github.com/masterhung0112/hk_server/v5@v5.0.0-20220302090640-ec71aef15e1c/api4/oauth_test.go (about)

     1  // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
     2  // See LICENSE.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"io/ioutil"
     8  	"net/http"
     9  	"testing"
    10  
    11  	"github.com/stretchr/testify/assert"
    12  	"github.com/stretchr/testify/require"
    13  
    14  	"github.com/masterhung0112/hk_server/v5/model"
    15  )
    16  
    17  func TestCreateOAuthApp(t *testing.T) {
    18  	th := Setup(t)
    19  	defer th.TearDown()
    20  	Client := th.Client
    21  	AdminClient := th.SystemAdminClient
    22  
    23  	defaultRolePermissions := th.SaveDefaultRolePermissions()
    24  	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
    25  	defer func() {
    26  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
    27  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
    28  	}()
    29  
    30  	// Grant permission to regular users.
    31  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
    32  
    33  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
    34  
    35  	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}, IsTrusted: true}
    36  
    37  	rapp, resp := AdminClient.CreateOAuthApp(oapp)
    38  	CheckNoError(t, resp)
    39  	CheckCreatedStatus(t, resp)
    40  	assert.Equal(t, oapp.Name, rapp.Name, "names did not match")
    41  	assert.Equal(t, oapp.IsTrusted, rapp.IsTrusted, "trusted did no match")
    42  
    43  	// Revoke permission from regular users.
    44  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
    45  
    46  	_, resp = Client.CreateOAuthApp(oapp)
    47  	CheckForbiddenStatus(t, resp)
    48  	// Grant permission to regular users.
    49  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
    50  
    51  	rapp, resp = Client.CreateOAuthApp(oapp)
    52  	CheckNoError(t, resp)
    53  	CheckCreatedStatus(t, resp)
    54  
    55  	assert.False(t, rapp.IsTrusted, "trusted should be false - created by non admin")
    56  
    57  	oapp.Name = ""
    58  	_, resp = AdminClient.CreateOAuthApp(oapp)
    59  	CheckBadRequestStatus(t, resp)
    60  
    61  	r, err := Client.DoApiPost("/oauth/apps", "garbage")
    62  	require.NotNil(t, err, "expected error from garbage post")
    63  	assert.Equal(t, http.StatusBadRequest, r.StatusCode)
    64  
    65  	Client.Logout()
    66  	_, resp = Client.CreateOAuthApp(oapp)
    67  	CheckUnauthorizedStatus(t, resp)
    68  
    69  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
    70  	oapp.Name = GenerateTestAppName()
    71  	_, resp = AdminClient.CreateOAuthApp(oapp)
    72  	CheckNotImplementedStatus(t, resp)
    73  }
    74  
    75  func TestUpdateOAuthApp(t *testing.T) {
    76  	th := Setup(t).InitBasic()
    77  	defer th.TearDown()
    78  	Client := th.Client
    79  	AdminClient := th.SystemAdminClient
    80  
    81  	defaultRolePermissions := th.SaveDefaultRolePermissions()
    82  	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
    83  	defer func() {
    84  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
    85  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
    86  	}()
    87  
    88  	// Grant permission to regular users.
