IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

PLT-7811 Standardized team sanitization flow (#7586)

Browse Source 
* post-4.3 commit (#7581)

* reduce store boiler plate (#7585)

* fix GetPostsByIds error (#7591)

* PLT-7811 Standardized team sanitization flow

* Fixed TestGetAllTeamListings

* Stopped sanitizing teams for team admins

* Removed debug logging

* Added TearDown to sanitization tests that needed it
This commit is contained in:
Harrison Healey
2017-10-09 13:30:59 -04:00
committed by Chris
parent 9adaf53e11
commit e522a1c2e4
44 changed files with 1686 additions and 3304 deletions
Download Patch File Download Diff File Expand all files Collapse all files

357
api/team_test.go
View File

@@ -56,6 +56,49 @@ func TestCreateTeam(t *testing.T) {
}
}
func TestCreateTeamSanitization(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
// Non-admin users can create a team, but they become a team admin by doing so
t.Run("team admin", func(t *testing.T) {
team := &model.Team{
DisplayName: t.Name() + "_1",
Name: GenerateTestTeamName(),
Email: GenerateTestEmail(),
Type: model.TEAM_OPEN,
AllowedDomains: "simulator.amazonses.com",
}
if res, err := th.BasicClient.CreateTeam(team); err != nil {
t.Fatal(err)
} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
t.Fatal("should not have sanitized email")
} else if rteam.AllowedDomains == "" {
t.Fatal("should not have sanitized allowed domains")
}
})
t.Run("system admin", func(t *testing.T) {
team := &model.Team{
DisplayName: t.Name() + "_2",
Name: GenerateTestTeamName(),
Email: GenerateTestEmail(),
Type: model.TEAM_OPEN,
AllowedDomains: "simulator.amazonses.com",
}
if res, err := th.SystemAdminClient.CreateTeam(team); err != nil {
t.Fatal(err)
} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
t.Fatal("should not have sanitized email")
} else if rteam.AllowedDomains == "" {
t.Fatal("should not have sanitized allowed domains")
}
})
}
func TestAddUserToTeam(t *testing.T) {
th := Setup().InitSystemAdmin().InitBasic()
defer th.TearDown()
@@ -253,6 +296,77 @@ func TestGetAllTeams(t *testing.T) {
}
}
func TestGetAllTeamsSanitization(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
var team *model.Team
if res, err := th.BasicClient.CreateTeam(&model.Team{
DisplayName: t.Name() + "_1",
Name: GenerateTestTeamName(),
Email: GenerateTestEmail(),
Type: model.TEAM_OPEN,
AllowedDomains: "simulator.amazonses.com",
}); err != nil {
t.Fatal(err)
} else {
team = res.Data.(*model.Team)
}
var team2 *model.Team
if res, err := th.SystemAdminClient.CreateTeam(&model.Team{
DisplayName: t.Name() + "_2",
Name: GenerateTestTeamName(),
Email: GenerateTestEmail(),
Type: model.TEAM_OPEN,
AllowedDomains: "simulator.amazonses.com",
}); err != nil {
t.Fatal(err)
} else {
team2 = res.Data.(*model.Team)
}
t.Run("team admin/team user", func(t *testing.T) {
if res, err := th.BasicClient.GetAllTeams(); err != nil {
t.Fatal(err)
} else {
for _, rteam := range res.Data.(map[string]*model.Team) {
if rteam.Id == team.Id {
if rteam.Email == "" {
t.Fatal("should not have sanitized email for team admin")
} else if rteam.AllowedDomains == "" {
t.Fatal("should not have sanitized allowed domains for team admin")
}
} else if rteam.Id == team2.Id {
if rteam.Email != "" {
t.Fatal("should've sanitized email for non-admin")
} else if rteam.AllowedDomains != "" {
t.Fatal("should've sanitized allowed domains for non-admin")
}
}
}
}
})
t.Run("system admin", func(t *testing.T) {
if res, err := th.SystemAdminClient.GetAllTeams(); err != nil {
t.Fatal(err)
} else {
for _, rteam := range res.Data.(map[string]*model.Team) {
if rteam.Id != team.Id && rteam.Id != team2.Id {
continue
}
if rteam.Email == "" {
t.Fatal("should not have sanitized email")
