github.com/turgay/mattermost-server@v5.3.2-0.20181002173352-2945e8a2b0ce+incompatible/api4/webhook_test.go (about)

     1  // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
     2  // See License.txt for license information.
     3  
     4  package api4
     5  
     6  import (
     7  	"testing"
     8  
     9  	"github.com/stretchr/testify/assert"
    10  
    11  	"github.com/mattermost/mattermost-server/model"
    12  )
    13  
    14  func TestCreateIncomingWebhook(t *testing.T) {
    15  	th := Setup().InitBasic().InitSystemAdmin()
    16  	defer th.TearDown()
    17  	Client := th.Client
    18  
    19  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = true })
    20  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnablePostUsernameOverride = true })
    21  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnablePostIconOverride = true })
    22  
    23  	defaultRolePermissions := th.SaveDefaultRolePermissions()
    24  	defer func() {
    25  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
    26  	}()
    27  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
    28  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
    29  
    30  	hook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
    31  
    32  	rhook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook)
    33  	CheckNoError(t, resp)
    34  
    35  	if rhook.ChannelId != hook.ChannelId {
    36  		t.Fatal("channel ids didn't match")
    37  	}
    38  
    39  	if rhook.UserId != th.SystemAdminUser.Id {
    40  		t.Fatal("user ids didn't match")
    41  	}
    42  
    43  	if rhook.TeamId != th.BasicTeam.Id {
    44  		t.Fatal("team ids didn't match")
    45  	}
    46  
    47  	hook.ChannelId = "junk"
    48  	_, resp = th.SystemAdminClient.CreateIncomingWebhook(hook)
    49  	CheckNotFoundStatus(t, resp)
    50  
    51  	hook.ChannelId = th.BasicChannel.Id
    52  	th.LoginTeamAdmin()
    53  	_, resp = Client.CreateIncomingWebhook(hook)
    54  	CheckNoError(t, resp)
    55  
    56  	th.LoginBasic()
    57  	_, resp = Client.CreateIncomingWebhook(hook)
    58  	CheckForbiddenStatus(t, resp)
    59  
    60  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
    61  
    62  	_, resp = Client.CreateIncomingWebhook(hook)
    63  	CheckNoError(t, resp)
    64  
    65  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnablePostUsernameOverride = false })
    66  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnablePostIconOverride = false })
    67  
    68  	_, resp = Client.CreateIncomingWebhook(hook)
    69  	CheckNoError(t, resp)
    70  
    71  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = false })
    72  	_, resp = Client.CreateIncomingWebhook(hook)
    73  	CheckNotImplementedStatus(t, resp)
    74  }
    75  
    76  func TestGetIncomingWebhooks(t *testing.T) {
    77  	th := Setup().InitBasic().InitSystemAdmin()
    78  	defer th.TearDown()
    79  	Client := th.Client
    80  
    81  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = true })
    82  
    83  	defaultRolePermissions := th.SaveDefaultRolePermissions()
    84  	defer func() {
    85  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
    86  	}()
    87  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
    88  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
    89  
    90  	hook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
    91  	rhook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook)
    92  	CheckNoError(t, resp)
    93  
    94  	hooks, resp := th.SystemAdminClient.GetIncomingWebhooks(0, 1000, "")
    95  	CheckNoError(t, resp)
    96  
    97  	found := false
    98  	for _, h := range hooks {
    99  		if rhook.Id == h.Id {
   100  			found = true
   101  		}
   102  	}
   103  
   104  	if !found {
   105  		t.Fatal("missing hook")
   106  	}
   107  
   108  	hooks, resp = th.SystemAdminClient.GetIncomingWebhooks(0, 1, "")
   109  	CheckNoError(t, resp)
   110  
   111  	if len(hooks) != 1 {
   112  		t.Fatal("should only be 1")
   113  	}
   114  
   115  	hooks, resp = th.SystemAdminClient.GetIncomingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "")