    89  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
    90  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
    91  
    92  	oapp := &model.OAuthApp{
    93  		Name:         "oapp",
    94  		IsTrusted:    false,
    95  		IconURL:      "https://nowhere.com/img",
    96  		Homepage:     "https://nowhere.com",
    97  		Description:  "test",
    98  		CallbackUrls: []string{"https://callback.com"},
    99  	}
   100  
   101  	oapp, _ = AdminClient.CreateOAuthApp(oapp)
   102  
   103  	oapp.Name = "oapp_update"
   104  	oapp.IsTrusted = true
   105  	oapp.IconURL = "https://nowhere.com/img_update"
   106  	oapp.Homepage = "https://nowhere_update.com"
   107  	oapp.Description = "test_update"
   108  	oapp.CallbackUrls = []string{"https://callback_update.com", "https://another_callback.com"}
   109  
   110  	updatedApp, resp := AdminClient.UpdateOAuthApp(oapp)
   111  	CheckNoError(t, resp)
   112  	assert.Equal(t, oapp.Id, updatedApp.Id, "Id should have not updated")
   113  	assert.Equal(t, oapp.CreatorId, updatedApp.CreatorId, "CreatorId should have not updated")
   114  	assert.Equal(t, oapp.CreateAt, updatedApp.CreateAt, "CreateAt should have not updated")
   115  	assert.NotEqual(t, oapp.UpdateAt, updatedApp.UpdateAt, "UpdateAt should have updated")
   116  	assert.Equal(t, oapp.ClientSecret, updatedApp.ClientSecret, "ClientSecret should have not updated")
   117  	assert.Equal(t, oapp.Name, updatedApp.Name, "Name should have updated")
   118  	assert.Equal(t, oapp.Description, updatedApp.Description, "Description should have updated")
   119  	assert.Equal(t, oapp.IconURL, updatedApp.IconURL, "IconURL should have updated")
   120  
   121  	if len(updatedApp.CallbackUrls) == len(oapp.CallbackUrls) {
   122  		for i, callbackUrl := range updatedApp.CallbackUrls {
   123  			assert.Equal(t, oapp.CallbackUrls[i], callbackUrl, "Description should have updated")
   124  		}
   125  	}
   126  	assert.Equal(t, oapp.Homepage, updatedApp.Homepage, "Homepage should have updated")
   127  	assert.Equal(t, oapp.IsTrusted, updatedApp.IsTrusted, "IsTrusted should have updated")
   128  
   129  	th.LoginBasic2()
   130  	updatedApp.CreatorId = th.BasicUser2.Id
   131  	_, resp = Client.UpdateOAuthApp(oapp)
   132  	CheckForbiddenStatus(t, resp)
   133  
   134  	th.LoginBasic()
   135  
   136  	// Revoke permission from regular users.
   137  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
   138  
   139  	_, resp = Client.UpdateOAuthApp(oapp)
   140  	CheckForbiddenStatus(t, resp)
   141  
   142  	oapp.Id = "zhk9d1ggatrqz236c7h87im7bc"
   143  	_, resp = AdminClient.UpdateOAuthApp(oapp)
   144  	CheckNotFoundStatus(t, resp)
   145  
   146  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
   147  
   148  	_, resp = AdminClient.UpdateOAuthApp(oapp)
   149  	CheckNotImplementedStatus(t, resp)
   150  
   151  	Client.Logout()
   152  	_, resp = Client.UpdateOAuthApp(oapp)
   153  	CheckUnauthorizedStatus(t, resp)
   154  
   155  	oapp.Id = "junk"
   156  	_, resp = AdminClient.UpdateOAuthApp(oapp)
   157  	CheckBadRequestStatus(t, resp)
   158  
   159  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
   160  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
   161  	th.LoginBasic()
   162  
   163  	userOapp := &model.OAuthApp{
   164  		Name:         "useroapp",
   165  		IsTrusted:    false,
   166  		IconURL:      "https://nowhere.com/img",
   167  		Homepage:     "https://nowhere.com",
   168  		Description:  "test",
   169  		CallbackUrls: []string{"https://callback.com"},
   170  	}
   171  
   172  	userOapp, resp = Client.CreateOAuthApp(userOapp)
   173  	CheckNoError(t, resp)
   174  
   175  	userOapp.IsTrusted = true
   176  	userOapp, resp = Client.UpdateOAuthApp(userOapp)
   177  	CheckNoError(t, resp)
   178  	assert.False(t, userOapp.IsTrusted)
   179  
   180  	userOapp.IsTrusted = true
   181  	userOapp, resp = AdminClient.UpdateOAuthApp(userOapp)
   182  	CheckNoError(t, resp)
   183  	assert.True(t, userOapp.IsTrusted)
   184  
   185  	userOapp.IsTrusted = false
   186  	userOapp, resp = Client.UpdateOAuthApp(userOapp)
   187  	CheckNoError(t, resp)
   188  	assert.True(t, userOapp.IsTrusted)
   189  }
   190  
   191  func TestGetOAuthApps(t *testing.T) {
   192  	th := Setup(t)
   193  	defer th.TearDown()
   194  	Client := th.Client
   195  	AdminClient := th.SystemAdminClient
   196  
   197  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   198  	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
   199  	defer func() {
   200  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   201  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
   202  	}()
   203  
   204  	// Grant permission to regular users.
