github.com/wgh-/mattermost-server@v4.8.0-rc2+incompatible/api4/command_test.go (about) 1 // Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved. 2 // See License.txt for license information. 3 4 package api4 5 6 import ( 7 "fmt" 8 "strings" 9 "testing" 10 11 "github.com/mattermost/mattermost-server/model" 12 ) 13 14 func TestCreateCommand(t *testing.T) { 15 th := Setup().InitBasic().InitSystemAdmin() 16 defer th.TearDown() 17 Client := th.Client 18 19 enableCommands := *th.App.Config().ServiceSettings.EnableCommands 20 defer func() { 21 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableCommands = &enableCommands }) 22 }() 23 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true }) 24 25 newCmd := &model.Command{ 26 CreatorId: th.BasicUser.Id, 27 TeamId: th.BasicTeam.Id, 28 URL: "http://nowhere.com", 29 Method: model.COMMAND_METHOD_POST, 30 Trigger: "trigger"} 31 32 _, resp := Client.CreateCommand(newCmd) 33 CheckForbiddenStatus(t, resp) 34 35 createdCmd, resp := th.SystemAdminClient.CreateCommand(newCmd) 36 CheckNoError(t, resp) 37 CheckCreatedStatus(t, resp) 38 if createdCmd.CreatorId != th.SystemAdminUser.Id { 39 t.Fatal("user ids didn't match") 40 } 41 if createdCmd.TeamId != th.BasicTeam.Id { 42 t.Fatal("team ids didn't match") 43 } 44 45 _, resp = th.SystemAdminClient.CreateCommand(newCmd) 46 CheckBadRequestStatus(t, resp) 47 CheckErrorMessage(t, resp, "api.command.duplicate_trigger.app_error") 48 49 newCmd.Method = "Wrong" 50 newCmd.Trigger = "testcommand" 51 _, resp = th.SystemAdminClient.CreateCommand(newCmd) 52 CheckBadRequestStatus(t, resp) 53 CheckErrorMessage(t, resp, "model.command.is_valid.method.app_error") 54 55 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = false }) 56 newCmd.Method = "P" 57 newCmd.Trigger = "testcommand" 58 _, resp = th.SystemAdminClient.CreateCommand(newCmd) 59 CheckNotImplementedStatus(t, resp) 60 CheckErrorMessage(t, resp, "api.command.disabled.app_error") 61 } 62 63 func TestUpdateCommand(t *testing.T) { 64 th := Setup().InitBasic().InitSystemAdmin() 65 defer th.TearDown() 66 Client := th.SystemAdminClient 67 user := th.SystemAdminUser 68 team := th.BasicTeam 69 70 enableCommands := *th.App.Config().ServiceSettings.EnableCommands 71 defer func() { 72 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableCommands = &enableCommands }) 73 }() 74 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true }) 75 76 cmd1 := &model.Command{ 77 CreatorId: user.Id, 78 TeamId: team.Id, 79 URL: "http://nowhere.com", 80 Method: model.COMMAND_METHOD_POST, 81 Trigger: "trigger1", 82 } 83 84 cmd1, _ = th.App.CreateCommand(cmd1) 85 86 cmd2 := &model.Command{ 87 CreatorId: GenerateTestId(), 88 TeamId: team.Id, 89 URL: "http://nowhere.com/change", 90 Method: model.COMMAND_METHOD_GET, 91 Trigger: "trigger2", 92 Id: cmd1.Id, 93 Token: "tokenchange", 94 } 95 96 rcmd, resp := Client.UpdateCommand(cmd2) 97 CheckNoError(t, resp) 98 99 if rcmd.Trigger != cmd2.Trigger { 100 t.Fatal("Trigger should have updated") 101 } 102 103 if rcmd.Method != cmd2.Method { 104 t.Fatal("Method should have updated") 105 } 106 107 if rcmd.URL != cmd2.URL { 108 t.Fatal("URL should have updated") 109 } 110 111 if rcmd.CreatorId != cmd1.CreatorId { 112 t.Fatal("CreatorId should have not updated") 113 } 114 115 if rcmd.Token != cmd1.Token { 116 t.Fatal("Token should have not updated") 117 } 118 119 cmd2.Id = GenerateTestId() 120 121 rcmd, resp = Client.UpdateCommand(cmd2) 122 CheckNotFoundStatus(t, resp) 123 124 if rcmd != nil { 125 t.Fatal("should