   116  	CheckNoError(t, resp)
   117  
   118  	found = false
   119  	for _, h := range hooks {
   120  		if rhook.Id == h.Id {
   121  			found = true
   122  		}
   123  	}
   124  
   125  	if !found {
   126  		t.Fatal("missing hook")
   127  	}
   128  
   129  	hooks, resp = th.SystemAdminClient.GetIncomingWebhooksForTeam(model.NewId(), 0, 1000, "")
   130  	CheckNoError(t, resp)
   131  
   132  	if len(hooks) != 0 {
   133  		t.Fatal("no hooks should be returned")
   134  	}
   135  
   136  	_, resp = Client.GetIncomingWebhooks(0, 1000, "")
   137  	CheckForbiddenStatus(t, resp)
   138  
   139  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   140  
   141  	_, resp = Client.GetIncomingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "")
   142  	CheckNoError(t, resp)
   143  
   144  	_, resp = Client.GetIncomingWebhooksForTeam(model.NewId(), 0, 1000, "")
   145  	CheckForbiddenStatus(t, resp)
   146  
   147  	_, resp = Client.GetIncomingWebhooks(0, 1000, "")
   148  	CheckForbiddenStatus(t, resp)
   149  
   150  	Client.Logout()
   151  	_, resp = Client.GetIncomingWebhooks(0, 1000, "")
   152  	CheckUnauthorizedStatus(t, resp)
   153  }
   154  
   155  func TestGetIncomingWebhook(t *testing.T) {
   156  	th := Setup().InitBasic().InitSystemAdmin()
   157  	defer th.TearDown()
   158  	Client := th.SystemAdminClient
   159  
   160  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = true })
   161  
   162  	var resp *model.Response
   163  	var rhook *model.IncomingWebhook
   164  	var hook *model.IncomingWebhook
   165  
   166  	t.Run("WhenHookExists", func(t *testing.T) {
   167  		hook = &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
   168  		rhook, resp = Client.CreateIncomingWebhook(hook)
   169  		CheckNoError(t, resp)
   170  
   171  		hook, resp = Client.GetIncomingWebhook(rhook.Id, "")
   172  		CheckOKStatus(t, resp)
   173  	})
   174  
   175  	t.Run("WhenHookDoesNotExist", func(t *testing.T) {
   176  		hook, resp = Client.GetIncomingWebhook(model.NewId(), "")
   177  		CheckNotFoundStatus(t, resp)
   178  	})
   179  
   180  	t.Run("WhenInvalidHookID", func(t *testing.T) {
   181  		hook, resp = Client.GetIncomingWebhook("abc", "")
   182  		CheckBadRequestStatus(t, resp)
   183  	})
   184  
   185  	t.Run("WhenUserDoesNotHavePemissions", func(t *testing.T) {
   186  		th.LoginBasic()
   187  		Client = th.Client
   188  
   189  		_, resp = Client.GetIncomingWebhook(rhook.Id, "")
   190  		CheckForbiddenStatus(t, resp)
   191  	})
   192  }
   193  
   194  func TestDeleteIncomingWebhook(t *testing.T) {
   195  	th := Setup().InitBasic().InitSystemAdmin()
   196  	defer th.TearDown()
   197  	Client := th.SystemAdminClient
   198  
   199  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = true })
   200  
   201  	var resp *model.Response
   202  	var rhook *model.IncomingWebhook
   203  	var hook *model.IncomingWebhook
   204  	var status bool
   205  
   206  	t.Run("WhenInvalidHookID", func(t *testing.T) {
   207  		status, resp = Client.DeleteIncomingWebhook("abc")
   208  		CheckBadRequestStatus(t, resp)
   209  	})
   210  
   211  	t.Run("WhenHookDoesNotExist", func(t *testing.T) {
   212  		status, resp = Client.DeleteIncomingWebhook(model.NewId())
   213  		CheckNotFoundStatus(t, resp)
   214  	})
   215  
   216  	t.Run("WhenHookExists", func(t *testing.T) {
   217  		hook = &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
   218  		rhook, resp = Client.CreateIncomingWebhook(hook)
   219  		CheckNoError(t, resp)
   220  
   221  		if status, resp = Client.DeleteIncomingWebhook(rhook.Id); !status {
   222  			t.Fatal("Delete should have succeeded")
   223  		} else {
   224  			CheckOKStatus(t, resp)
   225  		}
   226  
   227  		// Get now should not return this deleted hook
   228  		_, resp = Client.GetIncomingWebhook(rhook.Id, "")
   229  		CheckNotFoundStatus(t, resp)
   230  	})
   231  
   232  	t.Run("WhenUserDoesNotHavePemissions", func(t *testing.T) {
   233  		hook = &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
   234  		rhook, resp = Client.CreateIncomingWebhook(hook)
   235  		CheckNoError(t, resp)
