github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/team_test.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"encoding/binary"
     8  	"fmt"
     9  	"net/http"
    10  	"strconv"
    11  	"strings"
    12  	"testing"
    13  
    14  	"encoding/base64"
    15  
    16  	"github.com/mattermost/mattermost-server/app"
    17  	"github.com/mattermost/mattermost-server/model"
    18  	"github.com/mattermost/mattermost-server/services/mailservice"
    19  	"github.com/mattermost/mattermost-server/utils"
    20  	"github.com/mattermost/mattermost-server/utils/testutils"
    21  	"github.com/stretchr/testify/assert"
    22  	"github.com/stretchr/testify/require"
    23  )
    24  
    25  func TestCreateTeam(t *testing.T) {
    26  	th := Setup().InitBasic()
    27  	defer th.TearDown()
    28  	Client := th.Client
    29  
    30  	team := &model.Team{Name: GenerateTestUsername(), DisplayName: "Some Team", Type: model.TEAM_OPEN}
    31  	rteam, resp := Client.CreateTeam(team)
    32  	CheckNoError(t, resp)
    33  	CheckCreatedStatus(t, resp)
    34  
    35  	if rteam.Name != team.Name {
    36  		t.Fatal("names did not match")
    37  	}
    38  
    39  	if rteam.DisplayName != team.DisplayName {
    40  		t.Fatal("display names did not match")
    41  	}
    42  
    43  	if rteam.Type != team.Type {
    44  		t.Fatal("types did not match")
    45  	}
    46  
    47  	_, resp = Client.CreateTeam(rteam)
    48  	CheckBadRequestStatus(t, resp)
    49  
    50  	rteam.Id = ""
    51  	_, resp = Client.CreateTeam(rteam)
    52  	CheckErrorMessage(t, resp, "store.sql_team.save.domain_exists.app_error")
    53  	CheckBadRequestStatus(t, resp)
    54  
    55  	rteam.Name = ""
    56  	_, resp = Client.CreateTeam(rteam)
    57  	CheckErrorMessage(t, resp, "model.team.is_valid.characters.app_error")
    58  	CheckBadRequestStatus(t, resp)
    59  
    60  	if r, err := Client.DoApiPost("/teams", "garbage"); err == nil {
    61  		t.Fatal("should have errored")
    62  	} else {
    63  		if r.StatusCode != http.StatusBadRequest {
    64  			t.Log("actual: " + strconv.Itoa(r.StatusCode))
    65  			t.Log("expected: " + strconv.Itoa(http.StatusBadRequest))
    66  			t.Fatal("wrong status code")
    67  		}
    68  	}
    69  
    70  	Client.Logout()
    71  
    72  	_, resp = Client.CreateTeam(rteam)
    73  	CheckUnauthorizedStatus(t, resp)
    74  
    75  	// Check the appropriate permissions are enforced.
    76  	defaultRolePermissions := th.SaveDefaultRolePermissions()
    77  	defer func() {
    78  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
    79  	}()
    80  
    81  	th.RemovePermissionFromRole(model.PERMISSION_CREATE_TEAM.Id, model.SYSTEM_USER_ROLE_ID)
    82  	th.AddPermissionToRole(model.PERMISSION_CREATE_TEAM.Id, model.SYSTEM_ADMIN_ROLE_ID)
    83  
    84  	th.LoginBasic()
    85  	_, resp = Client.CreateTeam(team)
    86  	CheckForbiddenStatus(t, resp)
    87  }
    88  
    89  func TestCreateTeamSanitization(t *testing.T) {
    90  	th := Setup().InitBasic()
    91  	defer th.TearDown()
    92  
    93  	// Non-admin users can create a team, but they become a team admin by doing so
    94  
    95  	t.Run("team admin", func(t *testing.T) {
    96  		team := &model.Team{
    97  			DisplayName:    t.Name() + "_1",
    98  			Name:           GenerateTestTeamName(),
    99  			Email:          th.GenerateTestEmail(),
   100  			Type:           model.TEAM_OPEN,
   101  			AllowedDomains: "simulator.amazonses.com,dockerhost",
   102  		}
   103  
   104  		rteam, resp := th.Client.CreateTeam(team)
   105  		CheckNoError(t, resp)
   106  		if rteam.Email == "" {
   107  			t.Fatal("should not have sanitized email")
   108  		}
   109  	})
   110  
   111  	t.Run("system admin", func(t *testing.T) {
   112  		team := &model.Team{
   113  			DisplayName:    t.Name() + "_2",
   114  			Name:           GenerateTestTeamName(),
   115  			Email:          th.GenerateTestEmail(),
   116  			Type:           model.TEAM_OPEN,
   117  			AllowedDomains: "simulator.amazonses.com,dockerhost",
   118  		}
   119  
   120  		rteam, resp := th.SystemAdminClient.CreateTeam(team)
   121  		CheckNoError(t, resp)
   122  		if rteam.Email == "" {
   123  			t.Fatal("should not have sanitized email")
   124  		}
   125  	})
   126  }
   127  
   128  func TestGetTeam(t *testing.T) {
   129  	th := Setup().InitBasic()
   130  	defer th.TearDown()
   131  	Client := th.Client
   132  	team := th.BasicTeam
   133  
   134  	rteam, resp := Client.GetTeam(team.Id, "")
   135  	CheckNoError(t, resp)
   136  
   137  	if rteam.Id != team.Id {
   138  		t.Fatal("wrong team")
   139  	}
   140  
   141  	_, resp = Client.GetTeam("junk", "")
   142  	CheckBadRequestStatus(t, resp)
   143  
   144  	_, resp = Client.GetTeam("", "")
   145  	CheckNotFoundStatus(t, resp)
   146  
   147  	_, resp = Client.GetTeam(model.NewId(), "")
   148  	CheckNotFoundStatus(t, resp)
   149  
   150  	th.LoginTeamAdmin()
   151  
   152  	team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: false}
   153  	rteam2, _ := Client.CreateTeam(team2)
   154  
   155  	team3 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE, AllowOpenInvite: true}
   156  	rteam3, _ := Client.CreateTeam(team3)
   157  
   158  	th.LoginBasic()
   159  	// AllowInviteOpen is false and team is open, and user is not on team
   160  	_, resp = Client.GetTeam(rteam2.Id, "")
   161  	CheckForbiddenStatus(t, resp)
   162  
   163  	// AllowInviteOpen is true and team is invite, and user is not on team
   164  	_, resp = Client.GetTeam(rteam3.Id, "")
   165  	CheckForbiddenStatus(t, resp)
   166  
   167  	Client.Logout()
   168  	_, resp = Client.GetTeam(team.Id, "")
   169  	CheckUnauthorizedStatus(t, resp)
   170  
   171  	_, resp = th.SystemAdminClient.GetTeam(rteam2.Id, "")
   172  	CheckNoError(t, resp)
   173  }
   174  
   175  func TestGetTeamSanitization(t *testing.T) {
   176  	th := Setup().InitBasic()
   177  	defer th.TearDown()
   178  
   179  	team, resp := th.Client.CreateTeam(&model.Team{
   180  		DisplayName:    t.Name() + "_1",
   181  		Name:           GenerateTestTeamName(),
   182  		Email:          th.GenerateTestEmail(),
   183  		Type:           model.TEAM_OPEN,
   184  		AllowedDomains: "simulator.amazonses.com,dockerhost",
   185  	})
   186  	CheckNoError(t, resp)
   187  
   188  	t.Run("team user", func(t *testing.T) {
   189  		th.LinkUserToTeam(th.BasicUser2, team)
   190  
   191  		client := th.CreateClient()
   192  		th.LoginBasic2WithClient(client)
   193  
   194  		rteam, resp := client.GetTeam(team.Id, "")
   195  		CheckNoError(t, resp)
   196  		if rteam.Email != "" {
   197  			t.Fatal("should've sanitized email")
   198  		}
   199  	})
   200  
   201  	t.Run("team admin", func(t *testing.T) {
   202  		rteam, resp := th.Client.GetTeam(team.Id, "")
   203  		CheckNoError(t, resp)
   204  		if rteam.Email == "" {
   205  			t.Fatal("should not have sanitized email")
   206  		}
   207  	})
   208  
   209  	t.Run("system admin", func(t *testing.T) {
   210  		rteam, resp := th.SystemAdminClient.GetTeam(team.Id, "")
   211  		CheckNoError(t, resp)
   212  		if rteam.Email == "" {
   213  			t.Fatal("should not have sanitized email")
   214  		}
   215  	})
   216  }
   217  
   218  func TestGetTeamUnread(t *testing.T) {
   219  	th := Setup().InitBasic()
   220  	defer th.TearDown()
   221  	Client := th.Client
   222  
   223  	teamUnread, resp := Client.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id)
   224  	CheckNoError(t, resp)
   225  	if teamUnread.TeamId != th.BasicTeam.Id {
   226  		t.Fatal("wrong team id returned for regular user call")
   227  	}
   228  
   229  	_, resp = Client.GetTeamUnread("junk", th.BasicUser.Id)
   230  	CheckBadRequestStatus(t, resp)
   231  
   232  	_, resp = Client.GetTeamUnread(th.BasicTeam.Id, "junk")
   233  	CheckBadRequestStatus(t, resp)
   234  
   235  	_, resp = Client.GetTeamUnread(model.NewId(), th.BasicUser.Id)
   236  	CheckForbiddenStatus(t, resp)
   237  
   238  	_, resp = Client.GetTeamUnread(th.BasicTeam.Id, model.NewId())
   239  	CheckForbiddenStatus(t, resp)
   240  
   241  	Client.Logout()
   242  	_, resp = Client.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id)
   243  	CheckUnauthorizedStatus(t, resp)
   244  
   245  	teamUnread, resp = th.SystemAdminClient.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id)
   246  	CheckNoError(t, resp)
   247  	if teamUnread.TeamId != th.BasicTeam.Id {
   248  		t.Fatal("wrong team id returned")
   249  	}
   250  }
   251  
   252  func TestUpdateTeam(t *testing.T) {
   253  	th := Setup().InitBasic()
   254  	defer th.TearDown()
   255  	Client := th.Client
   256  
   257  	team := &model.Team{DisplayName: "Name", Description: "Some description", AllowOpenInvite: false, InviteId: "inviteid0", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN}
   258  	team, _ = Client.CreateTeam(team)
   259  
   260  	team.Description = "updated description"
   261  	uteam, resp := Client.UpdateTeam(team)
   262  	CheckNoError(t, resp)
   263  
   264  	if uteam.Description != "updated description" {
   265  		t.Fatal("Update failed")
   266  	}
   267  
   268  	team.DisplayName = "Updated Name"
   269  	uteam, resp = Client.UpdateTeam(team)
   270  	CheckNoError(t, resp)
   271  
   272  	if uteam.DisplayName != "Updated Name" {
   273  		t.Fatal("Update failed")
   274  	}
   275  
   276  	team.AllowOpenInvite = true
   277  	uteam, resp = Client.UpdateTeam(team)
   278  	CheckNoError(t, resp)
   279  
   280  	if !uteam.AllowOpenInvite {
   281  		t.Fatal("Update failed")
   282  	}
   283  
   284  	team.InviteId = "inviteid1"
   285  	uteam, resp = Client.UpdateTeam(team)
   286  	CheckNoError(t, resp)
   287  
   288  	if uteam.InviteId == "inviteid1" {
   289  		t.Fatal("InviteID should not be updated")
   290  	}
   291  
   292  	team.AllowedDomains = "domain"
   293  	uteam, resp = Client.UpdateTeam(team)
   294  	CheckNoError(t, resp)
   295  
   296  	if uteam.AllowedDomains != "domain" {
   297  		t.Fatal("Update failed")
   298  	}
   299  
   300  	team.Name = "Updated name"
   301  	uteam, resp = Client.UpdateTeam(team)
   302  	CheckNoError(t, resp)
   303  
   304  	if uteam.Name == "Updated name" {
   305  		t.Fatal("Should not update name")
   306  	}
   307  
   308  	team.Email = "test@domain.com"
   309  	uteam, resp = Client.UpdateTeam(team)
   310  	CheckNoError(t, resp)
   311  
   312  	if uteam.Email == "test@domain.com" {
   313  		t.Fatal("Should not update email")
   314  	}
   315  
   316  	team.Type = model.TEAM_INVITE
   317  	uteam, resp = Client.UpdateTeam(team)
   318  	CheckNoError(t, resp)
   319  
   320  	if uteam.Type == model.TEAM_INVITE {
   321  		t.Fatal("Should not update type")
   322  	}
   323  
   324  	originalTeamId := team.Id
   325  	team.Id = model.NewId()
   326  
   327  	r, _ := Client.DoApiPut(Client.GetTeamRoute(originalTeamId), team.ToJson())
   328  	assert.Equal(t, http.StatusBadRequest, r.StatusCode)
   329  
   330  	if uteam.Id != originalTeamId {
   331  		t.Fatal("wrong team id")
   332  	}
   333  
