github.com/haalcala/mattermost-server-change-repo@v0.0.0-20210713015153-16753fbeee5f/store/storetest/user_store.go (about)

     1  // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
     2  // See LICENSE.txt for license information.
     3  
     4  package storetest
     5  
     6  import (
     7  	"context"
     8  	"errors"
     9  	"strings"
    10  	"testing"
    11  	"time"
    12  
    13  	"github.com/stretchr/testify/assert"
    14  	"github.com/stretchr/testify/require"
    15  
    16  	"github.com/mattermost/mattermost-server/v5/model"
    17  	"github.com/mattermost/mattermost-server/v5/store"
    18  )
    19  
    20  const (
    21  	DayMilliseconds   = 24 * 60 * 60 * 1000
    22  	MonthMilliseconds = 31 * DayMilliseconds
    23  )
    24  
    25  func cleanupStatusStore(t *testing.T, s SqlStore) {
    26  	_, execerr := s.GetMaster().ExecNoTimeout(` DELETE FROM Status `)
    27  	require.NoError(t, execerr)
    28  }
    29  
    30  func TestUserStore(t *testing.T, ss store.Store, s SqlStore) {
    31  	users, err := ss.User().GetAll()
    32  	require.NoError(t, err, "failed cleaning up test users")
    33  
    34  	for _, u := range users {
    35  		err := ss.User().PermanentDelete(u.Id)
    36  		require.NoError(t, err, "failed cleaning up test user %s", u.Username)
    37  	}
    38  
    39  	t.Run("Count", func(t *testing.T) { testCount(t, ss) })
    40  	t.Run("AnalyticsActiveCount", func(t *testing.T) { testUserStoreAnalyticsActiveCount(t, ss, s) })
    41  	t.Run("AnalyticsActiveCountForPeriod", func(t *testing.T) { testUserStoreAnalyticsActiveCountForPeriod(t, ss, s) })
    42  	t.Run("AnalyticsGetInactiveUsersCount", func(t *testing.T) { testUserStoreAnalyticsGetInactiveUsersCount(t, ss) })
    43  	t.Run("AnalyticsGetSystemAdminCount", func(t *testing.T) { testUserStoreAnalyticsGetSystemAdminCount(t, ss) })
    44  	t.Run("AnalyticsGetGuestCount", func(t *testing.T) { testUserStoreAnalyticsGetGuestCount(t, ss) })
    45  	t.Run("AnalyticsGetExternalUsers", func(t *testing.T) { testUserStoreAnalyticsGetExternalUsers(t, ss) })
    46  	t.Run("Save", func(t *testing.T) { testUserStoreSave(t, ss) })
    47  	t.Run("Update", func(t *testing.T) { testUserStoreUpdate(t, ss) })
    48  	t.Run("UpdateUpdateAt", func(t *testing.T) { testUserStoreUpdateUpdateAt(t, ss) })
    49  	t.Run("UpdateFailedPasswordAttempts", func(t *testing.T) { testUserStoreUpdateFailedPasswordAttempts(t, ss) })
    50  	t.Run("Get", func(t *testing.T) { testUserStoreGet(t, ss) })
    51  	t.Run("GetAllUsingAuthService", func(t *testing.T) { testGetAllUsingAuthService(t, ss) })
    52  	t.Run("GetAllProfiles", func(t *testing.T) { testUserStoreGetAllProfiles(t, ss) })
    53  	t.Run("GetProfiles", func(t *testing.T) { testUserStoreGetProfiles(t, ss) })
    54  	t.Run("GetProfilesInChannel", func(t *testing.T) { testUserStoreGetProfilesInChannel(t, ss) })
    55  	t.Run("GetProfilesInChannelByStatus", func(t *testing.T) { testUserStoreGetProfilesInChannelByStatus(t, ss, s) })
    56  	t.Run("GetProfilesWithoutTeam", func(t *testing.T) { testUserStoreGetProfilesWithoutTeam(t, ss) })
    57  	t.Run("GetAllProfilesInChannel", func(t *testing.T) { testUserStoreGetAllProfilesInChannel(t, ss) })
    58  	t.Run("GetProfilesNotInChannel", func(t *testing.T) { testUserStoreGetProfilesNotInChannel(t, ss) })
    59  	t.Run("GetProfilesByIds", func(t *testing.T) { testUserStoreGetProfilesByIds(t, ss) })
    60  	t.Run("GetProfileByGroupChannelIdsForUser", func(t *testing.T) { testUserStoreGetProfileByGroupChannelIdsForUser(t, ss) })
    61  	t.Run("GetProfilesByUsernames", func(t *testing.T) { testUserStoreGetProfilesByUsernames(t, ss) })
    62  	t.Run("GetSystemAdminProfiles", func(t *testing.T) { testUserStoreGetSystemAdminProfiles(t, ss) })
    63  	t.Run("GetByEmail", func(t *testing.T) { testUserStoreGetByEmail(t, ss) })
    64  	t.Run("GetByAuthData", func(t *testing.T) { testUserStoreGetByAuthData(t, ss) })
    65  	t.Run("GetByUsername", func(t *testing.T) { testUserStoreGetByUsername(t, ss) })
    66  	t.Run("GetForLogin", func(t *testing.T) { testUserStoreGetForLogin(t, ss) })
    67  	t.Run("UpdatePassword", func(t *testing.T) { testUserStoreUpdatePassword(t, ss) })
    68  	t.Run("Delete", func(t *testing.T) { testUserStoreDelete(t, ss) })
    69  	t.Run("UpdateAuthData", func(t *testing.T) { testUserStoreUpdateAuthData(t, ss) })
    70  	t.Run("UserUnreadCount", func(t *testing.T) { testUserUnreadCount(t, ss) })
    71  	t.Run("UpdateMfaSecret", func(t *testing.T) { testUserStoreUpdateMfaSecret(t, ss) })
    72  	t.Run("UpdateMfaActive", func(t *testing.T) { testUserStoreUpdateMfaActive(t, ss) })
    73  	t.Run("GetRecentlyActiveUsersForTeam", func(t *testing.T) { testUserStoreGetRecentlyActiveUsersForTeam(t, ss, s) })
    74  	t.Run("GetNewUsersForTeam", func(t *testing.T) { testUserStoreGetNewUsersForTeam(t, ss) })
    75  	t.Run("Search", func(t *testing.T) { testUserStoreSearch(t, ss) })
    76  	t.Run("SearchNotInChannel", func(t *testing.T) { testUserStoreSearchNotInChannel(t, ss) })
    77  	t.Run("SearchInChannel", func(t *testing.T) { testUserStoreSearchInChannel(t, ss) })
    78  	t.Run("SearchNotInTeam", func(t *testing.T) { testUserStoreSearchNotInTeam(t, ss) })
    79  	t.Run("SearchWithoutTeam", func(t *testing.T) { testUserStoreSearchWithoutTeam(t, ss) })
    80  	t.Run("SearchInGroup", func(t *testing.T) { testUserStoreSearchInGroup(t, ss) })
    81  	t.Run("GetProfilesNotInTeam", func(t *testing.T) { testUserStoreGetProfilesNotInTeam(t, ss) })
    82  	t.Run("ClearAllCustomRoleAssignments", func(t *testing.T) { testUserStoreClearAllCustomRoleAssignments(t, ss) })
    83  	t.Run("GetAllAfter", func(t *testing.T) { testUserStoreGetAllAfter(t, ss) })
    84  	t.Run("GetUsersBatchForIndexing", func(t *testing.T) { testUserStoreGetUsersBatchForIndexing(t, ss) })
    85  	t.Run("GetTeamGroupUsers", func(t *testing.T) { testUserStoreGetTeamGroupUsers(t, ss) })
    86  	t.Run("GetChannelGroupUsers", func(t *testing.T) { testUserStoreGetChannelGroupUsers(t, ss) })
    87  	t.Run("PromoteGuestToUser", func(t *testing.T) { testUserStorePromoteGuestToUser(t, ss) })
    88  	t.Run("DemoteUserToGuest", func(t *testing.T) { testUserStoreDemoteUserToGuest(t, ss) })
    89  	t.Run("DeactivateGuests", func(t *testing.T) { testDeactivateGuests(t, ss) })
    90  	t.Run("ResetLastPictureUpdate", func(t *testing.T) { testUserStoreResetLastPictureUpdate(t, ss) })
    91  	t.Run("GetKnownUsers", func(t *testing.T) { testGetKnownUsers(t, ss) })
    92  }
    93  
    94  func testUserStoreSave(t *testing.T, ss store.Store) {
    95  	teamId := model.NewId()
    96  	maxUsersPerTeam := 50
    97  
    98  	u1 := model.User{
    99  		Email:    MakeEmail(),
   100  		Username: model.NewId(),
   101  	}
   102  
   103  	_, err := ss.User().Save(&u1)
   104  	require.NoError(t, err, "couldn't save user")
   105  
   106  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
   107  
   108  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, maxUsersPerTeam)
   109  	require.NoError(t, nErr)
   110  
   111  	_, err = ss.User().Save(&u1)
   112  	require.Error(t, err, "shouldn't be able to update user from save")
   113  
   114  	u2 := model.User{
   115  		Email:    u1.Email,
   116  		Username: model.NewId(),
   117  	}
   118  	_, err = ss.User().Save(&u2)
   119  	require.Error(t, err, "should be unique email")
   120  
   121  	u2.Email = MakeEmail()
   122  	u2.Username = u1.Username
   123  	_, err = ss.User().Save(&u1)
   124  	require.Error(t, err, "should be unique username")
   125  
   126  	u2.Username = ""
   127  	_, err = ss.User().Save(&u1)
   128  	require.Error(t, err, "should be unique username")
   129  
   130  	for i := 0; i < 49; i++ {
   131  		u := model.User{
   132  			Email:    MakeEmail(),
   133  			Username: model.NewId(),
   134  		}
   135  		_, err = ss.User().Save(&u)
   136  		require.NoError(t, err, "couldn't save item")
   137  
   138  		defer func() { require.NoError(t, ss.User().PermanentDelete(u.Id)) }()
   139  
   140  		_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u.Id}, maxUsersPerTeam)
   141  		require.NoError(t, nErr)
   142  	}
   143  
   144  	u2.Id = ""
   145  	u2.Email = MakeEmail()
   146  	u2.Username = model.NewId()
   147  	_, err = ss.User().Save(&u2)
   148  	require.NoError(t, err, "couldn't save item")
   149  
   150  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
   151  
   152  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, maxUsersPerTeam)
   153  	require.Error(t, nErr, "should be the limit")
   154  }
   155  
   156  func testUserStoreUpdate(t *testing.T, ss store.Store) {
   157  	u1 := &model.User{
   158  		Email: MakeEmail(),
   159  	}
   160  	_, err := ss.User().Save(u1)
   161  	require.NoError(t, err)
   162  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
   163  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: model.NewId(), UserId: u1.Id}, -1)
   164  	require.NoError(t, nErr)
   165  
   166  	u2 := &model.User{
   167  		Email:       MakeEmail(),
   168  		AuthService: "ldap",
   169  	}
   170  	_, err = ss.User().Save(u2)
   171  	require.NoError(t, err)
   172  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
   173  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: model.NewId(), UserId: u2.Id}, -1)
   174  	require.NoError(t, nErr)
   175  
   176  	_, err = ss.User().Update(u1, false)
   177  	require.NoError(t, err)
   178  
   179  	missing := &model.User{}
   180  	_, err = ss.User().Update(missing, false)
   181  	require.Error(t, err, "Update should have failed because of missing key")
   182  
   183  	newId := &model.User{
   184  		Id: model.NewId(),
   185  	}
   186  	_, err = ss.User().Update(newId, false)
   187  	require.Error(t, err, "Update should have failed because id change")
   188  
   189  	u2.Email = MakeEmail()
   190  	_, err = ss.User().Update(u2, false)
   191  	require.Error(t, err, "Update should have failed because you can't modify AD/LDAP fields")
   192  
   193  	u3 := &model.User{
   194  		Email:       MakeEmail(),
   195  		AuthService: "gitlab",
   196  	}
   197  	oldEmail := u3.Email
   198  	_, err = ss.User().Save(u3)
   199  	require.NoError(t, err)
   200  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
   201  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: model.NewId(), UserId: u3.Id}, -1)
   202  	require.NoError(t, nErr)
   203  
   204  	u3.Email = MakeEmail()
   205  	userUpdate, err := ss.User().Update(u3, false)
   206  	require.NoError(t, err, "Update should not have failed")
   207  	assert.Equal(t, oldEmail, userUpdate.New.Email, "Email should not have been updated as the update is not trusted")
   208  
   209  	u3.Email = MakeEmail()
   210  	userUpdate, err = ss.User().Update(u3, true)
   211  	require.NoError(t, err, "Update should not have failed")
   212  	assert.NotEqual(t, oldEmail, userUpdate.New.Email, "Email should have been updated as the update is trusted")
   213  
   214  	err = ss.User().UpdateLastPictureUpdate(u1.Id)
   215  	require.NoError(t, err, "Update should not have failed")
   216  }
   217  
   218  func testUserStoreUpdateUpdateAt(t *testing.T, ss store.Store) {
   219  	u1 := &model.User{}
   220  	u1.Email = MakeEmail()
   221  	_, err := ss.User().Save(u1)
   222  	require.NoError(t, err)
   223  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
   224  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: model.NewId(), UserId: u1.Id}, -1)
   225  	require.NoError(t, nErr)
   226  
   227  	_, err = ss.User().UpdateUpdateAt(u1.Id)
   228  	require.NoError(t, err)
   229  
   230  	user, err := ss.User().Get(context.Background(), u1.Id)
   231  	require.NoError(t, err)
   232  	require.Less(t, u1.UpdateAt, user.UpdateAt, "UpdateAt not updated correctly")
   233  }
   234  
   235  func testUserStoreUpdateFailedPasswordAttempts(t *testing.T, ss store.Store) {
   236  	u1 := &model.User{}
   237  	u1.Email = MakeEmail()
   238  	_, err := ss.User().Save(u1)
   239  	require.NoError(t, err)
   240  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
   241  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: model.NewId(), UserId: u1.Id}, -1)
   242  	require.NoError(t, nErr)
   243  
   244  	err = ss.User().UpdateFailedPasswordAttempts(u1.Id, 3)
   245  	require.NoError(t, err)
   246  
   247  	user, err := ss.User().Get(context.Background(), u1.Id)
   248  	require.NoError(t, err)
   249  	require.Equal(t, 3, user.FailedAttempts, "FailedAttempts not updated correctly")
   250  }
   251  
   252  func testUserStoreGet(t *testing.T, ss store.Store) {
   253  	u1 := &model.User{
   254  		Email: MakeEmail(),
   255  	}
   256  	_, err := ss.User().Save(u1)
   257  	require.NoError(t, err)
   258  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
   259  
   260  	u2, _ := ss.User().Save(&model.User{
   261  		Email:    MakeEmail(),
   262  		Username: model.NewId(),
   263  	})
   264  	_, nErr := ss.Bot().Save(&model.Bot{
   265  		UserId:      u2.Id,
   266  		Username:    u2.Username,
   267  		Description: "bot description",
   268  		OwnerId:     u1.Id,
   269  	})
   270  	require.NoError(t, nErr)
   271  	u2.IsBot = true
   272  	u2.BotDescription = "bot description"
   273  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u2.Id)) }()
   274  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
   275  
   276  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: model.NewId(), UserId: u1.Id}, -1)
   277  	require.NoError(t, nErr)
   278  
   279  	t.Run("fetch empty id", func(t *testing.T) {
   280  		_, err := ss.User().Get(context.Background(), "")
   281  		require.Error(t, err)
   282  	})
   283  
   284  	t.Run("fetch user 1", func(t *testing.T) {
   285  		actual, err := ss.User().Get(context.Background(), u1.Id)
   286  		require.NoError(t, err)
   287  		require.Equal(t, u1, actual)
   288  		require.False(t, actual.IsBot)
   289  	})
   290  
   291  	t.Run("fetch user 2, also a bot", func(t *testing.T) {
   292  		actual, err := ss.User().Get(context.Background(), u2.Id)
   293  		require.NoError(t, err)
   294  		require.Equal(t, u2, actual)
   295  		require.True(t, actual.IsBot)
   296  		require.Equal(t, "bot description", actual.BotDescription)
   297  	})
   298  }
   299  
   300  func testGetAllUsingAuthService(t *testing.T, ss store.Store) {
   301  	teamId := model.NewId()
   302  
   303  	u1, err := ss.User().Save(&model.User{
   304  		Email:       MakeEmail(),
   305  		Username:    "u1" + model.NewId(),
   306  		AuthService: "service",
   307  	})
   308  	require.NoError(t, err)
   309  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
   310  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
   311  	require.NoError(t, nErr)
   312  
   313  	u2, err := ss.User().Save(&model.User{
   314  		Email:       MakeEmail(),
   315  		Username:    "u2" + model.NewId(),
   316  		AuthService: "service",
   317  	})
   318  	require.NoError(t, err)
   319  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
   320  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
   321  	require.NoError(t, nErr)
   322  
   323  	u3, err := ss.User().Save(&model.User{
   324  		Email:       MakeEmail(),
   325  		Username:    "u3" + model.NewId(),
   326  		AuthService: "service2",
   327  	})
   328  	require.NoError(t, err)
   329  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
   330  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
   331  	require.NoError(t, nErr)
   332  	_, nErr = ss.Bot().Save(&model.Bot{
   333  		UserId:   u3.Id,
   334  		Username: u3.Username,
   335  		OwnerId:  u1.Id,
   336  	})
   337  	require.NoError(t, nErr)
   338  	u3.IsBot = true
   339  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
   340  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
   341  
   342  	t.Run("get by unknown auth service", func(t *testing.T) {
   343  		users, err := ss.User().GetAllUsingAuthService("unknown")
   344  		require.NoError(t, err)
   345  		assert.Equal(t, []*model.User{}, users)
   346  	})
   347  
   348  	t.Run("get by auth service", func(t *testing.T) {
   349  		users, err := ss.User().GetAllUsingAuthService("service")
   350  		require.NoError(t, err)
   351  		assert.Equal(t, []*model.User{u1, u2}, users)
   352  	})
   353  
   354  	t.Run("get by other auth service", func(t *testing.T) {
   355  		users, err := ss.User().GetAllUsingAuthService("service2")
   356  		require.NoError(t, err)
   357  		assert.Equal(t, []*model.User{u3}, users)
   358  	})
   359  }
   360  
   361  func sanitized(user *model.User) *model.User {
   362  	clonedUser := user.DeepCopy()
   363  	clonedUser.Sanitize(map[string]bool{})
   364  
   365  	return clonedUser
   366  }
   367  
   368  func testUserStoreGetAllProfiles(t *testing.T, ss store.Store) {
   369  	u1, err := ss.User().Save(&model.User{
   370  		Email:    MakeEmail(),
   371  		Username: "u1" + model.NewId(),
   372  		Roles:    model.SYSTEM_USER_ROLE_ID,
   373  	})
   374  	require.NoError(t, err)
   375  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
   376  
   377  	u2, err := ss.User().Save(&model.User{
   378  		Email:    MakeEmail(),
   379  		Username: "u2" + model.NewId(),
   380  		Roles:    model.SYSTEM_USER_ROLE_ID,
   381  	})
   382  	require.NoError(t, err)
   383  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
   384  
   385  	u3, err := ss.User().Save(&model.User{
   386  		Email:    MakeEmail(),
   387  		Username: "u3" + model.NewId(),
   388  	})
   389  	require.NoError(t, err)
   390  	_, nErr := ss.Bot().Save(&model.Bot{
   391  		UserId:   u3.Id,
   392  		Username: u3.Username,
   393  		OwnerId:  u1.Id,
   394  	})
   395  	require.NoError(t, nErr)
   396  	u3.IsBot = true
   397  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
   398  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
   399  
   400  	u4, err := ss.User().Save(&model.User{
   401  		Email:    MakeEmail(),
   402  		Username: "u4" + model.NewId(),
   403  		Roles:    "system_user some-other-role",
   404  	})
   405  	require.NoError(t, err)
   406  	defer func() { require.NoError(t, ss.User().PermanentDelete(u4.Id)) }()
   407  
   408  	u5, err := ss.User().Save(&model.User{
   409  		Email:    MakeEmail(),
   410  		Username: "u5" + model.NewId(),
   411  		Roles:    "system_admin",
   412  	})
   413  	require.NoError(t, err)
   414  	defer func() { require.NoError(t, ss.User().PermanentDelete(u5.Id)) }()
   415  
   416  	u6, err := ss.User().Save(&model.User{
   417  		Email:    MakeEmail(),
   418  		Username: "u6" + model.NewId(),
   419  		DeleteAt: model.GetMillis(),
   420  		Roles:    "system_admin",
   421  	})
   422  	require.NoError(t, err)
   423  	defer func() { require.NoError(t, ss.User().PermanentDelete(u6.Id)) }()
   424  
   425  	u7, err := ss.User().Save(&model.User{
   426  		Email:    MakeEmail(),
   427  		Username: "u7" + model.NewId(),
   428  		DeleteAt: model.GetMillis(),
   429  		Roles:    model.SYSTEM_USER_ROLE_ID,
   430  	})
   431  	require.NoError(t, err)
   432  	defer func() { require.NoError(t, ss.User().PermanentDelete(u7.Id)) }()
   433  
   434  	t.Run("get offset 0, limit 100", func(t *testing.T) {
   435  		options := &model.UserGetOptions{Page: 0, PerPage: 100}
   436  		actual, userErr := ss.User().GetAllProfiles(options)
   437  		require.NoError(t, userErr)
   438  
   439  		require.Equal(t, []*model.User{
   440  			sanitized(u1),
   441  			sanitized(u2),
   442  			sanitized(u3),
   443  			sanitized(u4),
   444  			sanitized(u5),
   445  			sanitized(u6),
   446  			sanitized(u7),
   447  		}, actual)
   448  	})
   449  
   450  	t.Run("get offset 0, limit 1", func(t *testing.T) {
   451  		actual, userErr := ss.User().GetAllProfiles(&model.UserGetOptions{
   452  			Page:    0,
   453  			PerPage: 1,
   454  		})
   455  		require.NoError(t, userErr)
   456  		require.Equal(t, []*model.User{
   457  			sanitized(u1),
   458  		}, actual)
   459  	})
   460  
   461  	t.Run("get all", func(t *testing.T) {
   462  		actual, userErr := ss.User().GetAll()
   463  		require.NoError(t, userErr)
   464  
   465  		require.Equal(t, []*model.User{
   466  			u1,
   467  			u2,
   468  			u3,
   469  			u4,
   470  			u5,
   471  			u6,
   472  			u7,
   473  		}, actual)
   474  	})
   475  
   476  	t.Run("etag changes for all after user creation", func(t *testing.T) {
   477  		etag := ss.User().GetEtagForAllProfiles()
   478  
   479  		uNew := &model.User{}
   480  		uNew.Email = MakeEmail()
   481  		_, userErr := ss.User().Save(uNew)
   482  		require.NoError(t, userErr)
   483  		defer func() { require.NoError(t, ss.User().PermanentDelete(uNew.Id)) }()
   484  
   485  		updatedEtag := ss.User().GetEtagForAllProfiles()
   486  		require.NotEqual(t, etag, updatedEtag)
   487  	})
   488  
   489  	t.Run("filter to system_admin role", func(t *testing.T) {
   490  		actual, userErr := ss.User().GetAllProfiles(&model.UserGetOptions{
   491  			Page:    0,
   492  			PerPage: 10,
   493  			Role:    "system_admin",
   494  		})
   495  		require.NoError(t, userErr)
   496  		require.Equal(t, []*model.User{
   497  			sanitized(u5),
   498  			sanitized(u6),
   499  		}, actual)
   500  	})
   501  
   502  	t.Run("filter to system_admin role, inactive", func(t *testing.T) {
   503  		actual, userErr := ss.User().GetAllProfiles(&model.UserGetOptions{
   504  			Page:     0,
   505  			PerPage:  10,
   506  			Role:     "system_admin",
   507  			Inactive: true,
   508  		})
   509  		require.NoError(t, userErr)
   510  		require.Equal(t, []*model.User{
   511  			sanitized(u6),
   512  		}, actual)
   513  	})
   514  
   515  	t.Run("filter to inactive", func(t *testing.T) {
   516  		actual, userErr := ss.User().GetAllProfiles(&model.UserGetOptions{
   517  			Page:     0,
   518  			PerPage:  10,
   519  			Inactive: true,
   520  		})
   521  		require.NoError(t, userErr)
   522  		require.Equal(t, []*model.User{
   523  			sanitized(u6),
   524  			sanitized(u7),
   525  		}, actual)
   526  	})
   527  
   528  	t.Run("filter to active", func(t *testing.T) {
   529  		actual, userErr := ss.User().GetAllProfiles(&model.UserGetOptions{
   530  			Page:    0,
   531  			PerPage: 10,
   532  			Active:  true,
   533  		})
   534  		require.NoError(t, userErr)
   535  		require.Equal(t, []*model.User{
   536  			sanitized(u1),
   537  			sanitized(u2),
   538  			sanitized(u3),
   539  			sanitized(u4),
   540  			sanitized(u5),
   541  		}, actual)
   542  	})
   543  
   544  	t.Run("try to filter to active and inactive", func(t *testing.T) {
   545  		actual, userErr := ss.User().GetAllProfiles(&model.UserGetOptions{
   546  			Page:     0,
   547  			PerPage:  10,
   548  			Inactive: true,
   549  			Active:   true,
   550  		})
   551  		require.NoError(t, userErr)
   552  		require.Equal(t, []*model.User{
   553  			sanitized(u6),
   554  			sanitized(u7),
   555  		}, actual)
   556  	})
   557  
   558  	u8, err := ss.User().Save(&model.User{
   559  		Email:    MakeEmail(),
   560  		Username: "u8" + model.NewId(),
   561  		DeleteAt: model.GetMillis(),
   562  		Roles:    "system_user_manager system_user",
   563  	})
   564  	require.NoError(t, err)
   565  	defer func() { require.NoError(t, ss.User().PermanentDelete(u8.Id)) }()
   566  
   567  	u9, err := ss.User().Save(&model.User{
   568  		Email:    MakeEmail(),
   569  		Username: "u9" + model.NewId(),
   570  		DeleteAt: model.GetMillis(),
   571  		Roles:    "system_manager system_user",
   572  	})
   573  	require.NoError(t, err)
   574  	defer func() { require.NoError(t, ss.User().PermanentDelete(u9.Id)) }()
   575  
   576  	u10, err := ss.User().Save(&model.User{
   577  		Email:    MakeEmail(),
   578  		Username: "u10" + model.NewId(),
   579  		DeleteAt: model.GetMillis(),
   580  		Roles:    "system_read_only_admin system_user",
   581  	})
   582  	require.NoError(t, err)
   583  	defer func() { require.NoError(t, ss.User().PermanentDelete(u10.Id)) }()
   584  
   585  	t.Run("filter by system_user_manager role", func(t *testing.T) {
   586  		actual, userErr := ss.User().GetAllProfiles(&model.UserGetOptions{
   587  			Page:    0,
   588  			PerPage: 10,
   589  			Roles:   []string{"system_user_manager"},
   590  		})
   591  		require.NoError(t, userErr)
   592  		require.Equal(t, []*model.User{
   593  			sanitized(u8),
   594  		}, actual)
   595  	})
   596  
   597  	t.Run("filter by multiple system roles", func(t *testing.T) {
   598  		actual, userErr := ss.User().GetAllProfiles(&model.UserGetOptions{
   599  			Page:    0,
   600  			PerPage: 10,
   601  			Roles:   []string{"system_manager", "system_user_manager", "system_read_only_admin", "system_admin"},
   602  		})
   603  		require.NoError(t, userErr)
   604  		require.Equal(t, []*model.User{
   605  			sanitized(u10),
   606  			sanitized(u5),
   607  			sanitized(u6),
   608  			sanitized(u8),
   609  			sanitized(u9),
   610  		}, actual)
   611  	})
   612  
   613  	t.Run("filter by system_user only", func(t *testing.T) {
   614  		actual, userErr := ss.User().GetAllProfiles(&model.UserGetOptions{
   615  			Page:    0,
   616  			PerPage: 10,
   617  			Roles:   []string{"system_user"},
   618  		})
   619  		require.NoError(t, userErr)
   620  		require.Equal(t, []*model.User{
   621  			sanitized(u1),
   622  			sanitized(u2),
   623  			sanitized(u7),
   624  		}, actual)
   625  	})
   626  }
   627  
   628  func testUserStoreGetProfiles(t *testing.T, ss store.Store) {
   629  	teamId := model.NewId()
   630  
   631  	u1, err := ss.User().Save(&model.User{
   632  		Email:    MakeEmail(),
   633  		Username: "u1" + model.NewId(),
   634  	})
   635  	require.NoError(t, err)
   636  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
   637  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
   638  	require.NoError(t, nErr)
   639  
   640  	u2, err := ss.User().Save(&model.User{
   641  		Email:    MakeEmail(),
   642  		Username: "u2" + model.NewId(),
   643  	})
   644  	require.NoError(t, err)
   645  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
   646  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
   647  	require.NoError(t, nErr)
   648  
   649  	u3, err := ss.User().Save(&model.User{
   650  		Email:    MakeEmail(),
   651  		Username: "u3" + model.NewId(),
   652  	})
   653  	require.NoError(t, err)
   654  	_, nErr = ss.Bot().Save(&model.Bot{
   655  		UserId:   u3.Id,
   656  		Username: u3.Username,
   657  		OwnerId:  u1.Id,
   658  	})
   659  	require.NoError(t, nErr)
   660  	u3.IsBot = true
   661  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
   662  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
   663  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
   664  	require.NoError(t, nErr)
   665  
   666  	u4, err := ss.User().Save(&model.User{
   667  		Email:    MakeEmail(),
   668  		Username: "u4" + model.NewId(),
   669  		Roles:    "system_admin",
   670  	})
