1// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
2// See LICENSE.txt for license information.
3
4package api4
5
6import (
7	"io/ioutil"
8	"net/http"
9	"testing"
10
11	"github.com/stretchr/testify/assert"
12	"github.com/stretchr/testify/require"
13
14	"github.com/mattermost/mattermost-server/v6/model"
15)
16
17func TestCreateOAuthApp(t *testing.T) {
18	th := Setup(t)
19	defer th.TearDown()
20	client := th.Client
21	adminClient := th.SystemAdminClient
22
23	defaultRolePermissions := th.SaveDefaultRolePermissions()
24	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
25	defer func() {
26		th.RestoreDefaultRolePermissions(defaultRolePermissions)
27		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
28	}()
29
30	// Grant permission to regular users.
31	th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
32
33	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
34
35	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}, IsTrusted: true}
36
37	rapp, resp, err := adminClient.CreateOAuthApp(oapp)
38	require.NoError(t, err)
39	CheckCreatedStatus(t, resp)
40	assert.Equal(t, oapp.Name, rapp.Name, "names did not match")
41	assert.Equal(t, oapp.IsTrusted, rapp.IsTrusted, "trusted did no match")
42
43	// Revoke permission from regular users.
44	th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
45
46	_, resp, err = client.CreateOAuthApp(oapp)
47	require.Error(t, err)
48	CheckForbiddenStatus(t, resp)
49	// Grant permission to regular users.
50	th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
51
52	rapp, resp, err = client.CreateOAuthApp(oapp)
53	require.NoError(t, err)
54	CheckCreatedStatus(t, resp)
55
56	assert.False(t, rapp.IsTrusted, "trusted should be false - created by non admin")
57
58	oapp.Name = ""
59	_, resp, err = adminClient.CreateOAuthApp(oapp)
60	require.Error(t, err)
61	CheckBadRequestStatus(t, resp)
62
63	r, err := client.DoAPIPost("/oauth/apps", "garbage")
64	require.Error(t, err, "expected error from garbage post")
65	assert.Equal(t, http.StatusBadRequest, r.StatusCode)
66
67	client.Logout()
68	_, resp, err = client.CreateOAuthApp(oapp)
69	require.Error(t, err)
70	CheckUnauthorizedStatus(t, resp)
71
72	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
73	oapp.Name = GenerateTestAppName()
74	_, resp, err = adminClient.CreateOAuthApp(oapp)
75	require.Error(t, err)
76	CheckNotImplementedStatus(t, resp)
77}
78
79func TestUpdateOAuthApp(t *testing.T) {
80	th := Setup(t).InitBasic()
81	defer th.TearDown()
82	client := th.Client
83	adminClient := th.SystemAdminClient
84
85	defaultRolePermissions := th.SaveDefaultRolePermissions()
86	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
87	defer func() {
88		th.RestoreDefaultRolePermissions(defaultRolePermissions)
89		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
90	}()
91
92	// Grant permission to regular users.
93	th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
94	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
95
96	oapp := &model.OAuthApp{
97		Name:         "oapp",
98		IsTrusted:    false,
99		IconURL:      "https://nowhere.com/img",
100		Homepage:     "https://nowhere.com",
101		Description:  "test",
102		CallbackUrls: []string{"https://callback.com"},
103	}
104
105	oapp, _, _ = adminClient.CreateOAuthApp(oapp)
106
107	oapp.Name = "oapp_update"
108	oapp.IsTrusted = true
109	oapp.IconURL = "https://nowhere.com/img_update"
110	oapp.Homepage = "https://nowhere_update.com"
111	oapp.Description = "test_update"
112	oapp.CallbackUrls = []string{"https://callback_update.com", "https://another_callback.com"}
113
114	updatedApp, _, err := adminClient.UpdateOAuthApp(oapp)
115	require.NoError(t, err)
116	assert.Equal(t, oapp.Id, updatedApp.Id, "Id should have not updated")
117	assert.Equal(t, oapp.CreatorId, updatedApp.CreatorId, "CreatorId should have not updated")
118	assert.Equal(t, oapp.CreateAt, updatedApp.CreateAt, "CreateAt should have not updated")
119	assert.NotEqual(t, oapp.UpdateAt, updatedApp.UpdateAt, "UpdateAt should have updated")
120	assert.Equal(t, oapp.ClientSecret, updatedApp.ClientSecret, "ClientSecret should have not updated")
121	assert.Equal(t, oapp.Name, updatedApp.Name, "Name should have updated")
122	assert.Equal(t, oapp.Description, updatedApp.Description, "Description should have updated")
123	assert.Equal(t, oapp.IconURL, updatedApp.IconURL, "IconURL should have updated")
124
125	if len(updatedApp.CallbackUrls) == len(oapp.CallbackUrls) {
126		for i, callbackURL := range updatedApp.CallbackUrls {
127			assert.Equal(t, oapp.CallbackUrls[i], callbackURL, "Description should have updated")
128		}
129	}
130	assert.Equal(t, oapp.Homepage, updatedApp.Homepage, "Homepage should have updated")
131	assert.Equal(t, oapp.IsTrusted, updatedApp.IsTrusted, "IsTrusted should have updated")
132
133	th.LoginBasic2()
134	updatedApp.CreatorId = th.BasicUser2.Id
135	_, resp, err := client.UpdateOAuthApp(oapp)
136	require.Error(t, err)
137	CheckForbiddenStatus(t, resp)
138
139	th.LoginBasic()
140
141	// Revoke permission from regular users.
