github.com/mattermost/mattermost-server/v5@v5.39.3/api4/bot_test.go (about) 1 // Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2 // See LICENSE.txt for license information. 3 4 package api4 5 6 import ( 7 "fmt" 8 "io/ioutil" 9 "net/http" 10 "os" 11 "path/filepath" 12 "strings" 13 "testing" 14 15 "github.com/stretchr/testify/require" 16 17 "github.com/mattermost/mattermost-server/v5/model" 18 "github.com/mattermost/mattermost-server/v5/utils/fileutils" 19 "github.com/mattermost/mattermost-server/v5/utils/testutils" 20 ) 21 22 func TestCreateBot(t *testing.T) { 23 t.Run("create bot without permissions", func(t *testing.T) { 24 th := Setup(t) 25 defer th.TearDown() 26 27 th.App.UpdateConfig(func(cfg *model.Config) { 28 *cfg.ServiceSettings.EnableBotAccountCreation = true 29 }) 30 31 _, resp := th.Client.CreateBot(&model.Bot{ 32 Username: GenerateTestUsername(), 33 DisplayName: "a bot", 34 Description: "bot", 35 }) 36 37 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 38 }) 39 40 t.Run("create bot without config permissions", func(t *testing.T) { 41 th := Setup(t).InitBasic() 42 defer th.TearDown() 43 44 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 45 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 46 th.App.Config().ServiceSettings.EnableBotAccountCreation = model.NewBool(false) 47 48 _, resp := th.Client.CreateBot(&model.Bot{ 49 Username: GenerateTestUsername(), 50 DisplayName: "a bot", 51 Description: "bot", 52 }) 53 54 CheckErrorMessage(t, resp, "api.bot.create_disabled") 55 }) 56 57 t.Run("create bot with permissions", func(t *testing.T) { 58 th := Setup(t).InitBasic() 59 defer th.TearDown() 60 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 61 62 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 63 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 64 th.App.UpdateConfig(func(cfg *model.Config) { 65 *cfg.ServiceSettings.EnableBotAccountCreation = true 66 }) 67 68 bot := &model.Bot{ 69 Username: GenerateTestUsername(), 70 DisplayName: "a bot", 71 Description: "bot", 72 } 73 74 createdBot, resp := th.Client.CreateBot(bot) 75 CheckCreatedStatus(t, resp) 76 defer th.App.PermanentDeleteBot(createdBot.UserId) 77 require.Equal(t, bot.Username, createdBot.Username) 78 require.Equal(t, bot.DisplayName, createdBot.DisplayName) 79 require.Equal(t, bot.Description, createdBot.Description) 80 require.Equal(t, th.BasicUser.Id, createdBot.OwnerId) 81 }) 82 83 t.Run("create invalid bot", func(t *testing.T) { 84 th := Setup(t).InitBasic() 85 defer th.TearDown() 86 87 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 88 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 89 th.App.UpdateConfig(func(cfg *model.Config) { 90 *cfg.ServiceSettings.EnableBotAccountCreation = true 91 }) 92 93 _, resp := th.Client.CreateBot(&model.Bot{ 94 Username: "username", 95 DisplayName: "a bot", 96 Description: strings.Repeat("x", 1025), 97 }) 98 99 CheckErrorMessage(t, resp, "model.bot.is_valid.description.app_error") 100 }) 101 102 t.Run("bot attempt to create bot fails", func(t *testing.T) { 103 th := Setup(t).InitBasic() 104 defer th.TearDown() 105 106 th.App.UpdateConfig(func(cfg *model.Config) { 107 *cfg.ServiceSettings.EnableBotAccountCreation = true 108 }) 109 110 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableUserAccessTokens = true }) 111 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 112 th.AddPermissionToRole(model.PERMISSION_EDIT_OTHER_USERS.Id, model.TEAM_USER_ROLE_ID) 113 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 114 115 bot, resp := th.Client.CreateBot(&model.Bot{ 116 Username: GenerateTestUsername(), 117 DisplayName: "a bot", 118 Description: "bot", 119 }) 120 CheckCreatedStatus(t, resp) 121 defer th.App.PermanentDeleteBot(bot.UserId) 122 th.App.UpdateUserRoles(bot.UserId, model.TEAM_USER_ROLE_ID+" "+model.SYSTEM_USER_ACCESS_TOKEN_ROLE_ID, false) 123 124 rtoken, resp := th.Client.CreateUserAccessToken(bot.UserId, "test token") 125 CheckNoError(t, resp) 126 th.Client.AuthToken = rtoken.Token 127 128 _, resp = th.Client.CreateBot(&model.Bot{ 129 Username: GenerateTestUsername(), 130 OwnerId: bot.UserId, 131 DisplayName: "a bot2", 132 Description: "bot2", 133 }) 134 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 135 }) 136 137 } 138 139 func TestPatchBot(t *testing.T) { 140 t.Run("patch non-existent bot", func(t *testing.T) { 141 th := Setup(t) 142 defer th.TearDown() 143 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 144 145 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 146 _, resp := client.PatchBot(model.NewId(), &model.BotPatch{}) 147 CheckNotFoundStatus(t, resp) 148 }) 149 }) 150 151 t.Run("system admin and local client can patch any bot", func(t *testing.T) { 152 th := Setup(t).InitBasic() 153 defer th.TearDown() 154 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 155 156 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 157 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 158 th.App.UpdateConfig(func(cfg *model.Config) { 159 *cfg.ServiceSettings.EnableBotAccountCreation = true 160 }) 161 162 createdBot, resp := th.Client.CreateBot(&model.Bot{ 163 Username: GenerateTestUsername(), 164 DisplayName: "a bot", 165 Description: "bot created by a user", 166 }) 167 CheckCreatedStatus(t, resp) 168 defer th.App.PermanentDeleteBot(createdBot.UserId) 169 170 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 171 botPatch := &model.BotPatch{ 172 Username: sToP(GenerateTestUsername()), 173 DisplayName: sToP("an updated bot"), 174 Description: sToP("updated bot"), 175 } 176 patchedBot, patchResp := client.PatchBot(createdBot.UserId, botPatch) 177 CheckOKStatus(t, patchResp) 178 require.Equal(t, *botPatch.Username, patchedBot.Username) 179 require.Equal(t, *botPatch.DisplayName, patchedBot.DisplayName) 180 require.Equal(t, *botPatch.Description, patchedBot.Description) 181 require.Equal(t, th.BasicUser.Id, patchedBot.OwnerId) 182 }, "bot created by user") 183 184 createdBotSystemAdmin, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 185 Username: GenerateTestUsername(), 186 DisplayName: "another bot", 187 Description: "bot created by system admin user", 188 }) 189 CheckCreatedStatus(t, resp) 190 defer th.App.PermanentDeleteBot(createdBotSystemAdmin.UserId) 191 192 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 193 botPatch := &model.BotPatch{ 194 Username: sToP(GenerateTestUsername()), 195 DisplayName: sToP("an updated bot"), 196 Description: sToP("updated bot"), 197 } 198 patchedBot, patchResp := client.PatchBot(createdBotSystemAdmin.UserId, botPatch) 199 CheckOKStatus(t, patchResp) 200 require.Equal(t, *botPatch.Username, patchedBot.Username) 201 require.Equal(t, *botPatch.DisplayName, patchedBot.DisplayName) 202 require.Equal(t, *botPatch.Description, patchedBot.Description) 203 require.Equal(t, th.SystemAdminUser.Id, patchedBot.OwnerId) 204 }, "bot created by system admin") 205 }) 206 207 t.Run("patch someone else's bot without permission", func(t *testing.T) { 208 th := Setup(t) 209 defer th.TearDown() 210 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 211 212 th.App.UpdateConfig(func(cfg *model.Config) { 213 *cfg.ServiceSettings.EnableBotAccountCreation = true 214 }) 215 216 createdBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 217 Username: GenerateTestUsername(), 218 DisplayName: "a bot", 219 Description: "bot", 220 }) 221 CheckCreatedStatus(t, resp) 222 defer th.App.PermanentDeleteBot(createdBot.UserId) 223 224 _, resp = th.Client.PatchBot(createdBot.UserId, &model.BotPatch{}) 225 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 226 }) 227 228 t.Run("patch someone else's bot without permission, but with read others permission", func(t *testing.T) { 229 th := Setup(t).InitBasic() 230 defer th.TearDown() 231 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 232 233 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 234 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 235 th.App.UpdateConfig(func(cfg *model.Config) { 236 *cfg.ServiceSettings.EnableBotAccountCreation = true 237 }) 238 239 createdBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 240 Username: GenerateTestUsername(), 241 DisplayName: "a bot", 242 Description: "bot", 243 }) 244 CheckCreatedStatus(t, resp) 245 defer th.App.PermanentDeleteBot(createdBot.UserId) 246 247 _, resp = th.Client.PatchBot(createdBot.UserId, &model.BotPatch{}) 248 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 249 }) 250 251 t.Run("patch someone else's bot with permission", func(t *testing.T) { 252 th := Setup(t).InitBasic() 253 defer th.TearDown() 254 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 255 256 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 257 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 258 th.App.UpdateConfig(func(cfg *model.Config) { 259 *cfg.ServiceSettings.EnableBotAccountCreation = true 260 }) 261 262 createdBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 263 Username: GenerateTestUsername(), 264 DisplayName: "a bot", 265 Description: "bot", 266 }) 267 CheckCreatedStatus(t, resp) 268 defer th.App.PermanentDeleteBot(createdBot.UserId) 269 270 botPatch := &model.BotPatch{ 271 Username: sToP(GenerateTestUsername()), 272 DisplayName: sToP("an updated bot"), 273 Description: sToP("updated bot"), 274 } 275 276 patchedBot, resp := th.Client.PatchBot(createdBot.UserId, botPatch) 277 CheckOKStatus(t, resp) 278 require.Equal(t, *botPatch.Username, patchedBot.Username) 279 require.Equal(t, *botPatch.DisplayName, patchedBot.DisplayName) 280 require.Equal(t, *botPatch.Description, patchedBot.Description) 281 require.Equal(t, th.SystemAdminUser.Id, patchedBot.OwnerId) 282 283 // Continue through the bot update process (call UpdateUserRoles), then 284 // get the bot, to make sure the patched bot was correctly saved. 285 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 286 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 287 th.AddPermissionToRole(model.PERMISSION_MANAGE_ROLES.Id, model.TEAM_USER_ROLE_ID) 288 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 289 290 success, resp := th.Client.UpdateUserRoles(createdBot.UserId, model.SYSTEM_USER_ROLE_ID) 291 CheckOKStatus(t, resp) 292 require.True(t, success) 293 294 bots, resp := th.Client.GetBots(0, 2, "") 295 CheckOKStatus(t, resp) 296 require.Len(t, bots, 1) 297 require.Equal(t, []*model.Bot{patchedBot}, bots) 298 }) 299 300 t.Run("patch my bot without permission", func(t *testing.T) { 301 th := Setup(t).InitBasic() 302 defer th.TearDown() 303 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 304 305 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 306 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 307 th.App.UpdateConfig(func(cfg *model.Config) { 308 *cfg.ServiceSettings.EnableBotAccountCreation = true 309 }) 310 311 createdBot, resp := th.Client.CreateBot(&model.Bot{ 312 Username: GenerateTestUsername(), 313 DisplayName: "a bot", 314 Description: "bot", 315 }) 316 CheckCreatedStatus(t, resp) 317 defer th.App.PermanentDeleteBot(createdBot.UserId) 318 319 botPatch := &model.BotPatch{ 320 Username: sToP(GenerateTestUsername()), 321 DisplayName: sToP("an updated bot"), 322 Description: sToP("updated bot"), 323 } 324 325 _, resp = th.Client.PatchBot(createdBot.UserId, botPatch) 326 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 327 }) 328 329 t.Run("patch my bot without permission, but with read permission", func(t *testing.T) { 330 th := Setup(t).InitBasic() 331 defer th.TearDown() 332 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 333 334 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 335 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 336 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 337 th.App.UpdateConfig(func(cfg *model.Config) { 338 *cfg.ServiceSettings.EnableBotAccountCreation = true 339 }) 340 341 createdBot, resp := th.Client.CreateBot(&model.Bot{ 342 Username: GenerateTestUsername(), 343 DisplayName: "a bot", 344 Description: "bot", 345 }) 346 CheckCreatedStatus(t, resp) 347 defer th.App.PermanentDeleteBot(createdBot.UserId) 348 349 botPatch := &model.BotPatch{ 350 Username: sToP(GenerateTestUsername()), 351 DisplayName: sToP("an updated bot"), 352 Description: sToP("updated bot"), 353 } 354 355 _, resp = th.Client.PatchBot(createdBot.UserId, botPatch) 356 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 357 }) 358 359 t.Run("patch my bot with permission", func(t *testing.T) { 360 th := Setup(t).InitBasic() 361 defer th.TearDown() 362 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 363 364 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 365 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 366 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 367 th.App.UpdateConfig(func(cfg *model.Config) { 368 *cfg.ServiceSettings.EnableBotAccountCreation = true 369 }) 370 371 createdBot, resp := th.Client.CreateBot(&model.Bot{ 