github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/user_test.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "fmt" 8 "net/http" 9 "regexp" 10 "strconv" 11 "strings" 12 "testing" 13 "time" 14 15 "github.com/dgryski/dgoogauth" 16 17 "github.com/mattermost/mattermost-server/app" 18 "github.com/mattermost/mattermost-server/model" 19 "github.com/mattermost/mattermost-server/services/mailservice" 20 "github.com/mattermost/mattermost-server/store" 21 "github.com/mattermost/mattermost-server/utils/testutils" 22 "github.com/stretchr/testify/assert" 23 "github.com/stretchr/testify/require" 24 ) 25 26 func TestCreateUser(t *testing.T) { 27 th := Setup().InitBasic() 28 defer th.TearDown() 29 30 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 31 32 ruser, resp := th.Client.CreateUser(&user) 33 CheckNoError(t, resp) 34 CheckCreatedStatus(t, resp) 35 36 _, _ = th.Client.Login(user.Email, user.Password) 37 38 if ruser.Nickname != user.Nickname { 39 t.Fatal("nickname didn't match") 40 } 41 42 if ruser.Roles != model.SYSTEM_USER_ROLE_ID { 43 t.Log(ruser.Roles) 44 t.Fatal("did not clear roles") 45 } 46 47 CheckUserSanitization(t, ruser) 48 49 _, resp = th.Client.CreateUser(ruser) 50 CheckBadRequestStatus(t, resp) 51 52 ruser.Id = "" 53 ruser.Username = GenerateTestUsername() 54 ruser.Password = "passwd1" 55 _, resp = th.Client.CreateUser(ruser) 56 CheckErrorMessage(t, resp, "store.sql_user.save.email_exists.app_error") 57 CheckBadRequestStatus(t, resp) 58 59 ruser.Email = th.GenerateTestEmail() 60 ruser.Username = user.Username 61 _, resp = th.Client.CreateUser(ruser) 62 CheckErrorMessage(t, resp, "store.sql_user.save.username_exists.app_error") 63 CheckBadRequestStatus(t, resp) 64 65 ruser.Email = "" 66 _, resp = th.Client.CreateUser(ruser) 67 CheckErrorMessage(t, resp, "model.user.is_valid.email.app_error") 68 CheckBadRequestStatus(t, resp) 69 70 ruser.Username = "testinvalid+++" 71 _, resp = th.Client.CreateUser(ruser) 72 CheckErrorMessage(t, resp, "model.user.is_valid.username.app_error") 73 CheckBadRequestStatus(t, resp) 74 75 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableOpenServer = false }) 76 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableUserCreation = false }) 77 78 user2 := &model.User{Email: th.GenerateTestEmail(), Password: "Password1", Username: GenerateTestUsername()} 79 _, resp = th.SystemAdminClient.CreateUser(user2) 80 CheckNoError(t, resp) 81 82 r, err := th.Client.DoApiPost("/users", "garbage") 83 require.NotNil(t, err, "should have errored") 84 assert.Equal(t, http.StatusBadRequest, r.StatusCode) 85 } 86 87 func TestCreateUserWithToken(t *testing.T) { 88 th := Setup().InitBasic() 89 defer th.TearDown() 90 91 t.Run("CreateWithTokenHappyPath", func(t *testing.T) { 92 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 93 token := model.NewToken( 94 app.TOKEN_TYPE_TEAM_INVITATION, 95 model.MapToJson(map[string]string{"teamId": th.BasicTeam.Id, "email": user.Email}), 96 ) 97 <-th.App.Srv.Store.Token().Save(token) 98 99 ruser, resp := th.Client.CreateUserWithToken(&user, token.Token) 100 CheckNoError(t, resp) 101 CheckCreatedStatus(t, resp) 102 103 th.Client.Login(user.Email, user.Password) 104 if ruser.Nickname != user.Nickname { 105 t.Fatal("nickname didn't match") 106 } 107 if ruser.Roles != model.SYSTEM_USER_ROLE_ID { 108 t.Log(ruser.Roles) 109 t.Fatal("did not clear roles") 110 } 111 CheckUserSanitization(t, ruser) 112 if result := <-th.App.Srv.Store.Token().GetByToken(token.Token); result.Err == nil { 113 t.Fatal("The token must be deleted after be used") 114 } 115 116 if result := <-th.App.Srv.Store.Token().GetByToken(token.Token); result.Err == nil { 117 t.Fatal("The token must be deleted after be used") 118 } 119 120 if teams, err := th.App.GetTeamsForUser(ruser.Id); err != nil || len(teams) == 0 { 121 t.Fatal("The user must have teams") 122 } else if teams[0].Id != th.BasicTeam.Id { 123 t.Fatal("The user joined team must be the team provided.") 124 } 125 }) 126 127 t.Run("NoToken", func(t *testing.T) { 128 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 129 token := model.NewToken( 130 app.TOKEN_TYPE_TEAM_INVITATION, 131 model.MapToJson(map[string]string{"teamId": th.BasicTeam.Id, "email": user.Email}), 132 ) 133 <-th.App.Srv.Store.Token().Save(token) 134 defer th.App.DeleteToken(token) 135 136 _, resp := th.Client.CreateUserWithToken(&user, "") 137 CheckBadRequestStatus(t, resp) 138 CheckErrorMessage(t, resp, "api.user.create_user.missing_token.app_error") 139 }) 140 141 t.Run("TokenExpired", func(t *testing.T) { 142 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 143 timeNow := time.Now() 144 past49Hours := timeNow.Add(-49*time.Hour).UnixNano() / int64(time.Millisecond) 145 token := model.NewToken( 146 app.TOKEN_TYPE_TEAM_INVITATION, 147 model.MapToJson(map[string]string{"teamId": th.BasicTeam.Id, "email": user.Email}), 148 ) 149 token.CreateAt = past49Hours 150 <-th.App.Srv.Store.Token().Save(token) 151 defer th.App.DeleteToken(token) 152 153 _, resp := th.Client.CreateUserWithToken(&user, token.Token) 154 CheckBadRequestStatus(t, resp) 155 CheckErrorMessage(t, resp, "api.user.create_user.signup_link_expired.app_error") 156 }) 157 158 t.Run("WrongToken", func(t *testing.T) { 159 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 160 161 _, resp := th.Client.CreateUserWithToken(&user, "wrong") 162 CheckBadRequestStatus(t, resp) 163 CheckErrorMessage(t, resp, "api.user.create_user.signup_link_invalid.app_error") 164 }) 165 166 t.Run("EnableUserCreationDisable", func(t *testing.T) { 167 168 enableUserCreation := th.App.Config().TeamSettings.EnableUserCreation 169 defer func() { 170 th.App.UpdateConfig(func(cfg *model.Config) { cfg.TeamSettings.EnableUserCreation = enableUserCreation }) 171 }() 172 173 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 174 175 token := model.NewToken( 176 app.TOKEN_TYPE_TEAM_INVITATION, 177 model.MapToJson(map[string]string{"teamId": th.BasicTeam.Id, "email": user.Email}), 178 ) 179 <-th.App.Srv.Store.Token().Save(token) 180 defer th.App.DeleteToken(token) 181 182 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableUserCreation = false }) 183 184 _, resp := th.Client.CreateUserWithToken(&user, token.Token) 185 CheckNotImplementedStatus(t, resp) 186 CheckErrorMessage(t, resp, "api.user.create_user.signup_email_disabled.app_error") 187 188 }) 189 190 t.Run("EnableOpenServerDisable", func(t *testing.T) { 191 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 192 193 token := model.NewToken( 194 app.TOKEN_TYPE_TEAM_INVITATION, 195 model.MapToJson(map[string]string{"teamId": th.BasicTeam.Id, "email": user.Email}), 196 ) 197 <-th.App.Srv.Store.Token().Save(token) 198 199 enableOpenServer := th.App.Config().TeamSettings.EnableOpenServer 200 defer func() { 201 th.App.UpdateConfig(func(cfg *model.Config) { cfg.TeamSettings.EnableOpenServer = enableOpenServer }) 202 }() 203 204 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableOpenServer = false }) 205 206 ruser, resp := th.Client.CreateUserWithToken(&user, token.Token) 207 CheckNoError(t, resp) 208 CheckCreatedStatus(t, resp) 209 210 th.Client.Login(user.Email, user.Password) 211 if ruser.Nickname != user.Nickname { 212 t.Fatal("nickname didn't match") 213 } 214 if ruser.Roles != model.SYSTEM_USER_ROLE_ID { 215 t.Log(ruser.Roles) 216 t.Fatal("did not clear roles") 217 } 218 CheckUserSanitization(t, ruser) 219 if result := <-th.App.Srv.Store.Token().GetByToken(token.Token); result.Err == nil { 220 t.Fatal("The token must be deleted after be used") 221 } 222 }) 223 } 224 225 func TestCreateUserWithInviteId(t *testing.T) { 226 th := Setup().InitBasic() 227 defer th.TearDown() 228 229 t.Run("CreateWithInviteIdHappyPath", func(t *testing.T) { 230 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 231 232 inviteId := th.BasicTeam.InviteId 233 234 ruser, resp := th.Client.CreateUserWithInviteId(&user, inviteId) 235 CheckNoError(t, resp) 236 CheckCreatedStatus(t, resp) 237 238 th.Client.Login(user.Email, user.Password) 239 if ruser.Nickname != user.Nickname { 240 t.Fatal("nickname didn't match") 241 } 242 if ruser.Roles != model.SYSTEM_USER_ROLE_ID { 243 t.Log(ruser.Roles) 244 t.Fatal("did not clear roles") 245 } 246 CheckUserSanitization(t, ruser) 247 }) 248 249 t.Run("WrongInviteId", func(t *testing.T) { 250 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 251 252 inviteId := model.NewId() 253 254 _, resp := th.Client.CreateUserWithInviteId(&user, inviteId) 255 CheckNotFoundStatus(t, resp) 256 CheckErrorMessage(t, resp, "store.sql_team.get_by_invite_id.finding.app_error") 257 }) 258 259 t.Run("NoInviteId", func(t *testing.T) { 260 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 261 262 _, resp := th.Client.CreateUserWithInviteId(&user, "") 263 CheckBadRequestStatus(t, resp) 264 CheckErrorMessage(t, resp, "api.user.create_user.missing_invite_id.app_error") 265 }) 266 267 t.Run("ExpiredInviteId", func(t *testing.T) { 268 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 269 270 inviteId := th.BasicTeam.InviteId 271 272 _, resp := th.SystemAdminClient.RegenerateTeamInviteId(th.BasicTeam.Id) 273 CheckNoError(t, resp) 274 275 _, resp = th.Client.CreateUserWithInviteId(&user, inviteId) 276 CheckNotFoundStatus(t, resp) 277 CheckErrorMessage(t, resp, "store.sql_team.get_by_invite_id.finding.app_error") 278 }) 279 280 t.Run("EnableUserCreationDisable", func(t *testing.T) { 281 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 282 283 enableUserCreation := th.App.Config().TeamSettings.EnableUserCreation 284 defer func() { 285 th.App.UpdateConfig(func(cfg *model.Config) { cfg.TeamSettings.EnableUserCreation = enableUserCreation }) 286 }() 287 288 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableUserCreation = false }) 289 290 inviteId := th.BasicTeam.InviteId 291 292 _, resp := th.Client.CreateUserWithInviteId(&user, inviteId) 293 CheckNotImplementedStatus(t, resp) 294 CheckErrorMessage(t, resp, "api.user.create_user.signup_email_disabled.app_error") 295 }) 296 297 t.Run("EnableOpenServerDisable", func(t *testing.T) { 298 user := model.User{Email: th.GenerateTestEmail(), Nickname: "Corey Hulen", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 299 300 enableOpenServer := th.App.Config().TeamSettings.EnableOpenServer 301 defer func() { 302 th.App.UpdateConfig(func(cfg *model.Config) { cfg.TeamSettings.EnableOpenServer = enableOpenServer }) 303 }() 304 305 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableOpenServer = false }) 306 307 team, res := th.SystemAdminClient.RegenerateTeamInviteId(th.BasicTeam.Id) 308 assert.Nil(t, res.Error) 309 inviteId := team.InviteId 310 311 ruser, resp := th.Client.CreateUserWithInviteId(&user, inviteId) 312 CheckNoError(t, resp) 313 CheckCreatedStatus(t, resp) 314 315 th.Client.Login(user.Email, user.Password) 316 if ruser.Nickname != user.Nickname { 317 t.Fatal("nickname didn't match") 318 } 319 if ruser.Roles != model.SYSTEM_USER_ROLE_ID { 320 t.Log(ruser.Roles) 321 t.Fatal("did not clear roles") 322 } 323 CheckUserSanitization(t, ruser) 324 }) 325 326 } 327 328 func TestGetMe(t *testing.T) { 329 th := Setup().InitBasic() 330 defer th.TearDown() 331 332 ruser, resp := th.Client.GetMe("") 333 CheckNoError(t, resp) 334 335 if ruser.Id != th.BasicUser.Id { 336 t.Fatal("wrong user") 337 } 338 339 th.Client.Logout() 340 _, resp = th.Client.GetMe("") 341 CheckUnauthorizedStatus(t, resp) 342 } 343 344 func TestGetUser(t *testing.T) { 345 th := Setup().InitBasic() 346 defer th.TearDown() 347 348 user := th.CreateUser() 349 user.Props = map[string]string{"testpropkey": "testpropvalue"} 350 351 th.App.UpdateUser(user, false) 352 353 ruser, resp := th.Client.GetUser(user.Id, "") 354 CheckNoError(t, resp) 355 CheckUserSanitization(t, ruser) 356 357 if ruser.Email != user.Email { 358 t.Fatal("emails did not match") 359 } 360 361 assert.NotNil(t, ruser.Props) 362 assert.Equal(t, ruser.Props["testpropkey"], "testpropvalue") 363 require.False(t, ruser.IsBot) 364 365 ruser, resp = th.Client.GetUser(user.Id, resp.Etag) 366 CheckEtag(t, ruser, resp) 367 368 _, resp = th.Client.GetUser("junk", "") 369 CheckBadRequestStatus(t, resp) 370 371 _, resp = th.Client.GetUser(model.NewId(), "") 372 CheckNotFoundStatus(t, resp) 373 374 // Check against privacy config settings 375 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.PrivacySettings.ShowEmailAddress = false }) 376 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.PrivacySettings.ShowFullName = false }) 377 378 ruser, resp = th.Client.GetUser(user.Id, "") 379 CheckNoError(t, resp) 380 381 if ruser.Email != "" { 382 t.Fatal("email should be blank") 383 } 384 if ruser.FirstName != "" { 385 t.Fatal("first name should be blank") 386 } 387 if ruser.LastName != "" { 388 t.Fatal("last name should be blank") 389 } 390 391 th.Client.Logout() 392 _, resp = th.Client.GetUser(user.Id, "") 393 CheckUnauthorizedStatus(t, resp) 394 395 // System admins should ignore privacy settings 396 ruser, _ = th.SystemAdminClient.GetUser(user.Id, resp.Etag) 397 if ruser.Email == "" { 398 t.Fatal("email should not be blank") 399 } 400 if ruser.FirstName == "" { 401 t.Fatal("first name should not be blank") 402 } 403 if ruser.LastName == "" { 404 t.Fatal("last name should not be blank") 405 } 406 } 407 408 func TestGetUserWithAcceptedTermsOfServiceForOtherUser(t *testing.T) { 409 th := Setup().InitBasic() 410 defer th.TearDown() 411 412 user := th.CreateUser() 413 414 tos, _ := th.App.CreateTermsOfService("Dummy TOS", user.Id) 415 416 th.App.UpdateUser(user, false) 417 418 ruser, resp := th.Client.GetUser(user.Id, "") 419 CheckNoError(t, resp) 420 CheckUserSanitization(t, ruser) 421 422 if ruser.Email != user.Email { 423 t.Fatal("emails did not match") 424 } 425 426 assert.Empty(t, ruser.TermsOfServiceId) 427 428 th.App.SaveUserTermsOfService(user.Id, tos.Id, true) 429 430 ruser, resp = th.Client.GetUser(user.Id, "") 431 CheckNoError(t, resp) 432 CheckUserSanitization(t, ruser) 433 434 if ruser.Email != user.Email { 435 t.Fatal("emails did not match") 436 } 437 438 // user TOS data cannot be fetched for other users by non-admin users 439 assert.Empty(t, ruser.TermsOfServiceId) 440 } 441 442 func TestGetUserWithAcceptedTermsOfService(t *testing.T) { 443 th := Setup().InitBasic() 444 defer th.TearDown() 445 446 user := th.BasicUser 447 448 tos, _ := th.App.CreateTermsOfService("Dummy TOS", user.Id) 449 450 ruser, resp := th.Client.GetUser(user.Id, "") 451 CheckNoError(t, resp) 452 CheckUserSanitization(t, ruser) 453 454 if ruser.Email != user.Email { 455 t.Fatal("emails did not match") 456 } 457 458 assert.Empty(t, ruser.TermsOfServiceId) 459 460 th.App.SaveUserTermsOfService(user.Id, tos.Id, true) 461 462 ruser, resp = th.Client.GetUser(user.Id, "") 463 CheckNoError(t, resp) 464 CheckUserSanitization(t, ruser) 465 466 if ruser.Email != user.Email { 467 t.Fatal("emails did not match") 468 } 469 470 // a user can view their own TOS details 471 assert.Equal(t, tos.Id, ruser.TermsOfServiceId) 472 } 473 474 func TestGetUserWithAcceptedTermsOfServiceWithAdminUser(t *testing.T) { 475 th := Setup().InitBasic() 476 th.LoginSystemAdmin() 477 defer th.TearDown() 478 479 user := th.BasicUser 480 481 tos, _ := th.App.CreateTermsOfService("Dummy TOS", user.Id) 482 483 ruser, resp := th.SystemAdminClient.GetUser(user.Id, "") 484 CheckNoError(t, resp) 485 CheckUserSanitization(t, ruser) 486 487 if ruser.Email != user.Email { 488 t.Fatal("emails did not match") 489 } 490 491 assert.Empty(t, ruser.TermsOfServiceId) 492 493 th.App.SaveUserTermsOfService(user.Id, tos.Id, true) 494 495 ruser, resp = th.SystemAdminClient.GetUser(user.Id, "") 496 CheckNoError(t, resp) 497 CheckUserSanitization(t, ruser) 498 499 if ruser.Email != user.Email { 500 t.Fatal("emails did not match") 501 } 502 503 // admin can view anyone's TOS details 504 assert.Equal(t, tos.Id, ruser.TermsOfServiceId) 505 } 506 507 func TestGetBotUser(t *testing.T) { 508 th := Setup().InitBasic() 509 defer th.TearDown() 510 511 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 512 513 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 514 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 515 516 bot := &model.Bot{ 517 Username: GenerateTestUsername(), 518 DisplayName: "a bot", 519 Description: "bot", 520 } 521 522 createdBot, resp := th.Client.CreateBot(bot) 523 CheckCreatedStatus(t, resp) 524 defer th.App.PermanentDeleteBot(createdBot.UserId) 525 526 botUser, resp := th.Client.GetUser(createdBot.UserId, "") 527 require.Equal(t, bot.Username, botUser.Username) 528 require.True(t, botUser.IsBot) 529 } 530 531 func TestGetUserByUsername(t *testing.T) { 532 th := Setup().InitBasic() 533 defer th.TearDown() 534 535 user := th.BasicUser 536 537 ruser, resp := th.Client.GetUserByUsername(user.Username, "") 538 CheckNoError(t, resp) 539 CheckUserSanitization(t, ruser) 540 541 if ruser.Email != user.Email { 542 t.Fatal("emails did not match") 543 } 544 545 ruser, resp = th.Client.GetUserByUsername(user.Username, resp.Etag) 546 CheckEtag(t, ruser, resp) 547 548 _, resp = th.Client.GetUserByUsername(GenerateTestUsername(), "") 549 CheckNotFoundStatus(t, resp) 550 551 // Check against privacy config settings 552 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.PrivacySettings.ShowEmailAddress = false }) 553 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.PrivacySettings.ShowFullName = false }) 554 555 ruser, resp = th.Client.GetUserByUsername(th.BasicUser2.Username, "") 556 CheckNoError(t, resp) 557 558 if ruser.Email != "" { 559 t.Fatal("email should be blank") 560 } 561 if ruser.FirstName != "" { 562 t.Fatal("first name should be blank") 563 } 564 if ruser.LastName != "" { 565 t.Fatal("last name should be blank") 566 } 567 568 ruser, resp = th.Client.GetUserByUsername(th.BasicUser.Username, "") 569 CheckNoError(t, resp) 570 if len(ruser.NotifyProps) == 0 { 571 t.Fatal("notify props should be sent") 572 } 573 574 th.Client.Logout() 575 _, resp = th.Client.GetUserByUsername(user.Username, "") 576 CheckUnauthorizedStatus(t, resp) 577 578 // System admins should ignore privacy settings 579 ruser, _ = th.SystemAdminClient.GetUserByUsername(user.Username, resp.Etag) 580 if ruser.Email == "" { 581 t.Fatal("email should not be blank") 582 } 583 if ruser.FirstName == "" { 584 t.Fatal("first name should not be blank") 585 } 586 if ruser.LastName == "" { 587 t.Fatal("last name should not be blank") 588 } 589 } 590 591 func TestGetUserByUsernameWithAcceptedTermsOfService(t *testing.T) { 592 th := Setup().InitBasic() 593 defer th.TearDown() 594 595 user := th.BasicUser 596 597 ruser, resp := th.Client.GetUserByUsername(user.Username, "") 598 CheckNoError(t, resp) 599 CheckUserSanitization(t, ruser) 600 601 if ruser.Email != user.Email { 602 t.Fatal("emails did not match") 603 } 604 605 tos, _ := th.App.CreateTermsOfService("Dummy TOS", user.Id) 606 th.App.SaveUserTermsOfService(ruser.Id, tos.Id, true) 607 608 ruser, resp = th.Client.GetUserByUsername(user.Username, "") 609 CheckNoError(t, resp) 610 CheckUserSanitization(t, ruser) 611 612 if ruser.Email != user.Email { 613 t.Fatal("emails did not match") 614 } 615 616 if ruser.TermsOfServiceId != tos.Id { 617 t.Fatal("Terms of service ID didn't match") 618 } 619 } 620 621 func TestGetUserByEmail(t *testing.T) { 622 th := Setup().InitBasic() 623 defer th.TearDown() 624 625 user := th.CreateUser() 626 627 th.App.UpdateConfig(func(cfg *model.Config) { 628 *cfg.PrivacySettings.ShowEmailAddress = true 629 *cfg.PrivacySettings.ShowFullName = true 630 }) 631 632 t.Run("should be able to get another user by email", func(t *testing.T) { 633 ruser, resp := th.Client.GetUserByEmail(user.Email, "") 634 CheckNoError(t, resp) 635 CheckUserSanitization(t, ruser) 636 637 if ruser.Email != user.Email { 638 t.Fatal("emails did not match") 639 } 640 }) 641 642 t.Run("should return not modified when provided with a matching etag", func(t *testing.T) { 643 _, resp := th.Client.GetUserByEmail(user.Email, "") 644 CheckNoError(t, resp) 645 646 ruser, resp := th.Client.GetUserByEmail(user.Email, resp.Etag) 647 CheckEtag(t, ruser, resp) 648 }) 649 650 t.Run("should return bad request when given an invalid email", func(t *testing.T) { 651 _, resp := th.Client.GetUserByEmail(GenerateTestUsername(), "") 652 CheckBadRequestStatus(t, resp) 653 }) 654 655 t.Run("should return 404 when given a non-existent email", func(t *testing.T) { 656 _, resp := th.Client.GetUserByEmail(th.GenerateTestEmail(), "") 657 CheckNotFoundStatus(t, resp) 658 }) 659 660 t.Run("should sanitize full name for non-admin based on privacy settings", func(t *testing.T) { 661 th.App.UpdateConfig(func(cfg *model.Config) { 662 *cfg.PrivacySettings.ShowEmailAddress = true 663 *cfg.PrivacySettings.ShowFullName = false 664 }) 665 666 ruser, resp := th.Client.GetUserByEmail(user.Email, "") 667 CheckNoError(t, resp) 668 assert.Equal(t, "", ruser.FirstName, "first name should be blank") 669 assert.Equal(t, "", ruser.LastName, "last name should be blank") 670 671 th.App.UpdateConfig(func(cfg *model.Config) { 672 *cfg.PrivacySettings.ShowFullName = true 673 }) 674 675 ruser, resp = th.Client.GetUserByEmail(user.Email, "") 676 CheckNoError(t, resp) 677 assert.NotEqual(t, "", ruser.FirstName, "first name should be set") 678 assert.NotEqual(t, "", ruser.LastName, "last name should be set") 679 }) 680 681 t.Run("should not sanitize full name for admin, regardless of privacy settings", func(t *testing.T) { 682 th.App.UpdateConfig(func(cfg *model.Config) { 683 *cfg.PrivacySettings.ShowEmailAddress = true 684 *cfg.PrivacySettings.ShowFullName = false 685 }) 686 687 ruser, resp := th.SystemAdminClient.GetUserByEmail(user.Email, "") 688 CheckNoError(t, resp) 689 assert.NotEqual(t, "", ruser.FirstName, "first name should be set") 690 assert.NotEqual(t, "", ruser.LastName, "last name should be set") 691 692 th.App.UpdateConfig(func(cfg *model.Config) { 693 *cfg.PrivacySettings.ShowFullName = true 694 }) 695 696 ruser, resp = th.SystemAdminClient.GetUserByEmail(user.Email, "") 697 CheckNoError(t, resp) 698 assert.NotEqual(t, "", ruser.FirstName, "first name should be set") 699 assert.NotEqual(t, "", ruser.LastName, "last name should be set") 700 }) 701 702 t.Run("should return forbidden for non-admin when privacy settings hide email", func(t *testing.T) { 703 th.App.UpdateConfig(func(cfg *model.Config) { 704 *cfg.PrivacySettings.ShowEmailAddress = false 705 }) 706 707 _, resp := th.Client.GetUserByEmail(user.Email, "") 708 CheckForbiddenStatus(t, resp) 709 710 th.App.UpdateConfig(func(cfg *model.Config) { 711 *cfg.PrivacySettings.ShowEmailAddress = true 712 }) 713 714 ruser, resp := th.Client.GetUserByEmail(user.Email, "") 715 CheckNoError(t, resp) 716 assert.Equal(t, user.Email, ruser.Email, "email should be set") 717 }) 718 719 t.Run("should always return email for admin, regardless of privacy settings", func(t *testing.T) { 720 th.App.UpdateConfig(func(cfg *model.Config) { 721 *cfg.PrivacySettings.ShowEmailAddress = false 722 }) 723 724 ruser, resp := th.SystemAdminClient.GetUserByEmail(user.Email, "") 725 CheckNoError(t, resp) 726 assert.Equal(t, user.Email, ruser.Email, "email should be set") 727 728 th.App.UpdateConfig(func(cfg *model.Config) { 729 *cfg.PrivacySettings.ShowEmailAddress = true 730 }) 731 732 ruser, resp = th.SystemAdminClient.GetUserByEmail(user.Email, "") 733 CheckNoError(t, resp) 734 assert.Equal(t, user.Email, ruser.Email, "email should be set") 735 }) 736 } 737 738 func TestSearchUsers(t *testing.T) { 739 th := Setup().InitBasic() 740 defer th.TearDown() 741 742 search := &model.UserSearch{Term: th.BasicUser.Username} 743 744 users, resp := th.Client.SearchUsers(search) 745 CheckNoError(t, resp) 746 747 if !findUserInList(th.BasicUser.Id, users) { 748 t.Fatal("should have found user") 749 } 750 751 _, err := th.App.UpdateActive(th.BasicUser2, false) 752 if err != nil { 753 t.Fatal(err) 754 } 755 756 search.Term = th.BasicUser2.Username 757 search.AllowInactive = false 758 759 users, resp = th.Client.SearchUsers(search) 760 CheckNoError(t, resp) 761 762 if findUserInList(th.BasicUser2.Id, users) { 763 t.Fatal("should not have found user") 764 } 765 766 search.AllowInactive = true 767 768 users, resp = th.Client.SearchUsers(search) 769 CheckNoError(t, resp) 770 771 if !findUserInList(th.BasicUser2.Id, users) { 772 t.Fatal("should have found user") 773 } 774 775 search.Term = th.BasicUser.Username 776 search.AllowInactive = false 777 search.TeamId = th.BasicTeam.Id 778 779 users, resp = th.Client.SearchUsers(search) 780 CheckNoError(t, resp) 781 782 if !findUserInList(th.BasicUser.Id, users) { 783 t.Fatal("should have found user") 784 } 785 786 search.NotInChannelId = th.BasicChannel.Id 787 788 users, resp = th.Client.SearchUsers(search) 789 CheckNoError(t, resp) 790 791 if findUserInList(th.BasicUser.Id, users) { 792 t.Fatal("should not have found user") 793 } 794 795 search.TeamId = "" 796 search.NotInChannelId = "" 797 search.InChannelId = th.BasicChannel.Id 798 799 users, resp = th.Client.SearchUsers(search) 800 CheckNoError(t, resp) 801 802 if !findUserInList(th.BasicUser.Id, users) { 803 t.Fatal("should have found user") 804 } 805 806 search.InChannelId = "" 807 search.NotInChannelId = th.BasicChannel.Id 808 _, resp = th.Client.SearchUsers(search) 809 CheckBadRequestStatus(t, resp) 810 811 search.NotInChannelId = model.NewId() 812 search.TeamId = model.NewId() 813 _, resp = th.Client.SearchUsers(search) 814 CheckForbiddenStatus(t, resp) 815 816 search.NotInChannelId = "" 817 search.TeamId = model.NewId() 818 _, resp = th.Client.SearchUsers(search) 819 CheckForbiddenStatus(t, resp) 820 821 search.InChannelId = model.NewId() 822 search.TeamId = "" 823 _, resp = th.Client.SearchUsers(search) 824 CheckForbiddenStatus(t, resp) 825 826 // Test search for users not in any team 827 search.TeamId = "" 828 search.NotInChannelId = "" 829 search.InChannelId = "" 830 search.NotInTeamId = th.BasicTeam.Id 831 832 users, resp = th.Client.SearchUsers(search) 833 CheckNoError(t, resp) 834 835 if findUserInList(th.BasicUser.Id, users) { 836 t.Fatal("should not have found user") 837 } 838 839 oddUser := th.CreateUser() 840 search.Term = oddUser.Username 841 842 users, resp = th.Client.SearchUsers(search) 843 CheckNoError(t, resp) 844 845 if !findUserInList(oddUser.Id, users) { 846 t.Fatal("should have found user") 847 } 848 849 _, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, oddUser.Id) 850 CheckNoError(t, resp) 851 852 users, resp = th.Client.SearchUsers(search) 853 CheckNoError(t, resp) 854 855 if findUserInList(oddUser.Id, users) { 856 t.Fatal("should not have found user") 857 } 858 859 search.NotInTeamId = model.NewId() 860 _, resp = th.Client.SearchUsers(search) 861 CheckForbiddenStatus(t, resp) 862 863 search.Term = th.BasicUser.Username 864 865 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.PrivacySettings.ShowEmailAddress = false }) 866 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.PrivacySettings.ShowFullName = false }) 867 868 _, err = th.App.UpdateActive(th.BasicUser2, true) 869 if err != nil { 870 t.Fatal(err) 871 } 872 873 search.InChannelId = "" 874 search.NotInTeamId = "" 875 search.Term = th.BasicUser2.Email 876 users, resp = th.Client.SearchUsers(search) 877 CheckNoError(t, resp) 878 879 if findUserInList(th.BasicUser2.Id, users) { 880 t.Fatal("should not have found user") 881 } 882 883 search.Term = th.BasicUser2.FirstName 884 users, resp = th.Client.SearchUsers(search) 885 CheckNoError(t, resp) 886 887 if findUserInList(th.BasicUser2.Id, users) { 888 t.Fatal("should not have found user") 889 } 890 891 search.Term = th.BasicUser2.LastName 892 users, resp = th.Client.SearchUsers(search) 893 CheckNoError(t, resp) 894 895 if findUserInList(th.BasicUser2.Id, users) { 896 t.Fatal("should not have found user") 897 } 898 899 search.Term = th.BasicUser.FirstName 900 search.InChannelId = th.BasicChannel.Id 901 search.NotInChannelId = th.BasicChannel.Id 902 search.TeamId = th.BasicTeam.Id 903 users, resp = th.SystemAdminClient.SearchUsers(search) 904 CheckNoError(t, resp) 905 906 if !findUserInList(th.BasicUser.Id, users) { 907 t.Fatal("should have found user") 908 } 909 } 910 911 func findUserInList(id string, users []*model.User) bool { 912 for _, user := range users { 913 if user.Id == id { 914 return true 915 } 916 } 917 return false 918 } 919 920 func TestAutocompleteUsers(t *testing.T) { 921 th := Setup().InitBasic() 922 defer th.TearDown() 923 teamId := th.BasicTeam.Id 924 channelId := th.BasicChannel.Id 925 username := th.BasicUser.Username 926 927 rusers, resp := th.Client.AutocompleteUsersInChannel(teamId, channelId, username, model.USER_SEARCH_DEFAULT_LIMIT, "") 928 CheckNoError(t, resp) 929 930 if len(rusers.Users) != 1 { 931 t.Fatal("should have returned 1 user") 932 } 933 934 rusers, resp = th.Client.AutocompleteUsersInChannel(teamId, channelId, "amazonses", model.USER_SEARCH_DEFAULT_LIMIT, "") 935 CheckNoError(t, resp) 936 if len(rusers.Users) != 0 { 937 t.Fatal("should have returned 0 users") 938 } 939 940 rusers, resp = th.Client.AutocompleteUsersInChannel(teamId, channelId, "", model.USER_SEARCH_DEFAULT_LIMIT, "") 941 CheckNoError(t, resp) 942 if len(rusers.Users) < 2 { 943 t.Fatal("should have many users") 944 } 945 946 rusers, resp = th.Client.AutocompleteUsersInChannel("", channelId, "", model.USER_SEARCH_DEFAULT_LIMIT, "") 947 CheckNoError(t, resp) 948 if len(rusers.Users) < 2 { 949 t.Fatal("should have many users") 950 } 951 952 rusers, resp = th.Client.AutocompleteUsersInTeam(teamId, username, model.USER_SEARCH_DEFAULT_LIMIT, "") 953 CheckNoError(t, resp) 954 955 if len(rusers.Users) != 1 { 956 t.Fatal("should have returned 1 user") 957 } 958 959 rusers, resp = th.Client.AutocompleteUsers(username, model.USER_SEARCH_DEFAULT_LIMIT, "") 960 CheckNoError(t, resp) 961 962 if len(rusers.Users) != 1 { 963 t.Fatal("should have returned 1 users") 964 } 965 966 rusers, resp = th.Client.AutocompleteUsers("", model.USER_SEARCH_DEFAULT_LIMIT, "") 967 CheckNoError(t, resp) 968 969 if len(rusers.Users) < 2 { 970 t.Fatal("should have returned many users") 971 } 972 973 rusers, resp = th.Client.AutocompleteUsersInTeam(teamId, "amazonses", model.USER_SEARCH_DEFAULT_LIMIT, "") 974 CheckNoError(t, resp) 975 if len(rusers.Users) != 0 { 976 t.Fatal("should have returned 0 users") 977 } 978 979 rusers, resp = th.Client.AutocompleteUsersInTeam(teamId, "", model.USER_SEARCH_DEFAULT_LIMIT, "") 980 CheckNoError(t, resp) 981 if len(rusers.Users) < 2 { 982 t.Fatal("should have many users") 983 } 984 985 th.Client.Logout() 986 _, resp = th.Client.AutocompleteUsersInChannel(teamId, channelId, username, model.USER_SEARCH_DEFAULT_LIMIT, "") 987 CheckUnauthorizedStatus(t, resp) 988 989 _, resp = th.Client.AutocompleteUsersInTeam(teamId, username, model.USER_SEARCH_DEFAULT_LIMIT, "") 990 CheckUnauthorizedStatus(t, resp) 991 992 _, resp = th.Client.AutocompleteUsers(username, model.USER_SEARCH_DEFAULT_LIMIT, "") 993 CheckUnauthorizedStatus(t, resp) 994 995 user := th.CreateUser() 996 th.Client.Login(user.Email, user.Password) 997 _, resp = th.Client.AutocompleteUsersInChannel(teamId, channelId, username, model.USER_SEARCH_DEFAULT_LIMIT, "") 998 CheckForbiddenStatus(t, resp) 999 1000 _, resp = th.Client.AutocompleteUsersInTeam(teamId, username, model.USER_SEARCH_DEFAULT_LIMIT, "") 1001 CheckForbiddenStatus(t, resp) 1002 1003 _, resp = th.Client.AutocompleteUsers(username, model.USER_SEARCH_DEFAULT_LIMIT, "") 1004 CheckNoError(t, resp) 1005 1006 _, resp = th.SystemAdminClient.AutocompleteUsersInChannel(teamId, channelId, username, model.USER_SEARCH_DEFAULT_LIMIT, "") 1007 CheckNoError(t, resp) 1008 1009 _, resp = th.SystemAdminClient.AutocompleteUsersInTeam(teamId, username, model.USER_SEARCH_DEFAULT_LIMIT, "") 1010 CheckNoError(t, resp) 1011 1012 _, resp = th.SystemAdminClient.AutocompleteUsers(username, model.USER_SEARCH_DEFAULT_LIMIT, "") 1013 CheckNoError(t, resp) 1014 1015 // Check against privacy config settings 1016 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.PrivacySettings.ShowFullName = false }) 1017 1018 th.LoginBasic() 1019 1020 rusers, resp = th.Client.AutocompleteUsers(username, model.USER_SEARCH_DEFAULT_LIMIT, "") 1021 CheckNoError(t, resp) 1022 1023 if rusers.Users[0].FirstName != "" || rusers.Users[0].LastName != "" { 1024 t.Fatal("should not show first/last name") 1025 } 1026 1027 rusers, resp = th.Client.AutocompleteUsersInChannel(teamId, channelId, username, model.USER_SEARCH_DEFAULT_LIMIT, "") 1028 CheckNoError(t, resp) 1029 1030 if rusers.Users[0].FirstName != "" || rusers.Users[0].LastName != "" { 1031 t.Fatal("should not show first/last name") 1032 } 1033 1034 rusers, resp = th.Client.AutocompleteUsersInTeam(teamId, username, model.USER_SEARCH_DEFAULT_LIMIT, "") 1035 CheckNoError(t, resp) 1036 1037 if rusers.Users[0].FirstName != "" || rusers.Users[0].LastName != "" { 1038 t.Fatal("should not show first/last name") 1039 } 1040 1041 t.Run("user must have access to team id, especially when it does not match channel's team id", func(t *testing.T) { 1042 rusers, resp = th.Client.AutocompleteUsersInChannel("otherTeamId", channelId, username, model.USER_SEARCH_DEFAULT_LIMIT, "") 1043 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 1044 }) 1045 } 1046 1047 func TestGetProfileImage(t *testing.T) { 1048 th := Setup().InitBasic() 1049 defer th.TearDown() 1050 user := th.BasicUser 1051 1052 data, resp := th.Client.GetProfileImage(user.Id, "") 1053 CheckNoError(t, resp) 1054 if len(data) == 0 { 1055 t.Fatal("Should not be empty") 1056 } 1057 1058 _, resp = th.Client.GetProfileImage(user.Id, resp.Etag) 1059 if resp.StatusCode == http.StatusNotModified { 1060 t.Fatal("Shouldn't have hit etag") 1061 } 1062 1063 _, resp = th.Client.GetProfileImage("junk", "") 1064 CheckBadRequestStatus(t, resp) 1065 1066 _, resp = th.Client.GetProfileImage(model.NewId(), "") 1067 CheckNotFoundStatus(t, resp) 1068 1069 th.Client.Logout() 1070 _, resp = th.Client.GetProfileImage(user.Id, "") 1071 CheckUnauthorizedStatus(t, resp) 1072 1073 _, resp = th.SystemAdminClient.GetProfileImage(user.Id, "") 1074 CheckNoError(t, resp) 1075 1076 info := &model.FileInfo{Path: "/users/" + user.Id + "/profile.png"} 1077 if err := th.cleanupTestFile(info); err != nil { 1078 t.Fatal(err) 1079 } 1080 } 1081 1082 func TestGetUsersByIds(t *testing.T) { 1083 th := Setup().InitBasic() 1084 defer th.TearDown() 1085 1086 users, resp := th.Client.GetUsersByIds([]string{th.BasicUser.Id}) 1087 CheckNoError(t, resp) 1088 1089 if users[0].Id != th.BasicUser.Id { 1090 t.Fatal("returned wrong user") 1091 } 1092 CheckUserSanitization(t, users[0]) 1093 1094 _, resp = th.Client.GetUsersByIds([]string{}) 1095 CheckBadRequestStatus(t, resp) 1096 1097 users, resp = th.Client.GetUsersByIds([]string{"junk"}) 1098 CheckNoError(t, resp) 1099 if len(users) > 0 { 1100 t.Fatal("no users should be returned") 1101 } 1102 1103 users, resp = th.Client.GetUsersByIds([]string{"junk", th.BasicUser.Id}) 1104 CheckNoError(t, resp) 1105 if len(users) != 1 { 1106 t.Fatal("1 user should be returned") 1107 } 1108 1109 th.Client.Logout() 1110 _, resp = th.Client.GetUsersByIds([]string{th.BasicUser.Id}) 1111 CheckUnauthorizedStatus(t, resp) 1112 } 1113 1114 func TestGetUsersByUsernames(t *testing.T) { 1115 th := Setup().InitBasic() 1116 defer th.TearDown() 1117 1118 users, resp := th.Client.GetUsersByUsernames([]string{th.BasicUser.Username}) 1119 CheckNoError(t, resp) 1120 1121 if users[0].Id != th.BasicUser.Id { 1122 t.Fatal("returned wrong user") 1123 } 1124 CheckUserSanitization(t, users[0]) 1125 1126 _, resp = th.Client.GetUsersByIds([]string{}) 1127 CheckBadRequestStatus(t, resp) 1128 1129 users, resp = th.Client.GetUsersByUsernames([]string{"junk"}) 1130 CheckNoError(t, resp) 1131 if len(users) > 0 { 1132 t.Fatal("no users should be returned") 1133 } 1134 1135 users, resp = th.Client.GetUsersByUsernames([]string{"junk", th.BasicUser.Username}) 1136 CheckNoError(t, resp) 1137 if len(users) != 1 { 1138 t.Fatal("1 user should be returned") 1139 } 1140 1141 th.Client.Logout() 1142 _, resp = th.Client.GetUsersByUsernames([]string{th.BasicUser.Username}) 1143 CheckUnauthorizedStatus(t, resp) 1144 } 1145 1146 func TestGetTotalUsersStat(t *testing.T) { 1147 th := Setup().InitBasic() 1148 defer th.TearDown() 1149 1150 total := <-th.Server.Store.User().Count(model.UserCountOptions{ 1151 IncludeDeleted: false, 1152 IncludeBotAccounts: true, 1153 }) 1154 1155 rstats, resp := th.Client.GetTotalUsersStats("") 1156 CheckNoError(t, resp) 1157 1158 if rstats.TotalUsersCount != total.Data.(int64) { 1159 t.Fatal("wrong count") 1160 } 1161 } 1162 1163 func TestUpdateUser(t *testing.T) { 1164 th := Setup().InitBasic() 1165 defer th.TearDown() 1166 1167 user := th.CreateUser() 1168 th.Client.Login(user.Email, user.Password) 1169 1170 user.Nickname = "Joram Wilander" 1171 user.Roles = model.SYSTEM_ADMIN_ROLE_ID 1172 user.LastPasswordUpdate = 123 1173 1174 ruser, resp := th.Client.UpdateUser(user) 1175 CheckNoError(t, resp) 1176 CheckUserSanitization(t, ruser) 1177 1178 if ruser.Nickname != "Joram Wilander" { 1179 t.Fatal("Nickname did not update properly") 1180 } 1181 if ruser.Roles != model.SYSTEM_USER_ROLE_ID { 1182 t.Fatal("Roles should not have updated") 1183 } 1184 if ruser.LastPasswordUpdate == 123 { 1185 t.Fatal("LastPasswordUpdate should not have updated") 1186 } 1187 1188 ruser.Email = th.GenerateTestEmail() 1189 _, resp = th.Client.UpdateUser(ruser) 1190 CheckBadRequestStatus(t, resp) 1191 1192 ruser.Password = user.Password 1193 ruser, resp = th.Client.UpdateUser(ruser) 1194 CheckNoError(t, resp) 1195 CheckUserSanitization(t, ruser) 1196 1197 ruser.Id = "junk" 1198 _, resp = th.Client.UpdateUser(ruser) 1199 CheckBadRequestStatus(t, resp) 1200 1201 ruser.Id = model.NewId() 1202 _, resp = th.Client.UpdateUser(ruser) 1203 CheckForbiddenStatus(t, resp) 1204 1205 if r, err := th.Client.DoApiPut("/users/"+ruser.Id, "garbage"); err == nil { 1206 t.Fatal("should have errored") 1207 } else { 1208 if r.StatusCode != http.StatusBadRequest { 1209 t.Log("actual: " + strconv.Itoa(r.StatusCode)) 1210 t.Log("expected: " + strconv.Itoa(http.StatusBadRequest)) 1211 t.Fatal("wrong status code") 1212 } 1213 } 1214 1215 session, _ := th.App.GetSession(th.Client.AuthToken) 1216 session.IsOAuth = true 1217 th.App.AddSessionToCache(session) 1218 1219 ruser.Id = user.Id 1220 ruser.Email = th.GenerateTestEmail() 1221 _, resp = th.Client.UpdateUser(ruser) 1222 CheckForbiddenStatus(t, resp) 1223 1224 th.Client.Logout() 1225 _, resp = th.Client.UpdateUser(user) 1226 CheckUnauthorizedStatus(t, resp) 1227 1228 th.LoginBasic() 1229 _, resp = th.Client.UpdateUser(user) 1230 CheckForbiddenStatus(t, resp) 1231 1232 _, resp = th.SystemAdminClient.UpdateUser(user) 1233 CheckNoError(t, resp) 1234 } 1235 1236 func TestPatchUser(t *testing.T) { 1237 th := Setup().InitBasic() 1238 defer th.TearDown() 1239 1240 user := th.CreateUser() 1241 th.Client.Login(user.Email, user.Password) 1242 1243 patch := &model.UserPatch{} 1244 patch.Password = model.NewString("testpassword") 1245 patch.Nickname = model.NewString("Joram Wilander") 1246 patch.FirstName = model.NewString("Joram") 1247 patch.LastName = model.NewString("Wilander") 1248 patch.Position = new(string) 1249 patch.NotifyProps = model.StringMap{} 1250 patch.NotifyProps["comment"] = "somethingrandom" 1251 patch.Timezone = model.StringMap{} 1252 patch.Timezone["useAutomaticTimezone"] = "true" 1253 patch.Timezone["automaticTimezone"] = "America/New_York" 1254 patch.Timezone["manualTimezone"] = "" 1255 1256 ruser, resp := th.Client.PatchUser(user.Id, patch) 1257 CheckNoError(t, resp) 1258 CheckUserSanitization(t, ruser) 1259 1260 if ruser.Nickname != "Joram Wilander" { 1261 t.Fatal("Nickname did not update properly") 1262 } 1263 if ruser.FirstName != "Joram" { 1264 t.Fatal("FirstName did not update properly") 1265 } 1266 if ruser.LastName != "Wilander" { 1267 t.Fatal("LastName did not update properly") 1268 } 1269 if ruser.Position != "" { 1270 t.Fatal("Position did not update properly") 1271 } 1272 if ruser.Username != user.Username { 1273 t.Fatal("Username should not have updated") 1274 } 1275 if ruser.Password != "" { 1276 t.Fatal("Password should not be returned") 1277 } 1278 if ruser.NotifyProps["comment"] != "somethingrandom" { 1279 t.Fatal("NotifyProps did not update properly") 1280 } 1281 if ruser.Timezone["useAutomaticTimezone"] != "true" { 1282 t.Fatal("useAutomaticTimezone did not update properly") 1283 } 1284 if ruser.Timezone["automaticTimezone"] != "America/New_York" { 1285 t.Fatal("automaticTimezone did not update properly") 1286 } 1287 if ruser.Timezone["manualTimezone"] != "" { 1288 t.Fatal("manualTimezone did not update properly") 1289 } 1290 1291 err := th.App.CheckPasswordAndAllCriteria(ruser, *patch.Password, "") 1292 assert.Error(t, err, "Password should not match") 1293 1294 currentPassword := user.Password 1295 user, err = th.App.GetUser(ruser.Id) 1296 if err != nil { 1297 t.Fatal("User Get shouldn't error") 1298 } 1299 1300 err = th.App.CheckPasswordAndAllCriteria(user, currentPassword, "") 1301 if err != nil { 1302 t.Fatal("Password should still match") 1303 } 1304 1305 patch = &model.UserPatch{} 1306 patch.Email = model.NewString(th.GenerateTestEmail()) 1307 1308 _, resp = th.Client.PatchUser(user.Id, patch) 1309 CheckBadRequestStatus(t, resp) 1310 1311 patch.Password = model.NewString(currentPassword) 1312 ruser, resp = th.Client.PatchUser(user.Id, patch) 1313 CheckNoError(t, resp) 1314 1315 if ruser.Email != *patch.Email { 1316 t.Fatal("Email did not update properly") 1317 } 1318 1319 patch.Username = model.NewString(th.BasicUser2.Username) 1320 _, resp = th.Client.PatchUser(user.Id, patch) 1321 CheckBadRequestStatus(t, resp) 1322 1323 patch.Username = nil 1324 1325 _, resp = th.Client.PatchUser("junk", patch) 1326 CheckBadRequestStatus(t, resp) 1327 1328 ruser.Id = model.NewId() 1329 _, resp = th.Client.PatchUser(model.NewId(), patch) 1330 CheckForbiddenStatus(t, resp) 1331 1332 if r, err := th.Client.DoApiPut("/users/"+user.Id+"/patch", "garbage"); err == nil { 1333 t.Fatal("should have errored") 1334 } else { 1335 if r.StatusCode != http.StatusBadRequest { 1336 t.Log("actual: " + strconv.Itoa(r.StatusCode)) 1337 t.Log("expected: " + strconv.Itoa(http.StatusBadRequest)) 1338 t.Fatal("wrong status code") 1339 } 1340 } 1341 1342 session, _ := th.App.GetSession(th.Client.AuthToken) 1343 session.IsOAuth = true 1344 th.App.AddSessionToCache(session) 1345 1346 patch.Email = model.NewString(th.GenerateTestEmail()) 1347 _, resp = th.Client.PatchUser(user.Id, patch) 1348 CheckForbiddenStatus(t, resp) 1349 1350 th.Client.Logout() 1351 _, resp = th.Client.PatchUser(user.Id, patch) 1352 CheckUnauthorizedStatus(t, resp) 1353 1354 th.LoginBasic() 1355 _, resp = th.Client.PatchUser(user.Id, patch) 1356 CheckForbiddenStatus(t, resp) 1357 1358 _, resp = th.SystemAdminClient.PatchUser(user.Id, patch) 1359 CheckNoError(t, resp) 1360 } 1361 1362 func TestUpdateUserAuth(t *testing.T) { 1363 th := Setup().InitBasic() 1364 defer th.TearDown() 1365 1366 team := th.CreateTeamWithClient(th.SystemAdminClient) 1367 1368 user := th.CreateUser() 1369 1370 th.LinkUserToTeam(user, team) 1371 store.Must(th.App.Srv.Store.User().VerifyEmail(user.Id, user.Email)) 1372 1373 userAuth := &model.UserAuth{} 1374 userAuth.AuthData = user.AuthData 1375 userAuth.AuthService = user.AuthService 1376 userAuth.Password = user.Password 1377 1378 // Regular user can not use endpoint 1379 if _, err := th.SystemAdminClient.UpdateUserAuth(user.Id, userAuth); err == nil { 1380 t.Fatal("Shouldn't have permissions. Only Admins") 1381 } 1382 1383 userAuth.AuthData = model.NewString("test@test.com") 1384 userAuth.AuthService = model.USER_AUTH_SERVICE_SAML 1385 userAuth.Password = "newpassword" 1386 ruser, resp := th.SystemAdminClient.UpdateUserAuth(user.Id, userAuth) 1387 CheckNoError(t, resp) 1388 1389 // AuthData and AuthService are set, password is set to empty 1390 if *ruser.AuthData != *userAuth.AuthData { 1391 t.Fatal("Should have set the correct AuthData") 1392 } 1393 if ruser.AuthService != model.USER_AUTH_SERVICE_SAML { 1394 t.Fatal("Should have set the correct AuthService") 1395 } 1396 if ruser.Password != "" { 1397 t.Fatal("Password should be empty") 1398 } 1399 1400 // When AuthData or AuthService are empty, password must be valid 1401 userAuth.AuthData = user.AuthData 1402 userAuth.AuthService = "" 1403 userAuth.Password = "1" 1404 if _, err := th.SystemAdminClient.UpdateUserAuth(user.Id, userAuth); err == nil { 1405 t.Fatal("Should have errored - user password not valid") 1406 } 1407 1408 // Regular user can not use endpoint 1409 user2 := th.CreateUser() 1410 th.LinkUserToTeam(user2, team) 1411 store.Must(th.App.Srv.Store.User().VerifyEmail(user2.Id, user2.Email)) 1412 1413 th.SystemAdminClient.Login(user2.Email, "passwd1") 1414 1415 userAuth.AuthData = user.AuthData 1416 userAuth.AuthService = user.AuthService 1417 userAuth.Password = user.Password 1418 if _, err := th.SystemAdminClient.UpdateUserAuth(user.Id, userAuth); err == nil { 1419 t.Fatal("Should have errored") 1420 } 1421 } 1422 1423 func TestDeleteUser(t *testing.T) { 1424 th := Setup().InitBasic() 1425 defer th.TearDown() 1426 1427 user := th.BasicUser 1428 th.LoginBasic() 1429 1430 testUser := th.SystemAdminUser 1431 _, resp := th.Client.DeleteUser(testUser.Id) 1432 CheckForbiddenStatus(t, resp) 1433 1434 th.Client.Logout() 1435 1436 _, resp = th.Client.DeleteUser(user.Id) 1437 CheckUnauthorizedStatus(t, resp) 1438 1439 th.Client.Login(testUser.Email, testUser.Password) 1440 1441 user.Id = model.NewId() 1442 _, resp = th.Client.DeleteUser(user.Id) 1443 CheckNotFoundStatus(t, resp) 1444 1445 user.Id = "junk" 1446 _, resp = th.Client.DeleteUser(user.Id) 1447 CheckBadRequestStatus(t, resp) 1448 1449 _, resp = th.Client.DeleteUser(testUser.Id) 1450 CheckNoError(t, resp) 1451 1452 selfDeleteUser := th.CreateUser() 1453 th.Client.Login(selfDeleteUser.Email, selfDeleteUser.Password) 1454 1455 th.App.UpdateConfig(func(c *model.Config) { 1456 *c.TeamSettings.EnableUserDeactivation = false 1457 }) 1458 _, resp = th.Client.DeleteUser(selfDeleteUser.Id) 1459 CheckUnauthorizedStatus(t, resp) 1460 1461 th.App.UpdateConfig(func(c *model.Config) { 1462 *c.TeamSettings.EnableUserDeactivation = true 1463 }) 1464 _, resp = th.Client.DeleteUser(selfDeleteUser.Id) 1465 CheckNoError(t, resp) 1466 } 1467 1468 func TestUpdateUserRoles(t *testing.T) { 1469 th := Setup().InitBasic() 1470 defer th.TearDown() 1471 1472 _, resp := th.Client.UpdateUserRoles(th.SystemAdminUser.Id, model.SYSTEM_USER_ROLE_ID) 1473 CheckForbiddenStatus(t, resp) 1474 1475 _, resp = th.SystemAdminClient.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID) 1476 CheckNoError(t, resp) 1477 1478 _, resp = th.SystemAdminClient.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_ADMIN_ROLE_ID) 1479 CheckNoError(t, resp) 1480 1481 _, resp = th.SystemAdminClient.UpdateUserRoles(th.BasicUser.Id, "junk") 1482 CheckBadRequestStatus(t, resp) 1483 1484 _, resp = th.SystemAdminClient.UpdateUserRoles("junk", model.SYSTEM_USER_ROLE_ID) 1485 CheckBadRequestStatus(t, resp) 1486 1487 _, resp = th.SystemAdminClient.UpdateUserRoles(model.NewId(), model.SYSTEM_USER_ROLE_ID) 1488 CheckBadRequestStatus(t, resp) 1489 } 1490 1491 func assertExpectedWebsocketEvent(t *testing.T, client *model.WebSocketClient, event string, test func(*model.WebSocketEvent)) { 1492 for { 1493 select { 1494 case resp, ok := <-client.EventChannel: 1495 if !ok { 1496 t.Fatalf("channel closed before receiving expected event %s", model.WEBSOCKET_EVENT_USER_UPDATED) 1497 } else if resp.Event == model.WEBSOCKET_EVENT_USER_UPDATED { 1498 test(resp) 1499 return 1500 } 1501 case <-time.After(5 * time.Second): 1502 t.Fatalf("failed to receive expected event %s", model.WEBSOCKET_EVENT_USER_UPDATED) 1503 } 1504 } 1505 } 1506 1507 func assertWebsocketEventUserUpdatedWithEmail(t *testing.T, client *model.WebSocketClient, email string) { 1508 assertExpectedWebsocketEvent(t, client, model.WEBSOCKET_EVENT_USER_UPDATED, func(event *model.WebSocketEvent) { 1509 if eventUser, ok := event.Data["user"].(map[string]interface{}); !ok { 1510 t.Fatalf("expected user") 1511 } else if userEmail, ok := eventUser["email"].(string); !ok { 1512 t.Fatalf("expected email %s, but got nil", email) 1513 } else { 1514 assert.Equal(t, email, userEmail) 1515 } 1516 }) 1517 } 1518 1519 func TestUpdateUserActive(t *testing.T) { 1520 t.Run("basic tests", func(t *testing.T) { 1521 th := Setup().InitBasic() 1522 defer th.TearDown() 1523 1524 user := th.BasicUser 1525 1526 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableUserDeactivation = true }) 1527 pass, resp := th.Client.UpdateUserActive(user.Id, false) 1528 CheckNoError(t, resp) 1529 1530 if !pass { 1531 t.Fatal("should have returned true") 1532 } 1533 1534 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableUserDeactivation = false }) 1535 pass, resp = th.Client.UpdateUserActive(user.Id, false) 1536 CheckUnauthorizedStatus(t, resp) 1537 1538 if pass { 1539 t.Fatal("should have returned false") 1540 } 1541 1542 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableUserDeactivation = true }) 1543 pass, resp = th.Client.UpdateUserActive(user.Id, false) 1544 CheckUnauthorizedStatus(t, resp) 1545 1546 if pass { 1547 t.Fatal("should have returned false") 1548 } 1549 1550 th.LoginBasic2() 1551 1552 _, resp = th.Client.UpdateUserActive(user.Id, true) 1553 CheckForbiddenStatus(t, resp) 1554 1555 _, resp = th.Client.UpdateUserActive(GenerateTestId(), true) 1556 CheckForbiddenStatus(t, resp) 1557 1558 _, resp = th.Client.UpdateUserActive("junk", true) 1559 CheckBadRequestStatus(t, resp) 1560 1561 th.Client.Logout() 1562 1563 _, resp = th.Client.UpdateUserActive(user.Id, true) 1564 CheckUnauthorizedStatus(t, resp) 1565 1566 _, resp = th.SystemAdminClient.UpdateUserActive(user.Id, true) 1567 CheckNoError(t, resp) 1568 1569 _, resp = th.SystemAdminClient.UpdateUserActive(user.Id, false) 1570 CheckNoError(t, resp) 1571 1572 authData := model.NewId() 1573 result := <-th.App.Srv.Store.User().UpdateAuthData(user.Id, "random", &authData, "", true) 1574 require.Nil(t, result.Err) 1575 1576 _, resp = th.SystemAdminClient.UpdateUserActive(user.Id, false) 1577 CheckNoError(t, resp) 1578 }) 1579 1580 t.Run("websocket events", func(t *testing.T) { 1581 th := Setup().InitBasic() 1582 defer th.TearDown() 1583 1584 user := th.BasicUser2 1585 1586 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.EnableUserDeactivation = true }) 1587 1588 webSocketClient, err := th.CreateWebSocketClient() 1589 assert.Nil(t, err) 1590 defer webSocketClient.Close() 1591 1592 webSocketClient.Listen() 1593 1594 time.Sleep(300 * time.Millisecond) 1595 if resp := <-webSocketClient.ResponseChannel; resp.Status != model.STATUS_OK { 1596 t.Fatal("should have responded OK to authentication challenge") 1597 } 1598 1599 adminWebSocketClient, err := th.CreateWebSocketSystemAdminClient() 1600 assert.Nil(t, err) 1601 defer adminWebSocketClient.Close() 1602 1603 adminWebSocketClient.Listen() 1604 1605 time.Sleep(300 * time.Millisecond) 1606 if resp := <-adminWebSocketClient.ResponseChannel; resp.Status != model.STATUS_OK { 1607 t.Fatal("should have responded OK to authentication challenge") 1608 } 1609 1610 // Verify that both admins and regular users see the email when privacy settings allow same. 1611 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.PrivacySettings.ShowEmailAddress = true }) 1612 _, resp := th.SystemAdminClient.UpdateUserActive(user.Id, false) 1613 CheckNoError(t, resp) 1614 1615 assertWebsocketEventUserUpdatedWithEmail(t, webSocketClient, user.Email) 1616 assertWebsocketEventUserUpdatedWithEmail(t, adminWebSocketClient, user.Email) 1617 1618 // Verify that only admins see the email when privacy settings hide emails. 