   334  	team.Id = "fake"
   335  	_, resp = Client.UpdateTeam(team)
   336  	CheckBadRequestStatus(t, resp)
   337  
   338  	Client.Logout()
   339  	_, resp = Client.UpdateTeam(team)
   340  	CheckUnauthorizedStatus(t, resp)
   341  
   342  	team.Id = originalTeamId
   343  	_, resp = th.SystemAdminClient.UpdateTeam(team)
   344  	CheckNoError(t, resp)
   345  }
   346  
   347  func TestUpdateTeamSanitization(t *testing.T) {
   348  	th := Setup().InitBasic()
   349  	defer th.TearDown()
   350  
   351  	team, resp := th.Client.CreateTeam(&model.Team{
   352  		DisplayName:    t.Name() + "_1",
   353  		Name:           GenerateTestTeamName(),
   354  		Email:          th.GenerateTestEmail(),
   355  		Type:           model.TEAM_OPEN,
   356  		AllowedDomains: "simulator.amazonses.com,dockerhost",
   357  	})
   358  	CheckNoError(t, resp)
   359  
   360  	// Non-admin users cannot update the team
   361  
   362  	t.Run("team admin", func(t *testing.T) {
   363  		rteam, resp := th.Client.UpdateTeam(team)
   364  		CheckNoError(t, resp)
   365  		if rteam.Email == "" {
   366  			t.Fatal("should not have sanitized email for admin")
   367  		}
   368  	})
   369  
   370  	t.Run("system admin", func(t *testing.T) {
   371  		rteam, resp := th.SystemAdminClient.UpdateTeam(team)
   372  		CheckNoError(t, resp)
   373  		if rteam.Email == "" {
   374  			t.Fatal("should not have sanitized email for admin")
   375  		}
   376  	})
   377  }
   378  
   379  func TestPatchTeam(t *testing.T) {
   380  	th := Setup().InitBasic()
   381  	defer th.TearDown()
   382  	Client := th.Client
   383  
   384  	team := &model.Team{DisplayName: "Name", Description: "Some description", CompanyName: "Some company name", AllowOpenInvite: false, InviteId: "inviteid0", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN}
   385  	team, _ = Client.CreateTeam(team)
   386  
   387  	patch := &model.TeamPatch{}
   388  
   389  	patch.DisplayName = model.NewString("Other name")
   390  	patch.Description = model.NewString("Other description")
   391  	patch.CompanyName = model.NewString("Other company name")
   392  	patch.AllowOpenInvite = model.NewBool(true)
   393  
   394  	rteam, resp := Client.PatchTeam(team.Id, patch)
   395  	CheckNoError(t, resp)
   396  
   397  	if rteam.DisplayName != "Other name" {
   398  		t.Fatal("DisplayName did not update properly")
   399  	}
   400  	if rteam.Description != "Other description" {
   401  		t.Fatal("Description did not update properly")
   402  	}
   403  	if rteam.CompanyName != "Other company name" {
   404  		t.Fatal("CompanyName did not update properly")
   405  	}
   406  	if rteam.InviteId == "inviteid1" {
   407  		t.Fatal("InviteId should not update")
   408  	}
   409  	if !rteam.AllowOpenInvite {
   410  		t.Fatal("AllowOpenInvite did not update properly")
   411  	}
   412  
   413  	_, resp = Client.PatchTeam("junk", patch)
   414  	CheckBadRequestStatus(t, resp)
   415  
   416  	_, resp = Client.PatchTeam(GenerateTestId(), patch)
   417  	CheckForbiddenStatus(t, resp)
   418  
   419  	if r, err := Client.DoApiPut("/teams/"+team.Id+"/patch", "garbage"); err == nil {
   420  		t.Fatal("should have errored")
   421  	} else {
   422  		if r.StatusCode != http.StatusBadRequest {
   423  			t.Log("actual: " + strconv.Itoa(r.StatusCode))
   424  			t.Log("expected: " + strconv.Itoa(http.StatusBadRequest))
   425  			t.Fatal("wrong status code")
   426  		}
   427  	}
   428  
   429  	Client.Logout()
   430  	_, resp = Client.PatchTeam(team.Id, patch)
   431  	CheckUnauthorizedStatus(t, resp)
   432  
   433  	th.LoginBasic2()
   434  	_, resp = Client.PatchTeam(team.Id, patch)
   435  	CheckForbiddenStatus(t, resp)
   436  
   437  	_, resp = th.SystemAdminClient.PatchTeam(team.Id, patch)
   438  	CheckNoError(t, resp)
   439  }
   440  
   441  func TestPatchTeamSanitization(t *testing.T) {
   442  	th := Setup().InitBasic()
   443  	defer th.TearDown()
   444  
   445  	team, resp := th.Client.CreateTeam(&model.Team{
   446  		DisplayName:    t.Name() + "_1",
   447  		Name:           GenerateTestTeamName(),
   448  		Email:          th.GenerateTestEmail(),
   449  		Type:           model.TEAM_OPEN,
   450  		AllowedDomains: "simulator.amazonses.com,dockerhost",
   451  	})
   452  	CheckNoError(t, resp)
   453  
   454  	// Non-admin users cannot update the team
   455  
   456  	t.Run("team admin", func(t *testing.T) {
   457  		rteam, resp := th.Client.PatchTeam(team.Id, &model.TeamPatch{})
   458  		CheckNoError(t, resp)
   459  		if rteam.Email == "" {
   460  			t.Fatal("should not have sanitized email for admin")
   461  		}
   462  	})
   463  
   464  	t.Run("system admin", func(t *testing.T) {
   465  		rteam, resp := th.SystemAdminClient.PatchTeam(team.Id, &model.TeamPatch{})
   466  		CheckNoError(t, resp)
   467  		if rteam.Email == "" {
   468  			t.Fatal("should not have sanitized email for admin")
   469  		}
   470  	})
   471  }
   472  
   473  func TestRegenerateTeamInviteId(t *testing.T) {
   474  	th := Setup().InitBasic()
   475  	defer th.TearDown()
   476  	Client := th.Client
   477  
   478  	team := &model.Team{DisplayName: "Name", Description: "Some description", CompanyName: "Some company name", AllowOpenInvite: false, InviteId: "inviteid0", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN}
   479  	team, _ = Client.CreateTeam(team)
   480  
   481  	assert.NotEqual(t, team.InviteId, "")
   482  	assert.NotEqual(t, team.InviteId, "inviteid0")
   483  
   484  	rteam, resp := Client.RegenerateTeamInviteId(team.Id)
   485  	CheckNoError(t, resp)
   486  
   487  	assert.NotEqual(t, team.InviteId, rteam.InviteId)
   488  	assert.NotEqual(t, team.InviteId, "")
   489  }
   490  
   491  func TestSoftDeleteTeam(t *testing.T) {
   492  	th := Setup().InitBasic()
   493  	defer th.TearDown()
   494  	Client := th.Client
   495  
   496  	team := &model.Team{DisplayName: "DisplayName", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN}
   497  	team, _ = Client.CreateTeam(team)
   498  
   499  	ok, resp := Client.SoftDeleteTeam(team.Id)
   500  	CheckNoError(t, resp)
   501  
   502  	if !ok {
   503  		t.Fatal("should have returned true")
   504  	}
   505  
   506  	rteam, err := th.App.GetTeam(team.Id)
   507  	if err != nil {
   508  		t.Fatal("should have returned archived team")
   509  	}
   510  	if rteam.DeleteAt == 0 {
   511  		t.Fatal("should have not set to zero")
   512  	}
   513  
   514  	ok, resp = Client.SoftDeleteTeam("junk")
   515  	CheckBadRequestStatus(t, resp)
   516  
   517  	if ok {
   518  		t.Fatal("should have returned false")
   519  	}
   520  
   521  	otherTeam := th.BasicTeam
   522  	_, resp = Client.SoftDeleteTeam(otherTeam.Id)
   523  	CheckForbiddenStatus(t, resp)
   524  
   525  	Client.Logout()
   526  	_, resp = Client.SoftDeleteTeam(otherTeam.Id)
   527  	CheckUnauthorizedStatus(t, resp)
   528  
   529  	_, resp = th.SystemAdminClient.SoftDeleteTeam(otherTeam.Id)
   530  	CheckNoError(t, resp)
   531  }
   532  
   533  func TestPermanentDeleteTeam(t *testing.T) {
   534  	th := Setup().InitBasic()
   535  	defer th.TearDown()
   536  	Client := th.Client
   537  
   538  	team := &model.Team{DisplayName: "DisplayName", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN}
   539  	team, _ = Client.CreateTeam(team)
   540  
   541  	enableAPITeamDeletion := *th.App.Config().ServiceSettings.EnableAPITeamDeletion
   542  	defer func() {
   543  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableAPITeamDeletion = &enableAPITeamDeletion })
   544  	}()
   545  
   546  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableAPITeamDeletion = false })
   547  
   548  	// Does not error when deletion is disabled, just soft deletes
   549  	ok, resp := Client.PermanentDeleteTeam(team.Id)
   550  	CheckNoError(t, resp)
   551  	assert.True(t, ok)
   552  
   553  	rteam, err := th.App.GetTeam(team.Id)
   554  	assert.Nil(t, err)
   555  	assert.True(t, rteam.DeleteAt > 0)
   556  
   557  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableAPITeamDeletion = true })
   558  
   559  	ok, resp = Client.PermanentDeleteTeam(team.Id)
   560  	CheckNoError(t, resp)
   561  	assert.True(t, ok)
   562  
   563  	_, err = th.App.GetTeam(team.Id)
   564  	assert.NotNil(t, err)
   565  
   566  	ok, resp = Client.PermanentDeleteTeam("junk")
   567  	CheckBadRequestStatus(t, resp)
   568  
   569  	if ok {
   570  		t.Fatal("should have returned false")
   571  	}
   572  }
   573  
   574  func TestGetAllTeams(t *testing.T) {
   575  	th := Setup().InitBasic()
   576  	defer th.TearDown()
   577  	Client := th.Client
   578  
   579  	team1 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: true}
   580  	team1, resp := Client.CreateTeam(team1)
   581  	CheckNoError(t, resp)
   582  
   583  	team2 := &model.Team{DisplayName: "Name2", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: true}
   584  	team2, resp = Client.CreateTeam(team2)
   585  	CheckNoError(t, resp)
   586  
   587  	team3 := &model.Team{DisplayName: "Name3", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: false}
   588  	team3, resp = Client.CreateTeam(team3)
   589  	CheckNoError(t, resp)
   590  
   591  	testCases := []struct {
   592  		Name          string
   593  		Page          int
   594  		PerPage       int
   595  		Permissions   []string
   596  		ExpectedTeams []string
   597  	}{
   598  		{
   599  			Name:          "Get 1 team per page",
   600  			Page:          0,
   601  			PerPage:       1,
   602  			Permissions:   []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id},
   603  			ExpectedTeams: []string{team1.Id},
   604  		},
   605  		{
   606  			Name:          "Get second page with 1 team per page",
   607  			Page:          1,
   608  			PerPage:       1,
   609  			Permissions:   []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id},
   610  			ExpectedTeams: []string{team2.Id},
   611  		},
   612  		{
   613  			Name:          "Get no items per page",
   614  			Page:          1,
   615  			PerPage:       0,
   616  			Permissions:   []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id},
   617  			ExpectedTeams: []string{},
   618  		},
   619  		{
   620  			Name:          "Get all open teams",
   621  			Page:          0,
   622  			PerPage:       10,
   623  			Permissions:   []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id},
   624  			ExpectedTeams: []string{team1.Id, team2.Id},
   625  		},
   626  		{
   627  			Name:          "Get all private teams",
   628  			Page:          0,
   629  			PerPage:       10,
   630  			Permissions:   []string{model.PERMISSION_LIST_PRIVATE_TEAMS.Id},
   631  			ExpectedTeams: []string{th.BasicTeam.Id, team3.Id},
   632  		},
   633  		{
   634  			Name:          "Get all teams",
   635  			Page:          0,
   636  			PerPage:       10,
   637  			Permissions:   []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id, model.PERMISSION_LIST_PRIVATE_TEAMS.Id},
   638  			ExpectedTeams: []string{th.BasicTeam.Id, team1.Id, team2.Id, team3.Id},
   639  		},
   640  		{
   641  			Name:          "Get no teams because permissions",