   205  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
   206  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
   207  
   208  	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
   209  
   210  	rapp, resp := AdminClient.CreateOAuthApp(oapp)
   211  	CheckNoError(t, resp)
   212  
   213  	oapp.Name = GenerateTestAppName()
   214  	rapp2, resp := Client.CreateOAuthApp(oapp)
   215  	CheckNoError(t, resp)
   216  
   217  	apps, resp := AdminClient.GetOAuthApps(0, 1000)
   218  	CheckNoError(t, resp)
   219  
   220  	found1 := false
   221  	found2 := false
   222  	for _, a := range apps {
   223  		if a.Id == rapp.Id {
   224  			found1 = true
   225  		}
   226  		if a.Id == rapp2.Id {
   227  			found2 = true
   228  		}
   229  	}
   230  	assert.Truef(t, found1, "missing oauth app %v", rapp.Id)
   231  	assert.Truef(t, found2, "missing oauth app %v", rapp2.Id)
   232  
   233  	apps, resp = AdminClient.GetOAuthApps(1, 1)
   234  	CheckNoError(t, resp)
   235  	require.Equal(t, 1, len(apps), "paging failed")
   236  
   237  	apps, resp = Client.GetOAuthApps(0, 1000)
   238  	CheckNoError(t, resp)
   239  	require.True(t, len(apps) == 1 || apps[0].Id == rapp2.Id, "wrong apps returned")
   240  
   241  	// Revoke permission from regular users.
   242  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
   243  
   244  	_, resp = Client.GetOAuthApps(0, 1000)
   245  	CheckForbiddenStatus(t, resp)
   246  
   247  	Client.Logout()
   248  
   249  	_, resp = Client.GetOAuthApps(0, 1000)
   250  	CheckUnauthorizedStatus(t, resp)
   251  
   252  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
   253  	_, resp = AdminClient.GetOAuthApps(0, 1000)
   254  	CheckNotImplementedStatus(t, resp)
   255  }
   256  
   257  func TestGetOAuthApp(t *testing.T) {
   258  	th := Setup(t)
   259  	defer th.TearDown()
   260  	Client := th.Client
   261  	AdminClient := th.SystemAdminClient
   262  
   263  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   264  	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
   265  	defer func() {
   266  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   267  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
   268  	}()
   269  
   270  	// Grant permission to regular users.
   271  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
   272  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
   273  
   274  	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
   275  
   276  	rapp, resp := AdminClient.CreateOAuthApp(oapp)
   277  	CheckNoError(t, resp)
   278  
   279  	oapp.Name = GenerateTestAppName()
   280  	rapp2, resp := Client.CreateOAuthApp(oapp)
   281  	CheckNoError(t, resp)
   282  
   283  	rrapp, resp := AdminClient.GetOAuthApp(rapp.Id)
   284  	CheckNoError(t, resp)
   285  	assert.Equal(t, rapp.Id, rrapp.Id, "wrong app")
   286  	assert.NotEqual(t, "", rrapp.ClientSecret, "should not be sanitized")
   287  
   288  	rrapp2, resp := AdminClient.GetOAuthApp(rapp2.Id)
   289  	CheckNoError(t, resp)
   290  	assert.Equal(t, rapp2.Id, rrapp2.Id, "wrong app")
   291  	assert.NotEqual(t, "", rrapp2.ClientSecret, "should not be sanitized")
   292  
   293  	_, resp = Client.GetOAuthApp(rapp2.Id)
   294  	CheckNoError(t, resp)
   295  
   296  	_, resp = Client.GetOAuthApp(rapp.Id)
   297  	CheckForbiddenStatus(t, resp)
   298  
   299  	// Revoke permission from regular users.
