github.com/iDevoid/mattermost-server@v5.11.1+incompatible/api4/webhook_test.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "testing" 8 9 "github.com/stretchr/testify/assert" 10 "github.com/stretchr/testify/require" 11 12 "github.com/mattermost/mattermost-server/model" 13 ) 14 15 func TestCreateIncomingWebhook(t *testing.T) { 16 th := Setup().InitBasic() 17 defer th.TearDown() 18 Client := th.Client 19 20 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true }) 21 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostUsernameOverride = true }) 22 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostIconOverride = true }) 23 24 defaultRolePermissions := th.SaveDefaultRolePermissions() 25 defer func() { 26 th.RestoreDefaultRolePermissions(defaultRolePermissions) 27 }() 28 th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID) 29 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 30 31 hook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id} 32 33 rhook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook) 34 CheckNoError(t, resp) 35 36 if rhook.ChannelId != hook.ChannelId { 37 t.Fatal("channel ids didn't match") 38 } 39 40 if rhook.UserId != th.SystemAdminUser.Id { 41 t.Fatal("user ids didn't match") 42 } 43 44 if rhook.TeamId != th.BasicTeam.Id { 45 t.Fatal("team ids didn't match") 46 } 47 48 hook.ChannelId = "junk" 49 _, resp = th.SystemAdminClient.CreateIncomingWebhook(hook) 50 CheckNotFoundStatus(t, resp) 51 52 hook.ChannelId = th.BasicChannel.Id 53 th.LoginTeamAdmin() 54 _, resp = Client.CreateIncomingWebhook(hook) 55 CheckNoError(t, resp) 56 57 th.LoginBasic() 58 _, resp = Client.CreateIncomingWebhook(hook) 59 CheckForbiddenStatus(t, resp) 60 61 th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 62 63 _, resp = Client.CreateIncomingWebhook(hook) 64 CheckNoError(t, resp) 65 66 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostUsernameOverride = false }) 67 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostIconOverride = false }) 68 69 _, resp = Client.CreateIncomingWebhook(hook) 70 CheckNoError(t, resp) 71 72 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = false }) 73 _, resp = Client.CreateIncomingWebhook(hook) 74 CheckNotImplementedStatus(t, resp) 75 } 76 77 func TestGetIncomingWebhooks(t *testing.T) { 78 th := Setup().InitBasic() 79 defer th.TearDown() 80 Client := th.Client 81 82 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true }) 83 84 defaultRolePermissions := th.SaveDefaultRolePermissions() 85 defer func() { 86 th.RestoreDefaultRolePermissions(defaultRolePermissions) 87 }() 88 th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID) 89 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 90 91 hook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id} 92 rhook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook) 93 CheckNoError(t, resp) 94 95 hooks, resp := th.SystemAdminClient.GetIncomingWebhooks(0, 1000, "") 96 CheckNoError(t, resp) 97 98 found := false 99 for _, h := range hooks { 100 if rhook.Id == h.Id { 101 found = true 102 } 103 } 104 105 if !found { 106 t.Fatal("missing hook") 107 } 108 109 hooks, resp = th.SystemAdminClient.GetIncomingWebhooks(0, 1, "") 110 CheckNoError(t, resp) 111 112 if len(hooks) != 1 { 113 t.Fatal("should only be 1") 114 } 115 116 hooks, resp = th.SystemAdminClient.GetIncomingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "") 117 CheckNoError(t, resp) 118 119 found = false 120 for _, h := range hooks { 121 if rhook.Id == h.Id { 122 found = true 123 } 124 } 125 126 if !found { 127 t.Fatal("missing hook") 128 } 129 130 hooks, resp = th.SystemAdminClient.GetIncomingWebhooksForTeam(model.NewId(), 0, 1000, "") 131 CheckNoError(t, resp) 132 133 if len(hooks) != 0 { 134 t.Fatal("no hooks should be returned") 135 } 136 137 _, resp = Client.GetIncomingWebhooks(0, 1000, "") 138 CheckForbiddenStatus(t, resp) 139 140 th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 141 142 _, resp = Client.GetIncomingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "") 