   642  			Page:          0,
   643  			PerPage:       10,
   644  			Permissions:   []string{},
   645  			ExpectedTeams: []string{},
   646  		},
   647  	}
   648  
   649  	for _, tc := range testCases {
   650  		t.Run(tc.Name, func(t *testing.T) {
   651  			defaultRolePermissions := th.SaveDefaultRolePermissions()
   652  			defer func() {
   653  				th.RestoreDefaultRolePermissions(defaultRolePermissions)
   654  			}()
   655  			th.RemovePermissionFromRole(model.PERMISSION_LIST_PUBLIC_TEAMS.Id, model.SYSTEM_USER_ROLE_ID)
   656  			th.RemovePermissionFromRole(model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, model.SYSTEM_USER_ROLE_ID)
   657  			th.RemovePermissionFromRole(model.PERMISSION_LIST_PRIVATE_TEAMS.Id, model.SYSTEM_USER_ROLE_ID)
   658  			th.RemovePermissionFromRole(model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, model.SYSTEM_USER_ROLE_ID)
   659  			for _, permission := range tc.Permissions {
   660  				th.AddPermissionToRole(permission, model.SYSTEM_USER_ROLE_ID)
   661  			}
   662  
   663  			var teams []*model.Team
   664  			teams, resp = Client.GetAllTeams("", tc.Page, tc.PerPage)
   665  			CheckNoError(t, resp)
   666  			require.Equal(t, len(tc.ExpectedTeams), len(teams))
   667  			for idx, team := range teams {
   668  				assert.Equal(t, tc.ExpectedTeams[idx], team.Id)
   669  			}
   670  		})
   671  	}
   672  
   673  	t.Run("Unauthorized", func(t *testing.T) {
   674  		Client.Logout()
   675  		_, resp = Client.GetAllTeams("", 1, 10)
   676  		CheckUnauthorizedStatus(t, resp)
   677  	})
   678  }
   679  
   680  func TestGetAllTeamsSanitization(t *testing.T) {
   681  	th := Setup().InitBasic()
   682  	defer th.TearDown()
   683  
   684  	team, resp := th.Client.CreateTeam(&model.Team{
   685  		DisplayName:     t.Name() + "_1",
   686  		Name:            GenerateTestTeamName(),
   687  		Email:           th.GenerateTestEmail(),
   688  		Type:            model.TEAM_OPEN,
   689  		AllowedDomains:  "simulator.amazonses.com,dockerhost",
   690  		AllowOpenInvite: true,
   691  	})
   692  	CheckNoError(t, resp)
   693  	team2, resp := th.SystemAdminClient.CreateTeam(&model.Team{
   694  		DisplayName:     t.Name() + "_2",
   695  		Name:            GenerateTestTeamName(),
   696  		Email:           th.GenerateTestEmail(),
   697  		Type:            model.TEAM_OPEN,
   698  		AllowedDomains:  "simulator.amazonses.com,dockerhost",
   699  		AllowOpenInvite: true,
   700  	})
   701  	CheckNoError(t, resp)
   702  
   703  	// This may not work if the server has over 1000 open teams on it
   704  
   705  	t.Run("team admin/non-admin", func(t *testing.T) {
   706  		teamFound := false
   707  		team2Found := false
   708  
   709  		rteams, resp := th.Client.GetAllTeams("", 0, 1000)
   710  		CheckNoError(t, resp)
   711  		for _, rteam := range rteams {
   712  			if rteam.Id == team.Id {
   713  				teamFound = true
   714  				if rteam.Email == "" {
   715  					t.Fatal("should not have sanitized email for team admin")
   716  				}
   717  			} else if rteam.Id == team2.Id {
   718  				team2Found = true
   719  				if rteam.Email != "" {
   720  					t.Fatal("should've sanitized email for non-admin")
   721  				}
   722  			}
   723  		}
   724  
   725  		if !teamFound || !team2Found {
   726  			t.Fatal("wasn't returned the expected teams so the test wasn't run correctly")
   727  		}
   728  	})
   729  
   730  	t.Run("system admin", func(t *testing.T) {
   731  		rteams, resp := th.SystemAdminClient.GetAllTeams("", 0, 1000)
   732  		CheckNoError(t, resp)
   733  		for _, rteam := range rteams {
   734  			if rteam.Id != team.Id && rteam.Id != team2.Id {
   735  				continue
   736  			}
   737  
   738  			if rteam.Email == "" {
   739  				t.Fatal("should not have sanitized email")
   740  			}
   741  		}
   742  	})
   743  }
   744  
   745  func TestGetTeamByName(t *testing.T) {
   746  	th := Setup().InitBasic()
   747  	defer th.TearDown()
   748  	Client := th.Client
   749  	team := th.BasicTeam
   750  
   751  	rteam, resp := Client.GetTeamByName(team.Name, "")
   752  	CheckNoError(t, resp)
   753  
   754  	if rteam.Name != team.Name {
   755  		t.Fatal("wrong team")
   756  	}
   757  
   758  	_, resp = Client.GetTeamByName("junk", "")
   759  	CheckNotFoundStatus(t, resp)
   760  
   761  	_, resp = Client.GetTeamByName("", "")
   762  	CheckNotFoundStatus(t, resp)
   763  
   764  	_, resp = th.SystemAdminClient.GetTeamByName(strings.ToUpper(team.Name), "")
   765  	CheckNoError(t, resp)
   766  
   767  	Client.Logout()
   768  	_, resp = Client.GetTeamByName(team.Name, "")
   769  	CheckUnauthorizedStatus(t, resp)
   770  
   771  	_, resp = th.SystemAdminClient.GetTeamByName(team.Name, "")
   772  	CheckNoError(t, resp)
   773  
   774  	th.LoginTeamAdmin()
   775  
   776  	team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: false}
   777  	rteam2, _ := Client.CreateTeam(team2)
   778  
   779  	team3 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE, AllowOpenInvite: true}
   780  	rteam3, _ := Client.CreateTeam(team3)
   781  
   782  	th.LoginBasic()
   783  	// AllowInviteOpen is false and team is open, and user is not on team
   784  	_, resp = Client.GetTeamByName(rteam2.Name, "")
   785  	CheckForbiddenStatus(t, resp)
   786  
   787  	// AllowInviteOpen is true and team is invite only, and user is not on team
   788  	_, resp = Client.GetTeamByName(rteam3.Name, "")
   789  	CheckForbiddenStatus(t, resp)
   790  }
   791  
   792  func TestGetTeamByNameSanitization(t *testing.T) {
   793  	th := Setup().InitBasic()
   794  	defer th.TearDown()
   795  
   796  	team, resp := th.Client.CreateTeam(&model.Team{
   797  		DisplayName:    t.Name() + "_1",
   798  		Name:           GenerateTestTeamName(),
   799  		Email:          th.GenerateTestEmail(),
   800  		Type:           model.TEAM_OPEN,
   801  		AllowedDomains: "simulator.amazonses.com,dockerhost",
   802  	})
   803  	CheckNoError(t, resp)
   804  
   805  	t.Run("team user", func(t *testing.T) {
   806  		th.LinkUserToTeam(th.BasicUser2, team)
   807  
   808  		client := th.CreateClient()
   809  		th.LoginBasic2WithClient(client)
   810  
   811  		rteam, resp := client.GetTeamByName(team.Name, "")
   812  		CheckNoError(t, resp)
   813  		if rteam.Email != "" {
   814  			t.Fatal("should've sanitized email")
   815  		}
   816  	})
   817  
   818  	t.Run("team admin/non-admin", func(t *testing.T) {
   819  		rteam, resp := th.Client.GetTeamByName(team.Name, "")
   820  		CheckNoError(t, resp)
   821  		if rteam.Email == "" {
   822  			t.Fatal("should not have sanitized email")
   823  		}
   824  	})
   825  
   826  	t.Run("system admin", func(t *testing.T) {
   827  		rteam, resp := th.SystemAdminClient.GetTeamByName(team.Name, "")
   828  		CheckNoError(t, resp)
   829  		if rteam.Email == "" {
   830  			t.Fatal("should not have sanitized email")
   831  		}
   832  	})
   833  }
   834  
   835  func TestSearchAllTeams(t *testing.T) {
   836  	th := Setup().InitBasic()
   837  	defer th.TearDown()
   838  	Client := th.Client
   839  	oTeam := th.BasicTeam
   840  	oTeam.AllowOpenInvite = true
   841  
   842  	if updatedTeam, err := th.App.UpdateTeam(oTeam); err != nil {
   843  		t.Fatal(err)
   844  	} else {
   845  		oTeam.UpdateAt = updatedTeam.UpdateAt
   846  	}
   847  
   848  	pTeam := &model.Team{DisplayName: "PName", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE}
   849  	Client.CreateTeam(pTeam)
   850  
   851  	rteams, resp := Client.SearchTeams(&model.TeamSearch{Term: oTeam.Name})
   852  	CheckNoError(t, resp)
   853  
   854  	if len(rteams) != 1 {
   855  		t.Fatal("should have returned 1 team")
   856  	}
   857  
   858  	if oTeam.Id != rteams[0].Id {
   859  		t.Fatal("invalid team")
   860  	}
   861  
   862  	rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: oTeam.DisplayName})
   863  	CheckNoError(t, resp)
   864  
   865  	if len(rteams) != 1 {
   866  		t.Fatal("should have returned 1 team")
   867  	}
   868  
   869  	if rteams[0].Id != oTeam.Id {
   870  		t.Fatal("invalid team")
   871  	}
   872  
   873  	rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.Name})
   874  	CheckNoError(t, resp)
   875  
   876  	if len(rteams) != 0 {
   877  		t.Fatal("should have not returned team")
   878  	}
   879  
   880  	rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName})
   881  	CheckNoError(t, resp)
   882  
   883  	if len(rteams) != 0 {
   884  		t.Fatal("should have not returned team")
   885  	}
   886  
   887  	rteams, resp = th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: oTeam.Name})
   888  	CheckNoError(t, resp)
   889  
   890  	if len(rteams) != 1 {
   891  		t.Fatal("should have returned 1 team")
   892  	}
   893  
   894  	rteams, resp = th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName})
   895  	CheckNoError(t, resp)
   896  
   897  	if len(rteams) != 1 {
   898  		t.Fatal("should have returned 1 team")
   899  	}
   900  
   901  	rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: "junk"})
   902  	CheckNoError(t, resp)
   903  
   904  	if len(rteams) != 0 {
   905  		t.Fatal("should have not returned team")
   906  	}
   907  
   908  	Client.Logout()
   909  
   910  	_, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.Name})
   911  	CheckUnauthorizedStatus(t, resp)
   912  
   913  	_, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName})
   914  	CheckUnauthorizedStatus(t, resp)
   915  }
   916  
   917  func TestSearchAllTeamsSanitization(t *testing.T) {
   918  	th := Setup().InitBasic()
   919  	defer th.TearDown()
   920  
   921  	team, resp := th.Client.CreateTeam(&model.Team{
   922  		DisplayName:    t.Name() + "_1",
   923  		Name:           GenerateTestTeamName(),
   924  		Email:          th.GenerateTestEmail(),
   925  		Type:           model.TEAM_OPEN,
   926  		AllowedDomains: "simulator.amazonses.com,dockerhost",
   927  	})
   928  	CheckNoError(t, resp)
   929  	team2, resp := th.Client.CreateTeam(&model.Team{
   930  		DisplayName:    t.Name() + "_2",
   931  		Name:           GenerateTestTeamName(),
   932  		Email:          th.GenerateTestEmail(),
   933  		Type:           model.TEAM_OPEN,
   934  		AllowedDomains: "simulator.amazonses.com,dockerhost",
   935  	})
   936  	CheckNoError(t, resp)
   937  
   938  	t.Run("non-team user", func(t *testing.T) {
   939  		client := th.CreateClient()
   940  		th.LoginBasic2WithClient(client)
   941  
   942  		rteams, resp := client.SearchTeams(&model.TeamSearch{Term: t.Name()})
   943  		CheckNoError(t, resp)
   944  		for _, rteam := range rteams {
   945  			if rteam.Email != "" {
   946  				t.Fatal("should've sanitized email")
   947  			} else if rteam.AllowedDomains != "" {
   948  				t.Fatal("should've sanitized allowed domains")
   949  			}
   950  		}
   951  	})
   952  
   953  	t.Run("team user", func(t *testing.T) {
   954  		th.LinkUserToTeam(th.BasicUser2, team)
   955  
   956  		client := th.CreateClient()
   957  		th.LoginBasic2WithClient(client)
   958  
   959  		rteams, resp := client.SearchTeams(&model.TeamSearch{Term: t.Name()})
