1// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved. 2// See LICENSE.txt for license information. 3 4package api4 5 6import ( 7 "io/ioutil" 8 "net/http" 9 "testing" 10 11 "github.com/stretchr/testify/assert" 12 "github.com/stretchr/testify/require" 13 14 "github.com/mattermost/mattermost-server/v6/model" 15) 16 17func TestCreateOAuthApp(t *testing.T) { 18 th := Setup(t) 19 defer th.TearDown() 20 client := th.Client 21 adminClient := th.SystemAdminClient 22 23 defaultRolePermissions := th.SaveDefaultRolePermissions() 24 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 25 defer func() { 26 th.RestoreDefaultRolePermissions(defaultRolePermissions) 27 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 28 }() 29 30 // Grant permission to regular users. 31 th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 32 33 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 34 35 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}, IsTrusted: true} 36 37 rapp, resp, err := adminClient.CreateOAuthApp(oapp) 38 require.NoError(t, err) 39 CheckCreatedStatus(t, resp) 40 assert.Equal(t, oapp.Name, rapp.Name, "names did not match") 41 assert.Equal(t, oapp.IsTrusted, rapp.IsTrusted, "trusted did no match") 42 43 // Revoke permission from regular users. 44 th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 45 46 _, resp, err = client.CreateOAuthApp(oapp) 47 require.Error(t, err) 48 CheckForbiddenStatus(t, resp) 49 // Grant permission to regular users. 50 th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 51 52 rapp, resp, err = client.CreateOAuthApp(oapp) 53 require.NoError(t, err) 54 CheckCreatedStatus(t, resp) 55 56 assert.False(t, rapp.IsTrusted, "trusted should be false - created by non admin") 57 58 oapp.Name = "" 59 _, resp, err = adminClient.CreateOAuthApp(oapp) 60 require.Error(t, err) 61 CheckBadRequestStatus(t, resp) 62 63 r, err := client.DoAPIPost("/oauth/apps", "garbage") 64 require.Error(t, err, "expected error from garbage post") 65 assert.Equal(t, http.StatusBadRequest, r.StatusCode) 66 67 client.Logout() 68 _, resp, err = client.CreateOAuthApp(oapp) 69 require.Error(t, err) 70 CheckUnauthorizedStatus(t, resp) 71 72 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 73 oapp.Name = GenerateTestAppName() 74 _, resp, err = adminClient.CreateOAuthApp(oapp) 75 require.Error(t, err) 76 CheckNotImplementedStatus(t, resp) 77} 78 79func TestUpdateOAuthApp(t *testing.T) { 80 th := Setup(t).InitBasic() 81 defer th.TearDown() 82 client := th.Client 83 adminClient := th.SystemAdminClient 84 85 defaultRolePermissions := th.SaveDefaultRolePermissions() 86 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 87 defer func() { 88 th.RestoreDefaultRolePermissions(defaultRolePermissions) 89 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 90 }() 91 92 // Grant permission to regular users. 93 th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 94 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 95 96 oapp := &model.OAuthApp{ 97 Name: "oapp", 98 IsTrusted: false, 99 IconURL: "https://nowhere.com/img", 100 Homepage: "https://nowhere.com", 101 Description: "test", 102 CallbackUrls: []string{"https://callback.com"}, 103 } 104 105 oapp, _, _ = adminClient.CreateOAuthApp(oapp) 106 107 oapp.Name = "oapp_update" 108 oapp.IsTrusted = true 109 oapp.IconURL = "https://nowhere.com/img_update" 110 oapp.Homepage = "https://nowhere_update.com" 111 oapp.Description = "test_update" 112 oapp.CallbackUrls = []string{"https://callback_update.com", "https://another_callback.com"} 113 114 updatedApp, _, err := adminClient.UpdateOAuthApp(oapp) 115 require.NoError(t, err) 116 assert.Equal(t, oapp.Id, updatedApp.Id, "Id should have not updated") 117 assert.Equal(t, oapp.CreatorId, updatedApp.CreatorId, "CreatorId should have not updated") 118 assert.Equal(t, oapp.CreateAt, updatedApp.CreateAt, "CreateAt should have not updated") 119 assert.NotEqual(t, oapp.UpdateAt, updatedApp.UpdateAt, "UpdateAt should have updated") 120 assert.Equal(t, oapp.ClientSecret, updatedApp.ClientSecret, "ClientSecret