   300  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
   301  
   302  	_, resp = Client.GetOAuthApp(rapp2.Id)
   303  	CheckForbiddenStatus(t, resp)
   304  
   305  	Client.Logout()
   306  
   307  	_, resp = Client.GetOAuthApp(rapp2.Id)
   308  	CheckUnauthorizedStatus(t, resp)
   309  
   310  	_, resp = AdminClient.GetOAuthApp("junk")
   311  	CheckBadRequestStatus(t, resp)
   312  
   313  	_, resp = AdminClient.GetOAuthApp(model.NewId())
   314  	CheckNotFoundStatus(t, resp)
   315  
   316  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
   317  	_, resp = AdminClient.GetOAuthApp(rapp.Id)
   318  	CheckNotImplementedStatus(t, resp)
   319  }
   320  
   321  func TestGetOAuthAppInfo(t *testing.T) {
   322  	th := Setup(t)
   323  	defer th.TearDown()
   324  	Client := th.Client
   325  	AdminClient := th.SystemAdminClient
   326  
   327  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   328  	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
   329  	defer func() {
   330  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   331  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
   332  	}()
   333  
   334  	// Grant permission to regular users.
   335  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
   336  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
   337  
   338  	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
   339  
   340  	rapp, resp := AdminClient.CreateOAuthApp(oapp)
   341  	CheckNoError(t, resp)
   342  
   343  	oapp.Name = GenerateTestAppName()
   344  	rapp2, resp := Client.CreateOAuthApp(oapp)
   345  	CheckNoError(t, resp)
   346  
   347  	rrapp, resp := AdminClient.GetOAuthAppInfo(rapp.Id)
   348  	CheckNoError(t, resp)
   349  	assert.Equal(t, rapp.Id, rrapp.Id, "wrong app")
   350  	assert.Equal(t, "", rrapp.ClientSecret, "should be sanitized")
   351  
   352  	rrapp2, resp := AdminClient.GetOAuthAppInfo(rapp2.Id)
   353  	CheckNoError(t, resp)
   354  	assert.Equal(t, rapp2.Id, rrapp2.Id, "wrong app")
   355  	assert.Equal(t, "", rrapp2.ClientSecret, "should be sanitized")
   356  
   357  	_, resp = Client.GetOAuthAppInfo(rapp2.Id)
   358  	CheckNoError(t, resp)
   359  
   360  	_, resp = Client.GetOAuthAppInfo(rapp.Id)
   361  	CheckNoError(t, resp)
   362  
   363  	// Revoke permission from regular users.
   364  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
   365  
   366  	_, resp = Client.GetOAuthAppInfo(rapp2.Id)
   367  	CheckNoError(t, resp)
   368  
   369  	Client.Logout()
   370  
   371  	_, resp = Client.GetOAuthAppInfo(rapp2.Id)
   372  	CheckUnauthorizedStatus(t, resp)
   373  
   374  	_, resp = AdminClient.GetOAuthAppInfo("junk")
   375  	CheckBadRequestStatus(t, resp)
   376  
   377  	_, resp = AdminClient.GetOAuthAppInfo(model.NewId())
   378  	CheckNotFoundStatus(t, resp)
   379  
   380  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
   381  	_, resp = AdminClient.GetOAuthAppInfo(rapp.Id)
   382  	CheckNotImplementedStatus(t, resp)
   383  }
   384  
   385  func TestDeleteOAuthApp(t *testing.T) {
   386  	th := Setup(t)
   387  	defer th.TearDown()
   388  	Client := th.Client
   389  	AdminClient := th.SystemAdminClient
   390  
   391  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   392  	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
   393  	defer func() {
   394  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   395  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
   396  	}()
   397  
   398  	// Grant permission to regular users.