372 Username: GenerateTestUsername(), 373 DisplayName: "a bot", 374 Description: "bot", 375 }) 376 CheckCreatedStatus(t, resp) 377 defer th.App.PermanentDeleteBot(createdBot.UserId) 378 379 botPatch := &model.BotPatch{ 380 Username: sToP(GenerateTestUsername()), 381 DisplayName: sToP("an updated bot"), 382 Description: sToP("updated bot"), 383 } 384 385 patchedBot, resp := th.Client.PatchBot(createdBot.UserId, botPatch) 386 CheckOKStatus(t, resp) 387 require.Equal(t, *botPatch.Username, patchedBot.Username) 388 require.Equal(t, *botPatch.DisplayName, patchedBot.DisplayName) 389 require.Equal(t, *botPatch.Description, patchedBot.Description) 390 require.Equal(t, th.BasicUser.Id, patchedBot.OwnerId) 391 }) 392 393 t.Run("partial patch my bot with permission", func(t *testing.T) { 394 th := Setup(t).InitBasic() 395 defer th.TearDown() 396 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 397 398 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 399 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 400 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 401 th.App.UpdateConfig(func(cfg *model.Config) { 402 *cfg.ServiceSettings.EnableBotAccountCreation = true 403 }) 404 405 bot := &model.Bot{ 406 Username: GenerateTestUsername(), 407 DisplayName: "a bot", 408 Description: "bot", 409 } 410 411 createdBot, resp := th.Client.CreateBot(bot) 412 CheckCreatedStatus(t, resp) 413 defer th.App.PermanentDeleteBot(createdBot.UserId) 414 415 botPatch := &model.BotPatch{ 416 Username: sToP(GenerateTestUsername()), 417 } 418 419 patchedBot, resp := th.Client.PatchBot(createdBot.UserId, botPatch) 420 CheckOKStatus(t, resp) 421 require.Equal(t, *botPatch.Username, patchedBot.Username) 422 require.Equal(t, bot.DisplayName, patchedBot.DisplayName) 423 require.Equal(t, bot.Description, patchedBot.Description) 424 require.Equal(t, th.BasicUser.Id, patchedBot.OwnerId) 425 }) 426 427 t.Run("update bot, internally managed fields ignored", func(t *testing.T) { 428 th := Setup(t).InitBasic() 429 defer th.TearDown() 430 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 431 432 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 433 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 434 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 435 th.App.UpdateConfig(func(cfg *model.Config) { 436 *cfg.ServiceSettings.EnableBotAccountCreation = true 437 }) 438 439 createdBot, resp := th.Client.CreateBot(&model.Bot{ 440 Username: GenerateTestUsername(), 441 DisplayName: "a bot", 442 Description: "bot", 443 }) 444 CheckCreatedStatus(t, resp) 445 defer th.App.PermanentDeleteBot(createdBot.UserId) 446 447 r, err := th.Client.DoApiPut(th.Client.GetBotRoute(createdBot.UserId), `{"creator_id":"`+th.BasicUser2.Id+`"}`) 448 require.Nil(t, err) 449 defer func() { 450 _, _ = ioutil.ReadAll(r.Body) 451 _ = r.Body.Close() 452 }() 453 patchedBot := model.BotFromJson(r.Body) 454 resp = model.BuildResponse(r) 455 CheckOKStatus(t, resp) 456 457 require.Equal(t, th.BasicUser.Id, patchedBot.OwnerId) 458 }) 459 } 460 461 func TestGetBot(t *testing.T) { 462 th := Setup(t).InitBasic() 463 defer th.TearDown() 464 465 th.App.UpdateConfig(func(cfg *model.Config) { 466 *cfg.ServiceSettings.EnableBotAccountCreation = true 467 }) 468 469 bot1, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 470 Username: GenerateTestUsername(), 471 DisplayName: "a bot", 472 Description: "the first bot", 473 }) 474 CheckCreatedStatus(t, resp) 475 defer th.App.PermanentDeleteBot(bot1.UserId) 476 477 bot2, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 478 Username: GenerateTestUsername(), 479 DisplayName: "another bot", 480 Description: "the second bot", 481 }) 482 CheckCreatedStatus(t, resp) 483 defer th.App.PermanentDeleteBot(bot2.UserId) 484 485 deletedBot, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 486 Username: GenerateTestUsername(), 487 Description: "a deleted bot", 488 }) 489 CheckCreatedStatus(t, resp) 490 defer th.App.PermanentDeleteBot(deletedBot.UserId) 491 deletedBot, resp = th.SystemAdminClient.DisableBot(deletedBot.UserId) 492 CheckOKStatus(t, resp) 493 494 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 495 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 496 th.App.UpdateConfig(func(cfg *model.Config) { 497 *cfg.ServiceSettings.EnableBotAccountCreation = true 498 }) 499 500 myBot, resp := th.Client.CreateBot(&model.Bot{ 501 Username: GenerateTestUsername(), 502 DisplayName: "my bot", 503 Description: "a bot created by non-admin", 504 }) 505 CheckCreatedStatus(t, resp) 506 defer th.App.PermanentDeleteBot(myBot.UserId) 507 th.RemovePermissionFromRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 508 509 t.Run("get unknown bot", func(t *testing.T) { 510 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 511 512 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 513 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 514 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 515 516 _, resp := th.Client.GetBot(model.NewId(), "") 517 CheckNotFoundStatus(t, resp) 518 }) 519 520 t.Run("get bot1", func(t *testing.T) { 521 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 522 523 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 524 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 525 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 526 527 bot, resp := th.Client.GetBot(bot1.UserId, "") 528 CheckOKStatus(t, resp) 529 require.Equal(t, bot1, bot) 530 531 bot, resp = th.Client.GetBot(bot1.UserId, bot.Etag()) 532 CheckEtag(t, bot, resp) 533 }) 534 535 t.Run("get bot2", func(t *testing.T) { 536 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 537 538 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 539 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 540 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 541 542 bot, resp := th.Client.GetBot(bot2.UserId, "") 543 CheckOKStatus(t, resp) 544 require.Equal(t, bot2, bot) 545 546 bot, resp = th.Client.GetBot(bot2.UserId, bot.Etag()) 547 CheckEtag(t, bot, resp) 548 }) 549 550 t.Run("get bot1 without READ_OTHERS_BOTS permission", func(t *testing.T) { 551 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 552 553 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 554 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 555 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 556 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 557 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 