mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
2e5617c29b
* Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding TeamMember to system * Fixing all unit tests on the backend * Fixing merge conflicts * Fixing merge conflict * Adding javascript unit tests * Adding client side unit test * Cleaning up the clint side tests * Fixing msg * Adding more client side unit tests * Adding more using tests * Adding last bit of client side unit tests and adding make cmd * Fixing bad merge * Fixing libraries * Updating to new client side API * Fixing borken unit test * Fixing unit tests * ugg...trying to beat gofmt * ugg...trying to beat gofmt * Cleaning up remainder of the server side routes * Adding inital load api * Increased coverage of webhook unit tests (#2660) * Adding loading ... to root html * Fixing bad merge * Removing explicit content type so superagent will guess corectly (#2685) * Fixing merge and unit tests * Adding create team UI * Fixing signup flows * Adding LDAP unit tests and enterprise unit test helper (#2702) * Add the ability to reset MFA from the commandline (#2706) * Fixing compliance unit tests * Fixing client side tests * Adding open server to system console * Moving websocket connection * Fixing unit test * Fixing unit tests * Fixing unit tests * Adding nickname and more LDAP unit tests (#2717) * Adding join open teams * Cleaning up all TODOs in the code * Fixing web sockets * Removing unused webockets file * PLT-2533 Add the ability to reset a user's MFA from the system console (#2715) * Add the ability to reset a user's MFA from the system console * Add client side unit test for adminResetMfa * Reorganizing authentication to fix LDAP error message (#2723) * Fixing failing unit test * Initial upgrade db code * Adding upgrade script * Fixing upgrade script after running on core * Update OAuth and Claim routes to work with user model changes (#2739) * Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740) * Fixing team invite ldap login call (#2741) * Fixing bluebar and some img stuff * Fix all the different file upload web utils (#2743) * Fixing invalid session redirect (#2744) * Redirect on bad channel name (#2746) * Fixing a bunch of issue and removing dead code * Patch to fix error message on leave channel (#2747) * Setting EnableOpenServer to false by default * Fixing config * Fixing upgrade * Fixing reported bugs * Bug fixes for PLT-2057 * PLT-2563 Redo password recovery to use a database table (#2745) * Redo password recovery to use a database table * Update reset password audits * Split out admin and user reset password APIs to be separate * Delete password recovery when user is permanently deleted * Consolidate password resetting into a single function * Removed private channels as an option for outgoing webhooks (#2752) * PLT-2577/PLT-2552 Fixes for backstage (#2753) * Added URL to incoming webhook list * Fixed client functions for adding/removing integrations * Disallowed slash commands without trigger words * Fixed clientside handling of errors on AddCommand page * Minor auth cleanup (#2758) * Changed EditPostModal to just close if you save without making any changes (#2759) * Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756) * Fixed url in channel info modal (#2755) * Fixing reported issues * Moving to version 3 of the apis * Fixing command unit tests (#2760) * Adding team admins * Fixing DM issue * Fixing eslint error * Properly set EditPostModal's originalText state in all cases (#2762) * Update client config check to assume features is defined if server is licensed (#2772) * Fixing url link * Fixing issue with websocket crashing when sending messages to different teams
142 lines
4.4 KiB
Go
142 lines
4.4 KiB
Go
// Copyright (c) 2015 Mattermost, Inc. All Rights Reserved.
|
|
// See License.txt for license information.