1619 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.PrivacySettings.ShowEmailAddress = false }) 1620 _, resp = th.SystemAdminClient.UpdateUserActive(user.Id, true) 1621 CheckNoError(t, resp) 1622 1623 assertWebsocketEventUserUpdatedWithEmail(t, webSocketClient, "") 1624 assertWebsocketEventUserUpdatedWithEmail(t, adminWebSocketClient, user.Email) 1625 }) 1626 } 1627 1628 func TestGetUsers(t *testing.T) { 1629 th := Setup().InitBasic() 1630 defer th.TearDown() 1631 1632 rusers, resp := th.Client.GetUsers(0, 60, "") 1633 CheckNoError(t, resp) 1634 for _, u := range rusers { 1635 CheckUserSanitization(t, u) 1636 } 1637 1638 rusers, resp = th.Client.GetUsers(0, 60, resp.Etag) 1639 CheckEtag(t, rusers, resp) 1640 1641 rusers, resp = th.Client.GetUsers(0, 1, "") 1642 CheckNoError(t, resp) 1643 if len(rusers) != 1 { 1644 t.Fatal("should be 1 per page") 1645 } 1646 1647 rusers, resp = th.Client.GetUsers(1, 1, "") 1648 CheckNoError(t, resp) 1649 if len(rusers) != 1 { 1650 t.Fatal("should be 1 per page") 1651 } 1652 1653 rusers, resp = th.Client.GetUsers(10000, 100, "") 1654 CheckNoError(t, resp) 1655 if len(rusers) != 0 { 1656 t.Fatal("should be no users") 1657 } 1658 1659 // Check default params for page and per_page 1660 if _, err := th.Client.DoApiGet("/users", ""); err != nil { 1661 t.Fatal("should not have errored") 1662 } 1663 1664 th.Client.Logout() 1665 _, resp = th.Client.GetUsers(0, 60, "") 1666 CheckUnauthorizedStatus(t, resp) 1667 } 1668 1669 func TestGetNewUsersInTeam(t *testing.T) { 1670 th := Setup().InitBasic() 1671 defer th.TearDown() 1672 teamId := th.BasicTeam.Id 1673 1674 rusers, resp := th.Client.GetNewUsersInTeam(teamId, 0, 60, "") 1675 CheckNoError(t, resp) 1676 1677 lastCreateAt := model.GetMillis() 1678 for _, u := range rusers { 1679 if u.CreateAt > lastCreateAt { 1680 t.Fatal("bad sorting") 1681 } 1682 lastCreateAt = u.CreateAt 1683 CheckUserSanitization(t, u) 1684 } 1685 1686 rusers, resp = th.Client.GetNewUsersInTeam(teamId, 1, 1, "") 1687 CheckNoError(t, resp) 1688 if len(rusers) != 1 { 1689 t.Fatal("should be 1 per page") 1690 } 1691 1692 th.Client.Logout() 1693 _, resp = th.Client.GetNewUsersInTeam(teamId, 1, 1, "") 1694 CheckUnauthorizedStatus(t, resp) 1695 } 1696 1697 func TestGetRecentlyActiveUsersInTeam(t *testing.T) { 1698 th := Setup().InitBasic() 1699 defer th.TearDown() 1700 teamId := th.BasicTeam.Id 1701 1702 th.App.SetStatusOnline(th.BasicUser.Id, true) 1703 1704 rusers, resp := th.Client.GetRecentlyActiveUsersInTeam(teamId, 0, 60, "") 1705 CheckNoError(t, resp) 1706 1707 for _, u := range rusers { 1708 if u.LastActivityAt == 0 { 1709 t.Fatal("did not return last activity at") 1710 } 1711 CheckUserSanitization(t, u) 1712 } 1713 1714 rusers, resp = th.Client.GetRecentlyActiveUsersInTeam(teamId, 0, 1, "") 1715 CheckNoError(t, resp) 1716 if len(rusers) != 1 { 1717 t.Fatal("should be 1 per page") 1718 } 1719 1720 th.Client.Logout() 1721 _, resp = th.Client.GetRecentlyActiveUsersInTeam(teamId, 0, 1, "") 1722 CheckUnauthorizedStatus(t, resp) 1723 } 1724 1725 func TestGetUsersWithoutTeam(t *testing.T) { 1726 th := Setup().InitBasic() 1727 defer th.TearDown() 1728 1729 if _, resp := th.Client.GetUsersWithoutTeam(0, 100, ""); resp.Error == nil { 1730 t.Fatal("should prevent non-admin user from getting users without a team") 1731 } 1732 1733 // These usernames need to appear in the first 100 users for this to work 1734 1735 user, resp := th.Client.CreateUser(&model.User{ 1736 Username: "a000000000" + model.NewId(), 1737 Email: "success+" + model.NewId() + "@simulator.amazonses.com", 1738 Password: "Password1", 1739 }) 1740 CheckNoError(t, resp) 1741 th.LinkUserToTeam(user, th.BasicTeam) 1742 defer th.App.Srv.Store.User().PermanentDelete(user.Id) 1743 1744 user2, resp := th.Client.CreateUser(&model.User{ 1745 Username: "a000000001" + model.NewId(), 1746 Email: "success+" + model.NewId() + "@simulator.amazonses.com", 1747 Password: "Password1", 1748 }) 1749 CheckNoError(t, resp) 1750 defer th.App.Srv.Store.User().PermanentDelete(user2.Id) 1751 1752 rusers, resp := th.SystemAdminClient.GetUsersWithoutTeam(0, 100, "") 1753 CheckNoError(t, resp) 1754 1755 found1 := false 1756 found2 := false 1757 1758 for _, u := range rusers { 1759 if u.Id == user.Id { 1760 found1 = true 1761 } else if u.Id == user2.Id { 1762 found2 = true 1763 } 1764 } 1765 1766 if found1 { 1767 t.Fatal("shouldn't have returned user that has a team") 1768 } else if !found2 { 1769 t.Fatal("should've returned user that has no teams") 1770 } 1771 } 1772 1773 func TestGetUsersInTeam(t *testing.T) { 1774 th := Setup().InitBasic() 1775 defer th.TearDown() 1776 teamId := th.BasicTeam.Id 1777 1778 rusers, resp := th.Client.GetUsersInTeam(teamId, 0, 60, "") 1779 CheckNoError(t, resp) 1780 for _, u := range rusers { 1781 CheckUserSanitization(t, u) 1782 } 1783 1784 rusers, resp = th.Client.GetUsersInTeam(teamId, 0, 60, resp.Etag) 1785 CheckEtag(t, rusers, resp) 1786 1787 rusers, resp = th.Client.GetUsersInTeam(teamId, 0, 1, "") 1788 CheckNoError(t, resp) 1789 if len(rusers) != 1 { 1790 t.Fatal("should be 1 per page") 1791 } 1792 1793 rusers, resp = th.Client.GetUsersInTeam(teamId, 1, 1, "") 1794 CheckNoError(t, resp) 1795 if len(rusers) != 1 { 1796 t.Fatal("should be 1 per page") 1797 } 1798 1799 rusers, resp = th.Client.GetUsersInTeam(teamId, 10000, 100, "") 1800 CheckNoError(t, resp) 1801 if len(rusers) != 0 { 1802 t.Fatal("should be no users") 1803 } 1804 1805 th.Client.Logout() 1806 _, resp = th.Client.GetUsersInTeam(teamId, 0, 60, "") 1807 CheckUnauthorizedStatus(t, resp) 1808 1809 user := th.CreateUser() 1810 th.Client.Login(user.Email, user.Password) 1811 _, resp = th.Client.GetUsersInTeam(teamId, 0, 60, "") 1812 CheckForbiddenStatus(t, resp) 1813 1814 _, resp = th.SystemAdminClient.GetUsersInTeam(teamId, 0, 60, "") 1815 CheckNoError(t, resp) 1816 } 1817 1818 func TestGetUsersNotInTeam(t *testing.T) { 1819 th := Setup().InitBasic() 1820 defer th.TearDown() 1821 teamId := th.BasicTeam.Id 1822 1823 rusers, resp := th.Client.GetUsersNotInTeam(teamId, 0, 60, "") 1824 CheckNoError(t, resp) 1825 for _, u := range rusers { 1826 CheckUserSanitization(t, u) 1827 } 1828 require.Len(t, rusers, 1, "should be 1 user in total") 1829 1830 rusers, resp = th.Client.GetUsersNotInTeam(teamId, 0, 60, resp.Etag) 1831 CheckEtag(t, rusers, resp) 1832 1833 rusers, resp = th.Client.GetUsersNotInTeam(teamId, 0, 1, "") 1834 CheckNoError(t, resp) 1835 require.Len(t, rusers, 1, "should be 1 per page") 1836 1837 rusers, resp = th.Client.GetUsersNotInTeam(teamId, 1, 1, "") 1838 CheckNoError(t, resp) 1839 require.Len(t, rusers, 0, "should be no users") 1840 1841 rusers, resp = th.Client.GetUsersNotInTeam(teamId, 10000, 100, "") 1842 CheckNoError(t, resp) 1843 require.Len(t, rusers, 0, "should be no users") 1844 1845 th.Client.Logout() 1846 _, resp = th.Client.GetUsersNotInTeam(teamId, 0, 60, "") 1847 CheckUnauthorizedStatus(t, resp) 1848 1849 user := th.CreateUser() 1850 th.Client.Login(user.Email, user.Password) 1851 _, resp = th.Client.GetUsersNotInTeam(teamId, 0, 60, "") 1852 CheckForbiddenStatus(t, resp) 1853 1854 _, resp = th.SystemAdminClient.GetUsersNotInTeam(teamId, 0, 60, "") 1855 CheckNoError(t, resp) 1856 } 1857 1858 func TestGetUsersInChannel(t *testing.T) { 1859 th := Setup().InitBasic() 1860 defer th.TearDown() 1861 channelId := th.BasicChannel.Id 1862 1863 rusers, resp := th.Client.GetUsersInChannel(channelId, 0, 60, "") 1864 CheckNoError(t, resp) 1865 for _, u := range rusers { 1866 CheckUserSanitization(t, u) 1867 } 1868 1869 rusers, resp = th.Client.GetUsersInChannel(channelId, 0, 1, "") 1870 CheckNoError(t, resp) 1871 if len(rusers) != 1 { 1872 t.Fatal("should be 1 per page") 1873 } 1874 1875 rusers, resp = th.Client.GetUsersInChannel(channelId, 1, 1, "") 1876 CheckNoError(t, resp) 1877 if len(rusers) != 1 { 1878 t.Fatal("should be 1 per page") 1879 } 1880 1881 rusers, resp = th.Client.GetUsersInChannel(channelId, 10000, 100, "") 1882 CheckNoError(t, resp) 1883 if len(rusers) != 0 { 1884 t.Fatal("should be no users") 1885 } 1886 1887 th.Client.Logout() 1888 _, resp = th.Client.GetUsersInChannel(channelId, 0, 60, "") 1889 CheckUnauthorizedStatus(t, resp) 1890 1891 user := th.CreateUser() 1892 th.Client.Login(user.Email, user.Password) 1893 _, resp = th.Client.GetUsersInChannel(channelId, 0, 60, "") 1894 CheckForbiddenStatus(t, resp) 1895 1896 _, resp = th.SystemAdminClient.GetUsersInChannel(channelId, 0, 60, "") 1897 CheckNoError(t, resp) 1898 } 1899 1900 func TestGetUsersNotInChannel(t *testing.T) { 1901 th := Setup().InitBasic() 1902 defer th.TearDown() 1903 teamId := th.BasicTeam.Id 1904 channelId := th.BasicChannel.Id 1905 1906 user := th.CreateUser() 1907 th.LinkUserToTeam(user, th.BasicTeam) 1908 1909 rusers, resp := th.Client.GetUsersNotInChannel(teamId, channelId, 0, 60, "") 1910 CheckNoError(t, resp) 1911 for _, u := range rusers { 1912 CheckUserSanitization(t, u) 1913 } 1914 1915 rusers, resp = th.Client.GetUsersNotInChannel(teamId, channelId, 0, 1, "") 1916 CheckNoError(t, resp) 1917 if len(rusers) != 1 { 1918 t.Log(len(rusers)) 1919 t.Fatal("should be 1 per page") 1920 } 1921 1922 rusers, resp = th.Client.GetUsersNotInChannel(teamId, channelId, 10000, 100, "") 1923 CheckNoError(t, resp) 1924 if len(rusers) != 0 { 1925 t.Fatal("should be no users") 1926 } 1927 1928 th.Client.Logout() 1929 _, resp = th.Client.GetUsersNotInChannel(teamId, channelId, 0, 60, "") 1930 CheckUnauthorizedStatus(t, resp) 1931 1932 th.Client.Login(user.Email, user.Password) 1933 _, resp = th.Client.GetUsersNotInChannel(teamId, channelId, 0, 60, "") 1934 CheckForbiddenStatus(t, resp) 1935 1936 _, resp = th.SystemAdminClient.GetUsersNotInChannel(teamId, channelId, 0, 60, "") 1937 CheckNoError(t, resp) 1938 } 1939 1940 func TestUpdateUserMfa(t *testing.T) { 1941 th := Setup().InitBasic() 1942 defer th.TearDown() 1943 1944 th.App.SetLicense(model.NewTestLicense("mfa")) 1945 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableMultifactorAuthentication = true }) 1946 1947 session, _ := th.App.GetSession(th.Client.AuthToken) 1948 session.IsOAuth = true 1949 th.App.AddSessionToCache(session) 1950 1951 _, resp := th.Client.UpdateUserMfa(th.BasicUser.Id, "12345", false) 1952 CheckForbiddenStatus(t, resp) 1953 } 1954 1955 // CheckUserMfa is deprecated and should not be used anymore, it will be disabled by default in version 6.0 1956 func TestCheckUserMfa(t *testing.T) { 1957 th := Setup().InitBasic() 1958 defer th.TearDown() 1959 1960 th.App.UpdateConfig(func(c *model.Config) { 1961 *c.ServiceSettings.DisableLegacyMFA = false 1962 }) 1963 1964 required, resp := th.Client.CheckUserMfa(th.BasicUser.Email) 1965 CheckNoError(t, resp) 1966 1967 if required { 1968 t.Fatal("should be false - mfa not active") 1969 } 1970 1971 _, resp = th.Client.CheckUserMfa("") 1972 CheckBadRequestStatus(t, resp) 1973 1974 th.Client.Logout() 1975 1976 required, resp = th.Client.CheckUserMfa(th.BasicUser.Email) 1977 CheckNoError(t, resp) 1978 1979 if required { 1980 t.Fatal("should be false - mfa not active") 1981 } 1982 1983 th.App.SetLicense(model.NewTestLicense("mfa")) 1984 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableMultifactorAuthentication = true }) 1985 1986 th.LoginBasic() 1987 1988 required, resp = th.Client.CheckUserMfa(th.BasicUser.Email) 1989 CheckNoError(t, resp) 1990 1991 if required { 1992 t.Fatal("should be false - mfa not active") 1993 } 1994 1995 th.Client.Logout() 1996 1997 required, resp = th.Client.CheckUserMfa(th.BasicUser.Email) 1998 CheckNoError(t, resp) 1999 2000 if required { 2001 t.Fatal("should be false - mfa not active") 2002 } 2003 2004 th.App.UpdateConfig(func(c *model.Config) { 2005 *c.ServiceSettings.DisableLegacyMFA = true 2006 }) 2007 2008 _, resp = th.Client.CheckUserMfa(th.BasicUser.Email) 2009 CheckNotFoundStatus(t, resp) 2010 } 2011 2012 func TestUserLoginMFAFlow(t *testing.T) { 2013 th := Setup().InitBasic() 2014 defer th.TearDown() 2015 2016 th.App.UpdateConfig(func(c *model.Config) { 2017 *c.ServiceSettings.DisableLegacyMFA = true 2018 *c.ServiceSettings.EnableMultifactorAuthentication = true 2019 }) 2020 2021 t.Run("WithoutMFA", func(t *testing.T) { 2022 _, resp := th.Client.Login(th.BasicUser.Email, th.BasicUser.Password) 2023 CheckNoError(t, resp) 2024 }) 2025 2026 t.Run("WithInvalidMFA", func(t *testing.T) { 2027 secret, err := th.App.GenerateMfaSecret(th.BasicUser.Id) 2028 assert.Nil(t, err) 2029 2030 // Fake user has MFA enabled 2031 if result := <-th.Server.Store.User().UpdateMfaActive(th.BasicUser.Id, true); result.Err != nil { 2032 t.Fatal(result.Err) 2033 } 2034 2035 if result := <-th.Server.Store.User().UpdateMfaSecret(th.BasicUser.Id, secret.Secret); result.Err != nil { 2036 t.Fatal(result.Err) 2037 } 2038 2039 user, resp := th.Client.Login(th.BasicUser.Email, th.BasicUser.Password) 2040 CheckErrorMessage(t, resp, "mfa.validate_token.authenticate.app_error") 2041 assert.Nil(t, user) 2042 2043 user, resp = th.Client.LoginWithMFA(th.BasicUser.Email, th.BasicUser.Password, "") 2044 CheckErrorMessage(t, resp, "mfa.validate_token.authenticate.app_error") 2045 assert.Nil(t, user) 2046 2047 user, resp = th.Client.LoginWithMFA(th.BasicUser.Email, th.BasicUser.Password, "abcdefgh") 2048 CheckErrorMessage(t, resp, "mfa.validate_token.authenticate.app_error") 2049 assert.Nil(t, user) 2050 2051 secret2, err := th.App.GenerateMfaSecret(th.BasicUser2.Id) 2052 assert.Nil(t, err) 2053 user, resp = th.Client.LoginWithMFA(th.BasicUser.Email, th.BasicUser.Password, secret2.Secret) 2054 CheckErrorMessage(t, resp, "mfa.validate_token.authenticate.app_error") 2055 assert.Nil(t, user) 2056 }) 2057 2058 t.Run("WithCorrectMFA", func(t *testing.T) { 2059 secret, err := th.App.GenerateMfaSecret(th.BasicUser.Id) 2060 assert.Nil(t, err) 2061 2062 // Fake user has MFA enabled 2063 if result := <-th.Server.Store.User().UpdateMfaActive(th.BasicUser.Id, true); result.Err != nil { 2064 t.Fatal(result.Err) 2065 } 2066 2067 if result := <-th.Server.Store.User().UpdateMfaSecret(th.BasicUser.Id, secret.Secret); result.Err != nil { 2068 t.Fatal(result.Err) 2069 } 2070 2071 code := dgoogauth.ComputeCode(secret.Secret, time.Now().UTC().Unix()/30) 2072 2073 user, resp := th.Client.LoginWithMFA(th.BasicUser.Email, th.BasicUser.Password, fmt.Sprintf("%06d", code)) 2074 CheckNoError(t, resp) 2075 assert.NotNil(t, user) 2076 }) 2077 } 2078 2079 func TestGenerateMfaSecret(t *testing.T) { 2080 th := Setup().InitBasic() 2081 defer th.TearDown() 2082 2083 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableMultifactorAuthentication = false }) 2084 2085 _, resp := th.Client.GenerateMfaSecret(th.BasicUser.Id) 2086 CheckNotImplementedStatus(t, resp) 2087 2088 _, resp = th.SystemAdminClient.GenerateMfaSecret(th.BasicUser.Id) 2089 CheckNotImplementedStatus(t, resp) 2090 2091 _, resp = th.Client.GenerateMfaSecret("junk") 2092 CheckBadRequestStatus(t, resp) 2093 2094 th.App.SetLicense(model.NewTestLicense("mfa")) 2095 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableMultifactorAuthentication = true }) 2096 2097 _, resp = th.Client.GenerateMfaSecret(model.NewId()) 2098 CheckForbiddenStatus(t, resp) 2099 2100 session, _ := th.App.GetSession(th.Client.AuthToken) 2101 session.IsOAuth = true 2102 th.App.AddSessionToCache(session) 2103 2104 _, resp = th.Client.GenerateMfaSecret(th.BasicUser.Id) 2105 CheckForbiddenStatus(t, resp) 2106 2107 th.Client.Logout() 2108 2109 _, resp = th.Client.GenerateMfaSecret(th.BasicUser.Id) 2110 CheckUnauthorizedStatus(t, resp) 2111 } 2112 2113 func TestUpdateUserPassword(t *testing.T) { 2114 th := Setup().InitBasic() 2115 defer th.TearDown() 2116 2117 password := "newpassword1" 2118 pass, resp := th.Client.UpdateUserPassword(th.BasicUser.Id, th.BasicUser.Password, password) 2119 CheckNoError(t, resp) 2120 2121 if !pass { 2122 t.Fatal("should have returned true") 2123 } 2124 2125 _, resp = th.Client.UpdateUserPassword(th.BasicUser.Id, password, "") 2126 CheckBadRequestStatus(t, resp) 2127 2128 _, resp = th.Client.UpdateUserPassword(th.BasicUser.Id, password, "junk") 2129 CheckBadRequestStatus(t, resp) 2130 2131 _, resp = th.Client.UpdateUserPassword("junk", password, password) 2132 CheckBadRequestStatus(t, resp) 2133 2134 _, resp = th.Client.UpdateUserPassword(th.BasicUser.Id, "", password) 2135 CheckBadRequestStatus(t, resp) 2136 2137 _, resp = th.Client.UpdateUserPassword(th.BasicUser.Id, "junk", password) 2138 CheckBadRequestStatus(t, resp) 2139 2140 _, resp = th.Client.UpdateUserPassword(th.BasicUser.Id, password, th.BasicUser.Password) 2141 CheckNoError(t, resp) 2142 2143 th.Client.Logout() 2144 _, resp = th.Client.UpdateUserPassword(th.BasicUser.Id, password, password) 2145 CheckUnauthorizedStatus(t, resp) 2146 2147 th.LoginBasic2() 2148 _, resp = th.Client.UpdateUserPassword(th.BasicUser.Id, password, password) 2149 CheckForbiddenStatus(t, resp) 2150 2151 th.LoginBasic() 2152 2153 // Test lockout 2154 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.MaximumLoginAttempts = 2 }) 2155 2156 // Fail twice 2157 _, resp = th.Client.UpdateUserPassword(th.BasicUser.Id, "badpwd", "newpwd") 2158 CheckBadRequestStatus(t, resp) 2159 _, resp = th.Client.UpdateUserPassword(th.BasicUser.Id, "badpwd", "newpwd") 2160 CheckBadRequestStatus(t, resp) 2161 2162 // Should fail because account is locked out 2163 _, resp = th.Client.UpdateUserPassword(th.BasicUser.Id, th.BasicUser.Password, "newpwd") 2164 CheckErrorMessage(t, resp, "api.user.check_user_login_attempts.too_many.app_error") 2165 CheckUnauthorizedStatus(t, resp) 2166 2167 // System admin can update another user's password 2168 adminSetPassword := "pwdsetbyadmin" 2169 pass, resp = th.SystemAdminClient.UpdateUserPassword(th.BasicUser.Id, "", adminSetPassword) 2170 CheckNoError(t, resp) 2171 2172 if !pass { 2173 t.Fatal("should have returned true") 2174 } 2175 2176 _, resp = th.Client.Login(th.BasicUser.Email, adminSetPassword) 2177 CheckNoError(t, resp) 2178 } 2179 2180 func TestResetPassword(t *testing.T) { 2181 t.Skip("test disabled during old build server changes, should be investigated") 2182 2183 th := Setup().InitBasic() 2184 defer th.TearDown() 2185 th.Client.Logout() 2186 user := th.BasicUser 2187 // Delete all the messages before check the reset password 2188 mailservice.DeleteMailBox(user.Email) 2189 success, resp := th.Client.SendPasswordResetEmail(user.Email) 2190 CheckNoError(t, resp) 2191 if !success { 2192 t.Fatal("should have succeeded") 2193 } 2194 _, resp = th.Client.SendPasswordResetEmail("") 2195 CheckBadRequestStatus(t, resp) 2196 // Should not leak whether the email is attached to an account or not 2197 success, resp = th.Client.SendPasswordResetEmail("notreal@example.com") 2198 CheckNoError(t, resp) 2199 if !success { 2200 t.Fatal("should have succeeded") 2201 } 2202 // Check if the email was send to the right email address and the recovery key match 2203 var resultsMailbox mailservice.JSONMessageHeaderInbucket 2204 err := mailservice.RetryInbucket(5, func() error { 2205 var err error 2206 resultsMailbox, err = mailservice.GetMailBox(user.Email) 2207 return err 2208 }) 2209 if err != nil { 2210 t.Log(err) 2211 t.Log("No email was received, maybe due load on the server. Disabling this verification") 2212 } 2213 var recoveryTokenString string 2214 if err == nil && len(resultsMailbox) > 0 { 2215 if !strings.ContainsAny(resultsMailbox[0].To[0], user.Email) { 2216 t.Fatal("Wrong To recipient") 2217 } else { 2218 if resultsEmail, err := mailservice.GetMessageFromMailbox(user.Email, resultsMailbox[0].ID); err == nil { 2219 loc := strings.Index(resultsEmail.Body.Text, "token=") 2220 if loc == -1 { 2221 t.Log(resultsEmail.Body.Text) 2222 t.Fatal("Code not found in email") 2223 } 2224 loc += 6 2225 recoveryTokenString = resultsEmail.Body.Text[loc : loc+model.TOKEN_SIZE] 2226 } 2227 } 2228 } 2229 var recoveryToken *model.Token 2230 if result := <-th.App.Srv.Store.Token().GetByToken(recoveryTokenString); result.Err != nil { 2231 t.Log(recoveryTokenString) 2232 t.Fatal(result.Err) 2233 } else { 2234 recoveryToken = result.Data.(*model.Token) 2235 } 2236 _, resp = th.Client.ResetPassword(recoveryToken.Token, "") 2237 CheckBadRequestStatus(t, resp) 2238 _, resp = th.Client.ResetPassword(recoveryToken.Token, "newp") 2239 CheckBadRequestStatus(t, resp) 2240 _, resp = th.Client.ResetPassword("", "newpwd") 2241 CheckBadRequestStatus(t, resp) 2242 _, resp = th.Client.ResetPassword("junk", "newpwd") 2243 CheckBadRequestStatus(t, resp) 2244 code := "" 2245 for i := 0; i < model.TOKEN_SIZE; i++ { 2246 code += "a" 2247 } 2248 _, resp = th.Client.ResetPassword(code, "newpwd") 2249 CheckBadRequestStatus(t, resp) 2250 success, resp = th.Client.ResetPassword(recoveryToken.Token, "newpwd") 2251 CheckNoError(t, resp) 2252 if !success { 2253 t.Fatal("should have succeeded") 2254 } 2255 th.Client.Login(user.Email, "newpwd") 2256 th.Client.Logout() 2257 _, resp = th.Client.ResetPassword(recoveryToken.Token, "newpwd") 2258 CheckBadRequestStatus(t, resp) 2259 authData := model.NewId() 2260 if result := <-th.App.Srv.Store.User().UpdateAuthData(user.Id, "random", &authData, "", true); result.Err != nil { 2261 t.Fatal(result.Err) 2262 } 2263 _, resp = th.Client.SendPasswordResetEmail(user.Email) 2264 CheckBadRequestStatus(t, resp) 2265 } 2266 2267 func TestGetSessions(t *testing.T) { 2268 th := Setup().InitBasic() 2269 defer th.TearDown() 2270 2271 user := th.BasicUser 2272 2273 th.Client.Login(user.Email, user.Password) 2274 2275 sessions, resp := th.Client.GetSessions(user.Id, "") 2276 for _, session := range sessions { 2277 if session.UserId != user.Id { 2278 t.Fatal("user id does not match session user id") 2279 } 2280 } 2281 CheckNoError(t, resp) 2282 2283 _, resp = th.Client.RevokeSession("junk", model.NewId()) 2284 CheckBadRequestStatus(t, resp) 2285 2286 _, resp = th.Client.GetSessions(th.BasicUser2.Id, "") 2287 CheckForbiddenStatus(t, resp) 2288 2289 _, resp = th.Client.GetSessions(model.NewId(), "") 2290 CheckForbiddenStatus(t, resp) 2291 2292 th.Client.Logout() 2293 _, resp = th.Client.GetSessions(th.BasicUser2.Id, "") 2294 CheckUnauthorizedStatus(t, resp) 2295 2296 _, resp = th.SystemAdminClient.GetSessions(user.Id, "") 2297 CheckNoError(t, resp) 2298 2299 _, resp = th.SystemAdminClient.GetSessions(th.BasicUser2.Id, "") 2300 CheckNoError(t, resp) 2301 2302 _, resp = th.SystemAdminClient.GetSessions(model.NewId(), "") 2303 CheckNoError(t, resp) 2304 } 2305 2306 func TestRevokeSessions(t *testing.T) { 2307 th := Setup().InitBasic() 2308 defer th.TearDown() 2309 2310 user := th.BasicUser 2311 th.Client.Login(user.Email, user.Password) 2312 sessions, _ := th.Client.GetSessions(user.Id, "") 2313 if len(sessions) == 0 { 2314 t.Fatal("sessions should exist") 2315 } 2316 for _, session := range sessions { 2317 if session.UserId != user.Id { 2318 t.Fatal("user id does not match session user id") 2319 } 2320 } 2321 session := sessions[0] 2322 2323 _, resp := th.Client.RevokeSession(user.Id, model.NewId()) 2324 CheckBadRequestStatus(t, resp) 2325 2326 _, resp = th.Client.RevokeSession(th.BasicUser2.Id, model.NewId()) 2327 CheckForbiddenStatus(t, resp) 2328 2329 _, resp = th.Client.RevokeSession("junk", model.NewId()) 2330 CheckBadRequestStatus(t, resp) 2331 2332 status, resp := th.Client.RevokeSession(user.Id, session.Id) 2333 if !status { 2334 t.Fatal("user session revoke unsuccessful") 2335 } 2336 CheckNoError(t, resp) 2337 2338 th.LoginBasic() 2339 2340 sessions, _ = th.App.GetSessions(th.SystemAdminUser.Id) 2341 session = sessions[0] 2342 2343 _, resp = th.Client.RevokeSession(user.Id, session.Id) 2344 CheckBadRequestStatus(t, resp) 2345 2346 th.Client.Logout() 2347 _, resp = th.Client.RevokeSession(user.Id, model.NewId()) 2348 CheckUnauthorizedStatus(t, resp) 2349 2350 _, resp = th.SystemAdminClient.RevokeSession(user.Id, model.NewId()) 2351 CheckBadRequestStatus(t, resp) 2352 2353 sessions, _ = th.SystemAdminClient.GetSessions(th.SystemAdminUser.Id, "") 2354 if len(sessions) == 0 { 2355 t.Fatal("sessions should exist") 2356 } 2357 for _, session := range sessions { 2358 if session.UserId != th.SystemAdminUser.Id { 2359 t.Fatal("user id does not match session user id") 2360 } 2361 } 2362 session = sessions[0] 2363 2364 _, resp = th.SystemAdminClient.RevokeSession(th.SystemAdminUser.Id, session.Id) 2365 CheckNoError(t, resp) 2366 } 2367 2368 func TestRevokeAllSessions(t *testing.T) { 2369 th := Setup().InitBasic() 2370 defer th.TearDown() 2371 2372 user := th.BasicUser 2373 th.Client.Login(user.Email, user.Password) 2374 2375 _, resp := th.Client.RevokeAllSessions(th.BasicUser2.Id) 2376 CheckForbiddenStatus(t, resp) 2377 2378 _, resp = th.Client.RevokeAllSessions("junk" + user.Id) 2379 CheckBadRequestStatus(t, resp) 2380 2381 status, resp := th.Client.RevokeAllSessions(user.Id) 2382 if !status { 2383 t.Fatal("user all sessions revoke unsuccessful") 2384 } 2385 CheckNoError(t, resp) 2386 2387 th.Client.Logout() 2388 _, resp = th.Client.RevokeAllSessions(user.Id) 2389 CheckUnauthorizedStatus(t, resp) 2390 2391 th.Client.Login(user.Email, user.Password) 2392 2393 sessions, _ := th.Client.GetSessions(user.Id, "") 2394 if len(sessions) < 1 { 2395 t.Fatal("session should exist") 2396 } 2397 2398 _, resp = th.Client.RevokeAllSessions(user.Id) 2399 CheckNoError(t, resp) 2400 2401 sessions, _ = th.SystemAdminClient.GetSessions(user.Id, "") 2402 if len(sessions) != 0 { 2403 t.Fatal("no sessions should exist for user") 2404 } 2405 2406 _, resp = th.Client.RevokeAllSessions(user.Id) 2407 CheckUnauthorizedStatus(t, resp) 2408 } 2409 2410 func TestAttachDeviceId(t *testing.T) { 2411 th := Setup().InitBasic() 2412 defer th.TearDown() 2413 2414 deviceId := model.PUSH_NOTIFY_APPLE + ":1234567890" 2415 pass, resp := th.Client.AttachDeviceId(deviceId) 2416 CheckNoError(t, resp) 2417 2418 if !pass { 2419 t.Fatal("should have passed") 2420 } 2421 2422 if sessions, err := th.App.GetSessions(th.BasicUser.Id); err != nil { 2423 t.Fatal(err) 2424 } else { 2425 if sessions[0].DeviceId != deviceId { 2426 t.Fatal("Missing device Id") 2427 } 2428 } 2429 2430 _, resp = th.Client.AttachDeviceId("") 2431 CheckBadRequestStatus(t, resp) 2432 2433 th.Client.Logout() 2434 2435 _, resp = th.Client.AttachDeviceId("") 2436 CheckUnauthorizedStatus(t, resp) 2437 } 2438 2439 func TestGetUserAudits(t *testing.T) { 2440 th := Setup().InitBasic() 2441 defer th.TearDown() 2442 user := th.BasicUser 2443 2444 audits, resp := th.Client.GetUserAudits(user.Id, 0, 100, "") 2445 for _, audit := range audits { 2446 if audit.UserId != user.Id { 2447 t.Fatal("user id does not match audit user id") 2448 } 2449 } 2450 CheckNoError(t, resp) 2451 2452 _, resp = th.Client.GetUserAudits(th.BasicUser2.Id, 0, 100, "") 2453 CheckForbiddenStatus(t, resp) 2454 2455 th.Client.Logout() 2456 _, resp = th.Client.GetUserAudits(user.Id, 0, 100, "") 2457 CheckUnauthorizedStatus(t, resp) 2458 2459 _, resp = th.SystemAdminClient.GetUserAudits(user.Id, 0, 100, "") 2460 CheckNoError(t, resp) 2461 } 2462 2463 func TestVerifyUserEmail(t *testing.T) { 2464 th := Setup().InitBasic() 2465 defer th.TearDown() 2466 2467 email := th.GenerateTestEmail() 2468 user := model.User{Email: email, Nickname: "Darth Vader", Password: "hello1", Username: GenerateTestUsername(), Roles: model.SYSTEM_ADMIN_ROLE_ID + " " + model.SYSTEM_USER_ROLE_ID} 2469 2470 ruser, _ := th.Client.CreateUser(&user) 2471 2472 token, err := th.App.CreateVerifyEmailToken(ruser.Id, email) 2473 if err != nil { 2474 t.Fatal("Unable to create email verify token") 2475 } 2476 2477 _, resp := th.Client.VerifyUserEmail(token.Token) 2478 CheckNoError(t, resp) 2479 2480 _, resp = th.Client.VerifyUserEmail(GenerateTestId()) 2481 CheckBadRequestStatus(t, resp) 2482 2483 _, resp = th.Client.VerifyUserEmail("") 2484 CheckBadRequestStatus(t, resp) 2485 } 2486 2487 func TestSendVerificationEmail(t *testing.T) { 2488 th := Setup().InitBasic() 2489 defer th.TearDown() 2490 2491 pass, resp := th.Client.SendVerificationEmail(th.BasicUser.Email) 2492 CheckNoError(t, resp) 2493 2494 if !pass { 2495 t.Fatal("should have passed") 2496 } 2497 2498 _, resp = th.Client.SendVerificationEmail("") 2499 CheckBadRequestStatus(t, resp) 2500 2501 // Even non-existent emails should return 200 OK 2502 _, resp = th.Client.SendVerificationEmail(th.GenerateTestEmail()) 2503 CheckNoError(t, resp) 2504 2505 th.Client.Logout() 2506 _, resp = th.Client.SendVerificationEmail(th.BasicUser.Email) 2507 CheckNoError(t, resp) 2508 } 2509 2510 func TestSetProfileImage(t *testing.T) { 2511 th := Setup().InitBasic() 2512 defer th.TearDown() 2513 user := th.BasicUser 2514 2515 data, err := testutils.ReadTestFile("test.png") 2516 if err != nil { 2517 t.Fatal(err) 2518 } 2519 2520 ok, resp := th.Client.SetProfileImage(user.Id, data) 2521 if !ok { 2522 t.Fatal(resp.Error) 2523 } 2524 CheckNoError(t, resp) 2525 2526 ok, resp = th.Client.SetProfileImage(model.NewId(), data) 2527 if ok { 2528 t.Fatal("Should return false, set profile image not allowed") 2529 } 2530 CheckForbiddenStatus(t, resp) 2531 2532 // status code returns either forbidden or unauthorized 2533 // note: forbidden is set as default at Client4.SetProfileImage when request is terminated early by server 2534 th.Client.Logout() 2535 _, resp = th.Client.SetProfileImage(user.Id, data) 2536 if resp.StatusCode == http.StatusForbidden { 2537 CheckForbiddenStatus(t, resp) 2538 } else if resp.StatusCode == http.StatusUnauthorized { 2539 CheckUnauthorizedStatus(t, resp) 2540 } else { 2541 t.Fatal("Should have failed either forbidden or unauthorized") 2542 } 2543 2544 buser, err := th.App.GetUser(user.Id) 2545 require.Nil(t, err) 2546 2547 _, resp = th.SystemAdminClient.SetProfileImage(user.Id, data) 2548 CheckNoError(t, resp) 2549 2550 ruser, err := th.App.GetUser(user.Id) 2551 require.Nil(t, err) 2552 assert.True(t, buser.LastPictureUpdate < ruser.LastPictureUpdate, "Picture should have updated for user") 2553 2554 info := &model.FileInfo{Path: "users/" + user.Id + "/profile.png"} 2555 if err := th.cleanupTestFile(info); err != nil { 2556 t.Fatal(err) 2557 } 2558 } 2559 2560 func TestSetDefaultProfileImage(t *testing.T) { 2561 th := Setup().InitBasic() 2562 defer th.TearDown() 2563 user := th.BasicUser 2564 2565 ok, resp := th.Client.SetDefaultProfileImage(user.Id) 2566 if !ok { 2567 t.Fatal(resp.Error) 2568 } 2569 CheckNoError(t, resp) 2570 2571 ok, resp = th.Client.SetDefaultProfileImage(model.NewId()) 2572 if ok { 2573 t.Fatal("Should return false, set profile image not allowed") 2574 } 2575 CheckForbiddenStatus(t, resp) 2576 2577 // status code returns either forbidden or unauthorized 2578 // note: forbidden is set as default at Client4.SetDefaultProfileImage when request is terminated early by server 2579 th.Client.Logout() 2580 _, resp = th.Client.SetDefaultProfileImage(user.Id) 2581 if resp.StatusCode == http.StatusForbidden { 2582 CheckForbiddenStatus(t, resp) 2583 } else if resp.StatusCode == http.StatusUnauthorized { 2584 CheckUnauthorizedStatus(t, resp) 2585 } else { 2586 t.Fatal("Should have failed either forbidden or unauthorized") 2587 } 2588 2589 _, resp = th.SystemAdminClient.SetDefaultProfileImage(user.Id) 2590 CheckNoError(t, resp) 2591 2592 ruser, err := th.App.GetUser(user.Id) 2593 require.Nil(t, err) 2594 assert.Equal(t, int64(0), ruser.LastPictureUpdate, "Picture should have resetted to default") 2595 2596 info := &model.FileInfo{Path: "users/" + user.Id + "/profile.png"} 2597 if err := th.cleanupTestFile(info); err != nil { 2598 t.Fatal(err) 2599 } 2600 } 2601 2602 func TestLogin(t *testing.T) { 2603 th := Setup().InitBasic() 2604 defer th.TearDown() 2605 th.Client.Logout() 2606 2607 t.Run("missing password", func(t *testing.T) { 2608 _, resp := th.Client.Login(th.BasicUser.Email, "") 2609 CheckErrorMessage(t, resp, "api.user.login.blank_pwd.app_error") 2610 }) 2611 2612 t.Run("unknown user", func(t *testing.T) { 2613 _, resp := th.Client.Login("unknown", th.BasicUser.Password) 2614 CheckErrorMessage(t, resp, "store.sql_user.get_for_login.app_error") 2615 }) 2616 2617 t.Run("valid login", func(t *testing.T) { 2618 user, resp := th.Client.Login(th.BasicUser.Email, th.BasicUser.Password) 2619 CheckNoError(t, resp) 2620 assert.Equal(t, user.Id, th.BasicUser.Id) 2621 }) 2622 2623 t.Run("bot login rejected", func(t *testing.T) { 2624 bot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 2625 Username: "bot", 2626 }) 2627 CheckNoError(t, resp) 2628 2629 botUser, resp := th.SystemAdminClient.GetUser(bot.UserId, "") 2630 CheckNoError(t, resp) 2631 2632 changed, resp := th.SystemAdminClient.UpdateUserPassword(bot.UserId, "", "password") 2633 CheckNoError(t, resp) 2634 require.True(t, changed) 2635 2636 _, resp = th.Client.Login(botUser.Email, "password") 2637 CheckErrorMessage(t, resp, "api.user.login.bot_login_forbidden.app_error") 2638 }) 2639 2640 t.Run("login with terms_of_service set", func(t *testing.T) { 2641 termsOfService, err := th.App.CreateTermsOfService("terms of service", th.BasicUser.Id) 2642 if err != nil { 2643 t.Fatal(err) 2644 } 2645 2646 success, resp := th.Client.RegisterTermsOfServiceAction(th.BasicUser.Id, termsOfService.Id, true) 2647 CheckNoError(t, resp) 2648 assert.True(t, *success) 2649 2650 userTermsOfService, resp := th.Client.GetUserTermsOfService(th.BasicUser.Id, "") 2651 CheckNoError(t, resp) 2652 2653 user, resp := th.Client.Login(th.BasicUser.Email, th.BasicUser.Password) 2654 CheckNoError(t, resp) 2655 assert.Equal(t, user.Id, th.BasicUser.Id) 2656 assert.Equal(t, user.TermsOfServiceId, userTermsOfService.TermsOfServiceId) 2657 assert.Equal(t, user.TermsOfServiceCreateAt, userTermsOfService.CreateAt) 2658 }) 2659 } 2660 2661 func TestLoginCookies(t *testing.T) { 2662 t.Run("should return cookies with X-Requested-With header", func(t *testing.T) { 2663 th := Setup().InitBasic() 2664 defer th.TearDown() 2665 2666 th.Client.HttpHeader[model.HEADER_REQUESTED_WITH] = model.HEADER_REQUESTED_WITH_XML 2667 2668 user, resp := th.Client.Login(th.BasicUser.Email, th.BasicUser.Password) 2669 2670 sessionCookie := "" 2671 userCookie := "" 2672 csrfCookie := "" 2673 2674 for _, cookie := range resp.Header["Set-Cookie"] { 2675 if match := regexp.MustCompile("^" + model.SESSION_COOKIE_TOKEN + "=([a-z0-9]+)").FindStringSubmatch(cookie); match != nil { 2676 sessionCookie = match[1] 2677 } else if match := regexp.MustCompile("^" + model.SESSION_COOKIE_USER + "=([a-z0-9]+)").FindStringSubmatch(cookie); match != nil { 2678 userCookie = match[1] 2679 } else if match := regexp.MustCompile("^" + model.SESSION_COOKIE_CSRF + "=([a-z0-9]+)").FindStringSubmatch(cookie); match != nil { 2680 csrfCookie = match[1] 2681 } 2682 } 2683 2684 session, _ := th.App.GetSession(th.Client.AuthToken) 2685 2686 assert.Equal(t, th.Client.AuthToken, sessionCookie) 2687 assert.Equal(t, user.Id, userCookie) 2688 assert.Equal(t, session.GetCSRF(), csrfCookie) 2689 }) 2690 2691 t.Run("should not return cookies without X-Requested-With header", func(t *testing.T) { 2692 th := Setup().InitBasic() 2693 defer th.TearDown() 2694 2695 _, resp := th.Client.Login(th.BasicUser.Email, th.BasicUser.Password) 2696 2697 assert.Empty(t, resp.Header.Get("Set-Cookie")) 2698 }) 2699 } 2700 2701 func TestCBALogin(t *testing.T) { 2702 t.Run("primary", func(t *testing.T) { 2703 th := Setup().InitBasic() 2704 defer th.TearDown() 2705 th.App.SetLicense(model.NewTestLicense("saml")) 2706 2707 th.App.UpdateConfig(func(cfg *model.Config) { 2708 *cfg.ExperimentalSettings.ClientSideCertEnable = true 2709 *cfg.ExperimentalSettings.ClientSideCertCheck = model.CLIENT_SIDE_CERT_CHECK_PRIMARY_AUTH 2710 }) 2711 2712 t.Run("missing cert header", func(t *testing.T) { 2713 th.Client.Logout() 2714 _, resp := th.Client.Login(th.BasicUser.Email, th.BasicUser.Password) 2715 CheckBadRequestStatus(t, resp) 2716 }) 2717 2718 t.Run("missing cert subject", func(t *testing.T) { 2719 th.Client.Logout() 2720 th.Client.HttpHeader["X-SSL-Client-Cert"] = "valid_cert_fake" 2721 _, resp := th.Client.Login(th.BasicUser.Email, th.BasicUser.Password) 2722 CheckBadRequestStatus(t, resp) 2723 }) 2724 2725 t.Run("emails mismatch", func(t *testing.T) { 2726 th.Client.Logout() 2727 th.Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=mis_match" + th.BasicUser.Email 2728 _, resp := th.Client.Login(th.BasicUser.Email, "") 2729 CheckBadRequestStatus(t, resp) 2730 }) 2731 2732 t.Run("successful cba login", func(t *testing.T) { 2733 th.Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + th.BasicUser.Email 2734 user, resp := th.Client.Login(th.BasicUser.Email, "") 2735 CheckNoError(t, resp) 2736 require.NotNil(t, user) 2737 require.Equal(t, th.BasicUser.Id, user.Id) 2738 }) 2739 2740 t.Run("bot login rejected", func(t *testing.T) { 2741 bot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 2742 Username: "bot", 2743 }) 2744 CheckNoError(t, resp) 2745 2746 botUser, resp := th.SystemAdminClient.GetUser(bot.UserId, "") 2747 CheckNoError(t, resp) 2748 2749 th.Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + botUser.Email 2750 2751 _, resp = th.Client.Login(botUser.Email, "") 2752 CheckErrorMessage(t, resp, "api.user.login.bot_login_forbidden.app_error") 2753 }) 2754 }) 2755 2756 t.Run("secondary", func(t *testing.T) { 2757 th := Setup().InitBasic() 2758 defer th.TearDown() 2759 th.App.SetLicense(model.NewTestLicense("saml")) 2760 2761 th.Client.HttpHeader["X-SSL-Client-Cert"] = "valid_cert_fake" 2762 2763 th.App.UpdateConfig(func(cfg *model.Config) { 2764 *cfg.ExperimentalSettings.ClientSideCertEnable = true 2765 *cfg.ExperimentalSettings.ClientSideCertCheck = model.CLIENT_SIDE_CERT_CHECK_SECONDARY_AUTH 2766 }) 2767 2768 t.Run("password required", func(t *testing.T) { 2769 th.Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + th.BasicUser.Email 2770 _, resp := th.Client.Login(th.BasicUser.Email, "") 2771 CheckBadRequestStatus(t, resp) 2772 }) 2773 2774 t.Run("successful cba login with password", func(t *testing.T) { 2775 th.Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + th.BasicUser.Email 2776 user, resp := th.Client.Login(th.BasicUser.Email, th.BasicUser.Password) 2777 CheckNoError(t, resp) 2778 require.NotNil(t, user) 2779 require.Equal(t, th.BasicUser.Id, user.Id) 2780 }) 2781 2782 t.Run("bot login rejected", func(t *testing.T) { 2783 bot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 2784 Username: "bot", 2785 }) 2786 CheckNoError(t, resp) 2787 2788 botUser, resp := th.SystemAdminClient.GetUser(bot.UserId, "") 2789 CheckNoError(t, resp) 2790 2791 changed, resp := th.SystemAdminClient.UpdateUserPassword(bot.UserId, "", "password") 2792 CheckNoError(t, resp) 2793 require.True(t, changed) 2794 2795 th.Client.HttpHeader["X-SSL-Client-Cert-Subject-DN"] = "C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft, CN=www.freesoft.org/emailAddress=" + botUser.Email 2796 2797 _, resp = th.Client.Login(botUser.Email, "password") 2798 CheckErrorMessage(t, resp, "api.user.login.bot_login_forbidden.app_error") 2799 }) 2800 }) 2801 } 2802 2803 func TestSwitchAccount(t *testing.T) { 2804 th := Setup().InitBasic() 2805 defer th.TearDown() 2806 2807 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.GitLabSettings.Enable = true }) 2808 2809 th.Client.Logout() 2810 2811 sr := &model.SwitchRequest{ 2812 CurrentService: model.USER_AUTH_SERVICE_EMAIL, 2813 NewService: model.USER_AUTH_SERVICE_GITLAB, 2814 Email: th.BasicUser.Email, 2815 Password: th.BasicUser.Password, 2816 } 2817 2818 link, resp := th.Client.SwitchAccountType(sr) 2819 CheckNoError(t, resp) 2820 2821 if link == "" { 2822 t.Fatal("bad link") 2823 } 2824 2825 th.App.SetLicense(model.NewTestLicense()) 2826 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ExperimentalEnableAuthenticationTransfer = false }) 2827 2828 sr = &model.SwitchRequest{ 2829 CurrentService: model.USER_AUTH_SERVICE_EMAIL, 2830 NewService: model.USER_AUTH_SERVICE_GITLAB, 2831 } 2832 2833 _, resp = th.Client.SwitchAccountType(sr) 2834 CheckForbiddenStatus(t, resp) 2835 2836 th.LoginBasic() 2837 2838 sr = &model.SwitchRequest{ 2839 CurrentService: model.USER_AUTH_SERVICE_SAML, 2840 NewService: model.USER_AUTH_SERVICE_EMAIL, 2841 Email: th.BasicUser.Email, 2842 NewPassword: th.BasicUser.Password, 2843 } 2844 2845 _, resp = th.Client.SwitchAccountType(sr) 2846 CheckForbiddenStatus(t, resp) 2847 2848 sr = &model.SwitchRequest{ 2849 CurrentService: model.USER_AUTH_SERVICE_EMAIL, 2850 NewService: model.USER_AUTH_SERVICE_LDAP, 2851 } 2852 2853 _, resp = th.Client.SwitchAccountType(sr) 2854 CheckForbiddenStatus(t, resp) 2855 2856 sr = &model.SwitchRequest{ 2857 CurrentService: model.USER_AUTH_SERVICE_LDAP, 2858 NewService: model.USER_AUTH_SERVICE_EMAIL, 2859 } 2860 2861 _, resp = th.Client.SwitchAccountType(sr) 2862 CheckForbiddenStatus(t, resp) 2863 2864 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.ExperimentalEnableAuthenticationTransfer = true }) 2865 2866 th.LoginBasic() 2867 2868 fakeAuthData := model.NewId() 2869 if result := <-th.App.Srv.Store.User().UpdateAuthData(th.BasicUser.Id, model.USER_AUTH_SERVICE_GITLAB, &fakeAuthData, th.BasicUser.Email, true); result.Err != nil { 2870 t.Fatal(result.Err) 2871 } 2872 2873 sr = &model.SwitchRequest{ 2874 CurrentService: model.USER_AUTH_SERVICE_GITLAB, 2875 NewService: model.USER_AUTH_SERVICE_EMAIL, 2876 Email: th.BasicUser.Email, 2877 NewPassword: th.BasicUser.Password, 2878 } 2879 2880 link, resp = th.Client.SwitchAccountType(sr) 2881 CheckNoError(t, resp) 2882 2883 if link != "/login?extra=signin_change" { 2884 t.Log(link) 2885 t.Fatal("bad link") 2886 } 2887 2888 th.Client.Logout() 2889 _, resp = th.Client.Login(th.BasicUser.Email, th.BasicUser.Password) 2890 CheckNoError(t, resp) 2891 th.Client.Logout() 2892 2893 sr = &model.SwitchRequest{ 2894 CurrentService: model.USER_AUTH_SERVICE_GITLAB, 2895 NewService: model.SERVICE_GOOGLE, 2896 } 2897 2898 _, resp = th.Client.SwitchAccountType(sr) 2899 CheckBadRequestStatus(t, resp) 2900 2901 sr = &model.SwitchRequest{ 2902 CurrentService: model.USER_AUTH_SERVICE_EMAIL, 2903 NewService: model.USER_AUTH_SERVICE_GITLAB, 2904 Password: th.BasicUser.Password, 2905 } 2906 2907 _, resp = th.Client.SwitchAccountType(sr) 2908 CheckNotFoundStatus(t, resp) 2909 2910 sr = &model.SwitchRequest{ 2911 CurrentService: model.USER_AUTH_SERVICE_EMAIL, 2912 NewService: model.USER_AUTH_SERVICE_GITLAB, 2913 Email: th.BasicUser.Email, 2914 } 2915 2916 _, resp = th.Client.SwitchAccountType(sr) 2917 CheckUnauthorizedStatus(t, resp) 2918 2919 sr = &model.SwitchRequest{ 2920 CurrentService: model.USER_AUTH_SERVICE_GITLAB, 2921 NewService: model.USER_AUTH_SERVICE_EMAIL, 2922 Email: th.BasicUser.Email, 2923 NewPassword: th.BasicUser.Password, 2924 } 2925 2926 _, resp = th.Client.SwitchAccountType(sr) 2927 CheckUnauthorizedStatus(t, resp) 2928 } 2929 2930 func assertToken(t *testing.T, th *TestHelper, token *model.UserAccessToken, expectedUserId string) { 2931 t.Helper() 2932 2933 oldSessionToken := th.Client.AuthToken 2934 defer func() { th.Client.AuthToken = oldSessionToken }() 2935 2936 th.Client.AuthToken = token.Token 2937 ruser, resp := th.Client.GetMe("") 2938 CheckNoError(t, resp) 2939 2940 assert.Equal(t, expectedUserId, ruser.Id, "returned wrong user") 2941 } 2942 2943 func assertInvalidToken(t *testing.T, th *TestHelper, token *model.UserAccessToken) { 2944 t.Helper() 2945 2946 oldSessionToken := th.Client.AuthToken 2947 defer func() { th.Client.AuthToken = oldSessionToken }() 2948 2949 th.Client.AuthToken = token.Token 2950 _, resp := th.Client.GetMe("") 2951 CheckUnauthorizedStatus(t, resp) 2952 } 2953 2954 func TestCreateUserAccessToken(t *testing.T) { 2955 t.Run("create token without permission", func(t *testing.T) { 2956 th := Setup().InitBasic() 2957 defer th.TearDown() 2958 2959 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 2960 2961 _, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token") 2962 CheckForbiddenStatus(t, resp) 2963 }) 2964 2965 t.Run("create token for invalid user id", func(t *testing.T) { 2966 th := Setup().InitBasic() 2967 defer th.TearDown() 2968 2969 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 2970 2971 _, resp := th.Client.CreateUserAccessToken("notarealuserid", "test token") 2972 CheckBadRequestStatus(t, resp) 2973 }) 2974 2975 t.Run("create token with invalid value", func(t *testing.T) { 2976 th := Setup().InitBasic() 2977 defer th.TearDown() 2978 2979 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 2980 2981 _, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "") 2982 CheckBadRequestStatus(t, resp) 2983 }) 2984 2985 t.Run("create token with user access tokens disabled", func(t *testing.T) { 2986 th := Setup().InitBasic() 2987 defer th.TearDown() 2988 2989 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = false }) 2990 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 2991 2992 _, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token") 2993 CheckNotImplementedStatus(t, resp) 2994 }) 2995 2996 t.Run("create user access token", func(t *testing.T) { 2997 th := Setup().InitBasic() 2998 defer th.TearDown() 2999 3000 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3001 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3002 3003 rtoken, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token") 3004 CheckNoError(t, resp) 3005 3006 assert.Equal(t, th.BasicUser.Id, rtoken.UserId, "wrong user id") 3007 assert.NotEmpty(t, rtoken.Token, "token should not be empty") 3008 assert.NotEmpty(t, rtoken.Id, "id should not be empty") 3009 assert.Equal(t, "test token", rtoken.Description, "description did not match") 3010 assert.True(t, rtoken.IsActive, "token should be active") 3011 3012 assertToken(t, th, rtoken, th.BasicUser.Id) 3013 }) 3014 3015 t.Run("create user access token as second user, without permission", func(t *testing.T) { 3016 th := Setup().InitBasic() 3017 defer th.TearDown() 3018 3019 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3020 3021 _, resp := th.Client.CreateUserAccessToken(th.BasicUser2.Id, "test token") 3022 CheckForbiddenStatus(t, resp) 3023 }) 3024 3025 t.Run("create user access token for basic user as as system admin", func(t *testing.T) { 3026 th := Setup().InitBasic() 3027 defer th.TearDown() 3028 3029 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3030 3031 rtoken, resp := th.SystemAdminClient.CreateUserAccessToken(th.BasicUser.Id, "test token") 3032 CheckNoError(t, resp) 3033 assert.Equal(t, th.BasicUser.Id, rtoken.UserId) 3034 3035 oldSessionToken := th.Client.AuthToken 3036 defer func() { th.Client.AuthToken = oldSessionToken }() 3037 3038 assertToken(t, th, rtoken, th.BasicUser.Id) 3039 }) 3040 3041 t.Run("create access token as oauth session", func(t *testing.T) { 3042 th := Setup().InitBasic() 3043 defer th.TearDown() 3044 3045 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3046 3047 session, _ := th.App.GetSession(th.Client.AuthToken) 3048 session.IsOAuth = true 3049 th.App.AddSessionToCache(session) 3050 3051 _, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token") 3052 CheckForbiddenStatus(t, resp) 3053 }) 3054 3055 t.Run("create access token for bot created by user", func(t *testing.T) { 3056 th := Setup().InitBasic() 3057 defer th.TearDown() 3058 3059 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3060 3061 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 3062 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 3063 th.AddPermissionToRole(model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3064 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 3065 3066 createdBot, resp := th.Client.CreateBot(&model.Bot{ 3067 Username: GenerateTestUsername(), 3068 DisplayName: "a bot", 3069 Description: "bot", 3070 }) 3071 CheckCreatedStatus(t, resp) 3072 defer th.App.PermanentDeleteBot(createdBot.UserId) 3073 3074 t.Run("without MANAGE_BOT permission", func(t *testing.T) { 3075 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3076 3077 _, resp = th.Client.CreateUserAccessToken(createdBot.UserId, "test token") 3078 CheckForbiddenStatus(t, resp) 3079 }) 3080 3081 t.Run("with MANAGE_BOTS permission", func(t *testing.T) { 3082 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3083 3084 token, resp := th.Client.CreateUserAccessToken(createdBot.UserId, "test token") 3085 CheckNoError(t, resp) 3086 assert.Equal(t, createdBot.UserId, token.UserId) 3087 assertToken(t, th, token, createdBot.UserId) 3088 }) 3089 }) 3090 3091 t.Run("create access token for bot created by another user, only having MANAGE_BOTS permission", func(t *testing.T) { 3092 th := Setup().InitBasic() 3093 defer th.TearDown() 3094 3095 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3096 3097 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 3098 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 3099 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3100 th.AddPermissionToRole(model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3101 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 3102 3103 createdBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 3104 Username: GenerateTestUsername(), 3105 DisplayName: "a bot", 3106 Description: "bot", 3107 }) 3108 CheckCreatedStatus(t, resp) 3109 defer th.App.PermanentDeleteBot(createdBot.UserId) 3110 3111 t.Run("only having MANAGE_BOTS permission", func(t *testing.T) { 3112 _, resp = th.Client.CreateUserAccessToken(createdBot.UserId, "test token") 3113 CheckForbiddenStatus(t, resp) 3114 }) 3115 3116 t.Run("with MANAGE_OTHERS_BOTS