   960  		CheckNoError(t, resp)
   961  		for _, rteam := range rteams {
   962  			if rteam.Email != "" {
   963  				t.Fatal("should've sanitized email")
   964  			} else if rteam.AllowedDomains != "" {
   965  				t.Fatal("should've sanitized allowed domains")
   966  			}
   967  		}
   968  	})
   969  
   970  	t.Run("team admin", func(t *testing.T) {
   971  		rteams, resp := th.Client.SearchTeams(&model.TeamSearch{Term: t.Name()})
   972  		CheckNoError(t, resp)
   973  		for _, rteam := range rteams {
   974  			if rteam.Id == team.Id || rteam.Id == team2.Id || rteam.Id == th.BasicTeam.Id {
   975  				if rteam.Email == "" {
   976  					t.Fatal("should not have sanitized email")
   977  				}
   978  			}
   979  		}
   980  	})
   981  
   982  	t.Run("system admin", func(t *testing.T) {
   983  		rteams, resp := th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: t.Name()})
   984  		CheckNoError(t, resp)
   985  		for _, rteam := range rteams {
   986  			if rteam.Email == "" {
   987  				t.Fatal("should not have sanitized email")
   988  			}
   989  		}
   990  	})
   991  }
   992  
   993  func TestGetTeamsForUser(t *testing.T) {
   994  	th := Setup().InitBasic()
   995  	defer th.TearDown()
   996  	Client := th.Client
   997  
   998  	team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE}
   999  	rteam2, _ := Client.CreateTeam(team2)
  1000  
  1001  	teams, resp := Client.GetTeamsForUser(th.BasicUser.Id, "")
  1002  	CheckNoError(t, resp)
  1003  
  1004  	if len(teams) != 2 {
  1005  		t.Fatal("wrong number of teams")
  1006  	}
  1007  
  1008  	found1 := false
  1009  	found2 := false
  1010  	for _, t := range teams {
  1011  		if t.Id == th.BasicTeam.Id {
  1012  			found1 = true
  1013  		} else if t.Id == rteam2.Id {
  1014  			found2 = true
  1015  		}
  1016  	}
  1017  
  1018  	if !found1 || !found2 {
  1019  		t.Fatal("missing team")
  1020  	}
  1021  
  1022  	_, resp = Client.GetTeamsForUser("junk", "")
  1023  	CheckBadRequestStatus(t, resp)
  1024  
  1025  	_, resp = Client.GetTeamsForUser(model.NewId(), "")
  1026  	CheckForbiddenStatus(t, resp)
  1027  
  1028  	_, resp = Client.GetTeamsForUser(th.BasicUser2.Id, "")
  1029  	CheckForbiddenStatus(t, resp)
  1030  
  1031  	_, resp = th.SystemAdminClient.GetTeamsForUser(th.BasicUser2.Id, "")
  1032  	CheckNoError(t, resp)
  1033  }
  1034  
  1035  func TestGetTeamsForUserSanitization(t *testing.T) {
  1036  	th := Setup().InitBasic()
  1037  	defer th.TearDown()
  1038  
  1039  	team, resp := th.Client.CreateTeam(&model.Team{
  1040  		DisplayName:    t.Name() + "_1",
  1041  		Name:           GenerateTestTeamName(),
  1042  		Email:          th.GenerateTestEmail(),
  1043  		Type:           model.TEAM_OPEN,
  1044  		AllowedDomains: "simulator.amazonses.com,dockerhost",
  1045  	})
  1046  	CheckNoError(t, resp)
  1047  	team2, resp := th.Client.CreateTeam(&model.Team{
  1048  		DisplayName:    t.Name() + "_2",
  1049  		Name:           GenerateTestTeamName(),
  1050  		Email:          th.GenerateTestEmail(),
  1051  		Type:           model.TEAM_OPEN,
  1052  		AllowedDomains: "simulator.amazonses.com,dockerhost",
  1053  	})
  1054  	CheckNoError(t, resp)
  1055  
  1056  	t.Run("team user", func(t *testing.T) {
  1057  		th.LinkUserToTeam(th.BasicUser2, team)
  1058  		th.LinkUserToTeam(th.BasicUser2, team2)
  1059  
  1060  		client := th.CreateClient()
  1061  		th.LoginBasic2WithClient(client)
  1062  
  1063  		rteams, resp := client.GetTeamsForUser(th.BasicUser2.Id, "")
  1064  		CheckNoError(t, resp)
  1065  		for _, rteam := range rteams {
  1066  			if rteam.Id != team.Id && rteam.Id != team2.Id {
  1067  				continue
  1068  			}
  1069  
  1070  			if rteam.Email != "" {
  1071  				t.Fatal("should've sanitized email")
  1072  			}
  1073  		}
  1074  	})
  1075  
  1076  	t.Run("team admin", func(t *testing.T) {
  1077  		rteams, resp := th.Client.GetTeamsForUser(th.BasicUser.Id, "")
  1078  		CheckNoError(t, resp)
  1079  		for _, rteam := range rteams {
  1080  			if rteam.Id != team.Id && rteam.Id != team2.Id {
  1081  				continue
  1082  			}
  1083  
  1084  			if rteam.Email == "" {
  1085  				t.Fatal("should not have sanitized email")
  1086  			}
  1087  		}
  1088  	})
  1089  
  1090  	t.Run("system admin", func(t *testing.T) {
  1091  		rteams, resp := th.SystemAdminClient.GetTeamsForUser(th.BasicUser.Id, "")
  1092  		CheckNoError(t, resp)
  1093  		for _, rteam := range rteams {
  1094  			if rteam.Id != team.Id && rteam.Id != team2.Id {
  1095  				continue
  1096  			}
  1097  
  1098  			if rteam.Email == "" {
  1099  				t.Fatal("should not have sanitized email")
  1100  			}
  1101  		}
  1102  	})
  1103  }
  1104  
  1105  func TestGetTeamMember(t *testing.T) {
  1106  	th := Setup().InitBasic()
  1107  	defer th.TearDown()
  1108  	Client := th.Client
  1109  	team := th.BasicTeam
  1110  	user := th.BasicUser
  1111  
  1112  	rmember, resp := Client.GetTeamMember(team.Id, user.Id, "")
  1113  	CheckNoError(t, resp)
  1114  
  1115  	if rmember.TeamId != team.Id {
  1116  		t.Fatal("wrong team id")
  1117  	}
  1118  
  1119  	if rmember.UserId != user.Id {
  1120  		t.Fatal("wrong team id")
  1121  	}
  1122  
  1123  	_, resp = Client.GetTeamMember("junk", user.Id, "")
  1124  	CheckBadRequestStatus(t, resp)
  1125  
  1126  	_, resp = Client.GetTeamMember(team.Id, "junk", "")
  1127  	CheckBadRequestStatus(t, resp)
  1128  
  1129  	_, resp = Client.GetTeamMember("junk", "junk", "")
  1130  	CheckBadRequestStatus(t, resp)
  1131  
  1132  	_, resp = Client.GetTeamMember(team.Id, model.NewId(), "")
  1133  	CheckNotFoundStatus(t, resp)
  1134  
  1135  	_, resp = Client.GetTeamMember(model.NewId(), user.Id, "")
  1136  	CheckForbiddenStatus(t, resp)
  1137  
  1138  	_, resp = th.SystemAdminClient.GetTeamMember(team.Id, user.Id, "")
  1139  	CheckNoError(t, resp)
  1140  }
  1141  
  1142  func TestGetTeamMembers(t *testing.T) {
  1143  	th := Setup().InitBasic()
  1144  	defer th.TearDown()
  1145  	Client := th.Client
  1146  	team := th.BasicTeam
  1147  	userNotMember := th.CreateUser()
  1148  
  1149  	rmembers, resp := Client.GetTeamMembers(team.Id, 0, 100, "")
  1150  	CheckNoError(t, resp)
  1151  
  1152  	t.Logf("rmembers count %v\n", len(rmembers))
  1153  
  1154  	if len(rmembers) == 0 {
  1155  		t.Fatal("should have results")
  1156  	}
  1157  
  1158  	for _, rmember := range rmembers {
  1159  		if rmember.TeamId != team.Id || rmember.UserId == userNotMember.Id {
  1160  			t.Fatal("user should be a member of team")
  1161  		}
  1162  	}
  1163  
  1164  	rmembers, resp = Client.GetTeamMembers(team.Id, 0, 1, "")
  1165  	CheckNoError(t, resp)
  1166  	if len(rmembers) != 1 {
  1167  		t.Fatal("should be 1 per page")
  1168  	}
  1169  
  1170  	rmembers, resp = Client.GetTeamMembers(team.Id, 1, 1, "")
  1171  	CheckNoError(t, resp)
  1172  	if len(rmembers) != 1 {
  1173  		t.Fatal("should be 1 per page")
  1174  	}
  1175  
  1176  	rmembers, resp = Client.GetTeamMembers(team.Id, 10000, 100, "")
  1177  	CheckNoError(t, resp)
  1178  	if len(rmembers) != 0 {
  1179  		t.Fatal("should be no member")
  1180  	}
  1181  
  1182  	rmembers, resp = Client.GetTeamMembers(team.Id, 0, 2, "")
  1183  	CheckNoError(t, resp)
  1184  	rmembers2, resp := Client.GetTeamMembers(team.Id, 1, 2, "")
  1185  	CheckNoError(t, resp)
  1186  
  1187  	for _, tm1 := range rmembers {
  1188  		for _, tm2 := range rmembers2 {
  1189  			assert.NotEqual(t, tm1.UserId+tm1.TeamId, tm2.UserId+tm2.TeamId, "different pages should not have the same members")
  1190  		}
  1191  	}
  1192  
  1193  	_, resp = Client.GetTeamMembers("junk", 0, 100, "")
  1194  	CheckBadRequestStatus(t, resp)
  1195  
  1196  	_, resp = Client.GetTeamMembers(model.NewId(), 0, 100, "")
  1197  	CheckForbiddenStatus(t, resp)
  1198  
  1199  	Client.Logout()
  1200  	_, resp = Client.GetTeamMembers(team.Id, 0, 1, "")
  1201  	CheckUnauthorizedStatus(t, resp)
  1202  
  1203  	_, resp = th.SystemAdminClient.GetTeamMembers(team.Id, 0, 100, "")
  1204  	CheckNoError(t, resp)
  1205  }
  1206  
  1207  func TestGetTeamMembersForUser(t *testing.T) {
  1208  	th := Setup().InitBasic()
  1209  	defer th.TearDown()
  1210  	Client := th.Client
  1211  
  1212  	members, resp := Client.GetTeamMembersForUser(th.BasicUser.Id, "")
  1213  	CheckNoError(t, resp)
  1214  
  1215  	found := false
  1216  	for _, m := range members {
  1217  		if m.TeamId == th.BasicTeam.Id {
  1218  			found = true
  1219  		}
  1220  	}
  1221  
  1222  	if !found {
  1223  		t.Fatal("missing team member")
  1224  	}
  1225  
  1226  	_, resp = Client.GetTeamMembersForUser("junk", "")
  1227  	CheckBadRequestStatus(t, resp)
  1228  
  1229  	_, resp = Client.GetTeamMembersForUser(model.NewId(), "")
  1230  	CheckForbiddenStatus(t, resp)
  1231  
  1232  	Client.Logout()
  1233  	_, resp = Client.GetTeamMembersForUser(th.BasicUser.Id, "")
  1234  	CheckUnauthorizedStatus(t, resp)
  1235  
  1236  	user := th.CreateUser()
  1237  	Client.Login(user.Email, user.Password)
  1238  	_, resp = Client.GetTeamMembersForUser(th.BasicUser.Id, "")
  1239  	CheckForbiddenStatus(t, resp)
  1240  
  1241  	_, resp = th.SystemAdminClient.GetTeamMembersForUser(th.BasicUser.Id, "")
  1242  	CheckNoError(t, resp)
  1243  }
  1244  
  1245  func TestGetTeamMembersByIds(t *testing.T) {
  1246  	th := Setup().InitBasic()
  1247  	defer th.TearDown()
  1248  	Client := th.Client
  1249  
  1250  	tm, resp := Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{th.BasicUser.Id})
  1251  	CheckNoError(t, resp)
  1252  
  1253  	if tm[0].UserId != th.BasicUser.Id {
  1254  		t.Fatal("returned wrong user")
  1255  	}
  1256  
  1257  	_, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{})
  1258  	CheckBadRequestStatus(t, resp)
  1259  
  1260  	tm1, resp := Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{"junk"})
  1261  	CheckNoError(t, resp)
  1262  	if len(tm1) > 0 {
  1263  		t.Fatal("no users should be returned")
  1264  	}
  1265  
  1266  	tm1, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{"junk", th.BasicUser.Id})
  1267  	CheckNoError(t, resp)
  1268  	if len(tm1) != 1 {
  1269  		t.Fatal("1 user should be returned")
  1270  	}
  1271  
  1272  	_, resp = Client.GetTeamMembersByIds("junk", []string{th.BasicUser.Id})
  1273  	CheckBadRequestStatus(t, resp)
  1274  
  1275  	_, resp = Client.GetTeamMembersByIds(model.NewId(), []string{th.BasicUser.Id})
  1276  	CheckForbiddenStatus(t, resp)
  1277  
  1278  	Client.Logout()
  1279  	_, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{th.BasicUser.Id})
  1280  	CheckUnauthorizedStatus(t, resp)
  1281  }
  1282  
  1283  func TestAddTeamMember(t *testing.T) {
  1284  	th := Setup().InitBasic()
  1285  	defer th.TearDown()
  1286  	Client := th.Client
  1287  	team := th.BasicTeam
  1288  	otherUser := th.CreateUser()
  1289  
  1290  	if err := th.App.RemoveUserFromTeam(th.BasicTeam.Id, th.BasicUser2.Id, ""); err != nil {
  1291  		t.Fatalf(err.Error())
  1292  	}
  1293  
  1294  	// Regular user can't add a member to a team they don't belong to.
