mirror of
https://github.com/grafana/grafana.git
synced 2024-11-29 20:24:18 -06:00
605d056136
* * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
104 lines
3.1 KiB
Go
104 lines
3.1 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"testing"
|
|
|
|
"github.com/grafana/grafana/pkg/api/dtos"
|
|
"github.com/grafana/grafana/pkg/api/response"
|
|
"github.com/grafana/grafana/pkg/api/routing"
|
|
"github.com/grafana/grafana/pkg/bus"
|
|
"github.com/grafana/grafana/pkg/infra/log"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/services/shorturls"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestShortURLAPIEndpoint(t *testing.T) {
|
|
t.Run("Given a correct request for creating a shortUrl", func(t *testing.T) {
|
|
cmd := dtos.CreateShortURLCmd{
|
|
Path: "d/TxKARsmGz/new-dashboard?orgId=1&from=1599389322894&to=1599410922894",
|
|
}
|
|
|
|
createResp := &models.ShortUrl{
|
|
Id: 1,
|
|
OrgId: testOrgID,
|
|
Uid: "N1u6L4eGz",
|
|
Path: cmd.Path,
|
|
}
|
|
service := &fakeShortURLService{
|
|
createShortURLFunc: func(ctx context.Context, user *models.SignedInUser, path string) (*models.ShortUrl, error) {
|
|
return createResp, nil
|
|
},
|
|
}
|
|
|
|
createShortURLScenario(t, "When calling POST on", "/api/short-urls", "/api/short-urls", cmd, service,
|
|
func(sc *scenarioContext) {
|
|
callCreateShortURL(sc)
|
|
|
|
shortUrl := dtos.ShortURL{}
|
|
err := json.NewDecoder(sc.resp.Body).Decode(&shortUrl)
|
|
require.NoError(t, err)
|
|
require.Equal(t, 200, sc.resp.Code)
|
|
require.Equal(t, fmt.Sprintf("/goto/%s?orgId=%d", createResp.Uid, createResp.OrgId), shortUrl.URL)
|
|
})
|
|
})
|
|
}
|
|
|
|
func callCreateShortURL(sc *scenarioContext) {
|
|
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
|
|
}
|
|
|
|
func createShortURLScenario(t *testing.T, desc string, url string, routePattern string, cmd dtos.CreateShortURLCmd, shortURLService shorturls.Service, fn scenarioFunc) {
|
|
t.Run(fmt.Sprintf("%s %s", desc, url), func(t *testing.T) {
|
|
defer bus.ClearBusHandlers()
|
|
|
|
hs := HTTPServer{
|
|
Cfg: setting.NewCfg(),
|
|
ShortURLService: shortURLService,
|
|
log: log.New("test"),
|
|
}
|
|
|
|
sc := setupScenarioContext(t, url)
|
|
sc.defaultHandler = routing.Wrap(func(c *models.ReqContext) response.Response {
|
|
c.Req.Body = mockRequestBody(cmd)
|
|
c.Req.Header.Add("Content-Type", "application/json")
|
|
sc.context = c
|
|
sc.context.SignedInUser = &models.SignedInUser{OrgId: testOrgID, UserId: testUserID}
|
|
|
|
return hs.createShortURL(c)
|
|
})
|
|
|
|
sc.m.Post(routePattern, sc.defaultHandler)
|
|
|
|
fn(sc)
|
|
})
|
|
}
|
|
|
|
type fakeShortURLService struct {
|
|
createShortURLFunc func(ctx context.Context, user *models.SignedInUser, path string) (*models.ShortUrl, error)
|
|
}
|
|
|
|
func (s *fakeShortURLService) GetShortURLByUID(ctx context.Context, user *models.SignedInUser, uid string) (*models.ShortUrl, error) {
|
|
return nil, nil
|
|
}
|
|
|
|
func (s *fakeShortURLService) CreateShortURL(ctx context.Context, user *models.SignedInUser, path string) (*models.ShortUrl, error) {
|
|
if s.createShortURLFunc != nil {
|
|
return s.createShortURLFunc(ctx, user, path)
|
|
}
|
|
|
|
return nil, nil
|
|
}
|
|
|
|
func (s *fakeShortURLService) UpdateLastSeenAt(ctx context.Context, shortURL *models.ShortUrl) error {
|
|
return nil
|
|
}
|
|
|
|
func (s *fakeShortURLService) DeleteStaleShortURLs(ctx context.Context, cmd *models.DeleteShortUrlCommand) error {
|
|
return nil
|
|
}
|