github.com/mad-app/mattermost-server@v5.11.1+incompatible/api4/webhook_test.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"testing"
     8  
     9  	"github.com/stretchr/testify/assert"
    10  	"github.com/stretchr/testify/require"
    11  
    12  	"github.com/mattermost/mattermost-server/model"
    13  )
    14  
    15  func TestCreateIncomingWebhook(t *testing.T) {
    16  	th := Setup().InitBasic()
    17  	defer th.TearDown()
    18  	Client := th.Client
    19  
    20  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true })
    21  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostUsernameOverride = true })
    22  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostIconOverride = true })
    23  
    24  	defaultRolePermissions := th.SaveDefaultRolePermissions()
    25  	defer func() {
    26  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
    27  	}()
    28  	th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
    29  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
    30  
    31  	hook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
    32  
    33  	rhook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook)
    34  	CheckNoError(t, resp)
    35  
    36  	if rhook.ChannelId != hook.ChannelId {
    37  		t.Fatal("channel ids didn't match")
    38  	}
    39  
    40  	if rhook.UserId != th.SystemAdminUser.Id {
    41  		t.Fatal("user ids didn't match")
    42  	}
    43  
    44  	if rhook.TeamId != th.BasicTeam.Id {
    45  		t.Fatal("team ids didn't match")
    46  	}
    47  
    48  	hook.ChannelId = "junk"
    49  	_, resp = th.SystemAdminClient.CreateIncomingWebhook(hook)
    50  	CheckNotFoundStatus(t, resp)
    51  
    52  	hook.ChannelId = th.BasicChannel.Id
    53  	th.LoginTeamAdmin()
    54  	_, resp = Client.CreateIncomingWebhook(hook)
    55  	CheckNoError(t, resp)
    56  
    57  	th.LoginBasic()
    58  	_, resp = Client.CreateIncomingWebhook(hook)
    59  	CheckForbiddenStatus(t, resp)
    60  
    61  	th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
    62  
    63  	_, resp = Client.CreateIncomingWebhook(hook)
    64  	CheckNoError(t, resp)
    65  
    66  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostUsernameOverride = false })
    67  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostIconOverride = false })
    68  
    69  	_, resp = Client.CreateIncomingWebhook(hook)
    70  	CheckNoError(t, resp)
    71  
    72  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = false })
    73  	_, resp = Client.CreateIncomingWebhook(hook)
    74  	CheckNotImplementedStatus(t, resp)
    75  }
    76  
    77  func TestGetIncomingWebhooks(t *testing.T) {
    78  	th := Setup().InitBasic()
    79  	defer th.TearDown()
    80  	Client := th.Client
    81  
    82  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true })
    83  
    84  	defaultRolePermissions := th.SaveDefaultRolePermissions()
    85  	defer func() {
    86  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
    87  	}()
    88  	th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
    89  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
    90  
    91  	hook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
    92  	rhook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook)
    93  	CheckNoError(t, resp)
    94  
    95  	hooks, resp := th.SystemAdminClient.GetIncomingWebhooks(0, 1000, "")
    96  	CheckNoError(t, resp)
    97  
    98  	found := false
    99  	for _, h := range hooks {
   100  		if rhook.Id == h.Id {
   101  			found = true
   102  		}
   103  	}
   104  
   105  	if !found {
   106  		t.Fatal("missing hook")
   107  	}
   108  
   109  	hooks, resp = th.SystemAdminClient.GetIncomingWebhooks(0, 1, "")
   110  	CheckNoError(t, resp)
   111  
   112  	if len(hooks) != 1 {
   113  		t.Fatal("should only be 1")
   114  	}
   115  
   116  	hooks, resp = th.SystemAdminClient.GetIncomingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "")
   117  	CheckNoError(t, resp)
   118  
   119  	found = false
   120  	for _, h := range hooks {