   671  	require.NoError(t, err)
   672  	defer func() { require.NoError(t, ss.User().PermanentDelete(u4.Id)) }()
   673  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u4.Id}, -1)
   674  	require.NoError(t, nErr)
   675  
   676  	u5, err := ss.User().Save(&model.User{
   677  		Email:    MakeEmail(),
   678  		Username: "u5" + model.NewId(),
   679  		DeleteAt: model.GetMillis(),
   680  	})
   681  	require.NoError(t, err)
   682  	defer func() { require.NoError(t, ss.User().PermanentDelete(u5.Id)) }()
   683  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u5.Id}, -1)
   684  	require.NoError(t, nErr)
   685  
   686  	t.Run("get page 0, perPage 100", func(t *testing.T) {
   687  		actual, err := ss.User().GetProfiles(&model.UserGetOptions{
   688  			InTeamId: teamId,
   689  			Page:     0,
   690  			PerPage:  100,
   691  		})
   692  		require.NoError(t, err)
   693  
   694  		require.Equal(t, []*model.User{
   695  			sanitized(u1),
   696  			sanitized(u2),
   697  			sanitized(u3),
   698  			sanitized(u4),
   699  			sanitized(u5),
   700  		}, actual)
   701  	})
   702  
   703  	t.Run("get page 0, perPage 1", func(t *testing.T) {
   704  		actual, err := ss.User().GetProfiles(&model.UserGetOptions{
   705  			InTeamId: teamId,
   706  			Page:     0,
   707  			PerPage:  1,
   708  		})
   709  		require.NoError(t, err)
   710  
   711  		require.Equal(t, []*model.User{sanitized(u1)}, actual)
   712  	})
   713  
   714  	t.Run("get unknown team id", func(t *testing.T) {
   715  		actual, err := ss.User().GetProfiles(&model.UserGetOptions{
   716  			InTeamId: "123",
   717  			Page:     0,
   718  			PerPage:  100,
   719  		})
   720  		require.NoError(t, err)
   721  
   722  		require.Equal(t, []*model.User{}, actual)
   723  	})
   724  
   725  	t.Run("etag changes for all after user creation", func(t *testing.T) {
   726  		etag := ss.User().GetEtagForProfiles(teamId)
   727  
   728  		uNew := &model.User{}
   729  		uNew.Email = MakeEmail()
   730  		_, err := ss.User().Save(uNew)
   731  		require.NoError(t, err)
   732  		defer func() { require.NoError(t, ss.User().PermanentDelete(uNew.Id)) }()
   733  		_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: uNew.Id}, -1)
   734  		require.NoError(t, nErr)
   735  
   736  		updatedEtag := ss.User().GetEtagForProfiles(teamId)
   737  		require.NotEqual(t, etag, updatedEtag)
   738  	})
   739  
   740  	t.Run("filter to system_admin role", func(t *testing.T) {
   741  		actual, err := ss.User().GetProfiles(&model.UserGetOptions{
   742  			InTeamId: teamId,
   743  			Page:     0,
   744  			PerPage:  10,
   745  			Role:     "system_admin",
   746  		})
   747  		require.NoError(t, err)
   748  		require.Equal(t, []*model.User{
   749  			sanitized(u4),
   750  		}, actual)
   751  	})
   752  
   753  	t.Run("filter to inactive", func(t *testing.T) {
   754  		actual, err := ss.User().GetProfiles(&model.UserGetOptions{
   755  			InTeamId: teamId,
   756  			Page:     0,
   757  			PerPage:  10,
   758  			Inactive: true,
   759  		})
   760  		require.NoError(t, err)
   761  		require.Equal(t, []*model.User{
   762  			sanitized(u5),
   763  		}, actual)
   764  	})
   765  
   766  	t.Run("filter to active", func(t *testing.T) {
   767  		actual, err := ss.User().GetProfiles(&model.UserGetOptions{
   768  			InTeamId: teamId,
   769  			Page:     0,
   770  			PerPage:  10,
   771  			Active:   true,
   772  		})
   773  		require.NoError(t, err)
   774  		require.Equal(t, []*model.User{
   775  			sanitized(u1),
   776  			sanitized(u2),
   777  			sanitized(u3),
   778  			sanitized(u4),
   779  		}, actual)
   780  	})
   781  
   782  	t.Run("try to filter to active and inactive", func(t *testing.T) {
   783  		actual, err := ss.User().GetProfiles(&model.UserGetOptions{
   784  			InTeamId: teamId,
   785  			Page:     0,
   786  			PerPage:  10,
   787  			Inactive: true,
   788  			Active:   true,
   789  		})
   790  		require.NoError(t, err)
   791  		require.Equal(t, []*model.User{
   792  			sanitized(u5),
   793  		}, actual)
   794  	})
   795  }
   796  
   797  func testUserStoreGetProfilesInChannel(t *testing.T, ss store.Store) {
   798  	teamId := model.NewId()
   799  
   800  	u1, err := ss.User().Save(&model.User{
   801  		Email:    MakeEmail(),
   802  		Username: "u1" + model.NewId(),
   803  	})
   804  	require.NoError(t, err)
   805  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
   806  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
   807  	require.NoError(t, nErr)
   808  
   809  	u2, err := ss.User().Save(&model.User{
   810  		Email:    MakeEmail(),
   811  		Username: "u2" + model.NewId(),
   812  	})
   813  	require.NoError(t, err)
   814  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
   815  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
   816  	require.NoError(t, nErr)
   817  
   818  	u3, err := ss.User().Save(&model.User{
   819  		Email:    MakeEmail(),
   820  		Username: "u3" + model.NewId(),
   821  	})
   822  	require.NoError(t, err)
   823  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
   824  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
   825  	require.NoError(t, nErr)
   826  	_, nErr = ss.Bot().Save(&model.Bot{
   827  		UserId:   u3.Id,
   828  		Username: u3.Username,
   829  		OwnerId:  u1.Id,
   830  	})
   831  	require.NoError(t, nErr)
   832  	u3.IsBot = true
   833  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
   834  
   835  	u4, err := ss.User().Save(&model.User{
   836  		Email:    MakeEmail(),
   837  		Username: "u4" + model.NewId(),
   838  	})
   839  	require.NoError(t, err)
   840  	defer func() { require.NoError(t, ss.User().PermanentDelete(u4.Id)) }()
   841  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u4.Id}, -1)
   842  	require.NoError(t, nErr)
   843  
   844  	ch1 := &model.Channel{
   845  		TeamId:      teamId,
   846  		DisplayName: "Profiles in channel",
   847  		Name:        "profiles-" + model.NewId(),
   848  		Type:        model.CHANNEL_OPEN,
   849  	}
   850  	c1, nErr := ss.Channel().Save(ch1, -1)
   851  	require.NoError(t, nErr)
   852  
   853  	ch2 := &model.Channel{
   854  		TeamId:      teamId,
   855  		DisplayName: "Profiles in private",
   856  		Name:        "profiles-" + model.NewId(),
   857  		Type:        model.CHANNEL_PRIVATE,
   858  	}
   859  	c2, nErr := ss.Channel().Save(ch2, -1)
   860  	require.NoError(t, nErr)
   861  
   862  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
   863  		ChannelId:   c1.Id,
   864  		UserId:      u1.Id,
   865  		NotifyProps: model.GetDefaultChannelNotifyProps(),
   866  	})
   867  	require.NoError(t, nErr)
   868  
   869  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
   870  		ChannelId:   c1.Id,
   871  		UserId:      u2.Id,
   872  		NotifyProps: model.GetDefaultChannelNotifyProps(),
   873  	})
   874  	require.NoError(t, nErr)
   875  
   876  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
   877  		ChannelId:   c1.Id,
   878  		UserId:      u3.Id,
   879  		NotifyProps: model.GetDefaultChannelNotifyProps(),
   880  	})
   881  	require.NoError(t, nErr)
   882  
   883  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
   884  		ChannelId:   c1.Id,
   885  		UserId:      u4.Id,
   886  		NotifyProps: model.GetDefaultChannelNotifyProps(),
   887  	})
   888  	require.NoError(t, nErr)
   889  
   890  	u4.DeleteAt = 1
   891  	_, err = ss.User().Update(u4, true)
   892  	require.NoError(t, err)
   893  
   894  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
   895  		ChannelId:   c2.Id,
   896  		UserId:      u1.Id,
   897  		NotifyProps: model.GetDefaultChannelNotifyProps(),
   898  	})
   899  	require.NoError(t, nErr)
   900  
   901  	t.Run("get all users in channel 1, offset 0, limit 100", func(t *testing.T) {
   902  		users, err := ss.User().GetProfilesInChannel(&model.UserGetOptions{
   903  			InChannelId: c1.Id,
   904  			Page:        0,
   905  			PerPage:     100,
   906  		})
   907  		require.NoError(t, err)
   908  		assert.Equal(t, []*model.User{sanitized(u1), sanitized(u2), sanitized(u3), sanitized(u4)}, users)
   909  	})
   910  
   911  	t.Run("get only active users in channel 1, offset 0, limit 100", func(t *testing.T) {
   912  		users, err := ss.User().GetProfilesInChannel(&model.UserGetOptions{
   913  			InChannelId: c1.Id,
   914  			Page:        0,
   915  			PerPage:     100,
   916  			Active:      true,
   917  		})
   918  		require.NoError(t, err)
   919  		assert.Equal(t, []*model.User{sanitized(u1), sanitized(u2), sanitized(u3)}, users)
   920  	})
   921  
   922  	t.Run("get inactive users in channel 1, offset 0, limit 100", func(t *testing.T) {
   923  		users, err := ss.User().GetProfilesInChannel(&model.UserGetOptions{
   924  			InChannelId: c1.Id,
   925  			Page:        0,
   926  			PerPage:     100,
   927  			Inactive:    true,
   928  		})
   929  		require.NoError(t, err)
   930  		assert.Equal(t, []*model.User{sanitized(u4)}, users)
   931  	})
   932  
   933  	t.Run("get in channel 1, offset 1, limit 2", func(t *testing.T) {
   934  		users, err := ss.User().GetProfilesInChannel(&model.UserGetOptions{
   935  			InChannelId: c1.Id,
   936  			Page:        1,
   937  			PerPage:     1,
   938  		})
   939  		require.NoError(t, err)
   940  		users_p2, err2 := ss.User().GetProfilesInChannel(&model.UserGetOptions{
   941  			InChannelId: c1.Id,
   942  			Page:        2,
   943  			PerPage:     1,
   944  		})
   945  		require.NoError(t, err2)
   946  		users = append(users, users_p2...)
   947  		assert.Equal(t, []*model.User{sanitized(u2), sanitized(u3)}, users)
   948  	})
   949  
   950  	t.Run("get in channel 2, offset 0, limit 1", func(t *testing.T) {
   951  		users, err := ss.User().GetProfilesInChannel(&model.UserGetOptions{
   952  			InChannelId: c2.Id,
   953  			Page:        0,
   954  			PerPage:     1,
   955  		})
   956  		require.NoError(t, err)
   957  		assert.Equal(t, []*model.User{sanitized(u1)}, users)
   958  	})
   959  }
   960  
   961  func testUserStoreGetProfilesInChannelByStatus(t *testing.T, ss store.Store, s SqlStore) {
   962  
   963  	cleanupStatusStore(t, s)
   964  
   965  	teamId := model.NewId()
   966  
   967  	u1, err := ss.User().Save(&model.User{
   968  		Email:    MakeEmail(),
   969  		Username: "u1" + model.NewId(),
   970  	})
   971  	require.NoError(t, err)
   972  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
   973  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
   974  	require.NoError(t, nErr)
   975  
   976  	u2, err := ss.User().Save(&model.User{
   977  		Email:    MakeEmail(),
   978  		Username: "u2" + model.NewId(),
   979  	})
   980  	require.NoError(t, err)
   981  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
   982  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
   983  	require.NoError(t, nErr)
   984  
   985  	u3, err := ss.User().Save(&model.User{
   986  		Email:    MakeEmail(),
   987  		Username: "u3" + model.NewId(),
   988  	})
   989  	require.NoError(t, err)
   990  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
   991  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
   992  	require.NoError(t, nErr)
   993  	_, nErr = ss.Bot().Save(&model.Bot{
   994  		UserId:   u3.Id,
   995  		Username: u3.Username,
   996  		OwnerId:  u1.Id,
   997  	})
   998  	require.NoError(t, nErr)
   999  	u3.IsBot = true
  1000  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  1001  
  1002  	u4, err := ss.User().Save(&model.User{
  1003  		Email:    MakeEmail(),
  1004  		Username: "u4" + model.NewId(),
  1005  	})
  1006  	require.NoError(t, err)
  1007  	defer func() { require.NoError(t, ss.User().PermanentDelete(u4.Id)) }()
  1008  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u4.Id}, -1)
  1009  	require.NoError(t, nErr)
  1010  
  1011  	ch1 := &model.Channel{
  1012  		TeamId:      teamId,
  1013  		DisplayName: "Profiles in channel",
  1014  		Name:        "profiles-" + model.NewId(),
  1015  		Type:        model.CHANNEL_OPEN,
  1016  	}
  1017  	c1, nErr := ss.Channel().Save(ch1, -1)
  1018  	require.NoError(t, nErr)
  1019  
  1020  	ch2 := &model.Channel{
  1021  		TeamId:      teamId,
  1022  		DisplayName: "Profiles in private",
  1023  		Name:        "profiles-" + model.NewId(),
  1024  		Type:        model.CHANNEL_PRIVATE,
  1025  	}
  1026  	c2, nErr := ss.Channel().Save(ch2, -1)
  1027  	require.NoError(t, nErr)
  1028  
  1029  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1030  		ChannelId:   c1.Id,
  1031  		UserId:      u1.Id,
  1032  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1033  	})
  1034  	require.NoError(t, nErr)
  1035  
  1036  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1037  		ChannelId:   c1.Id,
  1038  		UserId:      u2.Id,
  1039  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1040  	})
  1041  	require.NoError(t, nErr)
  1042  
  1043  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1044  		ChannelId:   c1.Id,
  1045  		UserId:      u3.Id,
  1046  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1047  	})
  1048  	require.NoError(t, nErr)
  1049  
  1050  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1051  		ChannelId:   c1.Id,
  1052  		UserId:      u4.Id,
  1053  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1054  	})
  1055  	require.NoError(t, nErr)
  1056  
  1057  	u4.DeleteAt = 1
  1058  	_, err = ss.User().Update(u4, true)
  1059  	require.NoError(t, err)
  1060  
  1061  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1062  		ChannelId:   c2.Id,
  1063  		UserId:      u1.Id,
  1064  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1065  	})
  1066  	require.NoError(t, nErr)
  1067  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{
  1068  		UserId: u1.Id,
  1069  		Status: model.STATUS_DND,
  1070  	}))
  1071  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{
  1072  		UserId: u2.Id,
  1073  		Status: model.STATUS_AWAY,
  1074  	}))
  1075  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{
  1076  		UserId: u3.Id,
  1077  		Status: model.STATUS_ONLINE,
  1078  	}))
  1079  
  1080  	t.Run("get all users in channel 1, offset 0, limit 100", func(t *testing.T) {
  1081  		users, err := ss.User().GetProfilesInChannel(&model.UserGetOptions{
  1082  			InChannelId: c1.Id,
  1083  			Page:        0,
  1084  			PerPage:     100,
  1085  		})
  1086  		require.NoError(t, err)
  1087  		assert.Equal(t, []*model.User{sanitized(u1), sanitized(u2), sanitized(u3), sanitized(u4)}, users)
  1088  	})
  1089  
  1090  	t.Run("get active in channel 1 by status, offset 0, limit 100", func(t *testing.T) {
  1091  		users, err := ss.User().GetProfilesInChannelByStatus(&model.UserGetOptions{
  1092  			InChannelId: c1.Id,
  1093  			Page:        0,
  1094  			PerPage:     100,
  1095  			Active:      true,
  1096  		})
  1097  		require.NoError(t, err)
  1098  		assert.Equal(t, []*model.User{sanitized(u3), sanitized(u2), sanitized(u1)}, users)
  1099  	})
  1100  
  1101  	t.Run("get inactive users in channel 1, offset 0, limit 100", func(t *testing.T) {
  1102  		users, err := ss.User().GetProfilesInChannel(&model.UserGetOptions{
  1103  			InChannelId: c1.Id,
  1104  			Page:        0,
  1105  			PerPage:     100,
  1106  			Inactive:    true,
  1107  		})
  1108  		require.NoError(t, err)
  1109  		assert.Equal(t, []*model.User{sanitized(u4)}, users)
  1110  	})
  1111  
  1112  	t.Run("get in channel 2 by status, offset 0, limit 1", func(t *testing.T) {
  1113  		users, err := ss.User().GetProfilesInChannelByStatus(&model.UserGetOptions{
  1114  			InChannelId: c2.Id,
  1115  			Page:        0,
  1116  			PerPage:     1,
  1117  		})
  1118  		require.NoError(t, err)
  1119  		assert.Equal(t, []*model.User{sanitized(u1)}, users)
  1120  	})
  1121  }
  1122  
  1123  func testUserStoreGetProfilesWithoutTeam(t *testing.T, ss store.Store) {
  1124  	teamId := model.NewId()
  1125  
  1126  	u1, err := ss.User().Save(&model.User{
  1127  		Email:    MakeEmail(),
  1128  		Username: "u1" + model.NewId(),
  1129  	})
  1130  	require.NoError(t, err)
  1131  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  1132  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  1133  	require.NoError(t, nErr)
  1134  
  1135  	u2, err := ss.User().Save(&model.User{
  1136  		Email:    MakeEmail(),
  1137  		Username: "u2" + model.NewId(),
  1138  	})
  1139  	require.NoError(t, err)
  1140  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  1141  
  1142  	u3, err := ss.User().Save(&model.User{
  1143  		Email:    MakeEmail(),
  1144  		Username: "u3" + model.NewId(),
  1145  		DeleteAt: 1,
  1146  		Roles:    "system_admin",
  1147  	})
  1148  	require.NoError(t, err)
  1149  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  1150  	_, nErr = ss.Bot().Save(&model.Bot{
  1151  		UserId:   u3.Id,
  1152  		Username: u3.Username,
  1153  		OwnerId:  u1.Id,
  1154  	})
  1155  	require.NoError(t, nErr)
  1156  	u3.IsBot = true
  1157  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  1158  
  1159  	t.Run("get, page 0, per_page 100", func(t *testing.T) {
  1160  		users, err := ss.User().GetProfilesWithoutTeam(&model.UserGetOptions{Page: 0, PerPage: 100})
  1161  		require.NoError(t, err)
  1162  		assert.Equal(t, []*model.User{sanitized(u2), sanitized(u3)}, users)
  1163  	})
  1164  
  1165  	t.Run("get, page 1, per_page 1", func(t *testing.T) {
  1166  		users, err := ss.User().GetProfilesWithoutTeam(&model.UserGetOptions{Page: 1, PerPage: 1})
  1167  		require.NoError(t, err)
  1168  		assert.Equal(t, []*model.User{sanitized(u3)}, users)
  1169  	})
  1170  
  1171  	t.Run("get, page 2, per_page 1", func(t *testing.T) {
  1172  		users, err := ss.User().GetProfilesWithoutTeam(&model.UserGetOptions{Page: 2, PerPage: 1})
  1173  		require.NoError(t, err)
  1174  		assert.Equal(t, []*model.User{}, users)
  1175  	})
  1176  
  1177  	t.Run("get, page 0, per_page 100, inactive", func(t *testing.T) {
  1178  		users, err := ss.User().GetProfilesWithoutTeam(&model.UserGetOptions{Page: 0, PerPage: 100, Inactive: true})
  1179  		require.NoError(t, err)
  1180  		assert.Equal(t, []*model.User{sanitized(u3)}, users)
  1181  	})
  1182  
  1183  	t.Run("get, page 0, per_page 100, role", func(t *testing.T) {
  1184  		users, err := ss.User().GetProfilesWithoutTeam(&model.UserGetOptions{Page: 0, PerPage: 100, Role: "system_admin"})
  1185  		require.NoError(t, err)
  1186  		assert.Equal(t, []*model.User{sanitized(u3)}, users)
  1187  	})
  1188  }
  1189  
  1190  func testUserStoreGetAllProfilesInChannel(t *testing.T, ss store.Store) {
  1191  	teamId := model.NewId()
  1192  
  1193  	u1, err := ss.User().Save(&model.User{
  1194  		Email:    MakeEmail(),
  1195  		Username: "u1" + model.NewId(),
  1196  	})
  1197  	require.NoError(t, err)
  1198  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  1199  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  1200  	require.NoError(t, nErr)
  1201  
  1202  	u2, err := ss.User().Save(&model.User{
  1203  		Email:    MakeEmail(),
  1204  		Username: "u2" + model.NewId(),
  1205  	})
  1206  	require.NoError(t, err)
  1207  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  1208  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  1209  	require.NoError(t, nErr)
  1210  
  1211  	u3, err := ss.User().Save(&model.User{
  1212  		Email:    MakeEmail(),
  1213  		Username: "u3" + model.NewId(),
  1214  	})
  1215  	require.NoError(t, err)
  1216  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  1217  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
  1218  	require.NoError(t, nErr)
  1219  	_, nErr = ss.Bot().Save(&model.Bot{
  1220  		UserId:   u3.Id,
  1221  		Username: u3.Username,
  1222  		OwnerId:  u1.Id,
  1223  	})
  1224  	require.NoError(t, nErr)
  1225  	u3.IsBot = true
  1226  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  1227  
  1228  	ch1 := &model.Channel{
  1229  		TeamId:      teamId,
  1230  		DisplayName: "Profiles in channel",
  1231  		Name:        "profiles-" + model.NewId(),
  1232  		Type:        model.CHANNEL_OPEN,
  1233  	}
  1234  	c1, nErr := ss.Channel().Save(ch1, -1)
  1235  	require.NoError(t, nErr)
  1236  
  1237  	ch2 := &model.Channel{
  1238  		TeamId:      teamId,
  1239  		DisplayName: "Profiles in private",
  1240  		Name:        "profiles-" + model.NewId(),
  1241  		Type:        model.CHANNEL_PRIVATE,
  1242  	}
  1243  	c2, nErr := ss.Channel().Save(ch2, -1)
  1244  	require.NoError(t, nErr)
  1245  
  1246  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1247  		ChannelId:   c1.Id,
  1248  		UserId:      u1.Id,
  1249  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1250  	})
  1251  	require.NoError(t, nErr)
  1252  
  1253  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1254  		ChannelId:   c1.Id,
  1255  		UserId:      u2.Id,
  1256  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1257  	})
  1258  	require.NoError(t, nErr)
  1259  
  1260  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1261  		ChannelId:   c1.Id,
  1262  		UserId:      u3.Id,
  1263  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1264  	})
  1265  	require.NoError(t, nErr)
  1266  
  1267  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1268  		ChannelId:   c2.Id,
  1269  		UserId:      u1.Id,
  1270  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1271  	})
  1272  	require.NoError(t, nErr)
  1273  
  1274  	t.Run("all profiles in channel 1, no caching", func(t *testing.T) {
  1275  		var profiles map[string]*model.User
  1276  		profiles, err = ss.User().GetAllProfilesInChannel(context.Background(), c1.Id, false)
  1277  		require.NoError(t, err)
  1278  		assert.Equal(t, map[string]*model.User{
  1279  			u1.Id: sanitized(u1),
  1280  			u2.Id: sanitized(u2),
  1281  			u3.Id: sanitized(u3),
  1282  		}, profiles)
  1283  	})
  1284  
  1285  	t.Run("all profiles in channel 2, no caching", func(t *testing.T) {
  1286  		var profiles map[string]*model.User
  1287  		profiles, err = ss.User().GetAllProfilesInChannel(context.Background(), c2.Id, false)
  1288  		require.NoError(t, err)
  1289  		assert.Equal(t, map[string]*model.User{
  1290  			u1.Id: sanitized(u1),
  1291  		}, profiles)
  1292  	})
  1293  
  1294  	t.Run("all profiles in channel 2, caching", func(t *testing.T) {
  1295  		var profiles map[string]*model.User
  1296  		profiles, err = ss.User().GetAllProfilesInChannel(context.Background(), c2.Id, true)
  1297  		require.NoError(t, err)
  1298  		assert.Equal(t, map[string]*model.User{
  1299  			u1.Id: sanitized(u1),
  1300  		}, profiles)
  1301  	})
  1302  
  1303  	t.Run("all profiles in channel 2, caching [repeated]", func(t *testing.T) {
  1304  		var profiles map[string]*model.User
  1305  		profiles, err = ss.User().GetAllProfilesInChannel(context.Background(), c2.Id, true)
  1306  		require.NoError(t, err)
  1307  		assert.Equal(t, map[string]*model.User{
  1308  			u1.Id: sanitized(u1),
  1309  		}, profiles)
  1310  	})
  1311  
  1312  	ss.User().InvalidateProfilesInChannelCacheByUser(u1.Id)
  1313  	ss.User().InvalidateProfilesInChannelCache(c2.Id)
  1314  }
  1315  
  1316  func testUserStoreGetProfilesNotInChannel(t *testing.T, ss store.Store) {
  1317  	teamId := model.NewId()
  1318  
  1319  	u1, err := ss.User().Save(&model.User{
  1320  		Email:    MakeEmail(),
  1321  		Username: "u1" + model.NewId(),
  1322  	})
  1323  	require.NoError(t, err)
  1324  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  1325  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  1326  	require.NoError(t, nErr)
  1327  
  1328  	u2, err := ss.User().Save(&model.User{
  1329  		Email:    MakeEmail(),
  1330  		Username: "u2" + model.NewId(),
  1331  	})
  1332  	require.NoError(t, err)
  1333  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  1334  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  1335  	require.NoError(t, nErr)
  1336  
  1337  	u3, err := ss.User().Save(&model.User{
  1338  		Email:    MakeEmail(),
  1339  		Username: "u3" + model.NewId(),
  1340  	})
  1341  	require.NoError(t, err)
  1342  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  1343  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
  1344  	require.NoError(t, nErr)
  1345  	_, nErr = ss.Bot().Save(&model.Bot{
  1346  		UserId:   u3.Id,
  1347  		Username: u3.Username,
  1348  		OwnerId:  u1.Id,
  1349  	})
  1350  	require.NoError(t, nErr)
  1351  	u3.IsBot = true
  1352  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  1353  
  1354  	ch1 := &model.Channel{
  1355  		TeamId:      teamId,
  1356  		DisplayName: "Profiles in channel",
  1357  		Name:        "profiles-" + model.NewId(),
  1358  		Type:        model.CHANNEL_OPEN,
  1359  	}
  1360  	c1, nErr := ss.Channel().Save(ch1, -1)
  1361  	require.NoError(t, nErr)
  1362  
  1363  	ch2 := &model.Channel{
  1364  		TeamId:      teamId,
  1365  		DisplayName: "Profiles in private",
  1366  		Name:        "profiles-" + model.NewId(),
  1367  		Type:        model.CHANNEL_PRIVATE,
  1368  	}
  1369  	c2, nErr := ss.Channel().Save(ch2, -1)
  1370  	require.NoError(t, nErr)
  1371  
  1372  	t.Run("get team 1, channel 1, offset 0, limit 100", func(t *testing.T) {
  1373  		var profiles []*model.User
  1374  		profiles, err = ss.User().GetProfilesNotInChannel(teamId, c1.Id, false, 0, 100, nil)
  1375  		require.NoError(t, err)
  1376  		assert.Equal(t, []*model.User{
  1377  			sanitized(u1),
  1378  			sanitized(u2),
  1379  			sanitized(u3),
  1380  		}, profiles)
  1381  	})
  1382  
  1383  	t.Run("get team 1, channel 2, offset 0, limit 100", func(t *testing.T) {
  1384  		var profiles []*model.User
  1385  		profiles, err = ss.User().GetProfilesNotInChannel(teamId, c2.Id, false, 0, 100, nil)
  1386  		require.NoError(t, err)
  1387  		assert.Equal(t, []*model.User{
  1388  			sanitized(u1),
  1389  			sanitized(u2),
  1390  			sanitized(u3),
  1391  		}, profiles)
  1392  	})
  1393  
  1394  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1395  		ChannelId:   c1.Id,
  1396  		UserId:      u1.Id,
  1397  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1398  	})
  1399  	require.NoError(t, nErr)
  1400  
  1401  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1402  		ChannelId:   c1.Id,
  1403  		UserId:      u2.Id,
  1404  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1405  	})
  1406  	require.NoError(t, nErr)
  1407  
  1408  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1409  		ChannelId:   c1.Id,
  1410  		UserId:      u3.Id,
  1411  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1412  	})
  1413  	require.NoError(t, nErr)
  1414  
  1415  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1416  		ChannelId:   c2.Id,
  1417  		UserId:      u1.Id,
  1418  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  1419  	})
  1420  	require.NoError(t, nErr)
  1421  
  1422  	t.Run("get team 1, channel 1, offset 0, limit 100, after update", func(t *testing.T) {
  1423  		var profiles []*model.User