142	th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
143
144	_, resp, err = client.UpdateOAuthApp(oapp)
145	require.Error(t, err)
146	CheckForbiddenStatus(t, resp)
147
148	oapp.Id = "zhk9d1ggatrqz236c7h87im7bc"
149	_, resp, err = adminClient.UpdateOAuthApp(oapp)
150	require.Error(t, err)
151	CheckNotFoundStatus(t, resp)
152
153	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
154
155	_, resp, err = adminClient.UpdateOAuthApp(oapp)
156	require.Error(t, err)
157	CheckNotImplementedStatus(t, resp)
158
159	client.Logout()
160	_, resp, err = client.UpdateOAuthApp(oapp)
161	require.Error(t, err)
162	CheckUnauthorizedStatus(t, resp)
163
164	oapp.Id = "junk"
165	_, resp, err = adminClient.UpdateOAuthApp(oapp)
166	require.Error(t, err)
167	CheckBadRequestStatus(t, resp)
168
169	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
170	th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
171	th.LoginBasic()
172
173	userOapp := &model.OAuthApp{
174		Name:         "useroapp",
175		IsTrusted:    false,
176		IconURL:      "https://nowhere.com/img",
177		Homepage:     "https://nowhere.com",
178		Description:  "test",
179		CallbackUrls: []string{"https://callback.com"},
180	}
181
182	userOapp, _, err = client.CreateOAuthApp(userOapp)
183	require.NoError(t, err)
184
185	userOapp.IsTrusted = true
186	userOapp, _, err = client.UpdateOAuthApp(userOapp)
187	require.NoError(t, err)
188	assert.False(t, userOapp.IsTrusted)
189
190	userOapp.IsTrusted = true
191	userOapp, _, err = adminClient.UpdateOAuthApp(userOapp)
192	require.NoError(t, err)
193	assert.True(t, userOapp.IsTrusted)
194
195	userOapp.IsTrusted = false
196	userOapp, _, err = client.UpdateOAuthApp(userOapp)
197	require.NoError(t, err)
198	assert.True(t, userOapp.IsTrusted)
199}
200
201func TestGetOAuthApps(t *testing.T) {
202	th := Setup(t)
203	defer th.TearDown()
204	client := th.Client
205	adminClient := th.SystemAdminClient
206
207	defaultRolePermissions := th.SaveDefaultRolePermissions()
208	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
209	defer func() {
210		th.RestoreDefaultRolePermissions(defaultRolePermissions)
211		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
212	}()
213
214	// Grant permission to regular users.
215	th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
216	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
217
218	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
219
220	rapp, _, err := adminClient.CreateOAuthApp(oapp)
221	require.NoError(t, err)
222
223	oapp.Name = GenerateTestAppName()
224	rapp2, _, err := client.CreateOAuthApp(oapp)
225	require.NoError(t, err)
226
227	apps, _, err := adminClient.GetOAuthApps(0, 1000)
228	require.NoError(t, err)
229
230	found1 := false
231	found2 := false
232	for _, a := range apps {
233		if a.Id == rapp.Id {
234			found1 = true
235		}
236		if a.Id == rapp2.Id {
237			found2 = true
238		}
239	}
240	assert.Truef(t, found1, "missing oauth app %v", rapp.Id)
241	assert.Truef(t, found2, "missing oauth app %v", rapp2.Id)
242
243	apps, _, err = adminClient.GetOAuthApps(1, 1)
244	require.NoError(t, err)
245	require.Equal(t, 1, len(apps), "paging failed")
246
247	apps, _, err = client.GetOAuthApps(0, 1000)
248	require.NoError(t, err)
249	require.True(t, len(apps) == 1 || apps[0].Id == rapp2.Id, "wrong apps returned")
250
251	// Revoke permission from regular users.