   236  
   237  		th.LoginBasic()
   238  		Client = th.Client
   239  
   240  		_, resp = Client.DeleteIncomingWebhook(rhook.Id)
   241  		CheckForbiddenStatus(t, resp)
   242  	})
   243  }
   244  
   245  func TestCreateOutgoingWebhook(t *testing.T) {
   246  	th := Setup().InitBasic().InitSystemAdmin()
   247  	defer th.TearDown()
   248  	Client := th.Client
   249  
   250  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOutgoingWebhooks = true })
   251  
   252  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   253  	defer func() {
   254  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   255  	}()
   256  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   257  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   258  
   259  	hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}, Username: "some-user-name", IconURL: "http://some-icon-url/"}
   260  
   261  	rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook)
   262  	CheckNoError(t, resp)
   263  
   264  	if rhook.ChannelId != hook.ChannelId {
   265  		t.Fatal("channel ids didn't match")
   266  	} else if rhook.CreatorId != th.SystemAdminUser.Id {
   267  		t.Fatal("user ids didn't match")
   268  	} else if rhook.TeamId != th.BasicChannel.TeamId {
   269  		t.Fatal("team ids didn't match")
   270  	}
   271  
   272  	hook.ChannelId = "junk"
   273  	_, resp = th.SystemAdminClient.CreateOutgoingWebhook(hook)
   274  	CheckNotFoundStatus(t, resp)
   275  
   276  	hook.ChannelId = th.BasicChannel.Id
   277  	th.LoginTeamAdmin()
   278  	_, resp = Client.CreateOutgoingWebhook(hook)
   279  	CheckNoError(t, resp)
   280  
   281  	th.LoginBasic()
   282  	_, resp = Client.CreateOutgoingWebhook(hook)
   283  	CheckForbiddenStatus(t, resp)
   284  
   285  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   286  
   287  	_, resp = Client.CreateOutgoingWebhook(hook)
   288  	CheckNoError(t, resp)
   289  
   290  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOutgoingWebhooks = false })
   291  	_, resp = Client.CreateOutgoingWebhook(hook)
   292  	CheckNotImplementedStatus(t, resp)
   293  }
   294  
   295  func TestGetOutgoingWebhooks(t *testing.T) {
   296  	th := Setup().InitBasic().InitSystemAdmin()
   297  	defer th.TearDown()
   298  	Client := th.Client
   299  
   300  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOutgoingWebhooks = true })
   301  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   302  	defer func() {
   303  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   304  	}()
   305  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   306  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   307  
   308  	hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}}
   309  	rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook)
   310  	CheckNoError(t, resp)
   311  
   312  	hooks, resp := th.SystemAdminClient.GetOutgoingWebhooks(0, 1000, "")
   313  	CheckNoError(t, resp)
   314  
   315  	found := false
   316  	for _, h := range hooks {
   317  		if rhook.Id == h.Id {
   318  			found = true
   319  		}
   320  	}
   321  
   322  	if !found {
   323  		t.Fatal("missing hook")
   324  	}
   325  
   326  	hooks, resp = th.SystemAdminClient.GetOutgoingWebhooks(0, 1, "")
   327  	CheckNoError(t, resp)
   328  
   329  	if len(hooks) != 1 {
   330  		t.Fatal("should only be 1")
   331  	}
   332  
   333  	hooks, resp = th.SystemAdminClient.GetOutgoingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "")
   334  	CheckNoError(t, resp)
   335  
   336  	found = false
   337  	for _, h := range hooks {
   338  		if rhook.Id == h.Id {
   339  			found = true
   340  		}
   341  	}
   342  
   343  	if !found {
   344  		t.Fatal("missing hook")
   345  	}
   346  
   347  	hooks, resp = th.SystemAdminClient.GetOutgoingWebhooksForTeam(model.NewId(), 0, 1000, "")
   348  	CheckNoError(t, resp)
   349  
   350  	if len(hooks) != 0 {
   351  		t.Fatal("no hooks should be returned")
   352  	}
   353  
   354  	hooks, resp = th.SystemAdminClient.GetOutgoingWebhooksForChannel(th.BasicChannel.Id, 0, 1000, "")
   355  	CheckNoError(t, resp)
   356  
   357  	found = false