  1424  		profiles, err = ss.User().GetProfilesNotInChannel(teamId, c1.Id, false, 0, 100, nil)
  1425  		require.NoError(t, err)
  1426  		assert.Equal(t, []*model.User{}, profiles)
  1427  	})
  1428  
  1429  	t.Run("get team 1, channel 2, offset 0, limit 100, after update", func(t *testing.T) {
  1430  		var profiles []*model.User
  1431  		profiles, err = ss.User().GetProfilesNotInChannel(teamId, c2.Id, false, 0, 100, nil)
  1432  		require.NoError(t, err)
  1433  		assert.Equal(t, []*model.User{
  1434  			sanitized(u2),
  1435  			sanitized(u3),
  1436  		}, profiles)
  1437  	})
  1438  
  1439  	t.Run("get team 1, channel 2, offset 0, limit 0, setting group constrained when it's not", func(t *testing.T) {
  1440  		var profiles []*model.User
  1441  		profiles, err = ss.User().GetProfilesNotInChannel(teamId, c2.Id, true, 0, 100, nil)
  1442  		require.NoError(t, err)
  1443  		assert.Empty(t, profiles)
  1444  	})
  1445  
  1446  	// create a group
  1447  	group, err := ss.Group().Create(&model.Group{
  1448  		Name:        model.NewString("n_" + model.NewId()),
  1449  		DisplayName: "dn_" + model.NewId(),
  1450  		Source:      model.GroupSourceLdap,
  1451  		RemoteId:    "ri_" + model.NewId(),
  1452  	})
  1453  	require.NoError(t, err)
  1454  
  1455  	// add two members to the group
  1456  	for _, u := range []*model.User{u1, u2} {
  1457  		_, err = ss.Group().UpsertMember(group.Id, u.Id)
  1458  		require.NoError(t, err)
  1459  	}
  1460  
  1461  	// associate the group with the channel
  1462  	_, err = ss.Group().CreateGroupSyncable(&model.GroupSyncable{
  1463  		GroupId:    group.Id,
  1464  		SyncableId: c2.Id,
  1465  		Type:       model.GroupSyncableTypeChannel,
  1466  	})
  1467  	require.NoError(t, err)
  1468  
  1469  	t.Run("get team 1, channel 2, offset 0, limit 0, setting group constrained", func(t *testing.T) {
  1470  		profiles, err := ss.User().GetProfilesNotInChannel(teamId, c2.Id, true, 0, 100, nil)
  1471  		require.NoError(t, err)
  1472  		assert.Equal(t, []*model.User{
  1473  			sanitized(u2),
  1474  		}, profiles)
  1475  	})
  1476  }
  1477  
  1478  func testUserStoreGetProfilesByIds(t *testing.T, ss store.Store) {
  1479  	teamId := model.NewId()
  1480  
  1481  	u1, err := ss.User().Save(&model.User{
  1482  		Email:    MakeEmail(),
  1483  		Username: "u1" + model.NewId(),
  1484  	})
  1485  	require.NoError(t, err)
  1486  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  1487  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  1488  	require.NoError(t, nErr)
  1489  
  1490  	u2, err := ss.User().Save(&model.User{
  1491  		Email:    MakeEmail(),
  1492  		Username: "u2" + model.NewId(),
  1493  	})
  1494  	require.NoError(t, err)
  1495  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  1496  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  1497  	require.NoError(t, nErr)
  1498  
  1499  	time.Sleep(time.Millisecond)
  1500  	u3, err := ss.User().Save(&model.User{
  1501  		Email:    MakeEmail(),
  1502  		Username: "u3" + model.NewId(),
  1503  	})
  1504  	require.NoError(t, err)
  1505  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  1506  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
  1507  	require.NoError(t, nErr)
  1508  	_, nErr = ss.Bot().Save(&model.Bot{
  1509  		UserId:   u3.Id,
  1510  		Username: u3.Username,
  1511  		OwnerId:  u1.Id,
  1512  	})
  1513  	require.NoError(t, nErr)
  1514  	u3.IsBot = true
  1515  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  1516  
  1517  	u4, err := ss.User().Save(&model.User{
  1518  		Email:    MakeEmail(),
  1519  		Username: "u4" + model.NewId(),
  1520  	})
  1521  	require.NoError(t, err)
  1522  	defer func() { require.NoError(t, ss.User().PermanentDelete(u4.Id)) }()
  1523  
  1524  	t.Run("get u1 by id, no caching", func(t *testing.T) {
  1525  		users, err := ss.User().GetProfileByIds(context.Background(), []string{u1.Id}, nil, false)
  1526  		require.NoError(t, err)
  1527  		assert.Equal(t, []*model.User{u1}, users)
  1528  	})
  1529  
  1530  	t.Run("get u1 by id, caching", func(t *testing.T) {
  1531  		users, err := ss.User().GetProfileByIds(context.Background(), []string{u1.Id}, nil, true)
  1532  		require.NoError(t, err)
  1533  		assert.Equal(t, []*model.User{u1}, users)
  1534  	})
  1535  
  1536  	t.Run("get u1, u2, u3 by id, no caching", func(t *testing.T) {
  1537  		users, err := ss.User().GetProfileByIds(context.Background(), []string{u1.Id, u2.Id, u3.Id}, nil, false)
  1538  		require.NoError(t, err)
  1539  		assert.Equal(t, []*model.User{u1, u2, u3}, users)
  1540  	})
  1541  
  1542  	t.Run("get u1, u2, u3 by id, caching", func(t *testing.T) {
  1543  		users, err := ss.User().GetProfileByIds(context.Background(), []string{u1.Id, u2.Id, u3.Id}, nil, true)
  1544  		require.NoError(t, err)
  1545  		assert.Equal(t, []*model.User{u1, u2, u3}, users)
  1546  	})
  1547  
  1548  	t.Run("get unknown id, caching", func(t *testing.T) {
  1549  		users, err := ss.User().GetProfileByIds(context.Background(), []string{"123"}, nil, true)
  1550  		require.NoError(t, err)
  1551  		assert.Equal(t, []*model.User{}, users)
  1552  	})
  1553  
  1554  	t.Run("should only return users with UpdateAt greater than the since time", func(t *testing.T) {
  1555  		users, err := ss.User().GetProfileByIds(context.Background(), []string{u1.Id, u2.Id, u3.Id, u4.Id}, &store.UserGetByIdsOpts{
  1556  			Since: u2.CreateAt,
  1557  		}, true)
  1558  		require.NoError(t, err)
  1559  
  1560  		// u3 comes from the cache, and u4 does not
  1561  		assert.Equal(t, []*model.User{u3, u4}, users)
  1562  	})
  1563  }
  1564  
  1565  func testUserStoreGetProfileByGroupChannelIdsForUser(t *testing.T, ss store.Store) {
  1566  	u1, err := ss.User().Save(&model.User{
  1567  		Email:    MakeEmail(),
  1568  		Username: "u1" + model.NewId(),
  1569  	})
  1570  	require.NoError(t, err)
  1571  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  1572  
  1573  	u2, err := ss.User().Save(&model.User{
  1574  		Email:    MakeEmail(),
  1575  		Username: "u2" + model.NewId(),
  1576  	})
  1577  	require.NoError(t, err)
  1578  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  1579  
  1580  	u3, err := ss.User().Save(&model.User{
  1581  		Email:    MakeEmail(),
  1582  		Username: "u3" + model.NewId(),
  1583  	})
  1584  	require.NoError(t, err)
  1585  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  1586  
  1587  	u4, err := ss.User().Save(&model.User{
  1588  		Email:    MakeEmail(),
  1589  		Username: "u4" + model.NewId(),
  1590  	})
  1591  	require.NoError(t, err)
  1592  	defer func() { require.NoError(t, ss.User().PermanentDelete(u4.Id)) }()
  1593  
  1594  	gc1, nErr := ss.Channel().Save(&model.Channel{
  1595  		DisplayName: "Profiles in private",
  1596  		Name:        "profiles-" + model.NewId(),
  1597  		Type:        model.CHANNEL_GROUP,
  1598  	}, -1)
  1599  	require.NoError(t, nErr)
  1600  
  1601  	for _, uId := range []string{u1.Id, u2.Id, u3.Id} {
  1602  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1603  			ChannelId:   gc1.Id,
  1604  			UserId:      uId,
  1605  			NotifyProps: model.GetDefaultChannelNotifyProps(),
  1606  		})
  1607  		require.NoError(t, nErr)
  1608  	}
  1609  
  1610  	gc2, nErr := ss.Channel().Save(&model.Channel{
  1611  		DisplayName: "Profiles in private",
  1612  		Name:        "profiles-" + model.NewId(),
  1613  		Type:        model.CHANNEL_GROUP,
  1614  	}, -1)
  1615  	require.NoError(t, nErr)
  1616  
  1617  	for _, uId := range []string{u1.Id, u3.Id, u4.Id} {
  1618  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  1619  			ChannelId:   gc2.Id,
  1620  			UserId:      uId,
  1621  			NotifyProps: model.GetDefaultChannelNotifyProps(),
  1622  		})
  1623  		require.NoError(t, nErr)
  1624  	}
  1625  
  1626  	testCases := []struct {
  1627  		Name                       string
  1628  		UserId                     string
  1629  		ChannelIds                 []string
  1630  		ExpectedUserIdsByChannel   map[string][]string
  1631  		EnsureChannelsNotInResults []string
  1632  	}{
  1633  		{
  1634  			Name:       "Get group 1 as user 1",
  1635  			UserId:     u1.Id,
  1636  			ChannelIds: []string{gc1.Id},
  1637  			ExpectedUserIdsByChannel: map[string][]string{
  1638  				gc1.Id: {u2.Id, u3.Id},
  1639  			},
  1640  			EnsureChannelsNotInResults: []string{},
  1641  		},
  1642  		{
  1643  			Name:       "Get groups 1 and 2 as user 1",
  1644  			UserId:     u1.Id,
  1645  			ChannelIds: []string{gc1.Id, gc2.Id},
  1646  			ExpectedUserIdsByChannel: map[string][]string{
  1647  				gc1.Id: {u2.Id, u3.Id},
  1648  				gc2.Id: {u3.Id, u4.Id},
  1649  			},
  1650  			EnsureChannelsNotInResults: []string{},
  1651  		},
  1652  		{
  1653  			Name:       "Get groups 1 and 2 as user 2",
  1654  			UserId:     u2.Id,
  1655  			ChannelIds: []string{gc1.Id, gc2.Id},
  1656  			ExpectedUserIdsByChannel: map[string][]string{
  1657  				gc1.Id: {u1.Id, u3.Id},
  1658  			},
  1659  			EnsureChannelsNotInResults: []string{gc2.Id},
  1660  		},
  1661  	}
  1662  
  1663  	for _, tc := range testCases {
  1664  		t.Run(tc.Name, func(t *testing.T) {
  1665  			res, err := ss.User().GetProfileByGroupChannelIdsForUser(tc.UserId, tc.ChannelIds)
  1666  			require.NoError(t, err)
  1667  
  1668  			for channelId, expectedUsers := range tc.ExpectedUserIdsByChannel {
  1669  				users, ok := res[channelId]
  1670  				require.True(t, ok)
  1671  
  1672  				var userIds []string
  1673  				for _, user := range users {
  1674  					userIds = append(userIds, user.Id)
  1675  				}
  1676  				require.ElementsMatch(t, expectedUsers, userIds)
  1677  			}
  1678  
  1679  			for _, channelId := range tc.EnsureChannelsNotInResults {
  1680  				_, ok := res[channelId]
  1681  				require.False(t, ok)
  1682  			}
  1683  		})
  1684  	}
  1685  }
  1686  
  1687  func testUserStoreGetProfilesByUsernames(t *testing.T, ss store.Store) {
  1688  	teamId := model.NewId()
  1689  	team2Id := model.NewId()
  1690  
  1691  	u1, err := ss.User().Save(&model.User{
  1692  		Email:    MakeEmail(),
  1693  		Username: "u1" + model.NewId(),
  1694  	})
  1695  	require.NoError(t, err)
  1696  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  1697  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  1698  	require.NoError(t, nErr)
  1699  
  1700  	u2, err := ss.User().Save(&model.User{
  1701  		Email:    MakeEmail(),
  1702  		Username: "u2" + model.NewId(),
  1703  	})
  1704  	require.NoError(t, err)
  1705  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  1706  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  1707  	require.NoError(t, nErr)
  1708  
  1709  	u3, err := ss.User().Save(&model.User{
  1710  		Email:    MakeEmail(),
  1711  		Username: "u3" + model.NewId(),
  1712  	})
  1713  	require.NoError(t, err)
  1714  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  1715  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: team2Id, UserId: u3.Id}, -1)
  1716  	require.NoError(t, nErr)
  1717  	_, nErr = ss.Bot().Save(&model.Bot{
  1718  		UserId:   u3.Id,
  1719  		Username: u3.Username,
  1720  		OwnerId:  u1.Id,
  1721  	})
  1722  	require.NoError(t, nErr)
  1723  	u3.IsBot = true
  1724  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  1725  
  1726  	t.Run("get by u1 and u2 usernames, team id 1", func(t *testing.T) {
  1727  		users, err := ss.User().GetProfilesByUsernames([]string{u1.Username, u2.Username}, &model.ViewUsersRestrictions{Teams: []string{teamId}})
  1728  		require.NoError(t, err)
  1729  		assert.Equal(t, []*model.User{u1, u2}, users)
  1730  	})
  1731  
  1732  	t.Run("get by u1 username, team id 1", func(t *testing.T) {
  1733  		users, err := ss.User().GetProfilesByUsernames([]string{u1.Username}, &model.ViewUsersRestrictions{Teams: []string{teamId}})
  1734  		require.NoError(t, err)
  1735  		assert.Equal(t, []*model.User{u1}, users)
  1736  	})
  1737  
  1738  	t.Run("get by u1 and u3 usernames, no team id", func(t *testing.T) {
  1739  		users, err := ss.User().GetProfilesByUsernames([]string{u1.Username, u3.Username}, nil)
  1740  		require.NoError(t, err)
  1741  		assert.Equal(t, []*model.User{u1, u3}, users)
  1742  	})
  1743  
  1744  	t.Run("get by u1 and u3 usernames, team id 1", func(t *testing.T) {
  1745  		users, err := ss.User().GetProfilesByUsernames([]string{u1.Username, u3.Username}, &model.ViewUsersRestrictions{Teams: []string{teamId}})
  1746  		require.NoError(t, err)
  1747  		assert.Equal(t, []*model.User{u1}, users)
  1748  	})
  1749  
  1750  	t.Run("get by u1 and u3 usernames, team id 2", func(t *testing.T) {
  1751  		users, err := ss.User().GetProfilesByUsernames([]string{u1.Username, u3.Username}, &model.ViewUsersRestrictions{Teams: []string{team2Id}})
  1752  		require.NoError(t, err)
  1753  		assert.Equal(t, []*model.User{u3}, users)
  1754  	})
  1755  }
  1756  
  1757  func testUserStoreGetSystemAdminProfiles(t *testing.T, ss store.Store) {
  1758  	teamId := model.NewId()
  1759  
  1760  	u1, err := ss.User().Save(&model.User{
  1761  		Email:    MakeEmail(),
  1762  		Roles:    model.SYSTEM_USER_ROLE_ID + " " + model.SYSTEM_ADMIN_ROLE_ID,
  1763  		Username: "u1" + model.NewId(),
  1764  	})
  1765  	require.NoError(t, err)
  1766  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  1767  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  1768  	require.NoError(t, nErr)
  1769  
  1770  	u2, err := ss.User().Save(&model.User{
  1771  		Email:    MakeEmail(),
  1772  		Username: "u2" + model.NewId(),
  1773  	})
  1774  	require.NoError(t, err)
  1775  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  1776  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  1777  	require.NoError(t, nErr)
  1778  
  1779  	u3, err := ss.User().Save(&model.User{
  1780  		Email:    MakeEmail(),
  1781  		Roles:    model.SYSTEM_USER_ROLE_ID + " " + model.SYSTEM_ADMIN_ROLE_ID,
  1782  		Username: "u3" + model.NewId(),
  1783  	})
  1784  	require.NoError(t, err)
  1785  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  1786  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
  1787  	require.NoError(t, nErr)
  1788  	_, nErr = ss.Bot().Save(&model.Bot{
  1789  		UserId:   u3.Id,
  1790  		Username: u3.Username,
  1791  		OwnerId:  u1.Id,
  1792  	})
  1793  	require.NoError(t, nErr)
  1794  	u3.IsBot = true
  1795  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  1796  
  1797  	t.Run("all system admin profiles", func(t *testing.T) {
  1798  		result, userError := ss.User().GetSystemAdminProfiles()
  1799  		require.NoError(t, userError)
  1800  		assert.Equal(t, map[string]*model.User{
  1801  			u1.Id: sanitized(u1),
  1802  			u3.Id: sanitized(u3),
  1803  		}, result)
  1804  	})
  1805  }
  1806  
  1807  func testUserStoreGetByEmail(t *testing.T, ss store.Store) {
  1808  	teamId := model.NewId()
  1809  
  1810  	u1, err := ss.User().Save(&model.User{
  1811  		Email:    MakeEmail(),
  1812  		Username: "u1" + model.NewId(),
  1813  	})
  1814  	require.NoError(t, err)
  1815  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  1816  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  1817  	require.NoError(t, nErr)
  1818  
  1819  	u2, err := ss.User().Save(&model.User{
  1820  		Email:    MakeEmail(),
  1821  		Username: "u2" + model.NewId(),
  1822  	})
  1823  	require.NoError(t, err)
  1824  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  1825  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  1826  	require.NoError(t, nErr)
  1827  
  1828  	u3, err := ss.User().Save(&model.User{
  1829  		Email:    MakeEmail(),
  1830  		Username: "u3" + model.NewId(),
  1831  	})
  1832  	require.NoError(t, err)
  1833  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  1834  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
  1835  	require.NoError(t, nErr)
  1836  	_, nErr = ss.Bot().Save(&model.Bot{
  1837  		UserId:   u3.Id,
  1838  		Username: u3.Username,
  1839  		OwnerId:  u1.Id,
  1840  	})
  1841  	require.NoError(t, nErr)
  1842  	u3.IsBot = true
  1843  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  1844  
  1845  	t.Run("get u1 by email", func(t *testing.T) {
  1846  		u, err := ss.User().GetByEmail(u1.Email)
  1847  		require.NoError(t, err)
  1848  		assert.Equal(t, u1, u)
  1849  	})
  1850  
  1851  	t.Run("get u2 by email", func(t *testing.T) {
  1852  		u, err := ss.User().GetByEmail(u2.Email)
  1853  		require.NoError(t, err)
  1854  		assert.Equal(t, u2, u)
  1855  	})
  1856  
  1857  	t.Run("get u3 by email", func(t *testing.T) {
  1858  		u, err := ss.User().GetByEmail(u3.Email)
  1859  		require.NoError(t, err)
  1860  		assert.Equal(t, u3, u)
  1861  	})
  1862  
  1863  	t.Run("get by empty email", func(t *testing.T) {
  1864  		_, err := ss.User().GetByEmail("")
  1865  		require.Error(t, err)
  1866  	})
  1867  
  1868  	t.Run("get by unknown", func(t *testing.T) {
  1869  		_, err := ss.User().GetByEmail("unknown")
  1870  		require.Error(t, err)
  1871  	})
  1872  }
  1873  
  1874  func testUserStoreGetByAuthData(t *testing.T, ss store.Store) {
  1875  	teamId := model.NewId()
  1876  	auth1 := model.NewId()
  1877  	auth3 := model.NewId()
  1878  
  1879  	u1, err := ss.User().Save(&model.User{
  1880  		Email:       MakeEmail(),
  1881  		Username:    "u1" + model.NewId(),
  1882  		AuthData:    &auth1,
  1883  		AuthService: "service",
  1884  	})
  1885  	require.NoError(t, err)
  1886  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  1887  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  1888  	require.NoError(t, nErr)
  1889  
  1890  	u2, err := ss.User().Save(&model.User{
  1891  		Email:    MakeEmail(),
  1892  		Username: "u2" + model.NewId(),
  1893  	})
  1894  	require.NoError(t, err)
  1895  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  1896  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  1897  	require.NoError(t, nErr)
  1898  
  1899  	u3, err := ss.User().Save(&model.User{
  1900  		Email:       MakeEmail(),
  1901  		Username:    "u3" + model.NewId(),
  1902  		AuthData:    &auth3,
  1903  		AuthService: "service2",
  1904  	})
  1905  	require.NoError(t, err)
  1906  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  1907  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
  1908  	require.NoError(t, nErr)
  1909  	_, nErr = ss.Bot().Save(&model.Bot{
  1910  		UserId:   u3.Id,
  1911  		Username: u3.Username,
  1912  		OwnerId:  u1.Id,
  1913  	})
  1914  	require.NoError(t, nErr)
  1915  	u3.IsBot = true
  1916  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  1917  
  1918  	t.Run("get by u1 auth", func(t *testing.T) {
  1919  		u, err := ss.User().GetByAuth(u1.AuthData, u1.AuthService)
  1920  		require.NoError(t, err)
  1921  		assert.Equal(t, u1, u)
  1922  	})
  1923  
  1924  	t.Run("get by u3 auth", func(t *testing.T) {
  1925  		u, err := ss.User().GetByAuth(u3.AuthData, u3.AuthService)
  1926  		require.NoError(t, err)
  1927  		assert.Equal(t, u3, u)
  1928  	})
  1929  
  1930  	t.Run("get by u1 auth, unknown service", func(t *testing.T) {
  1931  		_, err := ss.User().GetByAuth(u1.AuthData, "unknown")
  1932  		require.Error(t, err)
  1933  		var nfErr *store.ErrNotFound
  1934  		require.True(t, errors.As(err, &nfErr))
  1935  	})
  1936  
  1937  	t.Run("get by unknown auth, u1 service", func(t *testing.T) {
  1938  		unknownAuth := ""
  1939  		_, err := ss.User().GetByAuth(&unknownAuth, u1.AuthService)
  1940  		require.Error(t, err)
  1941  		var invErr *store.ErrInvalidInput
  1942  		require.True(t, errors.As(err, &invErr))
  1943  	})
  1944  
  1945  	t.Run("get by unknown auth, unknown service", func(t *testing.T) {
  1946  		unknownAuth := ""
  1947  		_, err := ss.User().GetByAuth(&unknownAuth, "unknown")
  1948  		require.Error(t, err)
  1949  		var invErr *store.ErrInvalidInput
  1950  		require.True(t, errors.As(err, &invErr))
  1951  	})
  1952  }
  1953  
  1954  func testUserStoreGetByUsername(t *testing.T, ss store.Store) {
  1955  	teamId := model.NewId()
  1956  
  1957  	u1, err := ss.User().Save(&model.User{
  1958  		Email:    MakeEmail(),
  1959  		Username: "u1" + model.NewId(),
  1960  	})
  1961  	require.NoError(t, err)
  1962  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  1963  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  1964  	require.NoError(t, nErr)
  1965  
  1966  	u2, err := ss.User().Save(&model.User{
  1967  		Email:    MakeEmail(),
  1968  		Username: "u2" + model.NewId(),
  1969  	})
  1970  	require.NoError(t, err)
  1971  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  1972  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  1973  	require.NoError(t, nErr)
  1974  
  1975  	u3, err := ss.User().Save(&model.User{
  1976  		Email:    MakeEmail(),
  1977  		Username: "u3" + model.NewId(),
  1978  	})
  1979  	require.NoError(t, err)
  1980  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  1981  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
  1982  	require.NoError(t, nErr)
  1983  	_, nErr = ss.Bot().Save(&model.Bot{
  1984  		UserId:   u3.Id,
  1985  		Username: u3.Username,
  1986  		OwnerId:  u1.Id,
  1987  	})
  1988  	require.NoError(t, nErr)
  1989  	u3.IsBot = true
  1990  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  1991  
  1992  	t.Run("get u1 by username", func(t *testing.T) {
  1993  		result, err := ss.User().GetByUsername(u1.Username)
  1994  		require.NoError(t, err)
  1995  		assert.Equal(t, u1, result)
  1996  	})
  1997  
  1998  	t.Run("get u2 by username", func(t *testing.T) {
  1999  		result, err := ss.User().GetByUsername(u2.Username)
  2000  		require.NoError(t, err)
  2001  		assert.Equal(t, u2, result)
  2002  	})
  2003  
  2004  	t.Run("get u3 by username", func(t *testing.T) {
  2005  		result, err := ss.User().GetByUsername(u3.Username)
  2006  		require.NoError(t, err)
  2007  		assert.Equal(t, u3, result)
  2008  	})
  2009  
  2010  	t.Run("get by empty username", func(t *testing.T) {
  2011  		_, err := ss.User().GetByUsername("")
  2012  		require.Error(t, err)
  2013  		var nfErr *store.ErrNotFound
  2014  		require.True(t, errors.As(err, &nfErr))
  2015  	})
  2016  
  2017  	t.Run("get by unknown", func(t *testing.T) {
  2018  		_, err := ss.User().GetByUsername("unknown")
  2019  		require.Error(t, err)
  2020  		var nfErr *store.ErrNotFound
  2021  		require.True(t, errors.As(err, &nfErr))
  2022  	})
  2023  }
  2024  
  2025  func testUserStoreGetForLogin(t *testing.T, ss store.Store) {
  2026  	teamId := model.NewId()
  2027  	auth := model.NewId()
  2028  	auth2 := model.NewId()
  2029  	auth3 := model.NewId()
  2030  
  2031  	u1, err := ss.User().Save(&model.User{
  2032  		Email:       MakeEmail(),
  2033  		Username:    "u1" + model.NewId(),
  2034  		AuthService: model.USER_AUTH_SERVICE_GITLAB,
  2035  		AuthData:    &auth,
  2036  	})
  2037  
  2038  	require.NoError(t, err)
  2039  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  2040  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  2041  	require.NoError(t, nErr)
  2042  
  2043  	u2, err := ss.User().Save(&model.User{
  2044  		Email:       MakeEmail(),
  2045  		Username:    "u2" + model.NewId(),
  2046  		AuthService: model.USER_AUTH_SERVICE_LDAP,
  2047  		AuthData:    &auth2,
  2048  	})
  2049  	require.NoError(t, err)
  2050  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  2051  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  2052  	require.NoError(t, nErr)
  2053  
  2054  	u3, err := ss.User().Save(&model.User{
  2055  		Email:       MakeEmail(),
  2056  		Username:    "u3" + model.NewId(),
  2057  		AuthService: model.USER_AUTH_SERVICE_LDAP,
  2058  		AuthData:    &auth3,
  2059  	})
  2060  	require.NoError(t, err)
  2061  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  2062  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
  2063  	require.NoError(t, nErr)
  2064  	_, nErr = ss.Bot().Save(&model.Bot{
  2065  		UserId:   u3.Id,
  2066  		Username: u3.Username,
  2067  		OwnerId:  u1.Id,
  2068  	})
  2069  	require.NoError(t, nErr)
  2070  	u3.IsBot = true
  2071  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  2072  
  2073  	t.Run("get u1 by username, allow both", func(t *testing.T) {
  2074  		user, err := ss.User().GetForLogin(u1.Username, true, true)
  2075  		require.NoError(t, err)
  2076  		assert.Equal(t, u1, user)
  2077  	})
  2078  
  2079  	t.Run("get u1 by username, check for case issues", func(t *testing.T) {
  2080  		user, err := ss.User().GetForLogin(strings.ToUpper(u1.Username), true, true)
  2081  		require.NoError(t, err)
  2082  		assert.Equal(t, u1, user)
  2083  	})
  2084  
  2085  	t.Run("get u1 by username, allow only email", func(t *testing.T) {
  2086  		_, err := ss.User().GetForLogin(u1.Username, false, true)
  2087  		require.Error(t, err)
  2088  		require.Equal(t, "user not found", err.Error())
  2089  	})
  2090  
  2091  	t.Run("get u1 by email, allow both", func(t *testing.T) {
  2092  		user, err := ss.User().GetForLogin(u1.Email, true, true)
  2093  		require.NoError(t, err)
  2094  		assert.Equal(t, u1, user)
  2095  	})
  2096  
  2097  	t.Run("get u1 by email, check for case issues", func(t *testing.T) {
  2098  		user, err := ss.User().GetForLogin(strings.ToUpper(u1.Email), true, true)
  2099  		require.NoError(t, err)
  2100  		assert.Equal(t, u1, user)
  2101  	})
  2102  
  2103  	t.Run("get u1 by email, allow only username", func(t *testing.T) {
  2104  		_, err := ss.User().GetForLogin(u1.Email, true, false)
  2105  		require.Error(t, err)
  2106  		require.Equal(t, "user not found", err.Error())
  2107  	})
  2108  
  2109  	t.Run("get u2 by username, allow both", func(t *testing.T) {
  2110  		user, err := ss.User().GetForLogin(u2.Username, true, true)
  2111  		require.NoError(t, err)
  2112  		assert.Equal(t, u2, user)
  2113  	})
  2114  
  2115  	t.Run("get u2 by email, allow both", func(t *testing.T) {
  2116  		user, err := ss.User().GetForLogin(u2.Email, true, true)
  2117  		require.NoError(t, err)
  2118  		assert.Equal(t, u2, user)
  2119  	})
  2120  
  2121  	t.Run("get u2 by username, allow neither", func(t *testing.T) {
  2122  		_, err := ss.User().GetForLogin(u2.Username, false, false)
  2123  		require.Error(t, err)
  2124  		require.Equal(t, "sign in with username and email are disabled", err.Error())
  2125  	})
  2126  }
  2127  
  2128  func testUserStoreUpdatePassword(t *testing.T, ss store.Store) {
  2129  	teamId := model.NewId()
  2130  
  2131  	u1 := &model.User{}
  2132  	u1.Email = MakeEmail()
  2133  	_, err := ss.User().Save(u1)
  2134  	require.NoError(t, err)
  2135  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  2136  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  2137  	require.NoError(t, nErr)
  2138  
  2139  	hashedPassword := model.HashPassword("newpwd")
  2140  
  2141  	err = ss.User().UpdatePassword(u1.Id, hashedPassword)
  2142  	require.NoError(t, err)
  2143  
  2144  	user, err := ss.User().GetByEmail(u1.Email)
