github.com/turgay/mattermost-server@v5.3.2-0.20181002173352-2945e8a2b0ce+incompatible/api4/team_test.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "encoding/binary" 8 "fmt" 9 "net/http" 10 "strconv" 11 "strings" 12 "testing" 13 14 "encoding/base64" 15 16 "github.com/mattermost/mattermost-server/app" 17 "github.com/mattermost/mattermost-server/model" 18 "github.com/mattermost/mattermost-server/services/mailservice" 19 "github.com/mattermost/mattermost-server/utils" 20 "github.com/stretchr/testify/assert" 21 "github.com/stretchr/testify/require" 22 ) 23 24 func TestCreateTeam(t *testing.T) { 25 th := Setup().InitBasic() 26 defer th.TearDown() 27 Client := th.Client 28 29 team := &model.Team{Name: GenerateTestUsername(), DisplayName: "Some Team", Type: model.TEAM_OPEN} 30 rteam, resp := Client.CreateTeam(team) 31 CheckNoError(t, resp) 32 CheckCreatedStatus(t, resp) 33 34 if rteam.Name != team.Name { 35 t.Fatal("names did not match") 36 } 37 38 if rteam.DisplayName != team.DisplayName { 39 t.Fatal("display names did not match") 40 } 41 42 if rteam.Type != team.Type { 43 t.Fatal("types did not match") 44 } 45 46 _, resp = Client.CreateTeam(rteam) 47 CheckBadRequestStatus(t, resp) 48 49 rteam.Id = "" 50 _, resp = Client.CreateTeam(rteam) 51 CheckErrorMessage(t, resp, "store.sql_team.save.domain_exists.app_error") 52 CheckBadRequestStatus(t, resp) 53 54 rteam.Name = "" 55 _, resp = Client.CreateTeam(rteam) 56 CheckErrorMessage(t, resp, "model.team.is_valid.characters.app_error") 57 CheckBadRequestStatus(t, resp) 58 59 if r, err := Client.DoApiPost("/teams", "garbage"); err == nil { 60 t.Fatal("should have errored") 61 } else { 62 if r.StatusCode != http.StatusBadRequest { 63 t.Log("actual: " + strconv.Itoa(r.StatusCode)) 64 t.Log("expected: " + strconv.Itoa(http.StatusBadRequest)) 65 t.Fatal("wrong status code") 66 } 67 } 68 69 Client.Logout() 70 71 _, resp = Client.CreateTeam(rteam) 72 CheckUnauthorizedStatus(t, resp) 73 74 // Check the appropriate permissions are enforced. 75 defaultRolePermissions := th.SaveDefaultRolePermissions() 76 defer func() { 77 th.RestoreDefaultRolePermissions(defaultRolePermissions) 78 }() 79 80 th.RemovePermissionFromRole(model.PERMISSION_CREATE_TEAM.Id, model.SYSTEM_USER_ROLE_ID) 81 th.AddPermissionToRole(model.PERMISSION_CREATE_TEAM.Id, model.SYSTEM_ADMIN_ROLE_ID) 82 83 th.LoginBasic() 84 _, resp = Client.CreateTeam(team) 85 CheckForbiddenStatus(t, resp) 86 } 87 88 func TestCreateTeamSanitization(t *testing.T) { 89 th := Setup().InitBasic().InitSystemAdmin() 90 defer th.TearDown() 91 92 // Non-admin users can create a team, but they become a team admin by doing so 93 94 t.Run("team admin", func(t *testing.T) { 95 team := &model.Team{ 96 DisplayName: t.Name() + "_1", 97 Name: GenerateTestTeamName(), 98 Email: th.GenerateTestEmail(), 99 Type: model.TEAM_OPEN, 100 AllowedDomains: "simulator.amazonses.com,dockerhost", 101 } 102 103 rteam, resp := th.Client.CreateTeam(team) 104 CheckNoError(t, resp) 105 if rteam.Email == "" { 106 t.Fatal("should not have sanitized email") 107 } 108 }) 109 110 t.Run("system admin", func(t *testing.T) { 111 team := &model.Team{ 112 DisplayName: t.Name() + "_2", 113 Name: GenerateTestTeamName(), 114 Email: th.GenerateTestEmail(), 115 Type: model.TEAM_OPEN, 116 AllowedDomains: "simulator.amazonses.com,dockerhost", 117 } 118 119 rteam, resp := th.SystemAdminClient.CreateTeam(team) 120 CheckNoError(t, resp) 121 if rteam.Email == "" { 122 t.Fatal("should not have sanitized email") 123 } 124 }) 125 } 126 127 func TestGetTeam(t *testing.T) { 128 th := Setup().InitBasic().InitSystemAdmin() 129 defer th.TearDown() 130 Client := th.Client 131 team := th.BasicTeam 132 133 rteam, resp := Client.GetTeam(team.Id, "") 134 CheckNoError(t, resp) 135 136 if rteam.Id != team.Id { 137 t.Fatal("wrong team") 138 } 139 140 _, resp = Client.GetTeam("junk", "") 141 CheckBadRequestStatus(t, resp) 142 143 _, resp = Client.GetTeam("", "") 144 CheckNotFoundStatus(t, resp) 145 146 _, resp = Client.GetTeam(model.NewId(), "") 147 CheckNotFoundStatus(t, resp) 148 149 th.LoginTeamAdmin() 150 151 team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: false} 152 rteam2, _ := Client.CreateTeam(team2) 153 154 team3 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE, AllowOpenInvite: true} 155 rteam3, _ := Client.CreateTeam(team3) 156 157 th.LoginBasic() 158 // AllowInviteOpen is false and team is open, and user is not on team 159 _, resp = Client.GetTeam(rteam2.Id, "") 160 CheckForbiddenStatus(t, resp) 161 162 // AllowInviteOpen is true and team is invite, and user is not on team 163 _, resp = Client.GetTeam(rteam3.Id, "") 164 CheckForbiddenStatus(t, resp) 165 166 Client.Logout() 167 _, resp = Client.GetTeam(team.Id, "") 168 CheckUnauthorizedStatus(t, resp) 169 170 _, resp = th.SystemAdminClient.GetTeam(rteam2.Id, "") 171 CheckNoError(t, resp) 172 } 173 174 func TestGetTeamSanitization(t *testing.T) { 175 th := Setup().InitBasic().InitSystemAdmin() 176 defer th.TearDown() 177 178 team, resp := th.Client.CreateTeam(&model.Team{ 179 DisplayName: t.Name() + "_1", 180 Name: GenerateTestTeamName(), 181 Email: th.GenerateTestEmail(), 182 Type: model.TEAM_OPEN, 183 AllowedDomains: "simulator.amazonses.com,dockerhost", 184 }) 185 CheckNoError(t, resp) 186 187 t.Run("team user", func(t *testing.T) { 188 th.LinkUserToTeam(th.BasicUser2, team) 189 190 client := th.CreateClient() 191 th.LoginBasic2WithClient(client) 192 193 rteam, resp := client.GetTeam(team.Id, "") 194 CheckNoError(t, resp) 195 if rteam.Email != "" { 196 t.Fatal("should've sanitized email") 197 } 198 }) 199 200 t.Run("team admin", func(t *testing.T) { 201 rteam, resp := th.Client.GetTeam(team.Id, "") 202 CheckNoError(t, resp) 203 if rteam.Email == "" { 204 t.Fatal("should not have sanitized email") 205 } 206 }) 207 208 t.Run("system admin", func(t *testing.T) { 209 rteam, resp := th.SystemAdminClient.GetTeam(team.Id, "") 210 CheckNoError(t, resp) 211 if rteam.Email == "" { 212 t.Fatal("should not have sanitized email") 213 } 214 }) 215 } 216 217 func TestGetTeamUnread(t *testing.T) { 218 th := Setup().InitBasic().InitSystemAdmin() 219 defer th.TearDown() 220 Client := th.Client 221 222 teamUnread, resp := Client.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id) 223 CheckNoError(t, resp) 224 if teamUnread.TeamId != th.BasicTeam.Id { 225 t.Fatal("wrong team id returned for regular user call") 226 } 227 228 _, resp = Client.GetTeamUnread("junk", th.BasicUser.Id) 229 CheckBadRequestStatus(t, resp) 230 231 _, resp = Client.GetTeamUnread(th.BasicTeam.Id, "junk") 232 CheckBadRequestStatus(t, resp) 233 234 _, resp = Client.GetTeamUnread(model.NewId(), th.BasicUser.Id) 235 CheckForbiddenStatus(t, resp) 236 237 _, resp = Client.GetTeamUnread(th.BasicTeam.Id, model.NewId()) 238 CheckForbiddenStatus(t, resp) 239 240 Client.Logout() 241 _, resp = Client.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id) 242 CheckUnauthorizedStatus(t, resp) 243 244 teamUnread, resp = th.SystemAdminClient.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id) 245 CheckNoError(t, resp) 246 if teamUnread.TeamId != th.BasicTeam.Id { 247 t.Fatal("wrong team id returned") 248 } 249 } 250 251 func TestUpdateTeam(t *testing.T) { 252 th := Setup().InitBasic().InitSystemAdmin() 253 defer th.TearDown() 254 Client := th.Client 255 256 team := &model.Team{DisplayName: "Name", Description: "Some description", AllowOpenInvite: false, InviteId: "inviteid0", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN} 257 team, _ = Client.CreateTeam(team) 258 259 team.Description = "updated description" 260 uteam, resp := Client.UpdateTeam(team) 261 CheckNoError(t, resp) 262 263 if uteam.Description != "updated description" { 264 t.Fatal("Update failed") 265 } 266 267 team.DisplayName = "Updated Name" 268 uteam, resp = Client.UpdateTeam(team) 269 CheckNoError(t, resp) 270 271 if uteam.DisplayName != "Updated Name" { 272 t.Fatal("Update failed") 273 } 274 275 team.AllowOpenInvite = true 276 uteam, resp = Client.UpdateTeam(team) 277 CheckNoError(t, resp) 278 279 if !uteam.AllowOpenInvite { 280 t.Fatal("Update failed") 281 } 282 283 team.InviteId = "inviteid1" 284 uteam, resp = Client.UpdateTeam(team) 285 CheckNoError(t, resp) 286 287 if uteam.InviteId != "inviteid1" { 288 t.Fatal("Update failed") 289 } 290 291 team.AllowedDomains = "domain" 292 uteam, resp = Client.UpdateTeam(team) 293 CheckNoError(t, resp) 294 295 if uteam.AllowedDomains != "domain" { 296 