   121  		if rhook.Id == h.Id {
   122  			found = true
   123  		}
   124  	}
   125  
   126  	if !found {
   127  		t.Fatal("missing hook")
   128  	}
   129  
   130  	hooks, resp = th.SystemAdminClient.GetIncomingWebhooksForTeam(model.NewId(), 0, 1000, "")
   131  	CheckNoError(t, resp)
   132  
   133  	if len(hooks) != 0 {
   134  		t.Fatal("no hooks should be returned")
   135  	}
   136  
   137  	_, resp = Client.GetIncomingWebhooks(0, 1000, "")
   138  	CheckForbiddenStatus(t, resp)
   139  
   140  	th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   141  
   142  	_, resp = Client.GetIncomingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "")
   143  	CheckNoError(t, resp)
   144  
   145  	_, resp = Client.GetIncomingWebhooksForTeam(model.NewId(), 0, 1000, "")
   146  	CheckForbiddenStatus(t, resp)
   147  
   148  	_, resp = Client.GetIncomingWebhooks(0, 1000, "")
   149  	CheckForbiddenStatus(t, resp)
   150  
   151  	Client.Logout()
   152  	_, resp = Client.GetIncomingWebhooks(0, 1000, "")
   153  	CheckUnauthorizedStatus(t, resp)
   154  }
   155  
   156  func TestGetIncomingWebhook(t *testing.T) {
   157  	th := Setup().InitBasic()
   158  	defer th.TearDown()
   159  	Client := th.SystemAdminClient
   160  
   161  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true })
   162  
   163  	var resp *model.Response
   164  	var rhook *model.IncomingWebhook
   165  	var hook *model.IncomingWebhook
   166  
   167  	t.Run("WhenHookExists", func(t *testing.T) {
   168  		hook = &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
   169  		rhook, resp = Client.CreateIncomingWebhook(hook)
   170  		CheckNoError(t, resp)
   171  
   172  		hook, resp = Client.GetIncomingWebhook(rhook.Id, "")
   173  		CheckOKStatus(t, resp)
   174  	})
   175  
   176  	t.Run("WhenHookDoesNotExist", func(t *testing.T) {
   177  		hook, resp = Client.GetIncomingWebhook(model.NewId(), "")
   178  		CheckNotFoundStatus(t, resp)
   179  	})
   180  
   181  	t.Run("WhenInvalidHookID", func(t *testing.T) {
   182  		hook, resp = Client.GetIncomingWebhook("abc", "")
   183  		CheckBadRequestStatus(t, resp)
   184  	})
   185  
   186  	t.Run("WhenUserDoesNotHavePemissions", func(t *testing.T) {
   187  		th.LoginBasic()
   188  		Client = th.Client
   189  
   190  		_, resp = Client.GetIncomingWebhook(rhook.Id, "")
   191  		CheckForbiddenStatus(t, resp)
   192  	})
   193  }
   194  
   195  func TestDeleteIncomingWebhook(t *testing.T) {
   196  	th := Setup().InitBasic()
   197  	defer th.TearDown()
   198  	Client := th.SystemAdminClient
   199  
   200  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true })
   201  
   202  	var resp *model.Response
   203  	var rhook *model.IncomingWebhook
   204  	var hook *model.IncomingWebhook
   205  	var status bool
   206  
   207  	t.Run("WhenInvalidHookID", func(t *testing.T) {
   208  		status, resp = Client.DeleteIncomingWebhook("abc")
   209  		CheckBadRequestStatus(t, resp)
   210  	})
   211  
   212  	t.Run("WhenHookDoesNotExist", func(t *testing.T) {
   213  		status, resp = Client.DeleteIncomingWebhook(model.NewId())
   214  		CheckNotFoundStatus(t, resp)
   215  	})
   216  
   217  	t.Run("WhenHookExists", func(t *testing.T) {
   218  		hook = &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
   219  		rhook, resp = Client.CreateIncomingWebhook(hook)
   220  		CheckNoError(t, resp)
   221  
   222  		if status, resp = Client.DeleteIncomingWebhook(rhook.Id); !status {
   223  			t.Fatal("Delete should have succeeded")
   224  		} else {
   225  			CheckOKStatus(t, resp)
   226  		}
   227  
   228  		// Get now should not return this deleted hook
   229  		_, resp = Client.GetIncomingWebhook(rhook.Id, "")
   230  		CheckNotFoundStatus(t, resp)
   231  	})
   232  
   233  	t.Run("WhenUserDoesNotHavePemissions", func(t *testing.T) {
   234  		hook = &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
   235  		rhook, resp = Client.CreateIncomingWebhook(hook)
   236  		CheckNoError(t, resp)
   237  
   238  		th.LoginBasic()