  2145  	require.NoError(t, err)
  2146  	require.Equal(t, user.Password, hashedPassword, "Password was not updated correctly")
  2147  }
  2148  
  2149  func testUserStoreDelete(t *testing.T, ss store.Store) {
  2150  	u1 := &model.User{}
  2151  	u1.Email = MakeEmail()
  2152  	_, err := ss.User().Save(u1)
  2153  	require.NoError(t, err)
  2154  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  2155  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: model.NewId(), UserId: u1.Id}, -1)
  2156  	require.NoError(t, nErr)
  2157  
  2158  	err = ss.User().PermanentDelete(u1.Id)
  2159  	require.NoError(t, err)
  2160  }
  2161  
  2162  func testUserStoreUpdateAuthData(t *testing.T, ss store.Store) {
  2163  	teamId := model.NewId()
  2164  
  2165  	u1 := &model.User{}
  2166  	u1.Email = MakeEmail()
  2167  	_, err := ss.User().Save(u1)
  2168  	require.NoError(t, err)
  2169  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  2170  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  2171  	require.NoError(t, nErr)
  2172  
  2173  	service := "someservice"
  2174  	authData := model.NewId()
  2175  
  2176  	_, err = ss.User().UpdateAuthData(u1.Id, service, &authData, "", true)
  2177  	require.NoError(t, err)
  2178  
  2179  	user, err := ss.User().GetByEmail(u1.Email)
  2180  	require.NoError(t, err)
  2181  	require.Equal(t, service, user.AuthService, "AuthService was not updated correctly")
  2182  	require.Equal(t, authData, *user.AuthData, "AuthData was not updated correctly")
  2183  	require.Equal(t, "", user.Password, "Password was not cleared properly")
  2184  }
  2185  
  2186  func testUserUnreadCount(t *testing.T, ss store.Store) {
  2187  	teamId := model.NewId()
  2188  
  2189  	c1 := model.Channel{}
  2190  	c1.TeamId = teamId
  2191  	c1.DisplayName = "Unread Messages"
  2192  	c1.Name = "unread-messages-" + model.NewId()
  2193  	c1.Type = model.CHANNEL_OPEN
  2194  
  2195  	c2 := model.Channel{}
  2196  	c2.TeamId = teamId
  2197  	c2.DisplayName = "Unread Direct"
  2198  	c2.Name = "unread-direct-" + model.NewId()
  2199  	c2.Type = model.CHANNEL_DIRECT
  2200  
  2201  	u1 := &model.User{}
  2202  	u1.Username = "user1" + model.NewId()
  2203  	u1.Email = MakeEmail()
  2204  	_, err := ss.User().Save(u1)
  2205  	require.NoError(t, err)
  2206  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  2207  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  2208  	require.NoError(t, nErr)
  2209  
  2210  	u2 := &model.User{}
  2211  	u2.Email = MakeEmail()
  2212  	u2.Username = "user2" + model.NewId()
  2213  	_, err = ss.User().Save(u2)
  2214  	require.NoError(t, err)
  2215  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  2216  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  2217  	require.NoError(t, nErr)
  2218  
  2219  	_, nErr = ss.Channel().Save(&c1, -1)
  2220  	require.NoError(t, nErr, "couldn't save item")
  2221  
  2222  	m1 := model.ChannelMember{}
  2223  	m1.ChannelId = c1.Id
  2224  	m1.UserId = u1.Id
  2225  	m1.NotifyProps = model.GetDefaultChannelNotifyProps()
  2226  
  2227  	m2 := model.ChannelMember{}
  2228  	m2.ChannelId = c1.Id
  2229  	m2.UserId = u2.Id
  2230  	m2.NotifyProps = model.GetDefaultChannelNotifyProps()
  2231  
  2232  	_, nErr = ss.Channel().SaveMember(&m2)
  2233  	require.NoError(t, nErr)
  2234  
  2235  	m1.ChannelId = c2.Id
  2236  	m2.ChannelId = c2.Id
  2237  
  2238  	_, nErr = ss.Channel().SaveDirectChannel(&c2, &m1, &m2)
  2239  	require.NoError(t, nErr, "couldn't save direct channel")
  2240  
  2241  	p1 := model.Post{}
  2242  	p1.ChannelId = c1.Id
  2243  	p1.UserId = u1.Id
  2244  	p1.Message = "this is a message for @" + u2.Username
  2245  
  2246  	// Post one message with mention to open channel
  2247  	_, nErr = ss.Post().Save(&p1)
  2248  	require.NoError(t, nErr)
  2249  	nErr = ss.Channel().IncrementMentionCount(c1.Id, u2.Id, false)
  2250  	require.NoError(t, nErr)
  2251  
  2252  	// Post 2 messages without mention to direct channel
  2253  	p2 := model.Post{}
  2254  	p2.ChannelId = c2.Id
  2255  	p2.UserId = u1.Id
  2256  	p2.Message = "first message"
  2257  
  2258  	_, nErr = ss.Post().Save(&p2)
  2259  	require.NoError(t, nErr)
  2260  	nErr = ss.Channel().IncrementMentionCount(c2.Id, u2.Id, false)
  2261  	require.NoError(t, nErr)
  2262  
  2263  	p3 := model.Post{}
  2264  	p3.ChannelId = c2.Id
  2265  	p3.UserId = u1.Id
  2266  	p3.Message = "second message"
  2267  	_, nErr = ss.Post().Save(&p3)
  2268  	require.NoError(t, nErr)
  2269  
  2270  	nErr = ss.Channel().IncrementMentionCount(c2.Id, u2.Id, false)
  2271  	require.NoError(t, nErr)
  2272  
  2273  	badge, unreadCountErr := ss.User().GetUnreadCount(u2.Id)
  2274  	require.NoError(t, unreadCountErr)
  2275  	require.Equal(t, int64(3), badge, "should have 3 unread messages")
  2276  
  2277  	badge, unreadCountErr = ss.User().GetUnreadCountForChannel(u2.Id, c1.Id)
  2278  	require.NoError(t, unreadCountErr)
  2279  	require.Equal(t, int64(1), badge, "should have 1 unread messages for that channel")
  2280  
  2281  	badge, unreadCountErr = ss.User().GetUnreadCountForChannel(u2.Id, c2.Id)
  2282  	require.NoError(t, unreadCountErr)
  2283  	require.Equal(t, int64(2), badge, "should have 2 unread messages for that channel")
  2284  }
  2285  
  2286  func testUserStoreUpdateMfaSecret(t *testing.T, ss store.Store) {
  2287  	u1 := model.User{}
  2288  	u1.Email = MakeEmail()
  2289  	_, err := ss.User().Save(&u1)
  2290  	require.NoError(t, err)
  2291  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  2292  
  2293  	err = ss.User().UpdateMfaSecret(u1.Id, "12345")
  2294  	require.NoError(t, err)
  2295  
  2296  	// should pass, no update will occur though
  2297  	err = ss.User().UpdateMfaSecret("junk", "12345")
  2298  	require.NoError(t, err)
  2299  }
  2300  
  2301  func testUserStoreUpdateMfaActive(t *testing.T, ss store.Store) {
  2302  	u1 := model.User{}
  2303  	u1.Email = MakeEmail()
  2304  	_, err := ss.User().Save(&u1)
  2305  	require.NoError(t, err)
  2306  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  2307  
  2308  	time.Sleep(time.Millisecond)
  2309  
  2310  	err = ss.User().UpdateMfaActive(u1.Id, true)
  2311  	require.NoError(t, err)
  2312  
  2313  	err = ss.User().UpdateMfaActive(u1.Id, false)
  2314  	require.NoError(t, err)
  2315  
  2316  	// should pass, no update will occur though
  2317  	err = ss.User().UpdateMfaActive("junk", true)
  2318  	require.NoError(t, err)
  2319  }
  2320  
  2321  func testUserStoreGetRecentlyActiveUsersForTeam(t *testing.T, ss store.Store, s SqlStore) {
  2322  
  2323  	cleanupStatusStore(t, s)
  2324  
  2325  	teamId := model.NewId()
  2326  
  2327  	u1, err := ss.User().Save(&model.User{
  2328  		Email:    MakeEmail(),
  2329  		Username: "u1" + model.NewId(),
  2330  	})
  2331  	require.NoError(t, err)
  2332  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  2333  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  2334  	require.NoError(t, nErr)
  2335  
  2336  	u2, err := ss.User().Save(&model.User{
  2337  		Email:    MakeEmail(),
  2338  		Username: "u2" + model.NewId(),
  2339  	})
  2340  	require.NoError(t, err)
  2341  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  2342  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  2343  	require.NoError(t, nErr)
  2344  
  2345  	u3, err := ss.User().Save(&model.User{
  2346  		Email:    MakeEmail(),
  2347  		Username: "u3" + model.NewId(),
  2348  	})
  2349  	require.NoError(t, err)
  2350  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  2351  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
  2352  	require.NoError(t, nErr)
  2353  	_, nErr = ss.Bot().Save(&model.Bot{
  2354  		UserId:   u3.Id,
  2355  		Username: u3.Username,
  2356  		OwnerId:  u1.Id,
  2357  	})
  2358  	require.NoError(t, nErr)
  2359  	u3.IsBot = true
  2360  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  2361  
  2362  	millis := model.GetMillis()
  2363  	u3.LastActivityAt = millis
  2364  	u2.LastActivityAt = millis - 1
  2365  	u1.LastActivityAt = millis - 1
  2366  
  2367  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u1.Id, Status: model.STATUS_ONLINE, Manual: false, LastActivityAt: u1.LastActivityAt, ActiveChannel: ""}))
  2368  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u2.Id, Status: model.STATUS_ONLINE, Manual: false, LastActivityAt: u2.LastActivityAt, ActiveChannel: ""}))
  2369  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u3.Id, Status: model.STATUS_ONLINE, Manual: false, LastActivityAt: u3.LastActivityAt, ActiveChannel: ""}))
  2370  
  2371  	t.Run("get team 1, offset 0, limit 100", func(t *testing.T) {
  2372  		users, err := ss.User().GetRecentlyActiveUsersForTeam(teamId, 0, 100, nil)
  2373  		require.NoError(t, err)
  2374  		assert.Equal(t, []*model.User{
  2375  			sanitized(u3),
  2376  			sanitized(u1),
  2377  			sanitized(u2),
  2378  		}, users)
  2379  	})
  2380  
  2381  	t.Run("get team 1, offset 0, limit 1", func(t *testing.T) {
  2382  		users, err := ss.User().GetRecentlyActiveUsersForTeam(teamId, 0, 1, nil)
  2383  		require.NoError(t, err)
  2384  		assert.Equal(t, []*model.User{
  2385  			sanitized(u3),
  2386  		}, users)
  2387  	})
  2388  
  2389  	t.Run("get team 1, offset 2, limit 1", func(t *testing.T) {
  2390  		users, err := ss.User().GetRecentlyActiveUsersForTeam(teamId, 2, 1, nil)
  2391  		require.NoError(t, err)
  2392  		assert.Equal(t, []*model.User{
  2393  			sanitized(u2),
  2394  		}, users)
  2395  	})
  2396  }
  2397  
  2398  func testUserStoreGetNewUsersForTeam(t *testing.T, ss store.Store) {
  2399  	teamId := model.NewId()
  2400  	teamId2 := model.NewId()
  2401  
  2402  	u1, err := ss.User().Save(&model.User{
  2403  		Email:    MakeEmail(),
  2404  		Username: "Yuka",
  2405  	})
  2406  	require.NoError(t, err)
  2407  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  2408  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  2409  	require.NoError(t, nErr)
  2410  
  2411  	u2, err := ss.User().Save(&model.User{
  2412  		Email:    MakeEmail(),
  2413  		Username: "Leia",
  2414  	})
  2415  	require.NoError(t, err)
  2416  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  2417  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  2418  	require.NoError(t, nErr)
  2419  
  2420  	u3, err := ss.User().Save(&model.User{
  2421  		Email:    MakeEmail(),
  2422  		Username: "Ali",
  2423  	})
  2424  	require.NoError(t, err)
  2425  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  2426  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
  2427  	require.NoError(t, nErr)
  2428  	_, nErr = ss.Bot().Save(&model.Bot{
  2429  		UserId:   u3.Id,
  2430  		Username: u3.Username,
  2431  		OwnerId:  u1.Id,
  2432  	})
  2433  	require.NoError(t, nErr)
  2434  	u3.IsBot = true
  2435  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  2436  
  2437  	u4, err := ss.User().Save(&model.User{
  2438  		Email:    MakeEmail(),
  2439  		Username: "u4" + model.NewId(),
  2440  	})
  2441  	require.NoError(t, err)
  2442  	defer func() { require.NoError(t, ss.User().PermanentDelete(u4.Id)) }()
  2443  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId2, UserId: u4.Id}, -1)
  2444  	require.NoError(t, nErr)
  2445  
  2446  	t.Run("get team 1, offset 0, limit 100", func(t *testing.T) {
  2447  		result, err := ss.User().GetNewUsersForTeam(teamId, 0, 100, nil)
  2448  		require.NoError(t, err)
  2449  		assert.Equal(t, []*model.User{
  2450  			sanitized(u3),
  2451  			sanitized(u2),
  2452  			sanitized(u1),
  2453  		}, result)
  2454  	})
  2455  
  2456  	t.Run("get team 1, offset 0, limit 1", func(t *testing.T) {
  2457  		result, err := ss.User().GetNewUsersForTeam(teamId, 0, 1, nil)
  2458  		require.NoError(t, err)
  2459  		assert.Equal(t, []*model.User{
  2460  			sanitized(u3),
  2461  		}, result)
  2462  	})
  2463  
  2464  	t.Run("get team 1, offset 2, limit 1", func(t *testing.T) {
  2465  		result, err := ss.User().GetNewUsersForTeam(teamId, 2, 1, nil)
  2466  		require.NoError(t, err)
  2467  		assert.Equal(t, []*model.User{
  2468  			sanitized(u1),
  2469  		}, result)
  2470  	})
  2471  
  2472  	t.Run("get team 2, offset 0, limit 100", func(t *testing.T) {
  2473  		result, err := ss.User().GetNewUsersForTeam(teamId2, 0, 100, nil)
  2474  		require.NoError(t, err)
  2475  		assert.Equal(t, []*model.User{
  2476  			sanitized(u4),
  2477  		}, result)
  2478  	})
  2479  }
  2480  
  2481  func assertUsers(t *testing.T, expected, actual []*model.User) {
  2482  	expectedUsernames := make([]string, 0, len(expected))
  2483  	for _, user := range expected {
  2484  		expectedUsernames = append(expectedUsernames, user.Username)
  2485  	}
  2486  
  2487  	actualUsernames := make([]string, 0, len(actual))
  2488  	for _, user := range actual {
  2489  		actualUsernames = append(actualUsernames, user.Username)
  2490  	}
  2491  
  2492  	if assert.Equal(t, expectedUsernames, actualUsernames) {
  2493  		assert.Equal(t, expected, actual)
  2494  	}
  2495  }
  2496  
  2497  func testUserStoreSearch(t *testing.T, ss store.Store) {
  2498  	u1 := &model.User{
  2499  		Username:  "jimbo1" + model.NewId(),
  2500  		FirstName: "Tim",
  2501  		LastName:  "Bill",
  2502  		Nickname:  "Rob",
  2503  		Email:     "harold" + model.NewId() + "@simulator.amazonses.com",
  2504  		Roles:     "system_user system_admin",
  2505  	}
  2506  	_, err := ss.User().Save(u1)
  2507  	require.NoError(t, err)
  2508  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  2509  
  2510  	u2 := &model.User{
  2511  		Username: "jim2-bobby" + model.NewId(),
  2512  		Email:    MakeEmail(),
  2513  		Roles:    "system_user system_user_manager",
  2514  	}
  2515  	_, err = ss.User().Save(u2)
  2516  	require.NoError(t, err)
  2517  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  2518  
  2519  	u3 := &model.User{
  2520  		Username: "jimbo3" + model.NewId(),
  2521  		Email:    MakeEmail(),
  2522  		Roles:    "system_guest",
  2523  	}
  2524  	_, err = ss.User().Save(u3)
  2525  	require.NoError(t, err)
  2526  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  2527  
  2528  	// The users returned from the database will have AuthData as an empty string.
  2529  	nilAuthData := new(string)
  2530  	*nilAuthData = ""
  2531  	u1.AuthData = nilAuthData
  2532  	u2.AuthData = nilAuthData
  2533  	u3.AuthData = nilAuthData
  2534  
  2535  	t1id := model.NewId()
  2536  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: t1id, UserId: u1.Id, SchemeAdmin: true, SchemeUser: true}, -1)
  2537  	require.NoError(t, nErr)
  2538  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: t1id, UserId: u2.Id, SchemeAdmin: true, SchemeUser: true}, -1)
  2539  	require.NoError(t, nErr)
  2540  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: t1id, UserId: u3.Id, SchemeAdmin: false, SchemeUser: false, SchemeGuest: true}, -1)
  2541  	require.NoError(t, nErr)
  2542  
  2543  	testCases := []struct {
  2544  		Description string
  2545  		TeamId      string
  2546  		Term        string
  2547  		Options     *model.UserSearchOptions
  2548  		Expected    []*model.User
  2549  	}{
  2550  		{
  2551  			"search jimb, team 1",
  2552  			t1id,
  2553  			"jimb",
  2554  			&model.UserSearchOptions{
  2555  				AllowFullNames: true,
  2556  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2557  			},
  2558  			[]*model.User{u1, u3},
  2559  		},
  2560  		{
  2561  			"search jimb, team 1 with team guest and team admin filters without sys admin filter",
  2562  			t1id,
  2563  			"jimb",
  2564  			&model.UserSearchOptions{
  2565  				AllowFullNames: true,
  2566  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2567  				TeamRoles:      []string{model.TEAM_GUEST_ROLE_ID, model.TEAM_ADMIN_ROLE_ID},
  2568  			},
  2569  			[]*model.User{u3},
  2570  		},
  2571  		{
  2572  			"search jimb, team 1 with team admin filter and sys admin filter",
  2573  			t1id,
  2574  			"jimb",
  2575  			&model.UserSearchOptions{
  2576  				AllowFullNames: true,
  2577  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2578  				Roles:          []string{model.SYSTEM_ADMIN_ROLE_ID},
  2579  				TeamRoles:      []string{model.TEAM_ADMIN_ROLE_ID},
  2580  			},
  2581  			[]*model.User{u1},
  2582  		},
  2583  		{
  2584  			"search jim, team 1 with team admin filter",
  2585  			t1id,
  2586  			"jim",
  2587  			&model.UserSearchOptions{
  2588  				AllowFullNames: true,
  2589  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2590  				TeamRoles:      []string{model.TEAM_ADMIN_ROLE_ID},
  2591  			},
  2592  			[]*model.User{u2},
  2593  		},
  2594  		{
  2595  			"search jim, team 1 with team admin and team guest filter",
  2596  			t1id,
  2597  			"jim",
  2598  			&model.UserSearchOptions{
  2599  				AllowFullNames: true,
  2600  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2601  				TeamRoles:      []string{model.TEAM_ADMIN_ROLE_ID, model.TEAM_GUEST_ROLE_ID},
  2602  			},
  2603  			[]*model.User{u2, u3},
  2604  		},
  2605  		{
  2606  			"search jim, team 1 with team admin and system admin filters",
  2607  			t1id,
  2608  			"jim",
  2609  			&model.UserSearchOptions{
  2610  				AllowFullNames: true,
  2611  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2612  				Roles:          []string{model.SYSTEM_ADMIN_ROLE_ID},
  2613  				TeamRoles:      []string{model.TEAM_ADMIN_ROLE_ID},
  2614  			},
  2615  			[]*model.User{u2, u1},
  2616  		},
  2617  		{
  2618  			"search jim, team 1 with system guest filter",
  2619  			t1id,
  2620  			"jim",
  2621  			&model.UserSearchOptions{
  2622  				AllowFullNames: true,
  2623  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2624  				Roles:          []string{model.SYSTEM_GUEST_ROLE_ID},
  2625  				TeamRoles:      []string{},
  2626  			},
  2627  			[]*model.User{u3},
  2628  		},
  2629  	}
  2630  
  2631  	for _, testCase := range testCases {
  2632  		t.Run(testCase.Description, func(t *testing.T) {
  2633  			users, err := ss.User().Search(
  2634  				testCase.TeamId,
  2635  				testCase.Term,
  2636  				testCase.Options,
  2637  			)
  2638  			require.NoError(t, err)
  2639  			assertUsers(t, testCase.Expected, users)
  2640  		})
  2641  	}
  2642  }
  2643  
  2644  func testUserStoreSearchNotInChannel(t *testing.T, ss store.Store) {
  2645  	u1 := &model.User{
  2646  		Username:  "jimbo1" + model.NewId(),
  2647  		FirstName: "Tim",
  2648  		LastName:  "Bill",
  2649  		Nickname:  "Rob",
  2650  		Email:     "harold" + model.NewId() + "@simulator.amazonses.com",
  2651  	}
  2652  	_, err := ss.User().Save(u1)
  2653  	require.NoError(t, err)
  2654  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  2655  
  2656  	u2 := &model.User{
  2657  		Username: "jim2-bobby" + model.NewId(),
  2658  		Email:    MakeEmail(),
  2659  	}
  2660  	_, err = ss.User().Save(u2)
  2661  	require.NoError(t, err)
  2662  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  2663  
  2664  	u3 := &model.User{
  2665  		Username: "jimbo3" + model.NewId(),
  2666  		Email:    MakeEmail(),
  2667  		DeleteAt: 1,
  2668  	}
  2669  	_, err = ss.User().Save(u3)
  2670  	require.NoError(t, err)
  2671  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  2672  	_, nErr := ss.Bot().Save(&model.Bot{
  2673  		UserId:   u3.Id,
  2674  		Username: u3.Username,
  2675  		OwnerId:  u1.Id,
  2676  	})
  2677  	require.NoError(t, nErr)
  2678  	u3.IsBot = true
  2679  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  2680  
  2681  	tid := model.NewId()
  2682  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: tid, UserId: u1.Id}, -1)
  2683  	require.NoError(t, nErr)
  2684  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: tid, UserId: u2.Id}, -1)
  2685  	require.NoError(t, nErr)
  2686  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: tid, UserId: u3.Id}, -1)
  2687  	require.NoError(t, nErr)
  2688  
  2689  	// The users returned from the database will have AuthData as an empty string.
  2690  	nilAuthData := new(string)
  2691  	*nilAuthData = ""
  2692  
  2693  	u1.AuthData = nilAuthData
  2694  	u2.AuthData = nilAuthData
  2695  	u3.AuthData = nilAuthData
  2696  
  2697  	ch1 := model.Channel{
  2698  		TeamId:      tid,
  2699  		DisplayName: "NameName",
  2700  		Name:        "zz" + model.NewId() + "b",
  2701  		Type:        model.CHANNEL_OPEN,
  2702  	}
  2703  	c1, nErr := ss.Channel().Save(&ch1, -1)
  2704  	require.NoError(t, nErr)
  2705  
  2706  	ch2 := model.Channel{
  2707  		TeamId:      tid,
  2708  		DisplayName: "NameName",
  2709  		Name:        "zz" + model.NewId() + "b",
  2710  		Type:        model.CHANNEL_OPEN,
  2711  	}
  2712  	c2, nErr := ss.Channel().Save(&ch2, -1)
  2713  	require.NoError(t, nErr)
  2714  
  2715  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  2716  		ChannelId:   c2.Id,
  2717  		UserId:      u1.Id,
  2718  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  2719  	})
  2720  	require.NoError(t, nErr)
  2721  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  2722  		ChannelId:   c1.Id,
  2723  		UserId:      u3.Id,
  2724  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  2725  	})
  2726  	require.NoError(t, nErr)
  2727  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  2728  		ChannelId:   c2.Id,
  2729  		UserId:      u2.Id,
  2730  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  2731  	})
  2732  	require.NoError(t, nErr)
  2733  
  2734  	testCases := []struct {
  2735  		Description string
  2736  		TeamId      string
  2737  		ChannelId   string
  2738  		Term        string
  2739  		Options     *model.UserSearchOptions
  2740  		Expected    []*model.User
  2741  	}{
  2742  		{
  2743  			"search jimb, channel 1",
  2744  			tid,
  2745  			c1.Id,
  2746  			"jimb",
  2747  			&model.UserSearchOptions{
  2748  				AllowFullNames: true,
  2749  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2750  			},
  2751  			[]*model.User{u1},
  2752  		},
  2753  		{
  2754  			"search jimb, allow inactive, channel 1",
  2755  			tid,
  2756  			c1.Id,
  2757  			"jimb",
  2758  			&model.UserSearchOptions{
  2759  				AllowFullNames: true,
  2760  				AllowInactive:  true,
  2761  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2762  			},
  2763  			[]*model.User{u1},
  2764  		},
  2765  		{
  2766  			"search jimb, channel 1, no team id",
  2767  			"",
  2768  			c1.Id,
  2769  			"jimb",
  2770  			&model.UserSearchOptions{
  2771  				AllowFullNames: true,
  2772  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2773  			},
  2774  			[]*model.User{u1},
  2775  		},
  2776  		{
  2777  			"search jimb, channel 1, junk team id",
  2778  			"junk",
  2779  			c1.Id,
  2780  			"jimb",
  2781  			&model.UserSearchOptions{
  2782  				AllowFullNames: true,
  2783  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2784  			},
  2785  			[]*model.User{},
  2786  		},
  2787  		{
  2788  			"search jimb, channel 2",
  2789  			tid,
  2790  			c2.Id,
  2791  			"jimb",
  2792  			&model.UserSearchOptions{
  2793  				AllowFullNames: true,
  2794  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2795  			},
  2796  			[]*model.User{},
  2797  		},
  2798  		{
  2799  			"search jimb, allow inactive, channel 2",
  2800  			tid,
  2801  			c2.Id,
  2802  			"jimb",
  2803  			&model.UserSearchOptions{
  2804  				AllowFullNames: true,
  2805  				AllowInactive:  true,
  2806  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2807  			},
  2808  			[]*model.User{u3},
  2809  		},
  2810  		{
  2811  			"search jimb, channel 2, no team id",
  2812  			"",
  2813  			c2.Id,
  2814  			"jimb",
  2815  			&model.UserSearchOptions{
  2816  				AllowFullNames: true,
  2817  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2818  			},
  2819  			[]*model.User{},
  2820  		},
  2821  		{
  2822  			"search jimb, channel 2, junk team id",
  2823  			"junk",
  2824  			c2.Id,
  2825  			"jimb",
  2826  			&model.UserSearchOptions{
  2827  				AllowFullNames: true,
  2828  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2829  			},
  2830  			[]*model.User{},
  2831  		},
  2832  		{
  2833  			"search jim, channel 1",
  2834  			tid,
  2835  			c1.Id,
  2836  			"jim",
  2837  			&model.UserSearchOptions{
  2838  				AllowFullNames: true,
  2839  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2840  			},
  2841  			[]*model.User{u2, u1},
  2842  		},
  2843  		{
  2844  			"search jim, channel 1, limit 1",
  2845  			tid,
  2846  			c1.Id,
  2847  			"jim",
  2848  			&model.UserSearchOptions{
  2849  				AllowFullNames: true,
  2850  				Limit:          1,
  2851  			},
  2852  			[]*model.User{u2},
  2853  		},
  2854  	}
  2855  
  2856  	for _, testCase := range testCases {
  2857  		t.Run(testCase.Description, func(t *testing.T) {
  2858  			users, err := ss.User().SearchNotInChannel(
  2859  				testCase.TeamId,
  2860  				testCase.ChannelId,
  2861  				testCase.Term,
  2862  				testCase.Options,
  2863  			)
  2864  			require.NoError(t, err)
  2865  			assertUsers(t, testCase.Expected, users)
  2866  		})
  2867  	}
  2868  }
  2869  
  2870  func testUserStoreSearchInChannel(t *testing.T, ss store.Store) {
  2871  	u1 := &model.User{
  2872  		Username:  "jimbo1" + model.NewId(),
  2873  		FirstName: "Tim",
  2874  		LastName:  "Bill",
  2875  		Nickname:  "Rob",
  2876  		Email:     "harold" + model.NewId() + "@simulator.amazonses.com",
  2877  		Roles:     "system_user system_admin",
  2878  	}
  2879  	_, err := ss.User().Save(u1)
  2880  	require.NoError(t, err)
  2881  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  2882  
  2883  	u2 := &model.User{
  2884  		Username: "jim-bobby" + model.NewId(),
  2885  		Email:    MakeEmail(),
  2886  		Roles:    "system_user",
  2887  	}
  2888  	_, err = ss.User().Save(u2)
  2889  	require.NoError(t, err)
  2890  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  2891  
  2892  	u3 := &model.User{
  2893  		Username: "jimbo3" + model.NewId(),
  2894  		Email:    MakeEmail(),
  2895  		DeleteAt: 1,
  2896  		Roles:    "system_user",
  2897  	}
  2898  	_, err = ss.User().Save(u3)
  2899  	require.NoError(t, err)
  2900  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  2901  	_, nErr := ss.Bot().Save(&model.Bot{
  2902  		UserId:   u3.Id,
  2903  		Username: u3.Username,
  2904  		OwnerId:  u1.Id,
  2905  	})
  2906  	require.NoError(t, nErr)
  2907  	u3.IsBot = true
  2908  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  2909  
  2910  	tid := model.NewId()
  2911  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: tid, UserId: u1.Id}, -1)
  2912  	require.NoError(t, nErr)
  2913  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: tid, UserId: u2.Id}, -1)
  2914  	require.NoError(t, nErr)
  2915  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: tid, UserId: u3.Id}, -1)
  2916  	require.NoError(t, nErr)
  2917  
  2918  	// The users returned from the database will have AuthData as an empty string.