t.Fatal("Update failed") 297 } 298 299 team.Name = "Updated name" 300 uteam, resp = Client.UpdateTeam(team) 301 CheckNoError(t, resp) 302 303 if uteam.Name == "Updated name" { 304 t.Fatal("Should not update name") 305 } 306 307 team.Email = "test@domain.com" 308 uteam, resp = Client.UpdateTeam(team) 309 CheckNoError(t, resp) 310 311 if uteam.Email == "test@domain.com" { 312 t.Fatal("Should not update email") 313 } 314 315 team.Type = model.TEAM_INVITE 316 uteam, resp = Client.UpdateTeam(team) 317 CheckNoError(t, resp) 318 319 if uteam.Type == model.TEAM_INVITE { 320 t.Fatal("Should not update type") 321 } 322 323 originalTeamId := team.Id 324 team.Id = model.NewId() 325 326 r, _ := Client.DoApiPut(Client.GetTeamRoute(originalTeamId), team.ToJson()) 327 assert.Equal(t, http.StatusBadRequest, r.StatusCode) 328 329 if uteam.Id != originalTeamId { 330 t.Fatal("wrong team id") 331 } 332 333 team.Id = "fake" 334 _, resp = Client.UpdateTeam(team) 335 CheckBadRequestStatus(t, resp) 336 337 Client.Logout() 338 _, resp = Client.UpdateTeam(team) 339 CheckUnauthorizedStatus(t, resp) 340 341 team.Id = originalTeamId 342 _, resp = th.SystemAdminClient.UpdateTeam(team) 343 CheckNoError(t, resp) 344 } 345 346 func TestUpdateTeamSanitization(t *testing.T) { 347 th := Setup().InitBasic().InitSystemAdmin() 348 defer th.TearDown() 349 350 team, resp := th.Client.CreateTeam(&model.Team{ 351 DisplayName: t.Name() + "_1", 352 Name: GenerateTestTeamName(), 353 Email: th.GenerateTestEmail(), 354 Type: model.TEAM_OPEN, 355 AllowedDomains: "simulator.amazonses.com,dockerhost", 356 }) 357 CheckNoError(t, resp) 358 359 // Non-admin users cannot update the team 360 361 t.Run("team admin", func(t *testing.T) { 362 rteam, resp := th.Client.UpdateTeam(team) 363 CheckNoError(t, resp) 364 if rteam.Email == "" { 365 t.Fatal("should not have sanitized email for admin") 366 } 367 }) 368 369 t.Run("system admin", func(t *testing.T) { 370 rteam, resp := th.SystemAdminClient.UpdateTeam(team) 371 CheckNoError(t, resp) 372 if rteam.Email == "" { 373 t.Fatal("should not have sanitized email for admin") 374 } 375 }) 376 } 377 378 func TestPatchTeam(t *testing.T) { 379 th := Setup().InitBasic().InitSystemAdmin() 380 defer th.TearDown() 381 Client := th.Client 382 383 team := &model.Team{DisplayName: "Name", Description: "Some description", CompanyName: "Some company name", AllowOpenInvite: false, InviteId: "inviteid0", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN} 384 team, _ = Client.CreateTeam(team) 385 386 patch := &model.TeamPatch{} 387 388 patch.DisplayName = model.NewString("Other name") 389 patch.Description = model.NewString("Other description") 390 patch.CompanyName = model.NewString("Other company name") 391 patch.InviteId = model.NewString("inviteid1") 392 patch.AllowOpenInvite = model.NewBool(true) 393 394 rteam, resp := Client.PatchTeam(team.Id, patch) 395 CheckNoError(t, resp) 396 397 if rteam.DisplayName != "Other name" { 398 t.Fatal("DisplayName did not update properly") 399 } 400 if rteam.Description != "Other description" { 401 t.Fatal("Description did not update properly") 402 } 403 if rteam.CompanyName != "Other company name" { 404 t.Fatal("CompanyName did not update properly") 405 } 406 if rteam.InviteId != "inviteid1" { 407 t.Fatal("InviteId did not update properly") 408 } 409 if !rteam.AllowOpenInvite { 410 t.Fatal("AllowOpenInvite did not update properly") 411 } 412 413 _, resp = Client.PatchTeam("junk", patch) 414 CheckBadRequestStatus(t, resp) 415 416 _, resp = Client.PatchTeam(GenerateTestId(), patch) 417 CheckForbiddenStatus(t, resp) 418 419 if r, err := Client.DoApiPut("/teams/"+team.Id+"/patch", "garbage"); err == nil { 420 t.Fatal("should have errored") 421 } else { 422 if r.StatusCode != http.StatusBadRequest { 423 t.Log("actual: " + strconv.Itoa(r.StatusCode)) 424 t.Log("expected: " + strconv.Itoa(http.StatusBadRequest)) 425 t.Fatal("wrong status code") 426 } 427 } 428 429 Client.Logout() 430 _, resp = Client.PatchTeam(team.Id, patch) 431 CheckUnauthorizedStatus(t, resp) 432 433 th.LoginBasic2() 434 _, resp = Client.PatchTeam(team.Id, patch) 435 CheckForbiddenStatus(t, resp) 436 437 _, resp = th.SystemAdminClient.PatchTeam(team.Id, patch) 438 CheckNoError(t, resp) 439 } 440 441 func TestPatchTeamSanitization(t *testing.T) { 442 th := Setup().InitBasic().InitSystemAdmin() 443 defer th.TearDown() 444 445 team, resp := th.Client.CreateTeam(&model.Team{ 446 DisplayName: t.Name() + "_1", 447 Name: GenerateTestTeamName(), 448 Email: th.GenerateTestEmail(), 449 Type: model.TEAM_OPEN, 450 AllowedDomains: "simulator.amazonses.com,dockerhost", 451 }) 452 CheckNoError(t, resp) 453 454 // Non-admin users cannot update the team 455 456 t.Run("team admin", func(t *testing.T) { 457 rteam, resp := th.Client.PatchTeam(team.Id, &model.TeamPatch{}) 458 CheckNoError(t, resp) 459 if rteam.Email == "" { 460 t.Fatal("should not have sanitized email for admin") 461 } 462 }) 463 464 t.Run("system admin", func(t *testing.T) { 465 rteam, resp := th.SystemAdminClient.PatchTeam(team.Id, &model.TeamPatch{}) 466 CheckNoError(t, resp) 467 if rteam.Email == "" { 468 t.Fatal("should not have sanitized email for admin") 469 } 470 }) 471 } 472 473 func TestSoftDeleteTeam(t *testing.T) { 474 th := Setup().InitBasic().InitSystemAdmin() 475 defer th.TearDown() 476 Client := th.Client 477 478 team := &model.Team{DisplayName: "DisplayName", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN} 479 team, _ = Client.CreateTeam(team) 480 481 ok, resp := Client.SoftDeleteTeam(team.Id) 482 CheckNoError(t, resp) 483 484 if !ok { 485 t.Fatal("should have returned true") 486 } 487 488 rteam, err := th.App.GetTeam(team.Id) 489 if err != nil { 490 t.Fatal("should have returned archived team") 491 } 492 if rteam.DeleteAt == 0 { 493 t.Fatal("should have not set to zero") 494 } 495 496 ok, resp = Client.SoftDeleteTeam("junk") 497 CheckBadRequestStatus(t, resp) 498 499 if ok { 500 t.Fatal("should have returned false") 501 } 502 503 otherTeam := th.BasicTeam 504 _, resp = Client.SoftDeleteTeam(otherTeam.Id) 505 CheckForbiddenStatus(t, resp) 506 507 Client.Logout() 508 _, resp = Client.SoftDeleteTeam(otherTeam.Id) 509 CheckUnauthorizedStatus(t, resp) 510 511 _, resp = th.SystemAdminClient.SoftDeleteTeam(otherTeam.Id) 512 CheckNoError(t, resp) 513 } 514 515 func TestPermanentDeleteTeam(t *testing.T) { 516 th := Setup().InitBasic().InitSystemAdmin() 517 defer th.TearDown() 518 Client := th.Client 519 520 team := &model.Team{DisplayName: "DisplayName", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN} 521 team, _ = Client.CreateTeam(team) 522 523 enableAPITeamDeletion := *th.App.Config().ServiceSettings.EnableAPITeamDeletion 524 defer func() { 525 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableAPITeamDeletion = &enableAPITeamDeletion }) 526 }() 527 528 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableAPITeamDeletion = false }) 529 530 // Does not error when deletion is disabled, just soft deletes 531 ok, resp := Client.PermanentDeleteTeam(team.Id) 532 CheckNoError(t, resp) 533 assert.True(t, ok) 534 535 rteam, err := th.App.GetTeam(team.Id) 536 assert.Nil(t, err) 537 assert.True(t, rteam.DeleteAt > 0) 538 539 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableAPITeamDeletion = true }) 540 541 ok, resp = Client.PermanentDeleteTeam(team.Id) 542 CheckNoError(t, resp) 543 assert.True(t, ok) 544 545 _, err = th.App.GetTeam(team.Id) 546 assert.NotNil(t, err) 547 548 ok, resp = Client.PermanentDeleteTeam("junk") 549 CheckBadRequestStatus(t, resp) 550 551 if ok { 552 t.Fatal("should have returned false") 553 } 554 } 555 556 func TestGetAllTeams(t *testing.T) { 557 th := Setup().InitBasic().InitSystemAdmin() 558 defer th.TearDown() 559 Client := th.Client 560 561 team := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: true} 562 _, resp := Client.CreateTeam(team) 563 CheckNoError(t, resp) 564 565 team2 := &model.Team{DisplayName: "Name2", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: true} 566 _, resp = Client.CreateTeam(team2) 567 CheckNoError(t, resp) 568 569 rrteams, resp := Client.GetAllTeams("", 0, 1) 570 CheckNoError(t, resp) 571 572 if len(rrteams) != 1 { 573 t.Log(len(rrteams)) 574 t.Fatal("wrong number of teams - should be 1") 575 } 576 577 for _, rt := range rrteams { 578 if !rt.AllowOpenInvite { 579 t.Fatal("not all teams are open") 580 } 581 } 582 583 rrteams, resp = Client.GetAllTeams("", 0, 10) 584 CheckNoError(t, resp) 585 586 