143 CheckNoError(t, resp) 144 145 _, resp = Client.GetIncomingWebhooksForTeam(model.NewId(), 0, 1000, "") 146 CheckForbiddenStatus(t, resp) 147 148 _, resp = Client.GetIncomingWebhooks(0, 1000, "") 149 CheckForbiddenStatus(t, resp) 150 151 Client.Logout() 152 _, resp = Client.GetIncomingWebhooks(0, 1000, "") 153 CheckUnauthorizedStatus(t, resp) 154 } 155 156 func TestGetIncomingWebhook(t *testing.T) { 157 th := Setup().InitBasic() 158 defer th.TearDown() 159 Client := th.SystemAdminClient 160 161 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true }) 162 163 var resp *model.Response 164 var rhook *model.IncomingWebhook 165 var hook *model.IncomingWebhook 166 167 t.Run("WhenHookExists", func(t *testing.T) { 168 hook = &model.IncomingWebhook{ChannelId: th.BasicChannel.Id} 169 rhook, resp = Client.CreateIncomingWebhook(hook) 170 CheckNoError(t, resp) 171 172 hook, resp = Client.GetIncomingWebhook(rhook.Id, "") 173 CheckOKStatus(t, resp) 174 }) 175 176 t.Run("WhenHookDoesNotExist", func(t *testing.T) { 177 hook, resp = Client.GetIncomingWebhook(model.NewId(), "") 178 CheckNotFoundStatus(t, resp) 179 }) 180 181 t.Run("WhenInvalidHookID", func(t *testing.T) { 182 hook, resp = Client.GetIncomingWebhook("abc", "") 183 CheckBadRequestStatus(t, resp) 184 }) 185 186 t.Run("WhenUserDoesNotHavePemissions", func(t *testing.T) { 187 th.LoginBasic() 188 Client = th.Client 189 190 _, resp = Client.GetIncomingWebhook(rhook.Id, "") 191 CheckForbiddenStatus(t, resp) 192 }) 193 } 194 195 func TestDeleteIncomingWebhook(t *testing.T) { 196 th := Setup().InitBasic() 197 defer th.TearDown() 198 Client := th.SystemAdminClient 199 200 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true }) 201 202 var resp *model.Response 203 var rhook *model.IncomingWebhook 204 var hook *model.IncomingWebhook 205 var status bool 206 207 t.Run("WhenInvalidHookID", func(t *testing.T) { 208 status, resp = Client.DeleteIncomingWebhook("abc") 209 CheckBadRequestStatus(t, resp) 210 }) 211 212 t.Run("WhenHookDoesNotExist", func(t *testing.T) { 213 status, resp = Client.DeleteIncomingWebhook(model.NewId()) 214 CheckNotFoundStatus(t, resp) 215 }) 216 217 t.Run("WhenHookExists", func(t *testing.T) { 218 hook = &model.IncomingWebhook{ChannelId: th.BasicChannel.Id} 219 rhook, resp = Client.CreateIncomingWebhook(hook) 220 CheckNoError(t, resp) 221 222 if status, resp = Client.DeleteIncomingWebhook(rhook.Id); !status { 223 t.Fatal("Delete should have succeeded") 224 } else { 225 CheckOKStatus(t, resp) 226 } 227 228 // Get now should not return this deleted hook 229 _, resp = Client.GetIncomingWebhook(rhook.Id, "") 230 CheckNotFoundStatus(t, resp) 231 }) 232 233 t.Run("WhenUserDoesNotHavePemissions", func(t *testing.T) { 234 hook = &model.IncomingWebhook{ChannelId: th.BasicChannel.Id} 235 rhook, resp = Client.CreateIncomingWebhook(hook) 236 CheckNoError(t, resp) 237 238 th.LoginBasic() 239 Client = th.Client 240 241 _, resp = Client.DeleteIncomingWebhook(rhook.Id) 242 CheckForbiddenStatus(t, resp) 243 }) 244 } 245 246 func TestCreateOutgoingWebhook(t *testing.T) { 247 th := Setup().InitBasic() 248 defer th.TearDown() 249 Client := th.Client 250 251 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = true }) 252 253 defaultRolePermissions := th.SaveDefaultRolePermissions() 254 defer func() { 255 th.RestoreDefaultRolePermissions(defaultRolePermissions) 256 }() 257 th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID) 258 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 259 260 hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}, Username: "some-user-name", IconURL: "http://some-icon-url/"} 261 262 rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook) 263 CheckNoError(t, resp) 264 265 if rhook.ChannelId != hook.ChannelId { 266 t.Fatal("channel ids didn't match") 267 } else if rhook.CreatorId != th.SystemAdminUser.Id { 268 t.Fatal("user ids didn't match") 269 } else if rhook.TeamId != th.BasicChannel.TeamId { 270 t.Fatal("team