   358  	for _, h := range hooks {
   359  		if rhook.Id == h.Id {
   360  			found = true
   361  		}
   362  	}
   363  
   364  	if !found {
   365  		t.Fatal("missing hook")
   366  	}
   367  
   368  	_, resp = th.SystemAdminClient.GetOutgoingWebhooksForChannel(model.NewId(), 0, 1000, "")
   369  	CheckForbiddenStatus(t, resp)
   370  
   371  	_, resp = Client.GetOutgoingWebhooks(0, 1000, "")
   372  	CheckForbiddenStatus(t, resp)
   373  
   374  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   375  
   376  	_, resp = Client.GetOutgoingWebhooksForTeam(th.BasicTeam.Id, 0, 1000, "")
   377  	CheckNoError(t, resp)
   378  
   379  	_, resp = Client.GetOutgoingWebhooksForTeam(model.NewId(), 0, 1000, "")
   380  	CheckForbiddenStatus(t, resp)
   381  
   382  	_, resp = Client.GetOutgoingWebhooksForChannel(th.BasicChannel.Id, 0, 1000, "")
   383  	CheckNoError(t, resp)
   384  
   385  	_, resp = Client.GetOutgoingWebhooksForChannel(model.NewId(), 0, 1000, "")
   386  	CheckForbiddenStatus(t, resp)
   387  
   388  	_, resp = Client.GetOutgoingWebhooks(0, 1000, "")
   389  	CheckForbiddenStatus(t, resp)
   390  
   391  	Client.Logout()
   392  	_, resp = Client.GetOutgoingWebhooks(0, 1000, "")
   393  	CheckUnauthorizedStatus(t, resp)
   394  }
   395  
   396  func TestGetOutgoingWebhook(t *testing.T) {
   397  	th := Setup().InitBasic().InitSystemAdmin()
   398  	defer th.TearDown()
   399  	Client := th.Client
   400  
   401  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOutgoingWebhooks = true })
   402  
   403  	hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}}
   404  
   405  	rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook)
   406  	CheckNoError(t, resp)
   407  
   408  	getHook, resp := th.SystemAdminClient.GetOutgoingWebhook(rhook.Id)
   409  	CheckNoError(t, resp)
   410  	if getHook.Id != rhook.Id {
   411  		t.Fatal("failed to retrieve the correct outgoing hook")
   412  	}
   413  
   414  	_, resp = Client.GetOutgoingWebhook(rhook.Id)
   415  	CheckForbiddenStatus(t, resp)
   416  
   417  	nonExistentHook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id}
   418  	_, resp = th.SystemAdminClient.GetOutgoingWebhook(nonExistentHook.Id)
   419  	CheckNotFoundStatus(t, resp)
   420  
   421  	nonExistentHook.Id = model.NewId()
   422  	_, resp = th.SystemAdminClient.GetOutgoingWebhook(nonExistentHook.Id)
   423  	CheckInternalErrorStatus(t, resp)
   424  }
   425  
   426  func TestUpdateIncomingHook(t *testing.T) {
   427  	th := Setup().InitBasic().InitSystemAdmin()
   428  	defer th.TearDown()
   429  	Client := th.Client
   430  
   431  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = true })
   432  
   433  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   434  	defer func() {
   435  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   436  	}()
   437  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   438  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   439  
   440  	hook1 := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
   441  
   442  	createdHook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook1)
   443  	CheckNoError(t, resp)
   444  
   445  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnablePostUsernameOverride = false })
   446  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnablePostIconOverride = false })
   447  
   448  	t.Run("UpdateIncomingHook, overrides disabled", func(t *testing.T) {
   449  		createdHook.DisplayName = "hook2"
   450  		createdHook.Description = "description"
   451  		createdHook.ChannelId = th.BasicChannel2.Id
   452  		createdHook.Username = "username"
   453  		createdHook.IconURL = "icon"
   454  
   455  		updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
   456  		CheckNoError(t, resp)
   457  		if updatedHook != nil {
   458  			if updatedHook.DisplayName != "hook2" {
   459  				t.Fatal("Hook name is not updated")
   460  			}
   461  
   462  			if updatedHook.Description != "description" {
   463  				t.Fatal("Hook description is not updated")
   464  			}
   465  
   466  			if updatedHook.ChannelId != th.BasicChannel2.Id {