   399  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
   400  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
   401  
   402  	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
   403  
   404  	rapp, resp := AdminClient.CreateOAuthApp(oapp)
   405  	CheckNoError(t, resp)
   406  
   407  	oapp.Name = GenerateTestAppName()
   408  	rapp2, resp := Client.CreateOAuthApp(oapp)
   409  	CheckNoError(t, resp)
   410  
   411  	pass, resp := AdminClient.DeleteOAuthApp(rapp.Id)
   412  	CheckNoError(t, resp)
   413  	assert.True(t, pass, "should have passed")
   414  
   415  	_, resp = AdminClient.DeleteOAuthApp(rapp2.Id)
   416  	CheckNoError(t, resp)
   417  
   418  	rapp, resp = AdminClient.CreateOAuthApp(oapp)
   419  	CheckNoError(t, resp)
   420  
   421  	oapp.Name = GenerateTestAppName()
   422  	rapp2, resp = Client.CreateOAuthApp(oapp)
   423  	CheckNoError(t, resp)
   424  
   425  	_, resp = Client.DeleteOAuthApp(rapp.Id)
   426  	CheckForbiddenStatus(t, resp)
   427  
   428  	_, resp = Client.DeleteOAuthApp(rapp2.Id)
   429  	CheckNoError(t, resp)
   430  
   431  	// Revoke permission from regular users.
   432  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
   433  
   434  	_, resp = Client.DeleteOAuthApp(rapp.Id)
   435  	CheckForbiddenStatus(t, resp)
   436  
   437  	Client.Logout()
   438  	_, resp = Client.DeleteOAuthApp(rapp.Id)
   439  	CheckUnauthorizedStatus(t, resp)
   440  
   441  	_, resp = AdminClient.DeleteOAuthApp("junk")
   442  	CheckBadRequestStatus(t, resp)
   443  
   444  	_, resp = AdminClient.DeleteOAuthApp(model.NewId())
   445  	CheckNotFoundStatus(t, resp)
   446  
   447  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
   448  	_, resp = AdminClient.DeleteOAuthApp(rapp.Id)
   449  	CheckNotImplementedStatus(t, resp)
   450  }
   451  
   452  func TestRegenerateOAuthAppSecret(t *testing.T) {
   453  	th := Setup(t)
   454  	defer th.TearDown()
   455  	Client := th.Client
   456  	AdminClient := th.SystemAdminClient
   457  
   458  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   459  	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
   460  	defer func() {
   461  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   462  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
   463  	}()
   464  
   465  	// Grant permission to regular users.
   466  	th.AddPermissionToRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
   467  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
   468  
   469  	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
   470  
   471  	rapp, resp := AdminClient.CreateOAuthApp(oapp)
   472  	CheckNoError(t, resp)
   473  
   474  	oapp.Name = GenerateTestAppName()
   475  	rapp2, resp := Client.CreateOAuthApp(oapp)
   476  	CheckNoError(t, resp)
   477  
   478  	rrapp, resp := AdminClient.RegenerateOAuthAppSecret(rapp.Id)
   479  	CheckNoError(t, resp)
   480  	assert.Equal(t, rrapp.Id, rapp.Id, "wrong app")
   481  	assert.NotEqual(t, rapp.ClientSecret, rrapp.ClientSecret, "secret didn't change")
   482  
   483  	_, resp = AdminClient.RegenerateOAuthAppSecret(rapp2.Id)
   484  	CheckNoError(t, resp)
   485  
   486  	rapp, resp = AdminClient.CreateOAuthApp(oapp)
   487  	CheckNoError(t, resp)
   488  
   489  	oapp.Name = GenerateTestAppName()
   490  	rapp2, resp = Client.CreateOAuthApp(oapp)
   491  	CheckNoError(t, resp)
   492  
   493  	_, resp = Client.RegenerateOAuthAppSecret(rapp.Id)
   494  	CheckForbiddenStatus(t, resp)
   495  
   496  	_, resp = Client.RegenerateOAuthAppSecret(rapp2.Id)
   497  	CheckNoError(t, resp)
   498  
   499  	// Revoke permission from regular users.