ids didn't match") 271 } 272 273 hook.ChannelId = "junk" 274 _, resp = th.SystemAdminClient.CreateOutgoingWebhook(hook) 275 CheckNotFoundStatus(t, resp) 276 277 hook.ChannelId = th.BasicChannel.Id 278 th.LoginTeamAdmin() 279 _, resp = Client.CreateOutgoingWebhook(hook) 280 CheckNoError(t, resp) 281 282 th.LoginBasic() 283 _, resp = Client.CreateOutgoingWebhook(hook) 284 CheckForbiddenStatus(t, resp) 285 286 th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 287 288 _, resp = Client.CreateOutgoingWebhook(hook) 289 CheckNoError(t, resp) 290 291 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = false }) 292 _, resp = Client.CreateOutgoingWebhook(hook) 293 CheckNotImplementedStatus(t, resp) 294 } 295 296 func TestGetOutgoingWebhooks(t *testing.T) { 297 th := Setup().InitBasic() 298 defer th.TearDown() 299 Client := th.Client 300 301 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = true }) 302 defaultRolePermissions := th.SaveDefaultRolePermissions() 303 defer func() { 304 th.RestoreDefaultRolePermissions(defaultRolePermissions) 305 }() 306 th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID) 307 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 308 309 hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}} 310 rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook) 311 CheckNoError(t, resp) 312 313 hooks, resp := th.SystemAdminClient.GetOutgoingWebhooks(0, 1000, "") 314 CheckNoError(t, resp) 315 316 found := false 317 for _, h := range hooks { 318 if rhook.Id == h.Id { 319 found = true 320 } 321 } 322 323 if !found { 324 t.Fatal("missing hook") 325 } 326 327 hooks, resp = th.SystemAdminClient.GetOutgoingWebhooks(0, 1, "") 328 CheckNoError(t, resp) 329 330 if len(hooks) != 1 { 331 t.Fatal("should only be 1") 332 } 333 334 hooks, resp = th.SystemAdminClient.GetOutgoingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "") 335 CheckNoError(t, resp) 336 337 found = false 338 for _, h := range hooks { 339 if rhook.Id == h.Id { 340 found = true 341 } 342 } 343 344 if !found { 345 t.Fatal("missing hook") 346 } 347 348 hooks, resp = th.SystemAdminClient.GetOutgoingWebhooksForTeam(model.NewId(), 0, 1000, "") 349 CheckNoError(t, resp) 350 351 if len(hooks) != 0 { 352 t.Fatal("no hooks should be returned") 353 } 354 355 hooks, resp = th.SystemAdminClient.GetOutgoingWebhooksForChannel(th.BasicChannel.Id, 0, 1000, "") 356 CheckNoError(t, resp) 357 358 found = false 359 for _, h := range hooks { 360 if rhook.Id == h.Id { 361 found = true 362 } 363 } 364 365 if !found { 366 t.Fatal("missing hook") 367 } 368 369 _, resp = th.SystemAdminClient.GetOutgoingWebhooksForChannel(model.NewId(), 0, 1000, "") 370 CheckForbiddenStatus(t, resp) 371 372 _, resp = Client.GetOutgoingWebhooks(0, 1000, "") 373 CheckForbiddenStatus(t, resp) 374 375 th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 376 377 _, resp = Client.GetOutgoingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "") 378 CheckNoError(t, resp) 379 380 _, resp = Client.GetOutgoingWebhooksForTeam(model.NewId(), 0, 1000, "") 381 CheckForbiddenStatus(t, resp) 382 383 _, resp = Client.GetOutgoingWebhooksForChannel(th.BasicChannel.Id, 0, 1000, "") 384 CheckNoError(t, resp) 385 386 _, resp = Client.GetOutgoingWebhooksForChannel(model.NewId(), 0, 1000, "") 387 CheckForbiddenStatus(t, resp) 388 389 _, resp = Client.GetOutgoingWebhooks(0, 1000, "") 390 CheckForbiddenStatus(t, resp) 391 392 Client.Logout() 393 _, resp = Client.GetOutgoingWebhooks(0, 1000, "") 394 CheckUnauthorizedStatus(t, resp) 395 } 396 397 func TestGetOutgoingWebhook(t *testing.T) { 398 th := Setup().InitBasic() 399 defer th.TearDown() 400 Client := th.Client 401 402 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = true }) 403 404 hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}} 405 406 rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook) 407 CheckNoError(t, resp) 408 409 getHook, resp := th.SystemAdminClient.GetOutgoingWebhook(rhook.Id) 410 CheckNoError(t, resp) 411 if