be empty") 126 } 127 128 cmd2.Id = "junk" 129 130 _, resp = Client.UpdateCommand(cmd2) 131 CheckBadRequestStatus(t, resp) 132 133 cmd2.Id = cmd1.Id 134 cmd2.TeamId = GenerateTestId() 135 136 _, resp = Client.UpdateCommand(cmd2) 137 CheckBadRequestStatus(t, resp) 138 139 cmd2.TeamId = team.Id 140 141 _, resp = th.Client.UpdateCommand(cmd2) 142 CheckForbiddenStatus(t, resp) 143 144 Client.Logout() 145 _, resp = Client.UpdateCommand(cmd2) 146 CheckUnauthorizedStatus(t, resp) 147 } 148 149 func TestDeleteCommand(t *testing.T) { 150 th := Setup().InitBasic().InitSystemAdmin() 151 defer th.TearDown() 152 Client := th.SystemAdminClient 153 user := th.SystemAdminUser 154 team := th.BasicTeam 155 156 enableCommands := *th.App.Config().ServiceSettings.EnableCommands 157 defer func() { 158 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableCommands = &enableCommands }) 159 }() 160 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true }) 161 162 cmd1 := &model.Command{ 163 CreatorId: user.Id, 164 TeamId: team.Id, 165 URL: "http://nowhere.com", 166 Method: model.COMMAND_METHOD_POST, 167 Trigger: "trigger1", 168 } 169 170 rcmd1, _ := th.App.CreateCommand(cmd1) 171 172 ok, resp := Client.DeleteCommand(rcmd1.Id) 173 CheckNoError(t, resp) 174 175 if !ok { 176 t.Fatal("should have returned true") 177 } 178 179 rcmd1, _ = th.App.GetCommand(rcmd1.Id) 180 if rcmd1 != nil { 181 t.Fatal("should be nil") 182 } 183 184 ok, resp = Client.DeleteCommand("junk") 185 CheckBadRequestStatus(t, resp) 186 187 if ok { 188 t.Fatal("should have returned false") 189 } 190 191 _, resp = Client.DeleteCommand(GenerateTestId()) 192 CheckNotFoundStatus(t, resp) 193 194 cmd2 := &model.Command{ 195 CreatorId: user.Id, 196 TeamId: team.Id, 197 URL: "http://nowhere.com", 198 Method: model.COMMAND_METHOD_POST, 199 Trigger: "trigger2", 200 } 201 202 rcmd2, _ := th.App.CreateCommand(cmd2) 203 204 _, resp = th.Client.DeleteCommand(rcmd2.Id) 205 CheckForbiddenStatus(t, resp) 206 207 Client.Logout() 208 _, resp = Client.DeleteCommand(rcmd2.Id) 209 CheckUnauthorizedStatus(t, resp) 210 } 211 212 func TestListCommands(t *testing.T) { 213 th := Setup().InitBasic().InitSystemAdmin() 214 defer th.TearDown() 215 Client := th.Client 216 217 newCmd := &model.Command{ 218 CreatorId: th.BasicUser.Id, 219 TeamId: th.BasicTeam.Id, 220 URL: "http://nowhere.com", 221 Method: model.COMMAND_METHOD_POST, 222 Trigger: "custom_command"} 223 224 _, resp := th.SystemAdminClient.CreateCommand(newCmd) 225 CheckNoError(t, resp) 226 227 t.Run("ListSystemAndCustomCommands", func(t *testing.T) { 228 listCommands, resp := th.SystemAdminClient.ListCommands(th.BasicTeam.Id, false) 229 CheckNoError(t, resp) 230 231 foundEcho := false 232 foundCustom := false 233 for _, command := range listCommands { 234 if command.Trigger == "echo" { 235 foundEcho = true 236 } 237 if command.Trigger == "custom_command" { 238 foundCustom = true 239 } 240 } 241 if !foundEcho { 242 t.Fatal("Couldn't find echo command") 243 } 244 if !foundCustom { 245 t.Fatal("Should list the custom command") 246 } 247 }) 248 249 t.Run("ListCustomOnlyCommands", func(t *testing.T) { 250 listCommands, resp := th.SystemAdminClient.ListCommands(th.BasicTeam.Id, true) 251 CheckNoError(t, resp) 252 253 if len(listCommands) > 1 { 254 t.Fatal("Should list just one custom command") 255 } 256 if listCommands[0].Trigger != "custom_command" { 257 t.Fatal("Wrong custom command trigger") 258 } 259 }) 260 261 t.Run("UserWithNoPermissionForCustomCommands", func(t *testing.T) { 262 _, resp := Client.ListCommands(th.BasicTeam.Id, true) 263 CheckForbiddenStatus(t, resp) 264 }) 265 266 t.Run("RegularUserCanListOnlySystemCommands", func(t *testing.T) { 267 listCommands, resp := Client.ListCommands(th.BasicTeam.Id, false) 268 CheckNoError(t, resp) 269 270 foundEcho := false 271 foundCustom := false 272 for _, command := range listCommands { 273 if command.Trigger == "echo" { 274 foundEcho = true 275 } 276 if command.Trigger == "custom_command" { 277 foundCustom = true 278 } 279 } 280 if !foundEcho { 281 t.Fatal("Couldn't find echo command") 282 } 283 if foundCustom { 284 t.Fatal("Should not list the custom command") 285 } 286 }) 287 } 288 289 func TestListAutocompleteCommands(t *testing.T) { 290 th := Setup().InitBasic().InitSystemAdmin() 291 defer th.TearDown() 292 Client := th.Client 293 294 newCmd := &model.Command{ 295 CreatorId: th.BasicUser.Id, 296 TeamId: th.BasicTeam.Id, 297 URL: "http://nowhere.com", 298 Method: model.COMMAND_METHOD_POST, 299 Trigger: "custom_command"} 300 301 _, resp := th.SystemAdminClient.CreateCommand(newCmd) 302 CheckNoError(t, resp) 303 304 t.Run("ListAutocompleteCommandsOnly", func(t *testing.T) { 305 listCommands, resp := th.SystemAdminClient.ListAutocompleteCommands(th.BasicTeam.Id) 306 CheckNoError(t, resp) 307 308 foundEcho := false 309 foundCustom := false 310 for _, command := range listCommands { 311 if command.Trigger == "echo" { 312 foundEcho = true 313 } 314 if command.Trigger == "custom_command" { 315 foundCustom = true 316 } 317 } 318 if !foundEcho { 319 t.Fatal("Couldn't find echo command") 320 } 321 if foundCustom { 322 t.Fatal("Should not list the custom command") 323 } 324 }) 325 326 t.Run("RegularUserCanListOnlySystemCommands", func(t *testing.T) { 327 listCommands, resp := Client.ListAutocompleteCommands(th.BasicTeam.Id) 328 CheckNoError(t, resp) 329 330 foundEcho := false 331 foundCustom := false 332 for _, command := range listCommands { 333 if command.Trigger == "echo" { 334 foundEcho = true 335 } 336 if command.Trigger == "custom_command" { 337 foundCustom = true 338 } 339 } 340 if !foundEcho { 341 t.Fatal("Couldn't find echo command") 342 } 343 if foundCustom { 344 t.Fatal("Should not list the custom command") 345 } 346 }) 347 } 348 349 func TestRegenToken(t *testing.T) { 350 th := Setup().InitBasic().InitSystemAdmin() 351 defer th.TearDown() 352 Client := th.Client 353 354 enableCommands := *th.App.Config().ServiceSettings.EnableCommands 355 defer func() { 356 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableCommands = &enableCommands }) 357 }() 358 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true }) 359 360 newCmd := &model.Command{ 361 CreatorId: th.BasicUser.Id, 362 TeamId: th.BasicTeam.Id, 363 URL: "http://nowhere.com", 364 Method: model.COMMAND_METHOD_POST, 365 Trigger: "trigger"} 366 367 createdCmd, resp := th.SystemAdminClient.CreateCommand(newCmd) 368 CheckNoError(t, resp) 369 CheckCreatedStatus(t, resp) 370 371 token, resp := th.SystemAdminClient.RegenCommandToken(createdCmd.Id) 372 CheckNoError(t, resp) 373 if token == createdCmd.Token { 374 t.Fatal("should update the token") 375 } 376 377 token, resp = Client.RegenCommandToken(createdCmd.Id) 378 CheckForbiddenStatus(t, resp) 379 if token != "" { 380 t.Fatal("should not return the token") 381 } 382 } 383 384 func TestExecuteCommand(t *testing.T) { 385 th := Setup().InitBasic().InitSystemAdmin() 386 defer th.TearDown() 387 Client := th.Client 388 channel := th.BasicChannel 389 390 enableCommands := *th.App.Config().ServiceSettings.EnableCommands 391 allowedInternalConnections := *th.App.Config().ServiceSettings.AllowedUntrustedInternalConnections 392 defer func() { 393 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableCommands = &enableCommands }) 394 th.App.UpdateConfig(func(cfg *model.Config) { 395 cfg.ServiceSettings.AllowedUntrustedInternalConnections = &allowedInternalConnections 396 }) 397 }() 398 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true }) 399 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost" }) 400 401 postCmd := &model.Command{ 402 CreatorId: th.BasicUser.Id, 403 TeamId: th.BasicTeam.Id, 404 URL: fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test", 405 Method: model.COMMAND_METHOD_POST, 406 Trigger: "postcommand", 407 } 408 409 if _, err := th.App.CreateCommand(postCmd); err != nil { 410 t.Fatal("failed to create post command") 411 } 412 413 commandResponse, resp := Client.ExecuteCommand(channel.Id, "/postcommand") 414 CheckNoError(t, resp) 415 416 if commandResponse == nil { 417 t.Fatal("command response should have returned") 418 } 419 420 posts, err := th.App.GetPostsPage(channel.Id, 0, 10) 421 if err != nil || posts == nil || len(posts.Order) != 3 { 422 t.Fatal("Test command failed to send") 423 } 424 425 cmdPosted := false 426 for _, post := range posts.Posts { 427 if strings.Contains(post.Message, "test command response") { 428 if post.Type != "custom_test" { 429 t.Fatal("wrong type set in slash command post") 430 } 431 432 if post.Props["someprop"] != "somevalue" { 433 t.Fatal("wrong prop set in slash command post") 434 } 435 436 cmdPosted = true 437 break 438 } 439 } 440 441 if !cmdPosted { 442 t.Fatal("Test command response failed to post") 443 } 444 445 getCmd := &model.Command{ 446 CreatorId: th.BasicUser.Id, 447 TeamId: th.BasicTeam.Id, 448 URL: fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test", 449 Method: model.COMMAND_METHOD_GET, 450 Trigger: "getcommand", 451 } 452 453 if _, err := th.App.CreateCommand(getCmd); err != nil { 454 t.Fatal("failed to create get command") 455 } 456 457 commandResponse, resp = Client.ExecuteCommand(channel.Id, "/getcommand") 458 CheckNoError(t, resp) 459 460 if commandResponse == nil { 461 t.Fatal("command response should have returned") 462 } 463 464 posts, err = th.App.GetPostsPage(channel.Id, 0, 10) 465 if err != nil || posts == nil || len(posts.Order) != 4 { 466 t.Fatal("Test command failed to send") 467 } 468 469 _, resp = Client.ExecuteCommand(channel.Id, "") 470 CheckBadRequestStatus(t, resp) 471 472 _, resp = Client.ExecuteCommand(channel.Id, "/") 473 CheckBadRequestStatus(t, resp) 474 475 _, resp = Client.ExecuteCommand(channel.Id, "getcommand") 476 CheckBadRequestStatus(t, resp) 477 478 _, resp = Client.ExecuteCommand(channel.Id, "/junk") 479 CheckNotFoundStatus(t, resp) 480 481 otherUser := th.CreateUser() 482 Client.Login(otherUser.Email, otherUser.Password) 483 484 _, resp = Client.ExecuteCommand(channel.Id, "/getcommand") 485 CheckForbiddenStatus(t, resp) 486 487 Client.Logout() 488 489 _, resp = Client.ExecuteCommand(channel.Id, "/getcommand") 490 CheckUnauthorizedStatus(t, resp) 491 492 _, resp = th.SystemAdminClient.ExecuteCommand(channel.Id, "/getcommand") 493 CheckNoError(t, resp) 494 } 495 496 func TestExecuteCommandAgainstChannelOnAnotherTeam(t *testing.T) { 497 th := Setup().InitBasic() 498 defer th.TearDown() 499 Client := th.Client 500 channel := th.BasicChannel 501 502 enableCommands := *th.App.Config().ServiceSettings.EnableCommands 503 