should have not updated") 121 assert.Equal(t, oapp.Name, updatedApp.Name, "Name should have updated") 122 assert.Equal(t, oapp.Description, updatedApp.Description, "Description should have updated") 123 assert.Equal(t, oapp.IconURL, updatedApp.IconURL, "IconURL should have updated") 124 125 if len(updatedApp.CallbackUrls) == len(oapp.CallbackUrls) { 126 for i, callbackURL := range updatedApp.CallbackUrls { 127 assert.Equal(t, oapp.CallbackUrls[i], callbackURL, "Description should have updated") 128 } 129 } 130 assert.Equal(t, oapp.Homepage, updatedApp.Homepage, "Homepage should have updated") 131 assert.Equal(t, oapp.IsTrusted, updatedApp.IsTrusted, "IsTrusted should have updated") 132 133 th.LoginBasic2() 134 updatedApp.CreatorId = th.BasicUser2.Id 135 _, resp, err := client.UpdateOAuthApp(oapp) 136 require.Error(t, err) 137 CheckForbiddenStatus(t, resp) 138 139 th.LoginBasic() 140 141 // Revoke permission from regular users. 142 th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 143 144 _, resp, err = client.UpdateOAuthApp(oapp) 145 require.Error(t, err) 146 CheckForbiddenStatus(t, resp) 147 148 oapp.Id = "zhk9d1ggatrqz236c7h87im7bc" 149 _, resp, err = adminClient.UpdateOAuthApp(oapp) 150 require.Error(t, err) 151 CheckNotFoundStatus(t, resp) 152 153 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 154 155 _, resp, err = adminClient.UpdateOAuthApp(oapp) 156 require.Error(t, err) 157 CheckNotImplementedStatus(t, resp) 158 159 client.Logout() 160 _, resp, err = client.UpdateOAuthApp(oapp) 161 require.Error(t, err) 162 CheckUnauthorizedStatus(t, resp) 163 164 oapp.Id = "junk" 165 _, resp, err = adminClient.UpdateOAuthApp(oapp) 166 require.Error(t, err) 167 CheckBadRequestStatus(t, resp) 168 169 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 170 th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 171 th.LoginBasic() 172 173 userOapp := &model.OAuthApp{ 174 Name: "useroapp", 175 IsTrusted: false, 176 IconURL: "https://nowhere.com/img", 177 Homepage: "https://nowhere.com", 178 Description: "test", 179 CallbackUrls: []string{"https://callback.com"}, 180 } 181 182 userOapp, _, err = client.CreateOAuthApp(userOapp) 183 require.NoError(t, err) 184 185 userOapp.IsTrusted = true 186 userOapp, _, err = client.UpdateOAuthApp(userOapp) 187 require.NoError(t, err) 188 assert.False(t, userOapp.IsTrusted) 189 190 userOapp.IsTrusted = true 191 userOapp, _, err = adminClient.UpdateOAuthApp(userOapp) 192 require.NoError(t, err) 193 assert.True(t, userOapp.IsTrusted) 194 195 userOapp.IsTrusted = false 196 userOapp, _, err = client.UpdateOAuthApp(userOapp) 197 require.NoError(t, err) 198 assert.True(t, userOapp.IsTrusted) 199} 200 201func TestGetOAuthApps(t *testing.T) { 202 th := Setup(t) 203 defer th.TearDown() 204 client := th.Client 205 adminClient := th.SystemAdminClient 206 207 defaultRolePermissions := th.SaveDefaultRolePermissions() 208 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 209 defer func() { 210 th.RestoreDefaultRolePermissions(defaultRolePermissions) 211 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 212 }() 213 214 // Grant permission to regular users. 215 th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 216 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 217 218 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 219 220 rapp, _, err := adminClient.CreateOAuthApp(oapp) 221 require.NoError(t, err) 222 223 oapp.Name = GenerateTestAppName() 224 rapp2, _, err := client.CreateOAuthApp(oapp) 225 require.NoError(t, err) 226 227 apps, _, err := adminClient.GetOAuthApps(0, 1000) 228 require.NoError(t, err) 229 230 found1 := false 231 found2 := false 232 for _, a := range apps { 233 if a.Id == rapp.Id { 234 found1 = true 235 } 236 if a.Id == rapp2.Id { 237 found2 = true 238 } 239 } 240 assert.Truef(t, found1, "missing oauth app %v", rapp.Id) 241 assert.Truef(t, found2, "missing oauth app %v", rapp2.Id) 242 243 apps, _, err = adminClient.GetOAuthApps(1, 1) 244 require.NoError(t, err) 245 require.Equal(t, 1, len(apps), "paging failed") 246 247 apps, _, err = client.GetOAuthApps(0, 1000) 248 require.NoError(t, err) 249 require.True(t, len(apps) == 1 || apps[0].Id == rapp2.Id, "wrong apps returned") 250 251 // Revoke permission from regular users. 