} else if rteam.AllowedDomains == "" {
t.Fatal("should not have sanitized allowed domains")
}
}
}
})
}
func TestGetAllTeamListings(t *testing.T) {
th := Setup().InitBasic()
defer th.TearDown()
@@ -277,10 +391,7 @@ func TestGetAllTeamListings(t *testing.T) {
} else {
teams := r1.Data.(map[string]*model.Team)
if teams[team.Id].Name != team.Name {
t.Fatal()
}
if teams[team.Id].Email != "" {
t.Fatal("Non admin users shoudn't get full listings")
t.Fatal("team name doesn't match")
}
}
@@ -294,14 +405,84 @@ func TestGetAllTeamListings(t *testing.T) {
} else {
teams := r1.Data.(map[string]*model.Team)
if teams[team.Id].Name != team.Name {
t.Fatal()
}
if teams[team.Id].Email != team.Email {
t.Fatal()
t.Fatal("team name doesn't match")
}
}
}
func TestGetAllTeamListingsSanitization(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
var team *model.Team
if res, err := th.BasicClient.CreateTeam(&model.Team{
DisplayName: t.Name() + "_1",
Name: GenerateTestTeamName(),
Email: GenerateTestEmail(),
Type: model.TEAM_OPEN,
AllowedDomains: "simulator.amazonses.com",
AllowOpenInvite: true,
}); err != nil {
t.Fatal(err)
} else {
team = res.Data.(*model.Team)
}
var team2 *model.Team
if res, err := th.SystemAdminClient.CreateTeam(&model.Team{
DisplayName: t.Name() + "_2",
Name: GenerateTestTeamName(),
Email: GenerateTestEmail(),
Type: model.TEAM_OPEN,
AllowedDomains: "simulator.amazonses.com",
AllowOpenInvite: true,
}); err != nil {
t.Fatal(err)
} else {
team2 = res.Data.(*model.Team)
}
t.Run("team admin/non-admin", func(t *testing.T) {
if res, err := th.BasicClient.GetAllTeamListings(); err != nil {
t.Fatal(err)
} else {
for _, rteam := range res.Data.(map[string]*model.Team) {
if rteam.Id == team.Id {
if rteam.Email == "" {
t.Fatal("should not have sanitized email for team admin")
} else if rteam.AllowedDomains == "" {
t.Fatal("should not have sanitized allowed domains for team admin")
}
} else if rteam.Id == team2.Id {
if rteam.Email != "" {
t.Fatal("should've sanitized email for non-admin")
} else if rteam.AllowedDomains != "" {
t.Fatal("should've sanitized allowed domains for non-admin")
}
}
}
}
})
t.Run("system admin", func(t *testing.T) {
if res, err := th.SystemAdminClient.GetAllTeamListings(); err != nil {
t.Fatal(err)
} else {
for _, rteam := range res.Data.(map[string]*model.Team) {
if rteam.Id != team.Id && rteam.Id != team2.Id {
continue
}
if rteam.Email == "" {
t.Fatal("should not have sanitized email")
} else if rteam.AllowedDomains == "" {
t.Fatal("should not have sanitized allowed domains")
}
}
}
})
}
func TestTeamPermDelete(t *testing.T) {
th := Setup().InitBasic()
defer th.TearDown()
@@ -476,6 +657,52 @@ func TestUpdateTeamDisplayName(t *testing.T) {
}
}
func TestUpdateTeamSanitization(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
var team *model.Team
if res, err := th.BasicClient.CreateTeam(&model.Team{
DisplayName: t.Name() + "_1",
Name: GenerateTestTeamName(),
Email: GenerateTestEmail(),
Type: model.TEAM_OPEN,
AllowedDomains: "simulator.amazonses.com",
}); err != nil {
t.Fatal(err)
} else {
team = res.Data.(*model.Team)
}
// Non-admin users cannot update the team
t.Run("team admin", func(t *testing.T) {
// API v3 always assumes you're updating the current team
th.BasicClient.SetTeamId(team.Id)
if res, err := th.BasicClient.UpdateTeam(team); err != nil {
t.Fatal(err)
} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
t.Fatal("should not have sanitized email for admin")
} else if rteam.AllowedDomains == "" {
t.Fatal("should not have sanitized allowed domains")
}
})
t.Run("system admin", func(t *testing.T) {
// API v3 always assumes you're updating the current team
th.SystemAdminClient.SetTeamId(team.Id)
if res, err := th.SystemAdminClient.UpdateTeam(team); err != nil {