   239  		Client = th.Client
   240  
   241  		_, resp = Client.DeleteIncomingWebhook(rhook.Id)
   242  		CheckForbiddenStatus(t, resp)
   243  	})
   244  }
   245  
   246  func TestCreateOutgoingWebhook(t *testing.T) {
   247  	th := Setup().InitBasic()
   248  	defer th.TearDown()
   249  	Client := th.Client
   250  
   251  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = true })
   252  
   253  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   254  	defer func() {
   255  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   256  	}()
   257  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   258  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   259  
   260  	hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}, Username: "some-user-name", IconURL: "http://some-icon-url/"}
   261  
   262  	rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook)
   263  	CheckNoError(t, resp)
   264  
   265  	if rhook.ChannelId != hook.ChannelId {
   266  		t.Fatal("channel ids didn't match")
   267  	} else if rhook.CreatorId != th.SystemAdminUser.Id {
   268  		t.Fatal("user ids didn't match")
   269  	} else if rhook.TeamId != th.BasicChannel.TeamId {
   270  		t.Fatal("team ids didn't match")
   271  	}
   272  
   273  	hook.ChannelId = "junk"
   274  	_, resp = th.SystemAdminClient.CreateOutgoingWebhook(hook)
   275  	CheckNotFoundStatus(t, resp)
   276  
   277  	hook.ChannelId = th.BasicChannel.Id
   278  	th.LoginTeamAdmin()
   279  	_, resp = Client.CreateOutgoingWebhook(hook)
   280  	CheckNoError(t, resp)
   281  
   282  	th.LoginBasic()
   283  	_, resp = Client.CreateOutgoingWebhook(hook)
   284  	CheckForbiddenStatus(t, resp)
   285  
   286  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   287  
   288  	_, resp = Client.CreateOutgoingWebhook(hook)
   289  	CheckNoError(t, resp)
   290  
   291  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = false })
   292  	_, resp = Client.CreateOutgoingWebhook(hook)
   293  	CheckNotImplementedStatus(t, resp)
   294  }
   295  
   296  func TestGetOutgoingWebhooks(t *testing.T) {
   297  	th := Setup().InitBasic()
   298  	defer th.TearDown()
   299  	Client := th.Client
   300  
   301  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = true })
   302  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   303  	defer func() {
   304  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   305  	}()
   306  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   307  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   308  
   309  	hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}}
   310  	rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook)
   311  	CheckNoError(t, resp)
   312  
   313  	hooks, resp := th.SystemAdminClient.GetOutgoingWebhooks(0, 1000, "")
   314  	CheckNoError(t, resp)
   315  
   316  	found := false
   317  	for _, h := range hooks {
   318  		if rhook.Id == h.Id {
   319  			found = true
   320  		}
   321  	}
   322  
   323  	if !found {
   324  		t.Fatal("missing hook")
   325  	}
   326  
   327  	hooks, resp = th.SystemAdminClient.GetOutgoingWebhooks(0, 1, "")
   328  	CheckNoError(t, resp)
   329  
   330  	if len(hooks) != 1 {
   331  		t.Fatal("should only be 1")
   332  	}
   333  
   334  	hooks, resp = th.SystemAdminClient.GetOutgoingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "")
   335  	CheckNoError(t, resp)
   336  
   337  	found = false
   338  	for _, h := range hooks {
   339  		if rhook.Id == h.Id {
   340  			found = true
   341  		}
   342  	}
   343  
   344  	if !found {
   345  		t.Fatal("missing hook")
   346  	}
   347  
   348  	hooks, resp = th.SystemAdminClient.GetOutgoingWebhooksForTeam(model.NewId(), 0, 1000, "")
   349  	CheckNoError(t, resp)
   350  
   351  	if len(hooks) != 0 {
   352  		t.Fatal("no hooks should be returned")
   353  	}
   354  
   355  	hooks, resp = th.SystemAdminClient.GetOutgoingWebhooksForChannel(th.BasicChannel.Id, 0, 1000, "")
   356  	CheckNoError(t, resp)
   357  
   358  	found = false
   359  	for _, h := range hooks {