558 559 _, resp := th.Client.GetBot(bot1.UserId, "") 560 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 561 }) 562 563 t.Run("get myBot without READ_BOTS OR READ_OTHERS_BOTS permissions", func(t *testing.T) { 564 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 565 566 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 567 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 568 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 569 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 570 571 _, resp := th.Client.GetBot(myBot.UserId, "") 572 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 573 }) 574 575 t.Run("get deleted bot", func(t *testing.T) { 576 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 577 578 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 579 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 580 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 581 582 _, resp := th.Client.GetBot(deletedBot.UserId, "") 583 CheckNotFoundStatus(t, resp) 584 }) 585 586 t.Run("get deleted bot, include deleted", func(t *testing.T) { 587 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 588 589 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 590 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 591 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 592 593 bot, resp := th.Client.GetBotIncludeDeleted(deletedBot.UserId, "") 594 CheckOKStatus(t, resp) 595 require.NotEqual(t, 0, bot.DeleteAt) 596 deletedBot.UpdateAt = bot.UpdateAt 597 deletedBot.DeleteAt = bot.DeleteAt 598 require.Equal(t, deletedBot, bot) 599 600 bot, resp = th.Client.GetBotIncludeDeleted(deletedBot.UserId, bot.Etag()) 601 CheckEtag(t, bot, resp) 602 }) 603 } 604 605 func TestGetBots(t *testing.T) { 606 th := Setup(t).InitBasic() 607 defer th.TearDown() 608 609 th.App.UpdateConfig(func(cfg *model.Config) { 610 *cfg.ServiceSettings.EnableBotAccountCreation = true 611 }) 612 613 bot1, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 614 Username: GenerateTestUsername(), 615 DisplayName: "a bot", 616 Description: "the first bot", 617 }) 618 CheckCreatedStatus(t, resp) 619 defer th.App.PermanentDeleteBot(bot1.UserId) 620 621 deletedBot1, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 622 Username: GenerateTestUsername(), 623 Description: "a deleted bot", 624 }) 625 CheckCreatedStatus(t, resp) 626 defer th.App.PermanentDeleteBot(deletedBot1.UserId) 627 deletedBot1, resp = th.SystemAdminClient.DisableBot(deletedBot1.UserId) 628 CheckOKStatus(t, resp) 629 630 bot2, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 631 Username: GenerateTestUsername(), 632 DisplayName: "another bot", 633 Description: "the second bot", 634 }) 635 CheckCreatedStatus(t, resp) 636 defer th.App.PermanentDeleteBot(bot2.UserId) 637 638 bot3, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 639 Username: GenerateTestUsername(), 640 DisplayName: "another bot", 641 Description: "the third bot", 642 }) 643 CheckCreatedStatus(t, resp) 644 defer th.App.PermanentDeleteBot(bot3.UserId) 645 646 deletedBot2, resp := th.SystemAdminClient.CreateBot(&model.Bot{ 647 Username: GenerateTestUsername(), 648 Description: "a deleted bot", 649 }) 650 CheckCreatedStatus(t, resp) 651 defer th.App.PermanentDeleteBot(deletedBot2.UserId) 652 deletedBot2, resp = th.SystemAdminClient.DisableBot(deletedBot2.UserId) 653 CheckOKStatus(t, resp) 654 655 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 656 th.App.UpdateUserRoles(th.BasicUser2.Id, model.TEAM_USER_ROLE_ID, false) 657 th.LoginBasic2() 658 orphanedBot, resp := th.Client.CreateBot(&model.Bot{ 659 Username: GenerateTestUsername(), 660 Description: "an oprphaned bot", 661 }) 662 CheckCreatedStatus(t, resp) 663 th.LoginBasic() 664 defer th.App.PermanentDeleteBot(orphanedBot.UserId) 665 // Automatic deactivation disabled 666 th.App.UpdateConfig(func(cfg *model.Config) { 667 *cfg.ServiceSettings.DisableBotsWhenOwnerIsDeactivated = false 668 }) 669 _, resp = th.SystemAdminClient.DeleteUser(th.BasicUser2.Id) 670 CheckOKStatus(t, resp) 671 672 t.Run("get bots, page=0, perPage=10", func(t *testing.T) { 673 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 674 675 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 676 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 677 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 678 679 expectedBotList := []*model.Bot{bot1, bot2, bot3, orphanedBot} 680 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 681 bots, resp := client.GetBots(0, 10, "") 682 CheckOKStatus(t, resp) 683 require.Equal(t, expectedBotList, bots) 684 }) 685 686 botList := model.BotList(expectedBotList) 687 bots, resp := th.Client.GetBots(0, 10, botList.Etag()) 688 CheckEtag(t, bots, resp) 689 }) 690 691 t.Run("get bots, page=0, perPage=1", func(t *testing.T) { 692 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 693 694 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 695 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 696 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 697 698 expectedBotList := []*model.Bot{bot1} 699 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 700 bots, resp := client.GetBots(0, 1, "") 701 CheckOKStatus(t, resp) 702 require.Equal(t, expectedBotList, bots) 703 }) 704 705 botList := model.BotList(expectedBotList) 706 bots, resp := th.Client.GetBots(0, 1, botList.Etag()) 707 CheckEtag(t, bots, resp) 708 }) 709 710 t.Run("get bots, page=1, perPage=2", func(t *testing.T) { 711 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 712 713 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 714 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 715 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 716 717 expectedBotList := []*model.Bot{bot3, orphanedBot} 718 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 719 bots, resp := client.GetBots(1, 2, "") 720 CheckOKStatus(t, resp) 721 require.Equal(t, expectedBotList, bots) 722 }) 723 724 botList := model.BotList(expectedBotList) 725 bots, resp := th.Client.GetBots(1, 2, botList.Etag()) 726 CheckEtag(t, bots, resp) 727 }) 728 729 t.Run("get bots, page=2, perPage=2", func(t *testing.T) { 730 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 731 732 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 733 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 734 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 735 736 expectedBotList := []*model.Bot{} 