t.Fatal(err)
} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
t.Fatal("should not have sanitized email for admin")
} else if rteam.AllowedDomains == "" {
t.Fatal("should not have sanitized allowed domains")
}
})
}
func TestFuzzyTeamCreate(t *testing.T) {
th := Setup().InitBasic()
defer th.TearDown()
@@ -537,6 +764,65 @@ func TestGetMyTeam(t *testing.T) {
}
}
func TestGetMyTeamSanitization(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
var team *model.Team
if res, err := th.BasicClient.CreateTeam(&model.Team{
DisplayName: t.Name() + "_1",
Name: GenerateTestTeamName(),
Email: GenerateTestEmail(),
Type: model.TEAM_OPEN,
AllowedDomains: "simulator.amazonses.com",
}); err != nil {
t.Fatal(err)
} else {
team = res.Data.(*model.Team)
}
t.Run("team user", func(t *testing.T) {
th.LinkUserToTeam(th.BasicUser2, team)
client := th.CreateClient()
client.Must(client.Login(th.BasicUser2.Email, th.BasicUser2.Password))
client.SetTeamId(team.Id)
if res, err := client.GetMyTeam(""); err != nil {
t.Fatal(err)
} else if rteam := res.Data.(*model.Team); rteam.Email != "" {
t.Fatal("should've sanitized email")
} else if rteam.AllowedDomains != "" {
t.Fatal("should've sanitized allowed domains")
}
})
t.Run("team admin", func(t *testing.T) {
th.BasicClient.SetTeamId(team.Id)
if res, err := th.BasicClient.GetMyTeam(""); err != nil {
t.Fatal(err)
} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
t.Fatal("should not have sanitized email")
} else if rteam.AllowedDomains == "" {
t.Fatal("should not have sanitized allowed domains")
}
})
t.Run("system admin", func(t *testing.T) {
th.SystemAdminClient.SetTeamId(team.Id)
if res, err := th.SystemAdminClient.GetMyTeam(""); err != nil {
t.Fatal(err)
} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
t.Fatal("should not have sanitized email")
} else if rteam.AllowedDomains == "" {
t.Fatal("should not have sanitized allowed domains")
}
})
}
func TestGetTeamMembers(t *testing.T) {
th := Setup().InitBasic()
defer th.TearDown()
@@ -898,6 +1184,61 @@ func TestGetTeamByName(t *testing.T) {
}
}
func TestGetTeamByNameSanitization(t *testing.T) {
th := Setup().InitBasic().InitSystemAdmin()
defer th.TearDown()
var team *model.Team
if res, err := th.BasicClient.CreateTeam(&model.Team{
DisplayName: t.Name() + "_1",
Name: GenerateTestTeamName(),
Email: GenerateTestEmail(),
Type: model.TEAM_OPEN,
AllowedDomains: "simulator.amazonses.com",
}); err != nil {
t.Fatal(err)
} else {
team = res.Data.(*model.Team)
}
t.Run("team user", func(t *testing.T) {
th.LinkUserToTeam(th.BasicUser2, team)
client := th.CreateClient()
client.Must(client.Login(th.BasicUser2.Email, th.BasicUser2.Password))
if res, err := client.GetTeamByName(team.Name); err != nil {
t.Fatal(err)
} else if rteam := res.Data.(*model.Team); rteam.Email != "" {
t.Fatal("should've sanitized email")
} else if rteam.AllowedDomains != "" {
t.Fatal("should've sanitized allowed domains")
}
})
t.Run("team admin", func(t *testing.T) {
if res, err := th.BasicClient.GetTeamByName(team.Name); err != nil {
t.Fatal(err)
} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
t.Fatal("should not have sanitized email")
} else if rteam.AllowedDomains == "" {
t.Fatal("should not have sanitized allowed domains")
}
})
t.Run("system admin", func(t *testing.T) {
th.SystemAdminClient.SetTeamId(team.Id)
if res, err := th.SystemAdminClient.GetTeamByName(team.Name); err != nil {
t.Fatal(err)
} else if rteam := res.Data.(*model.Team); rteam.Email == "" {
t.Fatal("should not have sanitized email")
} else if rteam.AllowedDomains == "" {
t.Fatal("should not have sanitized allowed domains")
}
})
}
func TestFindTeamByName(t *testing.T) {
th := Setup().InitBasic()
defer th.TearDown()