  1295  	th.LoginBasic2()
  1296  	_, resp := Client.AddTeamMember(team.Id, otherUser.Id)
  1297  	CheckForbiddenStatus(t, resp)
  1298  	if resp.Error == nil {
  1299  		t.Fatalf("Error is nil")
  1300  	}
  1301  	Client.Logout()
  1302  
  1303  	// Regular user can add a member to a team they belong to.
  1304  	th.LoginBasic()
  1305  	tm, resp := Client.AddTeamMember(team.Id, otherUser.Id)
  1306  	CheckNoError(t, resp)
  1307  	CheckCreatedStatus(t, resp)
  1308  
  1309  	// Check all the returned data.
  1310  	if tm == nil {
  1311  		t.Fatal("should have returned team member")
  1312  	}
  1313  
  1314  	if tm.UserId != otherUser.Id {
  1315  		t.Fatal("user ids should have matched")
  1316  	}
  1317  
  1318  	if tm.TeamId != team.Id {
  1319  		t.Fatal("team ids should have matched")
  1320  	}
  1321  
  1322  	// Check with various invalid requests.
  1323  	tm, resp = Client.AddTeamMember(team.Id, "junk")
  1324  	CheckBadRequestStatus(t, resp)
  1325  
  1326  	if tm != nil {
  1327  		t.Fatal("should have not returned team member")
  1328  	}
  1329  
  1330  	_, resp = Client.AddTeamMember("junk", otherUser.Id)
  1331  	CheckBadRequestStatus(t, resp)
  1332  
  1333  	_, resp = Client.AddTeamMember(GenerateTestId(), otherUser.Id)
  1334  	CheckForbiddenStatus(t, resp)
  1335  
  1336  	_, resp = Client.AddTeamMember(team.Id, GenerateTestId())
  1337  	CheckNotFoundStatus(t, resp)
  1338  
  1339  	Client.Logout()
  1340  
  1341  	// Check the appropriate permissions are enforced.
  1342  	defaultRolePermissions := th.SaveDefaultRolePermissions()
  1343  	defer func() {
  1344  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
  1345  	}()
  1346  
  1347  	// Set the config so that only team admins can add a user to a team.
  1348  	th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID)
  1349  	th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID)
  1350  	th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID)
  1351  	th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID)
  1352  
  1353  	th.LoginBasic()
  1354  
  1355  	// Check that a regular user can't add someone to the team.
  1356  	_, resp = Client.AddTeamMember(team.Id, otherUser.Id)
  1357  	CheckForbiddenStatus(t, resp)
  1358  
  1359  	// Update user to team admin
  1360  	th.UpdateUserToTeamAdmin(th.BasicUser, th.BasicTeam)
  1361  	th.App.InvalidateAllCaches()
  1362  	th.LoginBasic()
  1363  
  1364  	// Should work as a team admin.
  1365  	_, resp = Client.AddTeamMember(team.Id, otherUser.Id)
  1366  	CheckNoError(t, resp)
  1367  
  1368  	// Change permission level to team user
  1369  	th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID)
  1370  	th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID)
  1371  	th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID)
  1372  	th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID)
  1373  
  1374  	th.UpdateUserToNonTeamAdmin(th.BasicUser, th.BasicTeam)
  1375  	th.App.InvalidateAllCaches()
  1376  	th.LoginBasic()
  1377  
  1378  	// Should work as a regular user.
  1379  	_, resp = Client.AddTeamMember(team.Id, otherUser.Id)
  1380  	CheckNoError(t, resp)
  1381  
  1382  	// by token
  1383  	Client.Login(otherUser.Email, otherUser.Password)
  1384  
  1385  	token := model.NewToken(
  1386  		app.TOKEN_TYPE_TEAM_INVITATION,
  1387  		model.MapToJson(map[string]string{"teamId": team.Id}),
  1388  	)
  1389  	<-th.App.Srv.Store.Token().Save(token)
  1390  
  1391  	tm, resp = Client.AddTeamMemberFromInvite(token.Token, "")
  1392  	CheckNoError(t, resp)
  1393  
  1394  	if tm == nil {
  1395  		t.Fatal("should have returned team member")
  1396  	}
  1397  
  1398  	if tm.UserId != otherUser.Id {
  1399  		t.Fatal("user ids should have matched")
  1400  	}
  1401  
  1402  	if tm.TeamId != team.Id {
  1403  		t.Fatal("team ids should have matched")
  1404  	}
  1405  
  1406  	if result := <-th.App.Srv.Store.Token().GetByToken(token.Token); result.Err == nil {
  1407  		t.Fatal("The token must be deleted after be used")
  1408  	}
  1409  
  1410  	tm, resp = Client.AddTeamMemberFromInvite("junk", "")
  1411  	CheckBadRequestStatus(t, resp)
  1412  
  1413  	if tm != nil {
  1414  		t.Fatal("should have not returned team member")
  1415  	}
  1416  
  1417  	// expired token of more than 50 hours
  1418  	token = model.NewToken(app.TOKEN_TYPE_TEAM_INVITATION, "")
  1419  	token.CreateAt = model.GetMillis() - 1000*60*60*50
  1420  	<-th.App.Srv.Store.Token().Save(token)
  1421  
  1422  	_, resp = Client.AddTeamMemberFromInvite(token.Token, "")
  1423  	CheckBadRequestStatus(t, resp)
  1424  	th.App.DeleteToken(token)
  1425  
  1426  	// invalid team id
  1427  	testId := GenerateTestId()
  1428  	token = model.NewToken(
  1429  		app.TOKEN_TYPE_TEAM_INVITATION,
  1430  		model.MapToJson(map[string]string{"teamId": testId}),
  1431  	)
  1432  	<-th.App.Srv.Store.Token().Save(token)
  1433  
  1434  	_, resp = Client.AddTeamMemberFromInvite(token.Token, "")
  1435  	CheckNotFoundStatus(t, resp)
  1436  	th.App.DeleteToken(token)
  1437  
  1438  	// by invite_id
  1439  	Client.Login(otherUser.Email, otherUser.Password)
  1440  
  1441  	tm, resp = Client.AddTeamMemberFromInvite("", team.InviteId)
  1442  	CheckNoError(t, resp)
  1443  
  1444  	if tm == nil {
  1445  		t.Fatal("should have returned team member")
  1446  	}
  1447  
  1448  	if tm.UserId != otherUser.Id {
  1449  		t.Fatal("user ids should have matched")
  1450  	}
  1451  
  1452  	if tm.TeamId != team.Id {
  1453  		t.Fatal("team ids should have matched")
  1454  	}
  1455  
  1456  	tm, resp = Client.AddTeamMemberFromInvite("", "junk")
  1457  	CheckNotFoundStatus(t, resp)
  1458  
  1459  	if tm != nil {
  1460  		t.Fatal("should have not returned team member")
  1461  	}
  1462  }
  1463  
  1464  func TestAddTeamMemberMyself(t *testing.T) {
  1465  	th := Setup().InitBasic()
  1466  	defer th.TearDown()
  1467  	Client := th.Client
  1468  
  1469  	// Check the appropriate permissions are enforced.