252	th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
253
254	_, resp, err := client.GetOAuthApps(0, 1000)
255	require.Error(t, err)
256	CheckForbiddenStatus(t, resp)
257
258	client.Logout()
259
260	_, resp, err = client.GetOAuthApps(0, 1000)
261	require.Error(t, err)
262	CheckUnauthorizedStatus(t, resp)
263
264	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
265	_, resp, err = adminClient.GetOAuthApps(0, 1000)
266	require.Error(t, err)
267	CheckNotImplementedStatus(t, resp)
268}
269
270func TestGetOAuthApp(t *testing.T) {
271	th := Setup(t)
272	defer th.TearDown()
273	client := th.Client
274	adminClient := th.SystemAdminClient
275
276	defaultRolePermissions := th.SaveDefaultRolePermissions()
277	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
278	defer func() {
279		th.RestoreDefaultRolePermissions(defaultRolePermissions)
280		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
281	}()
282
283	// Grant permission to regular users.
284	th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
285	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
286
287	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
288
289	rapp, _, err := adminClient.CreateOAuthApp(oapp)
290	require.NoError(t, err)
291
292	oapp.Name = GenerateTestAppName()
293	rapp2, _, err := client.CreateOAuthApp(oapp)
294	require.NoError(t, err)
295
296	rrapp, _, err := adminClient.GetOAuthApp(rapp.Id)
297	require.NoError(t, err)
298	assert.Equal(t, rapp.Id, rrapp.Id, "wrong app")
299	assert.NotEqual(t, "", rrapp.ClientSecret, "should not be sanitized")
300
301	rrapp2, _, err := adminClient.GetOAuthApp(rapp2.Id)
302	require.NoError(t, err)
303	assert.Equal(t, rapp2.Id, rrapp2.Id, "wrong app")
304	assert.NotEqual(t, "", rrapp2.ClientSecret, "should not be sanitized")
305
306	_, _, err = client.GetOAuthApp(rapp2.Id)
307	require.NoError(t, err)
308
309	_, resp, err := client.GetOAuthApp(rapp.Id)
310	require.Error(t, err)
311	CheckForbiddenStatus(t, resp)
312
313	// Revoke permission from regular users.
314	th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
315
316	_, resp, err = client.GetOAuthApp(rapp2.Id)
317	require.Error(t, err)
318	CheckForbiddenStatus(t, resp)
319
320	client.Logout()
321
322	_, resp, err = client.GetOAuthApp(rapp2.Id)
323	require.Error(t, err)
324	CheckUnauthorizedStatus(t, resp)
325
326	_, resp, err = adminClient.GetOAuthApp("junk")
327	require.Error(t, err)
328	CheckBadRequestStatus(t, resp)
329
330	_, resp, err = adminClient.GetOAuthApp(model.NewId())
331	require.Error(t, err)
332	CheckNotFoundStatus(t, resp)
333
334	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
335	_, resp, err = adminClient.GetOAuthApp(rapp.Id)
336	require.Error(t, err)
337	CheckNotImplementedStatus(t, resp)
338}
339
340func TestGetOAuthAppInfo(t *testing.T) {
341	th := Setup(t)
342	defer th.TearDown()
343	client := th.Client
344	adminClient := th.SystemAdminClient
345
346	defaultRolePermissions := th.SaveDefaultRolePermissions()
347	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
348	defer func() {
349		th.RestoreDefaultRolePermissions(defaultRolePermissions)
350		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
351	}()
352
353	// Grant permission to regular users.
354	th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
355	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
356
357	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
358
359	rapp, _, err := adminClient.CreateOAuthApp(oapp)
360	require.NoError(t, err)
361
362	oapp.Name = GenerateTestAppName()
363	rapp2, _, err := client.CreateOAuthApp(oapp)
364	require.NoError(t, err)
365
366	rrapp, _, err := adminClient.GetOAuthAppInfo(rapp.Id)
367	require.NoError(t, err)
368	assert.Equal(t, rapp.Id, rrapp.Id, "wrong app")
369	assert.Equal(t, "", rrapp.ClientSecret, "should be sanitized")
370
371	rrapp2, _, err := adminClient.GetOAuthAppInfo(rapp2.Id)
372	require.NoError(t, err)
373	assert.Equal(t, rapp2.Id, rrapp2.Id, "wrong app")
374	assert.Equal(t, "", rrapp2.ClientSecret, "should be sanitized")
375
376	_, _, err = client.GetOAuthAppInfo(rapp2.Id)
377	require.NoError(t, err)
378
379	_, _, err = client.GetOAuthAppInfo(rapp.Id)
380	require.NoError(t, err)
381
382	// Revoke permission from regular users.