  2919  	nilAuthData := new(string)
  2920  	*nilAuthData = ""
  2921  
  2922  	u1.AuthData = nilAuthData
  2923  	u2.AuthData = nilAuthData
  2924  	u3.AuthData = nilAuthData
  2925  
  2926  	ch1 := model.Channel{
  2927  		TeamId:      tid,
  2928  		DisplayName: "NameName",
  2929  		Name:        "zz" + model.NewId() + "b",
  2930  		Type:        model.CHANNEL_OPEN,
  2931  	}
  2932  	c1, nErr := ss.Channel().Save(&ch1, -1)
  2933  	require.NoError(t, nErr)
  2934  
  2935  	ch2 := model.Channel{
  2936  		TeamId:      tid,
  2937  		DisplayName: "NameName",
  2938  		Name:        "zz" + model.NewId() + "b",
  2939  		Type:        model.CHANNEL_OPEN,
  2940  	}
  2941  	c2, nErr := ss.Channel().Save(&ch2, -1)
  2942  	require.NoError(t, nErr)
  2943  
  2944  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  2945  		ChannelId:   c1.Id,
  2946  		UserId:      u1.Id,
  2947  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  2948  		SchemeAdmin: true,
  2949  		SchemeUser:  true,
  2950  	})
  2951  	require.NoError(t, nErr)
  2952  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  2953  		ChannelId:   c2.Id,
  2954  		UserId:      u2.Id,
  2955  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  2956  		SchemeAdmin: false,
  2957  		SchemeUser:  true,
  2958  	})
  2959  	require.NoError(t, nErr)
  2960  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  2961  		ChannelId:   c1.Id,
  2962  		UserId:      u3.Id,
  2963  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  2964  		SchemeAdmin: false,
  2965  		SchemeUser:  true,
  2966  	})
  2967  	require.NoError(t, nErr)
  2968  
  2969  	testCases := []struct {
  2970  		Description string
  2971  		ChannelId   string
  2972  		Term        string
  2973  		Options     *model.UserSearchOptions
  2974  		Expected    []*model.User
  2975  	}{
  2976  		{
  2977  			"search jimb, channel 1",
  2978  			c1.Id,
  2979  			"jimb",
  2980  			&model.UserSearchOptions{
  2981  				AllowFullNames: true,
  2982  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2983  			},
  2984  			[]*model.User{u1},
  2985  		},
  2986  		{
  2987  			"search jimb, allow inactive, channel 1",
  2988  			c1.Id,
  2989  			"jimb",
  2990  			&model.UserSearchOptions{
  2991  				AllowFullNames: true,
  2992  				AllowInactive:  true,
  2993  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  2994  			},
  2995  			[]*model.User{u1, u3},
  2996  		},
  2997  		{
  2998  			"search jimb, allow inactive, channel 1, limit 1",
  2999  			c1.Id,
  3000  			"jimb",
  3001  			&model.UserSearchOptions{
  3002  				AllowFullNames: true,
  3003  				AllowInactive:  true,
  3004  				Limit:          1,
  3005  			},
  3006  			[]*model.User{u1},
  3007  		},
  3008  		{
  3009  			"search jimb, channel 2",
  3010  			c2.Id,
  3011  			"jimb",
  3012  			&model.UserSearchOptions{
  3013  				AllowFullNames: true,
  3014  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3015  			},
  3016  			[]*model.User{},
  3017  		},
  3018  		{
  3019  			"search jimb, allow inactive, channel 2",
  3020  			c2.Id,
  3021  			"jimb",
  3022  			&model.UserSearchOptions{
  3023  				AllowFullNames: true,
  3024  				AllowInactive:  true,
  3025  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3026  			},
  3027  			[]*model.User{},
  3028  		},
  3029  		{
  3030  			"search jim, allow inactive, channel 1 with system admin filter",
  3031  			c1.Id,
  3032  			"jim",
  3033  			&model.UserSearchOptions{
  3034  				AllowFullNames: true,
  3035  				AllowInactive:  true,
  3036  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3037  				Roles:          []string{model.SYSTEM_ADMIN_ROLE_ID},
  3038  			},
  3039  			[]*model.User{u1},
  3040  		},
  3041  		{
  3042  			"search jim, allow inactive, channel 1 with system admin and system user filter",
  3043  			c1.Id,
  3044  			"jim",
  3045  			&model.UserSearchOptions{
  3046  				AllowFullNames: true,
  3047  				AllowInactive:  true,
  3048  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3049  				Roles:          []string{model.SYSTEM_ADMIN_ROLE_ID, model.SYSTEM_USER_ROLE_ID},
  3050  			},
  3051  			[]*model.User{u1, u3},
  3052  		},
  3053  		{
  3054  			"search jim, allow inactive, channel 1 with channel user filter",
  3055  			c1.Id,
  3056  			"jim",
  3057  			&model.UserSearchOptions{
  3058  				AllowFullNames: true,
  3059  				AllowInactive:  true,
  3060  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3061  				ChannelRoles:   []string{model.CHANNEL_USER_ROLE_ID},
  3062  			},
  3063  			[]*model.User{u3},
  3064  		},
  3065  		{
  3066  			"search jim, allow inactive, channel 1 with channel user and channel admin filter",
  3067  			c1.Id,
  3068  			"jim",
  3069  			&model.UserSearchOptions{
  3070  				AllowFullNames: true,
  3071  				AllowInactive:  true,
  3072  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3073  				ChannelRoles:   []string{model.CHANNEL_USER_ROLE_ID, model.CHANNEL_ADMIN_ROLE_ID},
  3074  			},
  3075  			[]*model.User{u3},
  3076  		},
  3077  		{
  3078  			"search jim, allow inactive, channel 2 with channel user filter",
  3079  			c2.Id,
  3080  			"jim",
  3081  			&model.UserSearchOptions{
  3082  				AllowFullNames: true,
  3083  				AllowInactive:  true,
  3084  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3085  				ChannelRoles:   []string{model.CHANNEL_USER_ROLE_ID},
  3086  			},
  3087  			[]*model.User{u2},
  3088  		},
  3089  	}
  3090  
  3091  	for _, testCase := range testCases {
  3092  		t.Run(testCase.Description, func(t *testing.T) {
  3093  			users, err := ss.User().SearchInChannel(
  3094  				testCase.ChannelId,
  3095  				testCase.Term,
  3096  				testCase.Options,
  3097  			)
  3098  			require.NoError(t, err)
  3099  			assertUsers(t, testCase.Expected, users)
  3100  		})
  3101  	}
  3102  }
  3103  
  3104  func testUserStoreSearchNotInTeam(t *testing.T, ss store.Store) {
  3105  	u1 := &model.User{
  3106  		Username:  "jimbo1" + model.NewId(),
  3107  		FirstName: "Tim",
  3108  		LastName:  "Bill",
  3109  		Nickname:  "Rob",
  3110  		Email:     "harold" + model.NewId() + "@simulator.amazonses.com",
  3111  	}
  3112  	_, err := ss.User().Save(u1)
  3113  	require.NoError(t, err)
  3114  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  3115  
  3116  	u2 := &model.User{
  3117  		Username: "jim-bobby" + model.NewId(),
  3118  		Email:    MakeEmail(),
  3119  	}
  3120  	_, err = ss.User().Save(u2)
  3121  	require.NoError(t, err)
  3122  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  3123  
  3124  	u3 := &model.User{
  3125  		Username: "jimbo3" + model.NewId(),
  3126  		Email:    MakeEmail(),
  3127  		DeleteAt: 1,
  3128  	}
  3129  	_, err = ss.User().Save(u3)
  3130  	require.NoError(t, err)
  3131  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  3132  	_, nErr := ss.Bot().Save(&model.Bot{
  3133  		UserId:   u3.Id,
  3134  		Username: u3.Username,
  3135  		OwnerId:  u1.Id,
  3136  	})
  3137  	require.NoError(t, nErr)
  3138  	u3.IsBot = true
  3139  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  3140  
  3141  	u4 := &model.User{
  3142  		Username: "simon" + model.NewId(),
  3143  		Email:    MakeEmail(),
  3144  		DeleteAt: 0,
  3145  	}
  3146  	_, err = ss.User().Save(u4)
  3147  	require.NoError(t, err)
  3148  	defer func() { require.NoError(t, ss.User().PermanentDelete(u4.Id)) }()
  3149  
  3150  	u5 := &model.User{
  3151  		Username:  "yu" + model.NewId(),
  3152  		FirstName: "En",
  3153  		LastName:  "Yu",
  3154  		Nickname:  "enyu",
  3155  		Email:     MakeEmail(),
  3156  	}
  3157  	_, err = ss.User().Save(u5)
  3158  	require.NoError(t, err)
  3159  	defer func() { require.NoError(t, ss.User().PermanentDelete(u5.Id)) }()
  3160  
  3161  	u6 := &model.User{
  3162  		Username:  "underscore" + model.NewId(),
  3163  		FirstName: "Du_",
  3164  		LastName:  "_DE",
  3165  		Nickname:  "lodash",
  3166  		Email:     MakeEmail(),
  3167  	}
  3168  	_, err = ss.User().Save(u6)
  3169  	require.NoError(t, err)
  3170  	defer func() { require.NoError(t, ss.User().PermanentDelete(u6.Id)) }()
  3171  
  3172  	teamId1 := model.NewId()
  3173  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId1, UserId: u1.Id}, -1)
  3174  	require.NoError(t, nErr)
  3175  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId1, UserId: u2.Id}, -1)
  3176  	require.NoError(t, nErr)
  3177  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId1, UserId: u3.Id}, -1)
  3178  	require.NoError(t, nErr)
  3179  	// u4 is not in team 1
  3180  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId1, UserId: u5.Id}, -1)
  3181  	require.NoError(t, nErr)
  3182  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId1, UserId: u6.Id}, -1)
  3183  	require.NoError(t, nErr)
  3184  
  3185  	teamId2 := model.NewId()
  3186  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId2, UserId: u4.Id}, -1)
  3187  	require.NoError(t, nErr)
  3188  
  3189  	// The users returned from the database will have AuthData as an empty string.
  3190  	nilAuthData := new(string)
  3191  	*nilAuthData = ""
  3192  
  3193  	u1.AuthData = nilAuthData
  3194  	u2.AuthData = nilAuthData
  3195  	u3.AuthData = nilAuthData
  3196  	u4.AuthData = nilAuthData
  3197  	u5.AuthData = nilAuthData
  3198  	u6.AuthData = nilAuthData
  3199  
  3200  	testCases := []struct {
  3201  		Description string
  3202  		TeamId      string
  3203  		Term        string
  3204  		Options     *model.UserSearchOptions
  3205  		Expected    []*model.User
  3206  	}{
  3207  		{
  3208  			"search simo, team 1",
  3209  			teamId1,
  3210  			"simo",
  3211  			&model.UserSearchOptions{
  3212  				AllowFullNames: true,
  3213  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3214  			},
  3215  			[]*model.User{u4},
  3216  		},
  3217  
  3218  		{
  3219  			"search jimb, team 1",
  3220  			teamId1,
  3221  			"jimb",
  3222  			&model.UserSearchOptions{
  3223  				AllowFullNames: true,
  3224  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3225  			},
  3226  			[]*model.User{},
  3227  		},
  3228  		{
  3229  			"search jimb, allow inactive, team 1",
  3230  			teamId1,
  3231  			"jimb",
  3232  			&model.UserSearchOptions{
  3233  				AllowFullNames: true,
  3234  				AllowInactive:  true,
  3235  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3236  			},
  3237  			[]*model.User{},
  3238  		},
  3239  		{
  3240  			"search simo, team 2",
  3241  			teamId2,
  3242  			"simo",
  3243  			&model.UserSearchOptions{
  3244  				AllowFullNames: true,
  3245  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3246  			},
  3247  			[]*model.User{},
  3248  		},
  3249  		{
  3250  			"search jimb, team2",
  3251  			teamId2,
  3252  			"jimb",
  3253  			&model.UserSearchOptions{
  3254  				AllowFullNames: true,
  3255  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3256  			},
  3257  			[]*model.User{u1},
  3258  		},
  3259  		{
  3260  			"search jimb, allow inactive, team 2",
  3261  			teamId2,
  3262  			"jimb",
  3263  			&model.UserSearchOptions{
  3264  				AllowFullNames: true,
  3265  				AllowInactive:  true,
  3266  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3267  			},
  3268  			[]*model.User{u1, u3},
  3269  		},
  3270  		{
  3271  			"search jimb, allow inactive, team 2, limit 1",
  3272  			teamId2,
  3273  			"jimb",
  3274  			&model.UserSearchOptions{
  3275  				AllowFullNames: true,
  3276  				AllowInactive:  true,
  3277  				Limit:          1,
  3278  			},
  3279  			[]*model.User{u1},
  3280  		},
  3281  	}
  3282  
  3283  	for _, testCase := range testCases {
  3284  		t.Run(testCase.Description, func(t *testing.T) {
  3285  			users, err := ss.User().SearchNotInTeam(
  3286  				testCase.TeamId,
  3287  				testCase.Term,
  3288  				testCase.Options,
  3289  			)
  3290  			require.NoError(t, err)
  3291  			assertUsers(t, testCase.Expected, users)
  3292  		})
  3293  	}
  3294  }
  3295  
  3296  func testUserStoreSearchWithoutTeam(t *testing.T, ss store.Store) {
  3297  	u1 := &model.User{
  3298  		Username:  "jimbo1" + model.NewId(),
  3299  		FirstName: "Tim",
  3300  		LastName:  "Bill",
  3301  		Nickname:  "Rob",
  3302  		Email:     "harold" + model.NewId() + "@simulator.amazonses.com",
  3303  	}
  3304  	_, err := ss.User().Save(u1)
  3305  	require.NoError(t, err)
  3306  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  3307  
  3308  	u2 := &model.User{
  3309  		Username: "jim2-bobby" + model.NewId(),
  3310  		Email:    MakeEmail(),
  3311  	}
  3312  	_, err = ss.User().Save(u2)
  3313  	require.NoError(t, err)
  3314  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  3315  
  3316  	u3 := &model.User{
  3317  		Username: "jimbo3" + model.NewId(),
  3318  		Email:    MakeEmail(),
  3319  		DeleteAt: 1,
  3320  	}
  3321  	_, err = ss.User().Save(u3)
  3322  	require.NoError(t, err)
  3323  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  3324  	_, nErr := ss.Bot().Save(&model.Bot{
  3325  		UserId:   u3.Id,
  3326  		Username: u3.Username,
  3327  		OwnerId:  u1.Id,
  3328  	})
  3329  	require.NoError(t, nErr)
  3330  	u3.IsBot = true
  3331  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  3332  
  3333  	tid := model.NewId()
  3334  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: tid, UserId: u3.Id}, -1)
  3335  	require.NoError(t, nErr)
  3336  
  3337  	// The users returned from the database will have AuthData as an empty string.
  3338  	nilAuthData := new(string)
  3339  	*nilAuthData = ""
  3340  
  3341  	u1.AuthData = nilAuthData
  3342  	u2.AuthData = nilAuthData
  3343  	u3.AuthData = nilAuthData
  3344  
  3345  	testCases := []struct {
  3346  		Description string
  3347  		Term        string
  3348  		Options     *model.UserSearchOptions
  3349  		Expected    []*model.User
  3350  	}{
  3351  		{
  3352  			"empty string",
  3353  			"",
  3354  			&model.UserSearchOptions{
  3355  				AllowFullNames: true,
  3356  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3357  			},
  3358  			[]*model.User{u2, u1},
  3359  		},
  3360  		{
  3361  			"jim",
  3362  			"jim",
  3363  			&model.UserSearchOptions{
  3364  				AllowFullNames: true,
  3365  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3366  			},
  3367  			[]*model.User{u2, u1},
  3368  		},
  3369  		{
  3370  			"PLT-8354",
  3371  			"* ",
  3372  			&model.UserSearchOptions{
  3373  				AllowFullNames: true,
  3374  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3375  			},
  3376  			[]*model.User{u2, u1},
  3377  		},
  3378  		{
  3379  			"jim, limit 1",
  3380  			"jim",
  3381  			&model.UserSearchOptions{
  3382  				AllowFullNames: true,
  3383  				Limit:          1,
  3384  			},
  3385  			[]*model.User{u2},
  3386  		},
  3387  	}
  3388  
  3389  	for _, testCase := range testCases {
  3390  		t.Run(testCase.Description, func(t *testing.T) {
  3391  			users, err := ss.User().SearchWithoutTeam(
  3392  				testCase.Term,
  3393  				testCase.Options,
  3394  			)
  3395  			require.NoError(t, err)
  3396  			assertUsers(t, testCase.Expected, users)
  3397  		})
  3398  	}
  3399  }
  3400  
  3401  func testUserStoreSearchInGroup(t *testing.T, ss store.Store) {
  3402  	u1 := &model.User{
  3403  		Username:  "jimbo1" + model.NewId(),
  3404  		FirstName: "Tim",
  3405  		LastName:  "Bill",
  3406  		Nickname:  "Rob",
  3407  		Email:     "harold" + model.NewId() + "@simulator.amazonses.com",
  3408  	}
  3409  	_, err := ss.User().Save(u1)
  3410  	require.NoError(t, err)
  3411  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  3412  
  3413  	u2 := &model.User{
  3414  		Username: "jim-bobby" + model.NewId(),
  3415  		Email:    MakeEmail(),
  3416  	}
  3417  	_, err = ss.User().Save(u2)
  3418  	require.NoError(t, err)
  3419  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  3420  
  3421  	u3 := &model.User{
  3422  		Username: "jimbo3" + model.NewId(),
  3423  		Email:    MakeEmail(),
  3424  		DeleteAt: 1,
  3425  	}
  3426  	_, err = ss.User().Save(u3)
  3427  	require.NoError(t, err)
  3428  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  3429  
  3430  	// The users returned from the database will have AuthData as an empty string.
  3431  	nilAuthData := model.NewString("")
  3432  
  3433  	u1.AuthData = nilAuthData
  3434  	u2.AuthData = nilAuthData
  3435  	u3.AuthData = nilAuthData
  3436  
  3437  	g1 := &model.Group{
  3438  		Name:        model.NewString(model.NewId()),
  3439  		DisplayName: model.NewId(),
  3440  		Description: model.NewId(),
  3441  		Source:      model.GroupSourceLdap,
  3442  		RemoteId:    model.NewId(),
  3443  	}
  3444  	_, err = ss.Group().Create(g1)
  3445  	require.NoError(t, err)
  3446  
  3447  	g2 := &model.Group{
  3448  		Name:        model.NewString(model.NewId()),
  3449  		DisplayName: model.NewId(),
  3450  		Description: model.NewId(),
  3451  		Source:      model.GroupSourceLdap,
  3452  		RemoteId:    model.NewId(),
  3453  	}
  3454  	_, err = ss.Group().Create(g2)
  3455  	require.NoError(t, err)
  3456  
  3457  	_, err = ss.Group().UpsertMember(g1.Id, u1.Id)
  3458  	require.NoError(t, err)
  3459  
  3460  	_, err = ss.Group().UpsertMember(g2.Id, u2.Id)
  3461  	require.NoError(t, err)
  3462  
  3463  	_, err = ss.Group().UpsertMember(g1.Id, u3.Id)
  3464  	require.NoError(t, err)
  3465  
  3466  	testCases := []struct {
  3467  		Description string
  3468  		GroupId     string
  3469  		Term        string
  3470  		Options     *model.UserSearchOptions
  3471  		Expected    []*model.User
  3472  	}{
  3473  		{
  3474  			"search jimb, group 1",
  3475  			g1.Id,
  3476  			"jimb",
  3477  			&model.UserSearchOptions{
  3478  				AllowFullNames: true,
  3479  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3480  			},
  3481  			[]*model.User{u1},
  3482  		},
  3483  		{
  3484  			"search jimb, group 1, allow inactive",
  3485  			g1.Id,
  3486  			"jimb",
  3487  			&model.UserSearchOptions{
  3488  				AllowFullNames: true,
  3489  				AllowInactive:  true,
  3490  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3491  			},
  3492  			[]*model.User{u1, u3},
  3493  		},
  3494  		{
  3495  			"search jimb, group 1, limit 1",
  3496  			g1.Id,
  3497  			"jimb",
  3498  			&model.UserSearchOptions{
  3499  				AllowFullNames: true,
  3500  				AllowInactive:  true,
  3501  				Limit:          1,
  3502  			},
  3503  			[]*model.User{u1},
  3504  		},
  3505  		{
  3506  			"search jimb, group 2",
  3507  			g2.Id,
  3508  			"jimb",
  3509  			&model.UserSearchOptions{
  3510  				AllowFullNames: true,
  3511  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3512  			},
  3513  			[]*model.User{},
  3514  		},
  3515  		{
  3516  			"search jimb, allow inactive, group 2",
  3517  			g2.Id,
  3518  			"jimb",
  3519  			&model.UserSearchOptions{
  3520  				AllowFullNames: true,
  3521  				AllowInactive:  true,
  3522  				Limit:          model.USER_SEARCH_DEFAULT_LIMIT,
  3523  			},
  3524  			[]*model.User{},
  3525  		},
  3526  	}
  3527  
  3528  	for _, testCase := range testCases {
  3529  		t.Run(testCase.Description, func(t *testing.T) {
  3530  			users, err := ss.User().SearchInGroup(
  3531  				testCase.GroupId,
  3532  				testCase.Term,
  3533  				testCase.Options,
  3534  			)
  3535  			require.NoError(t, err)
  3536  			assertUsers(t, testCase.Expected, users)
  3537  		})
  3538  	}
  3539  }
  3540  
  3541  func testCount(t *testing.T, ss store.Store) {
  3542  	// Regular
  3543  	teamId := model.NewId()
  3544  	channelId := model.NewId()
  3545  	regularUser := &model.User{}
  3546  	regularUser.Email = MakeEmail()
  3547  	regularUser.Roles = model.SYSTEM_USER_ROLE_ID
  3548  	_, err := ss.User().Save(regularUser)
  3549  	require.NoError(t, err)
  3550  	defer func() { require.NoError(t, ss.User().PermanentDelete(regularUser.Id)) }()
  3551  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: regularUser.Id, SchemeAdmin: false, SchemeUser: true}, -1)
  3552  	require.NoError(t, nErr)
  3553  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{UserId: regularUser.Id, ChannelId: channelId, SchemeAdmin: false, SchemeUser: true, NotifyProps: model.GetDefaultChannelNotifyProps()})
  3554  	require.NoError(t, nErr)
  3555  
  3556  	guestUser := &model.User{}
  3557  	guestUser.Email = MakeEmail()
  3558  	guestUser.Roles = model.SYSTEM_GUEST_ROLE_ID
  3559  	_, err = ss.User().Save(guestUser)
  3560  	require.NoError(t, err)
  3561  	defer func() { require.NoError(t, ss.User().PermanentDelete(guestUser.Id)) }()
  3562  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: guestUser.Id, SchemeAdmin: false, SchemeUser: false, SchemeGuest: true}, -1)
  3563  	require.NoError(t, nErr)
  3564  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{UserId: guestUser.Id, ChannelId: channelId, SchemeAdmin: false, SchemeUser: false, SchemeGuest: true, NotifyProps: model.GetDefaultChannelNotifyProps()})
  3565  	require.NoError(t, nErr)
  3566  
  3567  	teamAdmin := &model.User{}
  3568  	teamAdmin.Email = MakeEmail()
  3569  	teamAdmin.Roles = model.SYSTEM_USER_ROLE_ID
  3570  	_, err = ss.User().Save(teamAdmin)
  3571  	require.NoError(t, err)
  3572  	defer func() { require.NoError(t, ss.User().PermanentDelete(teamAdmin.Id)) }()
  3573  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: teamAdmin.Id, SchemeAdmin: true, SchemeUser: true}, -1)
  3574  	require.NoError(t, nErr)
  3575  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{UserId: teamAdmin.Id, ChannelId: channelId, SchemeAdmin: true, SchemeUser: true, NotifyProps: model.GetDefaultChannelNotifyProps()})
  3576  	require.NoError(t, nErr)
  3577  
  3578  	sysAdmin := &model.User{}
  3579  	sysAdmin.Email = MakeEmail()
  3580  	sysAdmin.Roles = model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID
  3581  	_, err = ss.User().Save(sysAdmin)
  3582  	require.NoError(t, err)
  3583  	defer func() { require.NoError(t, ss.User().PermanentDelete(sysAdmin.Id)) }()
  3584  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: sysAdmin.Id, SchemeAdmin: false, SchemeUser: true}, -1)
  3585  	require.NoError(t, nErr)
  3586  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{UserId: sysAdmin.Id, ChannelId: channelId, SchemeAdmin: true, SchemeUser: true, NotifyProps: model.GetDefaultChannelNotifyProps()})
  3587  	require.NoError(t, nErr)
  3588  
  3589  	// Deleted
  3590  	deletedUser := &model.User{}
  3591  	deletedUser.Email = MakeEmail()
  3592  	deletedUser.DeleteAt = model.GetMillis()
  3593  	_, err = ss.User().Save(deletedUser)
  3594  	require.NoError(t, err)
  3595  	defer func() { require.NoError(t, ss.User().PermanentDelete(deletedUser.Id)) }()
  3596  
  3597  	// Bot
  3598  	botUser, err := ss.User().Save(&model.User{
  3599  		Email: MakeEmail(),
  3600  	})
  3601  	require.NoError(t, err)
  3602  	defer func() { require.NoError(t, ss.User().PermanentDelete(botUser.Id)) }()
  3603  	_, nErr = ss.Bot().Save(&model.Bot{
  3604  		UserId:   botUser.Id,
  3605  		Username: botUser.Username,
  3606  		OwnerId:  regularUser.Id,
  3607  	})
  3608  	require.NoError(t, nErr)
  3609  	botUser.IsBot = true
  3610  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(botUser.Id)) }()
  3611  
  3612  	testCases := []struct {
  3613  		Description string
  3614  		Options     model.UserCountOptions
  3615  		Expected    int64
  3616  	}{
  3617  		{
  3618  			"No bot accounts no deleted accounts and no team id",
  3619  			model.UserCountOptions{
  3620  				IncludeBotAccounts: false,
  3621  				IncludeDeleted:     false,
  3622  				TeamId:             "",
  3623  			},
  3624  			4,
  3625  		},
  3626  		{
  3627  			"Include bot accounts no deleted accounts and no team id",
  3628  			model.UserCountOptions{
  3629  				IncludeBotAccounts: true,
  3630  				IncludeDeleted:     false,
  3631  				TeamId:             "",
  3632  			},
  3633  			5,
  3634  		},
  3635  		{
  3636  			"Include delete accounts no bots and no team id",
  3637  			model.UserCountOptions{
  3638  				IncludeBotAccounts: false,
  3639  				IncludeDeleted:     true,
  3640  				TeamId:             "",
  3641  			},
  3642  			5,
  3643  		},
  3644  		{
  3645  			"Include bot accounts and deleted accounts and no team id",
  3646  			model.UserCountOptions{
  3647  				IncludeBotAccounts: true,
  3648  				IncludeDeleted:     true,
  3649  				TeamId:             "",
  3650  			},
  3651  			6,
  3652  		},
  3653  		{
  3654  			"Include bot accounts, deleted accounts, exclude regular users with no team id",
  3655  			model.UserCountOptions{
  3656  				IncludeBotAccounts:  true,
  3657  				IncludeDeleted:      true,
  3658  				ExcludeRegularUsers: true,
  3659  				TeamId:              "",
  3660  			},
  3661  			1,
  3662  		},
  3663  		{
  3664  			"Include bot accounts and deleted accounts with existing team id",
  3665  			model.UserCountOptions{
  3666  				IncludeBotAccounts: true,
  3667  				IncludeDeleted:     true,
  3668  				TeamId:             teamId,
  3669  			},
  3670  			4,
  3671  		},
  3672  		{
  3673  			"Include bot accounts and deleted accounts with fake team id",
  3674  			model.UserCountOptions{
  3675  				IncludeBotAccounts: true,
  3676  				IncludeDeleted:     true,
  3677  				TeamId:             model.NewId(),
  3678  			},
  3679  			0,
  3680  		},
  3681  		{
  3682  			"Include bot accounts and deleted accounts with existing team id and view restrictions allowing team",
  3683  			model.UserCountOptions{
  3684  				IncludeBotAccounts: true,
  3685  				IncludeDeleted:     true,
  3686  				TeamId:             teamId,
  3687  				ViewRestrictions:   &model.ViewUsersRestrictions{Teams: []string{teamId}},
  3688  			},
  3689  			4,
  3690  		},
  3691  		{
  3692  			"Include bot accounts and deleted accounts with existing team id and view restrictions not allowing current team",
  3693  			model.UserCountOptions{
  3694  				IncludeBotAccounts: true,
  3695  				IncludeDeleted:     true,
  3696  				TeamId:             teamId,
  3697  				ViewRestrictions:   &model.ViewUsersRestrictions{Teams: []string{model.NewId()}},
  3698  			},
  3699  			0,
  3700  		},
  3701  		{
  3702  			"Filter by system admins only",
  3703  			model.UserCountOptions{
  3704  				TeamId: teamId,
  3705  				Roles:  []string{model.SYSTEM_ADMIN_ROLE_ID},
  3706  			},
  3707  			1,
  3708  		},
  3709  		{
  3710  			"Filter by system users only",
  3711  			model.UserCountOptions{
  3712  				TeamId: teamId,
  3713  				Roles:  []string{model.SYSTEM_USER_ROLE_ID},
  3714  			},
  3715  			2,
  3716  		},
  3717  		{
  3718  			"Filter by system guests only",
  3719  			model.UserCountOptions{
  3720  				TeamId: teamId,
  3721  				Roles:  []string{model.SYSTEM_GUEST_ROLE_ID},
  3722  			},
  3723  			1,
  3724  		},
  3725  		{
  3726  			"Filter by system admins and system users",
  3727  			model.UserCountOptions{
  3728  				TeamId: teamId,
  3729  				Roles:  []string{model.SYSTEM_ADMIN_ROLE_ID, model.SYSTEM_USER_ROLE_ID},
  3730  			},
  3731  			3,
  3732  		},
  3733  		{
  3734  			"Filter by system admins, system user and system guests",
  3735  			model.UserCountOptions{
  3736  				TeamId: teamId,
  3737  				Roles:  []string{model.SYSTEM_ADMIN_ROLE_ID, model.SYSTEM_USER_ROLE_ID, model.SYSTEM_GUEST_ROLE_ID},
  3738  			},
  3739  			4,
  3740  		},
  3741  		{
  3742  			"Filter by team admins",
  3743  			model.UserCountOptions{
  3744  				TeamId:    teamId,
  3745  				TeamRoles: []string{model.TEAM_ADMIN_ROLE_ID},
  3746  			},
  3747  			1,
  3748  		},
  3749  		{
  3750  			"Filter by team members",
  3751  			model.UserCountOptions{
  3752  				TeamId:    teamId,
  3753  				TeamRoles: []string{model.TEAM_USER_ROLE_ID},
  3754  			},
  3755  			1,
  3756  		},
  3757  		{
  3758  			"Filter by team guests",
  3759  			model.UserCountOptions{
  3760  				TeamId:    teamId,
  3761  				TeamRoles: []string{model.TEAM_GUEST_ROLE_ID},
  3762  			},
  3763  			1,
  3764  		},
  3765  		{
  3766  			"Filter by team guests and any system role",
  3767  			model.UserCountOptions{
  3768  				TeamId:    teamId,
  3769  				TeamRoles: []string{model.TEAM_GUEST_ROLE_ID},
  3770  				Roles:     []string{model.SYSTEM_ADMIN_ROLE_ID},
  3771  			},
  3772  			2,
  3773  		},
  3774  		{
  3775  			"Filter by channel members",
  3776  			model.UserCountOptions{
  3777  				ChannelId:    channelId,
  3778  				ChannelRoles: []string{model.CHANNEL_USER_ROLE_ID},
  3779  			},
  3780  			1,
  3781  		},
  3782  		{
  3783  			"Filter by channel members and system admins",
  3784  			model.UserCountOptions{
  3785  				ChannelId:    channelId,
  3786  				Roles:        []string{model.SYSTEM_ADMIN_ROLE_ID},
  3787  				ChannelRoles: []string{model.CHANNEL_USER_ROLE_ID},
  3788  			},
  3789  			2,
  3790  		},
  3791  		{
  3792  			"Filter by channel members and system admins and channel admins",
  3793  			model.UserCountOptions{
  3794  				ChannelId:    channelId,
  3795  				Roles:        []string{model.SYSTEM_ADMIN_ROLE_ID},
  3796  				ChannelRoles: []string{model.CHANNEL_USER_ROLE_ID, model.CHANNEL_ADMIN_ROLE_ID},
  3797  			},
  3798  			3,
  3799  		},
  3800  		{
  3801  			"Filter by channel guests",
  3802  			model.UserCountOptions{
  3803  				ChannelId:    channelId,
  3804  				ChannelRoles: []string{model.CHANNEL_GUEST_ROLE_ID},
  3805  			},
  3806  			1,
  3807  		},
  3808  		{
  3809  			"Filter by channel guests and any system role",
  3810  			model.UserCountOptions{
  3811  				ChannelId:    channelId,
  3812  				ChannelRoles: []string{model.CHANNEL_GUEST_ROLE_ID},
  3813  				Roles:        []string{model.SYSTEM_ADMIN_ROLE_ID},
  3814  			},
  3815  			2,
  3816  		},
  3817  	}
  3818  	for _, testCase := range testCases {
  3819  		t.Run(testCase.Description, func(t *testing.T) {
  3820  			count, err := ss.User().Count(testCase.Options)
  3821  			require.NoError(t, err)
  3822  			require.Equal(t, testCase.Expected, count)
  3823  		})
  3824  	}
  3825  }
  3826  
  3827  func testUserStoreAnalyticsActiveCount(t *testing.T, ss store.Store, s SqlStore) {
  3828  
  3829  	cleanupStatusStore(t, s)
  3830  
  3831  	// Create 5 users statuses u0, u1, u2, u3, u4.