  1470  	defaultRolePermissions := th.SaveDefaultRolePermissions()
  1471  	defer func() {
  1472  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
  1473  	}()
  1474  
  1475  	th.LoginBasic()
  1476  
  1477  	testCases := []struct {
  1478  		Name              string
  1479  		Public            bool
  1480  		PublicPermission  bool
  1481  		PrivatePermission bool
  1482  		ExpectedSuccess   bool
  1483  	}{
  1484  		{
  1485  			Name:              "Try to join an open team without the permissions",
  1486  			Public:            true,
  1487  			PublicPermission:  false,
  1488  			PrivatePermission: false,
  1489  			ExpectedSuccess:   false,
  1490  		},
  1491  		{
  1492  			Name:              "Try to join a private team without the permissions",
  1493  			Public:            false,
  1494  			PublicPermission:  false,
  1495  			PrivatePermission: false,
  1496  			ExpectedSuccess:   false,
  1497  		},
  1498  		{
  1499  			Name:              "Try to join an open team without public permission but with private permissions",
  1500  			Public:            true,
  1501  			PublicPermission:  false,
  1502  			PrivatePermission: true,
  1503  			ExpectedSuccess:   false,
  1504  		},
  1505  		{
  1506  			Name:              "Try to join a private team without private permission but with public permission",
  1507  			Public:            false,
  1508  			PublicPermission:  true,
  1509  			PrivatePermission: false,
  1510  			ExpectedSuccess:   false,
  1511  		},
  1512  		{
  1513  			Name:              "Join an open team with the permissions",
  1514  			Public:            true,
  1515  			PublicPermission:  true,
  1516  			PrivatePermission: false,
  1517  			ExpectedSuccess:   true,
  1518  		},
  1519  		{
  1520  			Name:              "Join a private team with the permissions",
  1521  			Public:            false,
  1522  			PublicPermission:  false,
  1523  			PrivatePermission: true,
  1524  			ExpectedSuccess:   true,
  1525  		},
  1526  	}
  1527  
  1528  	for _, tc := range testCases {
  1529  		t.Run(tc.Name, func(t *testing.T) {
  1530  			team := th.CreateTeam()
  1531  			team.AllowOpenInvite = tc.Public
  1532  			th.App.UpdateTeam(team)
  1533  			if tc.PublicPermission {
  1534  				th.AddPermissionToRole(model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, model.SYSTEM_USER_ROLE_ID)
  1535  			} else {
  1536  				th.RemovePermissionFromRole(model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, model.SYSTEM_USER_ROLE_ID)
  1537  			}
  1538  			if tc.PrivatePermission {
  1539  				th.AddPermissionToRole(model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, model.SYSTEM_USER_ROLE_ID)
  1540  			} else {
  1541  				th.RemovePermissionFromRole(model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, model.SYSTEM_USER_ROLE_ID)
  1542  			}
  1543  			_, resp := Client.AddTeamMember(team.Id, th.BasicUser.Id)
  1544  			if tc.ExpectedSuccess {
  1545  				CheckNoError(t, resp)
  1546  			} else {
  1547  				CheckForbiddenStatus(t, resp)
  1548  			}
  1549  		})
  1550  	}
  1551  
  1552  }
  1553  
  1554  func TestAddTeamMembers(t *testing.T) {
  1555  	th := Setup().InitBasic()
  1556  	defer th.TearDown()
  1557  	Client := th.Client
  1558  	team := th.BasicTeam
  1559  	otherUser := th.CreateUser()
  1560  	userList := []string{
  1561  		otherUser.Id,
  1562  	}
  1563  
  1564  	if err := th.App.RemoveUserFromTeam(th.BasicTeam.Id, th.BasicUser2.Id, ""); err != nil {
  1565  		t.Fatalf(err.Error())
  1566  	}
  1567  
  1568  	// Regular user can't add a member to a team they don't belong to.
  1569  	th.LoginBasic2()
  1570  	_, resp := Client.AddTeamMembers(team.Id, userList)
  1571  	CheckForbiddenStatus(t, resp)
  1572  	Client.Logout()
  1573  
  1574  	// Regular user can add a member to a team they belong to.
  1575  	th.LoginBasic()
  1576  	tm, resp := Client.AddTeamMembers(team.Id, userList)
  1577  	CheckNoError(t, resp)
  1578  	CheckCreatedStatus(t, resp)
  1579  
  1580  	// Check all the returned data.
  1581  	if tm[0] == nil {
  1582  		t.Fatal("should have returned team member")
  1583  	}
  1584  
  1585  	if tm[0].UserId != otherUser.Id {
  1586  		t.Fatal("user ids should have matched")
  1587  	}
  1588  
  1589  	if tm[0].TeamId != team.Id {
  1590  		t.Fatal("team ids should have matched")
  1591  	}
  1592  
  1593  	// Check with various invalid requests.
  1594  	_, resp = Client.AddTeamMembers("junk", userList)
  1595  	CheckBadRequestStatus(t, resp)
  1596  
  1597  	_, resp = Client.AddTeamMembers(GenerateTestId(), userList)
  1598  	CheckForbiddenStatus(t, resp)
  1599  
  1600  	testUserList := append(userList, GenerateTestId())
  1601  	_, resp = Client.AddTeamMembers(team.Id, testUserList)
  1602  	CheckNotFoundStatus(t, resp)
  1603  
  1604  	// Test with many users.
  1605  	for i := 0; i < 25; i++ {
  1606  		testUserList = append(testUserList, GenerateTestId())
  1607  	}
  1608  	_, resp = Client.AddTeamMembers(team.Id, testUserList)
  1609  	CheckBadRequestStatus(t, resp)
  1610  
  1611  	Client.Logout()
  1612  
  1613  	// Check the appropriate permissions are enforced.
  1614  	defaultRolePermissions := th.SaveDefaultRolePermissions()
  1615  	defer func() {
  1616  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
  1617  	}()
  1618  
  1619  	// Set the config so that only team admins can add a user to a team.
  1620  	th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID)
  1621  	th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID)
  1622  	th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID)
  1623  	th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID)
  1624  
  1625  	th.LoginBasic()
  1626  
  1627  	// Check that a regular user can't add someone to the team.
  1628  	_, resp = Client.AddTeamMembers(team.Id, userList)
  1629  	CheckForbiddenStatus(t, resp)
  1630  
  1631  	// Update user to team admin
  1632  	th.UpdateUserToTeamAdmin(th.BasicUser, th.BasicTeam)
  1633  	th.App.InvalidateAllCaches()
  1634  	th.LoginBasic()
  1635  
  1636  	// Should work as a team admin.
  1637  	_, resp = Client.AddTeamMembers(team.Id, userList)
  1638  	CheckNoError(t, resp)
  1639  
  1640  	// Change permission level to team user
  1641  	th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID)
  1642  	th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID)
  1643  	th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID)
  1644  	th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID)
  1645  
  1646  	th.UpdateUserToNonTeamAdmin(th.BasicUser, th.BasicTeam)
  1647  	th.App.InvalidateAllCaches()
  1648  	th.LoginBasic()
  1649  
  1650  	// Should work as a regular user.
  1651  	_, resp = Client.AddTeamMembers(team.Id, userList)
  1652  	CheckNoError(t, resp)
  1653  }
  1654  
  1655  func TestRemoveTeamMember(t *testing.T) {
  1656  	th := Setup().InitBasic()
  1657  	defer th.TearDown()
  1658  	Client := th.Client
  1659  
  1660  	pass, resp := Client.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser.Id)
  1661  	CheckNoError(t, resp)
  1662  
  1663  	if !pass {
  1664  		t.Fatal("should have passed")
  1665  	}
  1666  
  1667  	_, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, th.BasicUser.Id)
  1668  	CheckNoError(t, resp)
  1669  
  1670  	_, resp = Client.RemoveTeamMember(th.BasicTeam.Id, "junk")
  1671  	CheckBadRequestStatus(t, resp)
  1672  
  1673  	_, resp = Client.RemoveTeamMember("junk", th.BasicUser2.Id)
  1674  	CheckBadRequestStatus(t, resp)
  1675  
  1676  	_, resp = Client.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser2.Id)
  1677  	CheckForbiddenStatus(t, resp)
  1678  
  1679  	_, resp = Client.RemoveTeamMember(model.NewId(), th.BasicUser.Id)
  1680  	CheckNotFoundStatus(t, resp)
  1681  
  1682  	_, resp = th.SystemAdminClient.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser.Id)
  1683  	CheckNoError(t, resp)
  1684  }
  1685  
  1686  func TestGetTeamStats(t *testing.T) {
  1687  	th := Setup().InitBasic()
  1688  	defer th.TearDown()
  1689  	Client := th.Client
  1690  	team := th.BasicTeam
  1691  
  1692  	rstats, resp := Client.GetTeamStats(team.Id, "")
  1693  	CheckNoError(t, resp)
  1694  
  1695  	if rstats.TeamId != team.Id {
  1696  		t.Fatal("wrong team id")
  1697  	}
  1698  
  1699  	if rstats.TotalMemberCount != 3 {
  1700  		t.Fatal("wrong count")
  1701  	}
  1702  
  1703  	if rstats.ActiveMemberCount != 3 {
  1704  		t.Fatal("wrong count")
  1705  	}
  1706  
  1707  	_, resp = Client.GetTeamStats("junk", "")
  1708  	CheckBadRequestStatus(t, resp)
  1709  
  1710  	_, resp = Client.GetTeamStats(model.NewId(), "")
  1711  	CheckForbiddenStatus(t, resp)
  1712  
  1713  	_, resp = th.SystemAdminClient.GetTeamStats(team.Id, "")
  1714  	CheckNoError(t, resp)
  1715  
  1716  	// deactivate BasicUser2
  1717  	th.UpdateActiveUser(th.BasicUser2, false)
  1718  
  1719  	rstats, resp = th.SystemAdminClient.GetTeamStats(team.Id, "")
  1720  	CheckNoError(t, resp)
  1721  
  1722  	if rstats.TotalMemberCount != 3 {
  1723  		t.Fatal("wrong count")
  1724  	}
  1725  
  1726  	if rstats.ActiveMemberCount != 2 {
  1727  		t.Fatal("wrong count")
  1728  	}
  1729  
  1730  	// login with different user and test if forbidden
  1731  	user := th.CreateUser()
  1732  	Client.Login(user.Email, user.Password)
  1733  	_, resp = Client.GetTeamStats(th.BasicTeam.Id, "")
  1734  	CheckForbiddenStatus(t, resp)
  1735  
  1736  	Client.Logout()
  1737  	_, resp = Client.GetTeamStats(th.BasicTeam.Id, "")
  1738  	CheckUnauthorizedStatus(t, resp)
  1739  }
  1740  
  1741  func TestUpdateTeamMemberRoles(t *testing.T) {
  1742  	th := Setup().InitBasic()
  1743  	defer th.TearDown()
  1744  	Client := th.Client
  1745  	SystemAdminClient := th.SystemAdminClient
  1746  
  1747  	const TEAM_MEMBER = "team_user"
  1748  	const TEAM_ADMIN = "team_user team_admin"
  1749  
  1750  	// user 1 tries to promote user 2
  1751  	ok, resp := Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN)
  1752  	CheckForbiddenStatus(t, resp)
  1753  	if ok {
  1754  		t.Fatal("should have returned false")
  1755  	}
  1756  
  1757  	// user 1 tries to promote himself
  1758  	_, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_ADMIN)
  1759  	CheckForbiddenStatus(t, resp)
  1760  
  1761  	// user 1 tries to demote someone
  1762  	_, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER)
  1763  	CheckForbiddenStatus(t, resp)
  1764  
  1765  	// system admin promotes user 1
  1766  	ok, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_ADMIN)
  1767  	CheckNoError(t, resp)
  1768  	if !ok {
  1769  		t.Fatal("should have returned true")
  1770  	}
  1771  
  1772  	// user 1 (team admin) promotes user 2
  1773  	_, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN)
  1774  	CheckNoError(t, resp)
  1775  
  1776  	// user 1 (team admin) demotes user 2 (team admin)
  1777  	_, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_MEMBER)
  1778  	CheckNoError(t, resp)
  1779  
  1780  	// user 1 (team admin) tries to demote system admin (not member of a team)
  1781  	_, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER)
  1782  	CheckNotFoundStatus(t, resp)
  1783  
  1784  	// user 1 (team admin) demotes system admin (member of a team)
  1785  	th.LinkUserToTeam(th.SystemAdminUser, th.BasicTeam)
  1786  	_, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER)
  1787  	CheckNoError(t, resp)
  1788  	// Note from API v3
  1789  	// Note to anyone who thinks this (above) test is wrong:
  1790  	// This operation will not affect the system admin's permissions because they have global access to all teams.
  1791  	// Their team level permissions are irrelevant. A team admin should be able to manage team level permissions.
  1792  
  1793  	// System admins should be able to manipulate permission no matter what their team level permissions are.