   360  		if rhook.Id == h.Id {
   361  			found = true
   362  		}
   363  	}
   364  
   365  	if !found {
   366  		t.Fatal("missing hook")
   367  	}
   368  
   369  	_, resp = th.SystemAdminClient.GetOutgoingWebhooksForChannel(model.NewId(), 0, 1000, "")
   370  	CheckForbiddenStatus(t, resp)
   371  
   372  	_, resp = Client.GetOutgoingWebhooks(0, 1000, "")
   373  	CheckForbiddenStatus(t, resp)
   374  
   375  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   376  
   377  	_, resp = Client.GetOutgoingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "")
   378  	CheckNoError(t, resp)
   379  
   380  	_, resp = Client.GetOutgoingWebhooksForTeam(model.NewId(), 0, 1000, "")
   381  	CheckForbiddenStatus(t, resp)
   382  
   383  	_, resp = Client.GetOutgoingWebhooksForChannel(th.BasicChannel.Id, 0, 1000, "")
   384  	CheckNoError(t, resp)
   385  
   386  	_, resp = Client.GetOutgoingWebhooksForChannel(model.NewId(), 0, 1000, "")
   387  	CheckForbiddenStatus(t, resp)
   388  
   389  	_, resp = Client.GetOutgoingWebhooks(0, 1000, "")
   390  	CheckForbiddenStatus(t, resp)
   391  
   392  	Client.Logout()
   393  	_, resp = Client.GetOutgoingWebhooks(0, 1000, "")
   394  	CheckUnauthorizedStatus(t, resp)
   395  }
   396  
   397  func TestGetOutgoingWebhook(t *testing.T) {
   398  	th := Setup().InitBasic()
   399  	defer th.TearDown()
   400  	Client := th.Client
   401  
   402  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = true })
   403  
   404  	hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}}
   405  
   406  	rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook)
   407  	CheckNoError(t, resp)
   408  
   409  	getHook, resp := th.SystemAdminClient.GetOutgoingWebhook(rhook.Id)
   410  	CheckNoError(t, resp)
   411  	if getHook.Id != rhook.Id {
   412  		t.Fatal("failed to retrieve the correct outgoing hook")
   413  	}
   414  
   415  	_, resp = Client.GetOutgoingWebhook(rhook.Id)
   416  	CheckForbiddenStatus(t, resp)
   417  
   418  	nonExistentHook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id}
   419  	_, resp = th.SystemAdminClient.GetOutgoingWebhook(nonExistentHook.Id)
   420  	CheckNotFoundStatus(t, resp)
   421  
   422  	nonExistentHook.Id = model.NewId()
   423  	_, resp = th.SystemAdminClient.GetOutgoingWebhook(nonExistentHook.Id)
   424  	CheckInternalErrorStatus(t, resp)
   425  }
   426  
   427  func TestUpdateIncomingHook(t *testing.T) {
   428  	th := Setup().InitBasic()
   429  	defer th.TearDown()
   430  	Client := th.Client
   431  
   432  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true })
   433  
   434  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   435  	defer func() {
   436  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   437  	}()
   438  	th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   439  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   440  
   441  	hook1 := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
   442  
   443  	createdHook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook1)
   444  	CheckNoError(t, resp)
   445  
   446  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostUsernameOverride = false })
   447  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostIconOverride = false })
   448  
   449  	t.Run("UpdateIncomingHook, overrides disabled", func(t *testing.T) {
   450  		createdHook.DisplayName = "hook2"
   451  		createdHook.Description = "description"
   452  		createdHook.ChannelId = th.BasicChannel2.Id
   453  		createdHook.Username = "username"
   454  		createdHook.IconURL = "icon"
   455  
   456  		updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
   457  		CheckNoError(t, resp)
   458  		if updatedHook != nil {
   459  			if updatedHook.DisplayName != "hook2" {
   460  				t.Fatal("Hook name is not updated")
   461  			}
   462  
   463  			if updatedHook.Description != "description" {
   464  				t.Fatal("Hook description is not updated")
   465  			}
   466  
   467  			if updatedHook.ChannelId != th.BasicChannel2.Id {