252 th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 253 254 _, resp, err := client.GetOAuthApps(0, 1000) 255 require.Error(t, err) 256 CheckForbiddenStatus(t, resp) 257 258 client.Logout() 259 260 _, resp, err = client.GetOAuthApps(0, 1000) 261 require.Error(t, err) 262 CheckUnauthorizedStatus(t, resp) 263 264 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 265 _, resp, err = adminClient.GetOAuthApps(0, 1000) 266 require.Error(t, err) 267 CheckNotImplementedStatus(t, resp) 268} 269 270func TestGetOAuthApp(t *testing.T) { 271 th := Setup(t) 272 defer th.TearDown() 273 client := th.Client 274 adminClient := th.SystemAdminClient 275 276 defaultRolePermissions := th.SaveDefaultRolePermissions() 277 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 278 defer func() { 279 th.RestoreDefaultRolePermissions(defaultRolePermissions) 280 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 281 }() 282 283 // Grant permission to regular users. 284 th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 285 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 286 287 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 288 289 rapp, _, err := adminClient.CreateOAuthApp(oapp) 290 require.NoError(t, err) 291 292 oapp.Name = GenerateTestAppName() 293 rapp2, _, err := client.CreateOAuthApp(oapp) 294 require.NoError(t, err) 295 296 rrapp, _, err := adminClient.GetOAuthApp(rapp.Id) 297 require.NoError(t, err) 298 assert.Equal(t, rapp.Id, rrapp.Id, "wrong app") 299 assert.NotEqual(t, "", rrapp.ClientSecret, "should not be sanitized") 300 301 rrapp2, _, err := adminClient.GetOAuthApp(rapp2.Id) 302 require.NoError(t, err) 303 assert.Equal(t, rapp2.Id, rrapp2.Id, "wrong app") 304 assert.NotEqual(t, "", rrapp2.ClientSecret, "should not be sanitized") 305 306 _, _, err = client.GetOAuthApp(rapp2.Id) 307 require.NoError(t, err) 308 309 _, resp, err := client.GetOAuthApp(rapp.Id) 310 require.Error(t, err) 311 CheckForbiddenStatus(t, resp) 312 313 // Revoke permission from regular users. 314 th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 315 316 _, resp, err = client.GetOAuthApp(rapp2.Id) 317 require.Error(t, err) 318 CheckForbiddenStatus(t, resp) 319 320 client.Logout() 321 322 _, resp, err = client.GetOAuthApp(rapp2.Id) 323 require.Error(t, err) 324 CheckUnauthorizedStatus(t, resp) 325 326 _, resp, err = adminClient.GetOAuthApp("junk") 327 require.Error(t, err) 328 CheckBadRequestStatus(t, resp) 329 330 _, resp, err = adminClient.GetOAuthApp(model.NewId()) 331 require.Error(t, err) 332 CheckNotFoundStatus(t, resp) 333 334 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 335 _, resp, err = adminClient.GetOAuthApp(rapp.Id) 336 require.Error(t, err) 337 CheckNotImplementedStatus(t, resp) 338} 339 340func TestGetOAuthAppInfo(t *testing.T) { 341 th := Setup(t) 342 defer th.TearDown() 343 client := th.Client 344 adminClient := th.SystemAdminClient 345 346 defaultRolePermissions := th.SaveDefaultRolePermissions() 347 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 348 defer func() { 349 th.RestoreDefaultRolePermissions(defaultRolePermissions) 350 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 351 }() 352 353 // Grant permission to regular users. 354 th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 355 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 356 357 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 358 359 rapp, _, err := adminClient.CreateOAuthApp(oapp) 360 require.NoError(t, err) 361 362 oapp.Name = GenerateTestAppName() 363 rapp2, _, err := client.CreateOAuthApp(oapp) 364 require.NoError(t, err) 365 366 rrapp, _, err := adminClient.GetOAuthAppInfo(rapp.Id) 367 require.NoError(t, err) 368 assert.Equal(t, rapp.Id, rrapp.Id, "wrong app") 369 assert.Equal(t, "", rrapp.ClientSecret, "should be sanitized") 370 371 rrapp2, _, err := adminClient.GetOAuthAppInfo(rapp2.Id) 372 require.NoError(t, err) 373 assert.Equal(t, rapp2.Id, rrapp2.Id, "wrong app") 374 assert.Equal(t, "", rrapp2.ClientSecret, "should be sanitized") 375 376 _, _, err = client.GetOAuthAppInfo(rapp2.Id) 377 require.NoError(t, err) 378 379 _, _, err = client.GetOAuthAppInfo(rapp.Id) 380 require.NoError(t, err) 381 382 // Revoke permission from regular users. 