737 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 738 bots, resp := client.GetBots(2, 2, "") 739 CheckOKStatus(t, resp) 740 require.Equal(t, expectedBotList, bots) 741 }) 742 743 botList := model.BotList(expectedBotList) 744 bots, resp := th.Client.GetBots(2, 2, botList.Etag()) 745 CheckEtag(t, bots, resp) 746 }) 747 748 t.Run("get bots, page=0, perPage=10, include deleted", func(t *testing.T) { 749 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 750 751 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 752 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 753 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 754 755 expectedBotList := []*model.Bot{bot1, deletedBot1, bot2, bot3, deletedBot2, orphanedBot} 756 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 757 bots, resp := client.GetBotsIncludeDeleted(0, 10, "") 758 CheckOKStatus(t, resp) 759 require.Equal(t, expectedBotList, bots) 760 }) 761 762 botList := model.BotList(expectedBotList) 763 bots, resp := th.Client.GetBotsIncludeDeleted(0, 10, botList.Etag()) 764 CheckEtag(t, bots, resp) 765 }) 766 767 t.Run("get bots, page=0, perPage=1, include deleted", func(t *testing.T) { 768 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 769 770 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 771 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 772 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 773 774 expectedBotList := []*model.Bot{bot1} 775 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 776 bots, resp := client.GetBotsIncludeDeleted(0, 1, "") 777 CheckOKStatus(t, resp) 778 require.Equal(t, expectedBotList, bots) 779 }) 780 781 botList := model.BotList(expectedBotList) 782 bots, resp := th.Client.GetBotsIncludeDeleted(0, 1, botList.Etag()) 783 CheckEtag(t, bots, resp) 784 }) 785 786 t.Run("get bots, page=1, perPage=2, include deleted", func(t *testing.T) { 787 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 788 789 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 790 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 791 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 792 793 expectedBotList := []*model.Bot{bot2, bot3} 794 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 795 bots, resp := client.GetBotsIncludeDeleted(1, 2, "") 796 CheckOKStatus(t, resp) 797 require.Equal(t, expectedBotList, bots) 798 }) 799 800 botList := model.BotList(expectedBotList) 801 bots, resp := th.Client.GetBotsIncludeDeleted(1, 2, botList.Etag()) 802 CheckEtag(t, bots, resp) 803 }) 804 805 t.Run("get bots, page=2, perPage=2, include deleted", func(t *testing.T) { 806 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 807 808 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 809 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 810 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 811 812 expectedBotList := []*model.Bot{deletedBot2, orphanedBot} 813 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 814 bots, resp := client.GetBotsIncludeDeleted(2, 2, "") 815 CheckOKStatus(t, resp) 816 require.Equal(t, expectedBotList, bots) 817 }) 818 819 botList := model.BotList(expectedBotList) 820 bots, resp := th.Client.GetBotsIncludeDeleted(2, 2, botList.Etag()) 821 CheckEtag(t, bots, resp) 822 }) 823 824 t.Run("get bots, page=0, perPage=10, only orphaned", func(t *testing.T) { 825 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 826 827 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 828 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 829 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 830 831 expectedBotList := []*model.Bot{orphanedBot} 832 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 833 bots, resp := client.GetBotsOrphaned(0, 10, "") 834 CheckOKStatus(t, resp) 835 require.Equal(t, expectedBotList, bots) 836 }) 837 838 botList := model.BotList(expectedBotList) 839 bots, resp := th.Client.GetBotsOrphaned(0, 10, botList.Etag()) 840 CheckEtag(t, bots, resp) 841 }) 842 843 t.Run("get bots without permission", func(t *testing.T) { 844 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 845 846 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 847 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 848 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.TEAM_USER_ROLE_ID) 849 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 850 851 _, resp := th.Client.GetBots(0, 10, "") 852 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 853 }) 854 } 855 856 func TestDisableBot(t *testing.T) { 857 t.Run("disable non-existent bot", func(t *testing.T) { 858 th := Setup(t).InitBasic() 859 defer th.TearDown() 860 861 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 862 _, resp := client.DisableBot(model.NewId()) 863 CheckNotFoundStatus(t, resp) 864 }) 865 }) 866 867 t.Run("disable bot without permission", func(t *testing.T) { 868 th := Setup(t).InitBasic() 869 defer th.TearDown() 870 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 871 872 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 873 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 874 th.App.UpdateConfig(func(cfg *model.Config) { 875 *cfg.ServiceSettings.EnableBotAccountCreation = true 876 }) 877 878 bot := &model.Bot{ 879 Username: GenerateTestUsername(), 880 Description: "bot", 881 } 882 883 createdBot, resp := th.Client.CreateBot(bot) 884 CheckCreatedStatus(t, resp) 885 defer th.App.PermanentDeleteBot(createdBot.UserId) 886 887 _, resp = th.Client.DisableBot(createdBot.UserId) 888 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 889 }) 890 891 t.Run("disable bot without permission, but with read permission", func(t *testing.T) { 892 th := Setup(t).InitBasic() 893 defer th.TearDown() 894 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 895 896 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 897 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 898 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 899 th.App.UpdateConfig(func(cfg *model.Config) { 900 *cfg.ServiceSettings.EnableBotAccountCreation = true 901 }) 902 903 bot := &model.Bot{ 904 Username: GenerateTestUsername(), 905 Description: "bot", 906 } 907 908 createdBot, resp := th.Client.CreateBot(bot) 909 CheckCreatedStatus(t, resp) 910 defer th.App.PermanentDeleteBot(createdBot.UserId) 911 912 _, resp = th.Client.DisableBot(createdBot.UserId) 913 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 914 }) 915 916 t.Run("disable bot with