getHook.Id != rhook.Id { 412 t.Fatal("failed to retrieve the correct outgoing hook") 413 } 414 415 _, resp = Client.GetOutgoingWebhook(rhook.Id) 416 CheckForbiddenStatus(t, resp) 417 418 nonExistentHook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id} 419 _, resp = th.SystemAdminClient.GetOutgoingWebhook(nonExistentHook.Id) 420 CheckNotFoundStatus(t, resp) 421 422 nonExistentHook.Id = model.NewId() 423 _, resp = th.SystemAdminClient.GetOutgoingWebhook(nonExistentHook.Id) 424 CheckInternalErrorStatus(t, resp) 425 } 426 427 func TestUpdateIncomingHook(t *testing.T) { 428 th := Setup().InitBasic() 429 defer th.TearDown() 430 Client := th.Client 431 432 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true }) 433 434 defaultRolePermissions := th.SaveDefaultRolePermissions() 435 defer func() { 436 th.RestoreDefaultRolePermissions(defaultRolePermissions) 437 }() 438 th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID) 439 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 440 441 hook1 := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id} 442 443 createdHook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook1) 444 CheckNoError(t, resp) 445 446 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostUsernameOverride = false }) 447 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostIconOverride = false }) 448 449 t.Run("UpdateIncomingHook, overrides disabled", func(t *testing.T) { 450 createdHook.DisplayName = "hook2" 451 createdHook.Description = "description" 452 createdHook.ChannelId = th.BasicChannel2.Id 453 createdHook.Username = "username" 454 createdHook.IconURL = "icon" 455 456 updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook) 457 CheckNoError(t, resp) 458 if updatedHook != nil { 459 if updatedHook.DisplayName != "hook2" { 460 t.Fatal("Hook name is not updated") 461 } 462 463 if updatedHook.Description != "description" { 464 t.Fatal("Hook description is not updated") 465 } 466 467 if updatedHook.ChannelId != th.BasicChannel2.Id { 468 t.Fatal("Hook channel is not updated") 469 } 470 471 if updatedHook.Username != "" { 472 t.Fatal("Hook username was incorrectly updated") 473 } 474 475 if updatedHook.IconURL != "" { 476 t.Fatal("Hook icon was incorrectly updated") 477 } 478 } else { 479 t.Fatal("should not be nil") 480 } 481 482 //updatedHook, _ = th.App.GetIncomingWebhook(createdHook.Id) 483 assert.Equal(t, updatedHook.ChannelId, createdHook.ChannelId) 484 }) 485 486 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostUsernameOverride = true }) 487 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostIconOverride = true }) 488 489 t.Run("UpdateIncomingHook", func(t *testing.T) { 490 createdHook.DisplayName = "hook2" 491 createdHook.Description = "description" 492 createdHook.ChannelId = th.BasicChannel2.Id 493 createdHook.Username = "username" 494 createdHook.IconURL = "icon" 495 496 updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook) 497 CheckNoError(t, resp) 498 if updatedHook != nil { 499 if updatedHook.DisplayName != "hook2" { 500 t.Fatal("Hook name is not updated") 501 } 502 503 if updatedHook.Description != "description" { 504 t.Fatal("Hook description is not updated") 505 } 506 507 if updatedHook.ChannelId != th.BasicChannel2.Id { 508 t.Fatal("Hook channel is not updated") 509 } 510 511 if updatedHook.Username != "username" { 512 t.Fatal("Hook username is not updated") 513 } 514 515 if updatedHook.IconURL != "icon" { 516 t.Fatal("Hook icon is not updated") 517 } 518 } else { 519 t.Fatal("should not be nil") 520 } 521 522 //updatedHook, _ = th.App.GetIncomingWebhook(createdHook.Id) 523 assert.Equal(t, updatedHook.ChannelId, createdHook.ChannelId) 524 }) 525 526 t.Run("RetainCreateAt", func(t *testing.T) { 527 hook2 := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id, CreateAt: 100} 528 529 createdHook2, resp := th.SystemAdminClient.CreateIncomingWebhook(hook2) 530 CheckNoError(t, resp) 531 532 createdHook2.DisplayName = "Name2" 533 534 updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook2) 535 CheckNoError(t, resp) 536 require.NotNil(t, updatedHook) 537 assert.Equal(t, createdHook2.CreateAt, updatedHook.CreateAt) 538 }) 539 540 t.Run("ModifyUpdateAt", func(t *testing.T) { 541 createdHook.DisplayName = "Name3" 542 543 updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook) 544 CheckNoError(t, resp) 545 if updatedHook != nil { 546 if updatedHook.UpdateAt == createdHook.UpdateAt { 547 t.Fatal("failed - hook updateAt is not updated") 548 } 549 } else { 550 t.Fatal("should not be nil") 551 } 552 }) 553 554 t.Run("UpdateNonExistentHook", func(t *testing.T) { 555 nonExistentHook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id} 556 557 _, resp := th.SystemAdminClient.UpdateIncomingWebhook(nonExistentHook) 558 CheckNotFoundStatus(t, resp) 559 560 nonExistentHook.Id = model.NewId() 561 _, resp = th.SystemAdminClient.UpdateIncomingWebhook(nonExistentHook) 562 CheckNotFoundStatus(t, resp) 563 }) 564 565 t.Run("UserIsNotAdminOfTeam", func(t *testing.T) { 566 _, resp := Client.UpdateIncomingWebhook(createdHook) 567 CheckForbiddenStatus(t, resp) 568 }) 569 570 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 571 th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID) 572 573 t.Run("OnlyAdminIntegrationsDisabled", func(t *testing.T) { 574 th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 575 576 t.Run("UpdateHookOfSameUser", func(t *testing.T) { 577 sameUserHook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id, UserId: th.BasicUser2.Id} 578 579 sameUserHook, resp := Client.CreateIncomingWebhook(sameUserHook) 580 CheckNoError(t, resp) 581 582 _, resp = Client.UpdateIncomingWebhook(sameUserHook) 583 CheckNoError(t, resp) 584 }) 585 586 t.Run("UpdateHookOfDifferentUser", func(t *testing.T) { 587 _, resp := Client.UpdateIncomingWebhook(createdHook) 588 CheckForbiddenStatus(t, resp) 589 }) 590 }) 591 592 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 593 th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID) 594 595 Client.Logout() 596 th.UpdateUserToTeamAdmin(th.BasicUser2, th.BasicTeam) 597 th.LoginBasic2() 598 t.Run("UpdateByDifferentUser", func(t *testing.T) { 599 updatedHook, resp := Client.UpdateIncomingWebhook(createdHook) 600 CheckNoError(t, resp) 601 if updatedHook.UserId == th.BasicUser2.Id { 602 t.Fatal("Hook's creator userId is not retained") 603 } 604 }) 605 606 t.Run("IncomingHooksDisabled", func(t *testing.T) { 607 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = false }) 608 _, resp := Client.UpdateIncomingWebhook(createdHook) 609 CheckNotImplementedStatus(t, resp) 610 CheckErrorMessage(t, resp, "api.incoming_webhook.disabled.app_error") 611 }) 612 613 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true }) 614 615 t.Run("PrivateChannel", func(t *testing.T) { 616 privateChannel := th.CreatePrivateChannel() 617 Client.Logout() 618 th.LoginBasic() 619 createdHook.ChannelId = privateChannel.Id 620 621 _, resp := Client.UpdateIncomingWebhook(createdHook) 622 CheckForbiddenStatus(t, resp) 623 }) 624 625 t.Run("UpdateToNonExistentChannel", func(t *testing.T) { 626 createdHook.ChannelId = "junk" 627 _, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook) 628 CheckNotFoundStatus(t, resp) 629 }) 630 631 team := th.CreateTeamWithClient(Client) 632 user := th.CreateUserWithClient(Client) 633 th.LinkUserToTeam(user, team) 634 Client.Logout() 635 Client.Login(user.Id, user.Password) 636 t.Run("UpdateToADifferentTeam", func(t *testing.T) { 637 _, resp := Client.UpdateIncomingWebhook(createdHook) 638 CheckUnauthorizedStatus(t, resp) 639 }) 640 } 641 642 func TestRegenOutgoingHookToken(t *testing.T) { 643 th := Setup().InitBasic() 644 defer th.TearDown() 645 Client := th.Client 646 647 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = true }) 648 649 hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}} 650 rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook) 651 CheckNoError(t, resp) 652 653 _, resp = th.SystemAdminClient.RegenOutgoingHookToken("junk") 