383 th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 384 385 _, _, err = client.GetOAuthAppInfo(rapp2.Id) 386 require.NoError(t, err) 387 388 client.Logout() 389 390 _, resp, err := client.GetOAuthAppInfo(rapp2.Id) 391 require.Error(t, err) 392 CheckUnauthorizedStatus(t, resp) 393 394 _, resp, err = adminClient.GetOAuthAppInfo("junk") 395 require.Error(t, err) 396 CheckBadRequestStatus(t, resp) 397 398 _, resp, err = adminClient.GetOAuthAppInfo(model.NewId()) 399 require.Error(t, err) 400 CheckNotFoundStatus(t, resp) 401 402 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 403 _, resp, err = adminClient.GetOAuthAppInfo(rapp.Id) 404 require.Error(t, err) 405 CheckNotImplementedStatus(t, resp) 406} 407 408func TestDeleteOAuthApp(t *testing.T) { 409 th := Setup(t) 410 defer th.TearDown() 411 client := th.Client 412 adminClient := th.SystemAdminClient 413 414 defaultRolePermissions := th.SaveDefaultRolePermissions() 415 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 416 defer func() { 417 th.RestoreDefaultRolePermissions(defaultRolePermissions) 418 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 419 }() 420 421 // Grant permission to regular users. 422 th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 423 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 424 425 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 426 427 rapp, _, err := adminClient.CreateOAuthApp(oapp) 428 require.NoError(t, err) 429 430 oapp.Name = GenerateTestAppName() 431 rapp2, _, err := client.CreateOAuthApp(oapp) 432 require.NoError(t, err) 433 434 _, err = adminClient.DeleteOAuthApp(rapp.Id) 435 require.NoError(t, err) 436 437 _, err = adminClient.DeleteOAuthApp(rapp2.Id) 438 require.NoError(t, err) 439 440 rapp, _, err = adminClient.CreateOAuthApp(oapp) 441 require.NoError(t, err) 442 443 oapp.Name = GenerateTestAppName() 444 rapp2, _, err = client.CreateOAuthApp(oapp) 445 require.NoError(t, err) 446 447 resp, err := client.DeleteOAuthApp(rapp.Id) 448 require.Error(t, err) 449 CheckForbiddenStatus(t, resp) 450 451 _, err = client.DeleteOAuthApp(rapp2.Id) 452 require.NoError(t, err) 453 454 // Revoke permission from regular users. 455 th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 456 457 resp, err = client.DeleteOAuthApp(rapp.Id) 458 require.Error(t, err) 459 CheckForbiddenStatus(t, resp) 460 461 client.Logout() 462 resp, err = client.DeleteOAuthApp(rapp.Id) 463 require.Error(t, err) 464 CheckUnauthorizedStatus(t, resp) 465 466 resp, err = adminClient.DeleteOAuthApp("junk") 467 require.Error(t, err) 468 CheckBadRequestStatus(t, resp) 469 470 resp, err = adminClient.DeleteOAuthApp(model.NewId()) 471 require.Error(t, err) 472 CheckNotFoundStatus(t, resp) 473 474 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 475 resp, err = adminClient.DeleteOAuthApp(rapp.Id) 476 require.Error(t, err) 477 CheckNotImplementedStatus(t, resp) 478} 479 480func TestRegenerateOAuthAppSecret(t *testing.T) { 481 th := Setup(t) 482 defer th.TearDown() 483 client := th.Client 484 adminClient := th.SystemAdminClient 485 486 defaultRolePermissions := th.SaveDefaultRolePermissions() 487 enableOAuthServiceProvider := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 488 defer func() { 489 th.RestoreDefaultRolePermissions(defaultRolePermissions) 490 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuthServiceProvider }) 491 }() 492 493 // Grant permission to regular users. 