for _, rt := range rrteams { 587 if !rt.AllowOpenInvite { 588 t.Fatal("not all teams are open") 589 } 590 } 591 592 rrteams1, resp := Client.GetAllTeams("", 1, 0) 593 CheckNoError(t, resp) 594 595 if len(rrteams1) != 0 { 596 t.Fatal("wrong number of teams - should be 0") 597 } 598 599 rrteams2, resp := th.SystemAdminClient.GetAllTeams("", 1, 1) 600 CheckNoError(t, resp) 601 602 if len(rrteams2) != 1 { 603 t.Fatal("wrong number of teams - should be 1") 604 } 605 606 rrteams2, resp = Client.GetAllTeams("", 1, 0) 607 CheckNoError(t, resp) 608 609 if len(rrteams2) != 0 { 610 t.Fatal("wrong number of teams - should be 0") 611 } 612 613 rrteams, resp = Client.GetAllTeams("", 0, 2) 614 CheckNoError(t, resp) 615 rrteams2, resp = Client.GetAllTeams("", 1, 2) 616 CheckNoError(t, resp) 617 618 for _, t1 := range rrteams { 619 for _, t2 := range rrteams2 { 620 assert.NotEqual(t, t1.Id, t2.Id, "different pages should not have the same teams") 621 } 622 } 623 624 Client.Logout() 625 _, resp = Client.GetAllTeams("", 1, 10) 626 CheckUnauthorizedStatus(t, resp) 627 } 628 629 func TestGetAllTeamsSanitization(t *testing.T) { 630 th := Setup().InitBasic().InitSystemAdmin() 631 defer th.TearDown() 632 633 team, resp := th.Client.CreateTeam(&model.Team{ 634 DisplayName: t.Name() + "_1", 635 Name: GenerateTestTeamName(), 636 Email: th.GenerateTestEmail(), 637 Type: model.TEAM_OPEN, 638 AllowedDomains: "simulator.amazonses.com,dockerhost", 639 AllowOpenInvite: true, 640 }) 641 CheckNoError(t, resp) 642 team2, resp := th.SystemAdminClient.CreateTeam(&model.Team{ 643 DisplayName: t.Name() + "_2", 644 Name: GenerateTestTeamName(), 645 Email: th.GenerateTestEmail(), 646 Type: model.TEAM_OPEN, 647 AllowedDomains: "simulator.amazonses.com,dockerhost", 648 AllowOpenInvite: true, 649 }) 650 CheckNoError(t, resp) 651 652 // This may not work if the server has over 1000 open teams on it 653 654 t.Run("team admin/non-admin", func(t *testing.T) { 655 teamFound := false 656 team2Found := false 657 658 rteams, resp := th.Client.GetAllTeams("", 0, 1000) 659 CheckNoError(t, resp) 660 for _, rteam := range rteams { 661 if rteam.Id == team.Id { 662 teamFound = true 663 if rteam.Email == "" { 664 t.Fatal("should not have sanitized email for team admin") 665 } 666 } else if rteam.Id == team2.Id { 667 team2Found = true 668 if rteam.Email != "" { 669 t.Fatal("should've sanitized email for non-admin") 670 } 671 } 672 } 673 674 if !teamFound || !team2Found { 675 t.Fatal("wasn't returned the expected teams so the test wasn't run correctly") 676 } 677 }) 678 679 t.Run("system admin", func(t *testing.T) { 680 rteams, resp := th.SystemAdminClient.GetAllTeams("", 0, 1000) 681 CheckNoError(t, resp) 682 for _, rteam := range rteams { 683 if rteam.Id != team.Id && rteam.Id != team2.Id { 684 continue 685 } 686 687 if rteam.Email == "" { 688 t.Fatal("should not have sanitized email") 689 } 690 } 691 }) 692 } 693 694 func TestGetTeamByName(t *testing.T) { 695 th := Setup().InitBasic().InitSystemAdmin() 696 defer th.TearDown() 697 Client := th.Client 698 team := th.BasicTeam 699 700 rteam, resp := Client.GetTeamByName(team.Name, "") 701 CheckNoError(t, resp) 702 703 if rteam.Name != team.Name { 704 t.Fatal("wrong team") 705 } 706 707 _, resp = Client.GetTeamByName("junk", "") 708 CheckNotFoundStatus(t, resp) 709 710 _, resp = Client.GetTeamByName("", "") 711 CheckNotFoundStatus(t, resp) 712 713 _, resp = th.SystemAdminClient.GetTeamByName(strings.ToUpper(team.Name), "") 714 CheckNoError(t, resp) 715 716 Client.Logout() 717 _, resp = Client.GetTeamByName(team.Name, "") 718 CheckUnauthorizedStatus(t, resp) 719 720 _, resp = th.SystemAdminClient.GetTeamByName(team.Name, "") 721 CheckNoError(t, resp) 722 723 th.LoginTeamAdmin() 724 725 team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: false} 726 rteam2, _ := Client.CreateTeam(team2) 727 728 team3 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE, AllowOpenInvite: true} 729 rteam3, _ := Client.CreateTeam(team3) 730 731 th.LoginBasic() 732 // AllowInviteOpen is false and team is open, and user is not on team 733 _, resp = Client.GetTeamByName(rteam2.Name, "") 734 CheckForbiddenStatus(t, resp) 735 736 // AllowInviteOpen is true and team is invite only, and user is not on team 737 _, resp = Client.GetTeamByName(rteam3.Name, "") 738 CheckForbiddenStatus(t, resp) 739 } 740 741 func TestGetTeamByNameSanitization(t *testing.T) { 742 th := Setup().InitBasic().InitSystemAdmin() 743 defer th.TearDown() 744 745 team, resp := th.Client.CreateTeam(&model.Team{ 746 DisplayName: t.Name() + "_1", 747 Name: GenerateTestTeamName(), 748 Email: th.GenerateTestEmail(), 749 Type: model.TEAM_OPEN, 750 AllowedDomains: "simulator.amazonses.com,dockerhost", 751 }) 752 CheckNoError(t, resp) 753 754 t.Run("team user", func(t *testing.T) { 755 th.LinkUserToTeam(th.BasicUser2, team) 756 757 client := th.CreateClient() 758 th.LoginBasic2WithClient(client) 759 760 rteam, resp := client.GetTeamByName(team.Name, "") 761 CheckNoError(t, resp) 762 if rteam.Email != "" { 763 t.Fatal("should've sanitized email") 764 } 765 }) 766 767 t.Run("team admin/non-admin", func(t *testing.T) { 768 rteam, resp := th.Client.GetTeamByName(team.Name, "") 769 CheckNoError(t, resp) 770 if rteam.Email == "" { 771 t.Fatal("should not have sanitized email") 772 } 773 }) 774 775 t.Run("system admin", func(t *testing.T) { 776 rteam, resp := th.SystemAdminClient.GetTeamByName(team.Name, "") 777 CheckNoError(t, resp) 778 if rteam.Email == "" { 779 t.Fatal("should not have sanitized email") 780 } 781 }) 782 } 783 784 func TestSearchAllTeams(t *testing.T) { 785 th := Setup().InitBasic().InitSystemAdmin() 786 defer th.TearDown() 787 Client := th.Client 788 oTeam := th.BasicTeam 789 oTeam.AllowOpenInvite = true 790 791 if updatedTeam, err := th.App.UpdateTeam(oTeam); err != nil { 792 t.Fatal(err) 793 } else { 794 oTeam.UpdateAt = updatedTeam.UpdateAt 795 } 796 797 pTeam := &model.Team{DisplayName: "PName", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE} 798 Client.CreateTeam(pTeam) 799 800 rteams, resp := Client.SearchTeams(&model.TeamSearch{Term: oTeam.Name}) 801 CheckNoError(t, resp) 802 803 if len(rteams) != 1 { 804 t.Fatal("should have returned 1 team") 805 } 806 807 if oTeam.Id != rteams[0].Id { 808 t.Fatal("invalid team") 809 } 810 811 rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: oTeam.DisplayName}) 812 CheckNoError(t, resp) 813 814 if len(rteams) != 1 { 815 t.Fatal("should have returned 1 team") 816 } 817 818 if rteams[0].Id != oTeam.Id { 819 t.Fatal("invalid team") 820 } 821 822 rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.Name}) 823 CheckNoError(t, resp) 824 825 if len(rteams) != 0 { 826 t.Fatal("should have not returned team") 827 } 828 829 rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName}) 830 CheckNoError(t, resp) 831 832 if len(rteams) != 0 { 833 t.Fatal("should have not returned team") 834 } 835 836 rteams, resp = th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: oTeam.Name}) 837 CheckNoError(t, resp) 838 839 if len(rteams) != 1 { 840 t.Fatal("should have returned 1 team") 841 } 842 843 rteams, resp = th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName}) 844 CheckNoError(t, resp) 845 846 if len(rteams) != 1 { 847 t.Fatal("should have returned 1 team") 848 } 849 850 rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: "junk"}) 851 CheckNoError(t, resp) 852 853 if len(rteams) != 0 { 854 t.Fatal("should have not returned team") 855 } 856 857 Client.Logout() 858 859 _, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.Name}) 860 CheckUnauthorizedStatus(t, resp) 861 862 _, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName}) 863 CheckUnauthorizedStatus(t, resp) 864 } 865 866 func TestSearchAllTeamsSanitization(t *testing.T) { 867 th := Setup().InitBasic().InitSystemAdmin() 868 defer th.TearDown() 869 870 team, resp := th.Client.CreateTeam(&model.Team{ 871 DisplayName: t.Name() + "_1", 872 Name: GenerateTestTeamName(), 873 Email: th.GenerateTestEmail(), 874 Type: model.TEAM_OPEN, 875 AllowedDomains: "simulator.amazonses.com,dockerhost", 876 }) 877 CheckNoError(t, resp) 878 team2, resp := th.Client.CreateTeam(&model.Team{ 879 DisplayName: t.Name() + "_2", 880 Name: GenerateTestTeamName(), 881 Email: th.GenerateTestEmail(), 882 Type: model.TEAM_OPEN, 883 AllowedDomains: "simulator.amazonses.com,dockerhost", 884 }) 885 CheckNoError(t, resp) 886 887 t.Run("non-team user", func(t *testing.T) { 888 client := th.CreateClient() 889 th.LoginBasic2WithClient(client) 890 891 rteams, resp := client.SearchTeams(&model.TeamSearch{Term: t.Name()}) 892 CheckNoError(t, resp) 893 for _, rteam := range rteams { 894 if rteam.Email != "" { 895 t.Fatal("should've sanitized email") 896 } else if rteam.AllowedDomains != "" { 897 t.Fatal("should've sanitized allowed domains") 898 } 899 } 900 }) 901 902 t.Run("team user", func(t *testing.T) { 903 th.LinkUserToTeam(th.BasicUser2, team) 904 905 client := th.CreateClient() 906 th.LoginBasic2WithClient(client) 907 908 rteams, resp := client.SearchTeams(&model.TeamSearch{Term: t.Name()}) 909 CheckNoError(t, resp) 910 for _, rteam := range rteams { 911 if rteam.Email != "" { 912 t.Fatal("should've sanitized email") 913 } else if rteam.AllowedDomains != "" { 914 t.Fatal("should've sanitized allowed domains") 915 } 916 } 917 }) 918 919 t.Run("team admin", func(t *testing.T) { 920 rteams, resp := th.Client.SearchTeams(&model.TeamSearch{Term: t.Name()}) 921 CheckNoError(t, resp) 922 for _, rteam := range rteams { 923 if rteam.Id == team.Id || rteam.Id == team2.Id || rteam.Id == th.BasicTeam.Id { 924 if rteam.Email == "" { 925 t.Fatal("should not have sanitized email") 926 } 927 } 928 } 929 }) 930 931 t.Run("system admin", func(t *testing.T) { 932 rteams, resp := th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: t.Name()}) 933 CheckNoError(t, resp) 934 for _, rteam := range rteams { 935 if rteam.Email == "" { 936 t.Fatal("should not have sanitized email") 937 } 938 } 939 }) 940 } 941 942 func TestGetTeamsForUser(t *testing.T) { 943 th := Setup().InitBasic().InitSystemAdmin() 944 defer th.TearDown() 945 Client := th.Client 946 947 team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE} 948 rteam2, _ := Client.CreateTeam(team2) 949 950 teams, resp := Client.GetTeamsForUser(th.BasicUser.Id, "") 951 CheckNoError(t, resp) 952 953 if len(teams) != 2 { 954 t.Fatal("wrong number of teams") 955 } 956 957 found1 := false 958 found2 := false 959 for _, t := range teams { 960 if t.Id == th.BasicTeam.Id { 961 found1 = true 962 } else if t.Id == rteam2.Id { 963 found2 = true 964 } 965 } 966 967 if !found1 || !found2 { 968 t.Fatal("missing team") 969 } 970 971 _, resp = Client.GetTeamsForUser("junk", "") 972 CheckBadRequestStatus(t, resp) 973 974 _, resp = Client.GetTeamsForUser(model.NewId(), "") 975 CheckForbiddenStatus(t, resp) 976 977 _, resp = Client.GetTeamsForUser(th.BasicUser2.Id, "") 978 CheckForbiddenStatus(t, resp) 979 980 _, resp = th.SystemAdminClient.GetTeamsForUser(th.BasicUser2.Id, "") 981 CheckNoError(t, resp) 982 } 983 984 func TestGetTeamsForUserSanitization(t *testing.T) { 985 th := Setup().InitBasic().InitSystemAdmin() 986 defer th.TearDown() 987 988 team, resp := th.Client.CreateTeam(&model.Team{ 989 DisplayName: t.Name() + "_1", 990 Name: GenerateTestTeamName(), 991 Email: th.GenerateTestEmail(), 992 Type: model.TEAM_OPEN, 993 AllowedDomains: "simulator.amazonses.com,dockerhost", 994 }) 995 CheckNoError(t, resp) 996 team2, resp := th.Client.CreateTeam(&model.Team{ 997 DisplayName: t.Name() + "_2", 998 Name: GenerateTestTeamName(), 999 Email: th.GenerateTestEmail(), 1000 Type: model.TEAM_OPEN, 1001 AllowedDomains: "simulator.amazonses.com,dockerhost", 1002 }) 1003 CheckNoError(t, resp) 1004 1005 t.Run("team user", func(t *testing.T) { 1006 th.LinkUserToTeam(th.BasicUser2, team) 1007 th.LinkUserToTeam(th.BasicUser2, team2) 1008 1009 client := th.CreateClient() 1010 th.LoginBasic2WithClient(client) 1011 1012 rteams, resp := client.GetTeamsForUser(th.BasicUser2.Id, "") 1013 CheckNoError(t, resp) 1014 for _, rteam := range rteams { 1015 if rteam.Id != team.Id && rteam.Id != team2.Id { 1016 continue 1017 } 1018 1019 if rteam.Email != "" { 1020 t.Fatal("should've sanitized email") 1021 } 1022 } 1023 }) 1024 1025 t.Run("team admin", func(t *testing.T) { 1026 rteams, resp := th.Client.GetTeamsForUser(th.BasicUser.Id, "") 1027 CheckNoError(t, resp) 1028 for _, rteam := range rteams { 1029 if rteam.Id != team.Id && rteam.Id != team2.Id { 1030 continue 1031 } 1032 1033 if rteam.Email == "" { 1034 t.Fatal("should not have sanitized email") 1035 } 1036 } 1037 }) 1038 1039 t.Run("system admin", func(t *testing.T) { 1040 rteams, resp := th.SystemAdminClient.GetTeamsForUser(th.BasicUser.Id, "") 1041 CheckNoError(t, resp) 1042 for _, rteam := range rteams { 1043 if rteam.Id != team.Id && rteam.Id != team2.Id { 1044 continue 1045 } 1046 1047 if rteam.Email == "" { 1048 t.Fatal("should not have sanitized email") 1049 } 1050 } 1051 }) 1052 } 1053 1054 func TestGetTeamMember(t *testing.T) { 1055 th := Setup().InitBasic().InitSystemAdmin() 1056 defer th.TearDown() 1057 Client := th.Client 1058 team := th.BasicTeam 1059 user := th.BasicUser 1060 1061 rmember, resp := Client.GetTeamMember(team.Id, user.Id, "") 1062 CheckNoError(t, resp) 1063 1064 if rmember.TeamId != team.Id { 1065 t.Fatal("wrong team id") 1066 } 1067 1068 if rmember.UserId != user.Id { 1069 t.Fatal("wrong team id") 1070 } 1071 1072 _, resp = Client.GetTeamMember("junk", user.Id, "") 1073 CheckBadRequestStatus(t, resp) 1074 1075 _, resp = Client.GetTeamMember(team.Id, "junk", "") 1076 CheckBadRequestStatus(t, resp) 1077 1078 _, resp = Client.GetTeamMember("junk", "junk", "") 1079 CheckBadRequestStatus(t, resp) 1080 1081 _, resp = Client.GetTeamMember(team.Id, model.NewId(), "") 1082 CheckNotFoundStatus(t, resp) 1083 1084 _, resp = Client.GetTeamMember(model.NewId(), user.Id, "") 1085 CheckForbiddenStatus(t, resp) 1086 1087 _, resp = th.SystemAdminClient.GetTeamMember(team.Id, user.Id, "") 1088 CheckNoError(t, resp) 1089 } 1090 1091 func TestGetTeamMembers(t *testing.T) { 1092 th := Setup().InitBasic().InitSystemAdmin() 1093 defer th.TearDown() 1094 Client := th.Client 1095 team := th.BasicTeam 1096 userNotMember := th.CreateUser() 1097 1098 rmembers, resp := Client.GetTeamMembers(team.Id, 0, 100, "") 1099 CheckNoError(t, resp) 1100 1101 t.Logf("rmembers count %v\n", len(rmembers)) 1102 1103 if len(rmembers) == 0 { 1104 t.Fatal("should have results") 1105 } 1106 1107 for _, rmember := range rmembers { 1108 if rmember.TeamId != team.Id || rmember.UserId == userNotMember.Id { 1109 t.Fatal("user should be a member of team") 1110 } 1111 } 1112 1113 rmembers, resp = Client.GetTeamMembers(team.Id, 0, 1, "") 1114 CheckNoError(t, resp) 1115 if len(rmembers) != 1 { 1116 t.Fatal("should be 1 per page") 1117 } 1118 1119 rmembers, resp = Client.GetTeamMembers(team.Id, 1, 1, "") 1120 CheckNoError(t, resp) 1121 if len(rmembers) != 1 { 1122 t.Fatal("should be 1 per page") 1123 } 1124 1125 rmembers, resp = Client.GetTeamMembers(team.Id, 10000, 100, "") 1126 CheckNoError(t, resp) 1127 if len(rmembers) != 0 { 1128 t.Fatal("should be no member") 1129 } 1130 1131 rmembers, resp = Client.GetTeamMembers(team.Id, 0, 2, "") 1132 CheckNoError(t, resp) 1133 rmembers2, resp := Client.GetTeamMembers(team.Id, 1, 2, "") 1134 CheckNoError(t, resp) 1135 1136 for _, tm1 := range rmembers { 1137 for _, tm2 := range rmembers2 { 1138 assert.NotEqual(t, tm1.UserId+tm1.TeamId, tm2.UserId+tm2.TeamId, "different pages should not have the same members") 1139 } 1140 } 1141 1142 _, resp = Client.GetTeamMembers("junk", 0, 100, "") 1143 CheckBadRequestStatus(t, resp) 1144 1145 _, resp = Client.GetTeamMembers(model.NewId(), 0, 100, "") 1146 CheckForbiddenStatus(t, resp) 1147 1148 Client.Logout() 1149 _, resp = Client.GetTeamMembers(team.Id, 0, 1, "") 1150 CheckUnauthorizedStatus(t, resp) 1151 1152 _, resp = th.SystemAdminClient.GetTeamMembers(team.Id, 0, 100, "") 1153 CheckNoError(t, resp) 1154 } 1155 1156 func TestGetTeamMembersForUser(t *testing.T) { 1157 th := Setup().InitBasic().InitSystemAdmin() 1158 defer th.TearDown() 1159 Client := th.Client 1160 1161 members, resp := Client.GetTeamMembersForUser(th.BasicUser.Id, "") 1162 CheckNoError(t, resp) 1163 1164 found := false 1165 for _, m := range members { 1166 if m.TeamId == th.BasicTeam.Id { 1167 found = true 1168 } 1169 } 1170 1171 if !found { 1172 t.Fatal("missing team member") 1173 } 1174 1175 _, resp = Client.GetTeamMembersForUser("junk", "") 1176 CheckBadRequestStatus(t, resp) 1177 1178 _, resp = Client.GetTeamMembersForUser(model.NewId(), "") 1179 CheckForbiddenStatus(t, resp) 1180 1181 Client.Logout() 1182 _, resp = Client.GetTeamMembersForUser(th.BasicUser.Id, "") 1183 CheckUnauthorizedStatus(t, resp) 1184 1185 user := th.CreateUser() 1186 Client.Login(user.Email, user.Password) 1187 _, resp = Client.GetTeamMembersForUser(th.BasicUser.Id, "") 1188 CheckForbiddenStatus(t, resp) 1189 1190 _, resp = th.SystemAdminClient.GetTeamMembersForUser(th.BasicUser.Id, "") 1191 CheckNoError(t, resp) 1192 } 1193 1194 func TestGetTeamMembersByIds(t *testing.T) { 1195 th := Setup().InitBasic() 1196 defer th.TearDown() 1197 Client := th.Client 1198 1199 tm, resp := Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{th.BasicUser.Id}) 1200 CheckNoError(t, resp) 1201 1202 if tm[0].UserId != th.BasicUser.Id { 1203 t.Fatal("returned wrong user") 1204 } 1205 1206 _, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{}) 1207 CheckBadRequestStatus(t, resp) 1208 1209 tm1, resp := Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{"junk"}) 1210 CheckNoError(t, resp) 1211 if len(tm1) > 0 { 1212 t.Fatal("no users should be returned") 1213 } 1214 1215 tm1, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{"junk", th.BasicUser.Id}) 1216 CheckNoError(t, resp) 1217 if len(tm1) != 1 { 1218 t.Fatal("1 user should be returned") 1219 } 1220 1221 _, resp = Client.GetTeamMembersByIds("junk", []string{th.BasicUser.Id}) 1222 CheckBadRequestStatus(t, resp) 1223 1224 _, resp = Client.GetTeamMembersByIds(model.NewId(), []string{th.BasicUser.Id}) 1225 CheckForbiddenStatus(t, resp) 1226 1227 Client.Logout() 1228 _, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{th.BasicUser.Id}) 1229 CheckUnauthorizedStatus(t, resp) 1230 } 1231 1232 func TestAddTeamMember(t *testing.T) { 1233 th := Setup().InitBasic().InitSystemAdmin() 1234 defer th.TearDown() 1235 Client := th.Client 1236 team := th.BasicTeam 1237 otherUser := th.CreateUser() 1238 1239 if err := th.App.RemoveUserFromTeam(th.BasicTeam.Id, th.BasicUser2.Id, ""); err != nil { 1240 t.Fatalf(err.Error()) 1241 } 1242 1243 // Regular user can't add a member to a team they don't belong to. 1244 th.LoginBasic2() 1245 _, resp := Client.AddTeamMember(team.Id, otherUser.Id) 1246 CheckForbiddenStatus(t, resp) 1247 if resp.Error == nil { 1248 t.Fatalf("Error is nil") 1249 } 1250 Client.Logout() 1251 1252 // Regular user can add a member to a team they belong to. 1253 th.LoginBasic() 1254 tm, resp := Client.AddTeamMember(team.Id, otherUser.Id) 1255 CheckNoError(t, resp) 1256 CheckCreatedStatus(t, resp) 1257 1258 // Check all the returned data. 1259 if tm == nil { 1260 t.Fatal("should have returned team member") 1261 } 1262 1263 if tm.UserId != otherUser.Id { 1264 t.Fatal("user ids should have matched") 1265 } 1266 1267 if tm.TeamId != team.Id { 1268 t.Fatal("team ids should have matched") 1269 } 1270 1271 // Check with various invalid requests. 1272 tm, resp = Client.AddTeamMember(team.Id, "junk") 1273 CheckBadRequestStatus(t, resp) 1274 1275 if tm != nil { 1276 t.Fatal("should have not returned team member") 1277 } 1278 1279 _, resp = Client.AddTeamMember("junk", otherUser.Id) 1280 CheckBadRequestStatus(t, resp) 1281 1282 _, resp = Client.AddTeamMember(GenerateTestId(), otherUser.Id) 1283 CheckForbiddenStatus(t, resp) 1284 1285 _, resp = Client.AddTeamMember(team.Id, GenerateTestId()) 1286 CheckNotFoundStatus(t, resp) 1287 1288 Client.Logout() 1289 1290 // Check the appropriate permissions are enforced. 1291 defaultRolePermissions := th.SaveDefaultRolePermissions() 1292 defer func() { 1293 th.RestoreDefaultRolePermissions(defaultRolePermissions) 1294 }() 1295 1296 // Set the config so that only team admins can add a user to a team. 1297 th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID) 1298 th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID) 1299 th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID) 1300 th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID) 1301 1302 th.LoginBasic() 1303 1304 // Check that a regular user can't add someone to the team. 1305 _, resp = Client.AddTeamMember(team.Id, otherUser.Id) 1306 CheckForbiddenStatus(t, resp) 1307 1308 // Update user to team admin 1309 th.UpdateUserToTeamAdmin(th.BasicUser, th.BasicTeam) 1310 th.App.InvalidateAllCaches() 1311 th.LoginBasic() 1312 1313 // Should work as a team admin. 1314 _, resp = Client.AddTeamMember(team.Id, otherUser.Id) 1315 CheckNoError(t, resp) 1316 1317 // Change permission level to team user 1318 th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID) 1319 th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID) 1320 th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID) 1321 th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID) 1322 1323 th.UpdateUserToNonTeamAdmin(th.BasicUser, th.BasicTeam) 1324 th.App.InvalidateAllCaches() 1325 th.LoginBasic() 1326 1327 // Should work as a regular user. 1328 _, resp = Client.AddTeamMember(team.Id, otherUser.Id) 1329 CheckNoError(t, resp) 1330 1331 // by token 1332 Client.Login(otherUser.Email, otherUser.Password) 1333 1334 token := model.NewToken( 1335 app.TOKEN_TYPE_TEAM_INVITATION, 1336 model.MapToJson(map[string]string{"teamId": team.Id}), 1337 ) 1338 <-th.App.Srv.Store.Token().Save(token) 1339 1340 tm, resp = Client.AddTeamMemberFromInvite(token.Token, "") 1341 CheckNoError(t, resp) 1342 1343 if tm == nil { 1344 t.Fatal("should have returned team member") 1345 } 1346 1347 if tm.UserId != otherUser.Id { 1348 t.Fatal("user ids should have matched") 1349 } 1350 1351 if tm.TeamId != team.Id { 1352 t.Fatal("team ids should have matched") 1353 } 1354 1355 if result := <-th.App.Srv.Store.Token().GetByToken(token.Token); result.Err == nil { 1356 t.Fatal("The token must be deleted after be used") 1357 } 1358 1359 tm, resp = Client.AddTeamMemberFromInvite("junk", "") 1360 CheckBadRequestStatus(t, resp) 1361 1362 if tm != nil { 1363 t.Fatal("should have not returned team member") 1364 } 1365 1366 // expired token of more than 50 hours 1367 token = model.NewToken(app.TOKEN_TYPE_TEAM_INVITATION, "") 1368 token.CreateAt = model.GetMillis() - 1000*60*60*50 1369 <-th.App.Srv.Store.Token().Save(token) 1370 1371 _, resp = Client.AddTeamMemberFromInvite(token.Token, "") 1372 CheckBadRequestStatus(t, resp) 1373 th.App.DeleteToken(token) 1374 1375 // invalid team id 1376 testId := GenerateTestId() 1377 token = model.NewToken( 1378 app.TOKEN_TYPE_TEAM_INVITATION, 1379 model.MapToJson(map[string]string{"teamId": testId}), 1380 ) 1381 <-th.App.Srv.Store.Token().Save(token) 1382 1383 _, resp = Client.AddTeamMemberFromInvite(token.Token, "") 1384 CheckNotFoundStatus(t, resp) 1385 th.App.DeleteToken(token) 1386 1387 // by invite_id 1388 Client.Login(otherUser.Email, otherUser.Password) 1389 1390 tm, resp = Client.AddTeamMemberFromInvite("", team.InviteId) 1391 CheckNoError(t, resp) 1392 1393 if tm == nil { 1394 t.Fatal("should have returned team member") 1395 } 1396 1397 if tm.UserId != otherUser.Id { 1398 t.Fatal("user ids should have matched") 1399 } 1400 1401 if tm.TeamId != team.Id { 1402 t.Fatal("team ids should have matched") 1403 } 1404 1405 tm, resp = Client.AddTeamMemberFromInvite("", "junk") 1406 CheckNotFoundStatus(t, resp) 1407 1408 if tm != nil { 1409 t.Fatal("should have not returned team member") 1410 } 1411 } 1412 1413 func TestAddTeamMembers(t *testing.T) { 1414 th := Setup().InitBasic().InitSystemAdmin() 1415 defer th.TearDown() 1416 Client := th.Client 1417 team := th.BasicTeam 1418 otherUser := th.CreateUser() 1419 userList := []string{ 1420 otherUser.Id, 1421 } 1422 1423 if err := th.App.RemoveUserFromTeam(th.BasicTeam.Id, th.BasicUser2.Id, ""); err != nil { 1424 t.Fatalf(err.Error()) 1425 } 1426 1427 // Regular user can't add a member to a team they don't belong to. 1428 th.LoginBasic2() 1429 _, resp := Client.AddTeamMembers(team.Id, userList) 1430 CheckForbiddenStatus(t, resp) 1431 Client.Logout() 1432 1433 // Regular user can add a member to a team they belong to. 1434 th.LoginBasic() 1435 tm, resp := Client.AddTeamMembers(team.Id, userList) 1436 CheckNoError(t, resp) 1437 CheckCreatedStatus(t, resp) 1438 1439 // Check all the returned data. 1440 if tm[0] == nil { 1441 t.Fatal("should have returned team member") 1442 } 1443 1444 if tm[0].UserId != otherUser.Id { 1445 t.Fatal("user ids should have matched") 1446 } 1447 1448 if tm[0].TeamId != team.Id { 1449 t.Fatal("team ids should have matched") 1450 } 1451 1452 // Check with various invalid requests. 1453 _, resp = Client.AddTeamMembers("junk", userList) 1454 CheckBadRequestStatus(t, resp) 1455 1456 _, resp = Client.AddTeamMembers(GenerateTestId(), userList) 1457 CheckForbiddenStatus(t, resp) 1458 1459 testUserList := append(userList, GenerateTestId()) 1460 _, resp = Client.AddTeamMembers(team.Id, testUserList) 1461 CheckNotFoundStatus(t, resp) 1462 1463 // Test with many users. 