   467  				t.Fatal("Hook channel is not updated")
   468  			}
   469  
   470  			if updatedHook.Username != "" {
   471  				t.Fatal("Hook username was incorrectly updated")
   472  			}
   473  
   474  			if updatedHook.IconURL != "" {
   475  				t.Fatal("Hook icon was incorrectly updated")
   476  			}
   477  		} else {
   478  			t.Fatal("should not be nil")
   479  		}
   480  
   481  		//updatedHook, _ = th.App.GetIncomingWebhook(createdHook.Id)
   482  		assert.Equal(t, updatedHook.ChannelId, createdHook.ChannelId)
   483  	})
   484  
   485  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnablePostUsernameOverride = true })
   486  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnablePostIconOverride = true })
   487  
   488  	t.Run("UpdateIncomingHook", func(t *testing.T) {
   489  		createdHook.DisplayName = "hook2"
   490  		createdHook.Description = "description"
   491  		createdHook.ChannelId = th.BasicChannel2.Id
   492  		createdHook.Username = "username"
   493  		createdHook.IconURL = "icon"
   494  
   495  		updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
   496  		CheckNoError(t, resp)
   497  		if updatedHook != nil {
   498  			if updatedHook.DisplayName != "hook2" {
   499  				t.Fatal("Hook name is not updated")
   500  			}
   501  
   502  			if updatedHook.Description != "description" {
   503  				t.Fatal("Hook description is not updated")
   504  			}
   505  
   506  			if updatedHook.ChannelId != th.BasicChannel2.Id {
   507  				t.Fatal("Hook channel is not updated")
   508  			}
   509  
   510  			if updatedHook.Username != "username" {
   511  				t.Fatal("Hook username is not updated")
   512  			}
   513  
   514  			if updatedHook.IconURL != "icon" {
   515  				t.Fatal("Hook icon is not updated")
   516  			}
   517  		} else {
   518  			t.Fatal("should not be nil")
   519  		}
   520  
   521  		//updatedHook, _ = th.App.GetIncomingWebhook(createdHook.Id)
   522  		assert.Equal(t, updatedHook.ChannelId, createdHook.ChannelId)
   523  	})
   524  
   525  	t.Run("RetainCreateAt", func(t *testing.T) {
   526  		hook2 := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id, CreateAt: 100}
   527  
   528  		createdHook, resp := th.SystemAdminClient.CreateIncomingWebhook(hook2)
   529  		CheckNoError(t, resp)
   530  
   531  		createdHook.DisplayName = "Name2"
   532  
   533  		updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
   534  		CheckNoError(t, resp)
   535  		if updatedHook != nil {
   536  			if updatedHook.CreateAt != createdHook.CreateAt {
   537  				t.Fatal("failed - hook create at should not be changed")
   538  			}
   539  		} else {
   540  			t.Fatal("should not be nil")
   541  		}
   542  	})
   543  
   544  	t.Run("ModifyUpdateAt", func(t *testing.T) {
   545  		createdHook.DisplayName = "Name3"
   546  
   547  		updatedHook, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
   548  		CheckNoError(t, resp)
   549  		if updatedHook != nil {
   550  			if updatedHook.UpdateAt == createdHook.UpdateAt {
   551  				t.Fatal("failed - hook updateAt is not updated")
   552  			}
   553  		} else {
   554  			t.Fatal("should not be nil")
   555  		}
   556  	})
   557  
   558  	t.Run("UpdateNonExistentHook", func(t *testing.T) {
   559  		nonExistentHook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id}
   560  
   561  		_, resp := th.SystemAdminClient.UpdateIncomingWebhook(nonExistentHook)
   562  		CheckNotFoundStatus(t, resp)
   563  
   564  		nonExistentHook.Id = model.NewId()
   565  		_, resp = th.SystemAdminClient.UpdateIncomingWebhook(nonExistentHook)
   566  		CheckNotFoundStatus(t, resp)
   567  	})
   568  
   569  	t.Run("UserIsNotAdminOfTeam", func(t *testing.T) {
   570  		_, resp := Client.UpdateIncomingWebhook(createdHook)
   571  		CheckForbiddenStatus(t, resp)
   572  	})
   573  
   574  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   575  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   576  
   577  	t.Run("OnlyAdminIntegrationsDisabled", func(t *testing.T) {
   578  		th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   579  
   580  		t.Run("UpdateHookOfSameUser", func(t *testing.T) {