654 CheckBadRequestStatus(t, resp) 655 656 //investigate why is act weird on jenkins 657 // _, resp = th.SystemAdminClient.RegenOutgoingHookToken("") 658 // CheckNotFoundStatus(t, resp) 659 660 regenHookToken, resp := th.SystemAdminClient.RegenOutgoingHookToken(rhook.Id) 661 CheckNoError(t, resp) 662 if regenHookToken.Token == rhook.Token { 663 t.Fatal("regen didn't work properly") 664 } 665 666 _, resp = Client.RegenOutgoingHookToken(rhook.Id) 667 CheckForbiddenStatus(t, resp) 668 669 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = false }) 670 _, resp = th.SystemAdminClient.RegenOutgoingHookToken(rhook.Id) 671 CheckNotImplementedStatus(t, resp) 672 } 673 674 func TestUpdateOutgoingHook(t *testing.T) { 675 th := Setup().InitBasic() 676 defer th.TearDown() 677 Client := th.Client 678 679 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = true }) 680 defaultRolePermissions := th.SaveDefaultRolePermissions() 681 defer func() { 682 th.RestoreDefaultRolePermissions(defaultRolePermissions) 683 }() 684 th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID) 685 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 686 687 createdHook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, 688 CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"cats"}} 689 690 createdHook, webookResp := th.SystemAdminClient.CreateOutgoingWebhook(createdHook) 691 CheckNoError(t, webookResp) 692 693 t.Run("UpdateOutgoingWebhook", func(t *testing.T) { 694 createdHook.DisplayName = "Cats" 695 createdHook.Description = "Get me some cats" 696 697 updatedHook, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook) 698 CheckNoError(t, resp) 699 if updatedHook.DisplayName != "Cats" { 700 t.Fatal("did not update") 701 } 702 if updatedHook.Description != "Get me some cats" { 703 t.Fatal("did not update") 704 } 705 }) 706 707 t.Run("OutgoingHooksDisabled", func(t *testing.T) { 708 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = false }) 709 _, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook) 710 CheckNotImplementedStatus(t, resp) 711 }) 712 713 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = true }) 714 t.Run("RetainCreateAt", func(t *testing.T) { 715 hook2 := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, 716 CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"rats"}} 717 718 createdHook2, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook2) 719 CheckNoError(t, resp) 720 createdHook2.DisplayName = "Name2" 721 722 updatedHook2, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook2) 723 CheckNoError(t, resp) 724 725 if updatedHook2.CreateAt != createdHook2.CreateAt { 726 t.Fatal("failed - hook create at should not be changed") 727 } 728 }) 729 730 t.Run("ModifyUpdateAt", func(t *testing.T) { 731 createdHook.DisplayName = "Name3" 732 733 updatedHook2, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook) 734 CheckNoError(t, resp) 735 736 if updatedHook2.UpdateAt == createdHook.UpdateAt { 737 t.Fatal("failed - hook updateAt is not updated") 738 } 739 }) 740 741 t.Run("UpdateNonExistentHook", func(t *testing.T) { 742 nonExistentHook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, 743 CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"rats"}} 744 745 _, resp := th.SystemAdminClient.UpdateOutgoingWebhook(nonExistentHook) 746 CheckNotFoundStatus(t, resp) 747 748 nonExistentHook.Id = model.NewId() 749 _, resp = th.SystemAdminClient.UpdateOutgoingWebhook(nonExistentHook) 750 CheckInternalErrorStatus(t, resp) 751 }) 752 753 t.Run("UserIsNotAdminOfTeam", func(t *testing.T) { 754 _, resp := Client.UpdateOutgoingWebhook(createdHook) 755 CheckForbiddenStatus(t, resp) 756 }) 757 758 th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 759 hook2 := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, 760 CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"rats2"}} 761 762 createdHook2, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook2) 763 CheckNoError(t, resp) 764 765 _, resp = Client.UpdateOutgoingWebhook(createdHook2) 766 CheckForbiddenStatus(t, resp) 767 768 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID) 769 th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID) 770 771 Client.Logout() 772 th.UpdateUserToTeamAdmin(th.BasicUser2, th.BasicTeam) 773 th.LoginBasic2() 774 t.Run("RetainHookCreator", func(t *testing.T) { 775 createdHook.DisplayName = "Basic user 2" 776 updatedHook, resp := Client.UpdateOutgoingWebhook(createdHook) 777 CheckNoError(t, resp) 778 if updatedHook.DisplayName != "Basic user 2" { 779 t.Fatal("should apply the change") 780 } 781 if updatedHook.CreatorId != th.SystemAdminUser.Id { 782 t.Fatal("hook creator should not be changed") 783 } 784 }) 785 786 t.Run("UpdateToExistingTriggerWordAndCallback", func(t *testing.T) { 787 t.Run("OnSameChannel", func(t *testing.T) { 788 createdHook.TriggerWords = []string{"rats"} 789 790 _, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook) 791 CheckBadRequestStatus(t, resp) 792 }) 793 794 t.Run("OnDifferentChannel", func(t *testing.T) { 795 createdHook.TriggerWords = []string{"cats"} 796 createdHook.ChannelId = th.BasicChannel2.Id 797 798 _, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook) 799 CheckNoError(t, resp) 800 }) 801 }) 802 803 t.Run("UpdateToNonExistentChannel", func(t *testing.T) { 804 createdHook.ChannelId = "junk" 805 806 _, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook) 807 CheckNotFoundStatus(t, resp) 808 }) 809 810 t.Run("UpdateToPrivateChannel", func(t *testing.T) { 811 privateChannel := th.CreatePrivateChannel() 812 createdHook.ChannelId = privateChannel.Id 813 814 _, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook) 815 CheckForbiddenStatus(t, resp) 816 }) 817 818 t.Run("UpdateToBlankTriggerWordAndChannel", func(t *testing.T) { 819 createdHook.ChannelId = "" 820 createdHook.TriggerWords = nil 821 822 _, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook) 823 CheckInternalErrorStatus(t, resp) 824 }) 825 826 team := th.CreateTeamWithClient(Client) 827 user := th.CreateUserWithClient(Client) 828 th.LinkUserToTeam(user, team) 829 Client.Logout() 830 Client.Login(user.Id, user.Password) 831 t.Run("UpdateToADifferentTeam", func(t *testing.T) { 832 _, resp := Client.UpdateOutgoingWebhook(createdHook) 833 CheckUnauthorizedStatus(t, resp) 834 }) 835 } 836 837 func TestDeleteOutgoingHook(t *testing.T) { 838 th := Setup().InitBasic() 839 defer th.TearDown() 840 Client := th.SystemAdminClient 841 842 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true }) 843 844 var resp *model.Response 845 var rhook *model.OutgoingWebhook 846 var hook *model.OutgoingWebhook 847 var status bool 848 849 t.Run("WhenInvalidHookID", func(t *testing.T) { 850 status, resp = Client.DeleteOutgoingWebhook("abc") 851 CheckBadRequestStatus(t, resp) 852 }) 853 854 t.Run("WhenHookDoesNotExist", func(t *testing.T) { 855 status, resp = Client.DeleteOutgoingWebhook(model.NewId()) 856 CheckInternalErrorStatus(t, resp) 857 }) 858 859 t.Run("WhenHookExists", func(t *testing.T) { 860 hook = &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, 861 CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"cats"}} 862 rhook, resp = Client.CreateOutgoingWebhook(hook) 863 CheckNoError(t, resp) 864 865 if status, resp = Client.DeleteOutgoingWebhook(rhook.Id); !status { 866 t.Fatal("Delete should have succeeded") 867 } else { 868 CheckOKStatus(t, resp) 869 } 870 871 // Get now should not return this deleted hook 872 _, resp = Client.GetIncomingWebhook(rhook.Id, "") 873 CheckNotFoundStatus(t, resp) 874 }) 875 876 t.Run("WhenUserDoesNotHavePemissions", func(t *testing.T) { 877 hook = &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, 878 CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"dogs"}} 879 rhook, resp = Client.CreateOutgoingWebhook(hook) 880 CheckNoError(t, resp) 881 882 th.LoginBasic() 883 Client = th.Client 884 885 _, resp = Client.DeleteOutgoingWebhook(rhook.Id) 886 CheckForbiddenStatus(t, resp) 887 }) 888 }