1464 for i := 0; i < 25; i++ { 1465 testUserList = append(testUserList, GenerateTestId()) 1466 } 1467 _, resp = Client.AddTeamMembers(team.Id, testUserList) 1468 CheckBadRequestStatus(t, resp) 1469 1470 Client.Logout() 1471 1472 // Check the appropriate permissions are enforced. 1473 defaultRolePermissions := th.SaveDefaultRolePermissions() 1474 defer func() { 1475 th.RestoreDefaultRolePermissions(defaultRolePermissions) 1476 }() 1477 1478 // Set the config so that only team admins can add a user to a team. 1479 th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID) 1480 th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID) 1481 th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID) 1482 th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID) 1483 1484 th.LoginBasic() 1485 1486 // Check that a regular user can't add someone to the team. 1487 _, resp = Client.AddTeamMembers(team.Id, userList) 1488 CheckForbiddenStatus(t, resp) 1489 1490 // Update user to team admin 1491 th.UpdateUserToTeamAdmin(th.BasicUser, th.BasicTeam) 1492 th.App.InvalidateAllCaches() 1493 th.LoginBasic() 1494 1495 // Should work as a team admin. 1496 _, resp = Client.AddTeamMembers(team.Id, userList) 1497 CheckNoError(t, resp) 1498 1499 // Change permission level to team user 1500 th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID) 1501 th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID) 1502 th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID) 1503 th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID) 1504 1505 th.UpdateUserToNonTeamAdmin(th.BasicUser, th.BasicTeam) 1506 th.App.InvalidateAllCaches() 1507 th.LoginBasic() 1508 1509 // Should work as a regular user. 1510 _, resp = Client.AddTeamMembers(team.Id, userList) 1511 CheckNoError(t, resp) 1512 } 1513 1514 func TestRemoveTeamMember(t *testing.T) { 1515 th := Setup().InitBasic().InitSystemAdmin() 1516 defer th.TearDown() 1517 Client := th.Client 1518 1519 pass, resp := Client.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser.Id) 1520 CheckNoError(t, resp) 1521 1522 if !pass { 1523 t.Fatal("should have passed") 1524 } 1525 1526 _, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, th.BasicUser.Id) 1527 CheckNoError(t, resp) 1528 1529 _, resp = Client.RemoveTeamMember(th.BasicTeam.Id, "junk") 1530 CheckBadRequestStatus(t, resp) 1531 1532 _, resp = Client.RemoveTeamMember("junk", th.BasicUser2.Id) 1533 CheckBadRequestStatus(t, resp) 1534 1535 _, resp = Client.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser2.Id) 1536 CheckForbiddenStatus(t, resp) 1537 1538 _, resp = Client.RemoveTeamMember(model.NewId(), th.BasicUser.Id) 1539 CheckNotFoundStatus(t, resp) 1540 1541 _, resp = th.SystemAdminClient.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser.Id) 1542 CheckNoError(t, resp) 1543 } 1544 1545 func TestGetTeamStats(t *testing.T) { 1546 th := Setup().InitBasic().InitSystemAdmin() 1547 defer th.TearDown() 1548 Client := th.Client 1549 team := th.BasicTeam 1550 1551 rstats, resp := Client.GetTeamStats(team.Id, "") 1552 CheckNoError(t, resp) 1553 1554 if rstats.TeamId != team.Id { 1555 t.Fatal("wrong team id") 1556 } 1557 1558 if rstats.TotalMemberCount != 3 { 1559 t.Fatal("wrong count") 1560 } 1561 1562 if rstats.ActiveMemberCount != 3 { 1563 t.Fatal("wrong count") 1564 } 1565 1566 _, resp = Client.GetTeamStats("junk", "") 1567 CheckBadRequestStatus(t, resp) 1568 1569 _, resp = Client.GetTeamStats(model.NewId(), "") 1570 CheckForbiddenStatus(t, resp) 1571 1572 _, resp = th.SystemAdminClient.GetTeamStats(team.Id, "") 1573 CheckNoError(t, resp) 1574 1575 // deactivate BasicUser2 1576 th.UpdateActiveUser(th.BasicUser2, false) 1577 1578 rstats, resp = th.SystemAdminClient.GetTeamStats(team.Id, "") 1579 CheckNoError(t, resp) 1580 1581 if rstats.TotalMemberCount != 3 { 1582 t.Fatal("wrong count") 1583 } 1584 1585 if rstats.ActiveMemberCount != 2 { 1586 t.Fatal("wrong count") 1587 } 1588 1589 // login with different user and test if forbidden 1590 user := th.CreateUser() 1591 Client.Login(user.Email, user.Password) 1592 _, resp = Client.GetTeamStats(th.BasicTeam.Id, "") 1593 CheckForbiddenStatus(t, resp) 1594 1595 Client.Logout() 1596 _, resp = Client.GetTeamStats(th.BasicTeam.Id, "") 1597 CheckUnauthorizedStatus(t, resp) 1598 } 1599 1600 func TestUpdateTeamMemberRoles(t *testing.T) { 1601 th := Setup().InitBasic().InitSystemAdmin() 1602 defer th.TearDown() 1603 Client := th.Client 1604 SystemAdminClient := th.SystemAdminClient 1605 1606 const TEAM_MEMBER = "team_user" 1607 const TEAM_ADMIN = "team_user team_admin" 1608 1609 // user 1 tries to promote user 2 1610 ok, resp := Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN) 1611 CheckForbiddenStatus(t, resp) 1612 if ok { 1613 t.Fatal("should have returned false") 1614 } 1615 1616 // user 1 tries to promote himself 1617 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_ADMIN) 1618 CheckForbiddenStatus(t, resp) 1619 1620 // user 1 tries to demote someone 1621 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER) 1622 CheckForbiddenStatus(t, resp) 1623 1624 // system admin promotes user 1 1625 ok, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_ADMIN) 1626 CheckNoError(t, resp) 1627 if !ok { 1628 t.Fatal("should have returned true") 1629 } 1630 1631 // user 1 (team admin) promotes user 2 1632 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN) 1633 CheckNoError(t, resp) 1634 1635 // user 1 (team admin) demotes user 2 (team admin) 1636 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_MEMBER) 1637 CheckNoError(t, resp) 1638 1639 // user 1 (team admin) tries to demote system admin (not member of a team) 1640 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER) 1641 CheckNotFoundStatus(t, resp) 1642 1643 // user 1 (team admin) demotes system admin (member of a team) 1644 th.LinkUserToTeam(th.SystemAdminUser, th.BasicTeam) 1645 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER) 1646 CheckNoError(t, resp) 1647 // Note from API v3 1648 // Note to anyone who thinks this (above) test is wrong: 1649 // This operation will not affect the system admin's permissions because they have global access to all teams. 1650 // Their team level permissions are irrelevant. A team admin should be able to manage team level permissions. 1651 1652 // System admins should be able to manipulate permission no matter what their team level permissions are. 1653 // system admin promotes user 2 1654 _, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN) 1655 CheckNoError(t, resp) 1656 1657 // system admin demotes user 2 (team admin) 1658 _, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_MEMBER) 1659 CheckNoError(t, resp) 1660 1661 // user 1 (team admin) tries to promote himself to a random team 1662 _, resp = Client.UpdateTeamMemberRoles(model.NewId(), th.BasicUser.Id, TEAM_ADMIN) 1663 CheckForbiddenStatus(t, resp) 1664 1665 // user 1 (team admin) tries to promote a random user 1666 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, model.NewId(), TEAM_ADMIN) 1667 CheckNotFoundStatus(t, resp) 1668 1669 // user 1 (team admin) tries to promote invalid team permission 1670 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, "junk") 1671 CheckBadRequestStatus(t, resp) 1672 1673 // user 1 (team admin) demotes himself 1674 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_MEMBER) 1675 CheckNoError(t, resp) 1676 } 1677 1678 func TestUpdateTeamMemberSchemeRoles(t *testing.T) { 1679 th := Setup().InitBasic().InitSystemAdmin() 1680 defer th.TearDown() 1681 SystemAdminClient := th.SystemAdminClient 1682 th.LoginBasic() 1683 1684 s1 := &model.SchemeRoles{ 1685 SchemeAdmin: false, 1686 SchemeUser: false, 1687 } 1688 _, r1 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s1) 1689 CheckNoError(t, r1) 1690 1691 tm1, rtm1 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 1692 CheckNoError(t, rtm1) 1693 assert.Equal(t, false, tm1.SchemeUser) 1694 assert.Equal(t, false, tm1.SchemeAdmin) 1695 1696 s2 := &model.SchemeRoles{ 1697 SchemeAdmin: false, 1698 SchemeUser: true, 1699 } 1700 _, r2 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s2) 1701 CheckNoError(t, r2) 1702 1703 tm2, rtm2 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 1704 CheckNoError(t, rtm2) 1705 assert.Equal(t, true, tm2.SchemeUser) 1706 assert.Equal(t, false, tm2.SchemeAdmin) 1707 1708 s3 := &model.SchemeRoles{ 1709 SchemeAdmin: true, 1710 SchemeUser: false, 1711 } 1712 _, r3 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s3) 1713 CheckNoError(t, r3) 1714 1715 tm3, rtm3 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 1716 CheckNoError(t, rtm3) 1717 assert.Equal(t, false, tm3.SchemeUser) 1718 assert.Equal(t, true, tm3.SchemeAdmin) 1719 1720 s4 := &model.SchemeRoles{ 1721 SchemeAdmin: true, 1722 SchemeUser: true, 1723 } 1724 _, r4 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s4) 1725 CheckNoError(t, r4) 1726 1727 tm4, rtm4 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 1728 CheckNoError(t, rtm4) 1729 assert.Equal(t, true, tm4.SchemeUser) 1730 assert.Equal(t, true, tm4.SchemeAdmin) 1731 1732 _, resp := SystemAdminClient.UpdateTeamMemberSchemeRoles(model.NewId(), th.BasicUser.Id, s4) 1733 CheckNotFoundStatus(t, resp) 1734 1735 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, model.NewId(), s4) 1736 CheckNotFoundStatus(t, resp) 1737 1738 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles("ASDF", th.BasicUser.Id, s4) 1739 CheckBadRequestStatus(t, resp) 1740 1741 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, "ASDF", s4) 1742 CheckBadRequestStatus(t, resp) 1743 1744 th.LoginBasic2() 1745 _, resp = th.Client.