383	th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
384
385	_, _, err = client.GetOAuthAppInfo(rapp2.Id)
386	require.NoError(t, err)
387
388	client.Logout()
389
390	_, resp, err := client.GetOAuthAppInfo(rapp2.Id)
391	require.Error(t, err)
392	CheckUnauthorizedStatus(t, resp)
393
394	_, resp, err = adminClient.GetOAuthAppInfo("junk")
395	require.Error(t, err)
396	CheckBadRequestStatus(t, resp)
397
398	_, resp, err = adminClient.GetOAuthAppInfo(model.NewId())
399	require.Error(t, err)
400	CheckNotFoundStatus(t, resp)
401
402	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
403	_, resp, err = adminClient.GetOAuthAppInfo(rapp.Id)
404	require.Error(t, err)
405	CheckNotImplementedStatus(t, resp)
406}
407
408func TestDeleteOAuthApp(t *testing.T) {
409	th := Setup(t)
410	defer th.TearDown()
411	client := th.Client
412	adminClient := th.SystemAdminClient
413
414	defaultRolePermissions := th.SaveDefaultRolePermissions()
415	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
416	defer func() {
417		th.RestoreDefaultRolePermissions(defaultRolePermissions)
418		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
419	}()
420
421	// Grant permission to regular users.
422	th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
423	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
424
425	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
426
427	rapp, _, err := adminClient.CreateOAuthApp(oapp)
428	require.NoError(t, err)
429
430	oapp.Name = GenerateTestAppName()
431	rapp2, _, err := client.CreateOAuthApp(oapp)
432	require.NoError(t, err)
433
434	_, err = adminClient.DeleteOAuthApp(rapp.Id)
435	require.NoError(t, err)
436
437	_, err = adminClient.DeleteOAuthApp(rapp2.Id)
438	require.NoError(t, err)
439
440	rapp, _, err = adminClient.CreateOAuthApp(oapp)
441	require.NoError(t, err)
442
443	oapp.Name = GenerateTestAppName()
444	rapp2, _, err = client.CreateOAuthApp(oapp)
445	require.NoError(t, err)
446
447	resp, err := client.DeleteOAuthApp(rapp.Id)
448	require.Error(t, err)
449	CheckForbiddenStatus(t, resp)
450
451	_, err = client.DeleteOAuthApp(rapp2.Id)
452	require.NoError(t, err)
453
454	// Revoke permission from regular users.
455	th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
456
457	resp, err = client.DeleteOAuthApp(rapp.Id)
458	require.Error(t, err)
459	CheckForbiddenStatus(t, resp)
460
461	client.Logout()
462	resp, err = client.DeleteOAuthApp(rapp.Id)
463	require.Error(t, err)
464	CheckUnauthorizedStatus(t, resp)
465
466	resp, err = adminClient.DeleteOAuthApp("junk")
467	require.Error(t, err)
468	CheckBadRequestStatus(t, resp)
469
470	resp, err = adminClient.DeleteOAuthApp(model.NewId())
471	require.Error(t, err)
472	CheckNotFoundStatus(t, resp)
473
474	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
475	resp, err = adminClient.DeleteOAuthApp(rapp.Id)
476	require.Error(t, err)
477	CheckNotImplementedStatus(t, resp)
478}
479
480func TestRegenerateOAuthAppSecret(t *testing.T) {
481	th := Setup(t)
482	defer th.TearDown()
483	client := th.Client
484	adminClient := th.SystemAdminClient
485
486	defaultRolePermissions := th.SaveDefaultRolePermissions()
487	enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
488	defer func() {
489		th.RestoreDefaultRolePermissions(defaultRolePermissions)
490		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider })
491	}()
492
493	// Grant permission to regular users.