permission", func(t *testing.T) { 917 th := Setup(t).InitBasic() 918 defer th.TearDown() 919 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 920 921 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 922 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 923 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 924 th.App.UpdateConfig(func(cfg *model.Config) { 925 *cfg.ServiceSettings.EnableBotAccountCreation = true 926 }) 927 928 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 929 bot, resp := th.Client.CreateBot(&model.Bot{ 930 Username: GenerateTestUsername(), 931 Description: "bot", 932 }) 933 CheckCreatedStatus(t, resp) 934 defer th.App.PermanentDeleteBot(bot.UserId) 935 936 disabledBot, resp := client.DisableBot(bot.UserId) 937 CheckOKStatus(t, resp) 938 bot.UpdateAt = disabledBot.UpdateAt 939 bot.DeleteAt = disabledBot.DeleteAt 940 require.Equal(t, bot, disabledBot) 941 942 // Check bot disabled 943 disab, resp := th.SystemAdminClient.GetBotIncludeDeleted(bot.UserId, "") 944 CheckOKStatus(t, resp) 945 require.NotZero(t, disab.DeleteAt) 946 947 // Disabling should be idempotent. 948 disabledBot2, resp := client.DisableBot(bot.UserId) 949 CheckOKStatus(t, resp) 950 require.Equal(t, bot, disabledBot2) 951 }) 952 }) 953 } 954 func TestEnableBot(t *testing.T) { 955 t.Run("enable non-existent bot", func(t *testing.T) { 956 th := Setup(t).InitBasic() 957 defer th.TearDown() 958 959 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 960 _, resp := th.Client.EnableBot(model.NewId()) 961 CheckNotFoundStatus(t, resp) 962 }) 963 }) 964 965 t.Run("enable bot without permission", func(t *testing.T) { 966 th := Setup(t).InitBasic() 967 defer th.TearDown() 968 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 969 970 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 971 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 972 th.App.UpdateConfig(func(cfg *model.Config) { 973 *cfg.ServiceSettings.EnableBotAccountCreation = true 974 }) 975 976 bot := &model.Bot{ 977 Username: GenerateTestUsername(), 978 Description: "bot", 979 } 980 981 createdBot, resp := th.Client.CreateBot(bot) 982 CheckCreatedStatus(t, resp) 983 defer th.App.PermanentDeleteBot(createdBot.UserId) 984 985 _, resp = th.SystemAdminClient.DisableBot(createdBot.UserId) 986 CheckOKStatus(t, resp) 987 988 _, resp = th.Client.EnableBot(createdBot.UserId) 989 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 990 }) 991 992 t.Run("enable bot without permission, but with read permission", func(t *testing.T) { 993 th := Setup(t).InitBasic() 994 defer th.TearDown() 995 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 996 997 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 998 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.TEAM_USER_ROLE_ID) 999 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 1000 th.App.UpdateConfig(func(cfg *model.Config) { 1001 *cfg.ServiceSettings.EnableBotAccountCreation = true 1002 }) 1003 1004 bot := &model.Bot{ 1005 Username: GenerateTestUsername(), 1006 Description: "bot", 1007 } 1008 1009 createdBot, resp := th.Client.CreateBot(bot) 1010 CheckCreatedStatus(t, resp) 1011 defer th.App.PermanentDeleteBot(createdBot.UserId) 1012 1013 _, resp = th.SystemAdminClient.DisableBot(createdBot.UserId) 1014 CheckOKStatus(t, resp) 1015 1016 _, resp = th.Client.EnableBot(createdBot.UserId) 1017 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 1018 }) 1019 1020 t.Run("enable bot with permission", func(t *testing.T) { 1021 th := Setup(t).InitBasic() 1022 defer th.TearDown() 1023 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 1024 1025 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 1026 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.TEAM_USER_ROLE_ID) 1027 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 1028 th.App.UpdateConfig(func(cfg *model.Config) { 1029 *cfg.ServiceSettings.EnableBotAccountCreation = true 1030 }) 1031 1032 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 1033 bot, resp := th.Client.CreateBot(&model.Bot{ 1034 Username: GenerateTestUsername(), 1035 Description: "bot", 1036 }) 1037 CheckCreatedStatus(t, resp) 1038 defer th.App.PermanentDeleteBot(bot.UserId) 1039 1040 _, resp = th.SystemAdminClient.DisableBot(bot.UserId) 1041 CheckOKStatus(t, resp) 1042 1043 enabledBot1, resp := client.EnableBot(bot.UserId) 1044 CheckOKStatus(t, resp) 1045 bot.UpdateAt = enabledBot1.UpdateAt 1046 bot.DeleteAt = enabledBot1.DeleteAt 1047 require.Equal(t, bot, enabledBot1) 1048 1049 // Check bot enabled 1050 enab, resp := th.SystemAdminClient.GetBotIncludeDeleted(bot.UserId, "") 1051 CheckOKStatus(t, resp) 1052 require.Zero(t, enab.DeleteAt) 1053 1054 // Disabling should be idempotent. 1055 enabledBot2, resp := client.EnableBot(bot.UserId) 1056 CheckOKStatus(t, resp) 1057 require.Equal(t, bot, enabledBot2) 1058 }) 1059 }) 1060 } 1061 1062 func TestAssignBot(t *testing.T) { 1063 th := Setup(t).InitBasic() 1064 defer th.TearDown() 1065 1066 t.Run("claim non-existent bot", func(t *testing.T) { 1067 th.TestForAllClients(t, func(t *testing.T, client *model.Client4) { 1068 _, resp := client.AssignBot(model.NewId(), model.NewId()) 1069 CheckNotFoundStatus(t, resp) 1070 }) 1071 }) 1072 1073 t.Run("system admin and local mode assign bot", func(t *testing.T) { 1074 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 1075 1076 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 1077 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1078 th.App.UpdateConfig(func(cfg *model.Config) { 1079 *cfg.ServiceSettings.EnableBotAccountCreation = true 1080 }) 1081 1082 bot := &model.Bot{ 1083 Username: GenerateTestUsername(), 1084 Description: "bot", 1085 } 1086 bot, resp := th.Client.CreateBot(bot) 1087 CheckCreatedStatus(t, resp) 1088 defer th.App.PermanentDeleteBot(bot.UserId) 1089 1090 before, resp := th.Client.GetBot(bot.UserId, "") 1091 CheckOKStatus(t, resp) 1092 require.Equal(t, th.BasicUser.Id, before.OwnerId) 1093 1094 _, resp = th.SystemAdminClient.AssignBot(bot.UserId, th.SystemAdminUser.Id) 1095 CheckOKStatus(t, resp) 1096 1097 // Original owner doesn't have read others bots permission, therefore can't see bot anymore 1098 _, resp = th.Client.GetBot(bot.UserId, "") 1099 CheckNotFoundStatus(t, resp) 1100 1101 // System admin can see creator ID has changed 1102 after, resp := th.SystemAdminClient.GetBot(bot.UserId, "") 1103 CheckOKStatus(t, resp) 1104 require.Equal(t, th.SystemAdminUser.Id, after.OwnerId) 