github.com/vnforks/kid@v5.11.1+incompatible/api4/team_test.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "encoding/binary" 8 "fmt" 9 "net/http" 10 "strconv" 11 "strings" 12 "testing" 13 14 "encoding/base64" 15 16 "github.com/mattermost/mattermost-server/app" 17 "github.com/mattermost/mattermost-server/model" 18 "github.com/mattermost/mattermost-server/services/mailservice" 19 "github.com/mattermost/mattermost-server/utils" 20 "github.com/mattermost/mattermost-server/utils/testutils" 21 "github.com/stretchr/testify/assert" 22 "github.com/stretchr/testify/require" 23 ) 24 25 func TestCreateTeam(t *testing.T) { 26 th := Setup().InitBasic() 27 defer th.TearDown() 28 Client := th.Client 29 30 team := &model.Team{Name: GenerateTestUsername(), DisplayName: "Some Team", Type: model.TEAM_OPEN} 31 rteam, resp := Client.CreateTeam(team) 32 CheckNoError(t, resp) 33 CheckCreatedStatus(t, resp) 34 35 if rteam.Name != team.Name { 36 t.Fatal("names did not match") 37 } 38 39 if rteam.DisplayName != team.DisplayName { 40 t.Fatal("display names did not match") 41 } 42 43 if rteam.Type != team.Type { 44 t.Fatal("types did not match") 45 } 46 47 _, resp = Client.CreateTeam(rteam) 48 CheckBadRequestStatus(t, resp) 49 50 rteam.Id = "" 51 _, resp = Client.CreateTeam(rteam) 52 CheckErrorMessage(t, resp, "store.sql_team.save.domain_exists.app_error") 53 CheckBadRequestStatus(t, resp) 54 55 rteam.Name = "" 56 _, resp = Client.CreateTeam(rteam) 57 CheckErrorMessage(t, resp, "model.team.is_valid.characters.app_error") 58 CheckBadRequestStatus(t, resp) 59 60 if r, err := Client.DoApiPost("/teams", "garbage"); err == nil { 61 t.Fatal("should have errored") 62 } else { 63 if r.StatusCode != http.StatusBadRequest { 64 t.Log("actual: " + strconv.Itoa(r.StatusCode)) 65 t.Log("expected: " + strconv.Itoa(http.StatusBadRequest)) 66 t.Fatal("wrong status code") 67 } 68 } 69 70 Client.Logout() 71 72 _, resp = Client.CreateTeam(rteam) 73 CheckUnauthorizedStatus(t, resp) 74 75 // Check the appropriate permissions are enforced. 76 defaultRolePermissions := th.SaveDefaultRolePermissions() 77 defer func() { 78 th.RestoreDefaultRolePermissions(defaultRolePermissions) 79 }() 80 81 th.RemovePermissionFromRole(model.PERMISSION_CREATE_TEAM.Id, model.SYSTEM_USER_ROLE_ID) 82 th.AddPermissionToRole(model.PERMISSION_CREATE_TEAM.Id, model.SYSTEM_ADMIN_ROLE_ID) 83 84 th.LoginBasic() 85 _, resp = Client.CreateTeam(team) 86 CheckForbiddenStatus(t, resp) 87 } 88 89 func TestCreateTeamSanitization(t *testing.T) { 90 th := Setup().InitBasic() 91 defer th.TearDown() 92 93 // Non-admin users can create a team, but they become a team admin by doing so 94 95 t.Run("team admin", func(t *testing.T) { 96 team := &model.Team{ 97 DisplayName: t.Name() + "_1", 98 Name: GenerateTestTeamName(), 99 Email: th.GenerateTestEmail(), 100 Type: model.TEAM_OPEN, 101 AllowedDomains: "simulator.amazonses.com,dockerhost", 102 } 103 104 rteam, resp := th.Client.CreateTeam(team) 105 CheckNoError(t, resp) 106 if rteam.Email == "" { 107 t.Fatal("should not have sanitized email") 108 } 109 }) 110 111 t.Run("system admin", func(t *testing.T) { 112 team := &model.Team{ 113 DisplayName: t.Name() + "_2", 114 Name: GenerateTestTeamName(), 115 Email: th.GenerateTestEmail(), 116 Type: model.TEAM_OPEN, 117 AllowedDomains: "simulator.amazonses.com,dockerhost", 118 } 119 120 rteam, resp := th.SystemAdminClient.CreateTeam(team) 121 CheckNoError(t, resp) 122 if rteam.Email == "" { 123 t.Fatal("should not have sanitized email") 124 } 125 }) 126 } 127 128 func TestGetTeam(t *testing.T) { 129 th := Setup().InitBasic() 130 defer th.TearDown() 131 Client := th.Client 132 team := th.BasicTeam 133 134 rteam, resp := Client.GetTeam(team.Id, "") 135 CheckNoError(t, resp) 136 137 if rteam.Id != team.Id { 138 t.Fatal("wrong team") 139 } 140 141 _, resp = Client.GetTeam("junk", "") 142 CheckBadRequestStatus(t, resp) 143 144 _, resp = Client.GetTeam("", "") 145 CheckNotFoundStatus(t, resp) 146 147 _, resp = Client.GetTeam(model.NewId(), "") 148 CheckNotFoundStatus(t, resp) 149 150 th.LoginTeamAdmin() 151 152 team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: false} 153 rteam2, _ := Client.CreateTeam(team2) 154 155 team3 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE, AllowOpenInvite: true} 156 rteam3, _ := Client.CreateTeam(team3) 157 158 th.LoginBasic() 159 // AllowInviteOpen is false and team is open, and user is not on team 160 _, resp = Client.GetTeam(rteam2.Id, "") 161 CheckForbiddenStatus(t, resp) 162 163 // AllowInviteOpen is true and team is invite, and user is not on team 164 _, resp = Client.GetTeam(rteam3.Id, "") 165 CheckForbiddenStatus(t, resp) 166 167 Client.Logout() 168 _, resp = Client.GetTeam(team.Id, "") 169 CheckUnauthorizedStatus(t, resp) 170 171 _, resp = th.SystemAdminClient.GetTeam(rteam2.Id, "") 172 CheckNoError(t, resp) 173 } 174 175 func TestGetTeamSanitization(t *testing.T) { 176 th := Setup().InitBasic() 177 defer th.TearDown() 178 179 team, resp := th.Client.CreateTeam(&model.Team{ 180 DisplayName: t.Name() + "_1", 181 Name: GenerateTestTeamName(), 182 Email: th.GenerateTestEmail(), 183 Type: model.TEAM_OPEN, 184 AllowedDomains: "simulator.amazonses.com,dockerhost", 185 }) 186 CheckNoError(t, resp) 187 188 t.Run("team user", func(t *testing.T) { 189 th.LinkUserToTeam(th.BasicUser2, team) 190 191 client := th.CreateClient() 192 th.LoginBasic2WithClient(client) 193 194 rteam, resp := client.GetTeam(team.Id, "") 195 CheckNoError(t, resp) 196 if rteam.Email != "" { 197 t.Fatal("should've sanitized email") 198 } 199 }) 200 201 t.Run("team admin", func(t *testing.T) { 202 rteam, resp := th.Client.GetTeam(team.Id, "") 203 CheckNoError(t, resp) 204 if rteam.Email == "" { 205 t.Fatal("should not have sanitized email") 206 } 207 }) 208 209 t.Run("system admin", func(t *testing.T) { 210 rteam, resp := th.SystemAdminClient.GetTeam(team.Id, "") 211 CheckNoError(t, resp) 212 if rteam.Email == "" { 213 t.Fatal("should not have sanitized email") 214 } 215 }) 216 } 217 218 func TestGetTeamUnread(t *testing.T) { 219 th := Setup().InitBasic() 220 defer th.TearDown() 221 Client := th.Client 222 223 teamUnread, resp := Client.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id) 224 CheckNoError(t, resp) 225 if teamUnread.TeamId != th.BasicTeam.Id { 226 t.Fatal("wrong team id returned for regular user call") 227 } 228 229 _, resp = Client.GetTeamUnread("junk", th.BasicUser.Id) 230 CheckBadRequestStatus(t, resp) 231 232 _, resp = Client.GetTeamUnread(th.BasicTeam.Id, "junk") 233 CheckBadRequestStatus(t, resp) 234 235 _, resp = Client.GetTeamUnread(model.NewId(), th.BasicUser.Id) 236 CheckForbiddenStatus(t, resp) 237 238 _, resp = Client.GetTeamUnread(th.BasicTeam.Id, model.NewId()) 239 CheckForbiddenStatus(t, resp) 240 241 Client.Logout() 242 _, resp = Client.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id) 243 CheckUnauthorizedStatus(t, resp) 244 245 teamUnread, resp = th.SystemAdminClient.GetTeamUnread(th.BasicTeam.Id, th.BasicUser.Id) 246 CheckNoError(t, resp) 247 if teamUnread.TeamId != th.BasicTeam.Id { 248 t.Fatal("wrong team id returned") 249 } 250 } 251 252 func TestUpdateTeam(t *testing.T) { 253 th := Setup().InitBasic() 254 defer th.TearDown() 255 Client := th.Client 256 257 team := &model.Team{DisplayName: "Name", Description: "Some description", AllowOpenInvite: false, InviteId: "inviteid0", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN} 258 team, _ = Client.CreateTeam(team) 259 260 team.Description = "updated description" 261 uteam, resp := Client.UpdateTeam(team) 262 CheckNoError(t, resp) 263 264 if uteam.Description != "updated description" { 265 t.Fatal("Update failed") 266 } 267 268 team.DisplayName = "Updated Name" 269 uteam, resp = Client.UpdateTeam(team) 270 CheckNoError(t, resp) 271 272 if uteam.DisplayName != "Updated Name" { 273 t.Fatal("Update failed") 274 } 275 276 team.AllowOpenInvite = true 277 uteam, resp = Client.UpdateTeam(team) 278 CheckNoError(t, resp) 279 280 if !uteam.AllowOpenInvite { 281 t.Fatal("Update failed") 282 } 283 284 team.InviteId = "inviteid1" 285 uteam, resp = Client.UpdateTeam(team) 286 CheckNoError(t, resp) 287 288 if uteam.InviteId == "inviteid1" { 289 t.Fatal("InviteID should not be updated") 290 } 291 292 team.AllowedDomains = "domain" 293 uteam, resp = Client.UpdateTeam(team) 294 CheckNoError(t, resp) 295 296 if uteam.AllowedDomains != "domain" { 297 t.Fatal("Update failed") 298 } 299 300 team.Name = "Updated name" 301 uteam, resp = Client.UpdateTeam(team) 302 CheckNoError(t, resp) 303 304 if uteam.Name == "Updated name" { 305 t.Fatal("Should not update name") 306 } 307 308 team.Email = "test@domain.com" 309 uteam, resp = Client.UpdateTeam(team) 310 CheckNoError(t, resp) 311 312 if uteam.Email == "test@domain.com" { 313 t.Fatal("Should not update email") 314 } 315 316 team.Type = model.TEAM_INVITE 317 uteam, resp = Client.UpdateTeam(team) 318 CheckNoError(t, resp) 319 320 if uteam.Type == model.TEAM_INVITE { 321 t.Fatal("Should not update type") 322 } 323 324 originalTeamId := team.Id 325 team.Id = model.NewId() 326 327 r, _ := Client.DoApiPut(Client.GetTeamRoute(originalTeamId), team.ToJson()) 328 assert.Equal(t, http.StatusBadRequest, r.StatusCode) 329 330 if uteam.Id != originalTeamId { 331 t.Fatal("wrong team id") 332 } 333 334 team.Id = "fake" 335 _, resp = Client.UpdateTeam(team) 336 CheckBadRequestStatus(t, resp) 337 338 Client.Logout() 339 _, resp = Client.UpdateTeam(team) 340 CheckUnauthorizedStatus(t, resp) 341 342 team.Id = originalTeamId 343 _, resp = th.SystemAdminClient.UpdateTeam(team) 344 CheckNoError(t, resp) 345 } 346 347 func TestUpdateTeamSanitization(t *testing.T) { 348 th := Setup().InitBasic() 349 defer th.TearDown() 350 351 team, resp := th.Client.CreateTeam(&model.Team{ 352 DisplayName: t.Name() + "_1", 353 Name: GenerateTestTeamName(), 354 Email: th.GenerateTestEmail(), 355 Type: model.TEAM_OPEN, 356 AllowedDomains: "simulator.amazonses.com,dockerhost", 357 }) 358 CheckNoError(t, resp) 359 360 // Non-admin users cannot update the team 361 362 t.Run("team admin", func(t *testing.T) { 363 rteam, resp := th.Client.UpdateTeam(team) 364 CheckNoError(t, resp) 365 if rteam.Email == "" { 366 t.Fatal("should not have sanitized email for admin") 367 } 368 }) 369 370 t.Run("system admin", func(t *testing.T) { 371 rteam, resp := th.SystemAdminClient.UpdateTeam(team) 372 CheckNoError(t, resp) 373 if rteam.Email == "" { 374 t.Fatal("should not have sanitized email for admin") 375 } 376 }) 377 } 378 379 func TestPatchTeam(t *testing.T) { 380 th := Setup().InitBasic() 381 defer th.TearDown() 382 Client := th.Client 383 384 team := &model.Team{DisplayName: "Name", Description: "Some description", CompanyName: "Some company name", AllowOpenInvite: false, InviteId: "inviteid0", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN} 385 team, _ = Client.CreateTeam(team) 386 387 patch := &model.TeamPatch{} 388 389 patch.DisplayName = model.NewString("Other name") 390 patch.Description = model.NewString("Other description") 391 patch.CompanyName = model.NewString("Other company name") 392 patch.AllowOpenInvite = model.NewBool(true) 393 394 rteam, resp := Client.PatchTeam(team.Id, patch) 395 CheckNoError(t, resp) 396 397 if rteam.DisplayName != "Other name" { 398 t.Fatal("DisplayName did not update properly") 399 } 400 if rteam.Description != "Other description" { 401 t.Fatal("Description did not update properly") 402 } 403 if rteam.CompanyName != "Other company name" { 404 t.Fatal("CompanyName did not update properly") 405 } 406 if rteam.InviteId == "inviteid1" { 407 t.Fatal("InviteId should not update") 408 } 409 if !rteam.AllowOpenInvite { 410 t.Fatal("AllowOpenInvite did not update properly") 411 } 412 413 _, resp = Client.PatchTeam("junk", patch) 414 CheckBadRequestStatus(t, resp) 415 416 _, resp = Client.PatchTeam(GenerateTestId(), patch) 417 CheckForbiddenStatus(t, resp) 418 419 if r, err := Client.DoApiPut("/teams/"+team.Id+"/patch", "garbage"); err == nil { 420 t.Fatal("should have errored") 421 } else { 422 if r.StatusCode != http.StatusBadRequest { 423 t.Log("actual: " + strconv.Itoa(r.StatusCode)) 424 t.Log("expected: " + strconv.Itoa(http.StatusBadRequest)) 425 t.Fatal("wrong status code") 426 } 427 } 428 429 Client.Logout() 430 _, resp = Client.PatchTeam(team.Id, patch) 431 CheckUnauthorizedStatus(t, resp) 432 433 th.LoginBasic2() 434 _, resp = Client.PatchTeam(team.Id, patch) 435 CheckForbiddenStatus(t, resp) 436 437 _, resp = th.SystemAdminClient.PatchTeam(team.Id, patch) 438 CheckNoError(t, resp) 439 } 440 441 func TestPatchTeamSanitization(t *testing.T) { 442 th := Setup().InitBasic() 443 defer th.TearDown() 444 445 team, resp := th.Client.CreateTeam(&model.Team{ 446 DisplayName: t.Name() + "_1", 447 Name: GenerateTestTeamName(), 448 Email: th.GenerateTestEmail(), 449 Type: model.TEAM_OPEN, 450 AllowedDomains: "simulator.amazonses.com,dockerhost", 451 }) 452 CheckNoError(t, resp) 453 454 // Non-admin users cannot update the team 455 456 t.Run("team admin", func(t *testing.T) { 457 rteam, resp := th.Client.PatchTeam(team.Id, &model.TeamPatch{}) 458 CheckNoError(t, resp) 459 if rteam.Email == "" { 460 t.Fatal("should not have sanitized email for admin") 461 } 462 }) 463 464 t.Run("system admin", func(t *testing.T) { 465 rteam, resp := th.SystemAdminClient.PatchTeam(team.Id, &model.TeamPatch{}) 466 CheckNoError(t, resp) 467 if rteam.Email == "" { 468 t.Fatal("should not have sanitized email for admin") 469 } 470 }) 471 } 472 473 func TestRegenerateTeamInviteId(t *testing.T) { 474 th := Setup().InitBasic() 475 defer th.TearDown() 476 Client := th.Client 477 478 team := &model.Team{DisplayName: "Name", Description: "Some description", CompanyName: "Some company name", AllowOpenInvite: false, InviteId: "inviteid0", Name: "z-z-" + model.NewId() + "a", Email: "success+" + model.NewId() + "@simulator.amazonses.com", Type: model.TEAM_OPEN} 479 team, _ = Client.CreateTeam(team) 480 481 assert.NotEqual(t, team.InviteId, "") 482 assert.NotEqual(t, team.InviteId, "inviteid0") 483 484 rteam, resp := Client.RegenerateTeamInviteId(team.Id) 485 CheckNoError(t, resp) 486 487 assert.NotEqual(t, team.InviteId, rteam.InviteId) 488 assert.NotEqual(t, team.InviteId, "") 489 } 490 491 func TestSoftDeleteTeam(t *testing.T) { 492 th := Setup().InitBasic() 493 defer th.TearDown() 494 Client := th.Client 495 496 team := &model.Team{DisplayName: "DisplayName", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN} 497 team, _ = Client.CreateTeam(team) 498 499 ok, resp := Client.SoftDeleteTeam(team.Id) 500 CheckNoError(t, resp) 501 502 if !ok { 503 t.Fatal("should have returned true") 504 } 505 506 rteam, err := th.App.GetTeam(team.Id) 507 if err != nil { 508 t.Fatal("should have returned archived team") 509 } 510 if rteam.DeleteAt == 0 { 511 t.Fatal("should have not set to zero") 512 } 513 514 ok, resp = Client.SoftDeleteTeam("junk") 515 CheckBadRequestStatus(t, resp) 516 517 if ok { 518 t.Fatal("should have returned false") 519 } 520 521 otherTeam := th.BasicTeam 522 _, resp = Client.SoftDeleteTeam(otherTeam.Id) 523 CheckForbiddenStatus(t, resp) 524 525 Client.Logout() 526 _, resp = Client.SoftDeleteTeam(otherTeam.Id) 527 CheckUnauthorizedStatus(t, resp) 528 529 _, resp = th.SystemAdminClient.SoftDeleteTeam(otherTeam.Id) 530 CheckNoError(t, resp) 531 } 532 533 func TestPermanentDeleteTeam(t *testing.T) { 534 th := Setup().InitBasic() 535 defer th.TearDown() 536 Client := th.Client 537 538 team := &model.Team{DisplayName: "DisplayName", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN} 539 team, _ = Client.CreateTeam(team) 540 541 enableAPITeamDeletion := *th.App.Config().ServiceSettings.EnableAPITeamDeletion 542 defer func() { 543 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableAPITeamDeletion = &enableAPITeamDeletion }) 544 }() 545 546 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableAPITeamDeletion = false }) 547 548 // Does not error when deletion is disabled, just soft deletes 549 ok, resp := Client.PermanentDeleteTeam(team.Id) 550 CheckNoError(t, resp) 551 assert.True(t, ok) 552 553 rteam, err := th.App.GetTeam(team.Id) 554 assert.Nil(t, err) 555 assert.True(t, rteam.DeleteAt > 0) 556 557 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableAPITeamDeletion = true }) 558 559 ok, resp = Client.PermanentDeleteTeam(team.Id) 560 CheckNoError(t, resp) 561 assert.True(t, ok) 562 563 _, err = th.App.GetTeam(team.Id) 564 assert.NotNil(t, err) 565 566 ok, resp = Client.PermanentDeleteTeam("junk") 567 CheckBadRequestStatus(t, resp) 568 569 if ok { 570 t.Fatal("should have returned false") 571 } 572 } 573 574 func TestGetAllTeams(t *testing.T) { 575 th := Setup().InitBasic() 576 defer th.TearDown() 577 Client := th.Client 578 579 team1 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: true} 580 team1, resp := Client.CreateTeam(team1) 581 CheckNoError(t, resp) 582 583 team2 := &model.Team{DisplayName: "Name2", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: true} 584 team2, resp = Client.CreateTeam(team2) 585 CheckNoError(t, resp) 586 587 team3 := &model.Team{DisplayName: "Name3", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: false} 588 team3, resp = Client.CreateTeam(team3) 589 CheckNoError(t, resp) 590 591 testCases := []struct { 592 Name string 593 Page int 594 PerPage int 595 Permissions []string 596 ExpectedTeams []string 597 }{ 598 { 599 Name: "Get 1 team per page", 600 Page: 0, 601 PerPage: 1, 602 Permissions: []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id}, 603 ExpectedTeams: []string{team1.Id}, 604 }, 605 { 606 Name: "Get second page with 1 team per page", 607 Page: 1, 608 PerPage: 1, 609 Permissions: []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id}, 610 ExpectedTeams: []string{team2.Id}, 611 }, 612 { 613 Name: "Get no items per page", 614 Page: 1, 615 PerPage: 0, 616 Permissions: []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id}, 617 ExpectedTeams: []string{}, 618 }, 619 { 620 Name: "Get all open teams", 621 Page: 0, 622 PerPage: 10, 623 Permissions: []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id}, 624 ExpectedTeams: []string{team1.Id, team2.Id}, 625 }, 626 { 627 Name: "Get all private teams", 628 Page: 0, 629 PerPage: 10, 630 Permissions: []string{model.PERMISSION_LIST_PRIVATE_TEAMS.Id}, 631 ExpectedTeams: []string{th.BasicTeam.Id, team3.Id}, 632 }, 633 { 634 Name: "Get all teams", 635 Page: 0, 636 PerPage: 10, 637 Permissions: []string{model.PERMISSION_LIST_PUBLIC_TEAMS.Id, model.PERMISSION_LIST_PRIVATE_TEAMS.Id}, 638 ExpectedTeams: []string{th.BasicTeam.Id, team1.Id, team2.Id, team3.Id}, 639 }, 640 { 641 Name: "Get no teams because permissions", 642 Page: 0, 643 PerPage: 10, 644 Permissions: []string{}, 645 ExpectedTeams: []string{}, 646 }, 647 } 648 649 for _, tc := range testCases { 650 t.Run(tc.Name, func(t *testing.T) { 651 defaultRolePermissions := th.SaveDefaultRolePermissions() 652 defer func() { 653 th.RestoreDefaultRolePermissions(defaultRolePermissions) 654 }() 655 th.RemovePermissionFromRole(model.PERMISSION_LIST_PUBLIC_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 656 th.RemovePermissionFromRole(model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 657 th.RemovePermissionFromRole(model.PERMISSION_LIST_PRIVATE_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 658 th.RemovePermissionFromRole(model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 659 for _, permission := range tc.Permissions { 660 th.AddPermissionToRole(permission, model.SYSTEM_USER_ROLE_ID) 661 } 662 663 var teams []*model.Team 664 teams, resp = Client.GetAllTeams("", tc.Page, tc.PerPage) 665 CheckNoError(t, resp) 666 require.Equal(t, len(tc.ExpectedTeams), len(teams)) 667 for idx, team := range teams { 668 assert.Equal(t, tc.ExpectedTeams[idx], team.Id) 669 } 670 }) 671 } 672 673 t.Run("Unauthorized", func(t *testing.T) { 674 Client.Logout() 675 _, resp = Client.GetAllTeams("", 1, 10) 676 CheckUnauthorizedStatus(t, resp) 677 }) 678 } 679 680 func TestGetAllTeamsSanitization(t *testing.T) { 681 th := Setup().InitBasic() 682 defer th.TearDown() 683 684 team, resp := th.Client.CreateTeam(&model.Team{ 685 DisplayName: t.Name() + "_1", 686 Name: GenerateTestTeamName(), 687 Email: th.GenerateTestEmail(), 688 Type: model.TEAM_OPEN, 689 AllowedDomains: "simulator.amazonses.com,dockerhost", 690 AllowOpenInvite: true, 691 }) 692 CheckNoError(t, resp) 693 team2, resp := th.SystemAdminClient.CreateTeam(&model.Team{ 694 DisplayName: t.Name() + "_2", 695 Name: GenerateTestTeamName(), 696 Email: th.GenerateTestEmail(), 697 Type: model.TEAM_OPEN, 698 AllowedDomains: "simulator.amazonses.com,dockerhost", 699 AllowOpenInvite: true, 700 }) 701 CheckNoError(t, resp) 702 703 // This may not work if the server has over 1000 open teams on it 704 705 t.Run("team admin/non-admin", func(t *testing.T) { 706 teamFound := false 707 team2Found := false 708 709 rteams, resp := th.Client.GetAllTeams("", 0, 1000) 710 CheckNoError(t, resp) 711 for _, rteam := range rteams { 712 if rteam.Id == team.Id { 713 teamFound = true 714 if rteam.Email == "" { 715 t.Fatal("should not have sanitized email for team admin") 716 } 717 } else if rteam.Id == team2.Id { 718 team2Found = true 719 if rteam.Email != "" { 720 t.Fatal("should've sanitized email for non-admin") 721 } 722 } 723 } 724 725 if !teamFound || !team2Found { 726 t.Fatal("wasn't returned the expected teams so the test wasn't run correctly") 727 } 728 }) 729 730 t.Run("system admin", func(t *testing.T) { 731 rteams, resp := th.SystemAdminClient.GetAllTeams("", 0, 1000) 732 CheckNoError(t, resp) 733 for _, rteam := range rteams { 734 if rteam.Id != team.Id && rteam.Id != team2.Id { 735 continue 736 } 737 738 if rteam.Email == "" { 739 t.Fatal("should not have sanitized email") 740 } 741 } 742 }) 743 } 744 745 func TestGetTeamByName(t *testing.T) { 746 th := Setup().InitBasic() 747 defer th.TearDown() 748 Client := th.Client 749 team := th.BasicTeam 750 751 rteam, resp := Client.GetTeamByName(team.Name, "") 752 CheckNoError(t, resp) 753 754 if rteam.Name != team.Name { 755 t.Fatal("wrong team") 756 } 757 758 _, resp = Client.GetTeamByName("junk", "") 759 CheckNotFoundStatus(t, resp) 760 761 _, resp = Client.GetTeamByName("", "") 762 CheckNotFoundStatus(t, resp) 763 764 _, resp = th.SystemAdminClient.GetTeamByName(strings.ToUpper(team.Name), "") 765 CheckNoError(t, resp) 766 767 Client.Logout() 768 _, resp = Client.GetTeamByName(team.Name, "") 769 CheckUnauthorizedStatus(t, resp) 770 771 _, resp = th.SystemAdminClient.GetTeamByName(team.Name, "") 772 CheckNoError(t, resp) 773 774 th.LoginTeamAdmin() 775 776 team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_OPEN, AllowOpenInvite: false} 777 rteam2, _ := Client.CreateTeam(team2) 778 779 team3 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE, AllowOpenInvite: true} 780 rteam3, _ := Client.CreateTeam(team3) 781 782 th.LoginBasic() 783 // AllowInviteOpen is false and team is open, and user is not on team 784 _, resp = Client.GetTeamByName(rteam2.Name, "") 785 CheckForbiddenStatus(t, resp) 786 787 // AllowInviteOpen is true and team is invite only, and user is not on team 788 _, resp = Client.GetTeamByName(rteam3.Name, "") 789 CheckForbiddenStatus(t, resp) 790 } 791 792 func TestGetTeamByNameSanitization(t *testing.T) { 793 th := Setup().InitBasic() 794 defer th.TearDown() 795 796 team, resp := th.Client.CreateTeam(&model.Team{ 797 DisplayName: t.Name() + "_1", 798 Name: GenerateTestTeamName(), 799 Email: th.GenerateTestEmail(), 800 Type: model.TEAM_OPEN, 801 AllowedDomains: "simulator.amazonses.com,dockerhost", 802 }) 803 CheckNoError(t, resp) 804 805 t.Run("team user", func(t *testing.T) { 806 th.LinkUserToTeam(th.BasicUser2, team) 807 808 client := th.CreateClient() 809 th.LoginBasic2WithClient(client) 810 811 rteam, resp := client.GetTeamByName(team.Name, "") 812 CheckNoError(t, resp) 813 if rteam.Email != "" { 814 t.Fatal("should've sanitized email") 815 } 816 }) 817 818 t.Run("team admin/non-admin", func(t *testing.T) { 819 rteam, resp := th.Client.GetTeamByName(team.Name, "") 820 CheckNoError(t, resp) 821 if rteam.Email == "" { 822 t.Fatal("should not have sanitized email") 823 } 824 }) 825 826 t.Run("system admin", func(t *testing.T) { 827 rteam, resp := th.SystemAdminClient.GetTeamByName(team.Name, "") 828 CheckNoError(t, resp) 829 if rteam.Email == "" { 830 t.Fatal("should not have sanitized email") 831 } 832 }) 833 } 834 835 func TestSearchAllTeams(t *testing.T) { 836 th := Setup().InitBasic() 837 defer th.TearDown() 838 Client := th.Client 839 oTeam := th.BasicTeam 840 oTeam.AllowOpenInvite = true 841 842 if updatedTeam, err := th.App.UpdateTeam(oTeam); err != nil { 843 t.Fatal(err) 844 } else { 845 oTeam.UpdateAt = updatedTeam.UpdateAt 846 } 847 848 pTeam := &model.Team{DisplayName: "PName", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE} 849 Client.CreateTeam(pTeam) 850 851 rteams, resp := Client.SearchTeams(&model.TeamSearch{Term: oTeam.Name}) 852 CheckNoError(t, resp) 853 854 if len(rteams) != 1 { 855 t.Fatal("should have returned 1 team") 856 } 857 858 if oTeam.Id != rteams[0].Id { 859 t.Fatal("invalid team") 860 } 861 862 rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: oTeam.DisplayName}) 863 CheckNoError(t, resp) 864 865 if len(rteams) != 1 { 866 t.Fatal("should have returned 1 team") 867 } 868 869 if rteams[0].Id != oTeam.Id { 870 t.Fatal("invalid team") 871 } 872 873 rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.Name}) 874 CheckNoError(t, resp) 875 876 if len(rteams) != 0 { 877 t.Fatal("should have not returned team") 878 } 879 880 rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName}) 881 CheckNoError(t, resp) 882 883 if len(rteams) != 0 { 884 t.Fatal("should have not returned team") 885 } 886 887 rteams, resp = th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: oTeam.Name}) 888 CheckNoError(t, resp) 889 890 if len(rteams) != 1 { 891 t.Fatal("should have returned 1 team") 892 } 893 894 rteams, resp = th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName}) 895 CheckNoError(t, resp) 896 897 if len(rteams) != 1 { 898 t.Fatal("should have returned 1 team") 899 } 900 901 rteams, resp = Client.SearchTeams(&model.TeamSearch{Term: "junk"}) 902 CheckNoError(t, resp) 903 904 if len(rteams) != 0 { 905 t.Fatal("should have not returned team") 906 } 907 908 Client.Logout() 909 910 _, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.Name}) 911 CheckUnauthorizedStatus(t, resp) 912 913 _, resp = Client.SearchTeams(&model.TeamSearch{Term: pTeam.DisplayName}) 914 CheckUnauthorizedStatus(t, resp) 915 } 916 917 func TestSearchAllTeamsSanitization(t *testing.T) { 918 th := Setup().InitBasic() 919 defer th.TearDown() 920 921 team, resp := th.Client.CreateTeam(&model.Team{ 922 DisplayName: t.Name() + "_1", 923 Name: GenerateTestTeamName(), 924 Email: th.GenerateTestEmail(), 925 Type: model.TEAM_OPEN, 926 AllowedDomains: "simulator.amazonses.com,dockerhost", 927 }) 928 CheckNoError(t, resp) 929 team2, resp := th.Client.CreateTeam(&model.Team{ 930 DisplayName: t.Name() + "_2", 931 Name: GenerateTestTeamName(), 