  3832  	// u4 is also a bot
  3833  	u0, err := ss.User().Save(&model.User{
  3834  		Email:    MakeEmail(),
  3835  		Username: "u0" + model.NewId(),
  3836  	})
  3837  	require.NoError(t, err)
  3838  	u1, err := ss.User().Save(&model.User{
  3839  		Email:    MakeEmail(),
  3840  		Username: "u1" + model.NewId(),
  3841  	})
  3842  	require.NoError(t, err)
  3843  	u2, err := ss.User().Save(&model.User{
  3844  		Email:    MakeEmail(),
  3845  		Username: "u2" + model.NewId(),
  3846  	})
  3847  	require.NoError(t, err)
  3848  	u3, err := ss.User().Save(&model.User{
  3849  		Email:    MakeEmail(),
  3850  		Username: "u3" + model.NewId(),
  3851  	})
  3852  	require.NoError(t, err)
  3853  	u4, err := ss.User().Save(&model.User{
  3854  		Email:    MakeEmail(),
  3855  		Username: "u4" + model.NewId(),
  3856  	})
  3857  	require.NoError(t, err)
  3858  	defer func() {
  3859  		require.NoError(t, ss.User().PermanentDelete(u0.Id))
  3860  		require.NoError(t, ss.User().PermanentDelete(u1.Id))
  3861  		require.NoError(t, ss.User().PermanentDelete(u2.Id))
  3862  		require.NoError(t, ss.User().PermanentDelete(u3.Id))
  3863  		require.NoError(t, ss.User().PermanentDelete(u4.Id))
  3864  	}()
  3865  
  3866  	_, nErr := ss.Bot().Save(&model.Bot{
  3867  		UserId:   u4.Id,
  3868  		Username: u4.Username,
  3869  		OwnerId:  u1.Id,
  3870  	})
  3871  	require.NoError(t, nErr)
  3872  
  3873  	millis := model.GetMillis()
  3874  	millisTwoDaysAgo := model.GetMillis() - (2 * DayMilliseconds)
  3875  	millisTwoMonthsAgo := model.GetMillis() - (2 * MonthMilliseconds)
  3876  
  3877  	// u0 last activity status is two months ago.
  3878  	// u1 last activity status is two days ago.
  3879  	// u2, u3, u4 last activity is within last day
  3880  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u0.Id, Status: model.STATUS_OFFLINE, LastActivityAt: millisTwoMonthsAgo}))
  3881  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u1.Id, Status: model.STATUS_OFFLINE, LastActivityAt: millisTwoDaysAgo}))
  3882  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u2.Id, Status: model.STATUS_OFFLINE, LastActivityAt: millis}))
  3883  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u3.Id, Status: model.STATUS_OFFLINE, LastActivityAt: millis}))
  3884  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u4.Id, Status: model.STATUS_OFFLINE, LastActivityAt: millis}))
  3885  
  3886  	// Daily counts (without bots)
  3887  	count, err := ss.User().AnalyticsActiveCount(DayMilliseconds, model.UserCountOptions{IncludeBotAccounts: false, IncludeDeleted: true})
  3888  	require.NoError(t, err)
  3889  	assert.Equal(t, int64(2), count)
  3890  
  3891  	// Daily counts (with bots)
  3892  	count, err = ss.User().AnalyticsActiveCount(DayMilliseconds, model.UserCountOptions{IncludeBotAccounts: true, IncludeDeleted: true})
  3893  	require.NoError(t, err)
  3894  	assert.Equal(t, int64(3), count)
  3895  
  3896  	// Monthly counts (without bots)
  3897  	count, err = ss.User().AnalyticsActiveCount(MonthMilliseconds, model.UserCountOptions{IncludeBotAccounts: false, IncludeDeleted: true})
  3898  	require.NoError(t, err)
  3899  	assert.Equal(t, int64(3), count)
  3900  
  3901  	// Monthly counts - (with bots)
  3902  	count, err = ss.User().AnalyticsActiveCount(MonthMilliseconds, model.UserCountOptions{IncludeBotAccounts: true, IncludeDeleted: true})
  3903  	require.NoError(t, err)
  3904  	assert.Equal(t, int64(4), count)
  3905  
  3906  	// Monthly counts - (with bots, excluding deleted)
  3907  	count, err = ss.User().AnalyticsActiveCount(MonthMilliseconds, model.UserCountOptions{IncludeBotAccounts: true, IncludeDeleted: false})
  3908  	require.NoError(t, err)
  3909  	assert.Equal(t, int64(4), count)
  3910  }
  3911  
  3912  func testUserStoreAnalyticsActiveCountForPeriod(t *testing.T, ss store.Store, s SqlStore) {
  3913  
  3914  	cleanupStatusStore(t, s)
  3915  
  3916  	// Create 5 users statuses u0, u1, u2, u3, u4.
  3917  	// u4 is also a bot
  3918  	u0, err := ss.User().Save(&model.User{
  3919  		Email:    MakeEmail(),
  3920  		Username: "u0" + model.NewId(),
  3921  	})
  3922  	require.NoError(t, err)
  3923  	u1, err := ss.User().Save(&model.User{
  3924  		Email:    MakeEmail(),
  3925  		Username: "u1" + model.NewId(),
  3926  	})
  3927  	require.NoError(t, err)
  3928  	u2, err := ss.User().Save(&model.User{
  3929  		Email:    MakeEmail(),
  3930  		Username: "u2" + model.NewId(),
  3931  	})
  3932  	require.NoError(t, err)
  3933  	u3, err := ss.User().Save(&model.User{
  3934  		Email:    MakeEmail(),
  3935  		Username: "u3" + model.NewId(),
  3936  	})
  3937  	require.NoError(t, err)
  3938  	u4, err := ss.User().Save(&model.User{
  3939  		Email:    MakeEmail(),
  3940  		Username: "u4" + model.NewId(),
  3941  	})
  3942  	require.NoError(t, err)
  3943  	defer func() {
  3944  		require.NoError(t, ss.User().PermanentDelete(u0.Id))
  3945  		require.NoError(t, ss.User().PermanentDelete(u1.Id))
  3946  		require.NoError(t, ss.User().PermanentDelete(u2.Id))
  3947  		require.NoError(t, ss.User().PermanentDelete(u3.Id))
  3948  		require.NoError(t, ss.User().PermanentDelete(u4.Id))
  3949  	}()
  3950  
  3951  	_, nErr := ss.Bot().Save(&model.Bot{
  3952  		UserId:   u4.Id,
  3953  		Username: u4.Username,
  3954  		OwnerId:  u1.Id,
  3955  	})
  3956  	require.NoError(t, nErr)
  3957  
  3958  	millis := model.GetMillis()
  3959  	millisTwoDaysAgo := model.GetMillis() - (2 * DayMilliseconds)
  3960  	millisTwoMonthsAgo := model.GetMillis() - (2 * MonthMilliseconds)
  3961  
  3962  	// u0 last activity status is two months ago.
  3963  	// u1 last activity status is one month ago
  3964  	// u2 last activiy is two days ago
  3965  	// u2 last activity is one day ago
  3966  	// u3 last activity is within last day
  3967  	// u4 last activity is within last day
  3968  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u0.Id, Status: model.STATUS_OFFLINE, LastActivityAt: millisTwoMonthsAgo}))
  3969  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u1.Id, Status: model.STATUS_OFFLINE, LastActivityAt: millisTwoMonthsAgo + MonthMilliseconds}))
  3970  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u2.Id, Status: model.STATUS_OFFLINE, LastActivityAt: millisTwoDaysAgo}))
  3971  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u3.Id, Status: model.STATUS_OFFLINE, LastActivityAt: millisTwoDaysAgo + DayMilliseconds}))
  3972  	require.NoError(t, ss.Status().SaveOrUpdate(&model.Status{UserId: u4.Id, Status: model.STATUS_OFFLINE, LastActivityAt: millis}))
  3973  
  3974  	// Two months to two days (without bots)
  3975  	count, nerr := ss.User().AnalyticsActiveCountForPeriod(millisTwoMonthsAgo, millisTwoDaysAgo, model.UserCountOptions{IncludeBotAccounts: false, IncludeDeleted: false})
  3976  	require.NoError(t, nerr)
  3977  	assert.Equal(t, int64(2), count)
  3978  
  3979  	// Two months to two days (without bots)
  3980  	count, nerr = ss.User().AnalyticsActiveCountForPeriod(millisTwoMonthsAgo, millisTwoDaysAgo, model.UserCountOptions{IncludeBotAccounts: false, IncludeDeleted: true})
  3981  	require.NoError(t, nerr)
  3982  	assert.Equal(t, int64(2), count)
  3983  
  3984  	// Two days to present - (with bots)
  3985  	count, nerr = ss.User().AnalyticsActiveCountForPeriod(millisTwoDaysAgo, millis, model.UserCountOptions{IncludeBotAccounts: true, IncludeDeleted: false})
  3986  	require.NoError(t, nerr)
  3987  	assert.Equal(t, int64(2), count)
  3988  
  3989  	// Two days to present - (with bots, excluding deleted)
  3990  	count, nerr = ss.User().AnalyticsActiveCountForPeriod(millisTwoDaysAgo, millis, model.UserCountOptions{IncludeBotAccounts: true, IncludeDeleted: true})
  3991  	require.NoError(t, nerr)
  3992  	assert.Equal(t, int64(2), count)
  3993  }
  3994  
  3995  func testUserStoreAnalyticsGetInactiveUsersCount(t *testing.T, ss store.Store) {
  3996  	u1 := &model.User{}
  3997  	u1.Email = MakeEmail()
  3998  	_, err := ss.User().Save(u1)
  3999  	require.NoError(t, err)
  4000  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  4001  
  4002  	count, err := ss.User().AnalyticsGetInactiveUsersCount()
  4003  	require.NoError(t, err)
  4004  
  4005  	u2 := &model.User{}
  4006  	u2.Email = MakeEmail()
  4007  	u2.DeleteAt = model.GetMillis()
  4008  	_, err = ss.User().Save(u2)
  4009  	require.NoError(t, err)
  4010  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  4011  
  4012  	newCount, err := ss.User().AnalyticsGetInactiveUsersCount()
  4013  	require.NoError(t, err)
  4014  	require.Equal(t, count, newCount-1, "Expected 1 more inactive users but found otherwise.")
  4015  }
  4016  
  4017  func testUserStoreAnalyticsGetSystemAdminCount(t *testing.T, ss store.Store) {
  4018  	countBefore, err := ss.User().AnalyticsGetSystemAdminCount()
  4019  	require.NoError(t, err)
  4020  
  4021  	u1 := model.User{}
  4022  	u1.Email = MakeEmail()
  4023  	u1.Username = model.NewId()
  4024  	u1.Roles = "system_user system_admin"
  4025  
  4026  	u2 := model.User{}
  4027  	u2.Email = MakeEmail()
  4028  	u2.Username = model.NewId()
  4029  
  4030  	_, nErr := ss.User().Save(&u1)
  4031  	require.NoError(t, nErr, "couldn't save user")
  4032  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  4033  
  4034  	_, nErr = ss.User().Save(&u2)
  4035  	require.NoError(t, nErr, "couldn't save user")
  4036  
  4037  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  4038  
  4039  	result, err := ss.User().AnalyticsGetSystemAdminCount()
  4040  	require.NoError(t, err)
  4041  	require.Equal(t, countBefore+1, result, "Did not get the expected number of system admins.")
  4042  
  4043  }
  4044  
  4045  func testUserStoreAnalyticsGetGuestCount(t *testing.T, ss store.Store) {
  4046  	countBefore, err := ss.User().AnalyticsGetGuestCount()
  4047  	require.NoError(t, err)
  4048  
  4049  	u1 := model.User{}
  4050  	u1.Email = MakeEmail()
  4051  	u1.Username = model.NewId()
  4052  	u1.Roles = "system_user system_admin"
  4053  
  4054  	u2 := model.User{}
  4055  	u2.Email = MakeEmail()
  4056  	u2.Username = model.NewId()
  4057  	u2.Roles = "system_user"
  4058  
  4059  	u3 := model.User{}
  4060  	u3.Email = MakeEmail()
  4061  	u3.Username = model.NewId()
  4062  	u3.Roles = "system_guest"
  4063  
  4064  	_, nErr := ss.User().Save(&u1)
  4065  	require.NoError(t, nErr, "couldn't save user")
  4066  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  4067  
  4068  	_, nErr = ss.User().Save(&u2)
  4069  	require.NoError(t, nErr, "couldn't save user")
  4070  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  4071  
  4072  	_, nErr = ss.User().Save(&u3)
  4073  	require.NoError(t, nErr, "couldn't save user")
  4074  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  4075  
  4076  	result, err := ss.User().AnalyticsGetGuestCount()
  4077  	require.NoError(t, err)
  4078  	require.Equal(t, countBefore+1, result, "Did not get the expected number of guests.")
  4079  }
  4080  
  4081  func testUserStoreAnalyticsGetExternalUsers(t *testing.T, ss store.Store) {
  4082  	localHostDomain := "mattermost.com"
  4083  	result, err := ss.User().AnalyticsGetExternalUsers(localHostDomain)
  4084  	require.NoError(t, err)
  4085  	assert.False(t, result)
  4086  
  4087  	u1 := model.User{}
  4088  	u1.Email = "a@mattermost.com"
  4089  	u1.Username = model.NewId()
  4090  	u1.Roles = "system_user system_admin"
  4091  
  4092  	u2 := model.User{}
  4093  	u2.Email = "b@example.com"
  4094  	u2.Username = model.NewId()
  4095  	u2.Roles = "system_user"
  4096  
  4097  	u3 := model.User{}
  4098  	u3.Email = "c@test.com"
  4099  	u3.Username = model.NewId()
  4100  	u3.Roles = "system_guest"
  4101  
  4102  	_, err = ss.User().Save(&u1)
  4103  	require.NoError(t, err, "couldn't save user")
  4104  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  4105  
  4106  	_, err = ss.User().Save(&u2)
  4107  	require.NoError(t, err, "couldn't save user")
  4108  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  4109  
  4110  	_, err = ss.User().Save(&u3)
  4111  	require.NoError(t, err, "couldn't save user")
  4112  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  4113  
  4114  	result, err = ss.User().AnalyticsGetExternalUsers(localHostDomain)
  4115  	require.NoError(t, err)
  4116  	assert.True(t, result)
  4117  }
  4118  
  4119  func testUserStoreGetProfilesNotInTeam(t *testing.T, ss store.Store) {
  4120  	team, err := ss.Team().Save(&model.Team{
  4121  		DisplayName: "Team",
  4122  		Name:        "zz" + model.NewId(),
  4123  		Type:        model.TEAM_OPEN,
  4124  	})
  4125  	require.NoError(t, err)
  4126  
  4127  	teamId := team.Id
  4128  	teamId2 := model.NewId()
  4129  
  4130  	u1, err := ss.User().Save(&model.User{
  4131  		Email:    MakeEmail(),
  4132  		Username: "u1" + model.NewId(),
  4133  	})
  4134  	require.NoError(t, err)
  4135  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  4136  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  4137  	require.NoError(t, nErr)
  4138  
  4139  	// Ensure update at timestamp changes
  4140  	time.Sleep(time.Millisecond)
  4141  
  4142  	u2, err := ss.User().Save(&model.User{
  4143  		Email:    MakeEmail(),
  4144  		Username: "u2" + model.NewId(),
  4145  	})
  4146  	require.NoError(t, err)
  4147  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  4148  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId2, UserId: u2.Id}, -1)
  4149  	require.NoError(t, nErr)
  4150  
  4151  	// Ensure update at timestamp changes
  4152  	time.Sleep(time.Millisecond)
  4153  
  4154  	u3, err := ss.User().Save(&model.User{
  4155  		Email:    MakeEmail(),
  4156  		Username: "u3" + model.NewId(),
  4157  	})
  4158  	require.NoError(t, err)
  4159  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  4160  	_, nErr = ss.Bot().Save(&model.Bot{
  4161  		UserId:   u3.Id,
  4162  		Username: u3.Username,
  4163  		OwnerId:  u1.Id,
  4164  	})
  4165  	require.NoError(t, nErr)
  4166  	u3.IsBot = true
  4167  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  4168  
  4169  	var etag1, etag2, etag3 string
  4170  
  4171  	t.Run("etag for profiles not in team 1", func(t *testing.T) {
  4172  		etag1 = ss.User().GetEtagForProfilesNotInTeam(teamId)
  4173  	})
  4174  
  4175  	t.Run("get not in team 1, offset 0, limit 100000", func(t *testing.T) {
  4176  		users, userErr := ss.User().GetProfilesNotInTeam(teamId, false, 0, 100000, nil)
  4177  		require.NoError(t, userErr)
  4178  		assert.Equal(t, []*model.User{
  4179  			sanitized(u2),
  4180  			sanitized(u3),
  4181  		}, users)
  4182  	})
  4183  
  4184  	t.Run("get not in team 1, offset 1, limit 1", func(t *testing.T) {
  4185  		users, userErr := ss.User().GetProfilesNotInTeam(teamId, false, 1, 1, nil)
  4186  		require.NoError(t, userErr)
  4187  		assert.Equal(t, []*model.User{
  4188  			sanitized(u3),
  4189  		}, users)
  4190  	})
  4191  
  4192  	t.Run("get not in team 2, offset 0, limit 100", func(t *testing.T) {
  4193  		users, userErr := ss.User().GetProfilesNotInTeam(teamId2, false, 0, 100, nil)
  4194  		require.NoError(t, userErr)
  4195  		assert.Equal(t, []*model.User{
  4196  			sanitized(u1),
  4197  			sanitized(u3),
  4198  		}, users)
  4199  	})
  4200  
  4201  	// Ensure update at timestamp changes
  4202  	time.Sleep(time.Millisecond)
  4203  
  4204  	// Add u2 to team 1
  4205  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  4206  	require.NoError(t, nErr)
  4207  	u2.UpdateAt, err = ss.User().UpdateUpdateAt(u2.Id)
  4208  	require.NoError(t, err)
  4209  
  4210  	t.Run("etag for profiles not in team 1 after update", func(t *testing.T) {
  4211  		etag2 = ss.User().GetEtagForProfilesNotInTeam(teamId)
  4212  		require.NotEqual(t, etag2, etag1, "etag should have changed")
  4213  	})
  4214  
  4215  	t.Run("get not in team 1, offset 0, limit 100000 after update", func(t *testing.T) {
  4216  		users, userErr := ss.User().GetProfilesNotInTeam(teamId, false, 0, 100000, nil)
  4217  		require.NoError(t, userErr)
  4218  		assert.Equal(t, []*model.User{
  4219  			sanitized(u3),
  4220  		}, users)
  4221  	})
  4222  
  4223  	// Ensure update at timestamp changes
  4224  	time.Sleep(time.Millisecond)
  4225  
  4226  	e := ss.Team().RemoveMember(teamId, u1.Id)
  4227  	require.NoError(t, e)
  4228  	e = ss.Team().RemoveMember(teamId, u2.Id)
  4229  	require.NoError(t, e)
  4230  
  4231  	u1.UpdateAt, err = ss.User().UpdateUpdateAt(u1.Id)
  4232  	require.NoError(t, err)
  4233  	u2.UpdateAt, err = ss.User().UpdateUpdateAt(u2.Id)
  4234  	require.NoError(t, err)
  4235  
  4236  	t.Run("etag for profiles not in team 1 after second update", func(t *testing.T) {
  4237  		etag3 = ss.User().GetEtagForProfilesNotInTeam(teamId)
  4238  		require.NotEqual(t, etag1, etag3, "etag should have changed")
  4239  		require.NotEqual(t, etag2, etag3, "etag should have changed")
  4240  	})
  4241  
  4242  	t.Run("get not in team 1, offset 0, limit 100000 after second update", func(t *testing.T) {
  4243  		users, userErr := ss.User().GetProfilesNotInTeam(teamId, false, 0, 100000, nil)
  4244  		require.NoError(t, userErr)
  4245  		assert.Equal(t, []*model.User{
  4246  			sanitized(u1),
  4247  			sanitized(u2),
  4248  			sanitized(u3),
  4249  		}, users)
  4250  	})
  4251  
  4252  	// Ensure update at timestamp changes
  4253  	time.Sleep(time.Millisecond)
  4254  
  4255  	u4, err := ss.User().Save(&model.User{
  4256  		Email:    MakeEmail(),
  4257  		Username: "u4" + model.NewId(),
  4258  	})
  4259  	require.NoError(t, err)
  4260  	defer func() { require.NoError(t, ss.User().PermanentDelete(u4.Id)) }()
  4261  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u4.Id}, -1)
  4262  	require.NoError(t, nErr)
  4263  
  4264  	t.Run("etag for profiles not in team 1 after addition to team", func(t *testing.T) {
  4265  		etag4 := ss.User().GetEtagForProfilesNotInTeam(teamId)
  4266  		require.Equal(t, etag3, etag4, "etag should not have changed")
  4267  	})
  4268  
  4269  	// Add u3 to team 2
  4270  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId2, UserId: u3.Id}, -1)
  4271  	require.NoError(t, nErr)
  4272  	u3.UpdateAt, err = ss.User().UpdateUpdateAt(u3.Id)
  4273  	require.NoError(t, err)
  4274  
  4275  	// GetEtagForProfilesNotInTeam produces a new etag every time a member, not
  4276  	// in the team, gets a new UpdateAt value. In the case that an older member
  4277  	// in the set joins a different team, their UpdateAt value changes, thus
  4278  	// creating a new etag (even though the user set doesn't change). A hashing
  4279  	// solution, which only uses UserIds, would solve this issue.