1105 1106 // Assign back to user without permissions to manage, using local mode 1107 _, resp = th.LocalClient.AssignBot(bot.UserId, th.BasicUser.Id) 1108 CheckOKStatus(t, resp) 1109 1110 after, resp = th.SystemAdminClient.GetBot(bot.UserId, "") 1111 CheckOKStatus(t, resp) 1112 require.Equal(t, th.BasicUser.Id, after.OwnerId) 1113 }) 1114 1115 t.Run("random user assign bot", func(t *testing.T) { 1116 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 1117 1118 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 1119 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1120 th.App.UpdateConfig(func(cfg *model.Config) { 1121 *cfg.ServiceSettings.EnableBotAccountCreation = true 1122 }) 1123 1124 bot := &model.Bot{ 1125 Username: GenerateTestUsername(), 1126 Description: "bot", 1127 } 1128 createdBot, resp := th.Client.CreateBot(bot) 1129 CheckCreatedStatus(t, resp) 1130 defer th.App.PermanentDeleteBot(createdBot.UserId) 1131 1132 th.LoginBasic2() 1133 1134 // Without permission to read others bots it doesn't exist 1135 _, resp = th.Client.AssignBot(createdBot.UserId, th.BasicUser2.Id) 1136 CheckErrorMessage(t, resp, "store.sql_bot.get.missing.app_error") 1137 1138 // With permissions to read we don't have permissions to modify 1139 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1140 _, resp = th.Client.AssignBot(createdBot.UserId, th.BasicUser2.Id) 1141 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 1142 1143 th.LoginBasic() 1144 }) 1145 1146 t.Run("delegated user assign bot", func(t *testing.T) { 1147 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 1148 1149 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 1150 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1151 th.App.UpdateConfig(func(cfg *model.Config) { 1152 *cfg.ServiceSettings.EnableBotAccountCreation = true 1153 }) 1154 1155 bot := &model.Bot{ 1156 Username: GenerateTestUsername(), 1157 Description: "bot", 1158 } 1159 bot, resp := th.Client.CreateBot(bot) 1160 CheckCreatedStatus(t, resp) 1161 defer th.App.PermanentDeleteBot(bot.UserId) 1162 1163 // Simulate custom role by just changing the system user role 1164 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 1165 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1166 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1167 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1168 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1169 th.LoginBasic2() 1170 1171 _, resp = th.Client.AssignBot(bot.UserId, th.BasicUser2.Id) 1172 CheckOKStatus(t, resp) 1173 1174 after, resp := th.SystemAdminClient.GetBot(bot.UserId, "") 1175 CheckOKStatus(t, resp) 1176 require.Equal(t, th.BasicUser2.Id, after.OwnerId) 1177 }) 1178 1179 t.Run("bot assigned to bot fails", func(t *testing.T) { 1180 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 1181 1182 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 1183 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1184 th.AddPermissionToRole(model.PERMISSION_READ_OTHERS_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1185 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1186 th.AddPermissionToRole(model.PERMISSION_MANAGE_OTHERS_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1187 1188 bot := &model.Bot{ 1189 Username: GenerateTestUsername(), 1190 Description: "bot", 1191 } 1192 bot, resp := th.Client.CreateBot(bot) 1193 CheckCreatedStatus(t, resp) 1194 defer th.App.PermanentDeleteBot(bot.UserId) 1195 1196 bot2, resp := th.Client.CreateBot(&model.Bot{ 1197 Username: GenerateTestUsername(), 1198 DisplayName: "a bot", 1199 Description: "bot", 1200 }) 1201 1202 CheckCreatedStatus(t, resp) 1203 defer th.App.PermanentDeleteBot(bot2.UserId) 1204 1205 _, resp = th.Client.AssignBot(bot.UserId, bot2.UserId) 1206 CheckErrorMessage(t, resp, "api.context.permissions.app_error") 1207 1208 }) 1209 } 1210 1211 func TestSetBotIconImage(t *testing.T) { 1212 th := Setup(t).InitBasic() 1213 defer th.TearDown() 1214 user := th.BasicUser 1215 1216 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 1217 1218 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 1219 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1220 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1221 th.App.UpdateConfig(func(cfg *model.Config) { 1222 *cfg.ServiceSettings.EnableBotAccountCreation = true 1223 }) 1224 1225 bot := &model.Bot{ 1226 Username: GenerateTestUsername(), 1227 Description: "bot", 1228 } 1229 bot, resp := th.Client.CreateBot(bot) 1230 CheckCreatedStatus(t, resp) 1231 defer th.App.PermanentDeleteBot(bot.UserId) 1232 1233 badData, err := testutils.ReadTestFile("test.png") 1234 require.NoError(t, err) 1235 1236 goodData, err := testutils.ReadTestFile("test.svg") 1237 require.NoError(t, err) 1238 1239 // SetBotIconImage only allowed for bots 1240 _, resp = th.SystemAdminClient.SetBotIconImage(user.Id, goodData) 1241 CheckNotFoundStatus(t, resp) 1242 1243 // png/jpg is not allowed 1244 ok, resp := th.Client.SetBotIconImage(bot.UserId, badData) 1245 require.False(t, ok, "Should return false, set icon image only allows svg") 1246 CheckBadRequestStatus(t, resp) 1247 1248 ok, resp = th.Client.SetBotIconImage(model.NewId(), badData) 1249 require.False(t, ok, "Should return false, set icon image not allowed") 1250 CheckNotFoundStatus(t, resp) 1251 1252 _, resp = th.Client.SetBotIconImage(bot.UserId, goodData) 1253 CheckNoError(t, resp) 1254 1255 // status code returns either forbidden or unauthorized 1256 // note: forbidden is set as default at Client4.SetBotIconImage when request is terminated early by server 1257 th.Client.Logout() 1258 _, resp = th.Client.SetBotIconImage(bot.UserId, badData) 1259 if resp.StatusCode == http.StatusForbidden { 1260 CheckForbiddenStatus(t, resp) 1261 } else if resp.StatusCode == http.StatusUnauthorized { 1262 CheckUnauthorizedStatus(t, resp) 1263 } else { 1264 require.Fail(t, "Should have failed either forbidden or unauthorized") 1265 } 1266 1267 _, resp = th.SystemAdminClient.SetBotIconImage(bot.UserId, goodData) 1268 CheckNoError(t, resp) 1269 1270 fpath := fmt.Sprintf("/bots/%v/icon.svg", bot.UserId) 1271 actualData, appErr := th.App.ReadFile(fpath) 1272 require.Nil(t, appErr) 1273 require.NotNil(t, actualData) 1274 require.Equal(t, goodData, actualData) 1275 1276 info := &model.FileInfo{Path: fpath} 1277 err = th.cleanupTestFile(info) 1278 require.NoError(t, err) 1279 } 1280 1281 func TestGetBotIconImage(t *testing.T) { 1282 