932 Email: th.GenerateTestEmail(), 933 Type: model.TEAM_OPEN, 934 AllowedDomains: "simulator.amazonses.com,dockerhost", 935 }) 936 CheckNoError(t, resp) 937 938 t.Run("non-team user", func(t *testing.T) { 939 client := th.CreateClient() 940 th.LoginBasic2WithClient(client) 941 942 rteams, resp := client.SearchTeams(&model.TeamSearch{Term: t.Name()}) 943 CheckNoError(t, resp) 944 for _, rteam := range rteams { 945 if rteam.Email != "" { 946 t.Fatal("should've sanitized email") 947 } else if rteam.AllowedDomains != "" { 948 t.Fatal("should've sanitized allowed domains") 949 } 950 } 951 }) 952 953 t.Run("team user", func(t *testing.T) { 954 th.LinkUserToTeam(th.BasicUser2, team) 955 956 client := th.CreateClient() 957 th.LoginBasic2WithClient(client) 958 959 rteams, resp := client.SearchTeams(&model.TeamSearch{Term: t.Name()}) 960 CheckNoError(t, resp) 961 for _, rteam := range rteams { 962 if rteam.Email != "" { 963 t.Fatal("should've sanitized email") 964 } else if rteam.AllowedDomains != "" { 965 t.Fatal("should've sanitized allowed domains") 966 } 967 } 968 }) 969 970 t.Run("team admin", func(t *testing.T) { 971 rteams, resp := th.Client.SearchTeams(&model.TeamSearch{Term: t.Name()}) 972 CheckNoError(t, resp) 973 for _, rteam := range rteams { 974 if rteam.Id == team.Id || rteam.Id == team2.Id || rteam.Id == th.BasicTeam.Id { 975 if rteam.Email == "" { 976 t.Fatal("should not have sanitized email") 977 } 978 } 979 } 980 }) 981 982 t.Run("system admin", func(t *testing.T) { 983 rteams, resp := th.SystemAdminClient.SearchTeams(&model.TeamSearch{Term: t.Name()}) 984 CheckNoError(t, resp) 985 for _, rteam := range rteams { 986 if rteam.Email == "" { 987 t.Fatal("should not have sanitized email") 988 } 989 } 990 }) 991 } 992 993 func TestGetTeamsForUser(t *testing.T) { 994 th := Setup().InitBasic() 995 defer th.TearDown() 996 Client := th.Client 997 998 team2 := &model.Team{DisplayName: "Name", Name: GenerateTestTeamName(), Email: th.GenerateTestEmail(), Type: model.TEAM_INVITE} 999 rteam2, _ := Client.CreateTeam(team2) 1000 1001 teams, resp := Client.GetTeamsForUser(th.BasicUser.Id, "") 1002 CheckNoError(t, resp) 1003 1004 if len(teams) != 2 { 1005 t.Fatal("wrong number of teams") 1006 } 1007 1008 found1 := false 1009 found2 := false 1010 for _, t := range teams { 1011 if t.Id == th.BasicTeam.Id { 1012 found1 = true 1013 } else if t.Id == rteam2.Id { 1014 found2 = true 1015 } 1016 } 1017 1018 if !found1 || !found2 { 1019 t.Fatal("missing team") 1020 } 1021 1022 _, resp = Client.GetTeamsForUser("junk", "") 1023 CheckBadRequestStatus(t, resp) 1024 1025 _, resp = Client.GetTeamsForUser(model.NewId(), "") 1026 CheckForbiddenStatus(t, resp) 1027 1028 _, resp = Client.GetTeamsForUser(th.BasicUser2.Id, "") 1029 CheckForbiddenStatus(t, resp) 1030 1031 _, resp = th.SystemAdminClient.GetTeamsForUser(th.BasicUser2.Id, "") 1032 CheckNoError(t, resp) 1033 } 1034 1035 func TestGetTeamsForUserSanitization(t *testing.T) { 1036 th := Setup().InitBasic() 1037 defer th.TearDown() 1038 1039 team, resp := th.Client.CreateTeam(&model.Team{ 1040 DisplayName: t.Name() + "_1", 1041 Name: GenerateTestTeamName(), 1042 Email: th.GenerateTestEmail(), 1043 Type: model.TEAM_OPEN, 1044 AllowedDomains: "simulator.amazonses.com,dockerhost", 1045 }) 1046 CheckNoError(t, resp) 1047 team2, resp := th.Client.CreateTeam(&model.Team{ 1048 DisplayName: t.Name() + "_2", 1049 Name: GenerateTestTeamName(), 1050 Email: th.GenerateTestEmail(), 1051 Type: model.TEAM_OPEN, 1052 AllowedDomains: "simulator.amazonses.com,dockerhost", 1053 }) 1054 CheckNoError(t, resp) 1055 1056 t.Run("team user", func(t *testing.T) { 1057 th.LinkUserToTeam(th.BasicUser2, team) 1058 th.LinkUserToTeam(th.BasicUser2, team2) 1059 1060 client := th.CreateClient() 1061 th.LoginBasic2WithClient(client) 1062 1063 rteams, resp := client.GetTeamsForUser(th.BasicUser2.Id, "") 1064 CheckNoError(t, resp) 1065 for _, rteam := range rteams { 1066 if rteam.Id != team.Id && rteam.Id != team2.Id { 1067 continue 1068 } 1069 1070 if rteam.Email != "" { 1071 t.Fatal("should've sanitized email") 1072 } 1073 } 1074 }) 1075 1076 t.Run("team admin", func(t *testing.T) { 1077 rteams, resp := th.Client.GetTeamsForUser(th.BasicUser.Id, "") 1078 CheckNoError(t, resp) 1079 for _, rteam := range rteams { 1080 if rteam.Id != team.Id && rteam.Id != team2.Id { 1081 continue 1082 } 1083 1084 if rteam.Email == "" { 1085 t.Fatal("should not have sanitized email") 1086 } 1087 } 1088 }) 1089 1090 t.Run("system admin", func(t *testing.T) { 1091 rteams, resp := th.SystemAdminClient.GetTeamsForUser(th.BasicUser.Id, "") 1092 CheckNoError(t, resp) 1093 for _, rteam := range rteams { 1094 if rteam.Id != team.Id && rteam.Id != team2.Id { 1095 continue 1096 } 1097 1098 if rteam.Email == "" { 1099 t.Fatal("should not have sanitized email") 1100 } 1101 } 1102 }) 1103 } 1104 1105 func TestGetTeamMember(t *testing.T) { 1106 th := Setup().InitBasic() 1107 defer th.TearDown() 1108 Client := th.Client 1109 team := th.BasicTeam 1110 user := th.BasicUser 1111 1112 rmember, resp := Client.GetTeamMember(team.Id, user.Id, "") 1113 CheckNoError(t, resp) 1114 1115 if rmember.TeamId != team.Id { 1116 t.Fatal("wrong team id") 1117 } 1118 1119 if rmember.UserId != user.Id { 1120 t.Fatal("wrong team id") 1121 } 1122 1123 _, resp = Client.GetTeamMember("junk", user.Id, "") 1124 CheckBadRequestStatus(t, resp) 1125 1126 _, resp = Client.GetTeamMember(team.Id, "junk", "") 1127 CheckBadRequestStatus(t, resp) 1128 1129 _, resp = Client.GetTeamMember("junk", "junk", "") 1130 CheckBadRequestStatus(t, resp) 1131 1132 _, resp = Client.GetTeamMember(team.Id, model.NewId(), "") 1133 CheckNotFoundStatus(t, resp) 1134 1135 _, resp = Client.GetTeamMember(model.NewId(), user.Id, "") 1136 CheckForbiddenStatus(t, resp) 1137 1138 _, resp = th.SystemAdminClient.GetTeamMember(team.Id, user.Id, "") 1139 CheckNoError(t, resp) 1140 } 1141 1142 func TestGetTeamMembers(t *testing.T) { 1143 th := Setup().InitBasic() 1144 defer th.TearDown() 1145 Client := th.Client 1146 team := th.BasicTeam 1147 userNotMember := th.CreateUser() 1148 1149 rmembers, resp := Client.GetTeamMembers(team.Id, 0, 100, "") 1150 CheckNoError(t, resp) 1151 1152 t.Logf("rmembers count %v\n", len(rmembers)) 1153 1154 if len(rmembers) == 0 { 1155 t.Fatal("should have results") 1156 } 1157 1158 for _, rmember := range rmembers { 1159 if rmember.TeamId != team.Id || rmember.UserId == userNotMember.Id { 1160 t.Fatal("user should be a member of team") 1161 } 1162 } 1163 1164 rmembers, resp = Client.GetTeamMembers(team.Id, 0, 1, "") 1165 CheckNoError(t, resp) 1166 if len(rmembers) != 1 { 1167 t.Fatal("should be 1 per page") 1168 } 1169 1170 rmembers, resp = Client.GetTeamMembers(team.Id, 1, 1, "") 1171 CheckNoError(t, resp) 1172 if len(rmembers) != 1 { 1173 t.Fatal("should be 1 per page") 1174 } 1175 1176 rmembers, resp = Client.GetTeamMembers(team.Id, 10000, 100, "") 1177 CheckNoError(t, resp) 1178 if len(rmembers) != 0 { 1179 t.Fatal("should be no member") 1180 } 1181 1182 rmembers, resp = Client.GetTeamMembers(team.Id, 0, 2, "") 1183 CheckNoError(t, resp) 1184 rmembers2, resp := Client.GetTeamMembers(team.Id, 1, 2, "") 1185 CheckNoError(t, resp) 1186 1187 for _, tm1 := range rmembers { 1188 for _, tm2 := range rmembers2 { 1189 assert.NotEqual(t, tm1.UserId+tm1.TeamId, tm2.UserId+tm2.TeamId, "different pages should not have the same members") 1190 } 1191 } 1192 1193 _, resp = Client.GetTeamMembers("junk", 0, 100, "") 1194 CheckBadRequestStatus(t, resp) 1195 1196 _, resp = Client.GetTeamMembers(model.NewId(), 0, 100, "") 1197 CheckForbiddenStatus(t, resp) 1198 1199 Client.Logout() 1200 _, resp = Client.GetTeamMembers(team.Id, 0, 1, "") 1201 CheckUnauthorizedStatus(t, resp) 1202 1203 _, resp = th.SystemAdminClient.GetTeamMembers(team.Id, 0, 100, "") 1204 CheckNoError(t, resp) 1205 } 1206 1207 func TestGetTeamMembersForUser(t *testing.T) { 1208 th := Setup().InitBasic() 1209 defer th.TearDown() 1210 Client := th.Client 1211 1212 members, resp := Client.GetTeamMembersForUser(th.BasicUser.Id, "") 1213 CheckNoError(t, resp) 1214 1215 found := false 1216 for _, m := range members { 1217 if m.TeamId == th.BasicTeam.Id { 1218 found = true 1219 } 1220 } 1221 1222 if !found { 1223 t.Fatal("missing team member") 1224 } 1225 1226 _, resp = Client.GetTeamMembersForUser("junk", "") 1227 CheckBadRequestStatus(t, resp) 1228 1229 _, resp = Client.GetTeamMembersForUser(model.NewId(), "") 1230 CheckForbiddenStatus(t, resp) 1231 1232 Client.Logout() 1233 _, resp = Client.GetTeamMembersForUser(th.BasicUser.Id, "") 1234 CheckUnauthorizedStatus(t, resp) 1235 1236 user := th.CreateUser() 1237 Client.Login(user.Email, user.Password) 1238 _, resp = Client.GetTeamMembersForUser(th.BasicUser.Id, "") 1239 CheckForbiddenStatus(t, resp) 1240 1241 _, resp = th.SystemAdminClient.GetTeamMembersForUser(th.BasicUser.Id, "") 1242 CheckNoError(t, resp) 1243 } 1244 1245 func TestGetTeamMembersByIds(t *testing.T) { 1246 th := Setup().InitBasic() 1247 defer th.TearDown() 1248 Client := th.Client 