  4280  	t.Run("etag for profiles not in team 1 after u3 added to team 2", func(t *testing.T) {
  4281  		t.Skip()
  4282  		etag4 := ss.User().GetEtagForProfilesNotInTeam(teamId)
  4283  		require.Equal(t, etag3, etag4, "etag should not have changed")
  4284  	})
  4285  
  4286  	t.Run("get not in team 1, offset 0, limit 100000 after second update, setting group constrained when it's not", func(t *testing.T) {
  4287  		users, userErr := ss.User().GetProfilesNotInTeam(teamId, true, 0, 100000, nil)
  4288  		require.NoError(t, userErr)
  4289  		assert.Empty(t, users)
  4290  	})
  4291  
  4292  	// create a group
  4293  	group, err := ss.Group().Create(&model.Group{
  4294  		Name:        model.NewString("n_" + model.NewId()),
  4295  		DisplayName: "dn_" + model.NewId(),
  4296  		Source:      model.GroupSourceLdap,
  4297  		RemoteId:    "ri_" + model.NewId(),
  4298  	})
  4299  	require.NoError(t, err)
  4300  
  4301  	// add two members to the group
  4302  	for _, u := range []*model.User{u1, u2} {
  4303  		_, err = ss.Group().UpsertMember(group.Id, u.Id)
  4304  		require.NoError(t, err)
  4305  	}
  4306  
  4307  	// associate the group with the team
  4308  	_, err = ss.Group().CreateGroupSyncable(&model.GroupSyncable{
  4309  		GroupId:    group.Id,
  4310  		SyncableId: teamId,
  4311  		Type:       model.GroupSyncableTypeTeam,
  4312  	})
  4313  	require.NoError(t, err)
  4314  
  4315  	t.Run("get not in team 1, offset 0, limit 100000 after second update, setting group constrained", func(t *testing.T) {
  4316  		users, userErr := ss.User().GetProfilesNotInTeam(teamId, true, 0, 100000, nil)
  4317  		require.NoError(t, userErr)
  4318  		assert.Equal(t, []*model.User{
  4319  			sanitized(u1),
  4320  			sanitized(u2),
  4321  		}, users)
  4322  	})
  4323  }
  4324  
  4325  func testUserStoreClearAllCustomRoleAssignments(t *testing.T, ss store.Store) {
  4326  	u1 := model.User{
  4327  		Email:    MakeEmail(),
  4328  		Username: model.NewId(),
  4329  		Roles:    "system_user system_admin system_post_all",
  4330  	}
  4331  	u2 := model.User{
  4332  		Email:    MakeEmail(),
  4333  		Username: model.NewId(),
  4334  		Roles:    "system_user custom_role system_admin another_custom_role",
  4335  	}
  4336  	u3 := model.User{
  4337  		Email:    MakeEmail(),
  4338  		Username: model.NewId(),
  4339  		Roles:    "system_user",
  4340  	}
  4341  	u4 := model.User{
  4342  		Email:    MakeEmail(),
  4343  		Username: model.NewId(),
  4344  		Roles:    "custom_only",
  4345  	}
  4346  
  4347  	_, err := ss.User().Save(&u1)
  4348  	require.NoError(t, err)
  4349  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  4350  	_, err = ss.User().Save(&u2)
  4351  	require.NoError(t, err)
  4352  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  4353  	_, err = ss.User().Save(&u3)
  4354  	require.NoError(t, err)
  4355  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  4356  	_, err = ss.User().Save(&u4)
  4357  	require.NoError(t, err)
  4358  	defer func() { require.NoError(t, ss.User().PermanentDelete(u4.Id)) }()
  4359  
  4360  	require.NoError(t, ss.User().ClearAllCustomRoleAssignments())
  4361  
  4362  	r1, err := ss.User().GetByUsername(u1.Username)
  4363  	require.NoError(t, err)
  4364  	assert.Equal(t, u1.Roles, r1.Roles)
  4365  
  4366  	r2, err1 := ss.User().GetByUsername(u2.Username)
  4367  	require.NoError(t, err1)
  4368  	assert.Equal(t, "system_user system_admin", r2.Roles)
  4369  
  4370  	r3, err2 := ss.User().GetByUsername(u3.Username)
  4371  	require.NoError(t, err2)
  4372  	assert.Equal(t, u3.Roles, r3.Roles)
  4373  
  4374  	r4, err3 := ss.User().GetByUsername(u4.Username)
  4375  	require.NoError(t, err3)
  4376  	assert.Equal(t, "", r4.Roles)
  4377  }
  4378  
  4379  func testUserStoreGetAllAfter(t *testing.T, ss store.Store) {
  4380  	u1, err := ss.User().Save(&model.User{
  4381  		Email:    MakeEmail(),
  4382  		Username: model.NewId(),
  4383  		Roles:    "system_user system_admin system_post_all",
  4384  	})
  4385  	require.NoError(t, err)
  4386  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  4387  
  4388  	u2, err := ss.User().Save(&model.User{
  4389  		Email:    MakeEmail(),
  4390  		Username: "u2" + model.NewId(),
  4391  	})
  4392  	require.NoError(t, err)
  4393  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  4394  	_, nErr := ss.Bot().Save(&model.Bot{
  4395  		UserId:   u2.Id,
  4396  		Username: u2.Username,
  4397  		OwnerId:  u1.Id,
  4398  	})
  4399  	require.NoError(t, nErr)
  4400  	u2.IsBot = true
  4401  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u2.Id)) }()
  4402  
  4403  	expected := []*model.User{u1, u2}
  4404  	if strings.Compare(u2.Id, u1.Id) < 0 {
  4405  		expected = []*model.User{u2, u1}
  4406  	}
  4407  
  4408  	t.Run("get after lowest possible id", func(t *testing.T) {
  4409  		actual, err := ss.User().GetAllAfter(10000, strings.Repeat("0", 26))
  4410  		require.NoError(t, err)
  4411  
  4412  		assert.Equal(t, expected, actual)
  4413  	})
  4414  
  4415  	t.Run("get after first user", func(t *testing.T) {
  4416  		actual, err := ss.User().GetAllAfter(10000, expected[0].Id)
  4417  		require.NoError(t, err)
  4418  
  4419  		assert.Equal(t, []*model.User{expected[1]}, actual)
  4420  	})
  4421  
  4422  	t.Run("get after second user", func(t *testing.T) {
  4423  		actual, err := ss.User().GetAllAfter(10000, expected[1].Id)
  4424  		require.NoError(t, err)
  4425  
  4426  		assert.Equal(t, []*model.User{}, actual)
  4427  	})
  4428  }
  4429  
  4430  func testUserStoreGetUsersBatchForIndexing(t *testing.T, ss store.Store) {
  4431  	// Set up all the objects needed
  4432  	t1, err := ss.Team().Save(&model.Team{
  4433  		DisplayName: "Team1",
  4434  		Name:        "zz" + model.NewId(),
  4435  		Type:        model.TEAM_OPEN,
  4436  	})
  4437  	require.NoError(t, err)
  4438  
  4439  	ch1 := &model.Channel{
  4440  		Name: model.NewId(),
  4441  		Type: model.CHANNEL_OPEN,
  4442  	}
  4443  	cPub1, nErr := ss.Channel().Save(ch1, -1)
  4444  	require.NoError(t, nErr)
  4445  
  4446  	ch2 := &model.Channel{
  4447  		Name: model.NewId(),
  4448  		Type: model.CHANNEL_OPEN,
  4449  	}
  4450  	cPub2, nErr := ss.Channel().Save(ch2, -1)
  4451  	require.NoError(t, nErr)
  4452  
  4453  	ch3 := &model.Channel{
  4454  		Name: model.NewId(),
  4455  		Type: model.CHANNEL_PRIVATE,
  4456  	}
  4457  
  4458  	cPriv, nErr := ss.Channel().Save(ch3, -1)
  4459  	require.NoError(t, nErr)
  4460  
  4461  	u1, err := ss.User().Save(&model.User{
  4462  		Email:    MakeEmail(),
  4463  		Username: model.NewId(),
  4464  		CreateAt: model.GetMillis(),
  4465  	})
  4466  	require.NoError(t, err)
  4467  
  4468  	time.Sleep(time.Millisecond)
  4469  
  4470  	u2, err := ss.User().Save(&model.User{
  4471  		Email:    MakeEmail(),
  4472  		Username: model.NewId(),
  4473  		CreateAt: model.GetMillis(),
  4474  	})
  4475  	require.NoError(t, err)
  4476  	_, nErr = ss.Team().SaveMember(&model.TeamMember{
  4477  		UserId: u2.Id,
  4478  		TeamId: t1.Id,
  4479  	}, 100)
  4480  	require.NoError(t, nErr)
  4481  	_, err = ss.Channel().SaveMember(&model.ChannelMember{
  4482  		UserId:      u2.Id,
  4483  		ChannelId:   cPub1.Id,
  4484  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  4485  	})
  4486  	require.NoError(t, err)
  4487  	_, err = ss.Channel().SaveMember(&model.ChannelMember{
  4488  		UserId:      u2.Id,
  4489  		ChannelId:   cPub2.Id,
  4490  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  4491  	})
  4492  	require.NoError(t, err)
  4493  
  4494  	startTime := u2.CreateAt
  4495  	time.Sleep(time.Millisecond)
  4496  
  4497  	u3, err := ss.User().Save(&model.User{
  4498  		Email:    MakeEmail(),
  4499  		Username: model.NewId(),
  4500  		CreateAt: model.GetMillis(),
  4501  	})
  4502  	require.NoError(t, err)
  4503  	_, nErr = ss.Team().SaveMember(&model.TeamMember{
  4504  		UserId:   u3.Id,
  4505  		TeamId:   t1.Id,
  4506  		DeleteAt: model.GetMillis(),
  4507  	}, 100)
  4508  	require.NoError(t, nErr)
  4509  	_, err = ss.Channel().SaveMember(&model.ChannelMember{
  4510  		UserId:      u3.Id,
  4511  		ChannelId:   cPub2.Id,
  4512  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  4513  	})
  4514  	require.NoError(t, err)
  4515  	_, err = ss.Channel().SaveMember(&model.ChannelMember{
  4516  		UserId:      u3.Id,
  4517  		ChannelId:   cPriv.Id,
  4518  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  4519  	})
  4520  	require.NoError(t, err)
  4521  
  4522  	endTime := u3.CreateAt
  4523  
  4524  	// First and last user should be outside the range
  4525  	res1List, err := ss.User().GetUsersBatchForIndexing(startTime, endTime, 100)
  4526  	require.NoError(t, err)
  4527  
  4528  	assert.Len(t, res1List, 1)
  4529  	assert.Equal(t, res1List[0].Username, u2.Username)
  4530  	assert.ElementsMatch(t, res1List[0].TeamsIds, []string{t1.Id})
  4531  	assert.ElementsMatch(t, res1List[0].ChannelsIds, []string{cPub1.Id, cPub2.Id})
  4532  
  4533  	// Update startTime to include first user
  4534  	startTime = u1.CreateAt
  4535  	res2List, err := ss.User().GetUsersBatchForIndexing(startTime, endTime, 100)
  4536  	require.NoError(t, err)
  4537  
  4538  	assert.Len(t, res2List, 2)
  4539  	assert.Equal(t, res2List[0].Username, u1.Username)
  4540  	assert.Equal(t, res2List[0].ChannelsIds, []string{})
  4541  	assert.Equal(t, res2List[0].TeamsIds, []string{})
  4542  	assert.Equal(t, res2List[1].Username, u2.Username)
  4543  
  4544  	// Update endTime to include last user
  4545  	endTime = model.GetMillis()
  4546  	res3List, err := ss.User().GetUsersBatchForIndexing(startTime, endTime, 100)
  4547  	require.NoError(t, err)
  4548  
  4549  	assert.Len(t, res3List, 3)
  4550  	assert.Equal(t, res3List[0].Username, u1.Username)
  4551  	assert.Equal(t, res3List[1].Username, u2.Username)
  4552  	assert.Equal(t, res3List[2].Username, u3.Username)
  4553  	assert.ElementsMatch(t, res3List[2].TeamsIds, []string{})
  4554  	assert.ElementsMatch(t, res3List[2].ChannelsIds, []string{cPub2.Id})
  4555  
  4556  	// Testing the limit
  4557  	res4List, err := ss.User().GetUsersBatchForIndexing(startTime, endTime, 2)
  4558  	require.NoError(t, err)
  4559  
  4560  	assert.Len(t, res4List, 2)
  4561  	assert.Equal(t, res4List[0].Username, u1.Username)
  4562  	assert.Equal(t, res4List[1].Username, u2.Username)
  4563  }
  4564  
  4565  func testUserStoreGetTeamGroupUsers(t *testing.T, ss store.Store) {
  4566  	// create team
  4567  	id := model.NewId()
  4568  	team, err := ss.Team().Save(&model.Team{
  4569  		DisplayName: "dn_" + id,
  4570  		Name:        "n-" + id,
  4571  		Email:       id + "@test.com",
  4572  		Type:        model.TEAM_INVITE,
  4573  	})
  4574  	require.NoError(t, err)
  4575  	require.NotNil(t, team)
  4576  
  4577  	// create users
  4578  	var testUsers []*model.User
  4579  	for i := 0; i < 3; i++ {
  4580  		id = model.NewId()
  4581  		user, userErr := ss.User().Save(&model.User{
  4582  			Email:     id + "@test.com",
  4583  			Username:  "un_" + id,
  4584  			Nickname:  "nn_" + id,
  4585  			FirstName: "f_" + id,
  4586  			LastName:  "l_" + id,
  4587  			Password:  "Password1",
  4588  		})
  4589  		require.NoError(t, userErr)
  4590  		require.NotNil(t, user)
  4591  		testUsers = append(testUsers, user)
  4592  	}
  4593  	require.Len(t, testUsers, 3, "testUsers length doesn't meet required length")
  4594  	userGroupA, userGroupB, userNoGroup := testUsers[0], testUsers[1], testUsers[2]
  4595  
  4596  	// add non-group-member to the team (to prove that the query isn't just returning all members)
  4597  	_, nErr := ss.Team().SaveMember(&model.TeamMember{
  4598  		TeamId: team.Id,
  4599  		UserId: userNoGroup.Id,
  4600  	}, 999)
  4601  	require.NoError(t, nErr)
  4602  
  4603  	// create groups
  4604  	var testGroups []*model.Group
  4605  	for i := 0; i < 2; i++ {
  4606  		id = model.NewId()
  4607  
  4608  		var group *model.Group
  4609  		group, err = ss.Group().Create(&model.Group{
  4610  			Name:        model.NewString("n_" + id),
  4611  			DisplayName: "dn_" + id,
  4612  			Source:      model.GroupSourceLdap,
  4613  			RemoteId:    "ri_" + id,
  4614  		})
  4615  		require.NoError(t, err)
  4616  		require.NotNil(t, group)
  4617  		testGroups = append(testGroups, group)
  4618  	}
  4619  	require.Len(t, testGroups, 2, "testGroups length doesn't meet required length")
  4620  	groupA, groupB := testGroups[0], testGroups[1]
  4621  
  4622  	// add members to groups
  4623  	_, err = ss.Group().UpsertMember(groupA.Id, userGroupA.Id)
  4624  	require.NoError(t, err)
  4625  	_, err = ss.Group().UpsertMember(groupB.Id, userGroupB.Id)
  4626  	require.NoError(t, err)
  4627  
  4628  	// association one group to team
  4629  	_, err = ss.Group().CreateGroupSyncable(&model.GroupSyncable{
  4630  		GroupId:    groupA.Id,
  4631  		SyncableId: team.Id,
  4632  		Type:       model.GroupSyncableTypeTeam,
  4633  	})
  4634  	require.NoError(t, err)
  4635  
  4636  	var users []*model.User
  4637  
  4638  	requireNUsers := func(n int) {
  4639  		users, err = ss.User().GetTeamGroupUsers(team.Id)
  4640  		require.NoError(t, err)
  4641  		require.NotNil(t, users)
  4642  		require.Len(t, users, n)
  4643  	}
  4644  
  4645  	// team not group constrained returns users
  4646  	requireNUsers(1)
  4647  
  4648  	// update team to be group-constrained
  4649  	team.GroupConstrained = model.NewBool(true)
  4650  	team, err = ss.Team().Update(team)
  4651  	require.NoError(t, err)
  4652  
  4653  	// still returns user (being group-constrained has no effect)
  4654  	requireNUsers(1)
  4655  
  4656  	// associate other group to team
  4657  	_, err = ss.Group().CreateGroupSyncable(&model.GroupSyncable{
  4658  		GroupId:    groupB.Id,
  4659  		SyncableId: team.Id,
  4660  		Type:       model.GroupSyncableTypeTeam,
  4661  	})
  4662  	require.NoError(t, err)
  4663  
  4664  	// should return users from all groups
  4665  	// 2 users now that both groups have been associated to the team
  4666  	requireNUsers(2)
  4667  
  4668  	// add team membership of allowed user
  4669  	_, nErr = ss.Team().SaveMember(&model.TeamMember{
  4670  		TeamId: team.Id,
  4671  		UserId: userGroupA.Id,
  4672  	}, 999)
  4673  	require.NoError(t, nErr)
  4674  
  4675  	// ensure allowed member still returned by query
  4676  	requireNUsers(2)
  4677  
  4678  	// delete team membership of allowed user
  4679  	err = ss.Team().RemoveMember(team.Id, userGroupA.Id)
  4680  	require.NoError(t, err)
  4681  
  4682  	// ensure removed allowed member still returned by query
  4683  	requireNUsers(2)
  4684  }
  4685  
  4686  func testUserStoreGetChannelGroupUsers(t *testing.T, ss store.Store) {
  4687  	// create channel
  4688  	id := model.NewId()
  4689  	channel, nErr := ss.Channel().Save(&model.Channel{
  4690  		DisplayName: "dn_" + id,
  4691  		Name:        "n-" + id,
  4692  		Type:        model.CHANNEL_PRIVATE,
  4693  	}, 999)
  4694  	require.NoError(t, nErr)
  4695  	require.NotNil(t, channel)
  4696  
  4697  	// create users
  4698  	var testUsers []*model.User
  4699  	for i := 0; i < 3; i++ {
  4700  		id = model.NewId()
  4701  		user, userErr := ss.User().Save(&model.User{
  4702  			Email:     id + "@test.com",
  4703  			Username:  "un_" + id,
  4704  			Nickname:  "nn_" + id,
  4705  			FirstName: "f_" + id,
  4706  			LastName:  "l_" + id,
  4707  			Password:  "Password1",
  4708  		})
  4709  		require.NoError(t, userErr)
  4710  		require.NotNil(t, user)
  4711  		testUsers = append(testUsers, user)
  4712  	}
  4713  	require.Len(t, testUsers, 3, "testUsers length doesn't meet required length")
  4714  	userGroupA, userGroupB, userNoGroup := testUsers[0], testUsers[1], testUsers[2]
  4715  
  4716  	// add non-group-member to the channel (to prove that the query isn't just returning all members)
  4717  	_, err := ss.Channel().SaveMember(&model.ChannelMember{
  4718  		ChannelId:   channel.Id,
  4719  		UserId:      userNoGroup.Id,
  4720  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  4721  	})
  4722  	require.NoError(t, err)
  4723  
  4724  	// create groups
  4725  	var testGroups []*model.Group
  4726  	for i := 0; i < 2; i++ {
  4727  		id = model.NewId()
  4728  		var group *model.Group
  4729  		group, err = ss.Group().Create(&model.Group{
  4730  			Name:        model.NewString("n_" + id),
  4731  			DisplayName: "dn_" + id,
  4732  			Source:      model.GroupSourceLdap,
  4733  			RemoteId:    "ri_" + id,
  4734  		})
  4735  		require.NoError(t, err)
  4736  		require.NotNil(t, group)
  4737  		testGroups = append(testGroups, group)
  4738  	}
  4739  	require.Len(t, testGroups, 2, "testGroups length doesn't meet required length")
  4740  	groupA, groupB := testGroups[0], testGroups[1]
  4741  
  4742  	// add members to groups
  4743  	_, err = ss.Group().UpsertMember(groupA.Id, userGroupA.Id)
  4744  	require.NoError(t, err)
  4745  	_, err = ss.Group().UpsertMember(groupB.Id, userGroupB.Id)
  4746  	require.NoError(t, err)
  4747  
  4748  	// association one group to channel
  4749  	_, err = ss.Group().CreateGroupSyncable(&model.GroupSyncable{
  4750  		GroupId:    groupA.Id,
  4751  		SyncableId: channel.Id,
  4752  		Type:       model.GroupSyncableTypeChannel,
  4753  	})
  4754  	require.NoError(t, err)
  4755  
  4756  	var users []*model.User
  4757  
  4758  	requireNUsers := func(n int) {
  4759  		users, err = ss.User().GetChannelGroupUsers(channel.Id)
  4760  		require.NoError(t, err)
  4761  		require.NotNil(t, users)
  4762  		require.Len(t, users, n)
  4763  	}
  4764  
  4765  	// channel not group constrained returns users
  4766  	requireNUsers(1)
  4767  
  4768  	// update team to be group-constrained
  4769  	channel.GroupConstrained = model.NewBool(true)
  4770  	_, nErr = ss.Channel().Update(channel)
  4771  	require.NoError(t, nErr)
  4772  
  4773  	// still returns user (being group-constrained has no effect)
  4774  	requireNUsers(1)
  4775  
  4776  	// associate other group to team
  4777  	_, err = ss.Group().CreateGroupSyncable(&model.GroupSyncable{
  4778  		GroupId:    groupB.Id,
  4779  		SyncableId: channel.Id,
  4780  		Type:       model.GroupSyncableTypeChannel,
  4781  	})
  4782  	require.NoError(t, err)
  4783  
  4784  	// should return users from all groups
  4785  	// 2 users now that both groups have been associated to the team
  4786  	requireNUsers(2)
  4787  
  4788  	// add team membership of allowed user
  4789  	_, err = ss.Channel().SaveMember(&model.ChannelMember{
  4790  		ChannelId:   channel.Id,
  4791  		UserId:      userGroupA.Id,
  4792  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  4793  	})
  4794  	require.NoError(t, err)
  4795  
  4796  	// ensure allowed member still returned by query
  4797  	requireNUsers(2)
  4798  
  4799  	// delete team membership of allowed user
  4800  	err = ss.Channel().RemoveMember(channel.Id, userGroupA.Id)
  4801  	require.NoError(t, err)
  4802  
  4803  	// ensure removed allowed member still returned by query
  4804  	requireNUsers(2)
  4805  }
  4806  
  4807  func testUserStorePromoteGuestToUser(t *testing.T, ss store.Store) {
  4808  	// create users
  4809  	t.Run("Must do nothing with regular user", func(t *testing.T) {
  4810  		id := model.NewId()
  4811  		user, err := ss.User().Save(&model.User{
  4812  			Email:     id + "@test.com",
  4813  			Username:  "un_" + id,
  4814  			Nickname:  "nn_" + id,
  4815  			FirstName: "f_" + id,
  4816  			LastName:  "l_" + id,
  4817  			Password:  "Password1",
  4818  			Roles:     "system_user",
  4819  		})
  4820  		require.NoError(t, err)
  4821  		defer func() { require.NoError(t, ss.User().PermanentDelete(user.Id)) }()
  4822  
  4823  		teamId := model.NewId()
  4824  		_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: user.Id, SchemeGuest: true, SchemeUser: false}, 999)
  4825  		require.NoError(t, nErr)
  4826  
  4827  		channel, nErr := ss.Channel().Save(&model.Channel{
  4828  			TeamId:      teamId,
  4829  			DisplayName: "Channel name",
  4830  			Name:        "channel-" + model.NewId(),
  4831  			Type:        model.CHANNEL_OPEN,
  4832  		}, -1)
  4833  		require.NoError(t, nErr)
  4834  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{ChannelId: channel.Id, UserId: user.Id, SchemeGuest: true, SchemeUser: false, NotifyProps: model.GetDefaultChannelNotifyProps()})
  4835  		require.NoError(t, nErr)
  4836  
  4837  		err = ss.User().PromoteGuestToUser(user.Id)
  4838  		require.NoError(t, err)
  4839  		updatedUser, err := ss.User().Get(context.Background(), user.Id)
  4840  		require.NoError(t, err)
  4841  		require.Equal(t, "system_user", updatedUser.Roles)
  4842  		require.True(t, user.UpdateAt < updatedUser.UpdateAt)
  4843  
  4844  		updatedTeamMember, nErr := ss.Team().GetMember(teamId, user.Id)
  4845  		require.NoError(t, nErr)
  4846  		require.False(t, updatedTeamMember.SchemeGuest)
  4847  		require.True(t, updatedTeamMember.SchemeUser)
  4848  
  4849  		updatedChannelMember, nErr := ss.Channel().GetMember(channel.Id, user.Id)
  4850  		require.NoError(t, nErr)
  4851  		require.False(t, updatedChannelMember.SchemeGuest)
  4852  		require.True(t, updatedChannelMember.SchemeUser)
  4853  	})
  4854  
  4855  	t.Run("Must do nothing with admin user", func(t *testing.T) {
  4856  		id := model.NewId()
  4857  		user, err := ss.User().Save(&model.User{
  4858  			Email:     id + "@test.com",
  4859  			Username:  "un_" + id,
  4860  			Nickname:  "nn_" + id,
  4861  			FirstName: "f_" + id,
  4862  			LastName:  "l_" + id,
  4863  			Password:  "Password1",
  4864  			Roles:     "system_user system_admin",
  4865  		})
  4866  		require.NoError(t, err)
  4867  		defer func() { require.NoError(t, ss.User().PermanentDelete(user.Id)) }()
  4868  
  4869  		teamId := model.NewId()
  4870  		_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: user.Id, SchemeGuest: true, SchemeUser: false}, 999)
  4871  		require.NoError(t, nErr)
  4872  
  4873  		channel, nErr := ss.Channel().Save(&model.Channel{
  4874  			TeamId:      teamId,
  4875  			DisplayName: "Channel name",
  4876  			Name:        "channel-" + model.NewId(),
  4877  			Type:        model.CHANNEL_OPEN,
  4878  		}, -1)
  4879  		require.NoError(t, nErr)
  4880  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{ChannelId: channel.Id, UserId: user.Id, SchemeGuest: true, SchemeUser: false, NotifyProps: model.GetDefaultChannelNotifyProps()})
  4881  		require.NoError(t, nErr)
  4882  
  4883  		err = ss.User().PromoteGuestToUser(user.Id)
  4884  		require.NoError(t, err)
  4885  		updatedUser, err := ss.User().Get(context.Background(), user.Id)
  4886  		require.NoError(t, err)
  4887  		require.Equal(t, "system_user system_admin", updatedUser.Roles)
  4888  
  4889  		updatedTeamMember, nErr := ss.Team().GetMember(teamId, user.Id)
  4890  		require.NoError(t, nErr)
  4891  		require.False(t, updatedTeamMember.SchemeGuest)
  4892  		require.True(t, updatedTeamMember.SchemeUser)
  4893  
  4894  		updatedChannelMember, nErr := ss.Channel().GetMember(channel.Id, user.Id)
  4895  		require.NoError(t, nErr)
  4896  		require.False(t, updatedChannelMember.SchemeGuest)
  4897  		require.True(t, updatedChannelMember.SchemeUser)
  4898  	})
  4899  
  4900  	t.Run("Must work with guest user without teams or channels", func(t *testing.T) {
  4901  		id := model.NewId()
  4902  		user, err := ss.User().Save(&model.User{
  4903  			Email:     id + "@test.com",
  4904  			Username:  "un_" + id,
  4905  			Nickname:  "nn_" + id,
  4906  			FirstName: "f_" + id,
  4907  			LastName:  "l_" + id,
  4908  			Password:  "Password1",
  4909  			Roles:     "system_guest",
  4910  		})
  4911  		require.NoError(t, err)
  4912  		defer func() { require.NoError(t, ss.User().PermanentDelete(user.Id)) }()
  4913  
  4914  		err = ss.User().PromoteGuestToUser(user.Id)
  4915  		require.NoError(t, err)
  4916  		updatedUser, err := ss.User().Get(context.Background(), user.Id)
  4917  		require.NoError(t, err)
  4918  		require.Equal(t, "system_user", updatedUser.Roles)
  4919  	})
  4920  
  4921  	t.Run("Must work with guest user with teams but no channels", func(t *testing.T) {
  4922  		id := model.NewId()
  4923  		user, err := ss.User().Save(&model.User{
  4924  			Email:     id + "@test.com",
  4925  			Username:  "un_" + id,
  4926  			Nickname:  "nn_" + id,
  4927  			FirstName: "f_" + id,
  4928  			LastName:  "l_" + id,
  4929  			Password:  "Password1",
  4930  			Roles:     "system_guest",
  4931  		})
  4932  		require.NoError(t, err)
  4933  		defer func() { require.NoError(t, ss.User().PermanentDelete(user.Id)) }()
  4934  
  4935  		teamId := model.NewId()
  4936  		_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: user.Id, SchemeGuest: true, SchemeUser: false}, 999)
  4937  		require.NoError(t, nErr)
  4938  
  4939  		err = ss.User().PromoteGuestToUser(user.Id)
  4940  		require.NoError(t, err)
  4941  		updatedUser, err := ss.User().Get(context.Background(), user.Id)
  4942  		require.NoError(t, err)
  4943  		require.Equal(t, "system_user", updatedUser.Roles)
  4944  
  4945  		updatedTeamMember, nErr := ss.Team().GetMember(teamId, user.Id)
  4946  		require.NoError(t, nErr)
  4947  		require.False(t, updatedTeamMember.SchemeGuest)
  4948  		require.True(t, updatedTeamMember.SchemeUser)
  4949  	})
  4950  
  4951  	t.Run("Must work with guest user with teams and channels", func(t *testing.T) {
  4952  		id := model.NewId()
  4953  		user, err := ss.User().Save(&model.User{
  4954  			Email:     id + "@test.com",
  4955  			Username:  "un_" + id,
  4956  			Nickname:  "nn_" + id,
  4957  			FirstName: "f_" + id,
  4958  			LastName:  "l_" + id,
  4959  			Password:  "Password1",
  4960  			Roles:     "system_guest",
  4961  		})
  4962  		require.NoError(t, err)
  4963  		defer func() { require.NoError(t, ss.User().PermanentDelete(user.Id)) }()
  4964  
  4965  		teamId := model.NewId()
  4966  		_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: user.Id, SchemeGuest: true, SchemeUser: false}, 999)
  4967  		require.NoError(t, nErr)
  4968  
  4969  		channel, nErr := ss.Channel().Save(&model.Channel{
  4970  			TeamId:      teamId,
  4971  			DisplayName: "Channel name",
  4972  			Name:        "channel-" + model.NewId(),
  4973  			Type:        model.CHANNEL_OPEN,
  4974  		}, -1)
  4975  		require.NoError(t, nErr)
  4976  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{ChannelId: channel.Id, UserId: user.Id, SchemeGuest: true, SchemeUser: false, NotifyProps: model.GetDefaultChannelNotifyProps()})
  4977  		require.NoError(t, nErr)
  4978  
  4979  		err = ss.User().PromoteGuestToUser(user.Id)
  4980  		require.NoError(t, err)
  4981  		updatedUser, err := ss.User().Get(context.Background(), user.Id)
  4982  		require.NoError(t, err)
  4983  		require.Equal(t, "system_user", updatedUser.Roles)
  4984  
  4985  		updatedTeamMember, nErr := ss.Team().GetMember(teamId, user.Id)
  4986  		require.NoError(t, nErr)
  4987  		require.False(t, updatedTeamMember.SchemeGuest)
  4988  		require.True(t, updatedTeamMember.SchemeUser)
  4989  
  4990  		updatedChannelMember, nErr := ss.Channel().GetMember(channel.Id, user.Id)
  4991  		require.NoError(t, nErr)
  4992  		require.False(t, updatedChannelMember.SchemeGuest)
  4993  		require.True(t, updatedChannelMember.SchemeUser)
  4994  	})
  4995  
  4996  	t.Run("Must work with guest user with teams and channels and custom role", func(t *testing.T) {
  4997  		id := model.NewId()
  4998  		user, err := ss.User().Save(&model.User{
  4999  			Email:     id + "@test.com",
  5000  			Username:  "un_" + id,
  5001  			Nickname:  "nn_" + id,
  5002  			FirstName: "f_" + id,