   468  				t.Fatal("Hook channel is not updated")
   469  			}
   470  
   471  			if updatedHook.Username != "" {
   472  				t.Fatal("Hook username was incorrectly updated")
   473  			}
   474  
   475  			if updatedHook.IconURL != "" {
   476  				t.Fatal("Hook icon was incorrectly updated")
   477  			}
   478  		} else {
   479  			t.Fatal("should not be nil")
   480  		}
   481  
   482  		//updatedHook, _ = th.App.GetIncomingWebhook(createdHook.Id)
   483  		assert.Equal(t, updatedHook.ChannelId, createdHook.ChannelId)
   484  	})
   485  
   486  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostUsernameOverride = true })
   487  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnablePostIconOverride = true })
   488  
   489  	t.Run("UpdateIncomingHook", func(t *testing.T) {
   490  		createdHook.DisplayName = "hook2"
   491  		createdHook.Description = "description"
   492  		createdHook.ChannelId = th.BasicChannel2.Id
   493  		createdHook.Username = "username"
   494  		createdHook.IconURL = "icon"
   495  
   496  		updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
   497  		CheckNoError(t, resp)
   498  		if updatedHook != nil {
   499  			if updatedHook.DisplayName != "hook2" {
   500  				t.Fatal("Hook name is not updated")
   501  			}
   502  
   503  			if updatedHook.Description != "description" {
   504  				t.Fatal("Hook description is not updated")
   505  			}
   506  
   507  			if updatedHook.ChannelId != th.BasicChannel2.Id {
   508  				t.Fatal("Hook channel is not updated")
   509  			}
   510  
   511  			if updatedHook.Username != "username" {
   512  				t.Fatal("Hook username is not updated")
   513  			}
   514  
   515  			if updatedHook.IconURL != "icon" {
   516  				t.Fatal("Hook icon is not updated")
   517  			}
   518  		} else {
   519  			t.Fatal("should not be nil")
   520  		}
   521  
   522  		//updatedHook, _ = th.App.GetIncomingWebhook(createdHook.Id)
   523  		assert.Equal(t, updatedHook.ChannelId, createdHook.ChannelId)
   524  	})
   525  
   526  	t.Run("RetainCreateAt", func(t *testing.T) {
   527  		hook2 := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id, CreateAt: 100}
   528  
   529  		createdHook2, resp := th.SystemAdminClient.CreateIncomingWebhook(hook2)
   530  		CheckNoError(t, resp)
   531  
   532  		createdHook2.DisplayName = "Name2"
   533  
   534  		updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook2)
   535  		CheckNoError(t, resp)
   536  		require.NotNil(t, updatedHook)
   537  		assert.Equal(t, createdHook2.CreateAt, updatedHook.CreateAt)
   538  	})
   539  
   540  	t.Run("ModifyUpdateAt", func(t *testing.T) {
   541  		createdHook.DisplayName = "Name3"
   542  
   543  		updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
   544  		CheckNoError(t, resp)
   545  		if updatedHook != nil {
   546  			if updatedHook.UpdateAt == createdHook.UpdateAt {
   547  				t.Fatal("failed - hook updateAt is not updated")
   548  			}
   549  		} else {
   550  			t.Fatal("should not be nil")
   551  		}
   552  	})
   553  
   554  	t.Run("UpdateNonExistentHook", func(t *testing.T) {
   555  		nonExistentHook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
   556  
   557  		_, resp := th.SystemAdminClient.UpdateIncomingWebhook(nonExistentHook)
   558  		CheckNotFoundStatus(t, resp)
   559  
   560  		nonExistentHook.Id = model.NewId()
   561  		_, resp = th.SystemAdminClient.UpdateIncomingWebhook(nonExistentHook)
   562  		CheckNotFoundStatus(t, resp)
   563  	})
   564  
   565  	t.Run("UserIsNotAdminOfTeam", func(t *testing.T) {
   566  		_, resp := Client.UpdateIncomingWebhook(createdHook)
   567  		CheckForbiddenStatus(t, resp)
   568  	})
   569  
   570  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   571  	th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   572  
   573  	t.Run("OnlyAdminIntegrationsDisabled", func(t *testing.T) {
   574  		th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   575  
   576  		t.Run("UpdateHookOfSameUser", func(t *testing.T) {