1249 1250 tm, resp := Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{th.BasicUser.Id}) 1251 CheckNoError(t, resp) 1252 1253 if tm[0].UserId != th.BasicUser.Id { 1254 t.Fatal("returned wrong user") 1255 } 1256 1257 _, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{}) 1258 CheckBadRequestStatus(t, resp) 1259 1260 tm1, resp := Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{"junk"}) 1261 CheckNoError(t, resp) 1262 if len(tm1) > 0 { 1263 t.Fatal("no users should be returned") 1264 } 1265 1266 tm1, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{"junk", th.BasicUser.Id}) 1267 CheckNoError(t, resp) 1268 if len(tm1) != 1 { 1269 t.Fatal("1 user should be returned") 1270 } 1271 1272 _, resp = Client.GetTeamMembersByIds("junk", []string{th.BasicUser.Id}) 1273 CheckBadRequestStatus(t, resp) 1274 1275 _, resp = Client.GetTeamMembersByIds(model.NewId(), []string{th.BasicUser.Id}) 1276 CheckForbiddenStatus(t, resp) 1277 1278 Client.Logout() 1279 _, resp = Client.GetTeamMembersByIds(th.BasicTeam.Id, []string{th.BasicUser.Id}) 1280 CheckUnauthorizedStatus(t, resp) 1281 } 1282 1283 func TestAddTeamMember(t *testing.T) { 1284 th := Setup().InitBasic() 1285 defer th.TearDown() 1286 Client := th.Client 1287 team := th.BasicTeam 1288 otherUser := th.CreateUser() 1289 1290 if err := th.App.RemoveUserFromTeam(th.BasicTeam.Id, th.BasicUser2.Id, ""); err != nil { 1291 t.Fatalf(err.Error()) 1292 } 1293 1294 // Regular user can't add a member to a team they don't belong to. 1295 th.LoginBasic2() 1296 _, resp := Client.AddTeamMember(team.Id, otherUser.Id) 1297 CheckForbiddenStatus(t, resp) 1298 if resp.Error == nil { 1299 t.Fatalf("Error is nil") 1300 } 1301 Client.Logout() 1302 1303 // Regular user can add a member to a team they belong to. 1304 th.LoginBasic() 1305 tm, resp := Client.AddTeamMember(team.Id, otherUser.Id) 1306 CheckNoError(t, resp) 1307 CheckCreatedStatus(t, resp) 1308 1309 // Check all the returned data. 1310 if tm == nil { 1311 t.Fatal("should have returned team member") 1312 } 1313 1314 if tm.UserId != otherUser.Id { 1315 t.Fatal("user ids should have matched") 1316 } 1317 1318 if tm.TeamId != team.Id { 1319 t.Fatal("team ids should have matched") 1320 } 1321 1322 // Check with various invalid requests. 1323 tm, resp = Client.AddTeamMember(team.Id, "junk") 1324 CheckBadRequestStatus(t, resp) 1325 1326 if tm != nil { 1327 t.Fatal("should have not returned team member") 1328 } 1329 1330 _, resp = Client.AddTeamMember("junk", otherUser.Id) 1331 CheckBadRequestStatus(t, resp) 1332 1333 _, resp = Client.AddTeamMember(GenerateTestId(), otherUser.Id) 1334 CheckForbiddenStatus(t, resp) 1335 1336 _, resp = Client.AddTeamMember(team.Id, GenerateTestId()) 1337 CheckNotFoundStatus(t, resp) 1338 1339 Client.Logout() 1340 1341 // Check the appropriate permissions are enforced. 1342 defaultRolePermissions := th.SaveDefaultRolePermissions() 1343 defer func() { 1344 th.RestoreDefaultRolePermissions(defaultRolePermissions) 1345 }() 1346 1347 // Set the config so that only team admins can add a user to a team. 1348 th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID) 1349 th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID) 1350 th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID) 1351 th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID) 1352 1353 th.LoginBasic() 1354 1355 // Check that a regular user can't add someone to the team. 1356 _, resp = Client.AddTeamMember(team.Id, otherUser.Id) 1357 CheckForbiddenStatus(t, resp) 1358 1359 // Update user to team admin 1360 th.UpdateUserToTeamAdmin(th.BasicUser, th.BasicTeam) 1361 th.App.InvalidateAllCaches() 1362 th.LoginBasic() 1363 1364 // Should work as a team admin. 1365 _, resp = Client.AddTeamMember(team.Id, otherUser.Id) 1366 CheckNoError(t, resp) 1367 1368 // Change permission level to team user 1369 th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID) 1370 th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID) 1371 th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID) 1372 th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID) 1373 1374 th.UpdateUserToNonTeamAdmin(th.BasicUser, th.BasicTeam) 1375 th.App.InvalidateAllCaches() 1376 th.LoginBasic() 1377 1378 // Should work as a regular user. 1379 _, resp = Client.AddTeamMember(team.Id, otherUser.Id) 1380 CheckNoError(t, resp) 1381 1382 // by token 1383 Client.Login(otherUser.Email, otherUser.Password) 1384 1385 token := model.NewToken( 1386 app.TOKEN_TYPE_TEAM_INVITATION, 1387 model.MapToJson(map[string]string{"teamId": team.Id}), 1388 ) 1389 <-th.App.Srv.Store.Token().Save(token) 1390 1391 tm, resp = Client.AddTeamMemberFromInvite(token.Token, "") 1392 CheckNoError(t, resp) 1393 1394 if tm == nil { 1395 t.Fatal("should have returned team member") 1396 } 1397 1398 if tm.UserId != otherUser.Id { 1399 t.Fatal("user ids should have matched") 1400 } 1401 1402 if tm.TeamId != team.Id { 1403 t.Fatal("team ids should have matched") 1404 } 1405 1406 if result := <-th.App.Srv.Store.Token().GetByToken(token.Token); result.Err == nil { 1407 t.Fatal("The token must be deleted after be used") 1408 } 1409 1410 tm, resp = Client.AddTeamMemberFromInvite("junk", "") 1411 CheckBadRequestStatus(t, resp) 1412 1413 if tm != nil { 1414 t.Fatal("should have not returned team member") 1415 } 1416 1417 // expired token of more than 50 hours 1418 token = model.NewToken(app.TOKEN_TYPE_TEAM_INVITATION, "") 1419 token.CreateAt = model.GetMillis() - 1000*60*60*50 1420 <-th.App.Srv.Store.Token().Save(token) 1421 1422 _, resp = Client.AddTeamMemberFromInvite(token.Token, "") 1423 CheckBadRequestStatus(t, resp) 1424 th.App.DeleteToken(token) 1425 1426 // invalid team id 1427 testId := GenerateTestId() 1428 token = model.NewToken( 1429 app.TOKEN_TYPE_TEAM_INVITATION, 1430 model.MapToJson(map[string]string{"teamId": testId}), 1431 ) 1432 <-th.App.Srv.Store.Token().Save(token) 1433 1434 _, resp = Client.AddTeamMemberFromInvite(token.Token, "") 1435 CheckNotFoundStatus(t, resp) 1436 th.App.DeleteToken(token) 1437 1438 // by invite_id 1439 Client.Login(otherUser.Email, otherUser.Password) 1440 1441 tm, resp = Client.AddTeamMemberFromInvite("", team.InviteId) 1442 CheckNoError(t, resp) 1443 1444 if tm == nil { 1445 t.Fatal("should have returned team member") 1446 } 1447 1448 if tm.UserId != otherUser.Id { 1449 t.Fatal("user ids should have matched") 1450 } 1451 1452 if tm.TeamId != team.Id { 1453 t.Fatal("team ids should have matched") 1454 } 1455 1456 tm, resp = Client.AddTeamMemberFromInvite("", "junk") 1457 CheckNotFoundStatus(t, resp) 1458 1459 if tm != nil { 1460 t.Fatal("should have not returned team member") 1461 } 1462 } 1463 1464 func TestAddTeamMemberMyself(t *testing.T) { 1465 th := Setup().InitBasic() 1466 defer th.TearDown() 1467 Client := th.Client 1468 1469 // Check the appropriate permissions are enforced. 1470 defaultRolePermissions := th.SaveDefaultRolePermissions() 1471 defer func() { 1472 th.RestoreDefaultRolePermissions(defaultRolePermissions) 1473 }() 1474 1475 th.LoginBasic() 1476 1477 testCases := []struct { 1478 Name string 1479 Public bool 1480 PublicPermission bool 1481 PrivatePermission bool 1482 ExpectedSuccess bool 1483 }{ 1484 { 1485 Name: "Try to join an open team without the permissions", 1486 Public: true, 1487 PublicPermission: false, 1488 PrivatePermission: false, 1489 ExpectedSuccess: false, 1490 }, 1491 { 1492 Name: "Try to join a private team without the permissions", 1493 Public: false, 1494 PublicPermission: false, 1495 PrivatePermission: false, 1496 ExpectedSuccess: false, 1497 }, 1498 { 1499 Name: "Try to join an open team without public permission but with private permissions", 1500 Public: true, 1501 PublicPermission: false, 1502 PrivatePermission: true, 1503 ExpectedSuccess: false, 1504 }, 1505 { 1506 Name: "Try to join a private team without private permission but with public permission", 1507 Public: false, 1508 PublicPermission: true, 1509 PrivatePermission: false, 1510 ExpectedSuccess: false, 1511 }, 1512 { 1513 Name: "Join an open team with the permissions", 1514 Public: true, 1515 PublicPermission: true, 1516 PrivatePermission: false, 1517 ExpectedSuccess: true, 1518 }, 1519 { 1520 Name: "Join a private team with the permissions", 1521 Public: false, 1522 PublicPermission: false, 1523 PrivatePermission: true, 1524 ExpectedSuccess: true, 1525 }, 1526 } 1527 1528 for _, tc := range testCases { 1529 t.Run(tc.Name, func(t *testing.T) { 1530 team := th.CreateTeam() 1531 team.AllowOpenInvite = tc.Public 1532 th.App.UpdateTeam(team) 1533 if tc.PublicPermission { 1534 th.AddPermissionToRole(model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 1535 } else { 1536 th.RemovePermissionFromRole(model.PERMISSION_JOIN_PUBLIC_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 1537 } 1538 if tc.PrivatePermission { 1539 th.AddPermissionToRole(model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 1540 } else { 1541 th.RemovePermissionFromRole(model.PERMISSION_JOIN_PRIVATE_TEAMS.Id, model.SYSTEM_USER_ROLE_ID) 1542 } 1543 _, resp := Client.AddTeamMember(team.Id, th.BasicUser.Id) 1544 if tc.ExpectedSuccess { 1545 CheckNoError(t, resp) 1546 } else { 1547 CheckForbiddenStatus(t, resp) 1548 } 1549 }) 1550 } 1551 1552 } 1553 1554 func TestAddTeamMembers(t *testing.T) { 1555 th := Setup().InitBasic() 1556 defer th.TearDown() 1557 Client := th.Client 1558 team := th.BasicTeam 1559 otherUser := th.CreateUser() 1560 userList := []string{ 1561 otherUser.Id, 1562 } 1563 1564 if err := th.App.RemoveUserFromTeam(th.BasicTeam.Id, th.BasicUser2.Id, ""); err != nil { 1565 t.Fatalf(err.Error()) 1566 } 1567 1568 // Regular user can't add a member to a team they don't belong to. 1569 th.LoginBasic2() 1570 _, resp := Client.AddTeamMembers(team.Id, userList) 1571 CheckForbiddenStatus(t, resp) 1572 Client.Logout() 1573 1574 // Regular user can add a member to a team they belong to. 1575 th.LoginBasic() 1576 tm, resp := Client.AddTeamMembers(team.Id, userList) 1577 CheckNoError(t, resp) 1578 CheckCreatedStatus(t, resp) 1579 1580 // Check all the returned data. 1581 if tm[0] == nil { 1582 t.Fatal("should have returned team member") 1583 } 1584 1585 if tm[0].UserId != otherUser.Id { 1586 t.Fatal("user ids should have matched") 1587 } 1588 1589 if tm[0].TeamId != team.Id { 1590 t.Fatal("team ids should have matched") 1591 } 1592 1593 // Check with various invalid requests. 