th := Setup(t) 1283 defer th.TearDown() 1284 1285 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 1286 1287 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 1288 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1289 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1290 th.App.UpdateConfig(func(cfg *model.Config) { 1291 *cfg.ServiceSettings.EnableBotAccountCreation = true 1292 }) 1293 1294 bot := &model.Bot{ 1295 Username: GenerateTestUsername(), 1296 Description: "bot", 1297 } 1298 bot, resp := th.Client.CreateBot(bot) 1299 CheckCreatedStatus(t, resp) 1300 defer th.App.PermanentDeleteBot(bot.UserId) 1301 1302 // Get icon image for user with no icon 1303 data, resp := th.Client.GetBotIconImage(bot.UserId) 1304 CheckNotFoundStatus(t, resp) 1305 require.Equal(t, 0, len(data)) 1306 1307 // Set an icon image 1308 path, _ := fileutils.FindDir("tests") 1309 svgFile, fileErr := os.Open(filepath.Join(path, "test.svg")) 1310 require.NoError(t, fileErr) 1311 defer svgFile.Close() 1312 1313 expectedData, err := ioutil.ReadAll(svgFile) 1314 require.NoError(t, err) 1315 1316 svgFile.Seek(0, 0) 1317 fpath := fmt.Sprintf("/bots/%v/icon.svg", bot.UserId) 1318 _, appErr := th.App.WriteFile(svgFile, fpath) 1319 require.Nil(t, appErr) 1320 1321 data, resp = th.Client.GetBotIconImage(bot.UserId) 1322 CheckNoError(t, resp) 1323 require.Equal(t, expectedData, data) 1324 1325 _, resp = th.Client.GetBotIconImage("junk") 1326 CheckBadRequestStatus(t, resp) 1327 1328 _, resp = th.Client.GetBotIconImage(model.NewId()) 1329 CheckNotFoundStatus(t, resp) 1330 1331 th.Client.Logout() 1332 _, resp = th.Client.GetBotIconImage(bot.UserId) 1333 CheckUnauthorizedStatus(t, resp) 1334 1335 _, resp = th.SystemAdminClient.GetBotIconImage(bot.UserId) 1336 CheckNoError(t, resp) 1337 1338 info := &model.FileInfo{Path: "/bots/" + bot.UserId + "/icon.svg"} 1339 err = th.cleanupTestFile(info) 1340 require.NoError(t, err) 1341 } 1342 1343 func TestDeleteBotIconImage(t *testing.T) { 1344 th := Setup(t) 1345 defer th.TearDown() 1346 1347 defer th.RestoreDefaultRolePermissions(th.SaveDefaultRolePermissions()) 1348 1349 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.SYSTEM_USER_ROLE_ID) 1350 th.AddPermissionToRole(model.PERMISSION_MANAGE_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1351 th.AddPermissionToRole(model.PERMISSION_READ_BOTS.Id, model.SYSTEM_USER_ROLE_ID) 1352 th.App.UpdateConfig(func(cfg *model.Config) { 1353 *cfg.ServiceSettings.EnableBotAccountCreation = true 1354 }) 1355 1356 bot := &model.Bot{ 1357 Username: GenerateTestUsername(), 1358 Description: "bot", 1359 } 1360 bot, resp := th.Client.CreateBot(bot) 1361 CheckCreatedStatus(t, resp) 1362 defer th.App.PermanentDeleteBot(bot.UserId) 1363 1364 // Get icon image for user with no icon 1365 data, resp := th.Client.GetBotIconImage(bot.UserId) 1366 CheckNotFoundStatus(t, resp) 1367 require.Equal(t, 0, len(data)) 1368 1369 // Set an icon image 1370 svgData, err := testutils.ReadTestFile("test.svg") 1371 require.NoError(t, err) 1372 1373 _, resp = th.Client.SetBotIconImage(bot.UserId, svgData) 1374 CheckNoError(t, resp) 1375 1376 fpath := fmt.Sprintf("/bots/%v/icon.svg", bot.UserId) 1377 exists, appErr := th.App.FileExists(fpath) 1378 require.Nil(t, appErr) 1379 require.True(t, exists, "icon.svg needs to exist for the user") 1380 1381 data, resp = th.Client.GetBotIconImage(bot.UserId) 1382 CheckNoError(t, resp) 1383 require.Equal(t, svgData, data) 1384 1385 success, resp := th.Client.DeleteBotIconImage("junk") 1386 CheckBadRequestStatus(t, resp) 1387 require.False(t, success) 1388 1389 success, resp = th.Client.DeleteBotIconImage(model.NewId()) 1390 CheckNotFoundStatus(t, resp) 1391 require.False(t, success) 1392 1393 success, resp = th.Client.DeleteBotIconImage(bot.UserId) 1394 CheckNoError(t, resp) 1395 require.True(t, success) 1396 1397 th.Client.Logout() 1398 success, resp = th.Client.DeleteBotIconImage(bot.UserId) 1399 CheckUnauthorizedStatus(t, resp) 1400 require.False(t, success) 1401 1402 exists, appErr = th.App.FileExists(fpath) 1403 require.Nil(t, appErr) 1404 require.False(t, exists, "icon.svg should not for the user") 1405 } 1406 1407 func TestConvertBotToUser(t *testing.T) { 1408 th := Setup(t).InitBasic() 1409 defer th.TearDown() 1410 1411 th.AddPermissionToRole(model.PERMISSION_CREATE_BOT.Id, model.TEAM_USER_ROLE_ID) 1412 th.App.UpdateUserRoles(th.BasicUser.Id, model.TEAM_USER_ROLE_ID, false) 1413 th.App.UpdateConfig(func(cfg *model.Config) { 1414 *cfg.ServiceSettings.EnableBotAccountCreation = true 1415 }) 1416 1417 bot := &model.Bot{ 1418 Username: GenerateTestUsername(), 1419 Description: "bot", 1420 } 1421 bot, resp := th.Client.CreateBot(bot) 1422 CheckCreatedStatus(t, resp) 1423 defer th.App.PermanentDeleteBot(bot.UserId) 1424 1425 _, resp = th.Client.ConvertBotToUser(bot.UserId, &model.UserPatch{}, false) 1426 CheckBadRequestStatus(t, resp) 1427 1428 user, resp := th.Client.ConvertBotToUser(bot.UserId, &model.UserPatch{Password: model.NewString("password")}, false) 1429 CheckForbiddenStatus(t, resp) 1430 require.Nil(t, user) 1431 1432 th.TestForSystemAdminAndLocal(t, func(t *testing.T, client *model.Client4) { 1433 bot := &model.Bot{ 1434 Username: GenerateTestUsername(), 1435 Description: "bot", 1436 } 1437 bot, resp := th.SystemAdminClient.CreateBot(bot) 1438 CheckCreatedStatus(t, resp) 1439 1440 user, resp := client.ConvertBotToUser(bot.UserId, &model.UserPatch{}, false) 1441 CheckBadRequestStatus(t, resp) 1442 require.Nil(t, user) 1443 1444 user, resp = client.ConvertBotToUser(bot.UserId, &model.UserPatch{Password: model.NewString("password")}, false) 1445 CheckNoError(t, resp) 1446 require.NotNil(t, user) 1447 require.Equal(t, bot.UserId, user.Id) 1448 1449 bot, resp = client.GetBot(bot.UserId, "") 1450 CheckNotFoundStatus(t, resp) 1451 1452 bot = &model.Bot{ 1453 Username: GenerateTestUsername(), 1454 Description: "systemAdminBot", 1455 } 1456 bot, resp = th.SystemAdminClient.CreateBot(bot) 1457 CheckCreatedStatus(t, resp) 1458 1459 user, resp = client.ConvertBotToUser(bot.UserId, &model.UserPatch{Password: model.NewString("password")}, true) 1460 CheckNoError(t, resp) 1461 require.NotNil(t, user) 1462 require.Equal(t, bot.UserId, user.Id) 1463 require.Contains(t, user.GetRoles(), model.SYSTEM_ADMIN_ROLE_ID) 1464 1465 bot, resp = client.GetBot(bot.UserId, "") 1466 CheckNotFoundStatus(t, resp) 1467 }) 1468 } 1469 1470 func sToP(s string) *string { 1471 return &s 1472 }