   581  			sameUserHook := &model.IncomingWebhook{ChannelId: th.BasicChannel.Id, UserId: th.BasicUser2.Id}
   582  
   583  			sameUserHook, resp := Client.CreateIncomingWebhook(sameUserHook)
   584  			CheckNoError(t, resp)
   585  
   586  			_, resp = Client.UpdateIncomingWebhook(sameUserHook)
   587  			CheckNoError(t, resp)
   588  		})
   589  
   590  		t.Run("UpdateHookOfDifferentUser", func(t *testing.T) {
   591  			_, resp := Client.UpdateIncomingWebhook(createdHook)
   592  			CheckForbiddenStatus(t, resp)
   593  		})
   594  	})
   595  
   596  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   597  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   598  
   599  	Client.Logout()
   600  	th.UpdateUserToTeamAdmin(th.BasicUser2, th.BasicTeam)
   601  	th.LoginBasic2()
   602  	t.Run("UpdateByDifferentUser", func(t *testing.T) {
   603  		updatedHook, resp := Client.UpdateIncomingWebhook(createdHook)
   604  		CheckNoError(t, resp)
   605  		if updatedHook.UserId == th.BasicUser2.Id {
   606  			t.Fatal("Hook's creator userId is not retained")
   607  		}
   608  	})
   609  
   610  	t.Run("IncomingHooksDisabled", func(t *testing.T) {
   611  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = false })
   612  		_, resp := Client.UpdateIncomingWebhook(createdHook)
   613  		CheckNotImplementedStatus(t, resp)
   614  		CheckErrorMessage(t, resp, "api.incoming_webhook.disabled.app_error")
   615  	})
   616  
   617  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = true })
   618  
   619  	t.Run("PrivateChannel", func(t *testing.T) {
   620  		privateChannel := th.CreatePrivateChannel()
   621  		Client.Logout()
   622  		th.LoginBasic()
   623  		createdHook.ChannelId = privateChannel.Id
   624  
   625  		_, resp := Client.UpdateIncomingWebhook(createdHook)
   626  		CheckForbiddenStatus(t, resp)
   627  	})
   628  
   629  	t.Run("UpdateToNonExistentChannel", func(t *testing.T) {
   630  		createdHook.ChannelId = "junk"
   631  		_, resp := th.SystemAdminClient.UpdateIncomingWebhook(createdHook)
   632  		CheckNotFoundStatus(t, resp)
   633  	})
   634  
   635  	team := th.CreateTeamWithClient(Client)
   636  	user := th.CreateUserWithClient(Client)
   637  	th.LinkUserToTeam(user, team)
   638  	Client.Logout()
   639  	Client.Login(user.Id, user.Password)
   640  	t.Run("UpdateToADifferentTeam", func(t *testing.T) {
   641  		_, resp := Client.UpdateIncomingWebhook(createdHook)
   642  		CheckUnauthorizedStatus(t, resp)
   643  	})
   644  }
   645  
   646  func TestRegenOutgoingHookToken(t *testing.T) {
   647  	th := Setup().InitBasic().InitSystemAdmin()
   648  	defer th.TearDown()
   649  	Client := th.Client
   650  
   651  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOutgoingWebhooks = true })
   652  
   653  	hook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId, CallbackURLs: []string{"http://nowhere.com"}}
   654  	rhook, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook)
   655  	CheckNoError(t, resp)
   656  
   657  	_, resp = th.SystemAdminClient.RegenOutgoingHookToken("junk")
   658  	CheckBadRequestStatus(t, resp)
   659  
   660  	//investigate why is act weird on jenkins
   661  	// _, resp = th.SystemAdminClient.RegenOutgoingHookToken("")
   662  	// CheckNotFoundStatus(t, resp)
   663  
   664  	regenHookToken, resp := th.SystemAdminClient.RegenOutgoingHookToken(rhook.Id)
   665  	CheckNoError(t, resp)
   666  	if regenHookToken.Token == rhook.Token {
   667  		t.Fatal("regen didn't work properly")
   668  	}
   669  
   670  	_, resp = Client.RegenOutgoingHookToken(rhook.Id)
   671  	CheckForbiddenStatus(t, resp)
   672  
   673  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOutgoingWebhooks = false })
   674  	_, resp = th.SystemAdminClient.RegenOutgoingHookToken(rhook.Id)
   675  	CheckNotImplementedStatus(t, resp)
   676  }
   677  
   678  func TestUpdateOutgoingHook(t *testing.T) {
   679  	th := Setup().InitBasic().InitSystemAdmin()
   680  	defer th.TearDown()
   681  	Client := th.Client
   682  
   683  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOutgoingWebhooks = true })