|
|
|
|
package api
|
|
|
|
import (
|
|
"github.com/mattermost/platform/model"
|
|
"github.com/mattermost/platform/utils"
|
|
"net/url"
|
|
"testing"
|
|
)
|
|
|
|
func TestRegisterApp(t *testing.T) {
|
|
th := Setup().InitBasic()
|
|
Client := th.BasicClient
|
|
|
|
app := &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
|
|
|
|
if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider {
|
|
|
|
if _, err := Client.RegisterApp(app); err == nil {
|
|
t.Fatal("should have failed - oauth providing turned off")
|
|
}
|
|
|
|
} else {
|
|
|
|
Client.Logout()
|
|
|
|
if _, err := Client.RegisterApp(app); err == nil {
|
|
t.Fatal("not logged in - should have failed")
|
|
}
|
|
|
|
th.LoginBasic()
|
|
|
|
if result, err := Client.RegisterApp(app); err != nil {
|
|
t.Fatal(err)
|
|
} else {
|
|
rapp := result.Data.(*model.OAuthApp)
|
|
if len(rapp.Id) != 26 {
|
|
t.Fatal("clientid didn't return properly")
|
|
}
|
|
if len(rapp.ClientSecret) != 26 {
|
|
t.Fatal("client secret didn't return properly")
|
|
}
|
|
}
|
|
|
|
app = &model.OAuthApp{Name: "", Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
|
|
if _, err := Client.RegisterApp(app); err == nil {
|
|
t.Fatal("missing name - should have failed")
|
|
}
|
|
|
|
app = &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
|
|
if _, err := Client.RegisterApp(app); err == nil {
|
|
t.Fatal("missing homepage - should have failed")
|
|
}
|
|
|
|
app = &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{}}
|
|
if _, err := Client.RegisterApp(app); err == nil {
|
|
t.Fatal("missing callback url - should have failed")
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestAllowOAuth(t *testing.T) {
|
|
th := Setup().InitBasic()
|
|
Client := th.BasicClient
|
|
|
|
app := &model.OAuthApp{Name: "TestApp" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
|
|
|
|
state := "123"
|
|
|
|
if !utils.Cfg.ServiceSettings.EnableOAuthServiceProvider {
|
|
if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "12345678901234567890123456", app.CallbackUrls[0], "all", state); err == nil {
|
|
t.Fatal("should have failed - oauth service providing turned off")
|
|
}
|
|
} else {
|
|
app = Client.Must(Client.RegisterApp(app)).Data.(*model.OAuthApp)
|
|
|
|
if result, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, app.CallbackUrls[0], "all", state); err != nil {
|
|
t.Fatal(err)
|
|
} else {
|
|
redirect := result.Data.(map[string]string)["redirect"]
|
|
if len(redirect) == 0 {
|
|
t.Fatal("redirect url should be set")
|
|
}
|
|
|
|
ru, _ := url.Parse(redirect)
|
|
if ru == nil {
|
|
t.Fatal("redirect url unparseable")
|
|
} else {
|
|
if len(ru.Query().Get("code")) == 0 {
|
|
t.Fatal("authorization code not returned")
|
|
}
|
|
if ru.Query().Get("state") != state {
|
|
t.Fatal("returned state doesn't match")
|
|
}
|
|
}
|
|
}
|
|
|
|
if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "", "all", state); err == nil {
|
|
t.Fatal("should have failed - no redirect_url given")
|
|
}
|
|
|
|
if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "", "", state); err == nil {
|
|
t.Fatal("should have failed - no redirect_url given")
|
|
}
|
|
|
|
if result, err := Client.AllowOAuth("junk", app.Id, app.CallbackUrls[0], "all", state); err != nil {
|
|
t.Fatal(err)
|
|
} else {
|
|
redirect := result.Data.(map[string]string)["redirect"]
|
|
if len(redirect) == 0 {
|
|
t.Fatal("redirect url should be set")
|
|
}
|
|
|
|
ru, _ := url.Parse(redirect)
|
|
if ru == nil {
|
|
t.Fatal("redirect url unparseable")
|
|
} else {
|
|
if ru.Query().Get("error") != "unsupported_response_type" {
|
|
t.Fatal("wrong error returned")
|
|
}
|
|
if ru.Query().Get("state") != state {
|
|
t.Fatal("returned state doesn't match")
|
|
}
|
|
}
|
|
}
|
|
|
|
if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "", app.CallbackUrls[0], "all", state); err == nil {
|
|
t.Fatal("should have failed - empty client id")
|
|
}
|
|
|
|
if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, "junk", app.CallbackUrls[0], "all", state); err == nil {
|
|
t.Fatal("should have failed - bad client id")
|
|
}
|
|
|
|
if _, err := Client.AllowOAuth(model.AUTHCODE_RESPONSE_TYPE, app.Id, "https://somewhereelse.com", "all", state); err == nil {
|
|
t.Fatal("should have failed - redirect uri host does not match app host")
|
|
}
|
|
}
|
|
}
|