   577  			sameUserHook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id, UserId: th.BasicUser2.Id}
   578  
   579  			sameUserHook, resp := Client.CreateIncomingWebhook(sameUserHook)
   580  			CheckNoError(t, resp)
   581  
   582  			_, resp = Client.UpdateIncomingWebhook(sameUserHook)
   583  			CheckNoError(t, resp)
   584  		})
   585  
   586  		t.Run("UpdateHookOfDifferentUser", func(t *testing.T) {
   587  			_, resp := Client.UpdateIncomingWebhook(createdHook)
   588  			CheckForbiddenStatus(t, resp)
   589  		})
   590  	})
   591  
   592  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   593  	th.AddPermissionToRole(model.PERMISSION_MANAGE_INCOMING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   594  
   595  	Client.Logout()
   596  	th.UpdateUserToTeamAdmin(th.BasicUser2, th.BasicTeam)
   597  	th.LoginBasic2()
   598  	t.Run("UpdateByDifferentUser", func(t *testing.T) {
   599  		updatedHook, resp := Client.UpdateIncomingWebhook(createdHook)
   600  		CheckNoError(t, resp)
   601  		if updatedHook.UserId == th.BasicUser2.Id {
   602  			t.Fatal("Hook's creator userId is not retained")
   603  		}
   604  	})
   605  
   606  	t.Run("IncomingHooksDisabled", func(t *testing.T) {
   607  		th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = false })
   608  		_, resp := Client.UpdateIncomingWebhook(createdHook)
   609  		CheckNotImplementedStatus(t, resp)
   610  		CheckErrorMessage(t, resp, "api.incoming_webhook.disabled.app_error")
   611  	})
   612  
   613  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true })
   614  
   615  	t.Run("PrivateChannel", func(t *testing.T) {
   616  		privateChannel := th.CreatePrivateChannel()
   617  		Client.Logout()
   618  		th.LoginBasic()
   619  		createdHook.ChannelId = privateChannel.Id
   620  
   621  		_, resp := Client.UpdateIncomingWebhook(createdHook)
   622  		CheckForbiddenStatus(t, resp)
   623  	})
   624  
   625  	t.Run("UpdateToNonExistentChannel", func(t *testing.T) {
   626  		createdHook.ChannelId = "junk"
   627  		_, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
   628  		CheckNotFoundStatus(t, resp)
   629  	})
   630  
   631  	team := th.CreateTeamWithClient(Client)
   632  	user := th.CreateUserWithClient(Client)
   633  	th.LinkUserToTeam(user, team)
   634  	Client.Logout()
   635  	Client.Login(user.Id, user.Password)
   636  	t.Run("UpdateToADifferentTeam", func(t *testing.T) {
   637  		_, resp := Client.UpdateIncomingWebhook(createdHook)
   638  		CheckUnauthorizedStatus(t, resp)
   639  	})
   640  }
   641  
   642  func TestRegenOutgoingHookToken(t *testing.T) {
   643  	th := Setup().InitBasic()
   644  	defer th.TearDown()
   645  	Client := th.Client
   646  
   647  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = true })
   648  
   649  	hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}}
   650  	rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook)
   651  	CheckNoError(t, resp)
   652  
   653  	_, resp = th.SystemAdminClient.RegenOutgoingHookToken("junk")
   654  	CheckBadRequestStatus(t, resp)
   655  
   656  	//investigate why is act weird on jenkins
   657  	// _, resp = th.SystemAdminClient.RegenOutgoingHookToken("")
   658  	// CheckNotFoundStatus(t, resp)
   659  
   660  	regenHookToken, resp := th.SystemAdminClient.RegenOutgoingHookToken(rhook.Id)
   661  	CheckNoError(t, resp)
   662  	if regenHookToken.Token == rhook.Token {
   663  		t.Fatal("regen didn't work properly")
   664  	}
   665  
   666  	_, resp = Client.RegenOutgoingHookToken(rhook.Id)
   667  	CheckForbiddenStatus(t, resp)
   668  
   669  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = false })
   670  	_, resp = th.SystemAdminClient.RegenOutgoingHookToken(rhook.Id)
   671  	CheckNotImplementedStatus(t, resp)
   672  }
   673  
   674  func TestUpdateOutgoingHook(t *testing.T) {
   675  	th := Setup().InitBasic()
   676  	defer th.TearDown()
   677  	Client := th.Client
   678  
   679  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = true })
   680  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   681  	defer func() {