1594 _, resp = Client.AddTeamMembers("junk", userList) 1595 CheckBadRequestStatus(t, resp) 1596 1597 _, resp = Client.AddTeamMembers(GenerateTestId(), userList) 1598 CheckForbiddenStatus(t, resp) 1599 1600 testUserList := append(userList, GenerateTestId()) 1601 _, resp = Client.AddTeamMembers(team.Id, testUserList) 1602 CheckNotFoundStatus(t, resp) 1603 1604 // Test with many users. 1605 for i := 0; i < 25; i++ { 1606 testUserList = append(testUserList, GenerateTestId()) 1607 } 1608 _, resp = Client.AddTeamMembers(team.Id, testUserList) 1609 CheckBadRequestStatus(t, resp) 1610 1611 Client.Logout() 1612 1613 // Check the appropriate permissions are enforced. 1614 defaultRolePermissions := th.SaveDefaultRolePermissions() 1615 defer func() { 1616 th.RestoreDefaultRolePermissions(defaultRolePermissions) 1617 }() 1618 1619 // Set the config so that only team admins can add a user to a team. 1620 th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID) 1621 th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID) 1622 th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID) 1623 th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID) 1624 1625 th.LoginBasic() 1626 1627 // Check that a regular user can't add someone to the team. 1628 _, resp = Client.AddTeamMembers(team.Id, userList) 1629 CheckForbiddenStatus(t, resp) 1630 1631 // Update user to team admin 1632 th.UpdateUserToTeamAdmin(th.BasicUser, th.BasicTeam) 1633 th.App.InvalidateAllCaches() 1634 th.LoginBasic() 1635 1636 // Should work as a team admin. 1637 _, resp = Client.AddTeamMembers(team.Id, userList) 1638 CheckNoError(t, resp) 1639 1640 // Change permission level to team user 1641 th.AddPermissionToRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_USER_ROLE_ID) 1642 th.AddPermissionToRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_USER_ROLE_ID) 1643 th.RemovePermissionFromRole(model.PERMISSION_INVITE_USER.Id, model.TEAM_ADMIN_ROLE_ID) 1644 th.RemovePermissionFromRole(model.PERMISSION_ADD_USER_TO_TEAM.Id, model.TEAM_ADMIN_ROLE_ID) 1645 1646 th.UpdateUserToNonTeamAdmin(th.BasicUser, th.BasicTeam) 1647 th.App.InvalidateAllCaches() 1648 th.LoginBasic() 1649 1650 // Should work as a regular user. 1651 _, resp = Client.AddTeamMembers(team.Id, userList) 1652 CheckNoError(t, resp) 1653 } 1654 1655 func TestRemoveTeamMember(t *testing.T) { 1656 th := Setup().InitBasic() 1657 defer th.TearDown() 1658 Client := th.Client 1659 1660 pass, resp := Client.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser.Id) 1661 CheckNoError(t, resp) 1662 1663 if !pass { 1664 t.Fatal("should have passed") 1665 } 1666 1667 _, resp = th.SystemAdminClient.AddTeamMember(th.BasicTeam.Id, th.BasicUser.Id) 1668 CheckNoError(t, resp) 1669 1670 _, resp = Client.RemoveTeamMember(th.BasicTeam.Id, "junk") 1671 CheckBadRequestStatus(t, resp) 1672 1673 _, resp = Client.RemoveTeamMember("junk", th.BasicUser2.Id) 1674 CheckBadRequestStatus(t, resp) 1675 1676 _, resp = Client.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser2.Id) 1677 CheckForbiddenStatus(t, resp) 1678 1679 _, resp = Client.RemoveTeamMember(model.NewId(), th.BasicUser.Id) 1680 CheckNotFoundStatus(t, resp) 1681 1682 _, resp = th.SystemAdminClient.RemoveTeamMember(th.BasicTeam.Id, th.BasicUser.Id) 1683 CheckNoError(t, resp) 1684 } 1685 1686 func TestGetTeamStats(t *testing.T) { 1687 th := Setup().InitBasic() 1688 defer th.TearDown() 1689 Client := th.Client 1690 team := th.BasicTeam 1691 1692 rstats, resp := Client.GetTeamStats(team.Id, "") 1693 CheckNoError(t, resp) 1694 1695 if rstats.TeamId != team.Id { 1696 t.Fatal("wrong team id") 1697 } 1698 1699 if rstats.TotalMemberCount != 3 { 1700 t.Fatal("wrong count") 1701 } 1702 1703 if rstats.ActiveMemberCount != 3 { 1704 t.Fatal("wrong count") 1705 } 1706 1707 _, resp = Client.GetTeamStats("junk", "") 1708 CheckBadRequestStatus(t, resp) 1709 1710 _, resp = Client.GetTeamStats(model.NewId(), "") 1711 CheckForbiddenStatus(t, resp) 1712 1713 _, resp = th.SystemAdminClient.GetTeamStats(team.Id, "") 1714 CheckNoError(t, resp) 1715 1716 // deactivate BasicUser2 1717 th.UpdateActiveUser(th.BasicUser2, false) 1718 1719 rstats, resp = th.SystemAdminClient.GetTeamStats(team.Id, "") 1720 CheckNoError(t, resp) 1721 1722 if rstats.TotalMemberCount != 3 { 1723 t.Fatal("wrong count") 1724 } 1725 1726 if rstats.ActiveMemberCount != 2 { 1727 t.Fatal("wrong count") 1728 } 1729 1730 // login with different user and test if forbidden 1731 user := th.CreateUser() 1732 Client.Login(user.Email, user.Password) 1733 _, resp = Client.GetTeamStats(th.BasicTeam.Id, "") 1734 CheckForbiddenStatus(t, resp) 1735 1736 Client.Logout() 1737 _, resp = Client.GetTeamStats(th.BasicTeam.Id, "") 1738 CheckUnauthorizedStatus(t, resp) 1739 } 1740 1741 func TestUpdateTeamMemberRoles(t *testing.T) { 1742 th := Setup().InitBasic() 1743 defer th.TearDown() 1744 Client := th.Client 1745 SystemAdminClient := th.SystemAdminClient 1746 1747 const TEAM_MEMBER = "team_user" 1748 const TEAM_ADMIN = "team_user team_admin" 1749 1750 // user 1 tries to promote user 2 1751 ok, resp := Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN) 1752 CheckForbiddenStatus(t, resp) 1753 if ok { 1754 t.Fatal("should have returned false") 1755 } 1756 1757 // user 1 tries to promote himself 1758 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_ADMIN) 1759 CheckForbiddenStatus(t, resp) 1760 1761 // user 1 tries to demote someone 1762 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER) 1763 CheckForbiddenStatus(t, resp) 1764 1765 // system admin promotes user 1 1766 ok, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_ADMIN) 1767 CheckNoError(t, resp) 1768 if !ok { 1769 t.Fatal("should have returned true") 1770 } 1771 1772 // user 1 (team admin) promotes user 2 1773 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN) 1774 CheckNoError(t, resp) 1775 1776 // user 1 (team admin) demotes user 2 (team admin) 1777 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_MEMBER) 1778 CheckNoError(t, resp) 1779 1780 // user 1 (team admin) tries to demote system admin (not member of a team) 1781 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER) 1782 CheckNotFoundStatus(t, resp) 1783 1784 // user 1 (team admin) demotes system admin (member of a team) 1785 th.LinkUserToTeam(th.SystemAdminUser, th.BasicTeam) 1786 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, TEAM_MEMBER) 1787 CheckNoError(t, resp) 1788 // Note from API v3 1789 // Note to anyone who thinks this (above) test is wrong: 1790 // This operation will not affect the system admin's permissions because they have global access to all teams. 1791 // Their team level permissions are irrelevant. A team admin should be able to manage team level permissions. 1792 1793 // System admins should be able to manipulate permission no matter what their team level permissions are. 1794 // system admin promotes user 2 1795 _, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_ADMIN) 1796 CheckNoError(t, resp) 1797 1798 // system admin demotes user 2 (team admin) 1799 _, resp = SystemAdminClient.