494	th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
495	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
496
497	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
498
499	rapp, _, err := adminClient.CreateOAuthApp(oapp)
500	require.NoError(t, err)
501
502	oapp.Name = GenerateTestAppName()
503	rapp2, _, err := client.CreateOAuthApp(oapp)
504	require.NoError(t, err)
505
506	rrapp, _, err := adminClient.RegenerateOAuthAppSecret(rapp.Id)
507	require.NoError(t, err)
508	assert.Equal(t, rrapp.Id, rapp.Id, "wrong app")
509	assert.NotEqual(t, rapp.ClientSecret, rrapp.ClientSecret, "secret didn't change")
510
511	_, _, err = adminClient.RegenerateOAuthAppSecret(rapp2.Id)
512	require.NoError(t, err)
513
514	rapp, _, err = adminClient.CreateOAuthApp(oapp)
515	require.NoError(t, err)
516
517	oapp.Name = GenerateTestAppName()
518	rapp2, _, err = client.CreateOAuthApp(oapp)
519	require.NoError(t, err)
520
521	_, resp, err := client.RegenerateOAuthAppSecret(rapp.Id)
522	require.Error(t, err)
523	CheckForbiddenStatus(t, resp)
524
525	_, _, err = client.RegenerateOAuthAppSecret(rapp2.Id)
526	require.NoError(t, err)
527
528	// Revoke permission from regular users.
529	th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId)
530
531	_, resp, err = client.RegenerateOAuthAppSecret(rapp.Id)
532	require.Error(t, err)
533	CheckForbiddenStatus(t, resp)
534
535	client.Logout()
536	_, resp, err = client.RegenerateOAuthAppSecret(rapp.Id)
537	require.Error(t, err)
538	CheckUnauthorizedStatus(t, resp)
539
540	_, resp, err = adminClient.RegenerateOAuthAppSecret("junk")
541	require.Error(t, err)
542	CheckBadRequestStatus(t, resp)
543
544	_, resp, err = adminClient.RegenerateOAuthAppSecret(model.NewId())
545	require.Error(t, err)
546	CheckNotFoundStatus(t, resp)
547
548	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false })
549	_, resp, err = adminClient.RegenerateOAuthAppSecret(rapp.Id)
550	require.Error(t, err)
551	CheckNotImplementedStatus(t, resp)
552}
553
554func TestGetAuthorizedOAuthAppsForUser(t *testing.T) {
555	th := Setup(t).InitBasic()
556	defer th.TearDown()
557	client := th.Client
558	adminClient := th.SystemAdminClient
559
560	enableOAuth := th.App.Config().ServiceSettings.EnableOAuthServiceProvider
561	defer func() {
562		th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth })
563	}()
564	th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true })
565
566	oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
567
568	rapp, _, err := adminClient.CreateOAuthApp(oapp)
569	require.NoError(t, err)
570
571	authRequest := &model.AuthorizeRequest{
572		ResponseType: model.AuthCodeResponseType,
573		ClientId:     rapp.Id,
574		RedirectURI:  rapp.CallbackUrls[0],
575		Scope:        "",
576		State:        "123",
577	}
578
579	_, _, err = client.AuthorizeOAuthApp(authRequest)
580	require.NoError(t, err)
581
582	apps, _, err := client.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000)
583	require.NoError(t, err)
584
585	found := false
586	for _, a := range apps {
587		if a.Id == rapp.Id {
588			found = true
589		}
590		assert.Equal(t, "", a.ClientSecret, "not sanitized")
591	}
592	require.True(t, found, "missing app")
593
594	_, resp, err := client.GetAuthorizedOAuthAppsForUser(th.BasicUser2.Id, 0, 1000)
595	require.Error(t, err)
596	CheckForbiddenStatus(t, resp)
597
598	_, resp, err = client.GetAuthorizedOAuthAppsForUser("junk", 0, 1000)
599	require.Error(t, err)
600	CheckBadRequestStatus(t, resp)
601
602	client.Logout()
603	_, resp, err = client.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000)
604	require.Error(t, err)
605	CheckUnauthorizedStatus(t, resp)
606
607	_, _, err = adminClient.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000)
608	require.NoError(t, err)
609}
610
611func closeBody(r *http.Response) {
612	if r != nil && r.Body != nil {
613		ioutil.ReadAll(r.Body)
614		r.Body.Close()
615	}
616}
617
618func TestNilAuthorizeOAuthApp(t *testing.T) {
619	th := Setup(t).InitBasic()
620	defer th.TearDown()
621	client := th.Client
622
623	_, _, err := client.AuthorizeOAuthApp(nil)
624	require.Error(t, err)
625	CheckErrorID(t, err, "api.context.invalid_body_param.app_error")
626}
627