permission", func(t *testing.T) { 3117 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 3118 3119 rtoken, resp := th.Client.CreateUserAccessToken(createdBot.UserId, "test token") 3120 CheckNoError(t, resp) 3121 assert.Equal(t, createdBot.UserId, rtoken.UserId) 3122 3123 assertToken(t, th, rtoken, createdBot.UserId) 3124 }) 3125 }) 3126 } 3127 3128 func TestGetUserAccessToken(t *testing.T) { 3129 t.Run("get for invalid user id", func(t *testing.T) { 3130 th := Setup().InitBasic() 3131 defer th.TearDown() 3132 3133 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3134 3135 _, resp := th.Client.GetUserAccessToken("123") 3136 CheckBadRequestStatus(t, resp) 3137 }) 3138 3139 t.Run("get for unknown user id", func(t *testing.T) { 3140 th := Setup().InitBasic() 3141 defer th.TearDown() 3142 3143 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3144 3145 _, resp := th.Client.GetUserAccessToken(model.NewId()) 3146 CheckForbiddenStatus(t, resp) 3147 }) 3148 3149 t.Run("get my token", func(t *testing.T) { 3150 th := Setup().InitBasic() 3151 defer th.TearDown() 3152 3153 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3154 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3155 3156 token, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token") 3157 CheckNoError(t, resp) 3158 3159 rtoken, resp := th.Client.GetUserAccessToken(token.Id) 3160 CheckNoError(t, resp) 3161 3162 assert.Equal(t, th.BasicUser.Id, rtoken.UserId, "wrong user id") 3163 assert.Empty(t, rtoken.Token, "token should be blank") 3164 assert.NotEmpty(t, rtoken.Id, "id should not be empty") 3165 assert.Equal(t, "test token", rtoken.Description, "description did not match") 3166 }) 3167 3168 t.Run("get user token as system admin", func(t *testing.T) { 3169 th := Setup().InitBasic() 3170 defer th.TearDown() 3171 3172 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3173 3174 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3175 3176 token, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token") 3177 CheckNoError(t, resp) 3178 3179 rtoken, resp := th.SystemAdminClient.GetUserAccessToken(token.Id) 3180 CheckNoError(t, resp) 3181 3182 assert.Equal(t, th.BasicUser.Id, rtoken.UserId, "wrong user id") 3183 assert.Empty(t, rtoken.Token, "token should be blank") 3184 assert.NotEmpty(t, rtoken.Id, "id should not be empty") 3185 assert.Equal(t, "test token", rtoken.Description, "description did not match") 3186 }) 3187 3188 t.Run("get token for bot created by user", func(t *testing.T) { 3189 th := Setup().InitBasic() 3190 defer th.TearDown() 3191 3192 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3193 3194 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 3195 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 3196 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3197 th.AddPermissionToRole(model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3198 th.AddPermissionToRole(model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3199 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 3200 3201 createdBot, resp := th.Client.CreateBot(&model.Bot{ 3202 Username: GenerateTestUsername(), 3203 DisplayName: "a bot", 3204 Description: "bot", 3205 }) 3206 CheckCreatedStatus(t, resp) 3207 defer th.App.PermanentDeleteBot(createdBot.UserId) 3208 3209 token, resp := th.Client.CreateUserAccessToken(createdBot.UserId, "test token") 3210 CheckNoError(t, resp) 3211 3212 t.Run("without MANAGE_BOTS permission", func(t *testing.T) { 3213 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3214 3215 _, resp := th.Client.GetUserAccessToken(token.Id) 3216 CheckForbiddenStatus(t, resp) 3217 }) 3218 3219 t.Run("with MANAGE_BOTS permission", func(t *testing.T) { 3220 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3221 3222 returnedToken, resp := th.Client.GetUserAccessToken(token.Id) 3223 CheckNoError(t, resp) 3224 3225 // Actual token won't be returned. 3226 returnedToken.Token = token.Token 3227 assert.Equal(t, token, returnedToken) 3228 }) 3229 }) 3230 3231 t.Run("get token for bot created by another user", func(t *testing.T) { 3232 th := Setup().InitBasic() 3233 defer th.TearDown() 3234 3235 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3236 3237 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 3238 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 3239 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3240 th.AddPermissionToRole(model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3241 th.AddPermissionToRole(model.PERMISSION_READ_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3242 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 3243 3244 createdBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 3245 Username: GenerateTestUsername(), 3246 DisplayName: "a bot", 3247 Description: "bot", 3248 }) 3249 CheckCreatedStatus(t, resp) 3250 defer th.App.PermanentDeleteBot(createdBot.UserId) 3251 3252 token, resp := th.SystemAdminClient.CreateUserAccessToken(createdBot.UserId, "test token") 3253 CheckNoError(t, resp) 3254 3255 t.Run("only having MANAGE_BOTS permission", func(t *testing.T) { 3256 _, resp = th.Client.GetUserAccessToken(token.Id) 3257 CheckForbiddenStatus(t, resp) 3258 }) 3259 3260 t.Run("with MANAGE_OTHERS_BOTS permission", func(t *testing.T) { 3261 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 3262 3263 returnedToken, resp := th.Client.GetUserAccessToken(token.Id) 3264 CheckNoError(t, resp) 3265 3266 // Actual token won't be returned. 3267 returnedToken.Token = token.Token 3268 assert.Equal(t, token, returnedToken) 3269 }) 3270 }) 3271 } 3272 3273 func TestGetUserAccessTokensForUser(t *testing.T) { 3274 t.Run("multiple tokens, offset 0, limit 100", func(t *testing.T) { 3275 th := Setup().InitBasic() 3276 defer th.TearDown() 3277 3278 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3279 3280 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3281 3282 _, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token") 3283 CheckNoError(t, resp) 3284 3285 _, resp = th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token 2") 3286 CheckNoError(t, resp) 3287 3288 rtokens, resp := th.Client.GetUserAccessTokensForUser(th.BasicUser.Id, 0, 100) 3289 CheckNoError(t, resp) 3290 3291 assert.Len(t, rtokens, 2, "should have 2 tokens") 3292 for _, uat := range rtokens { 3293 assert.Equal(t, th.BasicUser.Id, uat.UserId, "wrong user id") 3294 } 3295 }) 3296 3297 t.Run("multiple tokens as system admin, offset 0, limit 100", func(t *testing.T) { 3298 th := Setup().InitBasic() 3299 defer th.TearDown() 3300 3301 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3302 3303 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3304 3305 _, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token") 3306 CheckNoError(t, resp) 3307 3308 _, resp = th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token 2") 3309 CheckNoError(t, resp) 3310 3311 rtokens, resp := th.Client.GetUserAccessTokensForUser(th.BasicUser.Id, 0, 100) 3312 CheckNoError(t, resp) 3313 3314 assert.Len(t, rtokens, 2, "should have 2 tokens") 3315 for _, uat := range rtokens { 3316 assert.Equal(t, th.BasicUser.Id, uat.UserId, "wrong user id") 3317 } 3318 }) 3319 3320 t.Run("multiple tokens, offset 1, limit 1", func(t *testing.T) { 3321 th := Setup().InitBasic() 3322 defer th.TearDown() 3323 3324 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3325 3326 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3327 3328 _, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token") 3329 CheckNoError(t, resp) 3330 3331 _, resp = th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token 2") 3332 CheckNoError(t, resp) 3333 3334 rtokens, resp := th.Client.GetUserAccessTokensForUser(th.BasicUser.Id, 1, 1) 3335 CheckNoError(t, resp) 3336 3337 assert.Len(t, rtokens, 1, "should have 1 tokens") 3338 for _, uat := range rtokens { 3339 assert.Equal(t, th.BasicUser.Id, uat.UserId, "wrong user id") 3340 } 3341 }) 3342 } 3343 3344 func TestGetUserAccessTokens(t *testing.T) { 3345 t.Run("GetUserAccessTokens, not a system admin", func(t *testing.T) { 3346 th := Setup().InitBasic() 3347 defer th.TearDown() 3348 3349 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3350 3351 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3352 3353 _, resp := th.Client.GetUserAccessTokens(0, 100) 3354 CheckForbiddenStatus(t, resp) 3355 }) 3356 3357 t.Run("GetUserAccessTokens, as a system admin, page 1, perPage 1", func(t *testing.T) { 3358 th := Setup().InitBasic() 3359 defer th.TearDown() 3360 3361 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3362 3363 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3364 3365 _, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token 2") 3366 CheckNoError(t, resp) 3367 3368 _, resp = th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token 2") 3369 CheckNoError(t, resp) 3370 3371 rtokens, resp := th.SystemAdminClient.GetUserAccessTokens(1, 1) 3372 CheckNoError(t, resp) 3373 3374 assert.Len(t, rtokens, 1, "should have 1 token") 3375 }) 3376 3377 t.Run("GetUserAccessTokens, as a system admin, page 0, perPage 2", func(t *testing.T) { 3378 th := Setup().InitBasic() 3379 defer th.TearDown() 3380 3381 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3382 3383 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3384 3385 _, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token 2") 3386 CheckNoError(t, resp) 3387 3388 _, resp = th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token 2") 3389 CheckNoError(t, resp) 3390 3391 rtokens, resp := th.SystemAdminClient.GetUserAccessTokens(0, 2) 3392 CheckNoError(t, resp) 3393 3394 assert.Len(t, rtokens, 2, "should have 2 tokens") 3395 }) 3396 } 3397 3398 func TestSearchUserAccessToken(t *testing.T) { 3399 th := Setup().InitBasic() 3400 defer th.TearDown() 3401 3402 testDescription := "test token" 3403 3404 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3405 3406 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3407 token, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, testDescription) 3408 CheckNoError(t, resp) 3409 3410 _, resp = th.Client.SearchUserAccessTokens(&model.UserAccessTokenSearch{Term: token.Id}) 3411 CheckForbiddenStatus(t, resp) 3412 3413 rtokens, resp := th.SystemAdminClient.SearchUserAccessTokens(&model.UserAccessTokenSearch{Term: th.BasicUser.Id}) 3414 CheckNoError(t, resp) 3415 3416 if len(rtokens) != 1 { 3417 t.Fatal("should have 1 tokens") 3418 } 3419 3420 rtokens, resp = th.SystemAdminClient.SearchUserAccessTokens(&model.UserAccessTokenSearch{Term: token.Id}) 3421 CheckNoError(t, resp) 3422 3423 if len(rtokens) != 1 { 3424 t.Fatal("should have 1 tokens") 3425 } 3426 3427 rtokens, resp = th.SystemAdminClient.SearchUserAccessTokens(&model.UserAccessTokenSearch{Term: th.BasicUser.Username}) 3428 CheckNoError(t, resp) 3429 3430 if len(rtokens) != 1 { 3431 t.Fatal("should have 1 tokens") 3432 } 3433 3434 rtokens, resp = th.SystemAdminClient.SearchUserAccessTokens(&model.UserAccessTokenSearch{Term: "not found"}) 3435 CheckNoError(t, resp) 3436 3437 if len(rtokens) != 0 { 3438 t.Fatal("should have 0 tokens") 3439 } 3440 } 3441 3442 func TestRevokeUserAccessToken(t *testing.T) { 3443 t.Run("revoke user token", func(t *testing.T) { 3444 th := Setup().InitBasic() 3445 defer th.TearDown() 3446 3447 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3448 3449 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3450 token, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token") 3451 CheckNoError(t, resp) 3452 assertToken(t, th, token, th.BasicUser.Id) 3453 3454 ok, resp := th.Client.RevokeUserAccessToken(token.Id) 3455 CheckNoError(t, resp) 3456 assert.True(t, ok, "should have passed") 3457 3458 assertInvalidToken(t, th, token) 3459 }) 3460 3461 t.Run("revoke token belonging to another user", func(t *testing.T) { 3462 th := Setup().InitBasic() 3463 defer th.TearDown() 3464 3465 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3466 3467 token, resp := th.SystemAdminClient.CreateUserAccessToken(th.BasicUser2.Id, "test token") 3468 CheckNoError(t, resp) 3469 3470 ok, resp := th.Client.RevokeUserAccessToken(token.Id) 3471 CheckForbiddenStatus(t, resp) 3472 assert.False(t, ok, "should have failed") 3473 }) 3474 3475 t.Run("revoke token for bot created by user", func(t *testing.T) { 3476 th := Setup().InitBasic() 3477 defer th.TearDown() 3478 3479 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3480 3481 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 3482 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 3483 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3484 th.AddPermissionToRole(model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3485 th.AddPermissionToRole(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3486 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 3487 3488 createdBot, resp := th.Client.CreateBot(&model.Bot{ 3489 Username: GenerateTestUsername(), 3490 DisplayName: "a bot", 3491 Description: "bot", 3492 }) 3493 CheckCreatedStatus(t, resp) 3494 defer th.App.PermanentDeleteBot(createdBot.UserId) 3495 3496 token, resp := th.Client.CreateUserAccessToken(createdBot.UserId, "test token") 3497 CheckNoError(t, resp) 3498 3499 t.Run("without MANAGE_BOTS permission", func(t *testing.T) { 3500 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3501 3502 _, resp := th.Client.RevokeUserAccessToken(token.Id) 3503 CheckForbiddenStatus(t, resp) 3504 }) 3505 3506 t.Run("with MANAGE_BOTS permission", func(t *testing.T) { 3507 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3508 3509 ok, resp := th.Client.RevokeUserAccessToken(token.Id) 3510 CheckNoError(t, resp) 3511 assert.True(t, ok, "should have passed") 3512 }) 3513 }) 3514 3515 t.Run("revoke token for bot created by another user", func(t *testing.T) { 3516 th := Setup().InitBasic() 3517 defer th.TearDown() 3518 3519 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3520 3521 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 3522 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 3523 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3524 th.AddPermissionToRole(model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3525 th.AddPermissionToRole(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3526 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 3527 3528 createdBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 3529 Username: GenerateTestUsername(), 3530 DisplayName: "a bot", 3531 Description: "bot", 3532 }) 3533 CheckCreatedStatus(t, resp) 3534 defer th.App.PermanentDeleteBot(createdBot.UserId) 3535 3536 token, resp := th.SystemAdminClient.CreateUserAccessToken(createdBot.UserId, "test token") 3537 CheckNoError(t, resp) 3538 3539 t.Run("only having MANAGE_BOTS permission", func(t *testing.T) { 3540 _, resp = th.Client.RevokeUserAccessToken(token.Id) 3541 CheckForbiddenStatus(t, resp) 3542 }) 3543 3544 t.Run("with MANAGE_OTHERS_BOTS permission", func(t *testing.T) { 3545 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 3546 3547 ok, resp := th.Client.RevokeUserAccessToken(token.Id) 3548 CheckNoError(t, resp) 3549 assert.True(t, ok, "should have passed") 3550 }) 3551 }) 3552 } 3553 3554 func TestDisableUserAccessToken(t *testing.T) { 3555 t.Run("disable user token", func(t *testing.T) { 3556 th := Setup().InitBasic() 3557 defer th.TearDown() 3558 3559 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3560 3561 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3562 token, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token") 3563 CheckNoError(t, resp) 3564 assertToken(t, th, token, th.BasicUser.Id) 3565 3566 ok, resp := th.Client.DisableUserAccessToken(token.Id) 3567 CheckNoError(t, resp) 3568 assert.True(t, ok, "should have passed") 3569 3570 assertInvalidToken(t, th, token) 3571 }) 3572 3573 t.Run("disable token belonging to another user", func(t *testing.T) { 3574 th := Setup().InitBasic() 3575 defer th.TearDown() 3576 3577 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3578 3579 token, resp := th.SystemAdminClient.CreateUserAccessToken(th.BasicUser2.Id, "test token") 3580 CheckNoError(t, resp) 3581 3582 ok, resp := th.Client.DisableUserAccessToken(token.Id) 3583 CheckForbiddenStatus(t, resp) 3584 assert.False(t, ok, "should have failed") 3585 }) 3586 3587 t.Run("disable token for bot created by user", func(t *testing.T) { 3588 th := Setup().InitBasic() 3589 defer th.TearDown() 3590 3591 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3592 3593 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 3594 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 3595 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3596 th.AddPermissionToRole(model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3597 th.AddPermissionToRole(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3598 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 