  1794  	// system admin promotes user 2
  1795  	_, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN)
  1796  	CheckNoError(t, resp)
  1797  
  1798  	// system admin demotes user 2 (team admin)
  1799  	_, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_MEMBER)
  1800  	CheckNoError(t, resp)
  1801  
  1802  	// user 1 (team admin) tries to promote himself to a random team
  1803  	_, resp = Client.UpdateTeamMemberRoles(model.NewId(), th.BasicUser.Id, TEAM_ADMIN)
  1804  	CheckForbiddenStatus(t, resp)
  1805  
  1806  	// user 1 (team admin) tries to promote a random user
  1807  	_, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, model.NewId(), TEAM_ADMIN)
  1808  	CheckNotFoundStatus(t, resp)
  1809  
  1810  	// user 1 (team admin) tries to promote invalid team permission
  1811  	_, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, "junk")
  1812  	CheckBadRequestStatus(t, resp)
  1813  
  1814  	// user 1 (team admin) demotes himself
  1815  	_, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_MEMBER)
  1816  	CheckNoError(t, resp)
  1817  }
  1818  
  1819  func TestUpdateTeamMemberSchemeRoles(t *testing.T) {
  1820  	th := Setup().InitBasic()
  1821  	defer th.TearDown()
  1822  	SystemAdminClient := th.SystemAdminClient
  1823  	th.LoginBasic()
  1824  
  1825  	s1 := &model.SchemeRoles{
  1826  		SchemeAdmin: false,
  1827  		SchemeUser:  false,
  1828  	}
  1829  	_, r1 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s1)
  1830  	CheckNoError(t, r1)
  1831  
  1832  	tm1, rtm1 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "")
  1833  	CheckNoError(t, rtm1)
  1834  	assert.Equal(t, false, tm1.SchemeUser)
  1835  	assert.Equal(t, false, tm1.SchemeAdmin)
  1836  
  1837  	s2 := &model.SchemeRoles{
  1838  		SchemeAdmin: false,
  1839  		SchemeUser:  true,
  1840  	}
  1841  	_, r2 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s2)
  1842  	CheckNoError(t, r2)
  1843  
  1844  	tm2, rtm2 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "")
  1845  	CheckNoError(t, rtm2)
  1846  	assert.Equal(t, true, tm2.SchemeUser)
  1847  	assert.Equal(t, false, tm2.SchemeAdmin)
  1848  
  1849  	s3 := &model.SchemeRoles{
  1850  		SchemeAdmin: true,
  1851  		SchemeUser:  false,
  1852  	}
  1853  	_, r3 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s3)
  1854  	CheckNoError(t, r3)
  1855  
  1856  	tm3, rtm3 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "")
  1857  	CheckNoError(t, rtm3)
  1858  	assert.Equal(t, false, tm3.SchemeUser)
  1859  	assert.Equal(t, true, tm3.SchemeAdmin)
  1860  
  1861  	s4 := &model.SchemeRoles{
  1862  		SchemeAdmin: true,
  1863  		SchemeUser:  true,
  1864  	}
  1865  	_, r4 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s4)
  1866  	CheckNoError(t, r4)
  1867  
  1868  	tm4, rtm4 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "")
  1869  	CheckNoError(t, rtm4)
  1870  	assert.Equal(t, true, tm4.SchemeUser)
  1871  	assert.Equal(t, true, tm4.SchemeAdmin)
  1872  
  1873  	_, resp := SystemAdminClient.UpdateTeamMemberSchemeRoles(model.NewId(), th.BasicUser.Id, s4)
  1874  	CheckNotFoundStatus(t, resp)
  1875  
  1876  	_, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, model.NewId(), s4)
  1877  	CheckNotFoundStatus(t, resp)
  1878  
  1879  	_, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles("ASDF", th.BasicUser.Id, s4)
  1880  	CheckBadRequestStatus(t, resp)
  1881  
  1882  	_, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, "ASDF", s4)
  1883  	CheckBadRequestStatus(t, resp)
  1884  
  1885  	th.LoginBasic2()
  1886  	_, resp = th.Client.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s4)
  1887  	CheckForbiddenStatus(t, resp)
  1888  
  1889  	SystemAdminClient.Logout()
  1890  	_, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, s4)
  1891  	CheckUnauthorizedStatus(t, resp)
  1892  }
  1893  
  1894  func TestGetMyTeamsUnread(t *testing.T) {
  1895  	th := Setup().InitBasic()
  1896  	defer th.TearDown()
  1897  	Client := th.Client
  1898  
  1899  	user := th.BasicUser
  1900  	Client.Login(user.Email, user.Password)
  1901  
  1902  	teams, resp := Client.GetTeamsUnreadForUser(user.Id, "")
  1903  	CheckNoError(t, resp)
  1904  	if len(teams) == 0 {
  1905  		t.Fatal("should have results")
  1906  	}
  1907  
  1908  	teams, resp = Client.GetTeamsUnreadForUser(user.Id, th.BasicTeam.Id)
  1909  	CheckNoError(t, resp)
  1910  	if len(teams) != 0 {
  1911  		t.Fatal("should not have results")
  1912  	}
  1913  
  1914  	_, resp = Client.GetTeamsUnreadForUser("fail", "")
  1915  	CheckBadRequestStatus(t, resp)
  1916  
  1917  	_, resp = Client.GetTeamsUnreadForUser(model.NewId(), "")
  1918  	CheckForbiddenStatus(t, resp)
  1919  
  1920  	Client.Logout()
  1921  	_, resp = Client.GetTeamsUnreadForUser(user.Id, "")
  1922  	CheckUnauthorizedStatus(t, resp)
  1923  }
  1924  
  1925  func TestTeamExists(t *testing.T) {
  1926  	th := Setup().InitBasic()
  1927  	defer th.TearDown()
  1928  	Client := th.Client
  1929  	team := th.BasicTeam
  1930  
  1931  	th.LoginBasic()
  1932  
  1933  	exists, resp := Client.TeamExists(team.Name, "")
  1934  	CheckNoError(t, resp)
  1935  	if !exists {
  1936  		t.Fatal("team should exist")
  1937  	}
  1938  
  1939  	exists, resp = Client.TeamExists("testingteam", "")
  1940  	CheckNoError(t, resp)
  1941  	if exists {
  1942  		t.Fatal("team should not exist")
  1943  	}
  1944  
  1945  	Client.Logout()
  1946  	_, resp = Client.TeamExists(team.Name, "")
  1947  	CheckUnauthorizedStatus(t, resp)
  1948  }
  1949  
  1950  func TestImportTeam(t *testing.T) {
  1951  	th := Setup().InitBasic()
  1952  	defer th.TearDown()
  1953  
  1954  	t.Run("ImportTeam", func(t *testing.T) {
  1955  		var data []byte
  1956  		var err error
  1957  		data, err = testutils.ReadTestFile("Fake_Team_Import.zip")
  1958  		if err != nil && len(data) == 0 {
  1959  			t.Fatal("Error while reading the test file.")
  1960  		}
  1961  
  1962  		// Import the channels/users/posts
  1963  		fileResp, resp := th.SystemAdminClient.ImportTeam(data, binary.Size(data), "slack", "Fake_Team_Import.zip", th.BasicTeam.Id)
  1964  		CheckNoError(t, resp)
  1965  
  1966  		fileData, err := base64.StdEncoding.DecodeString(fileResp["results"])
  1967  		if err != nil {
  1968  			t.Fatal("failed to decode base64 results data")
  1969  		}
  1970  
  1971  		fileReturned := fmt.Sprintf("%s", fileData)
  1972  		if !strings.Contains(fileReturned, "darth.vader@stardeath.com") {
  1973  			t.Log(fileReturned)
  1974  			t.Fatal("failed to report the user was imported")
  1975  		}
  1976  
  1977  		// Checking the imported users
  1978  		importedUser, resp := th.SystemAdminClient.GetUserByUsername("bot_test", "")
  1979  		CheckNoError(t, resp)
  1980  		if importedUser.Username != "bot_test" {
  1981  			t.Fatal("username should match with the imported user")
  1982  		}
  1983  
  1984  		importedUser, resp = th.SystemAdminClient.GetUserByUsername("lordvader", "")
  1985  		CheckNoError(t, resp)
  1986  		if importedUser.Username != "lordvader" {
  1987  			t.Fatal("username should match with the imported user")
  1988  		}
  1989  
  1990  		// Checking the imported Channels
  1991  		importedChannel, resp := th.SystemAdminClient.GetChannelByName("testchannel", th.BasicTeam.Id, "")
  1992  		CheckNoError(t, resp)
  1993  		if importedChannel.Name != "testchannel" {
  1994  			t.Fatal("names did not match expected: testchannel")
  1995  		}
  1996  
  1997  		importedChannel, resp = th.SystemAdminClient.GetChannelByName("general", th.BasicTeam.Id, "")
  1998  		CheckNoError(t, resp)
  1999  		if importedChannel.Name != "general" {
  2000  			t.Fatal("names did not match expected: general")
  2001  		}
  2002  
  2003  		posts, resp := th.SystemAdminClient.GetPostsForChannel(importedChannel.Id, 0, 60, "")
  2004  		CheckNoError(t, resp)
  2005  		if posts.Posts[posts.Order[3]].Message != "This is a test post to test the import process" {
  2006  			t.Fatal("missing posts in the import process")
  2007  		}
  2008  	})
  2009  
  2010  	t.Run("MissingFile", func(t *testing.T) {
  2011  		_, resp := th.SystemAdminClient.ImportTeam(nil, 4343, "slack", "Fake_Team_Import.zip", th.BasicTeam.Id)
  2012  		CheckBadRequestStatus(t, resp)
  2013  	})
  2014  
  2015  	t.Run("WrongPermission", func(t *testing.T) {
  2016  		var data []byte
  2017  		var err error
  2018  		data, err = testutils.ReadTestFile("Fake_Team_Import.zip")
  2019  		if err != nil && len(data) == 0 {
  2020  			t.Fatal("Error while reading the test file.")
  2021  		}
  2022  
  2023  		// Import the channels/users/posts
  2024  		_, resp := th.Client.ImportTeam(data, binary.Size(data), "slack", "Fake_Team_Import.zip", th.BasicTeam.Id)
  2025  		CheckForbiddenStatus(t, resp)
  2026  	})
  2027  }
  2028  
  2029  func TestInviteUsersToTeam(t *testing.T) {
  2030  	th := Setup().InitBasic()
  2031  	defer th.TearDown()
  2032  
  2033  	user1 := th.GenerateTestEmail()
  2034  	user2 := th.GenerateTestEmail()
  2035  
  2036  	emailList := []string{user1, user2}
  2037  
  2038  	//Delete all the messages before check the sample email
  2039  	mailservice.DeleteMailBox(user1)
  2040  	mailservice.DeleteMailBox(user2)
  2041  
  2042  	enableEmailInvitations := *th.App.Config().ServiceSettings.EnableEmailInvitations
  2043  	restrictCreationToDomains := th.App.Config().TeamSettings.RestrictCreationToDomains
  2044  	defer func() {
  2045  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableEmailInvitations = &enableEmailInvitations })
  2046  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.TeamSettings.RestrictCreationToDomains = restrictCreationToDomains })
  2047  	}()
  2048  
  2049  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableEmailInvitations = false })
  2050  	_, resp := th.SystemAdminClient.InviteUsersToTeam(th.BasicTeam.Id, emailList)
  2051  	if resp.Error == nil {
  2052  		t.Fatal("Should be disabled")
  2053  	}
  2054  
  2055  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableEmailInvitations = true })
  2056  	okMsg, resp := th.SystemAdminClient.InviteUsersToTeam(th.BasicTeam.Id, emailList)
  2057  	CheckNoError(t, resp)
  2058  	if !okMsg {
  2059  		t.Fatal("should return true")
  2060  	}
  2061  
  2062  	nameFormat := *th.App.Config().TeamSettings.TeammateNameDisplay
  2063  	expectedSubject := utils.T("api.templates.invite_subject",
  2064  		map[string]interface{}{"SenderName": th.SystemAdminUser.GetDisplayName(nameFormat),
  2065  			"TeamDisplayName": th.BasicTeam.DisplayName,
  2066  			"SiteName":        th.App.ClientConfig()["SiteName"]})
  2067  
  2068  	//Check if the email was send to the rigth email address
  2069  	for _, email := range emailList {
  2070  		var resultsMailbox mailservice.JSONMessageHeaderInbucket
  2071  		err := mailservice.RetryInbucket(5, func() error {
  2072  			var err error
  2073  			resultsMailbox, err = mailservice.GetMailBox(email)
  2074  			return err
  2075  		})
  2076  		if err != nil {
  2077  			t.Log(err)
  2078  			t.Log("No email was received, maybe due load on the server. Disabling this verification")
  2079  		}
  2080  		if err == nil && len(resultsMailbox) > 0 {
  2081  			if !strings.ContainsAny(resultsMailbox[len(resultsMailbox)-1].To[0], email) {
  2082  				t.Fatal("Wrong To recipient")
  2083  			} else {
  2084  				if resultsEmail, err := mailservice.GetMessageFromMailbox(email, resultsMailbox[len(resultsMailbox)-1].ID); err == nil {
  2085  					if resultsEmail.Subject != expectedSubject {
  2086  						t.Log(resultsEmail.Subject)
  2087  						t.Log(expectedSubject)
  2088  						t.Fatal("Wrong Subject")
  2089  					}
  2090  				}
  2091  			}
  2092  		}
  2093  	}
  2094  
  2095  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictCreationToDomains = "@global.com,@common.com" })
  2096  
  2097  	t.Run("restricted domains", func(t *testing.T) {
  2098  		err := th.App.InviteNewUsersToTeam(emailList, th.BasicTeam.Id, th.BasicUser.Id)
  2099  
  2100  		if err == nil {
  2101  			t.Fatal("Adding users with non-restricted domains was allowed")
  2102  		}
  2103  		if err.Where != "InviteNewUsersToTeam" || err.Id != "api.team.invite_members.invalid_email.app_error" {
  2104  			t.Log(err)
  2105  			t.Fatal("Got wrong error message!")