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser2.Id, TEAM_MEMBER) 1800 CheckNoError(t, resp) 1801 1802 // user 1 (team admin) tries to promote himself to a random team 1803 _, resp = Client.UpdateTeamMemberRoles(model.NewId(), th.BasicUser.Id, TEAM_ADMIN) 1804 CheckForbiddenStatus(t, resp) 1805 1806 // user 1 (team admin) tries to promote a random user 1807 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, model.NewId(), TEAM_ADMIN) 1808 CheckNotFoundStatus(t, resp) 1809 1810 // user 1 (team admin) tries to promote invalid team permission 1811 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, "junk") 1812 CheckBadRequestStatus(t, resp) 1813 1814 // user 1 (team admin) demotes himself 1815 _, resp = Client.UpdateTeamMemberRoles(th.BasicTeam.Id, th.BasicUser.Id, TEAM_MEMBER) 1816 CheckNoError(t, resp) 1817 } 1818 1819 func TestUpdateTeamMemberSchemeRoles(t *testing.T) { 1820 th := Setup().InitBasic() 1821 defer th.TearDown() 1822 SystemAdminClient := th.SystemAdminClient 1823 th.LoginBasic() 1824 1825 s1 := &model.SchemeRoles{ 1826 SchemeAdmin: false, 1827 SchemeUser: false, 1828 } 1829 _, r1 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s1) 1830 CheckNoError(t, r1) 1831 1832 tm1, rtm1 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 1833 CheckNoError(t, rtm1) 1834 assert.Equal(t, false, tm1.SchemeUser) 1835 assert.Equal(t, false, tm1.SchemeAdmin) 1836 1837 s2 := &model.SchemeRoles{ 1838 SchemeAdmin: false, 1839 SchemeUser: true, 1840 } 1841 _, r2 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s2) 1842 CheckNoError(t, r2) 1843 1844 tm2, rtm2 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 1845 CheckNoError(t, rtm2) 1846 assert.Equal(t, true, tm2.SchemeUser) 1847 assert.Equal(t, false, tm2.SchemeAdmin) 1848 1849 s3 := &model.SchemeRoles{ 1850 SchemeAdmin: true, 1851 SchemeUser: false, 1852 } 1853 _, r3 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s3) 1854 CheckNoError(t, r3) 1855 1856 tm3, rtm3 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 1857 CheckNoError(t, rtm3) 1858 assert.Equal(t, false, tm3.SchemeUser) 1859 assert.Equal(t, true, tm3.SchemeAdmin) 1860 1861 s4 := &model.SchemeRoles{ 1862 SchemeAdmin: true, 1863 SchemeUser: true, 1864 } 1865 _, r4 := SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s4) 1866 CheckNoError(t, r4) 1867 1868 tm4, rtm4 := SystemAdminClient.GetTeamMember(th.BasicTeam.Id, th.BasicUser.Id, "") 1869 CheckNoError(t, rtm4) 1870 assert.Equal(t, true, tm4.SchemeUser) 1871 assert.Equal(t, true, tm4.SchemeAdmin) 1872 1873 _, resp := SystemAdminClient.UpdateTeamMemberSchemeRoles(model.NewId(), th.BasicUser.Id, s4) 1874 CheckNotFoundStatus(t, resp) 1875 1876 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, model.NewId(), s4) 1877 CheckNotFoundStatus(t, resp) 1878 1879 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles("ASDF", th.BasicUser.Id, s4) 1880 CheckBadRequestStatus(t, resp) 1881 1882 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, "ASDF", s4) 1883 CheckBadRequestStatus(t, resp) 1884 1885 th.LoginBasic2() 1886 _, resp = th.Client.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.BasicUser.Id, s4) 1887 CheckForbiddenStatus(t, resp) 1888 1889 SystemAdminClient.Logout() 1890 _, resp = SystemAdminClient.UpdateTeamMemberSchemeRoles(th.BasicTeam.Id, th.SystemAdminUser.Id, s4) 1891 CheckUnauthorizedStatus(t, resp) 1892 } 1893 1894 func TestGetMyTeamsUnread(t *testing.T) { 1895 th := Setup().InitBasic() 1896 defer th.TearDown() 1897 Client := th.Client 1898 1899 user := th.BasicUser 1900 Client.Login(user.Email, user.Password) 1901 1902 teams, resp := Client.GetTeamsUnreadForUser(user.Id, "") 1903 CheckNoError(t, resp) 1904 if len(teams) == 0 { 1905 t.Fatal("should have results") 1906 } 1907 1908 teams, resp = Client.GetTeamsUnreadForUser(user.Id, th.BasicTeam.Id) 1909 CheckNoError(t, resp) 1910 if len(teams) != 0 { 1911 t.Fatal("should not have results") 1912 } 1913 1914 _, resp = Client.GetTeamsUnreadForUser("fail", "") 1915 CheckBadRequestStatus(t, resp) 1916 1917 _, resp = Client.GetTeamsUnreadForUser(model.NewId(), "") 1918 CheckForbiddenStatus(t, resp) 1919 1920 Client.Logout() 1921 _, resp = Client.GetTeamsUnreadForUser(user.Id, "") 1922 CheckUnauthorizedStatus(t, resp) 1923 } 1924 1925 func TestTeamExists(t *testing.T) { 1926 th := Setup().InitBasic() 1927 defer th.TearDown() 1928 Client := th.Client 1929 team := th.BasicTeam 1930 1931 th.LoginBasic() 1932 1933 exists, resp := Client.TeamExists(team.Name, "") 1934 CheckNoError(t, resp) 1935 if !exists { 1936 t.Fatal("team should exist") 1937 } 1938 1939 exists, resp = Client.TeamExists("testingteam", "") 1940 CheckNoError(t, resp) 1941 if exists { 1942 t.Fatal("team should not exist") 1943 } 1944 1945 Client.Logout() 1946 _, resp = Client.TeamExists(team.Name, "") 1947 CheckUnauthorizedStatus(t, resp) 1948 } 1949 1950 func TestImportTeam(t *testing.T) { 1951 th := Setup().InitBasic() 1952 defer th.TearDown() 1953 1954 t.Run("ImportTeam", func(t *testing.T) { 1955 var data []byte 1956 var err error 1957 data, err = testutils.ReadTestFile("Fake_Team_Import.zip") 1958 if err != nil && len(data) == 0 { 1959 t.Fatal("Error while reading the test file.") 1960 } 1961 1962 // Import the channels/users/posts 1963 fileResp, resp := th.SystemAdminClient.ImportTeam(data, binary.Size(data), "slack", "Fake_Team_Import.zip", th.BasicTeam.Id) 1964 CheckNoError(t, resp) 1965 1966 fileData, err := base64.StdEncoding.DecodeString(fileResp["results"]) 1967 if err != nil { 1968 t.Fatal("failed to decode base64 results data") 1969 } 1970 1971 fileReturned := fmt.Sprintf("%s", fileData) 1972 if !strings.Contains(fileReturned, "darth.vader@stardeath.com") { 1973 t.Log(fileReturned) 1974 t.Fatal("failed to report the user was imported") 1975 } 1976 1977 // Checking the imported users 1978 importedUser, resp := th.SystemAdminClient.GetUserByUsername("bot_test", "") 1979 CheckNoError(t, resp) 1980 if importedUser.Username != "bot_test" { 1981 t.Fatal("username should match with the imported user") 1982 } 1983 1984 importedUser, resp = th.SystemAdminClient.GetUserByUsername("lordvader", "") 1985 CheckNoError(t, resp) 1986 if importedUser.Username != "lordvader" { 1987 t.Fatal("username should match with the imported user") 1988 } 1989 1990 // Checking the imported Channels 1991 importedChannel, resp := th.SystemAdminClient.GetChannelByName("testchannel", th.BasicTeam.Id, "") 1992 CheckNoError(t, resp) 1993 if importedChannel.Name != "testchannel" { 1994 t.Fatal("names did not match expected: testchannel") 1995 } 1996 1997 importedChannel, resp = th.SystemAdminClient.GetChannelByName("general", th.BasicTeam.Id, "") 1998 CheckNoError(t, resp) 1999 if importedChannel.Name != "general" { 2000 t.Fatal("names did not match expected: general") 2001 } 2002 2003 posts, resp := th.SystemAdminClient.GetPostsForChannel(importedChannel.Id, 0, 60, "") 2004 CheckNoError(t, resp) 2005 if posts.Posts[posts.Order[3]].Message != "This is a test post to test the import process" { 2006 t.Fatal("missing posts in the import process") 2007 } 2008 }) 2009 2010 t.Run("MissingFile", func(t *testing.T) { 2011 _, resp := th.SystemAdminClient.ImportTeam(nil, 4343, "slack", "Fake_Team_Import.zip", th.BasicTeam.Id) 2012 CheckBadRequestStatus(t, resp) 2013 }) 2014 2015 t.Run("WrongPermission", func(t *testing.T) { 2016 var data []byte 2017 var err error 2018 data, err = testutils.ReadTestFile("Fake_Team_Import.zip") 2019 if err != nil && len(data) == 0 { 2020 t.Fatal("Error while reading the test file.") 2021 } 2022 2023 // Import the channels/users/posts 2024 _, resp := th.Client.ImportTeam(data, binary.Size(data), "slack", "Fake_Team_Import.zip", th.BasicTeam.Id) 2025 CheckForbiddenStatus(t, resp) 2026 }) 2027 } 2028 2029 func TestInviteUsersToTeam(t *testing.T) { 2030 th := Setup().InitBasic() 2031 defer th.TearDown() 2032 2033 user1 := th.GenerateTestEmail() 2034 user2 := th.GenerateTestEmail() 2035 2036 emailList := []string{user1, user2} 2037 2038 //Delete all the messages before check the sample email 2039 mailservice.DeleteMailBox(user1) 2040 mailservice.DeleteMailBox(user2) 2041 2042 enableEmailInvitations := *th.App.Config().ServiceSettings.EnableEmailInvitations 2043 restrictCreationToDomains := th.App.Config().TeamSettings.RestrictCreationToDomains 2044 defer func() { 2045 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableEmailInvitations = &enableEmailInvitations }) 2046 th.App.UpdateConfig(func(cfg *model.Config) { cfg.TeamSettings.RestrictCreationToDomains = restrictCreationToDomains }) 2047 }() 2048 2049 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableEmailInvitations = false }) 2050 _, resp := th.SystemAdminClient.InviteUsersToTeam(th.BasicTeam.Id, emailList) 2051 if resp.Error == nil { 2052 t.Fatal("Should be disabled") 2053 } 2054 2055 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableEmailInvitations = true }) 2056 okMsg, resp := th.SystemAdminClient.InviteUsersToTeam(th.BasicTeam.Id, emailList) 2057 CheckNoError(t, resp) 2058 if !okMsg { 2059 t.Fatal("should return true") 2060 } 2061 2062 nameFormat := *th.App.Config().TeamSettings.TeammateNameDisplay 2063 expectedSubject := utils.T("api.templates.invite_subject", 2064 map[string]interface{}{"SenderName": th.SystemAdminUser.GetDisplayName(nameFormat), 2065 "TeamDisplayName": th.BasicTeam.DisplayName, 2066 "SiteName": th.App.ClientConfig()["SiteName"]}) 2067 2068 //Check if the email was send to the rigth email address 2069 for _, email := range emailList { 2070 var resultsMailbox mailservice.JSONMessageHeaderInbucket 2071 err := mailservice.RetryInbucket(5, func() error { 2072 var err error 2073 resultsMailbox, err = mailservice.GetMailBox(email) 2074 return err 2075 }) 2076 if err != nil { 2077 t.Log(err) 2078 t.Log("No email was received, maybe due load on the server. Disabling this verification") 2079 } 2080 if err == nil && len(resultsMailbox) > 0 { 2081 if !strings.ContainsAny(resultsMailbox[len(resultsMailbox)-1].To[0], email) { 2082 t.Fatal("Wrong To recipient") 2083 } else { 2084 if resultsEmail, err := mailservice.GetMessageFromMailbox(email, resultsMailbox[len(resultsMailbox)-1].ID); err == nil { 2085 if resultsEmail.Subject != expectedSubject { 2086 t.Log(resultsEmail.Subject) 2087 t.Log(expectedSubject) 2088 t.Fatal("Wrong Subject") 2089 } 2090 } 2091 } 2092 } 2093 } 2094 2095 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.TeamSettings.RestrictCreationToDomains = "@global.com,@common.com" }) 2096 2097 t.Run("restricted domains", func(t *testing.T) { 2098 err := th.App.InviteNewUsersToTeam(emailList, th.BasicTeam.Id, th.BasicUser.Id) 2099 2100 if err == nil { 2101 t.Fatal("Adding users with non-restricted domains was allowed") 2102 } 2103 if err.Where != "InviteNewUsersToTeam" || err.Id != "api.team.invite_members.invalid_email.app_error" { 2104 t.Log(err) 2105 t.Fatal("Got wrong error message!") 