3599 3600 createdBot, resp := th.Client.CreateBot(&model.Bot{ 3601 Username: GenerateTestUsername(), 3602 DisplayName: "a bot", 3603 Description: "bot", 3604 }) 3605 CheckCreatedStatus(t, resp) 3606 defer th.App.PermanentDeleteBot(createdBot.UserId) 3607 3608 token, resp := th.Client.CreateUserAccessToken(createdBot.UserId, "test token") 3609 CheckNoError(t, resp) 3610 3611 t.Run("without MANAGE_BOTS permission", func(t *testing.T) { 3612 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3613 3614 _, resp := th.Client.DisableUserAccessToken(token.Id) 3615 CheckForbiddenStatus(t, resp) 3616 }) 3617 3618 t.Run("with MANAGE_BOTS permission", func(t *testing.T) { 3619 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3620 3621 ok, resp := th.Client.DisableUserAccessToken(token.Id) 3622 CheckNoError(t, resp) 3623 assert.True(t, ok, "should have passed") 3624 }) 3625 }) 3626 3627 t.Run("disable token for bot created by another user", func(t *testing.T) { 3628 th := Setup().InitBasic() 3629 defer th.TearDown() 3630 3631 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3632 3633 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 3634 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 3635 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3636 th.AddPermissionToRole(model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3637 th.AddPermissionToRole(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3638 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 3639 3640 createdBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 3641 Username: GenerateTestUsername(), 3642 DisplayName: "a bot", 3643 Description: "bot", 3644 }) 3645 CheckCreatedStatus(t, resp) 3646 defer th.App.PermanentDeleteBot(createdBot.UserId) 3647 3648 token, resp := th.SystemAdminClient.CreateUserAccessToken(createdBot.UserId, "test token") 3649 CheckNoError(t, resp) 3650 3651 t.Run("only having MANAGE_BOTS permission", func(t *testing.T) { 3652 _, resp = th.Client.DisableUserAccessToken(token.Id) 3653 CheckForbiddenStatus(t, resp) 3654 }) 3655 3656 t.Run("with MANAGE_OTHERS_BOTS permission", func(t *testing.T) { 3657 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 3658 3659 ok, resp := th.Client.DisableUserAccessToken(token.Id) 3660 CheckNoError(t, resp) 3661 assert.True(t, ok, "should have passed") 3662 }) 3663 }) 3664 } 3665 3666 func TestEnableUserAccessToken(t *testing.T) { 3667 t.Run("enable user token", func(t *testing.T) { 3668 th := Setup().InitBasic() 3669 defer th.TearDown() 3670 3671 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3672 3673 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3674 token, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, "test token") 3675 CheckNoError(t, resp) 3676 assertToken(t, th, token, th.BasicUser.Id) 3677 3678 ok, resp := th.Client.DisableUserAccessToken(token.Id) 3679 CheckNoError(t, resp) 3680 assert.True(t, ok, "should have passed") 3681 3682 assertInvalidToken(t, th, token) 3683 3684 ok, resp = th.Client.EnableUserAccessToken(token.Id) 3685 CheckNoError(t, resp) 3686 assert.True(t, ok, "should have passed") 3687 3688 assertToken(t, th, token, th.BasicUser.Id) 3689 }) 3690 3691 t.Run("enable token belonging to another user", func(t *testing.T) { 3692 th := Setup().InitBasic() 3693 defer th.TearDown() 3694 3695 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3696 3697 token, resp := th.SystemAdminClient.CreateUserAccessToken(th.BasicUser2.Id, "test token") 3698 CheckNoError(t, resp) 3699 3700 ok, resp := th.SystemAdminClient.DisableUserAccessToken(token.Id) 3701 CheckNoError(t, resp) 3702 assert.True(t, ok, "should have passed") 3703 3704 ok, resp = th.Client.DisableUserAccessToken(token.Id) 3705 CheckForbiddenStatus(t, resp) 3706 assert.False(t, ok, "should have failed") 3707 }) 3708 3709 t.Run("enable token for bot created by user", func(t *testing.T) { 3710 th := Setup().InitBasic() 3711 defer th.TearDown() 3712 3713 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3714 3715 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 3716 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 3717 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3718 th.AddPermissionToRole(model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3719 th.AddPermissionToRole(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3720 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 3721 3722 createdBot, resp := th.Client.CreateBot(&model.Bot{ 3723 Username: GenerateTestUsername(), 3724 DisplayName: "a bot", 3725 Description: "bot", 3726 }) 3727 CheckCreatedStatus(t, resp) 3728 defer th.App.PermanentDeleteBot(createdBot.UserId) 3729 3730 token, resp := th.Client.CreateUserAccessToken(createdBot.UserId, "test token") 3731 CheckNoError(t, resp) 3732 3733 ok, resp := th.Client.DisableUserAccessToken(token.Id) 3734 CheckNoError(t, resp) 3735 assert.True(t, ok, "should have passed") 3736 3737 t.Run("without MANAGE_BOTS permission", func(t *testing.T) { 3738 th.RemovePermissionFromRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3739 3740 _, resp := th.Client.EnableUserAccessToken(token.Id) 3741 CheckForbiddenStatus(t, resp) 3742 }) 3743 3744 t.Run("with MANAGE_BOTS permission", func(t *testing.T) { 3745 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3746 3747 ok, resp := th.Client.EnableUserAccessToken(token.Id) 3748 CheckNoError(t, resp) 3749 assert.True(t, ok, "should have passed") 3750 }) 3751 }) 3752 3753 t.Run("enable token for bot created by another user", func(t *testing.T) { 3754 th := Setup().InitBasic() 3755 defer th.TearDown() 3756 3757 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3758 3759 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 3760 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 3761 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 3762 th.AddPermissionToRole(model.PERMISSION_CREATE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3763 th.AddPermissionToRole(model.PERMISSION_REVOKE_USER_ACCESS_TOKEN.Id, model.TEAM_USER_ROLE_ID) 3764 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 3765 3766 createdBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 3767 Username: GenerateTestUsername(), 3768 DisplayName: "a bot", 3769 Description: "bot", 3770 }) 3771 CheckCreatedStatus(t, resp) 3772 defer th.App.PermanentDeleteBot(createdBot.UserId) 3773 3774 token, resp := th.SystemAdminClient.CreateUserAccessToken(createdBot.UserId, "test token") 3775 CheckNoError(t, resp) 3776 3777 ok, resp := th.SystemAdminClient.DisableUserAccessToken(token.Id) 3778 CheckNoError(t, resp) 3779 assert.True(t, ok, "should have passed") 3780 3781 t.Run("only having MANAGE_BOTS permission", func(t *testing.T) { 3782 _, resp := th.Client.EnableUserAccessToken(token.Id) 3783 CheckForbiddenStatus(t, resp) 3784 }) 3785 3786 t.Run("with MANAGE_OTHERS_BOTS permission", func(t *testing.T) { 3787 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 3788 3789 ok, resp := th.Client.EnableUserAccessToken(token.Id) 3790 CheckNoError(t, resp) 3791 assert.True(t, ok, "should have passed") 3792 }) 3793 }) 3794 } 3795 3796 func TestUserAccessTokenInactiveUser(t *testing.T) { 3797 th := Setup().InitBasic() 3798 defer th.TearDown() 3799 3800 testDescription := "test token" 3801 3802 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3803 3804 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3805 token, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, testDescription) 3806 CheckNoError(t, resp) 3807 3808 th.Client.AuthToken = token.Token 3809 _, resp = th.Client.GetMe("") 3810 CheckNoError(t, resp) 3811 3812 th.App.UpdateActive(th.BasicUser, false) 3813 3814 _, resp = th.Client.GetMe("") 3815 CheckUnauthorizedStatus(t, resp) 3816 } 3817 3818 func TestUserAccessTokenDisableConfig(t *testing.T) { 3819 th := Setup().InitBasic() 3820 defer th.TearDown() 3821 3822 testDescription := "test token" 3823 3824 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 3825 3826 th.App.UpdateUserRoles(th.BasicUser.Id, model.SYSTEM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 3827 token, resp := th.Client.CreateUserAccessToken(th.BasicUser.Id, testDescription) 3828 CheckNoError(t, resp) 3829 3830 oldSessionToken := th.Client.AuthToken 3831 th.Client.AuthToken = token.Token 3832 _, resp = th.Client.GetMe("") 3833 CheckNoError(t, resp) 3834 3835 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = false }) 3836 3837 _, resp = th.Client.GetMe("") 3838 CheckUnauthorizedStatus(t, resp) 3839 3840 th.Client.AuthToken = oldSessionToken 3841 _, resp = th.Client.GetMe("") 3842 CheckNoError(t, resp) 3843 } 3844 3845 func TestGetUsersByStatus(t *testing.T) { 3846 th := Setup() 3847 defer th.TearDown() 3848 3849 team, err := th.App.CreateTeam(&model.Team{ 3850 DisplayName: "dn_" + model.NewId(), 3851 Name: GenerateTestTeamName(), 3852 Email: th.GenerateTestEmail(), 3853 Type: model.TEAM_OPEN, 3854 }) 3855 if err != nil { 3856 t.Fatalf("failed to create team: %v", err) 3857 } 3858 3859 channel, err := th.App.CreateChannel(&model.Channel{ 3860 DisplayName: "dn_" + model.NewId(), 3861 Name: "name_" + model.NewId(), 3862 Type: model.CHANNEL_OPEN, 3863 TeamId: team.Id, 3864 CreatorId: model.NewId(), 3865 }, false) 3866 if err != nil { 3867 t.Fatalf("failed to create channel: %v", err) 3868 } 3869 3870 createUserWithStatus := func(username string, status string) *model.User { 3871 id := model.NewId() 3872 3873 user, err := th.App.CreateUser(&model.User{ 3874 Email: "success+" + id + "@simulator.amazonses.com", 3875 Username: "un_" + username + "_" + id, 3876 Nickname: "nn_" + id, 3877 Password: "Password1", 3878 }) 3879 if err != nil { 3880 t.Fatalf("failed to create user: %v", err) 3881 } 3882 3883 th.LinkUserToTeam(user, team) 3884 th.AddUserToChannel(user, channel) 3885 3886 th.App.SaveAndBroadcastStatus(&model.Status{ 3887 UserId: user.Id, 3888 Status: status, 3889 Manual: true, 3890 }) 3891 3892 return user 3893 } 3894 3895 // Creating these out of order in case that affects results 3896 offlineUser1 := createUserWithStatus("offline1", model.STATUS_OFFLINE) 3897 offlineUser2 := createUserWithStatus("offline2", model.STATUS_OFFLINE) 3898 awayUser1 := createUserWithStatus("away1", model.STATUS_AWAY) 3899 awayUser2 := createUserWithStatus("away2", model.STATUS_AWAY) 3900 onlineUser1 := createUserWithStatus("online1", model.STATUS_ONLINE) 3901 onlineUser2 := createUserWithStatus("online2", model.STATUS_ONLINE) 3902 dndUser1 := createUserWithStatus("dnd1", model.STATUS_DND) 3903 dndUser2 := createUserWithStatus("dnd2", model.STATUS_DND) 3904 3905 client := th.CreateClient() 3906 if _, resp := client.Login(onlineUser2.Username, "Password1"); resp.Error != nil { 3907 t.Fatal(resp.Error) 3908 } 3909 3910 t.Run("sorting by status then alphabetical", func(t *testing.T) { 3911 usersByStatus, resp := client.GetUsersInChannelByStatus(channel.Id, 0, 8, "") 3912 if resp.Error != nil { 3913 t.Fatal(resp.Error) 3914 } 3915 3916 expectedUsersByStatus := []*model.User{ 3917 onlineUser1, 3918 onlineUser2, 3919 awayUser1, 3920 awayUser2, 3921 dndUser1, 3922 dndUser2, 3923 offlineUser1, 3924 offlineUser2, 3925 } 3926 3927 if len(usersByStatus) != len(expectedUsersByStatus) { 3928 t.Fatalf("received only %v users, expected %v", len(usersByStatus), len(expectedUsersByStatus)) 3929 } 3930 3931 for i := range usersByStatus { 3932 if usersByStatus[i].Id != expectedUsersByStatus[i].Id { 3933 t.Fatalf("received user %v at index %v, expected %v", usersByStatus[i].Username, i, expectedUsersByStatus[i].Username) 3934 } 3935 } 3936 }) 3937 3938 t.Run("paging", func(t *testing.T) { 3939 usersByStatus, resp := client.GetUsersInChannelByStatus(channel.Id, 0, 3, "") 3940 if resp.Error != nil { 3941 t.Fatal(resp.Error) 3942 } 3943 3944 if len(usersByStatus) != 3 { 3945 t.Fatal("received too many users") 3946 } 3947 3948 if usersByStatus[0].Id != onlineUser1.Id && usersByStatus[1].Id != onlineUser2.Id { 3949 t.Fatal("expected to receive online users first") 3950 } 3951 3952 if usersByStatus[2].Id != awayUser1.Id { 3953 t.Fatal("expected to receive away users second") 3954 } 3955 3956 usersByStatus, resp = client.GetUsersInChannelByStatus(channel.Id, 1, 3, "") 3957 if resp.Error != nil { 3958 t.Fatal(resp.Error) 3959 } 3960 3961 if usersByStatus[0].Id != awayUser2.Id { 3962 t.Fatal("expected to receive away users second") 3963 } 3964 3965 if usersByStatus[1].Id != dndUser1.Id && usersByStatus[2].Id != dndUser2.Id { 3966 t.Fatal("expected to receive dnd users third") 3967 } 3968 3969 usersByStatus, resp = client.GetUsersInChannelByStatus(channel.Id, 1, 4, "") 3970 if resp.Error != nil { 3971 t.Fatal(resp.Error) 3972 } 3973 3974 if len(usersByStatus) != 4 { 3975 t.Fatal("received too many users") 3976 } 3977 3978 if usersByStatus[0].Id != dndUser1.Id && usersByStatus[1].Id != dndUser2.Id { 3979 t.Fatal("expected to receive dnd users third") 3980 } 3981 3982 if usersByStatus[2].Id != offlineUser1.Id && usersByStatus[3].Id != offlineUser2.Id { 3983 t.Fatal("expected to receive offline users last") 3984 } 3985 }) 3986 } 3987 3988 func TestRegisterTermsOfServiceAction(t *testing.T) { 3989 th := Setup().InitBasic() 3990 defer th.TearDown() 3991 3992 success, resp := th.Client.RegisterTermsOfServiceAction(th.BasicUser.Id, "st_1", true) 3993 CheckErrorMessage(t, resp, "store.sql_terms_of_service_store.get.no_rows.app_error") 3994 3995 termsOfService, err := th.App.CreateTermsOfService("terms of service", th.BasicUser.Id) 3996 if err != nil { 3997 t.Fatal(err) 3998 } 3999 4000 success, resp = th.Client.RegisterTermsOfServiceAction(th.BasicUser.Id, termsOfService.Id, true) 4001 CheckNoError(t, resp) 4002 4003 assert.True(t, *success) 4004 _, err = th.App.GetUser(th.BasicUser.Id) 4005 if err != nil { 4006 t.Fatal(err) 4007 } 4008 } 4009 4010 func TestGetUserTermsOfService(t *testing.T) { 4011 th := Setup().InitBasic() 4012 defer th.TearDown() 4013 4014 _, resp := th.Client.GetUserTermsOfService(th.BasicUser.Id, "") 4015 CheckErrorMessage(t, resp, "store.sql_user_terms_of_service.get_by_user.no_rows.app_error") 4016 4017 termsOfService, err := th.App.CreateTermsOfService("terms of service", th.BasicUser.Id) 4018 if err != nil { 4019 t.Fatal(err) 4020 } 4021 4022 success, resp := th.Client.RegisterTermsOfServiceAction(th.BasicUser.Id, termsOfService.Id, true) 4023 CheckNoError(t, resp) 4024 assert.True(t, *success) 4025 4026 userTermsOfService, resp := th.Client.GetUserTermsOfService(th.BasicUser.Id, "") 4027 CheckNoError(t, resp) 4028 4029 assert.Equal(t, th.BasicUser.Id, userTermsOfService.UserId) 4030 assert.Equal(t, termsOfService.Id, userTermsOfService.TermsOfServiceId) 4031 assert.NotEmpty(t, userTermsOfService.CreateAt) 4032 } 4033 4034 func TestLoginLockout(t *testing.T) { 4035 th := Setup().InitBasic() 4036 defer th.TearDown() 4037 4038 _, resp := th.Client.Logout() 4039 CheckNoError(t, resp) 4040 4041 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.MaximumLoginAttempts = 3 }) 4042 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableMultifactorAuthentication = true }) 4043 4044 _, resp = th.Client.Login(th.BasicUser.Email, "wrong") 4045 CheckErrorMessage(t, resp, "api.user.check_user_password.invalid.app_error") 4046 _, resp = th.Client.Login(th.BasicUser.Email, "wrong") 4047 CheckErrorMessage(t, resp, "api.user.check_user_password.invalid.app_error") 4048 _, resp = th.Client.Login(th.BasicUser.Email, "wrong") 4049 CheckErrorMessage(t, resp, "api.user.check_user_password.invalid.app_error") 4050 _, resp = th.Client.Login(th.BasicUser.Email, "wrong") 4051 CheckErrorMessage(t, resp, "api.user.check_user_login_attempts.too_many.app_error") 4052 _, resp = th.Client.Login(th.BasicUser.Email, "wrong") 4053 CheckErrorMessage(t, resp, "api.user.check_user_login_attempts.too_many.app_error") 4054 4055 // Fake user has MFA enabled 4056 if result := <-th.Server.Store.User().UpdateMfaActive(th.BasicUser2.Id, true); result.Err != nil { 4057 t.Fatal(result.Err) 4058 } 4059 _, resp = th.Client.LoginWithMFA(th.BasicUser2.Email, th.BasicUser2.Password, "000000") 4060 CheckErrorMessage(t, resp, "api.user.check_user_mfa.bad_code.app_error") 4061 _, resp = th.Client.LoginWithMFA(th.BasicUser2.Email, th.BasicUser2.Password, "000000") 4062 CheckErrorMessage(t, resp, "api.user.check_user_mfa.bad_code.app_error") 4063 _, resp = th.Client.LoginWithMFA(th.BasicUser2.Email, th.BasicUser2.Password, "000000") 4064 CheckErrorMessage(t, resp, "api.user.check_user_mfa.bad_code.app_error") 4065 _, resp = th.Client.LoginWithMFA(th.BasicUser2.Email, th.BasicUser2.Password, "000000") 4066 CheckErrorMessage(t, resp, "api.user.check_user_login_attempts.too_many.app_error") 4067 _, resp = th.Client.LoginWithMFA(th.BasicUser2.Email, th.BasicUser2.Password, "000000") 4068 CheckErrorMessage(t, resp, "api.user.check_user_login_attempts.too_many.app_error") 4069 }