  5003  			LastName:  "l_" + id,
  5004  			Password:  "Password1",
  5005  			Roles:     "system_guest custom_role",
  5006  		})
  5007  		require.NoError(t, err)
  5008  		defer func() { require.NoError(t, ss.User().PermanentDelete(user.Id)) }()
  5009  
  5010  		teamId := model.NewId()
  5011  		_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: user.Id, SchemeGuest: true, SchemeUser: false}, 999)
  5012  		require.NoError(t, nErr)
  5013  
  5014  		channel, nErr := ss.Channel().Save(&model.Channel{
  5015  			TeamId:      teamId,
  5016  			DisplayName: "Channel name",
  5017  			Name:        "channel-" + model.NewId(),
  5018  			Type:        model.CHANNEL_OPEN,
  5019  		}, -1)
  5020  		require.NoError(t, nErr)
  5021  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{ChannelId: channel.Id, UserId: user.Id, SchemeGuest: true, SchemeUser: false, NotifyProps: model.GetDefaultChannelNotifyProps()})
  5022  		require.NoError(t, nErr)
  5023  
  5024  		err = ss.User().PromoteGuestToUser(user.Id)
  5025  		require.NoError(t, err)
  5026  		updatedUser, err := ss.User().Get(context.Background(), user.Id)
  5027  		require.NoError(t, err)
  5028  		require.Equal(t, "system_user custom_role", updatedUser.Roles)
  5029  
  5030  		updatedTeamMember, nErr := ss.Team().GetMember(teamId, user.Id)
  5031  		require.NoError(t, nErr)
  5032  		require.False(t, updatedTeamMember.SchemeGuest)
  5033  		require.True(t, updatedTeamMember.SchemeUser)
  5034  
  5035  		updatedChannelMember, nErr := ss.Channel().GetMember(channel.Id, user.Id)
  5036  		require.NoError(t, nErr)
  5037  		require.False(t, updatedChannelMember.SchemeGuest)
  5038  		require.True(t, updatedChannelMember.SchemeUser)
  5039  	})
  5040  
  5041  	t.Run("Must no change any other user guest role", func(t *testing.T) {
  5042  		id := model.NewId()
  5043  		user1, err := ss.User().Save(&model.User{
  5044  			Email:     id + "@test.com",
  5045  			Username:  "un_" + id,
  5046  			Nickname:  "nn_" + id,
  5047  			FirstName: "f_" + id,
  5048  			LastName:  "l_" + id,
  5049  			Password:  "Password1",
  5050  			Roles:     "system_guest",
  5051  		})
  5052  		require.NoError(t, err)
  5053  		defer func() { require.NoError(t, ss.User().PermanentDelete(user1.Id)) }()
  5054  
  5055  		teamId1 := model.NewId()
  5056  		_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId1, UserId: user1.Id, SchemeGuest: true, SchemeUser: false}, 999)
  5057  		require.NoError(t, nErr)
  5058  
  5059  		channel, nErr := ss.Channel().Save(&model.Channel{
  5060  			TeamId:      teamId1,
  5061  			DisplayName: "Channel name",
  5062  			Name:        "channel-" + model.NewId(),
  5063  			Type:        model.CHANNEL_OPEN,
  5064  		}, -1)
  5065  		require.NoError(t, nErr)
  5066  
  5067  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{ChannelId: channel.Id, UserId: user1.Id, SchemeGuest: true, SchemeUser: false, NotifyProps: model.GetDefaultChannelNotifyProps()})
  5068  		require.NoError(t, nErr)
  5069  
  5070  		id = model.NewId()
  5071  		user2, err := ss.User().Save(&model.User{
  5072  			Email:     id + "@test.com",
  5073  			Username:  "un_" + id,
  5074  			Nickname:  "nn_" + id,
  5075  			FirstName: "f_" + id,
  5076  			LastName:  "l_" + id,
  5077  			Password:  "Password1",
  5078  			Roles:     "system_guest",
  5079  		})
  5080  		require.NoError(t, err)
  5081  		defer func() { require.NoError(t, ss.User().PermanentDelete(user2.Id)) }()
  5082  
  5083  		teamId2 := model.NewId()
  5084  		_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId2, UserId: user2.Id, SchemeGuest: true, SchemeUser: false}, 999)
  5085  		require.NoError(t, nErr)
  5086  
  5087  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{ChannelId: channel.Id, UserId: user2.Id, SchemeGuest: true, SchemeUser: false, NotifyProps: model.GetDefaultChannelNotifyProps()})
  5088  		require.NoError(t, nErr)
  5089  
  5090  		err = ss.User().PromoteGuestToUser(user1.Id)
  5091  		require.NoError(t, err)
  5092  		updatedUser, err := ss.User().Get(context.Background(), user1.Id)
  5093  		require.NoError(t, err)
  5094  		require.Equal(t, "system_user", updatedUser.Roles)
  5095  
  5096  		updatedTeamMember, nErr := ss.Team().GetMember(teamId1, user1.Id)
  5097  		require.NoError(t, nErr)
  5098  		require.False(t, updatedTeamMember.SchemeGuest)
  5099  		require.True(t, updatedTeamMember.SchemeUser)
  5100  
  5101  		updatedChannelMember, nErr := ss.Channel().GetMember(channel.Id, user1.Id)
  5102  		require.NoError(t, nErr)
  5103  		require.False(t, updatedChannelMember.SchemeGuest)
  5104  		require.True(t, updatedChannelMember.SchemeUser)
  5105  
  5106  		notUpdatedUser, err := ss.User().Get(context.Background(), user2.Id)
  5107  		require.NoError(t, err)
  5108  		require.Equal(t, "system_guest", notUpdatedUser.Roles)
  5109  
  5110  		notUpdatedTeamMember, nErr := ss.Team().GetMember(teamId2, user2.Id)
  5111  		require.NoError(t, nErr)
  5112  		require.True(t, notUpdatedTeamMember.SchemeGuest)
  5113  		require.False(t, notUpdatedTeamMember.SchemeUser)
  5114  
  5115  		notUpdatedChannelMember, nErr := ss.Channel().GetMember(channel.Id, user2.Id)
  5116  		require.NoError(t, nErr)
  5117  		require.True(t, notUpdatedChannelMember.SchemeGuest)
  5118  		require.False(t, notUpdatedChannelMember.SchemeUser)
  5119  	})
  5120  }
  5121  
  5122  func testUserStoreDemoteUserToGuest(t *testing.T, ss store.Store) {
  5123  	// create users
  5124  	t.Run("Must do nothing with guest", func(t *testing.T) {
  5125  		id := model.NewId()
  5126  		user, err := ss.User().Save(&model.User{
  5127  			Email:     id + "@test.com",
  5128  			Username:  "un_" + id,
  5129  			Nickname:  "nn_" + id,
  5130  			FirstName: "f_" + id,
  5131  			LastName:  "l_" + id,
  5132  			Password:  "Password1",
  5133  			Roles:     "system_guest",
  5134  		})
  5135  		require.NoError(t, err)
  5136  		defer func() { require.NoError(t, ss.User().PermanentDelete(user.Id)) }()
  5137  
  5138  		teamId := model.NewId()
  5139  		_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: user.Id, SchemeGuest: false, SchemeUser: true}, 999)
  5140  		require.NoError(t, nErr)
  5141  
  5142  		channel, nErr := ss.Channel().Save(&model.Channel{
  5143  			TeamId:      teamId,
  5144  			DisplayName: "Channel name",
  5145  			Name:        "channel-" + model.NewId(),
  5146  			Type:        model.CHANNEL_OPEN,
  5147  		}, -1)
  5148  		require.NoError(t, nErr)
  5149  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{ChannelId: channel.Id, UserId: user.Id, SchemeGuest: false, SchemeUser: true, NotifyProps: model.GetDefaultChannelNotifyProps()})
  5150  		require.NoError(t, nErr)
  5151  
  5152  		updatedUser, err := ss.User().DemoteUserToGuest(user.Id)
  5153  		require.NoError(t, err)
  5154  		require.Equal(t, "system_guest", updatedUser.Roles)
  5155  		require.True(t, user.UpdateAt < updatedUser.UpdateAt)
  5156  
  5157  		updatedTeamMember, nErr := ss.Team().GetMember(teamId, updatedUser.Id)
  5158  		require.NoError(t, nErr)
  5159  		require.True(t, updatedTeamMember.SchemeGuest)
  5160  		require.False(t, updatedTeamMember.SchemeUser)
  5161  
  5162  		updatedChannelMember, nErr := ss.Channel().GetMember(channel.Id, updatedUser.Id)
  5163  		require.NoError(t, nErr)
  5164  		require.True(t, updatedChannelMember.SchemeGuest)
  5165  		require.False(t, updatedChannelMember.SchemeUser)
  5166  	})
  5167  
  5168  	t.Run("Must demote properly an admin user", func(t *testing.T) {
  5169  		id := model.NewId()
  5170  		user, err := ss.User().Save(&model.User{
  5171  			Email:     id + "@test.com",
  5172  			Username:  "un_" + id,
  5173  			Nickname:  "nn_" + id,
  5174  			FirstName: "f_" + id,
  5175  			LastName:  "l_" + id,
  5176  			Password:  "Password1",
  5177  			Roles:     "system_user system_admin",
  5178  		})
  5179  		require.NoError(t, err)
  5180  		defer func() { require.NoError(t, ss.User().PermanentDelete(user.Id)) }()
  5181  
  5182  		teamId := model.NewId()
  5183  		_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: user.Id, SchemeGuest: true, SchemeUser: false}, 999)
  5184  		require.NoError(t, nErr)
  5185  
  5186  		channel, nErr := ss.Channel().Save(&model.Channel{
  5187  			TeamId:      teamId,
  5188  			DisplayName: "Channel name",
  5189  			Name:        "channel-" + model.NewId(),
  5190  			Type:        model.CHANNEL_OPEN,
  5191  		}, -1)
  5192  		require.NoError(t, nErr)
  5193  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{ChannelId: channel.Id, UserId: user.Id, SchemeGuest: true, SchemeUser: false, NotifyProps: model.GetDefaultChannelNotifyProps()})
  5194  		require.NoError(t, nErr)
  5195  
  5196  		updatedUser, err := ss.User().DemoteUserToGuest(user.Id)
  5197  		require.NoError(t, err)
  5198  		require.Equal(t, "system_guest", updatedUser.Roles)
  5199  
  5200  		updatedTeamMember, nErr := ss.Team().GetMember(teamId, user.Id)
  5201  		require.NoError(t, nErr)
  5202  		require.True(t, updatedTeamMember.SchemeGuest)
  5203  		require.False(t, updatedTeamMember.SchemeUser)
  5204  
  5205  		updatedChannelMember, nErr := ss.Channel().GetMember(channel.Id, user.Id)
  5206  		require.NoError(t, nErr)
  5207  		require.True(t, updatedChannelMember.SchemeGuest)
  5208  		require.False(t, updatedChannelMember.SchemeUser)
  5209  	})
  5210  
  5211  	t.Run("Must work with user without teams or channels", func(t *testing.T) {
  5212  		id := model.NewId()
  5213  		user, err := ss.User().Save(&model.User{
  5214  			Email:     id + "@test.com",
  5215  			Username:  "un_" + id,
  5216  			Nickname:  "nn_" + id,
  5217  			FirstName: "f_" + id,
  5218  			LastName:  "l_" + id,
  5219  			Password:  "Password1",
  5220  			Roles:     "system_user",
  5221  		})
  5222  		require.NoError(t, err)
  5223  		defer func() { require.NoError(t, ss.User().PermanentDelete(user.Id)) }()
  5224  
  5225  		updatedUser, err := ss.User().DemoteUserToGuest(user.Id)
  5226  		require.NoError(t, err)
  5227  		require.Equal(t, "system_guest", updatedUser.Roles)
  5228  	})
  5229  
  5230  	t.Run("Must work with user with teams but no channels", func(t *testing.T) {
  5231  		id := model.NewId()
  5232  		user, err := ss.User().Save(&model.User{
  5233  			Email:     id + "@test.com",
  5234  			Username:  "un_" + id,
  5235  			Nickname:  "nn_" + id,
  5236  			FirstName: "f_" + id,
  5237  			LastName:  "l_" + id,
  5238  			Password:  "Password1",
  5239  			Roles:     "system_user",
  5240  		})
  5241  		require.NoError(t, err)
  5242  		defer func() { require.NoError(t, ss.User().PermanentDelete(user.Id)) }()
  5243  
  5244  		teamId := model.NewId()
  5245  		_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: user.Id, SchemeGuest: false, SchemeUser: true}, 999)
  5246  		require.NoError(t, nErr)
  5247  
  5248  		updatedUser, err := ss.User().DemoteUserToGuest(user.Id)
  5249  		require.NoError(t, err)
  5250  		require.Equal(t, "system_guest", updatedUser.Roles)
  5251  
  5252  		updatedTeamMember, nErr := ss.Team().GetMember(teamId, user.Id)
  5253  		require.NoError(t, nErr)
  5254  		require.True(t, updatedTeamMember.SchemeGuest)
  5255  		require.False(t, updatedTeamMember.SchemeUser)
  5256  	})
  5257  
  5258  	t.Run("Must work with user with teams and channels", func(t *testing.T) {
  5259  		id := model.NewId()
  5260  		user, err := ss.User().Save(&model.User{
  5261  			Email:     id + "@test.com",
  5262  			Username:  "un_" + id,
  5263  			Nickname:  "nn_" + id,
  5264  			FirstName: "f_" + id,
  5265  			LastName:  "l_" + id,
  5266  			Password:  "Password1",
  5267  			Roles:     "system_user",
  5268  		})
  5269  		require.NoError(t, err)
  5270  		defer func() { require.NoError(t, ss.User().PermanentDelete(user.Id)) }()
  5271  
  5272  		teamId := model.NewId()
  5273  		_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: user.Id, SchemeGuest: false, SchemeUser: true}, 999)
  5274  		require.NoError(t, nErr)
  5275  
  5276  		channel, nErr := ss.Channel().Save(&model.Channel{
  5277  			TeamId:      teamId,
  5278  			DisplayName: "Channel name",
  5279  			Name:        "channel-" + model.NewId(),
  5280  			Type:        model.CHANNEL_OPEN,
  5281  		}, -1)
  5282  		require.NoError(t, nErr)
  5283  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{ChannelId: channel.Id, UserId: user.Id, SchemeGuest: false, SchemeUser: true, NotifyProps: model.GetDefaultChannelNotifyProps()})
  5284  		require.NoError(t, nErr)
  5285  
  5286  		updatedUser, err := ss.User().DemoteUserToGuest(user.Id)
  5287  		require.NoError(t, err)
  5288  		require.Equal(t, "system_guest", updatedUser.Roles)
  5289  
  5290  		updatedTeamMember, nErr := ss.Team().GetMember(teamId, user.Id)
  5291  		require.NoError(t, nErr)
  5292  		require.True(t, updatedTeamMember.SchemeGuest)
  5293  		require.False(t, updatedTeamMember.SchemeUser)
  5294  
  5295  		updatedChannelMember, nErr := ss.Channel().GetMember(channel.Id, user.Id)
  5296  		require.NoError(t, nErr)
  5297  		require.True(t, updatedChannelMember.SchemeGuest)
  5298  		require.False(t, updatedChannelMember.SchemeUser)
  5299  	})
  5300  
  5301  	t.Run("Must work with user with teams and channels and custom role", func(t *testing.T) {
  5302  		id := model.NewId()
  5303  		user, err := ss.User().Save(&model.User{
  5304  			Email:     id + "@test.com",
  5305  			Username:  "un_" + id,
  5306  			Nickname:  "nn_" + id,
  5307  			FirstName: "f_" + id,
  5308  			LastName:  "l_" + id,
  5309  			Password:  "Password1",
  5310  			Roles:     "system_user custom_role",
  5311  		})
  5312  		require.NoError(t, err)
  5313  		defer func() { require.NoError(t, ss.User().PermanentDelete(user.Id)) }()
  5314  
  5315  		teamId := model.NewId()
  5316  		_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: user.Id, SchemeGuest: false, SchemeUser: true}, 999)
  5317  		require.NoError(t, nErr)
  5318  
  5319  		channel, nErr := ss.Channel().Save(&model.Channel{
  5320  			TeamId:      teamId,
  5321  			DisplayName: "Channel name",
  5322  			Name:        "channel-" + model.NewId(),
  5323  			Type:        model.CHANNEL_OPEN,
  5324  		}, -1)
  5325  		require.NoError(t, nErr)
  5326  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{ChannelId: channel.Id, UserId: user.Id, SchemeGuest: false, SchemeUser: true, NotifyProps: model.GetDefaultChannelNotifyProps()})
  5327  		require.NoError(t, nErr)
  5328  
  5329  		updatedUser, err := ss.User().DemoteUserToGuest(user.Id)
  5330  		require.NoError(t, err)
  5331  		require.Equal(t, "system_guest custom_role", updatedUser.Roles)
  5332  
  5333  		updatedTeamMember, nErr := ss.Team().GetMember(teamId, user.Id)
  5334  		require.NoError(t, nErr)
  5335  		require.True(t, updatedTeamMember.SchemeGuest)
  5336  		require.False(t, updatedTeamMember.SchemeUser)
  5337  
  5338  		updatedChannelMember, nErr := ss.Channel().GetMember(channel.Id, user.Id)
  5339  		require.NoError(t, nErr)
  5340  		require.True(t, updatedChannelMember.SchemeGuest)
  5341  		require.False(t, updatedChannelMember.SchemeUser)
  5342  	})
  5343  
  5344  	t.Run("Must no change any other user role", func(t *testing.T) {
  5345  		id := model.NewId()
  5346  		user1, err := ss.User().Save(&model.User{
  5347  			Email:     id + "@test.com",
  5348  			Username:  "un_" + id,
  5349  			Nickname:  "nn_" + id,
  5350  			FirstName: "f_" + id,
  5351  			LastName:  "l_" + id,
  5352  			Password:  "Password1",
  5353  			Roles:     "system_user",
  5354  		})
  5355  		require.NoError(t, err)
  5356  		defer func() { require.NoError(t, ss.User().PermanentDelete(user1.Id)) }()
  5357  
  5358  		teamId1 := model.NewId()
  5359  		_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId1, UserId: user1.Id, SchemeGuest: false, SchemeUser: true}, 999)
  5360  		require.NoError(t, nErr)
  5361  
  5362  		channel, nErr := ss.Channel().Save(&model.Channel{
  5363  			TeamId:      teamId1,
  5364  			DisplayName: "Channel name",
  5365  			Name:        "channel-" + model.NewId(),
  5366  			Type:        model.CHANNEL_OPEN,
  5367  		}, -1)
  5368  		require.NoError(t, nErr)
  5369  
  5370  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{ChannelId: channel.Id, UserId: user1.Id, SchemeGuest: false, SchemeUser: true, NotifyProps: model.GetDefaultChannelNotifyProps()})
  5371  		require.NoError(t, nErr)
  5372  
  5373  		id = model.NewId()
  5374  		user2, err := ss.User().Save(&model.User{
  5375  			Email:     id + "@test.com",
  5376  			Username:  "un_" + id,
  5377  			Nickname:  "nn_" + id,
  5378  			FirstName: "f_" + id,
  5379  			LastName:  "l_" + id,
  5380  			Password:  "Password1",
  5381  			Roles:     "system_user",
  5382  		})
  5383  		require.NoError(t, err)
  5384  		defer func() { require.NoError(t, ss.User().PermanentDelete(user2.Id)) }()
  5385  
  5386  		teamId2 := model.NewId()
  5387  		_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId2, UserId: user2.Id, SchemeGuest: false, SchemeUser: true}, 999)
  5388  		require.NoError(t, nErr)
  5389  
  5390  		_, nErr = ss.Channel().SaveMember(&model.ChannelMember{ChannelId: channel.Id, UserId: user2.Id, SchemeGuest: false, SchemeUser: true, NotifyProps: model.GetDefaultChannelNotifyProps()})
  5391  		require.NoError(t, nErr)
  5392  
  5393  		updatedUser, err := ss.User().DemoteUserToGuest(user1.Id)
  5394  		require.NoError(t, err)
  5395  		require.Equal(t, "system_guest", updatedUser.Roles)
  5396  
  5397  		updatedTeamMember, nErr := ss.Team().GetMember(teamId1, user1.Id)
  5398  		require.NoError(t, nErr)
  5399  		require.True(t, updatedTeamMember.SchemeGuest)
  5400  		require.False(t, updatedTeamMember.SchemeUser)
  5401  
  5402  		updatedChannelMember, nErr := ss.Channel().GetMember(channel.Id, user1.Id)
  5403  		require.NoError(t, nErr)
  5404  		require.True(t, updatedChannelMember.SchemeGuest)
  5405  		require.False(t, updatedChannelMember.SchemeUser)
  5406  
  5407  		notUpdatedUser, err := ss.User().Get(context.Background(), user2.Id)
  5408  		require.NoError(t, err)
  5409  		require.Equal(t, "system_user", notUpdatedUser.Roles)
  5410  
  5411  		notUpdatedTeamMember, nErr := ss.Team().GetMember(teamId2, user2.Id)
  5412  		require.NoError(t, nErr)
  5413  		require.False(t, notUpdatedTeamMember.SchemeGuest)
  5414  		require.True(t, notUpdatedTeamMember.SchemeUser)
  5415  
  5416  		notUpdatedChannelMember, nErr := ss.Channel().GetMember(channel.Id, user2.Id)
  5417  		require.NoError(t, nErr)
  5418  		require.False(t, notUpdatedChannelMember.SchemeGuest)
  5419  		require.True(t, notUpdatedChannelMember.SchemeUser)
  5420  	})
  5421  }
  5422  
  5423  func testDeactivateGuests(t *testing.T, ss store.Store) {
  5424  	// create users
  5425  	t.Run("Must disable all guests and no regular user or already deactivated users", func(t *testing.T) {
  5426  		guest1Random := model.NewId()
  5427  		guest1, err := ss.User().Save(&model.User{
  5428  			Email:     guest1Random + "@test.com",
  5429  			Username:  "un_" + guest1Random,
  5430  			Nickname:  "nn_" + guest1Random,
  5431  			FirstName: "f_" + guest1Random,
  5432  			LastName:  "l_" + guest1Random,
  5433  			Password:  "Password1",
  5434  			Roles:     "system_guest",
  5435  		})
  5436  		require.NoError(t, err)
  5437  		defer func() { require.NoError(t, ss.User().PermanentDelete(guest1.Id)) }()
  5438  
  5439  		guest2Random := model.NewId()
  5440  		guest2, err := ss.User().Save(&model.User{
  5441  			Email:     guest2Random + "@test.com",
  5442  			Username:  "un_" + guest2Random,
  5443  			Nickname:  "nn_" + guest2Random,
  5444  			FirstName: "f_" + guest2Random,
  5445  			LastName:  "l_" + guest2Random,
  5446  			Password:  "Password1",
  5447  			Roles:     "system_guest",
  5448  		})
  5449  		require.NoError(t, err)
  5450  		defer func() { require.NoError(t, ss.User().PermanentDelete(guest2.Id)) }()
  5451  
  5452  		guest3Random := model.NewId()
  5453  		guest3, err := ss.User().Save(&model.User{
  5454  			Email:     guest3Random + "@test.com",
  5455  			Username:  "un_" + guest3Random,
  5456  			Nickname:  "nn_" + guest3Random,
  5457  			FirstName: "f_" + guest3Random,
  5458  			LastName:  "l_" + guest3Random,
  5459  			Password:  "Password1",
  5460  			Roles:     "system_guest",
  5461  			DeleteAt:  10,
  5462  		})
  5463  		require.NoError(t, err)
  5464  		defer func() { require.NoError(t, ss.User().PermanentDelete(guest3.Id)) }()
  5465  
  5466  		regularUserRandom := model.NewId()
  5467  		regularUser, err := ss.User().Save(&model.User{
  5468  			Email:     regularUserRandom + "@test.com",
  5469  			Username:  "un_" + regularUserRandom,
  5470  			Nickname:  "nn_" + regularUserRandom,
  5471  			FirstName: "f_" + regularUserRandom,
  5472  			LastName:  "l_" + regularUserRandom,
  5473  			Password:  "Password1",
  5474  			Roles:     "system_user",
  5475  		})
  5476  		require.NoError(t, err)
  5477  		defer func() { require.NoError(t, ss.User().PermanentDelete(regularUser.Id)) }()
  5478  
  5479  		ids, err := ss.User().DeactivateGuests()
  5480  		require.NoError(t, err)
  5481  		assert.ElementsMatch(t, []string{guest1.Id, guest2.Id}, ids)
  5482  
  5483  		u, err := ss.User().Get(context.Background(), guest1.Id)
  5484  		require.NoError(t, err)
  5485  		assert.NotEqual(t, u.DeleteAt, int64(0))
  5486  
  5487  		u, err = ss.User().Get(context.Background(), guest2.Id)
  5488  		require.NoError(t, err)
  5489  		assert.NotEqual(t, u.DeleteAt, int64(0))
  5490  
  5491  		u, err = ss.User().Get(context.Background(), guest3.Id)
  5492  		require.NoError(t, err)
  5493  		assert.Equal(t, u.DeleteAt, int64(10))
  5494  
  5495  		u, err = ss.User().Get(context.Background(), regularUser.Id)
  5496  		require.NoError(t, err)
  5497  		assert.Equal(t, u.DeleteAt, int64(0))
  5498  	})
  5499  }
  5500  
  5501  func testUserStoreResetLastPictureUpdate(t *testing.T, ss store.Store) {
  5502  	u1 := &model.User{}
  5503  	u1.Email = MakeEmail()
  5504  	_, err := ss.User().Save(u1)
  5505  	require.NoError(t, err)
  5506  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  5507  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: model.NewId(), UserId: u1.Id}, -1)
  5508  	require.NoError(t, nErr)
  5509  
  5510  	err = ss.User().UpdateLastPictureUpdate(u1.Id)
  5511  	require.NoError(t, err)
  5512  
  5513  	user, err := ss.User().Get(context.Background(), u1.Id)
  5514  	require.NoError(t, err)
  5515  
  5516  	assert.NotZero(t, user.LastPictureUpdate)
  5517  	assert.NotZero(t, user.UpdateAt)
  5518  
  5519  	// Ensure update at timestamp changes
  5520  	time.Sleep(time.Millisecond)
  5521  
  5522  	err = ss.User().ResetLastPictureUpdate(u1.Id)
  5523  	require.NoError(t, err)
  5524  
  5525  	ss.User().InvalidateProfileCacheForUser(u1.Id)
  5526  
  5527  	user2, err := ss.User().Get(context.Background(), u1.Id)
  5528  	require.NoError(t, err)
  5529  
  5530  	assert.True(t, user2.UpdateAt > user.UpdateAt)
  5531  	assert.Zero(t, user2.LastPictureUpdate)
  5532  }
  5533  
  5534  func testGetKnownUsers(t *testing.T, ss store.Store) {
  5535  	teamId := model.NewId()
  5536  
  5537  	u1, err := ss.User().Save(&model.User{
  5538  		Email:    MakeEmail(),
  5539  		Username: "u1" + model.NewId(),
  5540  	})
  5541  	require.NoError(t, err)
  5542  	defer func() { require.NoError(t, ss.User().PermanentDelete(u1.Id)) }()
  5543  	_, nErr := ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u1.Id}, -1)
  5544  	require.NoError(t, nErr)
  5545  
  5546  	u2, err := ss.User().Save(&model.User{
  5547  		Email:    MakeEmail(),
  5548  		Username: "u2" + model.NewId(),
  5549  	})
  5550  	require.NoError(t, err)
  5551  	defer func() { require.NoError(t, ss.User().PermanentDelete(u2.Id)) }()
  5552  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u2.Id}, -1)
  5553  	require.NoError(t, nErr)
  5554  
  5555  	u3, err := ss.User().Save(&model.User{
  5556  		Email:    MakeEmail(),
  5557  		Username: "u3" + model.NewId(),
  5558  	})
  5559  	require.NoError(t, err)
  5560  	defer func() { require.NoError(t, ss.User().PermanentDelete(u3.Id)) }()
  5561  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u3.Id}, -1)
  5562  	require.NoError(t, nErr)
  5563  	_, nErr = ss.Bot().Save(&model.Bot{
  5564  		UserId:   u3.Id,
  5565  		Username: u3.Username,
  5566  		OwnerId:  u1.Id,
  5567  	})
  5568  	require.NoError(t, nErr)
  5569  	u3.IsBot = true
  5570  
  5571  	defer func() { require.NoError(t, ss.Bot().PermanentDelete(u3.Id)) }()
  5572  
  5573  	u4, err := ss.User().Save(&model.User{
  5574  		Email:    MakeEmail(),
  5575  		Username: "u4" + model.NewId(),
  5576  	})
  5577  	require.NoError(t, err)
  5578  	defer func() { require.NoError(t, ss.User().PermanentDelete(u4.Id)) }()
  5579  	_, nErr = ss.Team().SaveMember(&model.TeamMember{TeamId: teamId, UserId: u4.Id}, -1)
  5580  	require.NoError(t, nErr)
  5581  
  5582  	ch1 := &model.Channel{
  5583  		TeamId:      teamId,
  5584  		DisplayName: "Profiles in channel",
  5585  		Name:        "profiles-" + model.NewId(),
  5586  		Type:        model.CHANNEL_OPEN,
  5587  	}
  5588  	c1, nErr := ss.Channel().Save(ch1, -1)
  5589  	require.NoError(t, nErr)
  5590  
  5591  	ch2 := &model.Channel{
  5592  		TeamId:      teamId,
  5593  		DisplayName: "Profiles in private",
  5594  		Name:        "profiles-" + model.NewId(),
  5595  		Type:        model.CHANNEL_PRIVATE,
  5596  	}
  5597  	c2, nErr := ss.Channel().Save(ch2, -1)
  5598  	require.NoError(t, nErr)
  5599  
  5600  	ch3 := &model.Channel{
  5601  		TeamId:      teamId,
  5602  		DisplayName: "Profiles in private",
  5603  		Name:        "profiles-" + model.NewId(),
  5604  		Type:        model.CHANNEL_PRIVATE,
  5605  	}
  5606  	c3, nErr := ss.Channel().Save(ch3, -1)
  5607  	require.NoError(t, nErr)
  5608  
  5609  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  5610  		ChannelId:   c1.Id,
  5611  		UserId:      u1.Id,
  5612  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  5613  	})
  5614  	require.NoError(t, nErr)
  5615  
  5616  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  5617  		ChannelId:   c1.Id,
  5618  		UserId:      u2.Id,
  5619  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  5620  	})
  5621  	require.NoError(t, nErr)
  5622  
  5623  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  5624  		ChannelId:   c2.Id,
  5625  		UserId:      u3.Id,
  5626  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  5627  	})
  5628  	require.NoError(t, nErr)
  5629  
  5630  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  5631  		ChannelId:   c2.Id,
  5632  		UserId:      u1.Id,
  5633  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  5634  	})
  5635  	require.NoError(t, nErr)
  5636  
  5637  	_, nErr = ss.Channel().SaveMember(&model.ChannelMember{
  5638  		ChannelId:   c3.Id,
  5639  		UserId:      u4.Id,
  5640  		NotifyProps: model.GetDefaultChannelNotifyProps(),
  5641  	})
  5642  	require.NoError(t, nErr)
  5643  
  5644  	t.Run("get know users sharing no channels", func(t *testing.T) {
  5645  		userIds, err := ss.User().GetKnownUsers(u4.Id)
  5646  		require.NoError(t, err)
  5647  		assert.Empty(t, userIds)
  5648  	})
  5649  
  5650  	t.Run("get know users sharing one channel", func(t *testing.T) {
  5651  		userIds, err := ss.User().GetKnownUsers(u3.Id)
  5652  		require.NoError(t, err)
  5653  		assert.Len(t, userIds, 1)
  5654  		assert.Equal(t, userIds[0], u1.Id)
  5655  	})
  5656  
  5657  	t.Run("get know users sharing multiple channels", func(t *testing.T) {
  5658  		userIds, err := ss.User().GetKnownUsers(u1.Id)
  5659  		require.NoError(t, err)
  5660  		assert.Len(t, userIds, 2)
  5661  		assert.ElementsMatch(t, userIds, []string{u2.Id, u3.Id})
  5662  	})
  5663  }