%v!", channelToMention.Name) result, err = th.App.UpdatePost(post, false) require.Nil(t, err) assert.Equal(t, map[string]interface{}{ "mention-test": map[string]interface{}{ "display_name": "Mention Test", }, }, result.Props["channel_mentions"]) } func TestImageProxy(t *testing.T) { th := Setup().InitBasic() defer th.TearDown() th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.SiteURL = "http://mymattermost.com" }) for name, tc := range map[string]struct { ProxyType string ProxyURL string ProxyOptions string ImageURL string ProxiedImageURL string }{ "atmos/camo": { ProxyType: "atmos/camo", ProxyURL: "https://127.0.0.1", ProxyOptions: "foo", ImageURL: "http://mydomain.com/myimage", ProxiedImageURL: "https://127.0.0.1/f8dace906d23689e8d5b12c3cefbedbf7b9b72f5/687474703a2f2f6d79646f6d61696e2e636f6d2f6d79696d616765", }, "atmos/camo_SameSite": { ProxyType: "atmos/camo", ProxyURL: "https://127.0.0.1", ProxyOptions: "foo", ImageURL: "http://mymattermost.com/myimage", ProxiedImageURL: "http://mymattermost.com/myimage", }, "atmos/camo_PathOnly": { ProxyType: "atmos/camo", ProxyURL: "https://127.0.0.1", ProxyOptions: "foo", ImageURL: "/myimage", ProxiedImageURL: "/myimage", }, "atmos/camo_EmptyImageURL": { ProxyType: "atmos/camo", ProxyURL: "https://127.0.0.1", ProxyOptions: "foo", ImageURL: "", ProxiedImageURL: "", }, } { t.Run(name, func(t *testing.T) { th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.ImageProxyType = model.NewString(tc.ProxyType) cfg.ServiceSettings.ImageProxyOptions = model.NewString(tc.ProxyOptions) cfg.ServiceSettings.ImageProxyURL = model.NewString(tc.ProxyURL) }) post := &model.Post{ Id: model.NewId(), Message: "![foo](" + tc.ImageURL + ")", } list := model.NewPostList() list.Posts[post.Id] = post assert.Equal(t, "![foo]("+tc.ProxiedImageURL+")", th.App.PostListWithProxyAddedToImageURLs(list).Posts[post.Id].Message) assert.Equal(t, "![foo]("+tc.ProxiedImageURL+")", th.App.PostWithProxyAddedToImageURLs(post).Message) assert.Equal(t, "![foo]("+tc.ImageURL+")", th.App.PostWithProxyRemovedFromImageURLs(post).Message) post.Message = "![foo](" + tc.ProxiedImageURL + ")" assert.Equal(t, "![foo]("+tc.ImageURL+")", th.App.PostWithProxyRemovedFromImageURLs(post).Message) if tc.ImageURL != "" { post.Message = "![foo](" + tc.ImageURL + " =500x200)" assert.Equal(t, "![foo]("+tc.ProxiedImageURL+" =500x200)", th.App.PostWithProxyAddedToImageURLs(post).Message) assert.Equal(t, "![foo]("+tc.ImageURL+" =500x200)", th.App.PostWithProxyRemovedFromImageURLs(post).Message) post.Message = "![foo](" + tc.ProxiedImageURL + " =500x200)" assert.Equal(t, "![foo]("+tc.ImageURL+" =500x200)", th.App.PostWithProxyRemovedFromImageURLs(post).Message) } }) } } func BenchmarkForceHTMLEncodingToUTF8(b *testing.B) { HTML := `
` ContentType := "text/html; utf-8" b.Run("with converting", func(b *testing.B) { for i := 0; i < b.N; i++ { r := forceHTMLEncodingToUTF8(strings.NewReader(HTML), ContentType) og := opengraph.NewOpenGraph() og.ProcessHTML(r) } }) b.Run("without converting", func(b *testing.B) { for i := 0; i < b.N; i++ { og := opengraph.NewOpenGraph() og.ProcessHTML(strings.NewReader(HTML)) } }) } func TestMakeOpenGraphURLsAbsolute(t *testing.T) { for name, tc := range map[string]struct { HTML string RequestURL string URL string ImageURL string }{ "absolute URLs": { HTML: ` `, RequestURL: "https://example.com", URL: "https://example.com/apps/mattermost", ImageURL: "https://images.example.com/image.png", }, "URLs starting with /": { HTML: ` `, RequestURL: "http://example.com", URL: "http://example.com/apps/mattermost", ImageURL: "http://example.com/image.png", }, "HTTPS URLs starting with /": { HTML: ` `, RequestURL: "https://example.com", URL: "https://example.com/apps/mattermost", ImageURL: "https://example.com/image.png", }, "missing image URL": { HTML: ` `, RequestURL: "http://example.com", URL: "http://example.com/apps/mattermost", ImageURL: "", }, "relative URLs": { HTML: ` `, RequestURL: "http://example.com/content/index.html", URL: "http://example.com/content/index.html", ImageURL: "http://example.com/resources/image.png", }, } { t.Run(name, func(t *testing.T) { og := opengraph.NewOpenGraph() if err := og.ProcessHTML(strings.NewReader(tc.HTML)); err != nil { t.Fatal(err) } makeOpenGraphURLsAbsolute(og, tc.RequestURL) if og.URL != tc.URL { t.Fatalf("incorrect url, expected %v, got %v", tc.URL, og.URL) } if len(og.Images) > 0 { if og.Images[0].URL != tc.ImageURL { t.Fatalf("incorrect image url, expected %v, got %v", tc.ImageURL, og.Images[0].URL) } } else if tc.ImageURL != "" { t.Fatalf("missing image url, expected %v, got nothing", tc.ImageURL) } }) } } func TestMaxPostSize(t *testing.T) { t.Parallel() testCases := []struct { Description string StoreMaxPostSize int ExpectedMaxPostSize int ExpectedError *model.AppError }{ { "error fetching max post size", 0, model.POST_MESSAGE_MAX_RUNES_V1, model.NewAppError("TestMaxPostSize", "this is an error", nil, "", http.StatusBadRequest), }, { "4000 rune limit", 4000, 4000, nil, }, { "16383 rune limit", 16383, 16383, nil, }, } for _, testCase := range testCases { testCase := testCase t.Run(testCase.Description, func(t *testing.T) { t.Parallel() mockStore := &storetest.Store{} defer mockStore.AssertExpectations(t) mockStore.PostStore.On("GetMaxPostSize").Return( storetest.NewStoreChannel(store.StoreResult{ Data: testCase.StoreMaxPostSize, Err: testCase.ExpectedError, }), ) app := App{ Srv: &Server{ Store: mockStore, }, config: atomic.Value{}, } assert.Equal(t, testCase.ExpectedMaxPostSize, app.MaxPostSize()) }) } }