   684  	defaultRolePermissions := th.SaveDefaultRolePermissions()
   685  	defer func() {
   686  		th.RestoreDefaultRolePermissions(defaultRolePermissions)
   687  	}()
   688  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   689  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   690  
   691  	createdHook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
   692  		CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"cats"}}
   693  
   694  	createdHook, resp := th.SystemAdminClient.CreateOutgoingWebhook(createdHook)
   695  	CheckNoError(t, resp)
   696  
   697  	t.Run("UpdateOutgoingWebhook", func(t *testing.T) {
   698  		createdHook.DisplayName = "Cats"
   699  		createdHook.Description = "Get me some cats"
   700  
   701  		updatedHook, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   702  		CheckNoError(t, resp)
   703  		if updatedHook.DisplayName != "Cats" {
   704  			t.Fatal("did not update")
   705  		}
   706  		if updatedHook.Description != "Get me some cats" {
   707  			t.Fatal("did not update")
   708  		}
   709  	})
   710  
   711  	t.Run("OutgoingHooksDisabled", func(t *testing.T) {
   712  		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOutgoingWebhooks = false })
   713  		_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   714  		CheckNotImplementedStatus(t, resp)
   715  	})
   716  
   717  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOutgoingWebhooks = true })
   718  	t.Run("RetainCreateAt", func(t *testing.T) {
   719  		hook2 := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
   720  			CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"rats"}}
   721  
   722  		createdHook2, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook2)
   723  		CheckNoError(t, resp)
   724  		createdHook2.DisplayName = "Name2"
   725  
   726  		updatedHook2, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook2)
   727  		CheckNoError(t, resp)
   728  
   729  		if updatedHook2.CreateAt != createdHook2.CreateAt {
   730  			t.Fatal("failed - hook create at should not be changed")
   731  		}
   732  	})
   733  
   734  	t.Run("ModifyUpdateAt", func(t *testing.T) {
   735  		createdHook.DisplayName = "Name3"
   736  
   737  		updatedHook2, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   738  		CheckNoError(t, resp)
   739  
   740  		if updatedHook2.UpdateAt == createdHook.UpdateAt {
   741  			t.Fatal("failed - hook updateAt is not updated")
   742  		}
   743  	})
   744  
   745  	t.Run("UpdateNonExistentHook", func(t *testing.T) {
   746  		nonExistentHook := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
   747  			CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"rats"}}
   748  
   749  		_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(nonExistentHook)
   750  		CheckNotFoundStatus(t, resp)
   751  
   752  		nonExistentHook.Id = model.NewId()
   753  		_, resp = th.SystemAdminClient.UpdateOutgoingWebhook(nonExistentHook)
   754  		CheckInternalErrorStatus(t, resp)
   755  	})
   756  
   757  	t.Run("UserIsNotAdminOfTeam", func(t *testing.T) {
   758  		_, resp := Client.UpdateOutgoingWebhook(createdHook)
   759  		CheckForbiddenStatus(t, resp)
   760  	})
   761  
   762  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   763  	hook2 := &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
   764  		CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"rats2"}}
   765  
   766  	createdHook2, resp := th.SystemAdminClient.CreateOutgoingWebhook(hook2)
   767  	CheckNoError(t, resp)
   768  
   769  	_, resp = Client.UpdateOutgoingWebhook(createdHook2)
   770  	CheckForbiddenStatus(t, resp)
   771  
   772  	th.RemovePermissionFromRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_USER_ROLE_ID)
   773  	th.AddPermissionToRole(model.PERMISSION_MANAGE_WEBHOOKS.Id, model.TEAM_ADMIN_ROLE_ID)
   774  
   775  	Client.Logout()
   776  	th.UpdateUserToTeamAdmin(th.BasicUser2, th.BasicTeam)
   777  	th.LoginBasic2()
   778  	t.Run("RetainHookCreator", func(t *testing.T) {
   779  		createdHook.DisplayName = "Basic user 2"
   780  		updatedHook, resp := Client.UpdateOutgoingWebhook(createdHook)
   781  		CheckNoError(t, resp)