allowedInternalConnections := *th.App.Config().ServiceSettings.AllowedUntrustedInternalConnections 504 defer func() { 505 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableCommands = &enableCommands }) 506 th.App.UpdateConfig(func(cfg *model.Config) { 507 cfg.ServiceSettings.AllowedUntrustedInternalConnections = &allowedInternalConnections 508 }) 509 }() 510 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true }) 511 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost" }) 512 513 // create a slash command on some other team where we have permission to do so 514 team2 := th.CreateTeam() 515 postCmd := &model.Command{ 516 CreatorId: th.BasicUser.Id, 517 TeamId: team2.Id, 518 URL: fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test", 519 Method: model.COMMAND_METHOD_POST, 520 Trigger: "postcommand", 521 } 522 if _, err := th.App.CreateCommand(postCmd); err != nil { 523 t.Fatal("failed to create post command") 524 } 525 526 // the execute command endpoint will always search for the command by trigger and team id, inferring team id from the 527 // channel id, so there is no way to use that slash command on a channel that belongs to some other team 528 _, resp := Client.ExecuteCommand(channel.Id, "/postcommand") 529 CheckNotFoundStatus(t, resp) 530 } 531 532 func TestExecuteCommandAgainstChannelUserIsNotIn(t *testing.T) { 533 th := Setup().InitBasic() 534 defer th.TearDown() 535 client := th.Client 536 537 enableCommands := *th.App.Config().ServiceSettings.EnableCommands 538 allowedInternalConnections := *th.App.Config().ServiceSettings.AllowedUntrustedInternalConnections 539 defer func() { 540 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableCommands = &enableCommands }) 541 th.App.UpdateConfig(func(cfg *model.Config) { 542 cfg.ServiceSettings.AllowedUntrustedInternalConnections = &allowedInternalConnections 543 }) 544 }() 545 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true }) 546 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost" }) 547 548 // create a slash command on some other team where we have permission to do so 549 team2 := th.CreateTeam() 550 postCmd := &model.Command{ 551 CreatorId: th.BasicUser.Id, 552 TeamId: team2.Id, 553 URL: fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test", 554 Method: model.COMMAND_METHOD_POST, 555 Trigger: "postcommand", 556 } 557 if _, err := th.App.CreateCommand(postCmd); err != nil { 558 t.Fatal("failed to create post command") 559 } 560 561 // make a channel on that team, ensuring that our test user isn't in it 562 channel2 := th.CreateChannelWithClientAndTeam(client, model.CHANNEL_OPEN, team2.Id) 563 if success, _ := client.RemoveUserFromChannel(channel2.Id, th.BasicUser.Id); !success { 564 t.Fatal("Failed to remove user from channel") 565 } 566 567 // we should not be able to run the slash command in channel2, because we aren't in it 568 _, resp := client.ExecuteCommandWithTeam(channel2.Id, team2.Id, "/postcommand") 569 CheckForbiddenStatus(t, resp) 570 } 571 572 func TestExecuteCommandInDirectMessageChannel(t *testing.T) { 573 th := Setup().InitBasic() 574 defer th.TearDown() 575 client := th.Client 576 577 enableCommands := *th.App.Config().ServiceSettings.EnableCommands 578 allowedInternalConnections := *th.App.Config().ServiceSettings.AllowedUntrustedInternalConnections 579 defer func() { 580 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableCommands = &enableCommands }) 581 th.App.UpdateConfig(func(cfg *model.Config) { 582 cfg.ServiceSettings.AllowedUntrustedInternalConnections = &allowedInternalConnections 583 }) 584 }() 585 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true }) 586 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost" }) 587 588 // create a slash command on some other team where we have permission to do so 589 team2 := th.CreateTeam() 590 postCmd := &model.Command{ 591 CreatorId: th.BasicUser.Id, 592 TeamId: team2.Id, 593 URL: fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test", 594 Method: model.COMMAND_METHOD_POST, 595 Trigger: "postcommand", 596 } 597 if _, err := th.App.CreateCommand(postCmd); err != nil { 598 t.Fatal("failed to create post command") 599 } 600 601 // make a direct message channel 602 dmChannel, response := client.CreateDirectChannel(th.BasicUser.Id, th.BasicUser2.Id) 603 CheckCreatedStatus(t, response) 604 605 // we should be able to run the slash command in the DM channel 606 _, resp := client.ExecuteCommandWithTeam(dmChannel.Id, team2.Id, "/postcommand") 607 CheckOKStatus(t, resp) 608 609 // but we can't run the slash command in the DM channel if we sub in some other team's id 610 _, resp = client.ExecuteCommandWithTeam(dmChannel.Id, th.BasicTeam.Id, "/postcommand") 611 CheckNotFoundStatus(t, resp) 612 } 613 614 func TestExecuteCommandInTeamUserIsNotOn(t *testing.T) { 615 th := Setup().InitBasic() 616 defer th.TearDown() 617 client := th.Client 618 619 enableCommands := *th.App.Config().ServiceSettings.EnableCommands 620 allowedInternalConnections := *th.App.Config().ServiceSettings.AllowedUntrustedInternalConnections 621 defer func() { 622 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableCommands = &enableCommands }) 623 th.App.UpdateConfig(func(cfg *model.Config) { 624 cfg.ServiceSettings.AllowedUntrustedInternalConnections = &allowedInternalConnections 625 }) 626 }() 627 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableCommands = true }) 628 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.AllowedUntrustedInternalConnections = "localhost" }) 629 630 // create a team that the user isn't a part of 631 team2 := th.CreateTeam() 632 633 // create a slash command on that team 634 postCmd := &model.Command{ 635 CreatorId: th.BasicUser.Id, 636 TeamId: team2.Id, 637 URL: fmt.Sprintf("http://localhost:%v", th.App.Srv.ListenAddr.Port) + model.API_URL_SUFFIX_V4 + "/teams/command_test", 638 Method: model.COMMAND_METHOD_POST, 639 Trigger: "postcommand", 640 } 641 if _, err := th.App.CreateCommand(postCmd); err != nil { 642 t.Fatal("failed to create post command") 643 } 644 645 // make a direct message channel 646 dmChannel, response := client.CreateDirectChannel(th.BasicUser.Id, th.BasicUser2.Id) 647 CheckCreatedStatus(t, response) 648 649 // we should be able to run the slash command in the DM channel 650 _, resp := client.ExecuteCommandWithTeam(dmChannel.Id, team2.Id, "/postcommand") 651 CheckOKStatus(t, resp) 652 653 // if the user is removed from the team, they should NOT be able to run the slash command in the DM channel 654 if success, _ := client.RemoveTeamMember(team2.Id, th.BasicUser.Id); !success { 655 t.Fatal("Failed to remove user from team") 656 } 657 _, resp = client.ExecuteCommandWithTeam(dmChannel.Id, team2.Id, "/postcommand") 658 CheckForbiddenStatus(t, resp) 659 660 // if we omit the team id from the request, the slash command will fail because this is a DM channel, and the 661 // team id can't be inherited from the channel 662 _, resp = client.ExecuteCommand(dmChannel.Id, "/postcommand") 663 CheckForbiddenStatus(t, resp) 664 }