  2106  		}
  2107  	})
  2108  
  2109  	t.Run("override restricted domains", func(t *testing.T) {
  2110  		th.BasicTeam.AllowedDomains = "invalid.com,common.com"
  2111  		if _, err := th.App.UpdateTeam(th.BasicTeam); err == nil {
  2112  			t.Fatal("Should not update the team")
  2113  		}
  2114  
  2115  		th.BasicTeam.AllowedDomains = "common.com"
  2116  		if _, err := th.App.UpdateTeam(th.BasicTeam); err != nil {
  2117  			t.Log(err)
  2118  			t.Fatal("Should update the team")
  2119  		}
  2120  
  2121  		if err := th.App.InviteNewUsersToTeam([]string{"test@global.com"}, th.BasicTeam.Id, th.BasicUser.Id); err == nil || err.Where != "InviteNewUsersToTeam" {
  2122  			t.Log(err)
  2123  			t.Fatal("Per team restriction should take precedence over the global restriction")
  2124  		}
  2125  
  2126  		if err := th.App.InviteNewUsersToTeam([]string{"test@common.com"}, th.BasicTeam.Id, th.BasicUser.Id); err != nil {
  2127  			t.Log(err)
  2128  			t.Fatal("Failed to invite user which was common between team and global domain restriction")
  2129  		}
  2130  
  2131  		if err := th.App.InviteNewUsersToTeam([]string{"test@invalid.com"}, th.BasicTeam.Id, th.BasicUser.Id); err == nil {
  2132  			t.Log(err)
  2133  			t.Fatal("Should not invite user")
  2134  		}
  2135  
  2136  	})
  2137  }
  2138  
  2139  func TestGetTeamInviteInfo(t *testing.T) {
  2140  	th := Setup().InitBasic()
  2141  	defer th.TearDown()
  2142  	Client := th.Client
  2143  	team := th.BasicTeam
  2144  
  2145  	team, resp := Client.GetTeamInviteInfo(team.InviteId)
  2146  	CheckNoError(t, resp)
  2147  
  2148  	if team.DisplayName == "" {
  2149  		t.Fatal("should not be empty")
  2150  	}
  2151  
  2152  	if team.Email != "" {
  2153  		t.Fatal("should be empty")
  2154  	}
  2155  
  2156  	team.InviteId = "12345678901234567890123456789012"
  2157  	team, resp = th.SystemAdminClient.UpdateTeam(team)
  2158  	CheckNoError(t, resp)
  2159  
  2160  	_, resp = Client.GetTeamInviteInfo(team.InviteId)
  2161  	CheckNoError(t, resp)
  2162  
  2163  	_, resp = Client.GetTeamInviteInfo("junk")
  2164  	CheckNotFoundStatus(t, resp)
  2165  }
  2166  
  2167  func TestSetTeamIcon(t *testing.T) {
  2168  	th := Setup().InitBasic()
  2169  	defer th.TearDown()
  2170  	Client := th.Client
  2171  	team := th.BasicTeam
  2172  
  2173  	data, err := testutils.ReadTestFile("test.png")
  2174  	if err != nil {
  2175  		t.Fatal(err)
  2176  	}
  2177  
  2178  	th.LoginTeamAdmin()
  2179  
  2180  	ok, resp := Client.SetTeamIcon(team.Id, data)
  2181  	if !ok {
  2182  		t.Fatal(resp.Error)
  2183  	}
  2184  	CheckNoError(t, resp)
  2185  
  2186  	ok, resp = Client.SetTeamIcon(model.NewId(), data)
  2187  	if ok {
  2188  		t.Fatal("Should return false, set team icon not allowed")
  2189  	}
  2190  	CheckForbiddenStatus(t, resp)
  2191  
  2192  	th.LoginBasic()
  2193  
  2194  	_, resp = Client.SetTeamIcon(team.Id, data)
  2195  	if resp.StatusCode == http.StatusForbidden {
  2196  		CheckForbiddenStatus(t, resp)
  2197  	} else if resp.StatusCode == http.StatusUnauthorized {
  2198  		CheckUnauthorizedStatus(t, resp)
  2199  	} else {
  2200  		t.Fatal("Should have failed either forbidden or unauthorized")
  2201  	}
  2202  
  2203  	Client.Logout()
  2204  
  2205  	_, resp = Client.SetTeamIcon(team.Id, data)
  2206  	if resp.StatusCode == http.StatusForbidden {
  2207  		CheckForbiddenStatus(t, resp)
  2208  	} else if resp.StatusCode == http.StatusUnauthorized {
  2209  		CheckUnauthorizedStatus(t, resp)
  2210  	} else {
  2211  		t.Fatal("Should have failed either forbidden or unauthorized")
  2212  	}
  2213  
  2214  	teamBefore, err := th.App.GetTeam(team.Id)
  2215  	require.Nil(t, err)
  2216  
  2217  	_, resp = th.SystemAdminClient.SetTeamIcon(team.Id, data)
  2218  	CheckNoError(t, resp)
  2219  
  2220  	teamAfter, err := th.App.GetTeam(team.Id)
  2221  	require.Nil(t, err)
  2222  	assert.True(t, teamBefore.LastTeamIconUpdate < teamAfter.LastTeamIconUpdate, "LastTeamIconUpdate should have been updated for team")
  2223  
  2224  	info := &model.FileInfo{Path: "teams/" + team.Id + "/teamIcon.png"}
  2225  	if err := th.cleanupTestFile(info); err != nil {
  2226  		t.Fatal(err)
  2227  	}
  2228  }
  2229  
  2230  func TestGetTeamIcon(t *testing.T) {
  2231  	th := Setup().InitBasic()
  2232  	defer th.TearDown()
  2233  	Client := th.Client
  2234  	team := th.BasicTeam
  2235  
  2236  	// should always fail because no initial image and no auto creation
  2237  	_, resp := Client.GetTeamIcon(team.Id, "")
  2238  	CheckNotFoundStatus(t, resp)
  2239  
  2240  	Client.Logout()
  2241  
  2242  	_, resp = Client.GetTeamIcon(team.Id, "")
  2243  	CheckUnauthorizedStatus(t, resp)
  2244  }
  2245  
  2246  func TestRemoveTeamIcon(t *testing.T) {
  2247  	th := Setup().InitBasic()
  2248  	defer th.TearDown()
  2249  	Client := th.Client
  2250  	team := th.BasicTeam
  2251  
  2252  	th.LoginTeamAdmin()
  2253  	data, _ := testutils.ReadTestFile("test.png")
  2254  	Client.SetTeamIcon(team.Id, data)
  2255  
  2256  	_, resp := Client.RemoveTeamIcon(team.Id)
  2257  	CheckNoError(t, resp)
  2258  	teamAfter, _ := th.App.GetTeam(team.Id)
  2259  	if teamAfter.LastTeamIconUpdate != 0 {
  2260  		t.Fatal("should update LastTeamIconUpdate to 0")
  2261  	}
  2262  
  2263  	Client.SetTeamIcon(team.Id, data)
  2264  
  2265  	_, resp = th.SystemAdminClient.RemoveTeamIcon(team.Id)
  2266  	CheckNoError(t, resp)
  2267  	teamAfter, _ = th.App.GetTeam(team.Id)
  2268  	if teamAfter.LastTeamIconUpdate != 0 {
  2269  		t.Fatal("should update LastTeamIconUpdate to 0")
  2270  	}
  2271  
  2272  	Client.SetTeamIcon(team.Id, data)
  2273  	Client.Logout()
  2274  
  2275  	_, resp = Client.RemoveTeamIcon(team.Id)
  2276  	CheckUnauthorizedStatus(t, resp)
  2277  
  2278  	th.LoginBasic()
  2279  	_, resp = Client.RemoveTeamIcon(team.Id)
  2280  	CheckForbiddenStatus(t, resp)
  2281  }
  2282  
  2283  func TestUpdateTeamScheme(t *testing.T) {
  2284  	th := Setup().InitBasic()
  2285  	defer th.TearDown()
  2286  
  2287  	th.App.SetLicense(model.NewTestLicense(""))
  2288  
  2289  	th.App.SetPhase2PermissionsMigrationStatus(true)
  2290  
  2291  	team := &model.Team{
  2292  		DisplayName:     "Name",
  2293  		Description:     "Some description",
  2294  		CompanyName:     "Some company name",
  2295  		AllowOpenInvite: false,
  2296  		InviteId:        "inviteid0",
  2297  		Name:            "z-z-" + model.NewId() + "a",
  2298  		Email:           "success+" + model.NewId() + "@simulator.amazonses.com",
  2299  		Type:            model.TEAM_OPEN,
  2300  	}
  2301  	team, _ = th.SystemAdminClient.CreateTeam(team)
  2302  
  2303  	teamScheme := &model.Scheme{
  2304  		DisplayName: "DisplayName",
  2305  		Name:        model.NewId(),
  2306  		Description: "Some description",
  2307  		Scope:       model.SCHEME_SCOPE_TEAM,
  2308  	}
  2309  	teamScheme, _ = th.SystemAdminClient.CreateScheme(teamScheme)
  2310  	channelScheme := &model.Scheme{
  2311  		DisplayName: "DisplayName",
  2312  		Name:        model.NewId(),
  2313  		Description: "Some description",
  2314  		Scope:       model.SCHEME_SCOPE_CHANNEL,
  2315  	}
  2316  	channelScheme, _ = th.SystemAdminClient.CreateScheme(channelScheme)
  2317  
  2318  	// Test the setup/base case.
  2319  	_, resp := th.SystemAdminClient.UpdateTeamScheme(team.Id, teamScheme.Id)
  2320  	CheckNoError(t, resp)
  2321  
  2322  	// Test the return to default scheme
  2323  	_, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, "")
  2324  	CheckNoError(t, resp)
  2325  
  2326  	// Test various invalid team and scheme id combinations.
  2327  	_, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, "x")
  2328  	CheckBadRequestStatus(t, resp)
  2329  	_, resp = th.SystemAdminClient.UpdateTeamScheme("x", teamScheme.Id)
  2330  	CheckBadRequestStatus(t, resp)
  2331  	_, resp = th.SystemAdminClient.UpdateTeamScheme("x", "x")
  2332  	CheckBadRequestStatus(t, resp)
  2333  
  2334  	// Test that permissions are required.
  2335  	_, resp = th.Client.UpdateTeamScheme(team.Id, teamScheme.Id)
  2336  	CheckForbiddenStatus(t, resp)
  2337  
  2338  	// Test that a license is requried.
  2339  	th.App.SetLicense(nil)
  2340  	_, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, teamScheme.Id)
  2341  	CheckNotImplementedStatus(t, resp)
  2342  	th.App.SetLicense(model.NewTestLicense(""))
  2343  
  2344  	// Test an invalid scheme scope.
  2345  	_, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, channelScheme.Id)
  2346  	CheckBadRequestStatus(t, resp)
  2347  
  2348  	// Test that an unauthenticated user gets rejected.
  2349  	th.SystemAdminClient.Logout()
  2350  	_, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, teamScheme.Id)
  2351  	CheckUnauthorizedStatus(t, resp)
  2352  }