   682  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   683  	}()
   684  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   685  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   686  
   687  	createdHook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
   688  		CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"cats"}}
   689  
   690  	createdHook, webookResp := th.SystemAdminClient.CreateOutgoingWebhook(createdHook)
   691  	CheckNoError(t, webookResp)
   692  
   693  	t.Run("UpdateOutgoingWebhook", func(t *testing.T) {
   694  		createdHook.DisplayName = "Cats"
   695  		createdHook.Description = "Get me some cats"
   696  
   697  		updatedHook, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   698  		CheckNoError(t, resp)
   699  		if updatedHook.DisplayName != "Cats" {
   700  			t.Fatal("did not update")
   701  		}
   702  		if updatedHook.Description != "Get me some cats" {
   703  			t.Fatal("did not update")
   704  		}
   705  	})
   706  
   707  	t.Run("OutgoingHooksDisabled", func(t *testing.T) {
   708  		th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = false })
   709  		_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   710  		CheckNotImplementedStatus(t, resp)
   711  	})
   712  
   713  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOutgoingWebhooks = true })
   714  	t.Run("RetainCreateAt", func(t *testing.T) {
   715  		hook2 := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
   716  			CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"rats"}}
   717  
   718  		createdHook2, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook2)
   719  		CheckNoError(t, resp)
   720  		createdHook2.DisplayName = "Name2"
   721  
   722  		updatedHook2, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook2)
   723  		CheckNoError(t, resp)
   724  
   725  		if updatedHook2.CreateAt != createdHook2.CreateAt {
   726  			t.Fatal("failed - hook create at should not be changed")
   727  		}
   728  	})
   729  
   730  	t.Run("ModifyUpdateAt", func(t *testing.T) {
   731  		createdHook.DisplayName = "Name3"
   732  
   733  		updatedHook2, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   734  		CheckNoError(t, resp)
   735  
   736  		if updatedHook2.UpdateAt == createdHook.UpdateAt {
   737  			t.Fatal("failed - hook updateAt is not updated")
   738  		}
   739  	})
   740  
   741  	t.Run("UpdateNonExistentHook", func(t *testing.T) {
   742  		nonExistentHook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
   743  			CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"rats"}}
   744  
   745  		_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(nonExistentHook)
   746  		CheckNotFoundStatus(t, resp)
   747  
   748  		nonExistentHook.Id = model.NewId()
   749  		_, resp = th.SystemAdminClient.UpdateOutgoingWebhook(nonExistentHook)
   750  		CheckInternalErrorStatus(t, resp)
   751  	})
   752  
   753  	t.Run("UserIsNotAdminOfTeam", func(t *testing.T) {
   754  		_, resp := Client.UpdateOutgoingWebhook(createdHook)
   755  		CheckForbiddenStatus(t, resp)
   756  	})
   757  
   758  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   759  	hook2 := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
   760  		CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"rats2"}}
   761  
   762  	createdHook2, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook2)
   763  	CheckNoError(t, resp)
   764  
   765  	_, resp = Client.UpdateOutgoingWebhook(createdHook2)
   766  	CheckForbiddenStatus(t, resp)
   767  
   768  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   769  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OUTGOING_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   770  
   771  	Client.Logout()
   772  	th.UpdateUserToTeamAdmin(th.BasicUser2, th.BasicTeam)
   773  	th.LoginBasic2()
   774  	t.Run("RetainHookCreator", func(t *testing.T) {
   775  		createdHook.DisplayName = "Basic user 2"
   776  		updatedHook, resp := Client.UpdateOutgoingWebhook(createdHook)
   777  		CheckNoError(t, resp)