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s4) 1746 CheckForbiddenStatus(t, resp) 1747 1748 SystemAdminClient.Logout() 1749 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, s4) 1750 CheckUnauthorizedStatus(t, resp) 1751 } 1752 1753 func TestGetMyTeamsUnread(t *testing.T) { 1754 th := Setup().InitBasic().InitSystemAdmin() 1755 defer th.TearDown() 1756 Client := th.Client 1757 1758 user := th.BasicUser 1759 Client.Login(user.Email, user.Password) 1760 1761 teams, resp := Client.GetTeamsUnreadForUser(user.Id, "") 1762 CheckNoError(t, resp) 1763 if len(teams) == 0 { 1764 t.Fatal("should have results") 1765 } 1766 1767 teams, resp = Client.GetTeamsUnreadForUser(user.Id, th.BasicTeam.Id) 1768 CheckNoError(t, resp) 1769 if len(teams) != 0 { 1770 t.Fatal("should not have results") 1771 } 1772 1773 _, resp = Client.GetTeamsUnreadForUser("fail", "") 1774 CheckBadRequestStatus(t, resp) 1775 1776 _, resp = Client.GetTeamsUnreadForUser(model.NewId(), "") 1777 CheckForbiddenStatus(t, resp) 1778 1779 Client.Logout() 1780 _, resp = Client.GetTeamsUnreadForUser(user.Id, "") 1781 CheckUnauthorizedStatus(t, resp) 1782 } 1783 1784 func TestTeamExists(t *testing.T) { 1785 th := Setup().InitBasic().InitSystemAdmin() 1786 defer th.TearDown() 1787 Client := th.Client 1788 team := th.BasicTeam 1789 1790 th.LoginBasic() 1791 1792 exists, resp := Client.TeamExists(team.Name, "") 1793 CheckNoError(t, resp) 1794 if !exists { 1795 t.Fatal("team should exist") 1796 } 1797 1798 exists, resp = Client.TeamExists("testingteam", "") 1799 CheckNoError(t, resp) 1800 if exists { 1801 t.Fatal("team should not exist") 1802 } 1803 1804 Client.Logout() 1805 _, resp = Client.TeamExists(team.Name, "") 1806 CheckUnauthorizedStatus(t, resp) 1807 } 1808 1809 func TestImportTeam(t *testing.T) { 1810 th := Setup().InitBasic().InitSystemAdmin() 1811 defer th.TearDown() 1812 1813 t.Run("ImportTeam", func(t *testing.T) { 1814 var data []byte 1815 var err error 1816 data, err = readTestFile("Fake_Team_Import.zip") 1817 if err != nil && len(data) == 0 { 1818 t.Fatal("Error while reading the test file.") 1819 } 1820 1821 // Import the channels/users/posts 1822 fileResp, resp := th.SystemAdminClient.ImportTeam(data, binary.Size(data), "slack", "Fake_Team_Import.zip", th.BasicTeam.Id) 1823 CheckNoError(t, resp) 1824 1825 fileData, err := base64.StdEncoding.DecodeString(fileResp["results"]) 1826 if err != nil { 1827 t.Fatal("failed to decode base64 results data") 1828 } 1829 1830 fileReturned := fmt.Sprintf("%s", fileData) 1831 if !strings.Contains(fileReturned, "darth.vader@stardeath.com") { 1832 t.Log(fileReturned) 1833 t.Fatal("failed to report the user was imported") 1834 } 1835 1836 // Checking the imported users 1837 importedUser, resp := th.SystemAdminClient.GetUserByUsername("bot_test", "") 1838 CheckNoError(t, resp) 1839 if importedUser.Username != "bot_test" { 1840 t.Fatal("username should match with the imported user") 1841 } 1842 1843 importedUser, resp = th.SystemAdminClient.GetUserByUsername("lordvader", "") 1844 CheckNoError(t, resp) 1845 if importedUser.Username != "lordvader" { 1846 t.Fatal("username should match with the imported user") 1847 } 1848 1849 // Checking the imported Channels 1850 importedChannel, resp := th.SystemAdminClient.GetChannelByName("testchannel", th.BasicTeam.Id, "") 1851 CheckNoError(t, resp) 1852 if importedChannel.Name != "testchannel" { 1853 t.Fatal("names did not match expected: testchannel") 1854 } 1855 1856 importedChannel, resp = th.SystemAdminClient.GetChannelByName("general", th.BasicTeam.Id, "") 1857 CheckNoError(t, resp) 1858 if importedChannel.Name != "general" { 1859 t.Fatal("names did not match expected: general") 1860 } 1861 1862 posts, resp := th.SystemAdminClient.GetPostsForChannel(importedChannel.Id, 0, 60, "") 1863 CheckNoError(t, resp) 1864 if posts.Posts[posts.Order[3]].Message != "This is a test post to test the import process" { 1865 t.Fatal("missing posts in the import process") 1866 } 1867 }) 1868 1869 t.Run("MissingFile", func(t *testing.T) { 1870 _, resp := th.SystemAdminClient.ImportTeam(nil, 4343, "slack", "Fake_Team_Import.zip", th.BasicTeam.Id) 1871 CheckBadRequestStatus(t, resp) 1872 }) 1873 1874 t.Run("WrongPermission", func(t *testing.T) { 1875 var data []byte 1876 var err error 1877 data, err = readTestFile("Fake_Team_Import.zip") 1878 if err != nil && len(data) == 0 { 1879 t.Fatal("Error while reading the test file.") 1880 } 1881 1882 // Import the channels/users/posts 1883 _, resp := th.Client.ImportTeam(data, binary.Size(data), "slack", "Fake_Team_Import.zip", th.BasicTeam.Id) 1884 CheckForbiddenStatus(t, resp) 1885 }) 1886 } 1887 1888 func TestInviteUsersToTeam(t *testing.T) { 1889 th := Setup().InitBasic().InitSystemAdmin() 1890 defer th.TearDown() 1891 1892 user1 := th.GenerateTestEmail() 1893 user2 := th.GenerateTestEmail() 1894 1895 emailList := []string{user1, user2} 1896 1897 //Delete all the messages before check the sample email 1898 mailservice.DeleteMailBox(user1) 1899 mailservice.DeleteMailBox(user2) 1900 1901 enableEmailInvitations := *th.App.Config().ServiceSettings.EnableEmailInvitations 1902 restrictCreationToDomains := th.App.Config().TeamSettings.RestrictCreationToDomains 1903 defer func() { 1904 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableEmailInvitations = &enableEmailInvitations }) 1905 th.App.UpdateConfig(func(cfg *model.Config) { cfg.TeamSettings.RestrictCreationToDomains = restrictCreationToDomains }) 1906 }() 1907 1908 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableEmailInvitations = false }) 1909 _, resp := th.SystemAdminClient.InviteUsersToTeam(th.BasicTeam.Id, emailList) 1910 if resp.Error == nil { 1911 t.Fatal("Should be disabled") 1912 } 1913 1914 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableEmailInvitations = true }) 1915 okMsg, resp := th.SystemAdminClient.InviteUsersToTeam(th.BasicTeam.Id, emailList) 1916 CheckNoError(t, resp) 1917 if !okMsg { 1918 t.Fatal("should return true") 1919 } 1920 1921 nameFormat := *th.App.Config().TeamSettings.TeammateNameDisplay 1922 expectedSubject := utils.T("api.templates.invite_subject", 1923 map[string]interface{}{"SenderName": th.SystemAdminUser.GetDisplayName(nameFormat), 1924 "TeamDisplayName": th.BasicTeam.DisplayName, 1925 "SiteName": th.App.ClientConfig()["SiteName"]}) 1926 1927 //Check if the email was send to the rigth email address 1928 for _, email := range emailList { 1929 var resultsMailbox mailservice.JSONMessageHeaderInbucket 1930 err := mailservice.RetryInbucket(5, func() error { 1931 var err error 1932 resultsMailbox, err = mailservice.GetMailBox(email) 1933 return err 1934 }) 1935 if err != nil { 1936 t.Log(err) 1937 t.Log("No email was received, maybe due load on the server. Disabling this verification") 1938 } 1939 if err == nil && len(resultsMailbox) > 0 { 1940 if !strings.ContainsAny(resultsMailbox[len(resultsMailbox)-1].To[0], email) { 1941 t.Fatal("Wrong To recipient") 1942 } else { 1943 if resultsEmail, err := mailservice.GetMessageFromMailbox(email, resultsMailbox[len(resultsMailbox)-1].ID); err == nil { 1944 if resultsEmail.Subject != expectedSubject { 1945 t.Log(resultsEmail.Subject) 1946 t.Log(expectedSubject) 1947 t.Fatal("Wrong Subject") 1948 } 1949 } 1950 } 1951 } 1952 } 1953 1954 th.App.UpdateConfig(func(cfg *model.Config) { cfg.TeamSettings.RestrictCreationToDomains = "@global.com,@common.com" }) 1955 1956 t.Run("restricted domains", func(t *testing.T) { 1957 err := th.App.InviteNewUsersToTeam(emailList, th.BasicTeam.Id, th.BasicUser.Id) 1958 1959 if err == nil { 1960 t.Fatal("Adding users with non-restricted domains was allowed") 1961 } 1962 if err.Where != "InviteNewUsersToTeam" || err.Id != "api.team.invite_members.invalid_email.app_error" { 1963 t.Log(err) 1964 t.Fatal("Got wrong error message!") 