494 th.AddPermissionToRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 495 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 496 497 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 498 499 rapp, _, err := adminClient.CreateOAuthApp(oapp) 500 require.NoError(t, err) 501 502 oapp.Name = GenerateTestAppName() 503 rapp2, _, err := client.CreateOAuthApp(oapp) 504 require.NoError(t, err) 505 506 rrapp, _, err := adminClient.RegenerateOAuthAppSecret(rapp.Id) 507 require.NoError(t, err) 508 assert.Equal(t, rrapp.Id, rapp.Id, "wrong app") 509 assert.NotEqual(t, rapp.ClientSecret, rrapp.ClientSecret, "secret didn't change") 510 511 _, _, err = adminClient.RegenerateOAuthAppSecret(rapp2.Id) 512 require.NoError(t, err) 513 514 rapp, _, err = adminClient.CreateOAuthApp(oapp) 515 require.NoError(t, err) 516 517 oapp.Name = GenerateTestAppName() 518 rapp2, _, err = client.CreateOAuthApp(oapp) 519 require.NoError(t, err) 520 521 _, resp, err := client.RegenerateOAuthAppSecret(rapp.Id) 522 require.Error(t, err) 523 CheckForbiddenStatus(t, resp) 524 525 _, _, err = client.RegenerateOAuthAppSecret(rapp2.Id) 526 require.NoError(t, err) 527 528 // Revoke permission from regular users. 529 th.RemovePermissionFromRole(model.PermissionManageOAuth.Id, model.SystemUserRoleId) 530 531 _, resp, err = client.RegenerateOAuthAppSecret(rapp.Id) 532 require.Error(t, err) 533 CheckForbiddenStatus(t, resp) 534 535 client.Logout() 536 _, resp, err = client.RegenerateOAuthAppSecret(rapp.Id) 537 require.Error(t, err) 538 CheckUnauthorizedStatus(t, resp) 539 540 _, resp, err = adminClient.RegenerateOAuthAppSecret("junk") 541 require.Error(t, err) 542 CheckBadRequestStatus(t, resp) 543 544 _, resp, err = adminClient.RegenerateOAuthAppSecret(model.NewId()) 545 require.Error(t, err) 546 CheckNotFoundStatus(t, resp) 547 548 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = false }) 549 _, resp, err = adminClient.RegenerateOAuthAppSecret(rapp.Id) 550 require.Error(t, err) 551 CheckNotImplementedStatus(t, resp) 552} 553 554func TestGetAuthorizedOAuthAppsForUser(t *testing.T) { 555 th := Setup(t).InitBasic() 556 defer th.TearDown() 557 client := th.Client 558 adminClient := th.SystemAdminClient 559 560 enableOAuth := th.App.Config().ServiceSettings.EnableOAuthServiceProvider 561 defer func() { 562 th.App.UpdateConfig(func(cfg *model.Config) { cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth }) 563 }() 564 th.App.UpdateConfig(func(cfg *model.Config) { *cfg.ServiceSettings.EnableOAuthServiceProvider = true }) 565 566 oapp := &model.OAuthApp{Name: GenerateTestAppName(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}} 567 568 rapp, _, err := adminClient.CreateOAuthApp(oapp) 569 require.NoError(t, err) 570 571 authRequest := &model.AuthorizeRequest{ 572 ResponseType: model.AuthCodeResponseType, 573 ClientId: rapp.Id, 574 RedirectURI: rapp.CallbackUrls[0], 575 Scope: "", 576 State: "123", 577 } 578 579 _, _, err = client.AuthorizeOAuthApp(authRequest) 580 require.NoError(t, err) 581 582 apps, _, err := client.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000) 583 require.NoError(t, err) 584 585 found := false 586 for _, a := range apps { 587 if a.Id == rapp.Id { 588 found = true 589 } 590 assert.Equal(t, "", a.ClientSecret, "not sanitized") 591 } 592 require.True(t, found, "missing app") 593 594 _, resp, err := client.GetAuthorizedOAuthAppsForUser(th.BasicUser2.Id, 0, 1000) 595 require.Error(t, err) 596 CheckForbiddenStatus(t, resp) 597 598 _, resp, err = client.GetAuthorizedOAuthAppsForUser("junk", 0, 1000) 599 require.Error(t, err) 600 CheckBadRequestStatus(t, resp) 601 602 client.Logout() 603 _, resp, err = client.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000) 604 require.Error(t, err) 605 CheckUnauthorizedStatus(t, resp) 606 607 _, _, err = adminClient.GetAuthorizedOAuthAppsForUser(th.BasicUser.Id, 0, 1000) 608 require.NoError(t, err) 609} 610 611func closeBody(r *http.Response) { 612 if r != nil && r.Body != nil { 613 ioutil.ReadAll(r.Body) 614 r.Body.Close() 615 } 616} 617 618func TestNilAuthorizeOAuthApp(t *testing.T) { 619 th := Setup(t).InitBasic() 620 defer th.TearDown() 621 client := th.Client 622 623 _, _, err := client.AuthorizeOAuthApp(nil) 624 require.Error(t, err) 625 CheckErrorID(t, err, "api.context.invalid_body_param.app_error") 626} 627