   778  		if updatedHook.DisplayName != "Basic user 2" {
   779  			t.Fatal("should apply the change")
   780  		}
   781  		if updatedHook.CreatorId != th.SystemAdminUser.Id {
   782  			t.Fatal("hook creator should not be changed")
   783  		}
   784  	})
   785  
   786  	t.Run("UpdateToExistingTriggerWordAndCallback", func(t *testing.T) {
   787  		t.Run("OnSameChannel", func(t *testing.T) {
   788  			createdHook.TriggerWords = []string{"rats"}
   789  
   790  			_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   791  			CheckBadRequestStatus(t, resp)
   792  		})
   793  
   794  		t.Run("OnDifferentChannel", func(t *testing.T) {
   795  			createdHook.TriggerWords = []string{"cats"}
   796  			createdHook.ChannelId = th.BasicChannel2.Id
   797  
   798  			_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   799  			CheckNoError(t, resp)
   800  		})
   801  	})
   802  
   803  	t.Run("UpdateToNonExistentChannel", func(t *testing.T) {
   804  		createdHook.ChannelId = "junk"
   805  
   806  		_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   807  		CheckNotFoundStatus(t, resp)
   808  	})
   809  
   810  	t.Run("UpdateToPrivateChannel", func(t *testing.T) {
   811  		privateChannel := th.CreatePrivateChannel()
   812  		createdHook.ChannelId = privateChannel.Id
   813  
   814  		_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   815  		CheckForbiddenStatus(t, resp)
   816  	})
   817  
   818  	t.Run("UpdateToBlankTriggerWordAndChannel", func(t *testing.T) {
   819  		createdHook.ChannelId = ""
   820  		createdHook.TriggerWords = nil
   821  
   822  		_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   823  		CheckInternalErrorStatus(t, resp)
   824  	})
   825  
   826  	team := th.CreateTeamWithClient(Client)
   827  	user := th.CreateUserWithClient(Client)
   828  	th.LinkUserToTeam(user, team)
   829  	Client.Logout()
   830  	Client.Login(user.Id, user.Password)
   831  	t.Run("UpdateToADifferentTeam", func(t *testing.T) {
   832  		_, resp := Client.UpdateOutgoingWebhook(createdHook)
   833  		CheckUnauthorizedStatus(t, resp)
   834  	})
   835  }
   836  
   837  func TestDeleteOutgoingHook(t *testing.T) {
   838  	th := Setup().InitBasic()
   839  	defer th.TearDown()
   840  	Client := th.SystemAdminClient
   841  
   842  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableIncomingWebhooks = true })
   843  
   844  	var resp *model.Response
   845  	var rhook *model.OutgoingWebhook
   846  	var hook *model.OutgoingWebhook
   847  	var status bool
   848  
   849  	t.Run("WhenInvalidHookID", func(t *testing.T) {
   850  		status, resp = Client.DeleteOutgoingWebhook("abc")
   851  		CheckBadRequestStatus(t, resp)
   852  	})
   853  
   854  	t.Run("WhenHookDoesNotExist", func(t *testing.T) {
   855  		status, resp = Client.DeleteOutgoingWebhook(model.NewId())
   856  		CheckInternalErrorStatus(t, resp)
   857  	})
   858  
   859  	t.Run("WhenHookExists", func(t *testing.T) {
   860  		hook = &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
   861  			CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"cats"}}
   862  		rhook, resp = Client.CreateOutgoingWebhook(hook)
   863  		CheckNoError(t, resp)
   864  
   865  		if status, resp = Client.DeleteOutgoingWebhook(rhook.Id); !status {
   866  			t.Fatal("Delete should have succeeded")
   867  		} else {
   868  			CheckOKStatus(t, resp)
   869  		}
   870  
   871  		// Get now should not return this deleted hook
   872  		_, resp = Client.GetIncomingWebhook(rhook.Id, "")
   873  		CheckNotFoundStatus(t, resp)
   874  	})
   875  
   876  	t.Run("WhenUserDoesNotHavePemissions", func(t *testing.T) {
   877  		hook = &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
   878  			CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"dogs"}}
   879  		rhook, resp = Client.CreateOutgoingWebhook(hook)
   880  		CheckNoError(t, resp)
   881  
   882  		th.LoginBasic()
   883  		Client = th.Client
   884  
   885  		_, resp = Client.DeleteOutgoingWebhook(rhook.Id)
   886  		CheckForbiddenStatus(t, resp)
   887  	})
   888  }