   782  		if updatedHook.DisplayName != "Basic user 2" {
   783  			t.Fatal("should apply the change")
   784  		}
   785  		if updatedHook.CreatorId != th.SystemAdminUser.Id {
   786  			t.Fatal("hook creator should not be changed")
   787  		}
   788  	})
   789  
   790  	t.Run("UpdateToExistingTriggerWordAndCallback", func(t *testing.T) {
   791  		t.Run("OnSameChannel", func(t *testing.T) {
   792  			createdHook.TriggerWords = []string{"rats"}
   793  
   794  			_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   795  			CheckBadRequestStatus(t, resp)
   796  		})
   797  
   798  		t.Run("OnDifferentChannel", func(t *testing.T) {
   799  			createdHook.TriggerWords = []string{"cats"}
   800  			createdHook.ChannelId = th.BasicChannel2.Id
   801  
   802  			_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   803  			CheckNoError(t, resp)
   804  		})
   805  	})
   806  
   807  	t.Run("UpdateToNonExistentChannel", func(t *testing.T) {
   808  		createdHook.ChannelId = "junk"
   809  
   810  		_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   811  		CheckNotFoundStatus(t, resp)
   812  	})
   813  
   814  	t.Run("UpdateToPrivateChannel", func(t *testing.T) {
   815  		privateChannel := th.CreatePrivateChannel()
   816  		createdHook.ChannelId = privateChannel.Id
   817  
   818  		_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   819  		CheckForbiddenStatus(t, resp)
   820  	})
   821  
   822  	t.Run("UpdateToBlankTriggerWordAndChannel", func(t *testing.T) {
   823  		createdHook.ChannelId = ""
   824  		createdHook.TriggerWords = nil
   825  
   826  		_, resp := th.SystemAdminClient.UpdateOutgoingWebhook(createdHook)
   827  		CheckInternalErrorStatus(t, resp)
   828  	})
   829  
   830  	team := th.CreateTeamWithClient(Client)
   831  	user := th.CreateUserWithClient(Client)
   832  	th.LinkUserToTeam(user, team)
   833  	Client.Logout()
   834  	Client.Login(user.Id, user.Password)
   835  	t.Run("UpdateToADifferentTeam", func(t *testing.T) {
   836  		_, resp := Client.UpdateOutgoingWebhook(createdHook)
   837  		CheckUnauthorizedStatus(t, resp)
   838  	})
   839  }
   840  
   841  func TestDeleteOutgoingHook(t *testing.T) {
   842  	th := Setup().InitBasic().InitSystemAdmin()
   843  	defer th.TearDown()
   844  	Client := th.SystemAdminClient
   845  
   846  	th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableIncomingWebhooks = true })
   847  
   848  	var resp *model.Response
   849  	var rhook *model.OutgoingWebhook
   850  	var hook *model.OutgoingWebhook
   851  	var status bool
   852  
   853  	t.Run("WhenInvalidHookID", func(t *testing.T) {
   854  		status, resp = Client.DeleteOutgoingWebhook("abc")
   855  		CheckBadRequestStatus(t, resp)
   856  	})
   857  
   858  	t.Run("WhenHookDoesNotExist", func(t *testing.T) {
   859  		status, resp = Client.DeleteOutgoingWebhook(model.NewId())
   860  		CheckInternalErrorStatus(t, resp)
   861  	})
   862  
   863  	t.Run("WhenHookExists", func(t *testing.T) {
   864  		hook = &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
   865  			CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"cats"}}
   866  		rhook, resp = Client.CreateOutgoingWebhook(hook)
   867  		CheckNoError(t, resp)
   868  
   869  		if status, resp = Client.DeleteOutgoingWebhook(rhook.Id); !status {
   870  			t.Fatal("Delete should have succeeded")
   871  		} else {
   872  			CheckOKStatus(t, resp)
   873  		}
   874  
   875  		// Get now should not return this deleted hook
   876  		_, resp = Client.GetIncomingWebhook(rhook.Id, "")
   877  		CheckNotFoundStatus(t, resp)
   878  	})
   879  
   880  	t.Run("WhenUserDoesNotHavePemissions", func(t *testing.T) {
   881  		hook = &model.OutgoingWebhook{ChannelId: th.BasicChannel.Id, TeamId: th.BasicChannel.TeamId,
   882  			CallbackURLs: []string{"http://nowhere.com"}, TriggerWords: []string{"dogs"}}
   883  		rhook, resp = Client.CreateOutgoingWebhook(hook)
   884  		CheckNoError(t, resp)
   885  
   886  		th.LoginBasic()
   887  		Client = th.Client
   888  
   889  		_, resp = Client.DeleteOutgoingWebhook(rhook.Id)
   890  		CheckForbiddenStatus(t, resp)
   891  	})
   892  }