1965 } 1966 }) 1967 1968 t.Run("override restricted domains", func(t *testing.T) { 1969 th.BasicTeam.AllowedDomains = "invalid.com,common.com" 1970 if _, err := th.App.UpdateTeam(th.BasicTeam); err == nil { 1971 t.Fatal("Should not update the team") 1972 } 1973 1974 th.BasicTeam.AllowedDomains = "common.com" 1975 if _, err := th.App.UpdateTeam(th.BasicTeam); err != nil { 1976 t.Log(err) 1977 t.Fatal("Should update the team") 1978 } 1979 1980 if err := th.App.InviteNewUsersToTeam([]string{"test@global.com"}, th.BasicTeam.Id, th.BasicUser.Id); err == nil || err.Where != "InviteNewUsersToTeam" { 1981 t.Log(err) 1982 t.Fatal("Per team restriction should take precedence over the global restriction") 1983 } 1984 1985 if err := th.App.InviteNewUsersToTeam([]string{"test@common.com"}, th.BasicTeam.Id, th.BasicUser.Id); err != nil { 1986 t.Log(err) 1987 t.Fatal("Failed to invite user which was common between team and global domain restriction") 1988 } 1989 1990 if err := th.App.InviteNewUsersToTeam([]string{"test@invalid.com"}, th.BasicTeam.Id, th.BasicUser.Id); err == nil { 1991 t.Log(err) 1992 t.Fatal("Should not invite user") 1993 } 1994 1995 }) 1996 } 1997 1998 func TestGetTeamInviteInfo(t *testing.T) { 1999 th := Setup().InitBasic().InitSystemAdmin() 2000 defer th.TearDown() 2001 Client := th.Client 2002 team := th.BasicTeam 2003 2004 team, resp := Client.GetTeamInviteInfo(team.InviteId) 2005 CheckNoError(t, resp) 2006 2007 if team.DisplayName == "" { 2008 t.Fatal("should not be empty") 2009 } 2010 2011 if team.Email != "" { 2012 t.Fatal("should be empty") 2013 } 2014 2015 team.InviteId = "12345678901234567890123456789012" 2016 team, resp = th.SystemAdminClient.UpdateTeam(team) 2017 CheckNoError(t, resp) 2018 2019 _, resp = Client.GetTeamInviteInfo(team.InviteId) 2020 CheckNoError(t, resp) 2021 2022 _, resp = Client.GetTeamInviteInfo("junk") 2023 CheckNotFoundStatus(t, resp) 2024 } 2025 2026 func TestSetTeamIcon(t *testing.T) { 2027 th := Setup().InitBasic().InitSystemAdmin() 2028 defer th.TearDown() 2029 Client := th.Client 2030 team := th.BasicTeam 2031 2032 data, err := readTestFile("test.png") 2033 if err != nil { 2034 t.Fatal(err) 2035 } 2036 2037 th.LoginTeamAdmin() 2038 2039 ok, resp := Client.SetTeamIcon(team.Id, data) 2040 if !ok { 2041 t.Fatal(resp.Error) 2042 } 2043 CheckNoError(t, resp) 2044 2045 ok, resp = Client.SetTeamIcon(model.NewId(), data) 2046 if ok { 2047 t.Fatal("Should return false, set team icon not allowed") 2048 } 2049 CheckForbiddenStatus(t, resp) 2050 2051 th.LoginBasic() 2052 2053 _, resp = Client.SetTeamIcon(team.Id, data) 2054 if resp.StatusCode == http.StatusForbidden { 2055 CheckForbiddenStatus(t, resp) 2056 } else if resp.StatusCode == http.StatusUnauthorized { 2057 CheckUnauthorizedStatus(t, resp) 2058 } else { 2059 t.Fatal("Should have failed either forbidden or unauthorized") 2060 } 2061 2062 Client.Logout() 2063 2064 _, resp = Client.SetTeamIcon(team.Id, data) 2065 if resp.StatusCode == http.StatusForbidden { 2066 CheckForbiddenStatus(t, resp) 2067 } else if resp.StatusCode == http.StatusUnauthorized { 2068 CheckUnauthorizedStatus(t, resp) 2069 } else { 2070 t.Fatal("Should have failed either forbidden or unauthorized") 2071 } 2072 2073 teamBefore, err := th.App.GetTeam(team.Id) 2074 require.Nil(t, err) 2075 2076 _, resp = th.SystemAdminClient.SetTeamIcon(team.Id, data) 2077 CheckNoError(t, resp) 2078 2079 teamAfter, err := th.App.GetTeam(team.Id) 2080 require.Nil(t, err) 2081 assert.True(t, teamBefore.LastTeamIconUpdate < teamAfter.LastTeamIconUpdate, "LastTeamIconUpdate should have been updated for team") 2082 2083 info := &model.FileInfo{Path: "teams/" + team.Id + "/teamIcon.png"} 2084 if err := th.cleanupTestFile(info); err != nil { 2085 t.Fatal(err) 2086 } 2087 } 2088 2089 func TestGetTeamIcon(t *testing.T) { 2090 th := Setup().InitBasic().InitSystemAdmin() 2091 defer th.TearDown() 2092 Client := th.Client 2093 team := th.BasicTeam 2094 2095 // should always fail because no initial image and no auto creation 2096 _, resp := Client.GetTeamIcon(team.Id, "") 2097 CheckNotFoundStatus(t, resp) 2098 2099 Client.Logout() 2100 2101 _, resp = Client.GetTeamIcon(team.Id, "") 2102 CheckUnauthorizedStatus(t, resp) 2103 } 2104 2105 func TestRemoveTeamIcon(t *testing.T) { 2106 th := Setup().InitBasic().InitSystemAdmin() 2107 defer th.TearDown() 2108 Client := th.Client 2109 team := th.BasicTeam 2110 2111 th.LoginTeamAdmin() 2112 data, _ := readTestFile("test.png") 2113 Client.SetTeamIcon(team.Id, data) 2114 2115 _, resp := Client.RemoveTeamIcon(team.Id) 2116 CheckNoError(t, resp) 2117 teamAfter, _ := th.App.GetTeam(team.Id) 2118 if teamAfter.LastTeamIconUpdate != 0 { 2119 t.Fatal("should update LastTeamIconUpdate to 0") 2120 } 2121 2122 Client.SetTeamIcon(team.Id, data) 2123 2124 _, resp = th.SystemAdminClient.RemoveTeamIcon(team.Id) 2125 CheckNoError(t, resp) 2126 teamAfter, _ = th.App.GetTeam(team.Id) 2127 if teamAfter.LastTeamIconUpdate != 0 { 2128 t.Fatal("should update LastTeamIconUpdate to 0") 2129 } 2130 2131 Client.SetTeamIcon(team.Id, data) 2132 Client.Logout() 2133 2134 _, resp = Client.RemoveTeamIcon(team.Id) 2135 CheckUnauthorizedStatus(t, resp) 2136 2137 th.LoginBasic() 2138 _, resp = Client.RemoveTeamIcon(team.Id) 2139 CheckForbiddenStatus(t, resp) 2140 } 2141 2142 func TestUpdateTeamScheme(t *testing.T) { 2143 th := Setup().InitBasic().InitSystemAdmin() 2144 defer th.TearDown() 2145 2146 th.App.SetLicense(model.NewTestLicense("")) 2147 2148 th.App.SetPhase2PermissionsMigrationStatus(true) 2149 2150 team := &model.Team{ 2151 DisplayName: "Name", 2152 Description: "Some description", 2153 CompanyName: "Some company name", 2154 AllowOpenInvite: false, 2155 InviteId: "inviteid0", 2156 Name: "z-z-" + model.NewId() + "a", 2157 Email: "success+" + model.NewId() + "@simulator.amazonses.com", 2158 Type: model.TEAM_OPEN, 2159 } 2160 team, _ = th.SystemAdminClient.CreateTeam(team) 2161 2162 teamScheme := &model.Scheme{ 2163 DisplayName: "DisplayName", 2164 Name: model.NewId(), 2165 Description: "Some description", 2166 Scope: model.SCHEME_SCOPE_TEAM, 2167 } 2168 teamScheme, _ = th.SystemAdminClient.CreateScheme(teamScheme) 2169 channelScheme := &model.Scheme{ 2170 DisplayName: "DisplayName", 2171 Name: model.NewId(), 2172 Description: "Some description", 2173 Scope: model.SCHEME_SCOPE_CHANNEL, 2174 } 2175 channelScheme, _ = th.SystemAdminClient.CreateScheme(channelScheme) 2176 2177 // Test the setup/base case. 2178 _, resp := th.SystemAdminClient.UpdateTeamScheme(team.Id, teamScheme.Id) 2179 CheckNoError(t, resp) 2180 2181 // Test the return to default scheme 2182 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, "") 2183 CheckNoError(t, resp) 2184 2185 // Test various invalid team and scheme id combinations. 2186 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, "x") 2187 CheckBadRequestStatus(t, resp) 2188 _, resp = th.SystemAdminClient.UpdateTeamScheme("x", teamScheme.Id) 2189 CheckBadRequestStatus(t, resp) 2190 _, resp = th.SystemAdminClient.UpdateTeamScheme("x", "x") 2191 CheckBadRequestStatus(t, resp) 2192 2193 // Test that permissions are required. 2194 _, resp = th.Client.UpdateTeamScheme(team.Id, teamScheme.Id) 2195 CheckForbiddenStatus(t, resp) 2196 2197 // Test that a license is requried. 2198 th.App.SetLicense(nil) 2199 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, teamScheme.Id) 2200 CheckNotImplementedStatus(t, resp) 2201 th.App.SetLicense(model.NewTestLicense("")) 2202 2203 // Test an invalid scheme scope. 2204 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, channelScheme.Id) 2205 fmt.Printf("resp: %+v\n", resp) 2206 CheckBadRequestStatus(t, resp) 2207 2208 // Test that an unauthenticated user gets rejected. 2209 th.SystemAdminClient.Logout() 2210 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, teamScheme.Id) 2211 CheckUnauthorizedStatus(t, resp) 2212 }