   500  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_OAUTH.Id, model.SYSTEM_USER_ROLE_ID)
   501  
   502  	_, resp = Client.RegenerateOAuthAppSecret(rapp.Id)
   503  	CheckForbiddenStatus(t, resp)
   504  
   505  	Client.Logout()
   506  	_, resp = Client.RegenerateOAuthAppSecret(rapp.Id)
   507  	CheckUnauthorizedStatus(t, resp)
   508  
   509  	_, resp = AdminClient.RegenerateOAuthAppSecret("junk")
   510  	CheckBadRequestStatus(t, resp)
   511  
   512  	_, resp = AdminClient.RegenerateOAuthAppSecret(model.NewId())
   513  	CheckNotFoundStatus(t, resp)
   514  
   515  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
   516  	_, resp = AdminClient.RegenerateOAuthAppSecret(rapp.Id)
   517  	CheckNotImplementedStatus(t, resp)
   518  }
   519  
   520  func TestGetAuthorizedOAuthAppsForUser(t *testing.T) {
   521  	th := Setup(t).InitBasic()
   522  	defer th.TearDown()
   523  	Client := th.Client
   524  	AdminClient := th.SystemAdminClient
   525  
   526  	enableOAuth := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
   527  	defer func() {
   528  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth })
   529  	}()
   530  	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
   531  
   532  	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
   533  
   534  	rapp, resp := AdminClient.CreateOAuthApp(oapp)
   535  	CheckNoError(t, resp)
   536  
   537  	authRequest := &model.AuthorizeRequest{
   538  		ResponseType: model.AUTHCODE_RESPONSE_TYPE,
   539  		ClientId:     rapp.Id,
   540  		RedirectUri:  rapp.CallbackUrls[0],
   541  		Scope:        "",
   542  		State:        "123",
   543  	}
   544  
   545  	_, resp = Client.AuthorizeOAuthApp(authRequest)
   546  	CheckNoError(t, resp)
   547  
   548  	apps, resp := Client.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000)
   549  	CheckNoError(t, resp)
   550  
   551  	found := false
   552  	for _, a := range apps {
   553  		if a.Id == rapp.Id {
   554  			found = true
   555  		}
   556  		assert.Equal(t, "", a.ClientSecret, "not sanitized")
   557  	}
   558  	require.True(t, found, "missing app")
   559  
   560  	_, resp = Client.GetAuthorizedOAuthAppsForUser(th.BasicUser2.Id, 0, 1000)
   561  	CheckForbiddenStatus(t, resp)
   562  
   563  	_, resp = Client.GetAuthorizedOAuthAppsForUser("junk", 0, 1000)
   564  	CheckBadRequestStatus(t, resp)
   565  
   566  	Client.Logout()
   567  	_, resp = Client.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000)
   568  	CheckUnauthorizedStatus(t, resp)
   569  
   570  	_, resp = AdminClient.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000)
   571  	CheckNoError(t, resp)
   572  }
   573  
   574  func closeBody(r *http.Response) {
   575  	if r != nil && r.Body != nil {
   576  		ioutil.ReadAll(r.Body)
   577  		r.Body.Close()
   578  	}
   579  }