2106 } 2107 }) 2108 2109 t.Run("override restricted domains", func(t *testing.T) { 2110 th.BasicTeam.AllowedDomains = "invalid.com,common.com" 2111 if _, err := th.App.UpdateTeam(th.BasicTeam); err == nil { 2112 t.Fatal("Should not update the team") 2113 } 2114 2115 th.BasicTeam.AllowedDomains = "common.com" 2116 if _, err := th.App.UpdateTeam(th.BasicTeam); err != nil { 2117 t.Log(err) 2118 t.Fatal("Should update the team") 2119 } 2120 2121 if err := th.App.InviteNewUsersToTeam([]string{"test@global.com"}, th.BasicTeam.Id, th.BasicUser.Id); err == nil || err.Where != "InviteNewUsersToTeam" { 2122 t.Log(err) 2123 t.Fatal("Per team restriction should take precedence over the global restriction") 2124 } 2125 2126 if err := th.App.InviteNewUsersToTeam([]string{"test@common.com"}, th.BasicTeam.Id, th.BasicUser.Id); err != nil { 2127 t.Log(err) 2128 t.Fatal("Failed to invite user which was common between team and global domain restriction") 2129 } 2130 2131 if err := th.App.InviteNewUsersToTeam([]string{"test@invalid.com"}, th.BasicTeam.Id, th.BasicUser.Id); err == nil { 2132 t.Log(err) 2133 t.Fatal("Should not invite user") 2134 } 2135 2136 }) 2137 } 2138 2139 func TestGetTeamInviteInfo(t *testing.T) { 2140 th := Setup().InitBasic() 2141 defer th.TearDown() 2142 Client := th.Client 2143 team := th.BasicTeam 2144 2145 team, resp := Client.GetTeamInviteInfo(team.InviteId) 2146 CheckNoError(t, resp) 2147 2148 if team.DisplayName == "" { 2149 t.Fatal("should not be empty") 2150 } 2151 2152 if team.Email != "" { 2153 t.Fatal("should be empty") 2154 } 2155 2156 team.InviteId = "12345678901234567890123456789012" 2157 team, resp = th.SystemAdminClient.UpdateTeam(team) 2158 CheckNoError(t, resp) 2159 2160 _, resp = Client.GetTeamInviteInfo(team.InviteId) 2161 CheckNoError(t, resp) 2162 2163 _, resp = Client.GetTeamInviteInfo("junk") 2164 CheckNotFoundStatus(t, resp) 2165 } 2166 2167 func TestSetTeamIcon(t *testing.T) { 2168 th := Setup().InitBasic() 2169 defer th.TearDown() 2170 Client := th.Client 2171 team := th.BasicTeam 2172 2173 data, err := testutils.ReadTestFile("test.png") 2174 if err != nil { 2175 t.Fatal(err) 2176 } 2177 2178 th.LoginTeamAdmin() 2179 2180 ok, resp := Client.SetTeamIcon(team.Id, data) 2181 if !ok { 2182 t.Fatal(resp.Error) 2183 } 2184 CheckNoError(t, resp) 2185 2186 ok, resp = Client.SetTeamIcon(model.NewId(), data) 2187 if ok { 2188 t.Fatal("Should return false, set team icon not allowed") 2189 } 2190 CheckForbiddenStatus(t, resp) 2191 2192 th.LoginBasic() 2193 2194 _, resp = Client.SetTeamIcon(team.Id, data) 2195 if resp.StatusCode == http.StatusForbidden { 2196 CheckForbiddenStatus(t, resp) 2197 } else if resp.StatusCode == http.StatusUnauthorized { 2198 CheckUnauthorizedStatus(t, resp) 2199 } else { 2200 t.Fatal("Should have failed either forbidden or unauthorized") 2201 } 2202 2203 Client.Logout() 2204 2205 _, resp = Client.SetTeamIcon(team.Id, data) 2206 if resp.StatusCode == http.StatusForbidden { 2207 CheckForbiddenStatus(t, resp) 2208 } else if resp.StatusCode == http.StatusUnauthorized { 2209 CheckUnauthorizedStatus(t, resp) 2210 } else { 2211 t.Fatal("Should have failed either forbidden or unauthorized") 2212 } 2213 2214 teamBefore, err := th.App.GetTeam(team.Id) 2215 require.Nil(t, err) 2216 2217 _, resp = th.SystemAdminClient.SetTeamIcon(team.Id, data) 2218 CheckNoError(t, resp) 2219 2220 teamAfter, err := th.App.GetTeam(team.Id) 2221 require.Nil(t, err) 2222 assert.True(t, teamBefore.LastTeamIconUpdate < teamAfter.LastTeamIconUpdate, "LastTeamIconUpdate should have been updated for team") 2223 2224 info := &model.FileInfo{Path: "teams/" + team.Id + "/teamIcon.png"} 2225 if err := th.cleanupTestFile(info); err != nil { 2226 t.Fatal(err) 2227 } 2228 } 2229 2230 func TestGetTeamIcon(t *testing.T) { 2231 th := Setup().InitBasic() 2232 defer th.TearDown() 2233 Client := th.Client 2234 team := th.BasicTeam 2235 2236 // should always fail because no initial image and no auto creation 2237 _, resp := Client.GetTeamIcon(team.Id, "") 2238 CheckNotFoundStatus(t, resp) 2239 2240 Client.Logout() 2241 2242 _, resp = Client.GetTeamIcon(team.Id, "") 2243 CheckUnauthorizedStatus(t, resp) 2244 } 2245 2246 func TestRemoveTeamIcon(t *testing.T) { 2247 th := Setup().InitBasic() 2248 defer th.TearDown() 2249 Client := th.Client 2250 team := th.BasicTeam 2251 2252 th.LoginTeamAdmin() 2253 data, _ := testutils.ReadTestFile("test.png") 2254 Client.SetTeamIcon(team.Id, data) 2255 2256 _, resp := Client.RemoveTeamIcon(team.Id) 2257 CheckNoError(t, resp) 2258 teamAfter, _ := th.App.GetTeam(team.Id) 2259 if teamAfter.LastTeamIconUpdate != 0 { 2260 t.Fatal("should update LastTeamIconUpdate to 0") 2261 } 2262 2263 Client.SetTeamIcon(team.Id, data) 2264 2265 _, resp = th.SystemAdminClient.RemoveTeamIcon(team.Id) 2266 CheckNoError(t, resp) 2267 teamAfter, _ = th.App.GetTeam(team.Id) 2268 if teamAfter.LastTeamIconUpdate != 0 { 2269 t.Fatal("should update LastTeamIconUpdate to 0") 2270 } 2271 2272 Client.SetTeamIcon(team.Id, data) 2273 Client.Logout() 2274 2275 _, resp = Client.RemoveTeamIcon(team.Id) 2276 CheckUnauthorizedStatus(t, resp) 2277 2278 th.LoginBasic() 2279 _, resp = Client.RemoveTeamIcon(team.Id) 2280 CheckForbiddenStatus(t, resp) 2281 } 2282 2283 func TestUpdateTeamScheme(t *testing.T) { 2284 th := Setup().InitBasic() 2285 defer th.TearDown() 2286 2287 th.App.SetLicense(model.NewTestLicense("")) 2288 2289 th.App.SetPhase2PermissionsMigrationStatus(true) 2290 2291 team := &model.Team{ 2292 DisplayName: "Name", 2293 Description: "Some description", 2294 CompanyName: "Some company name", 2295 AllowOpenInvite: false, 2296 InviteId: "inviteid0", 2297 Name: "z-z-" + model.NewId() + "a", 2298 Email: "success+" + model.NewId() + "@simulator.amazonses.com", 2299 Type: model.TEAM_OPEN, 2300 } 2301 team, _ = th.SystemAdminClient.CreateTeam(team) 2302 2303 teamScheme := &model.Scheme{ 2304 DisplayName: "DisplayName", 2305 Name: model.NewId(), 2306 Description: "Some description", 2307 Scope: model.SCHEME_SCOPE_TEAM, 2308 } 2309 teamScheme, _ = th.SystemAdminClient.CreateScheme(teamScheme) 2310 channelScheme := &model.Scheme{ 2311 DisplayName: "DisplayName", 2312 Name: model.NewId(), 2313 Description: "Some description", 2314 Scope: model.SCHEME_SCOPE_CHANNEL, 2315 } 2316 channelScheme, _ = th.SystemAdminClient.CreateScheme(channelScheme) 2317 2318 // Test the setup/base case. 2319 _, resp := th.SystemAdminClient.UpdateTeamScheme(team.Id, teamScheme.Id) 2320 CheckNoError(t, resp) 2321 2322 // Test the return to default scheme 2323 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, "") 2324 CheckNoError(t, resp) 2325 2326 // Test various invalid team and scheme id combinations. 2327 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, "x") 2328 CheckBadRequestStatus(t, resp) 2329 _, resp = th.SystemAdminClient.UpdateTeamScheme("x", teamScheme.Id) 2330 CheckBadRequestStatus(t, resp) 2331 _, resp = th.SystemAdminClient.UpdateTeamScheme("x", "x") 2332 CheckBadRequestStatus(t, resp) 2333 2334 // Test that permissions are required. 2335 _, resp = th.Client.UpdateTeamScheme(team.Id, teamScheme.Id) 2336 CheckForbiddenStatus(t, resp) 2337 2338 // Test that a license is requried. 2339 th.App.SetLicense(nil) 2340 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, teamScheme.Id) 2341 CheckNotImplementedStatus(t, resp) 2342 th.App.SetLicense(model.NewTestLicense("")) 2343 2344 // Test an invalid scheme scope. 2345 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, channelScheme.Id) 2346 CheckBadRequestStatus(t, resp) 2347 2348 // Test that an unauthenticated user gets rejected. 2349 th.SystemAdminClient.Logout() 2350 _, resp = th.SystemAdminClient.UpdateTeamScheme(team.Id, teamScheme.Id) 2351 CheckUnauthorizedStatus(t, resp) 2352 }